iNav开源代码之严重炸机 -- FAILSAFE

已于 2023-07-22 06:33:54 修改
阅读量345 收藏
点赞数
分类专栏: xFlight 文章标签: iNav
于 2023-07-16 21:04:51 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/lida2003/article/details/131754780
版权

iNav开源代码之严重炸机 -- FAILSAFE

1. 源由

最近因为炸机,百思不得其解。

关于炸鸡的过程,就不再展开,都是“泪”啊!想进一步了解的,请参阅前面的初步分析。

链接:iNav开源代码之严重炸机 – 危险隐患

为了更清楚的搞清楚到底是哪里的问题,还是要从FAILSAFE的工作原理来分析,在相应FAILSAFE模式下代码逻辑是如何发生的。

先从FAILSAFE的类别,配置,阶段,以及状态机来看看是怎么个过程。

2. FAILSAFE类别

以下类别与Configurator中的Drop/Land/RTH一一对应,其中FAILSAFE_PROCEDURE_NONE是一个默认的状态,仅程序使用,GUI界面没有相关配置选项。

typedef enum {
    FAILSAFE_PROCEDURE_AUTO_LANDING = 0,
    FAILSAFE_PROCEDURE_DROP_IT,
    FAILSAFE_PROCEDURE_RTH,
    FAILSAFE_PROCEDURE_NONE
} failsafeProcedure_e;

3. FAILSAFE配置

配置参数默认在fc/settings.yaml文件中定义。在编译时,在目标板目录inav\build\src\main\target\target_name\target_name下生成settings_generated.c/h文件。

主要的配置参数如下所示:

typedef struct failsafeConfig_s {
    uint16_t failsafe_throttle_low_delay;       // Time throttle stick must have been below 'min_check' to "JustDisarm" instead of "full failsafe procedure" (TENTH_SECOND)
    uint8_t failsafe_delay;                     // Guard time for failsafe activation after signal lost. 1 step = 0.1sec - 1sec in example (10)
    uint8_t failsafe_recovery_delay;            // Time from RC link recovery to failsafe abort. 1 step = 0.1sec - 1sec in example (10)
    uint8_t failsafe_off_delay;                 // Time for Landing before motors stop in 0.1sec. 1 step = 0.1sec - 20sec in example (200)
    uint8_t failsafe_procedure;                 // selected full failsafe procedure is 0: auto-landing, 1: Drop it, 2: Return To Home (RTH)

    int16_t failsafe_fw_roll_angle;             // Settings to be applies during "LAND" procedure on a fixed-wing
    int16_t failsafe_fw_pitch_angle;
    int16_t failsafe_fw_yaw_rate;
    uint16_t failsafe_stick_motion_threshold;
    uint16_t failsafe_min_distance;             // Minimum distance required for failsafe procedure to be taken. 1 step = 1 centimeter. 0 = Regular failsafe_procedure always active (default)
    uint8_t failsafe_min_distance_procedure;    // selected minimum distance failsafe procedure is 0: auto-landing, 1: Drop it, 2: Return To Home (RTH)
    int16_t failsafe_mission_delay;             // Time delay before Failsafe triggered when WP mission in progress (s)
} failsafeConfig_t;

当前代码定义为:

  • SETTING_FAILSAFE_DELAY_DEFAULT // 0.5 sec
  • SETTING_FAILSAFE_RECOVERY_DELAY_DEFAULT, // 0.5 seconds (plus 200ms explicit delay)
  • SETTING_FAILSAFE_OFF_DELAY_DEFAULT, // 20sec
  • SETTING_FAILSAFE_THROTTLE_LOW_DELAY_DEFAULT, // 0, default throttle low delay for “just disarm” on failsafe condition
  • SETTING_FAILSAFE_PROCEDURE_DEFAULT, // 0, default full failsafe procedure
  • SETTING_FAILSAFE_FW_ROLL_ANGLE_DEFAULT, // 20 deg left
  • SETTING_FAILSAFE_FW_PITCH_ANGLE_DEFAULT, // 10 deg dive (yes, positive means dive)
  • SETTING_FAILSAFE_FW_YAW_RATE_DEFAULT, // 45 deg/s left yaw (left is negative, 8s for full turn)
  • SETTING_FAILSAFE_STICK_THRESHOLD_DEFAULT, // 50
  • SETTING_FAILSAFE_MIN_DISTANCE_DEFAULT, // 0, No minimum distance for failsafe by default
  • SETTING_FAILSAFE_MIN_DISTANCE_PROCEDURE_DEFAULT, // 1, default minimum distance failsafe procedure
  • SETTING_FAILSAFE_MISSION_DELAY_DEFAULT, // 0, Time delay before Failsafe activated during WP mission (s)

