Skip to content

Commander: fix parachute trigger #24349

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 3, 2025
Merged

Commander: fix parachute trigger #24349

merged 1 commit into from
Mar 3, 2025

Conversation

bresch
Copy link
Member

@bresch bresch commented Feb 17, 2025
edited
Loading

Solved Problem

Setting lockdown disables the actuators. In this mode, force_failsafe has no effect as the actuators are disabled, so the parachute is not getting released as it requires the output to change to its failsafe value.

Solution

Only set the force_failsafe (not lockdown) flag when in flight termination

Alternatives

We could change the priority in

PX4-Autopilot/src/lib/mixer_module/mixer_module.cpp

Lines 477 to 489 in 01549a5

if (_armed.lockdown || _armed.manual_lockdown) {
// overwrite outputs in case of lockdown with disarmed values
for (size_t i = 0; i < _max_num_outputs; i++) {
_current_output_value[i] = _disarmed_value[i];
}
stop_motors = true;
} else if (_armed.force_failsafe) {
// overwrite outputs in case of force_failsafe with _failsafe_value values
for (size_t i = 0; i < _max_num_outputs; i++) {
_current_output_value[i] = actualFailsafeValue(i);
}
but I feel that this could be dangerous in HIL mode where switching to flight termination could trigger a physical parachute.

Test coverage

Tested on a Pixhawk4 with parachute configured on channel 4 with a failsafe value of 1234. The autopilot is then armed and tilted by 90 degrees to trigger the attitude failure detection.
main:

 actuator_armed
    timestamp: 32799326 (0.023821 seconds ago)
    armed: True
    prearmed: False
    ready_to_arm: True
    lockdown: True
    manual_lockdown: False
    force_failsafe: True
    in_esc_calibration_mode: False

nsh> pwm_out status
pwm_out: cycle: 25464 events, 692035us elapsed, 27.18us avg, min 24us max 54us 2.561us rms
pwm_out: interval: 25464 events, 1472.62us avg, min 1131us max 50061us 3298.229us rms
INFO  [mixer_module] Param prefix: PWM_AUX
control latency: 25464 events, 353165400us elapsed, 13869.20us avg, min 291us max 5852269us 230088.969us rms
INFO  [mixer_module] Switched to rate_ctrl work queue
Channel Configuration:
Channel 0: func: 101, value: 1000, failsafe: 1000, disarmed: 1000, min: 1100, max: 1900
Channel 1: func: 102, value: 1000, failsafe: 1000, disarmed: 1000, min: 1100, max: 1900
Channel 2: func: 103, value: 1000, failsafe: 1000, disarmed: 1000, min: 1100, max: 1900
Channel 3: func: 104, value: 1000, failsafe: 1000, disarmed: 1000, min: 1100, max: 1900
Channel 4: func: 401, value: **1000**, failsafe: **1234**, disarmed: 1000, min: 1000, max: 2000 <====

This PR:

nsh> pwm_out status
pwm_out: cycle: 25464 events, 692035us elapsed, 27.18us avg, min 24us max 54us 2.561us rms
pwm_out: interval: 25464 events, 1472.62us avg, min 1131us max 50061us 3298.229us rms
INFO  [mixer_module] Param prefix: PWM_AUX
control latency: 25464 events, 353165400us elapsed, 13869.20us avg, min 291us max 5852269us 230088.969us rms
INFO  [mixer_module] Switched to rate_ctrl work queue
Channel Configuration:
Channel 0: func: 101, value: 1000, failsafe: 1000, disarmed: 1000, min: 1100, max: 1900
Channel 1: func: 102, value: 1000, failsafe: 1000, disarmed: 1000, min: 1100, max: 1900
Channel 2: func: 103, value: 1000, failsafe: 1000, disarmed: 1000, min: 1100, max: 1900
Channel 3: func: 104, value: 1000, failsafe: 1000, disarmed: 1000, min: 1100, max: 1900
Channel 4: func: 401, value: **1234**, failsafe: **1234**, disarmed: 1000, min: 1000, max: 2000 <====

@bresch bresch requested a review from dagar February 17, 2025 10:54
@bresch bresch self-assigned this Feb 17, 2025
@DronecodeBot
Copy link

This pull request has been mentioned on Discussion Forum for PX4, Pixhawk, QGroundControl, MAVSDK, MAVLink. There might be relevant details there:

https://discuss.px4.io/t/servo-parachute-not-triggering/43742/3

@dagar
Copy link
Member

dagar commented Feb 18, 2025

I think there are a few things to untangle here.

  • these actuator_armed flags are not becoming any clearer over time. Now actuator_armed.lockdown is simply synonymous with HIL?
  • the usage of NAVIGATION_STATE_TERMINATION

Should we talk this through on the dev call?

@bresch
Copy link
Member Author

bresch commented Feb 18, 2025
edited by MaEtUgR
Loading

Now actuator_armed.lockdown is simply synonymous with HIL?

To me, lockdown should be a safe state where nothing moves. So don't run the motors, don't move servos, don't trigger a parachute. Currently this is required when using HIL, yes. It's apparently also used when in throw mode.

the usage of NAVIGATION_STATE_TERMINATION

There, the drone in a special mode where the autopilot decided that the drone can't fly anymore and it's time for last resort measures (parachute, protect payload, self-destruct, ...). We could assume that it's not safe to be next to the drone when this occurs, so it shouldn't be able to override lockdown.

Yes, let's discuss that in the DevCall.

@DronecodeBot
Copy link

This pull request has been mentioned on Discussion Forum for PX4, Pixhawk, QGroundControl, MAVSDK, MAVLink. There might be relevant details there:

https://discuss.px4.io/t/px4-sync-q-a-feb-19-2025/43827/1

@bresch
Commander: fix parachute trigger
5b061d2 
Setting "lockdown" disables the actuators. In this mode,
"force_failsafe" has no effect as the actuators are disabled, so the
parachute is not getting released as it requires the output to change to
its failsafe value.
@bresch bresch force-pushed the pr-fix_parachute branch from 2b2b600 to 5b061d2 Compare March 3, 2025 14:16
@bresch
Copy link
Member Author

bresch commented Mar 3, 2025
edited
Loading

During the dev call we said that we should change the output failsafe behavior. Instead of having a failsafe PWM position for each actuator, we could have something more explicit (e.g.: rotors->stop, parachute->trigger, gimbal->look up/close bay).

However, I can't work on this right now and we need a quick solution because right now the parachute doesn't work on main. Could we merge this PR?

sfuhrer
sfuhrer approved these changes Mar 3, 2025
View reviewed changes
Copy link
Contributor

@sfuhrer sfuhrer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fix makes sense independent of the further work, I agree.

@bresch bresch merged commit 2d1652f into main Mar 3, 2025
62 checks passed
@bresch bresch deleted the pr-fix_parachute branch March 3, 2025 14:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sfuhrer sfuhrer sfuhrer approved these changes

@dagar dagar Awaiting requested review from dagar

Assignees

@bresch bresch

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bresch @DronecodeBot @dagar @sfuhrer