Copter: ensure we have a position estimate before arming in Loiter, PosHold, etc #12928
Conversation
These are checks that can never be bypassed
rmackay9
force-pushed
the
copter-always-do-arming-checks
branch
from
0cc83d6
to
28d8b2e
Compare
rmackay9
force-pushed
the
copter-always-do-arming-checks
branch
from
28d8b2e
to
fc682a1
Compare
| @@ -441,11 +393,13 @@ bool AP_Arming_Copter::gps_checks(bool display_failure) | |||
| // warn about hdop separately - to prevent user confusion with no gps lock | |||
| if (copter.gps.get_hdop() > copter.g.gps_hdop_good) { | |||
| check_failed(ARMING_CHECK_GPS, display_failure, "High GPS HDOP"); | |||
| AP_Notify::flags.pre_arm_gps_check = false; | |||
There was a problem hiding this comment.
I wonder if this could go into check_failed; the first field should be enough to switch on or whatever.
There was a problem hiding this comment.
@peterbarker, the problem is that it needs to be set to true some times as well and I'd rather not spread that logic out over too many functions.
| @@ -643,6 +671,15 @@ bool AP_Arming_Copter::arm_checks(AP_Arming::Method method) | |||
| return AP_Arming::arm_checks(method); | |||
| } | |||
|
|
|||
| // mandatory checks that will be run if ARMING_CHECK is zero or arming forced | |||
| bool AP_Arming_Copter::mandatory_checks(bool display_failure) | |||
There was a problem hiding this comment.
This confuses me because we already have some mandatory checks in bool AP_Arming_Copter::run_pre_arm_checks(bool display_failure) (https://github.com/ardupilot/ardupilot/blob/master/ArduCopter/AP_Arming.cpp#L38)
If force-arming bypassed those then I think we're agreed there's a bug as forced-arming should be the same as setting the arming-check bitmask to zero. If we have such a bug then the checks I've referenced aren't being run, and that's not good.
There was a problem hiding this comment.
@peterbarker, yes and I struggled with all this going back and forth on where to put the "mandatory_gps_checks" and the interlock checks. The problem is that beyond providing the failure message to the user we also need to set the "AP_Notify::flags.pre_arm_gps_check" flag. If ARMING_CHECK = 0 or using the "force" armed then the flag needs to be set based on the shorter set of checks, otherwise the flag needs to be set based on the full set. There are a couple of ways to accomplish this but I thought this method was as good as any.
| } | ||
| } | ||
|
|
||
| // check EKF compass variance is below failsafe threshold |
There was a problem hiding this comment.
Whoops. Not a GPS check!
There was a problem hiding this comment.
I think we use "gps check" as an analogy for "position estimate check". I don't think it adds value to split them into two separate checks at this point. Maybe in the future when we enhance the non-GPS navigation features.
| } | ||
|
|
||
| // check home and EKF origin are not too far | ||
| if (copter.far_from_EKF_origin(ahrs.get_home())) { |
There was a problem hiding this comment.
Also no a GPS check! (the method has "gps" in the name :-)
There was a problem hiding this comment.
as mentioned above, "gps check" is analogous to "position estimate check" at the moment. It's an existing bit of fuzziness I think that's not worth trying to correct at the moment.
|
this has been added to Copter-4.0.0-rc3 |
This PR resolves issue #11435 which was a serious safety hazard because users could attempt to fly in a mode that requires a position estimate without actually having one by either setting ARMING_CHECK = 0 or using the new "arm throttle force" feature.
To highlight the danger, in SITL I was able set GPS_TYPE = 0 and then arm and fly in Loiter mode. The result was the vehicle pitched over at 45degrees and would barely respond to user input.
This has been tested in SITL by doing the following:
The vehicle refused to arm and instead displayed the message "PreArm: EKF2 still initialising". This is not a great message but compared to Copter-3.6 which simply displays, "PreArm:" (with no message) this is an improvement.
The same behaviour was observed with this similar test:
Also to ensure the vehicle could still be armed in non-GPS modes the following test was done:
As expected the vehicle could be armed.