Failsafe Override

We (not sure about Wade but I certainly am) getting down to the real circuit design level, and once again safety considerations are essential. Looking back at the question posted in the previous entry: What do we do if the RX unit looses signal from the pilot’s manual transmitter - and how do we do this?
So far this seems to be the best solution:
- When the plane takes off a 'home' GPS coordinate is programmed into memory.
- If the autopilot looses the signal from the ground it will fly the plane back to this home location
- On approach of the home location the autopilot will cut power to the engine to reduce airspeed
- An ultra bright red distress LED mounted on the fuselage will flash
- The air-to-ground communications link will send a mayday message.
Hopefully this will allow enough time for the pilot to regain control.
Failing this, the plane could be directed in a tight circuit of the home location, un-powered - as to slowly reduce altitude.

How do we do this then?
Well connecting the RX Mux select line is connected to an input interrupt pin on the microcontroller. If an interrupt hasn't been generated in a set amount of time (eg. missed 3 or 5 cycles in a row) the auto recovery routine is initiated. If this is merely a software fault, the ground pilot will still be able to control the plane by simply turning of autopilot in hardware through the multiplexing circuitry.

One other thing I have thought of - we need an ARM button. This means that if the microcontroller is started up before the TX, it will not attempt to initialise emergency recovery routines.

We are famous!

Last Monday our engineering project was featured in the Age newspaper in the educations section. This provides excellent exposure for us - more than we had anticipated. A scanned copy of the article can be found here.
Below are some of the pictures in the photoshoot. My favorite was the end one.

Manual Override - Design for reliability

One of the safety cornerstones of this project is the ability to use manually override the autopilot to allow the human pilot to take control of the plane. We decided that reliability was of upmost importance at this point and so we shyed away from implementing this switch-over functionality in software. We have taken the hardware approach which uses 2 D Flip-flops and a 2 input array of multiplexers to switch between pilot control and autopilot.
The circuit for actually detecting when switch over occurs is based on a rather ingenious circuit from: here. It uses only 1 IC, two resistors and a capacitor.
It is basically in two parts - the first part uses the time-constant of an RC circuit to specify a pulse width. The second part has a flip-flop triggered based on the actual pulse width compared to this generated pulse width - ingenious!
We are modifying the circuit to use the 74HC74 - newer CMOS style IC's as these have built in latch up protection and are less sensitive to ESD. The original design didn't seem to have bypass capacitors and was put together in a rather hap-hazard manner (on veroboard). As we are designing for reliability we will use PCB's throughout with small surface mount capacitors directly bypassing the voltage rails.
The end result should be a reliable method of switching between auto pilot and manual pilot.
One problem I currently see is that if we loose a signal from my receiver (Hitec Flash 5) what should the circuit do? A couple of options exist (after some webcrawling):
- In autopilot send the plane into a sharp dive and crash it so it doesn't get too far away
- In autopilot keep the plane straight and level (possibly turn it around).
I think for safety we will probably go with the second option - that way we should hopefully get back into range and be able to regain manual control. I also plan to trial some ultra bright LED's on the plane (basically to indicate the mode the plane is currently flying in). Whether we can see these from the ground remains to be seen (pun intended :)). The we may have a small siren turn on if the transmitter looses contact - that way we will know immediately there is a problem.