* feat(gpsRedundancyCheck): add GPS redundancy failsafe with divergence check
- Monitors GPS count and triggers configurable failsafe (COM_GPS_LOSS_ACT) when count drops below SYS_HAS_NUM_GPS
- Tracks online (present+fresh) and fixed (3D fix) receivers separately; emits "receiver offline" vs "receiver lost fix"
- Detects position divergence between two receivers against combined RMS eph uncertainty plus lever-arm separation
- Pre-arm warns immediately; in-flight requires 2s sustained divergence to suppress multipath false alarms
- Adds GpsRedundancyCheckTest functional test suite
New parameters: SYS_HAS_NUM_GPS, COM_GPS_LOSS_ACT
* feat(sensor_gps_sim): publish second GPS instance using SENS_GPS1 lever arm params
When SENS_GPS1_OFFX or SENS_GPS1_OFFY is non-zero, publish a second sensor_gps instance offset by those values from the vehicle position.
fix(sensor_gps_sim): give second instance distinct device_id
Both simulated GPS instances previously shared the same device_id (address 0x00). This prevented testing the device-ID matching path in SITL since both slots would match the same receiver.
* refactor(gpsRedundancyCheck): address code review feedback
* refactor(gpsRedundancyCheck): address code review feedback
* docs: add GNSS check failsafe documentation
Update safety.md and releases/main.md to document the new GNSS check
failsafe (SYS_HAS_NUM_GNSS, COM_GPS_LOSS_ACT) introduced in PX4.
* docs(update): Subedit to taste
* refactor(gps): move GNSS redundancy detection into sensors module
Add GnssRedundancyStatus topic and GnssRedundancyMonitor in
vehicle_gps_position. Commander's gpsRedundancyCheck becomes a thin
consumer of the new topic. Detection lives with blending/fallback in
one module.
Also rename COM_GPS_LOSS_ACT -> COM_GNSS_LSS_ACT.
* docs(safety): clarify GNSS failsafe wording and rename COM_GNSS_LSS_ACT
* refactor(failsafe): consistent default case as fallback for existing option
* Rename COM_GNSS_LSS_ACT -> COM_GNSSLOSS_ACT
for readability
* fix(gnssRedundancyCheck): move logic back into the commander checks and various improvement suggestions
- Rename to GNSS instead of gps
- Use hysteresis
- Small logic refactorings
- Adapt unit tests to different interface
- User reporting on which GPS is offline or doesn't have a fix
* docs(gnssRedundancyCheck): simplify explanations
* refactor(gnssRedundancyCheck): update year numbers in copyright
---------
Co-authored-by: Hamish Willee <hamishwillee@gmail.com>
Co-authored-by: Matthias Grob <maetugr@gmail.com>
Extend COM_ARM_ODID into a unified arming + in-flight failsafe parameter (0 = Disabled, 1 = Warning, 2 = Return, 3 = Land, 4 = Terminate)
Values >= 2 block arming and trigger the configured action if Remote ID
is lost while airborne.
Detects when a rotary-wing vehicle drops more than FD_ALT_LOSS metres
below a NED-z reference while altitude control is active,
and immediately triggers flight termination (parachute deployment).
Detection (FailureDetector):
- FD_ALT_LOSS: drop threshold in metres (0 = disabled, default)
- FD_ALT_LOSS_T: hysteresis time
- Guards: rotary-wing only, altitude control active, z_valid, setpoint
fresh (<1 s). Manual, Acro and FW/VTOL-FW modes are excluded.
- Ratcheting reference: initialises to lpos.z on first sample below
setpoint, preventing false triggers on new waypoints
Failsafe action (commander):
- New fd_alt_loss flag in FailsafeFlags.msg
- COM_ALT_LOSS_ACT: -1=Disabled (default), 0=Terminate
- Terminate fires immediately, cannot be overridden, and never clears
until disarm (parachute deployment is irreversible)
To separate accuracy requirements for VTOL hover and cruise.
- global_position_relaxed refers to having a valid horizontal velocity aid source
in the estimator and a set global reference position, but poses no requirements
on the accuracy of the provided position estimate.
- Auto flight modes Mission, Loiter and RTL, while in fixed-wing mode,
only require the relaxed global position going forward
- COM_POS_FS_EPH is thus no longer used on fixed-wing vehicles (resp. VTOL in FW)
- rename failsafe_flags.local_position_accuracy_low to failsafe_flags.position_accuracy_low
---------
Signed-off-by: RomanBapst <bapstroman@gmail.com>
Signed-off-by: Silvan Fuhrer <silvan@auterion.com>
Co-authored-by: Silvan <silvan@auterion.com>
- do reporting of breaching in-air only in geofenceCheck
- remove geofence_violation_reason_t
- replace geofence_breached field in GeofenceResult.msg with 3 fields
(one for each GF type: max dist, max alt, custom geofence)
- the warning message after breaching a GF is only done by Commander,
and it's specific to the GF type failure
Signed-off-by: Silvan Fuhrer <silvan@auterion.com>
Set this flag to true if local position is valid but accuracy low, such that
the operator can be warned before system switches to position-failure failsafe.
Additionally, switch to RTL if currently in Mission or Loiter to try to reach home
or fly out of GNSS-denied area.
Set low accuracy threshold to 50m by default for FW and VTOL.
Signed-off-by: Silvan Fuhrer <silvan@auterion.com>
- update all msgs to be directly compatible with ROS2
- microdds_client improvements
- timesync
- reduced code size
- add to most default builds if we can afford it
- lots of other little changes
- purge fastrtps (I tried to save this multiple times, but kept hitting roadblocks)
Gennaro Guidone
gguidone
Matthias Grob
Roman Bapst
Silvan Fuhrer
bresch
Beat Küng
Daniel Agar