Kill switch and arm/disarm logic #10133
Comments
|
Paging @dagar @lamping7 and @DonLakeFlyer . |
|
I originally brought up this issue because it really caught my by surprised. Luckily none of my body parts where in the way when I disengaged the kill switch and the props spun back up. My use of the kill switch tends to come from unstable landings. I drag around an antenna under the landing gear which can screw up landings at time. So when I see the vehicle possibly tipping over I hit the kill switch. For this purpose a disarm switch would not work since at least for me "disarm" does not always work. It only seems to work if I first change the flight mode to manual. Otherwise it says "not landed or not in manual mode" and won't disarm. So I use the kill switch on the transmitter as a faster version of the Emergency Stop slider in QGC. |
|
The kill switch is a great safety feature, but I'm a bit concerned with the way I commonly see it being used more or less like a fast arm switch. The controllers don't know the kill switch is active and can easily get into a bad state. I think having the kill switch also auto-disarm would alleviate the problems without reducing its intended use as a safety feature. |
The first proposal would fix this. Because then it wouldn't auto-arm or fast arm like you call it. And I agree. The kill switch is for emergency scenarios, not as a workaround. |
That's certainly how I would have expected it to work. |
|
I agree with what @dager said. From my experience, it's used as @DonLakeFlyer explained. |
|
The whole issue is basically to see if there any reasons why using the kill switch doesn't automatically force disarm. Here we have reasons why it should, so if the more experienced users don't have any reasons why it is the way it is now it's an easy decision. |
|
I'll wait for any dissenting opinions, but I would then propose.
|
One thing that I can think of is accidental kills in air that can quickly be reverted in the current implementation but would most likely lead to a crash in the new proposal. |
|
Thanks for the input @ndepal. I actually think that's consistent with my goal here. Make it clear that the kill switch is intended for emergencies only. Beyond development and early testing the kill switch shouldn't be part of a normal users setup. There are a few different cases for this overall issue, but the common one I keep seeing is people using the PX4 kill switch like the arming switch in Betaflight. A lot of this would go away if QGC had an arming switch configuration next to (or in place of) the kill switch configuration. There's already logic for quick rearm in air for manual flight situations. We can work on improving this use case once we get the kill switch abuse under control. |
This comes from parameter meta data. |
|
I'm ok with the kill switch leading to a forced disarm as well - but the disarming must not depend on any checks to pass. |
It's there and should be used for any normal usage to disable the drone by switch. That was actually my first feature contribution: #6093 and was recently improved by @bkueng #9622. I think we should offer it also via UI.
@ndepal I agree, that's very likely the reason why it never disarmed at the same time. If that's a concern we could give the force disarm command a short delay to still enable reverting. I think noone accidentally disables the kill switch within 4 seconds of enabling it. What do you think? As dagar said
That's key, that's its only purpose. |
That sounds like a good idea. |
|
Initial PR #10175 |
|
Just FYI, the arm/disarm switch is documented: https://docs.px4.io/en/config/safety.html#arming_switch @DonLakeFlyer If you add this as an option in the UI for RC switch selection, can you please let me know so I can update corresponding docs. |
Support for that has been in for a while now. |
|
On the dev call it was suggested that (with a safe debounce) the emergency kill switch should latch and require a reboot to clear. Separately I'd like to push on any remaining arm/disarm switch and arming state machine annoyances that stand in the way of people using this mechanism directly. For example, @DonLakeFlyer if you still have the logs I'd be interested in reviewing any situations where disarm didn't work as you needed it to as well as any log where you needed to trigger kill. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
From the discussion that started on the PX4 slack this issue is opened so the discussion on the relation between the kill switch and arm/disarm logic.
As proposed by me and also other users on the slack the kill switch (KS) should also automatically disarm the platform. Right now if the KS is activated, props stop immediatly (good for emergencies) but if the user/dev forgets to disarm before deactivating the KS props immediatly turn on with a high probabiliy of a crash (because the control loop is still on).
So proposal #1 is when the Killswitch is activated the platform is immediatly and automatically disarmed aswell.
This would improve security.
Another proposal that was discussed was the possible addition of a arm/disarm switch.
The text was updated successfully, but these errors were encountered: