The implementation before this change had two timeouts, a hard-coded
timeout of 0.5 seconds as well as a by param configurable timeout with
certain failsafe actions set.
This change aims to fix two problems:
1. The hard-coded offboard timeout can be triggered easily with sped up
lockstep simulation. Since i t is hard-coded it can't be adapted to
the speed factor.
2. The offboard signal can time out but no action will be taken just
yet. This means we end up in an in-between stage where no warning or
failsafe action has happened yet, even though certain flags are set
to a timeout state.
This patch aims to fix this by unifying the two timeouts to the existing
configurable param. The convoluted double timeout logic is replaced by a
simple hysteresis.
For anyone that has previously not changed the default timeout param (0),
the param will now be changed to 0.5 seconds which reflects the
previously hardcoded time. For anyone with a specific timeout
configured, the behaviour should remain the same.
Also, going forward, timeouts lower than 0.5 seconds should be possible.
This was inverted, i.e. set to false in most cases, whereas it should be
true.
As a consequence, both powerCheck and airspeed.confidence checks were not
executed.
* PreFlightCheck: remove unused reportFailures flag
* Commander: pull all pre flight checks together on the PreFlightCheck class
* PreFlightCheck: separate checks into their own files
This fixes the battery failsafe for the following corner cases:
- Battery failsafe set to Return but we can't do RTL because we don't
have a global position or home position. In this case we now switch to
Land. Land might end up in Descend in the failsafe state machine
later.
- Battery failsafe set to Land but we can't land because we don't have a
local position. In this case we switch to land anyway and then fall
back to descend in the failsafe state machine later.
The "fix" involves ignoring using the main_state_transition and
implementing the guards in place. This is a hack for now but should
cover the corner case until a more thorough refactor.
The different failsafe state machines have involved over time from
requirements and learnings based on developed solutions and products.
The implementations in various places will need to get consolidated in
the future.
Tested in SITL for Return and Land with and without GPS.
and remove the px4_ prefix, except for px4_config.h.
command to update includes:
for k in app.h atomic.h cli.h console_buffer.h defines.h getopt.h i2c.h init.h log.h micro_hal.h module.h module_params.h param.h param_macros.h posix.h sem.h sem.hpp shmem.h shutdown.h tasks.h time.h workqueue.h; do for i in $(grep -rl 'include <px4_'$k src platforms boards); do sed -i 's/#include <px4_'$k'/#include <px4_platform_common\/'$k/ $i; done; done
for in $(grep -rl 'include <px4_config.h' src platforms boards); do sed -i 's/#include <px4_config.h/#include <px4_platform_common\/px4_config.h'/ $i; done
Transitional headers for submodules are added (px4_{defines,log,time}.h)
Reason: if you don't want preflight checks, you don't want prearm checks
either (these are the circuit breakers, like usb connected check).
The other changes are cleanup and rework of operations.
In most cases, arming_state_transition is called with fRunPreArmChecks set
to true, so no change in behavior.
The cases with fRunPreArmChecks=false are:
- unit tests
- in_arming_grace_period=true (quick arming after disarm)
- VEHICLE_CMD_PREFLIGHT_CALIBRATION (does not transition to armed)
This allows to perform pre-arm checks and prevent arming if obstacle avoidance is enabled but not yet running.
Added a print once flag to prevent excessive message spamming in QGC.
Signed-off-by: Claudio Micheli <claudio@auterion.com>
To my knowledge this hil transition function is not used anymore,
however, it makes sending the DO_SET_MODE command unnecessarily complex.
In my opinion the DO_SET_MODE command should only change the mode but
not other things like arming (already removed) and HITL state (this
commit).
Often times, I was seeing the error message "Set SYS_HITL to 1 and
reboot to enable HITL." when using QGC with a vehicle in HITL.
HITL is set via parameter which then has an impact in the startup script
where the CLI argument `-hil` is added to some of the commands that
require it (like commander as well).
if fRunPreArmChecks was set to false, there were still cases where the
preflight checks could be called. This fixes that.
arming_state_transition() with fRunPreArmChecks=false is only called
when entering & leaving preflight calibration mode.
All other places use fRunPreArmChecks=true, which means there is no change
for these.
