- simplify vehicle_status.arming_state down to just armed and disarmed
- ARMING_STATE_INIT doesn't matter
- ARMING_STATE_STANDBY is effectively pre_flight_checks_pass
- ARMING_STATE_STANDBY_ERROR not needed
- ARMING_STATE_SHUTDOWN effectively not used (all the poweroff/shutdown calls loop forever in place)
- ARMING_STATE_IN_AIR_RESTORE doesn't exist anymore
- collapse ArmStateMachine into commander
- all requests already go through Commander::arm() and Commander::dismarm()
- other minor changes
- VEHICLE_CMD_DO_FLIGHTTERMINATION undocumented (unused?) test command (param1 > 1.5f) removed
- switching to NAVIGATION_STATE_TERMINATION triggers parachute command centrally (only if armed)
---------
Co-authored-by: Matthias Grob <maetugr@gmail.com>
Some system are able to dead-reckon for a while after losing GPS or
other sources providing positional feedback. If the estimated position
error grows above the failsafe threshold, the system enters a failsafe
mode. As the position error estimate is growing linerly over time, and
it is recommended to take action before entering the failsafe, we here
warn the user about the imminent failsafe and propose to take manual
control.
---------
Signed-off-by: Silvan Fuhrer <silvan@auterion.com>
Since we changed the threshold for allowing arming from TRIM/2 to AIRSPEED_MAX
is is very unlikely that one needs to disable this check.
Signed-off-by: Silvan Fuhrer <silvan@auterion.com>
COM_ARMABLE is set to "Disabled" will prevent arming.
This allows to set the parameter when ground demoing a drone or
if it's in maintenance for safety reasons.
Before this the ESC calibration aborts if battery detection doesn't work.
The problem is if the user still connects the battery as he gets instructed
and the calibration aborts then the ESCs are in calibration mode and
after abortion calibrate to the wrong value.
Also I realized there's no additional safety by aborting the calibration
if the battery cannot be detected during the timeout because a pixhawk
board without power module will report a battery status from the
ADC driverand in it that no battery is connected which is the best
it can do. In this situation the motors will still spin if the
ESCs are powered.
Some ESCs e.g. Gaui enter the menu relatively quickly if the
signal is high for too long. To solve that it's kept high shorter.
Also all tested ESCs detect the low signal within a shorter time
so no need to wait longer.
- Change timings for a more reliable calibration.
- Make sure there's an error message when battery measurement is not
available also when it gets disabled after system boot in the power
just above the calibration button.
- Safety check if measured electrical current goes up after issuing the
high calibration value for the case the user did not unplug power
and the detection either fails or is not enforced.
-set roll/pitch used for failure detection during transition to 0
-rotate estimated attitude 90° in FW flight
Signed-off-by: Silvan Fuhrer <silvan@auterion.com>
Set this flag to true if local position is valid but accuracy low, such that
the operator can be warned before system switches to position-failure failsafe.
Additionally, switch to RTL if currently in Mission or Loiter to try to reach home
or fly out of GNSS-denied area.
Set low accuracy threshold to 50m by default for FW and VTOL.
Signed-off-by: Silvan Fuhrer <silvan@auterion.com>
Otherwise the flight time restriction flag gets cleared too early, before
disarming (which puts the vehicle into the previous mode and it might
take off again).
Fixes the following case:
- user intention set to X
- failsafe triggers, mode = Y
- can_run for X becomes false
- user tries to switch to X
-> need to re-evaluate can_run
