The same way like in loiter. This should be further unified in the code
but at least we can increase safety in the case the takeoff altitude is
very high and the vehicle never reaches it but looses links.
- handle SET_POSITION_TARGET_LOCAL_NED and SET_POSITION_TARGET_GLOBAL_INT with ORB_ID(trajectory_setpoint)
- FlightTaskOffboard not needed at all
- bypass position_setpoint_triplet entirely (start removing extraneous fields)
- simplify offboard_control_mode to map to supported control modes
This allows to still fly missions completely without RC
but reacts if RC is lost during the mission because
the safety pilot expects to be able to take over.
Instead of directly doing the link loss reaction which by default is RTL a delay
can be configured such that the drone first switches to hold and waits
for the link to be regained.
This fixes the takeoff and land CI test where we do a takeoff and land
without RC connected.
In my opinion it does not make sense to go into RC lost failsafe if
a datalink is still available.
Of course, this can be dangerous if someone has a companion computer
connected which gets detected as "data link" but actually has no
connection to the ground station.
The implementation before this change had two timeouts, a hard-coded
timeout of 0.5 seconds as well as a by param configurable timeout with
certain failsafe actions set.
This change aims to fix two problems:
1. The hard-coded offboard timeout can be triggered easily with sped up
lockstep simulation. Since i t is hard-coded it can't be adapted to
the speed factor.
2. The offboard signal can time out but no action will be taken just
yet. This means we end up in an in-between stage where no warning or
failsafe action has happened yet, even though certain flags are set
to a timeout state.
This patch aims to fix this by unifying the two timeouts to the existing
configurable param. The convoluted double timeout logic is replaced by a
simple hysteresis.
For anyone that has previously not changed the default timeout param (0),
the param will now be changed to 0.5 seconds which reflects the
previously hardcoded time. For anyone with a specific timeout
configured, the behaviour should remain the same.
Also, going forward, timeouts lower than 0.5 seconds should be possible.
This was inverted, i.e. set to false in most cases, whereas it should be
true.
As a consequence, both powerCheck and airspeed.confidence checks were not
executed.
* PreFlightCheck: remove unused reportFailures flag
* Commander: pull all pre flight checks together on the PreFlightCheck class
* PreFlightCheck: separate checks into their own files
This fixes the battery failsafe for the following corner cases:
- Battery failsafe set to Return but we can't do RTL because we don't
have a global position or home position. In this case we now switch to
Land. Land might end up in Descend in the failsafe state machine
later.
- Battery failsafe set to Land but we can't land because we don't have a
local position. In this case we switch to land anyway and then fall
back to descend in the failsafe state machine later.
The "fix" involves ignoring using the main_state_transition and
implementing the guards in place. This is a hack for now but should
cover the corner case until a more thorough refactor.
The different failsafe state machines have involved over time from
requirements and learnings based on developed solutions and products.
The implementations in various places will need to get consolidated in
the future.
Tested in SITL for Return and Land with and without GPS.
and remove the px4_ prefix, except for px4_config.h.
command to update includes:
for k in app.h atomic.h cli.h console_buffer.h defines.h getopt.h i2c.h init.h log.h micro_hal.h module.h module_params.h param.h param_macros.h posix.h sem.h sem.hpp shmem.h shutdown.h tasks.h time.h workqueue.h; do for i in $(grep -rl 'include <px4_'$k src platforms boards); do sed -i 's/#include <px4_'$k'/#include <px4_platform_common\/'$k/ $i; done; done
for in $(grep -rl 'include <px4_config.h' src platforms boards); do sed -i 's/#include <px4_config.h/#include <px4_platform_common\/px4_config.h'/ $i; done
Transitional headers for submodules are added (px4_{defines,log,time}.h)
Reason: if you don't want preflight checks, you don't want prearm checks
either (these are the circuit breakers, like usb connected check).
The other changes are cleanup and rework of operations.
In most cases, arming_state_transition is called with fRunPreArmChecks set
to true, so no change in behavior.
The cases with fRunPreArmChecks=false are:
- unit tests
- in_arming_grace_period=true (quick arming after disarm)
- VEHICLE_CMD_PREFLIGHT_CALIBRATION (does not transition to armed)
This allows to perform pre-arm checks and prevent arming if obstacle avoidance is enabled but not yet running.
Added a print once flag to prevent excessive message spamming in QGC.
Signed-off-by: Claudio Micheli <claudio@auterion.com>
Matthias Grob