Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extend Failure Detector functionalities #14766

Merged
merged 3 commits into from
Jul 1, 2020
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Commander: make optional tilt-check after takeoff (failure detector).
    - Introduced COM_LKDOWN_TKO parameter
    - Introduced auto disarm for lockdown state
    - Do not trigger flight termiantion if system is in lockdown

Signed-off-by: Claudio Micheli <[email protected]>
cmic0 committed Jun 30, 2020
commit 59ee4ffaf18abba9d2ee2a7f0dbf3486d21bab09
15 changes: 10 additions & 5 deletions src/modules/commander/Commander.cpp
Original file line number Diff line number Diff line change
@@ -1627,10 +1627,16 @@ Commander::run()
}

// Auto disarm after 5 seconds if kill switch is engaged
_auto_disarm_killed.set_state_and_update(armed.manual_lockdown, hrt_absolute_time());
_auto_disarm_killed.set_state_and_update(armed.manual_lockdown || armed.lockdown, hrt_absolute_time());

if (_auto_disarm_killed.get_state()) {
arm_disarm(false, true, &mavlink_log_pub, "Kill-switch still engaged, disarming");
if (armed.manual_lockdown) {
arm_disarm(false, true, &mavlink_log_pub, "Kill-switch still engaged, disarming");

} else {
arm_disarm(false, true, &mavlink_log_pub, "System in lockdown, disarming");
}

}

} else {
@@ -2152,10 +2158,9 @@ Commander::run()

if (status.failure_detector_status & vehicle_status_s::FAILURE_ARM_ESC) {
mavlink_log_critical(&mavlink_log_pub, "ESCs did not respond to arm request");

}

} else if (hrt_elapsed_time(&_time_at_takeoff) < 3_s) {
} else if (hrt_elapsed_time(&_time_at_takeoff) < (1_s * _param_com_lkdown_tko.get())) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this an else? It means during the first 500ms you don't check this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I originally made it like this because if you use PWM outputs in the first 500ms the signal is still in the spoolup phase, thus the vehicle has not yet taken off.

This probably does not hold if you use UAVCAN, right?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, and I'd like to avoid these kind of dependencies and implicit assumptions.

// This handles the case where something fails during the early takeoff phase
if (!_lockdown_triggered) {

@@ -2167,7 +2172,7 @@ Commander::run()
}

} else if (!status_flags.circuit_breaker_flight_termination_disabled &&
!_flight_termination_triggered) {
!_flight_termination_triggered && !_lockdown_triggered) {

armed.force_failsafe = true;
_flight_termination_triggered = true;
1 change: 1 addition & 0 deletions src/modules/commander/Commander.hpp
Original file line number Diff line number Diff line change
@@ -210,6 +210,7 @@ class Commander : public ModuleBase<Commander>, public ModuleParams
(ParamBool<px4::params::COM_MOT_TEST_EN>) _param_com_mot_test_en,

(ParamFloat<px4::params::COM_KILL_DISARM>) _param_com_kill_disarm,
(ParamFloat<px4::params::COM_LKDOWN_TKO>) _param_com_lkdown_tko,

// Engine failure
(ParamFloat<px4::params::COM_EF_THROT>) _param_ef_throttle_thres,
16 changes: 16 additions & 0 deletions src/modules/commander/commander_params.c
Original file line number Diff line number Diff line change
@@ -924,3 +924,19 @@ PARAM_DEFINE_FLOAT(COM_CPU_MAX, 90.0f);
* @max 4
*/
PARAM_DEFINE_INT32(COM_POWER_COUNT, 1);

/**
* Timeout for detecting a failure after takeoff
*
* A non-zero, positive value specifies the timeframe in seconds within failure detector is allowed to put the vehicle into
* a lockdown state if attitude exceeds the limits defined in FD_FAIL_P and FD_FAIL_R.
* The check is not executed for flight modes that do support acrobatic maneuvers, e.g: Acro (MC/FW), Rattitude and Manual (FW).
* A zero or negative value means that the check is disabled.
*
* @group Commander
* @unit s
* @min -1.0
* @max 5.0
* @decimal 3
*/
PARAM_DEFINE_FLOAT(COM_LKDOWN_TKO, 3.0f);