Mission checksum package #1171
Comments
|
Very interested in this as well. |
|
Yes! And helpful with knowing if the flight plan on the vehicle is the same or different than what is onscreen (eg QGC). |
|
PX4 and QGC do something similar for parameters. It would be nice if we could use the 0th index for this, but ArduPilot populate that with the home position. |
|
It could be something as simple as a mission item that is simply ignored by the autopilot. It is only the UI that should be in charge of synchronization anyway.
The checksum item could be placed first in the mission of second (just after takeoff) if this is more convenient. |
|
I guess it could be done similar to MAV_CMD_DO_LAND_START (#189 ). This acts as a marker in the mission waypoint list. I know that making it a command has a double purpose, that makes sense for land start cmd, but the idea of a marker wp in the mission list containing the mission checksum could be implemented with small changes in both mavlink and autopilot's. i agree that placing the marker early in the mission list is preferred. |
|
I think it needs to be handled like metadata across multiple parts of the mission protocol to solve most of the problems efficiently. I'd also like to consider the hash itself being part of the spec. For example, We should be able to request a hash for an entire mission, subset range, or individual mission_item. That could also enable incremental sync. |
|
@dagar Proposal makes total sense. @holmnikolaj do you want to extend your PR to include a full proposal? |
|
Along with broadcast, might be nice to be able to request rebroadcast. So if, for example you missed the mission change message you could still request a new one. Maybe use MAV_CMD_REQUEST_MESSAGE for this. If we head down this path though it becomes perhaps something that should be done as an RFC. |
|
The points of implementing it as a mission item was that:
Not saying it has to be that way, just some reasons why I proposed this solution. |
|
@holmnikolaj do you want to extend your PR to include a full proposal? |
|
@holmnikolaj Lorenz is probably away today. What I think he is suggesting is a more fully developed proposal in line with the suggestion @dagar made above: #1171 (comment) Basically what you proposed is a mission command within the mission. So if you have uploaded a mission previously you get a checksum. If you want to check the mission again you have to kick off another upload. The first item tells you that if the mission has changed, and you can ignore the rest of the items. That is good as far as it goes - but firstly you have to "pull" the information rather than being told that the mission has changed, and secondly this results in a whole sequence of mission upload that you might not actually need (unnecessary messages). Daniel has proposed that the system might emit the checksum when something changes (and I have suggested you might do so on request). He has also said you could then define different levels of hash - for entire mission, subset range, or individual mission_item (ie to enable incremental sync). To my mind that is probably more than a PR, but you could start outlining how you would do it. Or push back if you this does not make sense to you. |
|
As I understand it you want a solution where:
I think the possibility to have checksums for sections of a mission makes good sense, but if you are in doubt about a single waypoint why not upload it again instead of requesting a checksum for it? I want a solution where:
That way we avoid miscalculations in the checksum due to float/double precision. To get all this I want to propose the following solution:
These could be added to a mission in the beginning of the entire mission, and again in in the beginning of mapping areas etc. The CGS will calculate the checksums, and the MAV just copies the relevant checksums to the MISSION_CURRENT message that will be sent when waypoint reached or by request as usual. That way we can get an implementation that will work without opening a big can of worms. We have the best of both yours and my idea. This whole thing can be ignored for GCS/autopilots that does not want to use it. When we one day decide to change the structure of missions to support section division and make the MAV calculate the checksum itself, this will still work by just leaving the mission checksum items out of the mission. The downside is that the mission will contain (otherwise unnecessary) items, but it supports enhancements where the drone calculates it itself and thereby removing the extra mission items. |
|
The checksums on sections seems overly complicated. Although something needs to be done about partial uploads. How do you update the checksum for the entire mission is you are only updating a single item. Using a new mission item to store a checksum in a mission upload is tricky since old firmwares which don't know about this item will fail the upload. The whole thing is likely to need a capability bit.
