mirror of
https://github.com/PX4/PX4-Autopilot.git
synced 2026-05-15 02:06:53 +08:00
Gennaro Guidone
48ea8ee939
* feat(gpsRedundancyCheck): add GPS redundancy failsafe with divergence check - Monitors GPS count and triggers configurable failsafe (COM_GPS_LOSS_ACT) when count drops below SYS_HAS_NUM_GPS - Tracks online (present+fresh) and fixed (3D fix) receivers separately; emits "receiver offline" vs "receiver lost fix" - Detects position divergence between two receivers against combined RMS eph uncertainty plus lever-arm separation - Pre-arm warns immediately; in-flight requires 2s sustained divergence to suppress multipath false alarms - Adds GpsRedundancyCheckTest functional test suite New parameters: SYS_HAS_NUM_GPS, COM_GPS_LOSS_ACT * feat(sensor_gps_sim): publish second GPS instance using SENS_GPS1 lever arm params When SENS_GPS1_OFFX or SENS_GPS1_OFFY is non-zero, publish a second sensor_gps instance offset by those values from the vehicle position. fix(sensor_gps_sim): give second instance distinct device_id Both simulated GPS instances previously shared the same device_id (address 0x00). This prevented testing the device-ID matching path in SITL since both slots would match the same receiver. * refactor(gpsRedundancyCheck): address code review feedback * refactor(gpsRedundancyCheck): address code review feedback * docs: add GNSS check failsafe documentation Update safety.md and releases/main.md to document the new GNSS check failsafe (SYS_HAS_NUM_GNSS, COM_GPS_LOSS_ACT) introduced in PX4. * docs(update): Subedit to taste * refactor(gps): move GNSS redundancy detection into sensors module Add GnssRedundancyStatus topic and GnssRedundancyMonitor in vehicle_gps_position. Commander's gpsRedundancyCheck becomes a thin consumer of the new topic. Detection lives with blending/fallback in one module. Also rename COM_GPS_LOSS_ACT -> COM_GNSS_LSS_ACT. * docs(safety): clarify GNSS failsafe wording and rename COM_GNSS_LSS_ACT * refactor(failsafe): consistent default case as fallback for existing option * Rename COM_GNSS_LSS_ACT -> COM_GNSSLOSS_ACT for readability * fix(gnssRedundancyCheck): move logic back into the commander checks and various improvement suggestions - Rename to GNSS instead of gps - Use hysteresis - Small logic refactorings - Adapt unit tests to different interface - User reporting on which GPS is offline or doesn't have a fix * docs(gnssRedundancyCheck): simplify explanations * refactor(gnssRedundancyCheck): update year numbers in copyright --------- Co-authored-by: Hamish Willee <hamishwillee@gmail.com> Co-authored-by: Matthias Grob <maetugr@gmail.com>
65 lines
3.4 KiB
Plaintext
65 lines
3.4 KiB
Plaintext
# Input flags for the failsafe state machine set by the arming & health checks.
|
|
#
|
|
# Flags must be named such that false == no failure (e.g. _invalid, _unhealthy, _lost)
|
|
# The flag comments are used as label for the failsafe state machine simulation
|
|
|
|
uint64 timestamp # time since system start (microseconds)
|
|
|
|
# Per-mode requirements
|
|
uint32 mode_req_angular_velocity
|
|
uint32 mode_req_attitude
|
|
uint32 mode_req_local_alt
|
|
uint32 mode_req_local_position
|
|
uint32 mode_req_local_position_relaxed
|
|
uint32 mode_req_global_position
|
|
uint32 mode_req_global_position_relaxed
|
|
uint32 mode_req_mission
|
|
uint32 mode_req_offboard_signal
|
|
uint32 mode_req_home_position
|
|
uint32 mode_req_wind_and_flight_time_compliance # if set, mode cannot be entered if wind or flight time limit exceeded
|
|
uint32 mode_req_prevent_arming # if set, cannot arm while in this mode
|
|
uint32 mode_req_manual_control
|
|
uint32 mode_req_other # other requirements, not covered above (for external modes)
|
|
|
|
|
|
# Mode requirements
|
|
bool angular_velocity_invalid # Angular velocity invalid
|
|
bool attitude_invalid # Attitude invalid
|
|
bool local_altitude_invalid # Local altitude invalid
|
|
bool local_position_invalid # Local position estimate invalid
|
|
bool local_position_invalid_relaxed # Local position with reduced accuracy requirements invalid (e.g. flying with optical flow)
|
|
bool local_velocity_invalid # Local velocity estimate invalid
|
|
bool global_position_invalid # Global position estimate invalid
|
|
bool global_position_invalid_relaxed # Global position estimate invalid with relaxed accuracy requirements
|
|
bool auto_mission_missing # No mission available
|
|
bool offboard_control_signal_lost # Offboard signal lost
|
|
bool home_position_invalid # No home position available
|
|
|
|
# Control links
|
|
bool manual_control_signal_lost # Manual control (RC) signal lost
|
|
bool gcs_connection_lost # GCS connection lost
|
|
|
|
# Battery
|
|
uint8 battery_warning # Battery warning level (see BatteryStatus.msg)
|
|
bool battery_low_remaining_time # Low battery based on remaining flight time
|
|
bool battery_unhealthy # Battery unhealthy
|
|
|
|
# Failure detector
|
|
bool fd_critical_failure # Critical failure (attitude limit exceeded, or external ATS)
|
|
bool fd_esc_arming_failure # ESC failed to arm
|
|
bool fd_imbalanced_prop # Imbalanced propeller detected
|
|
bool fd_motor_failure # Motor failure
|
|
bool fd_alt_loss # Uncommanded altitude loss (rotary-wing, altitude-controlled flight)
|
|
|
|
# Other
|
|
bool geofence_breached # Geofence breached (one or multiple)
|
|
bool mission_failure # Mission failure
|
|
bool vtol_fixed_wing_system_failure # vehicle in fixed-wing system failure failsafe mode (after quad-chute)
|
|
bool wind_limit_exceeded # Wind limit exceeded
|
|
bool flight_time_limit_exceeded # Maximum flight time exceeded
|
|
bool position_accuracy_low # Position estimate has dropped below threshold, but is currently still declared valid
|
|
bool navigator_failure # Navigator failed to execute a mode
|
|
bool parachute_unhealthy # Parachute system missing or unhealthy
|
|
bool remote_id_unhealthy # Remote ID (Open Drone ID) system missing or unhealthy
|
|
bool gnss_lost # Active GNSS count dropped below SYS_HAS_NUM_GNSS, or two receivers report inconsistent positions
|