Community Announcement
Community Q&A
Project Updates
General Discussions
Weekly Overview
High priority queue
Release
Specify what you are trying to achieve
Specify what environment / platform you are using
Prepare a Link or Document to help understand if possible
First, ask the question on the Slack or create a Github Issue !
If you take over 5 minutes for the question, please continue in Slack or a Github Issue.
Can you trigger the kill switch from QGC? (moving away from RC)MAV_CMD_DO_FLIGHTTERMINATION
}
}
break;
case vehicle_command_s::VEHICLE_CMD_MISSION_START: {
cmd_result = vehicle_command_ack_s::VEHICLE_CMD_RESULT_DENIED;
// check if current mission and first item are valid
if (!_failsafe_flags.auto_mission_missing) {
// requested first mission item valid
if (PX4_ISFINITE(cmd.param1) && (cmd.param1 >= -1) && (cmd.param1 < _mission_result_sub.get().seq_total)) {
// switch to AUTO_MISSION and ARM
if (_user_mode_intention.change(vehicle_status_s::NAVIGATION_STATE_AUTO_MISSION, getSourceFromCommand(cmd))
Switching to control allocation by default, but we need to move the airframes and mixer files. This is the right time to start doing this
Request for comments for a new failsafe state machine architecture:
PX4:main β PX4:pr-failsafe-statemachine-rewrite
opened 08:08AM - 24 May 22 UTC
I was working on preflight check reporting with the events interface and wanted β¦ to check how it could fit into the whole structure. So I came up with this:
The basic idea is that the arming/health checks do the GCS reporting, prevent all or individual modes from arming, and can set flags that are then used in the failsafe state machine (the checks run and report during arming as well).
This PR is about implementing the failsafe state machine part.
### Failsafe state machine
- As one of the basic requirements, there needs to be a way to generate user documentation from the code.
I ended up using Emscripten, which allows to compile the C++ code directly to webassembly and run it in the browser. So any possible failsafe combination can be checked directly, and the logic corresponds 1:1 to what runs on the vehicle.
This allows to implement arbitrary logic in the C++ code.
At the same time it is very convenient for development (testing and debugging) as well.
The condition flags are extracted from the msg file directly, and there's a minimal parameter storage. The accessed parameters are added to the UI (using the parameter json metadata).
The implementation of this PR can be tested under https://logs.px4.io/plot_app/static/failsafe_test/index.html.
Use `make run_failsafe_web_server` to build & run it locally.
- The implementation is split into a generic framework (base class) and class that implements the actual checks (this could be vehicle-specific).
- The framework maintains a set of active actions and an action becomes active when a condition is triggered. Action can have additional settings (e.g. if user takeover is allowed). The selected failsafe is then the most severe active action.
So it's well-defined what happens when multiple failsafes trigger.
Then there's fallbacks to the next option, should the desired failsafe not be available.
- clear condition: by default, when the failure condition clears, the vehicle goes back into the user intended mode. An action can change this to e.g. clear only on disarming or on mode switch.
- user takeover: the default behavior is when an action is triggered, the vehicle first goes into Hold for N seconds (configurable, and disabled for N=0), with a user notification. During that time the user cannot take over. After that the action is triggered and the user can take over by switching into any mode or moving the sticks.
- `can_run`: this is a bitset for each mode if it can be executed (basically what `main_state_transition` currently does). This is used by the failsafe state machine for mode fallback. We probably need more granularity here later on (e.g. which modes require position).
- The behavior generally matches closely what we have now, apart from generically handling multiple failsafes. It can generally be changed as we need it.
- state machine inputs: minimal state (armed, vehicle type, user intended mode, user takeover request, etc), `vehicle_status_flags` (conditions) and param configuration
- output: failsafe action (if any), updated user intended mode
- Not everything is done yet, for testing I implemented the core of the existing failsafe state machine, `set_nav_state`, user takeover and a few other things.
- I'm also suggesting to change the lockdown action to disarm.
Feedback is welcome, also unexpected or unintended behavior (there's generally various details that can be done one way or another).
Thanks to @KonradRudin & @MaEtUgR for testing & support.
Screenshot of the web sim:
Proof of concept for all the mechanisms we should need to replace the current failsafe handling. Can be simulated by building a local web application directly from the C++ code to test out scenarios easily.
Priority inheritance bug in NuttX.
Recently updated Issues / PRs in PX4-Autopilot Link
Pull Requests
Issues
PX4 Dev Call: April 27, 2022
Discussion based on : High-Priority Queue Β· GitHub
Community Announcement
Community Q&A (No deep technical discussions)
Guideline for asking a Question
Project Updates
General Discussions
Weekly Overview
Github
Slack
Last Dev-Call
Release