Our first Rx was a Dual conversion FM set and I should mention that the failsafe in the mixer were designed for this one.

On our mixer it has two main features for the failsafes. The first is that it effectivly integrates the in incomming signal so that any valid pulses can only change the output by a small amount so a single error would at worst case only change it by a small amount.

The second is that over a long period (100 pulses) it counts the number of in-range & out-of-range pulses and if at any point it is more than 10 pulses in error then it will enter failsafe for a minimum of 2.1 seconds. It worked well until we started using the PCM set when it effectivly overrides this.

Once it has entered failsafe mode it will not come out of it until 100 pulses are received in range. The failsafes work on a per channel basis and also have a 65mS timer so that if that channel does not receive a pulse in that time it will shut that channel down for 2.1 seconds before trying again.

The only problem (from other peoples point of view) is that its my software code running it and so far we have not had it crash but occasonally it still entered failsafe mode. There is a watchdog active that has only one timer reset function in the begining of the main program loop so if it did crash it should correct itself after a very short delay.

I dont know how other failsafes operate but I would guess its not this complex.

All in all I still would not like to approch a robot in failsafe mode as you know it only needs to pickup a valid signal (from any source) and it could activate again.