2013-08-25

T14SG and the Phantom Failsafe

In this article, I'm going to take a closer look at the topic of failsafe. The Futaba transmitter T14SG and receiver R7008SB both come with failsafe functionality, as does the Naza-M flight controller inside the Phantom too. Now how do all these failsafes work together? As usual, no warranties given, this is just how I did it and I may be perfectly wrong...

One, Two, Three Failsafes...


Per channel reactions to a failsafe condition.
The combination of DJI Phantom, Futaba transmitter T14SG and receiver R7008SB brings us approximately three different failsafes:
  • receiver failsafe then the receiver does not receive a signal or is unable to decode it,
  • battery failsafe of the transmitter,
  • Naza-M failsafe, that can be triggered either explicitly or if for a certain time some channel values do not change and may indicate a signal problem. This fallback is required as the original simple DJI receiver has no failsafe detection of its own.

R7008SB Failsafe


Like many non-dead simple receivers, when the Futaba R7008SB doesn't receive any decodable radio signals anymore, the channel values it outputs take on a predefined failsafe behavior. The exact behaviour can be controlled for each channel individually:
  • simply hold the last known good value for a channel, as is signaled by the setting [HOLD] in the «F/S» column,
  • or output a predefined value instead, then you set [F/S] in column «F/S» and the specific failsafe value in the last row labelled «POS».
Please note that in addition to these channel-specific failsafe settings the S.BUS(2) has an explicit failsafe indicator flag sent to all S.BUS(2) devices. It then depends on the particular S.BUS(2) devices whether they make any use of the failsafe indication. (For some details, please see, for instance the S.BUS reverse engineering done by turbinenheli.de and flightronic.ch.)

The behavior as described in this section is simply termed failsafe in Futaba parlance.

T14SG (Battery) Failsafe


So there is yet another type of failsafe that is termed the battery failsafe. In the various setup pages of the T14SG you will come across this specific type of failsafe in form of its abbreviated form: «B.F/S». So far, I haven't figured out how it could fit into the overall scheme. Thus, I'm not using (or rather programming for) it. However, if someone knows better, please speak up.

Naza-M Failsafe


Explicit failsafe using channel U (channel 7/AUX3).
The Naza-M flight controller has its own failsafe mechanism. This can trigger either implicitly when the Naza-M doesn't get any sensible channel values for some time. Or you can trigger it explicitly through channel 7 AUX, that is, the U channel as seen by the Naza-M chip. A second explit trigger is when the S.BUS(2) signals a failsafe condition.

As it seems, the Naza-M maps the S.BUS(2) failsafe indication to its U channel. As you can easily see for yourself in the Naza-M assistent software, when your trigger an S.BUS(2) failsafe condition by switching off your transmitter, the U channel will take on a particular failsafe value, regardless of the failsafe value your programmed for channel 7 of the R7008SB.

In the Naza-M assistent software, you can monitor channel U on page Basic, tab RC. Channel U is controling the flight mode. As you will see here, it has the well-known three switch positions. The zones in between are labelled failsafe: these zones are fixed and cannot be reconfigured.

Hold or F/S ... Emacs or Vi?(*)


That leaves us with the basic question: what failsafe strategy is better for my Phantom if it happen to met a failsafe condition? Hold or use predefined values deemed to be safe? I'm afraid that there's no conclusive answer to this question, as it may heavily depend not only on the current flight situation. Sometimes, hold may be better, in other cases, safe values may have saved the day. You bet.


For this reason, you have to decide for yourself which strategy you will program the T14SG with for your Phantom or other RC model. I'm only describing one possible answer that I currently use and how to program the T14SG in this case.

Programming the Transmitter for Naza-M Failsafe


In this section, I'm now describing how to program trigger the explicit failsafe of the Naza-M even without S.BUS(2) support. This mainly dates from my first upgrade phase where I had to wire up all channels individually due to lack of S.BUS2 support in the Naza-M. With S.BUS2 support now in and working fine, you may want to skip this programming completely. However I leave this topic in, just to be failsafe...