Having this as a separate command as well instead of just streaming MISSION_CURRENT seems like a good idea. A GCS doesn't really know the telemetry rate of that stream which can be adjusted. Having a more deterministic way to get it may speed things up in some case. |
|
I am working with @holmnikolaj on this issue. We have updated the pull request to include some of the comments. We have reduced the scope of the change to address only a checksum/unique id for the whole mission (I'll comment on our considerations shortly), and we have added a bit to MAV_PROTOCOL_CAPABILITY. We have introduced a MISSION_UID message rather than extending MISSION_CURRENT. Logically, changes in the current waypoint (broadcasted via MISSION_CURRENT) has nothing to do with the mission UID, so we propose to keep them separate. We considered extending the MISSION_CHANGED message, which is logically a better fit, but requesting MISSION_CHANGED to determine if a GCS mission is in sync doesn't match the intention/description of MISSION_CHANGED very well. |
|
Regarding partial mission upload: we have not specified this since the protocol for partial uploads is still to be defined (as far as we know) but MISSION_WRITE_PARTIAL_LIST cloud potentially be extended to include the new UID for the whole mission (which the GCS can calculate). Regarding checksums/ids for parts of the mission: we agree with @hamishwillee that such a multi-level ID requires more than just a PR but we think that the mission UID would be a reasonable feature in itself (hence this proposal). We have marked the four parameters of the MAV_CMD_MISSION_UID cmd that was used for the section checksums/ids in the previous suggestion as reserved. We still see it as a viable solution but we think that the details should be defined in the context of a full multi-level ID solution. |
|
@prebenfihl @holmnikolaj We have a MAVLink devcall this evening at 5pm AEST - in about 7 hours: https://mavlink.io/en/about/support.html#dev_call As I understand it you still intend that MAV_CMD_MISSION_UID be sent in the mission? As pointed out by @DonLakeFlyer this will break older firmware, which should reject the mission. Further to that, I'd like the explicit agreement of @dagar that he is OK that this proposal does not preclude partial mission support in future.
Note, that you do need to consider that there may be multiple GCS or GSC and developer APIs affecting the mission. Not just a single GCS. With respect to partial missions I believe the requirement is well understood, I just can't get the documentation reviewed: mavlink/mavlink-devguide#157 @DonLakeFlyer As an aside, the behaviour for unsupported mission types is not documented in https://mavlink.io/en/services/mission.html - though it makes sense to reject the whole mission if an item is not understood because you don't know how important a particular item is to the whole mission. Does any Firmware do anything different here? |
|
Thanks for attending the 20190710-Dev-Meeting @holmnikolaj ! Just to summarise the results, we agree the value of the checksum, and that your general approach is good. However we'd like to use the yet-to-implement mavlink microservices protocol to check the existence of the message rather than a capability bit. @julianoes will look into defining/implementing that, starting in 4 weeks, and expected to get something working in 3 months. |
|
Hi @holmnikolaj, The discussion here was long ago, so can you please check my summary/recollection of the thinking:
Further thoughts/questions:
|
|
I discussed your questions with @prebenfihl. We did however talk about some ways for handling the partial uploads with multiple GCS connected. We could have a look at how it is handled in STANAG 4586 where GCSs have different levels of interoperability (LOI) such that only one GCS is in charge and the rest can only listen. It can then hand over the control if needed. Otherwise we could spend the time between development of UID and Partial upload to agree on how the UID is calculated. That way the drone can respond with a new UID after partial upload and the drone can check if it gets the same. |
|
Thanks @holmnikolaj - I'm not sure we can treat it as out of scope, because some systems do support it (e.g. ArduPilot - albeit in a horrible and broken way). Cooperative GCS interoperability is a bigger problem; it is not just a matter of GCS - any mavlink app would have to buy into this in some way. I wouldn't want to go down that path to fix this problem.
I'm not certain the GCS needs to know how the UID is generated, it just needs to know that it has changed. Depends on whether the GCS uses an id for comparison that it calculates OR it uses an ID that is given by the drone. The first way means that you have have a common mechanism for generating the hash, the second means that you have to have a way of reliably associating the hash with the mission that someone just uploaded. A possible solution assuming the second option
What I really like about this is that I think it breaks nothing and could be rolled out straight away without side effects. i.e. if working with a drone or gcs that has not been updated or does not support this feature the fields for the UID will always be zero. We can make that a magic number that means unknown or not supported. Ie if GCS gets zero from upload it knows that the drone doesn't support hash, and if it gets zero from a download, same thing. |
|
Your proposal does have some advantages, but the reason why we wanted this in the first place was to ensure that the GCS could compute an ID for comparison. Consider the case that you made some changes to your mission on your GCS and you don't know if you are in sync (due to program crash etc). The UID is only calculated on the drone and we don’t know if the UID, the GCS has, corresponds to the mission it shows. To solve that the GCS has to be able to calculate the UID itself and then we are back to all agreeing on how this is done. However, your proposed way of exchanging the UID would still make sense. It might be the best option but as mentioned earlier I think it makes the implementation a lot more complicated. However I we consider the UID calculated on the drone to be the "deciding" one then the GCS will just have to know how the autopilot that is connected calculates it. That could be different from autopilot to autopilot, and in case the calculation is not implemented on the GCS it only loses the feature mentioned above. |
|
@holmnikolaj Sure. Then we just need to include the hash in the mission upload from GCS and have some way to verify before we start that the mechanism is supported. So perhaps something like:
For the partial upload I don't see any way to make these work "end to end" unless the id is generated on the drone (or both end). Realistically there are bigger problems than this with getting these to work robustly, so for this case just making it clear to other systems they can no longer rely on the stored copy is the important thing. Any obvious holes in this? |
|
@hamishwillee |
|
Cool :-) @julianoes @julianoes @auturgy @DonLakeFlyer There is a way to do this mission checksum without mission commands or breaking GCS or autopilot systems that don't know about it. Broad scope of proposal above #1171 (comment) - but it comes down to adding the checksum in
|
|
A thought on the calculation of the mission UID: An array of mission_item fields could be the basis for the checksum but omitting |
|
We should use the same approach as in the param checksum, given this is the same approach.
