Failsafe is a state the flight controller is meant to enter when the radio receiver loses the RC link. Any of these of these conditions will trigger it:
- Any flight channel (pitch, roll, throttle or yaw) sends no pulses
- Any channel is outside the valid range between
rx_min_usecandrx_max_usec - The FAILSAFE aux mode is activated
If the failsafe happens while the flight controller is disarmed, it only prevent arming. If it happens while armed, the failsafe policy configured in failsafe_procedure is engaged. The available procedures are:
- DROP: Just kill the motors and disarm (crash the craft).
- LAND: (replaces SET-THR from INAV 4.0) Performs an Emergency Landing. Enables auto-level mode (for multirotor) or enters a preconfigured roll/pitch/yaw spiral down (for airplanes). If altitude sensors are working an actively controlled descent is performed using the Emergency Landing descent speed (
nav_emerg_landing_speed). If altitude sensors are unavailable descent is performed with the throttle set to a predefined value (failsafe_throttle). The descent can be limited to a predefined time (failsafe_off_delay) after which the craft disarms. This is meant to get the craft to a safe-ish landing (or more realistically, a controlled crash). Other than using altitude sensors for an actively controlled descent it doesn't require any extra sensors other than basic gyros and accelerometers. - SET-THR: (Pre INAV 4.0) Same as LAND except it doesn't use an Emergency Landing but is limited instead to just setting the throttle to a predefined value (
failsafe_throttle) to perform a descent. It doesn't require any extra sensors other than basic gyros and accelerometers. - RTH: (Return To Home) One of the key features of INAV, it automatically navigates the craft back to the home position and (optionally) lands it. Similarly to all other automated navigation methods, it requires GPS for any type of craft, plus compass and barometer for multicopters.
- NONE: Do nothing. This is meant to let the craft perform a fully automated flight (eg. waypoint flight) outside of radio range. Highly unsafe when used with manual flight.
Note that:
-
Should the failsafe disarm the flight controller (DROP, LAND/SET-THR after
failsafe_off_delayor RTH withnav_disarm_on_landingON), the flight controller will be disarmed and re-arming will be locked until the signal from the receiver is restored for 30 seconds AND the arming switch is in the OFF position (when an arm switch is in use). -
Prior to starting failsafe it is checked if the throttle position has been below
min_throttlefor the lastfailsafe_throttle_low_delayseconds. If it was, the craft is assumed to be on the ground and is simply disarmed. This feature can be disabled completely by settingfailsafe_throttle_low_delayto zero, which may be necessary to do if the craft may fly long with zero throttle (eg. gliders).
-
If the craft is landed but armed, the failsafe may make the motors and props spin again and even make the craft take off (in case of RTH failsafe). Take expecially care of this when using
MOTOR_STOPfeature. Props will spin up without warning. Have a look at thefailsafe_throttle_low_delaysetting explained above to learn when this could happen. -
If any required navigation sensor becomes unavailable during a Return to Home (eg. loss of GPS fix), an emergency landing, as used by the LAND procedure, will be performed after a short timeout. An emergency landing would also be performed right when the failsafe is triggered if any required sensor is reported as unavailable.
-
The SET-THR procedure doesn't control descent in any way other than setting a fixed throttle. This is also the case for the LAND procedure when altitude sensors are unavailable. Thus, appropriate testing must be performed to find the right throttle value. Consider that a constant throttle setting will yield different thrusts depending on battery voltage, so when you evaluate the throttle value do it with a loaded battery. Failure to do so may cause a flyaway.
-
When the failsafe mode is aborted (RC signal restored/failsafe switch set to OFF), the current stick positions will be enforced immediately. Be ready to react quickly.
In order to engage failsafe mode correctly, you must configure your receiver to do one of the following on signal loss:
- Send no signal/pulses over the channels
- Send an invalid signal over the channels (for example, send values lower than
rx_min_usec) - Set an aux channel to engage FAILSAFE mode.
and
- Ensure your receiver does not set any aux channel so that the craft would disarm.