My strategy for an explicit failsafe is simple and as follows:
  • we trigger an expliziter Failsafe using channel 7, that is, the AUX3 channel that ends up as channel U on the Naza-M flight controller. It normally controls the flight mode but has additional value ranges that are always assigned to failsafe mode. So we program the receiver to output a fixed channel value in case of failsafe that corresponds with one of the failsafe regions that the Naza-M defines. The Naza-M will immediately enter failsafe when we output such a channel value.
  • we hold all other channel values, in particular, channels 1 through 4.

A somehow annoying idiosynchrasy of the T14SG user interface is that you cannot simply enter a particular failsafe value. Even if you happen to know the proper value, you are not allowed to simply enter it. Compare this with the end point setting, so why are you allowed to set it there and are not forced to teach it?

This basically forces us to program channel 7 in a way that outputs the required channel value for a failsafe and then teach this as the failsafe value to use for this channel. Simple things made complex. That's seemingly what some model enthusiasts thrills...

Note: For S.BUS(2) operation the failsafe setting of channel 7 doesn't seem to matter. Regardless of what we program here, the Naza-M chip seems to internally overwrite the U channel value with a predefined failsafe channel value whenever it encounters the S.BUS(2) failsafe bit being flagged. In principle, you can thus completely skip this programming if you just want automatic failsafe. In case you want to also manually trigger failsafe operation, please read on.

We dedicate mixer 2 to failsafe.
To start with, we need to program another mixer. So we enter the [MDL] model menu, heading next towards [PROG. MIX]. Here, we select the second mixer that should be unused so far. If you do this for the first time, you should see «INH:AIL➜ELE» in the second line. We are now going to program this mixer.

Failsafe mixer 2.
To set up the mixer we first enter the second configuration page. As usual, [S1] flips through configuration pages. In order to manually trigger a failsafe without switching off the transmitter, we assign switch [SG] to controlling mixer 2. You should see the current switch state after ACT. Set both the master and slave channel to [AUX3].

Mixer function for realizing channel U failsafe values.
As we have done the basic wiring we now need to set a mixer function that ensures that regardless of the current switch setting for the flight mode AUX3 always outputs a value that falls into one of the failsafe ranges. The following stepwise linear function does the job:
  • -100% at -100%, yet this achieves only +55%. Roger? Ah yes, there's that endpoint setting on AUX3 that we once did, are you remembering it?
  • -5% at +100%, this then gives us -50%.
  • a Y offset of +45% moves the overall mixer function to the region where we require the output values to be.
With this totally strange setting we are now in the position that AUX3 always takes on one of two failsafe values as soon as you flip switch SG to on. Flight mode switch SC then basically doesn't matter anymore.

The reciever failsafe triggers the Naza-M failsafe.
We are now finally in a position to program AUX3 as desired for failsafe operation. So, please go into the [LNK] linkage menu and into [FAIL SAFE]. Go to the second page where you will find the failsafe settings for channel 7 AUX3. In the column labelled F/S set the mode now to [F/S]. You are now able to set a specific failsafe value in the third column labelled POS. Flip switch SG to on and the flight mode switch SC to GPS mode in order to make channel 7 AUX take on a failsafe value. Now teach in this value by selecting the existing pos value and pressing [RTN] for more than a second.

Don't forget to flip switch SG back to off to leave failsafe mode. Done. What a mess.

Final Note


Deactivating (or inhibiting) the failsafe mixer 2.
If you find switch SG too dangerous for normal use, you can easily deactivate mixer 2. So go back to the second configuration page of mixer 2. Set the ACT (activation) of mixer 2 to [INH] in order to completely deactivate (inhibt) it. This won't touch the failsafe setting made for channel 7 AUX previously.

Post Scriptum


Only after documenting this way to program an explicit failsafe I realized that there is a shorter path to just teaching channel 7 AUX3 a particular failsafe value: just wire up channel 7 to one of the volume knows for a moment. In the failsafe configuration then turn the know and (re)teach its position until you are satisfied. And until the Naza-M assistant shows that the Naza-M interprets channel 7 AUX to be in failsafe position.



(*) A quick explanation to those who don't understand the joke: Emacs and Vi are two text editors preferred by some programmers. The pseudo-reglious war sparked in a self-deprecating manner is now considered part of the human heritage.