… On 23 Sep 2019, at 12:42, prebenfihl ***@***.***> wrote:
A thought on the calculation of the mission UID:
Using a standard checksum or hashing function seems reasonable (CRC, SHA, ...) and when balancing computational complexity with the uniqueness of the UID a CRC32C checksum could be a suggestion.
An array of mission_item fields could be the basis for the checksum but omitting <target_system> and <target_component> (since two drones could fly the same mission). Sequence number (<seq>) of the mission item could probably also be omitted (changing the sequence number is reflected in the changed order of waypoints).
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
@DonLakeFlyer Sounds like we're heading towards consensus. I'd rather pay the cost of the drone calculating the hash too, as it allows us to deal with all edge cases.
Yes, I am proposing exactly the model that you are - a command protocol request for the UID. This will either be acked (supported) and then the PLAN_UID emitted, or NACKED as not supported. The only remaining decision here is whether the emitted message always contains all triplets, or you individually request UIDs for each part of plan. Historically we'd use a dedicated command for requesting that The only point of clarification with the above is that I never refer to using |
You individually request to future proof yourself against additional MAV_MISSION_TYPEs showing up in the future. If you get them all at once then PLAN_UID is locked down to current set. Or limited to as many as you can fill into the structure as it grows. |
|
Yes, that is what I think too. I'm going to disappear for a few days on another task and to give people a chance to comment. Assuming we're all in broad agreement is everyone happy for me to create a PR for the message changes? (that is an open question to all of you). That would happen late next week. If you want it earlier, then anyone is free to do this work. |
If MISSION_COUNT is extended then it might be worth also extending MISSION_ACK to include the UID. It is not necessarily required because of the PLAN_UID broadcast but conceptually it fits very nicely with the mission protocol (in stead of listening for the broadcast in a separate mechanism/process). |
Fine by me |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
This issue has been automatically marked as stale because it has not had recent activity. Thank you for your contributions. |
|
This issue has been automatically marked as stale because it has not had recent activity. Thank you for your contributions. |
|
This issue has been automatically marked as stale because it has not had recent activity. Thank you for your contributions. |
|
I didn't understand the entire discussion here, a bit above my pay-grade, but i just wanted to check if this will also work in the scenario where the drone itself changes its own mission ( such as a lua script loading a mission from the SD-card, or a lua script adjusting things in the mission on-the-fly), as this is also an increasingly common scanario where the GCS's UI can get out-of-sync with the mission thats in the drone. -eg this example.. https://github.com/ArduPilot/ardupilot/blob/master/libraries/AP_Scripting/examples/mission-edit-demo.lua |
|
Hi @davidbuzz The discussion has moved on and the end result is captured in #1172. For this to work as intended, that broadcast has to happen however the mission is updated - Lua, load from file, whatever (technically MAVLink can only "mandate" this for for the MAVLink mission protocol). @peterbarker Was making the point that if your scripts make frequent updates to a mission this will mean increased computational burden for calculating the hash and increased bandwidth consumption for the mavlink messages. I'm trying to establish whether this is a "real" concern, and if so whether there are ways to handle this - the obvious one being that a flight stack can choose to turn off support using a parameter. Would love your thinking on this, but please add to #1172 |
|
This issue has been automatically marked as stale because it has not had recent activity. Thank you for your contributions. |
|
This actually delivered into development.xml in #1172 but got pulled out due to toolchain issues. Needs to go back in again and then this can be closed. |
|
This issue has been automatically marked as stale because it has not had recent activity. Thank you for your contributions. |
Instead of downloading all the mission from the drone to check that they are in sync it would be much faster if the mission started with a checksum item. As far as I can see there is no such thing at the moment but this would be very helpful for setups with long missions and poor link quality.
The text was updated successfully, but these errors were encountered: