I have been doing a lot of testing under adverse conditions, like what happens when the craft is so far away that the radio control no longer works? What happens when the battery gets so low that it can barely hold the craft in the air? What happens when the operator (me) screws up?
I now know that some of the conditions listed above result in a crash.
Some examples:
When my craft gets out of radio range, and it is in AUTO mode, the craft just keeps on its merry way, and (if programmed to do so), returns home safely.
But things aren't so controlled when the transmitter batteries are low. My transmitter (modified Turnigy 9X) has a switching power supply that has a defined cutoff voltage. If the battery voltage drops too low, the switcher stops and the radio stops. But... when the switcher stops, the load on the battery goes down. Which makes its voltage go back up - to the point where it stops and starts and stops and starts....
The result is that the craft gets lots of confusing signals and almost certainly crashes. So I have added two things to my transmitter: I have added hysteresis to the switcher, so if it stops due to low voltage, it won't start again until the voltage rises by at least 1.5V (which is more than the voltage increase caused by no load). I have also added a voltage monitor that turns a bright LED on when the voltage drops to near the dropout voltage of the regulator. This should remind me to forget about flying until I recharge my battery. I also need to rewrite the firmware in the controller such that if the command "mode" (AUTO, MANUAL, RETURN TO LAUNCH, etc) changes too rapidly, just return to launch and ignore any further commands (this will take some testing).
When the batteries in the craft get too low, the ESCs (motor controllers) by default shut off. The voltage that shuts them off is about 9.6V. My controller is set to go into "Fail Safe" mode which is RETURN TO LAUNCH at 10V. The problem is, the controller is not very accurate at measuring voltage. So what it thinks is 10V could actually be 9.6V. As a result, the craft doesn't know it is real trouble until the point at which the motors stop. And it crashes.
The solution is to re-program the ESCs so that they NEVER shut off due to low voltage, and to set the controller to recognize that the battery is low when the voltage gets to 10.5V.