Operation

Arbiter Boot

When the arbiter is booted, it enters an Iddle state, trying to verify the status of the system.

While Iddle, the Status Message is not sent.

If all checks success, the arbiter will enter Normal mode.

If, after 30 seconds, system errors are still present, arbiter will enter Maintenance mode.

Status message

Once in Normal mode, the Arbiter will start sending the Status and Scores telemetry messages.

The frequency of these messages is configurable. They can also be disabled.

The status message contains information such as:

  • Arbitration ON/OFF

  • Selected autopilot

  • System BITs

  • etc.

While in Maintenance Mode, the Arbiter will send the Status message, even if it is disabled, but will not send the Scores messages.

Ready Status

After the Arbiter enters Normal mode, it will wait until a Ready Message from each autopilot is received. Only then the Arbitration will start.

../../_images/ok-boot.gif

Normal Arbitration start

If the Arbiter is in maintenance mode, the Arbitration will not start. Even if the Ready messages are recived.

../../_images/nok-boot.gif

Failed Arbitration start

Alive Status

Once arbitration starts, all autopilots are declared as alive by default, but it is possible that they are declared as Dead if a critical error is found.

../../_images/kill.gif

APs being declared Dead

Tha arbiter will declare an autopilot dead if one of the following incidences is found:

  • One of the arbitration messages (including the Ready message) is not received for 0.1 seconds.

  • A Not Ready message is received.

  • A System Not OK error is raised on any of the autopilots, activating the FTS signal.

  • The watchdog signal for any autopilot is not ok.

Attention

Make sure to configure the sending of arbitration messages as High priority. Otherwise, the sending of the messages could be shortly interrupted by a higher priority task and the autopilot will be declared Dead.

../../_images/auto-kill.gif

APs being declared Dead when arbitration starts due to missed messages

A Dead autopilot can never be selected again as long as arbitration persists.

The Dead status is not reversible, it is necessary to reboot the whole system in order to recover a Dead autopilot.

If the number of Alive autopilots is 2 or less, relative arbitration variables are disabled (since at least 3 autopilots are needed).

If only one autopilot is Alive, it will be selected no matter the score.

If all autopilots are Dead, the Preferred autopilot will be selected.

Maintenance Mode

Maintenance mode is used for changing the Arbiter configuration.

Arbitration is disabled while in maintenance mode.

Arbiter will also enter maintenance Mode after a failed boot.

The reason of the failed boot can be checked in the Status message.