Mirrors_Framework/PX4-Autopilot
1
0
Fork 0
mirror of https://github.com/PX4/PX4-Autopilot.git synced 2026-05-27 02:06:27 +08:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

feat(safety): GNSS redundancy failsafe (#26863)

Browse Source 
* feat(gpsRedundancyCheck): add GPS redundancy failsafe with divergence check

- Monitors GPS count and triggers configurable failsafe (COM_GPS_LOSS_ACT) when count drops below SYS_HAS_NUM_GPS
- Tracks online (present+fresh) and fixed (3D fix) receivers separately; emits "receiver offline" vs "receiver lost fix"
- Detects position divergence between two receivers against combined RMS eph uncertainty plus lever-arm separation
- Pre-arm warns immediately; in-flight requires 2s sustained divergence to suppress multipath false alarms
- Adds GpsRedundancyCheckTest functional test suite

New parameters: SYS_HAS_NUM_GPS, COM_GPS_LOSS_ACT

* feat(sensor_gps_sim): publish second GPS instance using SENS_GPS1 lever arm params

When SENS_GPS1_OFFX or SENS_GPS1_OFFY is non-zero, publish a second sensor_gps instance offset by those values from the vehicle position.

fix(sensor_gps_sim): give second instance distinct device_id

Both simulated GPS instances previously shared the same device_id (address 0x00). This prevented testing the device-ID matching path in SITL since both slots would match the same receiver.

* refactor(gpsRedundancyCheck): address code review feedback

* refactor(gpsRedundancyCheck): address code review feedback

* docs: add GNSS check failsafe documentation

Update safety.md and releases/main.md to document the new GNSS check
failsafe (SYS_HAS_NUM_GNSS, COM_GPS_LOSS_ACT) introduced in PX4.

* docs(update): Subedit to taste

* refactor(gps): move GNSS redundancy detection into sensors module

Add GnssRedundancyStatus topic and GnssRedundancyMonitor in
vehicle_gps_position. Commander's gpsRedundancyCheck becomes a thin
consumer of the new topic. Detection lives with blending/fallback in
one module.

Also rename COM_GPS_LOSS_ACT -> COM_GNSS_LSS_ACT.

* docs(safety): clarify GNSS failsafe wording and rename COM_GNSS_LSS_ACT

* refactor(failsafe): consistent default case as fallback for existing option

* Rename COM_GNSS_LSS_ACT -> COM_GNSSLOSS_ACT

for readability

* fix(gnssRedundancyCheck): move logic back into the commander checks and various improvement suggestions

- Rename to GNSS instead of gps
- Use hysteresis
- Small logic refactorings
- Adapt unit tests to different interface
- User reporting on which GPS is offline or doesn't have a fix

* docs(gnssRedundancyCheck): simplify explanations

* refactor(gnssRedundancyCheck): update year numbers in copyright

---------

Co-authored-by: Hamish Willee <hamishwillee@gmail.com>
Co-authored-by: Matthias Grob <maetugr@gmail.com>
This commit is contained in:
Gennaro Guidone
2026-05-11 18:02:55 +02:00
committed by GitHub
parent ba36572571
commit 48ea8ee939
14 changed files with 567 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/en/config/safety.md
+17
View File
@@ -229,6 +229,23 @@ In Fixed-wing, the position estimate is never strictly invalidated as long as we
Note that if there is no horizontal aiding source anymore, the position estimate is invalidated after `EKF2_NOAID_TOUT`, and the standard position loss failsafe applies.
### GNSS Check Failsafe
<Badge type="tip" text="PX4 v1.18" />
Triggers on either of:
- **Count drop**: receivers with a 3D fix drop below [SYS_HAS_NUM_GNSS](#SYS_HAS_NUM_GNSS). No failsafe action when `SYS_HAS_NUM_GNSS=0` (default).
- **Position divergence**: two receivers disagree beyond their expected separation (configured via [SENS_GPS0_OFFX/Y](../advanced_config/parameter_reference.md#SENS_GPS0_OFFX), [SENS_GPS1_OFFX/Y](../advanced_config/parameter_reference.md#SENS_GPS1_OFFX)) plus reported accuracy. Only triggers a failsafe action if `SYS_HAS_NUM_GNSS=2`.
At least a warning is emitted, additional failsafe actions can be configured using [COM_GNSSLOSS_ACT](#COM_GNSSLOSS_ACT).
Loss of a single GPS when none are required is handled by other GPS health checks.
| Parameter | Description |
| ----------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| <a id="SYS_HAS_NUM_GNSS"></a>[SYS_HAS_NUM_GNSS](../advanced_config/parameter_reference.md#SYS_HAS_NUM_GNSS) | Number of usable GNSS receivers required for arming and flight. If two are required then they also need to be consistent. |
| <a id="COM_GNSSLOSS_ACT"></a>[COM_GNSSLOSS_ACT](../advanced_config/parameter_reference.md#COM_GNSSLOSS_ACT) | Failsafe action when a GNSS failure is detected. Actions other than a warning also lead to arming being blocked. |
## Offboard Loss Failsafe
The _Offboard Loss Failsafe_ is triggered if the offboard link is lost while under [Offboard control](../flight_modes/offboard.md).
docs/en/releases/main.md
+1
View File
@@ -53,6 +53,7 @@ Please continue reading for [upgrade instructions](#upgrade-guide).
### Safety
- Rotary-wing vehicles now support uncommanded altitude loss detection: if the vehicle descends more than [FD_ALT_LOSS](../advanced_config/parameter_reference.md#FD_ALT_LOSS) meters below its setpoint in altitude-controlled flight, flight termination (and parachute deployment) is triggered. See [Altitude Loss Trigger](../config/safety.md#altitude-loss-trigger). ([PX4-Autopilot#26837](https://github.com/PX4/PX4-Autopilot/pull/26837))
- [GNSS check failsafe](../config/safety.md#gnss-check-failsafe): new failsafe that monitors the number of usable GNSS receivers with a 3D fix and their position consistency. The required number of receivers is set via [SYS_HAS_NUM_GNSS](../advanced_config/parameter_reference.md#SYS_HAS_NUM_GNSS) and the failsafe action via [COM_GNSSLOSS_ACT](../advanced_config/parameter_reference.md#COM_GNSSLOSS_ACT). ([PX4-Autopilot#26863](https://github.com/PX4/PX4-Autopilot/pull/26863))
### Estimation