We always run pot/encoder diagnostics ever since we ripped our arm apart during the divisional semi-finals in 2005.
Our diagnostic goes something like this (from memory, so it might not be 100% accurate):
Code:
fault_debounce_timer = debounce_fault_state((abs(PID_error) > error_threshold) && (abs(pot_speed) < speed_threshold), fault_debounce_timer);
if (fault_debounce_timer > fault_time_thresh)
{
pot_fault = TRUE;
}
if (TRUE == reset_pot_fault)
{
pot_fault = FALSE;
fault_debounce_timer = 0;
}
if (TRUE == pot_fault)
{
motor_cmd = 0;
}
Here is the basic philosophy of the above diagnostic.
If:
1) The PID has a reasonably large error input (error = setpoint - process_variable) (i.e. the appendage should be moving since the PID is commanding the motor)
AND
2) The speed of a appendage as measured by the sensor is very low (i.e. the appendage is NOT moving)
AND
3) The above 2 things occur continuously for a certain period of time.
Then:
The sensor is broken or disconnected either electrically or mechanically, so shut off the motor (or just shut off PID control and revert to manual control).
We also do simple out-of-range checks that will also shut down the motor.