Failsafe delays are configured in 0.1 second units. Distances are in centimeters (1/100 of a meter).
Selects the failsafe procedure. Valid procedures are DROP, LAND/SET-THR, RTH and NONE. See above for a description of each one.
Guard time for failsafe activation when rx channel data is lost or invalid. This is the amount of time the flight controller waits to see if it begins receiving a valid signal again before activating failsafe. Does not apply when activating the FAILSAFE aux mode.
Guard time for failsafe de-activation after signal is recovered. This is the amount of time the flight controller waits to see if the signal is consistent before turning off failsafe procedure. Usefull to avoid swithing in and out of failsafe RTH. Does not apply when disactivating the FAILSAFE aux mode.
This parameter defines recovery from failsafe by stick motion. When set to zero failsafe procedure will be cleared as soon as RC link is recovered. When this is set to a non-zero value - failsafe won't clear immediately when if RC link is recovered, you will have to move any of Roll/Pitch/Yaw sticks more than this value to exit failsafe.
The use-case is the Return To Home failsafe: when on the edge of radio coverage you may end up entering and exiting failsafe if radio link is sporadic - happens a lot with long-range pilots. Setting failsafe_stick_threshold to a certain value (i.e. 100) RTH will be initiated on first signal loss and will continue as long as pilots want it to continue. When RC link is solid (based on RSSI etc) pilot will move sticks and regain control.
Time throttle level must have been below 'min_throttle' to only disarm instead of full failsafe procedure. Set to zero to disable.
If failsafe happens when craft is closer than this distance in centimeters from home, failsafe will not execute regular failsafe_procedure, but will execute procedure specified in failsafe_min_distance_procedure instead. 0 = Normal failsafe_procedure always taken.
What failsafe procedure to initiate in Stage 2 when craft is closer to home than failsafe_min_distance.
The lowest channel value considered valid.
The highest channel value considered valid.
If the failsafe happens while the craft is within this distance from the home position, the home position is considered immediately reached.
If ON the craft rises to nav_rth_altitude before heading to home position. if OFF the craft climbs on the way to home position.
When this option is OFF (default) and when you initiate RTH without GPS fix - aircraft will initiate emergency descent and go down. If you set this option to ON - aircraft will reach the RTH target altitude before initiating emergency descent. This is done for cases where GPS coverage is poor (i.e. in the mountains) - allowing UAV to climb up might improve GPS coverage and allow safe return instead of landing in a place where UAV might be impossible to recover.
Only relevant for multirotors. If this is OFF the craft will head to home position head first, if ON it'll be tail first
The altitude used as reference for the RTH procedure.
How and when to reach nav_rth_altitude. Please read the page on the wiki for a description of the available modes.
If the craft increases its distance from the point the failsafe was triggered first by this amount, RTH procedure is aborted and an emergency landing is initiated. It's meant to avoid flyaways due to navigation issues, like strong winds.
Enables landing when home position is reached. If OFF the craft will hover indefinitely over the home position.
Instructs the flight controller to disarm the craft when landing is detected
Delay after failsafe activates before motors finally turn off. This is the amount of time 'failsafe_throttle' is active. If you fly at higher altitudes you may need more time to descend safely. Set to zero to keep failsafe_throttle active indefinitely.
(LAND only) Actively controlled descent speed when altitude sensors are available. If altitude sensors aren't available landing descent falls back to using the fixed thottle setting failsafe_throttle so ensure this is also set correctly.
Throttle level used for landing. Specify a value that causes the aircraft to descend at about 1M/sec. Default is set to 1000 which should correspond to throttle off.
This parameter defines the amount of roll angle (in 1/10 deg units) to execute on failsafe. Negative = LEFT
This parameter defines the amount of pitch angle (in 1/10 deg units) to execute on failsafe for an airplane. Negative = CLIMB
This parameter defines the amount of yaw rate (in deg per second units) to execute on failsafe for an airplane. Negative = LEFT