The implementation before this change had two timeouts, a hard-coded
timeout of 0.5 seconds as well as a by param configurable timeout with
certain failsafe actions set.
This change aims to fix two problems:
1. The hard-coded offboard timeout can be triggered easily with sped up
lockstep simulation. Since i t is hard-coded it can't be adapted to
the speed factor.
2. The offboard signal can time out but no action will be taken just
yet. This means we end up in an in-between stage where no warning or
failsafe action has happened yet, even though certain flags are set
to a timeout state.
This patch aims to fix this by unifying the two timeouts to the existing
configurable param. The convoluted double timeout logic is replaced by a
simple hysteresis.
For anyone that has previously not changed the default timeout param (0),
the param will now be changed to 0.5 seconds which reflects the
previously hardcoded time. For anyone with a specific timeout
configured, the behaviour should remain the same.
Also, going forward, timeouts lower than 0.5 seconds should be possible.
Regression from https://github.com/PX4/Firmware/pull/13613.
VEHICLE_CMD_COMPONENT_ARM_DISARM from CLI would enter the
ARMING_STATE_IN_AIR_RESTORE logic. This was never intended for disarming
(and leads to state machine transition failures), and IMO it is also not
intended for commands from CLI.
Regression from 6dec451bab, leading to
preflight failures not being reported at all. Only after a failed arming
attempt the messages would be sent. And for GPS check failures, in case
they are set to optional (default), arming would be possible, but switching
to position would be rejected w/o error.
We need to run the preflight checks periodically, but this at least restores
the previous behavior.
This was inverted, i.e. set to false in most cases, whereas it should be
true.
As a consequence, both powerCheck and airspeed.confidence checks were not
executed.
- landed, maybe_landed, or ground_contact required before the safety
button is able to disarm
- this reduces the risk of a faulty safety button triggering in regular
flight
The bulk of this change was tightly coupled and needed to be deleted in one pass. Some of the smaller changes were things that broke as a result of the initial purge and subsequently fixed by further eradicating unnecessary platform differences. Finally, I deleted any dead code I came across in the related files I touched while going through everything.
- DriverFramework (src/lib/DriverFramework submodule) completely removed
- added dspal submodule in qurt platform (was brought in via DriverFramework)
- all df wrapper drivers removed
- all boards using df wrapper drivers updated to use in tree equivalents
- unused empty arch/board.h on posix and qurt removed
- unused IOCTLs removed (pub block, priv, etc)
- Integrator delete methods only used from df wrapper drivers
- commander: sensor calibration use "NuttX version" everywhere for now
- sensors: update to px4_{open, read, close} instead of DevMgr wrapper (adc open for analog differential pressure)
- battery_status: update to px4_{open, read, close} instead of DevMgr wrapper (adc open for analog differential pressure)
- cdev cleanup conflicting typedefs and names with actual OS (pollevent_t, etc)
- load_mon and top remove from linux boards (unused)
- delete unused PX4_MAIN_FUNCTION
- delete unused getreg32 macro
- delete unused SIOCDEVPRIVATE define
- named each platform tasks consistently
- posix list_devices and list_topics removed (list_files now shows all virtual files)
* parameter and logic to commander for triggering failsafe from external automatic trigger system.
* logic to startup script for enabling ATS. Added uORB publishing to pwm_input module.
* Refactored out CDev usage from pwm_input and ll40ls. Refactored out ll40ls specifics from pwm_input and cleaned up dead code.
Innovation ratios have no unit: it is a ratio of to squared base unit.
For example:
[COM_ARM_EKF_VEL] = [vel_innov]**2 / ([GATE_SIZE]**2 * [VEL_VAR])
= [m/s]**2 / ([1]**2 * [m/s]**2)
= [1]
- instead of resetting existing calibration on start and having to wait
until the estimator converges, keep existing calibration applied and
subtract it.
- reduce calibration time from 5s to 500ms, and check for motion during
that time.
- repeat if there was motion
- fix an uorb resource leak
- if less than 6 sides are calibrated, keep the existing calibration and
update the offsets and scales
- if 2 sides are calibrated, estimate the offsets only (as this is enough
if a full calibration was done already, and the problem is not
constrained enough to estimate scales and offsets)
So it is independent from the number of configured sides.
Previously, each side would take longer if less than 6 sides were
calibrated.
Also fixes a bug: calibration_sides was used before it was updated, leading
to different behavior on consecutive calibrations with <6 sides.
Fixes a serious bug in combination with the HMC5883 driver (also used for
HMC5983): this driver estimates a scale in MAGIOCCALIBRATE and applies it.
The calibration routine does the calibration with that scale applied, and
then overwrites it, without considering it in any way.
Most other mag drivers only do some measurements and perform some checks
in MAGIOCCALIBRATE (but the result is just ignored).
Daniel Agar