Failsafe Guide

What is Failsafe?

Failsafe is a feature that activates when communication is lost between an application and a Phidget controller. When enabled, it reverts the controller to a predefined safe state.

Failsafe Example

In this example, a user's application includes the following parts:

• VINT Hub Phidget
• DC Motor Phidget (DCC1000_0)
• DC Motor

The application spins the motor at a predefined rate during normal operation.

Scenario 1: Failsafe Disabled

In this scenario, failsafe functionality has not been enabled in the user's application.

When communication is lost, the controller continues to spin the motor, unaware that anything has happened.

Scenario 2: Failsafe Enabled

Communication can be lost for several reasons, such as the user application crashing or the USB/VINT cable being physically detached.

In this scenario, failsafe functionality has been enabled in the user's application.

When communication is lost, the controller enters a failsafe state after a predetermined time (the failsafe time).

For the DC Motor Phidget (DCC1000_0), this means the motor will be disengaged and will coast until safely stopped.

Result

When the failsafe feature is enabled, the controller can respond appropriately and safely to communication loss.

How Does Failsafe Work?

When the failsafe feature is enabled on a particular channel, your Phidget controller will start a recurring failsafe timer. Once the timer is active, it must be reset within the specified failsafe time, or the channel will enter a failsafe state.

Failsafe Timing Example

In this example, the channel is opened, and failsafe functionality is enabled with a failsafe time of 1000ms. The controller begins receiving failsafe resets from the application, allowing it to stay in a normal operating state. The application eventually fails to send another reset (application crash, cable physically disconnected, etc.), and after 1000ms the controller enters a failsafe state.

Failsafe Time

When enabling the failsafe feature, a failsafe time must be specified. The controller will count down from this value, typically in milliseconds, until it is reset or the timer expires.

Choosing a Failsafe Time

When choosing a failsafe time, consider the following:

• How quickly should your application enter a failsafe state when communication is lost?
• How often are you able to reset your failsafe timer?

As a rule of thumb, your application should not let over one-third of the failsafe time pass before resetting the timer.

Other Considerations

Once the failsafe timer is enabled, it cannot be disabled by any means other than closing and reopening the channel.

Resetting Failsafe Timer

The failsafe timer can be reset through the Reset Failsafe API. When the controller receives a reset request, it will restart the timer with the previously specified failsafe time.

The failsafe timer may also be reset through other commonly used APIs on your device. View your controller's Reset Failsafe API for more information.

Failsafe State

If your failsafe timer has expired, your channel will enter a failsafe state. When your channel enters a failsafe state, it will reject any further communication until the channel is closed and reopened. Your application will receive an error indicating a failsafe state has been entered.

Other Considerations

• If your controller enters a failsafe state due to a communication loss (e.g. a communication cable is detached), your application will not receive an error event, and the channel can recover without needing to be closed and reopened.
• The failsafe feature is enabled on a per-channel basis. If one channel enters a failsafe state, the other channels will continue to operate normally.
• Some Phidget controllers allow you to configure the failsafe state, while others have a predefined state. Visit the Enable Failsafe API for your particular controller for more information.
• Some controllers may enter a failsafe state through means other than the failsafe timer. For example, new Phidget motor controllers offer an E-Stop circuit that triggers a failsafe state when activated. Check your controller's documentation for more information.

Using Failsafe in Your Application

Enabling failsafe functionality in your application is easy.

1. Register for error events.
2. After opening your channel, use the Enable Failsafe API, and specify a failsafe time.
3. Regularly reset the failsafe timer.

Example Code

The code below provides a simple example of how failsafe functionality can be enabled and reset.

using System
using Phidget22;

namespace ConsoleApplication
{
	class Program
	{
        private static void DcMotor0_Error(object sender, Phidget22.Events.ErrorEventArgs e)
        {
			//Error event
		}

		static void Main(string[] args)
		{
			//Create
			DCMotor dcMotor0 = new DCMotor();

			//Register for error event
            dcMotor0.Error += DcMotor0_Error;

			//Open
			dcMotor0.Open(Phidget.DefaultTimeout);

			//Enable failsafe functionality
			dcMotor0.EnableFailsafe(1000);

            while (working)
            {
				//Do work

				//...

				//Regularly reset the failsafe timer
				dcMotor0.ResetFailsafe();

				//...
			}
		}
	}
}