From 8b84ee5acf10235df9362ec123fe2e63ddf9ea8d Mon Sep 17 00:00:00 2001 From: Daniel Koch Date: Mon, 16 Mar 2020 18:00:15 -0600 Subject: [PATCH 1/2] Add documentation about hardfault recovery --- docs/developer-guide/code-architecture.md | 2 ++ docs/user-guide/overview.md | 2 ++ docs/user-guide/parameter-configuration.md | 4 ++++ 3 files changed, 8 insertions(+) diff --git a/docs/developer-guide/code-architecture.md b/docs/developer-guide/code-architecture.md index ccf1da77..87bb696b 100644 --- a/docs/developer-guide/code-architecture.md +++ b/docs/developer-guide/code-architecture.md @@ -84,6 +84,8 @@ The operation of the state manager is defined by the following finite state mach ![state manager FSM](images/arming-fsm.svg) +The state manager also includes functionality for recovering from hard faults. In the case of a hard fault, the firmware writes a small amount of data to backup memory then reboots. This backup memory location is checked and then cleared after every reboot. The backup memory includes the armed state of the flight controller. On reboot, the firmware will initialize then, if this armed-state flag is set, immediately transition back into the armed state. This functionality allows for continued RC control in the case of a hard fault. Hard faults are not expected with the stable firmware code base, but this feature adds an additional layer of safety if experimental changes are being made to the firmware itself. + ### Parameter Server This module handles all parameters for the flight stack. It supports the getting and setting of integer and floating-point parameters, and the saving of these parameters to non-volatile memory. diff --git a/docs/user-guide/overview.md b/docs/user-guide/overview.md index 24b01e73..9a7c3f23 100644 --- a/docs/user-guide/overview.md +++ b/docs/user-guide/overview.md @@ -52,6 +52,8 @@ The following is a simplified version of the finite state machine that defines l ![Arming FSM](images/arming-fsm-simplified.svg) +The state manager also includes functionality for recovering from hard faults if one were to occur. If a hard fault occurs while the flight controller is armed, the firmware has the ability to immediately rearm after rebooting to enable continued RC control of the vehicle for recovery. + ## LEDs The meaning of the various LEDs is summarized in the following table. The colors of the LEDs may change depending on your specific board: diff --git a/docs/user-guide/parameter-configuration.md b/docs/user-guide/parameter-configuration.md index 62d223ea..8bbda704 100644 --- a/docs/user-guide/parameter-configuration.md +++ b/docs/user-guide/parameter-configuration.md @@ -56,6 +56,10 @@ rosservice call /param_write [ INFO] [1491672597.123201952]: Param write succeeded [ INFO] [1491672597.123452908]: Onboard parameters have been saved ``` + +!!! important + It is highly recommended that you write parameters before arming and flying the vehicle. Among other things, this will ensure that in the rare case that a hard fault is encountered and the flight controller must reboot during flight, the correct configuration will be loaded on reboot. + !!! error Parameter writing can only happen if the flight controller is disarmed. If the param write failed for some reason, you may want to make sure your FC is disarmed and try again. From 175cccda13f1b4c673adad1d0bfddf19106c27c8 Mon Sep 17 00:00:00 2001 From: Daniel Koch Date: Mon, 16 Mar 2020 18:06:18 -0600 Subject: [PATCH 2/2] Clarified that hard faults are unlikely in overview page --- docs/user-guide/overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user-guide/overview.md b/docs/user-guide/overview.md index 9a7c3f23..5ffe41a4 100644 --- a/docs/user-guide/overview.md +++ b/docs/user-guide/overview.md @@ -52,7 +52,7 @@ The following is a simplified version of the finite state machine that defines l ![Arming FSM](images/arming-fsm-simplified.svg) -The state manager also includes functionality for recovering from hard faults if one were to occur. If a hard fault occurs while the flight controller is armed, the firmware has the ability to immediately rearm after rebooting to enable continued RC control of the vehicle for recovery. +The state manager also includes functionality for recovering from hard faults if one were to occur, although this is unlikely with unmodified firmware. If a hard fault occurs while the flight controller is armed, the firmware has the ability to immediately rearm after rebooting to enable continued RC control of the vehicle for recovery. ## LEDs