#define SETTING_FAILSAFE_DELAY_DEFAULT 5
#define SETTING_FAILSAFE_DELAY 88
#define SETTING_FAILSAFE_DELAY_MIN 0
#define SETTING_FAILSAFE_DELAY_MAX 200
#define SETTING_FAILSAFE_RECOVERY_DELAY_DEFAULT 5
#define SETTING_FAILSAFE_RECOVERY_DELAY 89
#define SETTING_FAILSAFE_RECOVERY_DELAY_MIN 0
#define SETTING_FAILSAFE_RECOVERY_DELAY_MAX 200
#define SETTING_FAILSAFE_OFF_DELAY_DEFAULT 200
#define SETTING_FAILSAFE_OFF_DELAY 90
#define SETTING_FAILSAFE_OFF_DELAY_MIN 0
#define SETTING_FAILSAFE_OFF_DELAY_MAX 200
#define SETTING_FAILSAFE_THROTTLE_LOW_DELAY_DEFAULT 0
#define SETTING_FAILSAFE_THROTTLE_LOW_DELAY 91
#define SETTING_FAILSAFE_THROTTLE_LOW_DELAY_MIN 0
#define SETTING_FAILSAFE_THROTTLE_LOW_DELAY_MAX 300
#define SETTING_FAILSAFE_PROCEDURE_DEFAULT 0
#define SETTING_FAILSAFE_PROCEDURE 92
#define SETTING_FAILSAFE_PROCEDURE_MIN 0
#define SETTING_FAILSAFE_PROCEDURE_MAX 0
#define SETTING_FAILSAFE_STICK_THRESHOLD_DEFAULT 50
#define SETTING_FAILSAFE_STICK_THRESHOLD 93
#define SETTING_FAILSAFE_STICK_THRESHOLD_MIN 0
#define SETTING_FAILSAFE_STICK_THRESHOLD_MAX 500
#define SETTING_FAILSAFE_FW_ROLL_ANGLE_DEFAULT -200
#define SETTING_FAILSAFE_FW_ROLL_ANGLE 94
#define SETTING_FAILSAFE_FW_ROLL_ANGLE_MIN -800
#define SETTING_FAILSAFE_FW_ROLL_ANGLE_MAX 800
#define SETTING_FAILSAFE_FW_PITCH_ANGLE_DEFAULT 100
#define SETTING_FAILSAFE_FW_PITCH_ANGLE 95
#define SETTING_FAILSAFE_FW_PITCH_ANGLE_MIN -800
#define SETTING_FAILSAFE_FW_PITCH_ANGLE_MAX 800
#define SETTING_FAILSAFE_FW_YAW_RATE_DEFAULT -45
#define SETTING_FAILSAFE_FW_YAW_RATE 96
#define SETTING_FAILSAFE_FW_YAW_RATE_MIN -1000
#define SETTING_FAILSAFE_FW_YAW_RATE_MAX 1000
#define SETTING_FAILSAFE_MIN_DISTANCE_DEFAULT 0
#define SETTING_FAILSAFE_MIN_DISTANCE 97
#define SETTING_FAILSAFE_MIN_DISTANCE_MIN 0
#define SETTING_FAILSAFE_MIN_DISTANCE_MAX 65000
#define SETTING_FAILSAFE_MIN_DISTANCE_PROCEDURE_DEFAULT 1
#define SETTING_FAILSAFE_MIN_DISTANCE_PROCEDURE 98
#define SETTING_FAILSAFE_MIN_DISTANCE_PROCEDURE_MIN 0
#define SETTING_FAILSAFE_MIN_DISTANCE_PROCEDURE_MAX 0
#define SETTING_FAILSAFE_MISSION_DELAY_DEFAULT 0
#define SETTING_FAILSAFE_MISSION_DELAY 99
#define SETTING_FAILSAFE_MISSION_DELAY_MIN -1
#define SETTING_FAILSAFE_MISSION_DELAY_MAX 600

static failsafeState_t failsafeState;

PG_REGISTER_WITH_RESET_TEMPLATE(failsafeConfig_t, failsafeConfig, PG_FAILSAFE_CONFIG, 3);

PG_RESET_TEMPLATE(failsafeConfig_t, failsafeConfig,
    .failsafe_delay = SETTING_FAILSAFE_DELAY_DEFAULT,                                   // 0.5 sec
    .failsafe_recovery_delay = SETTING_FAILSAFE_RECOVERY_DELAY_DEFAULT,                 // 0.5 seconds (plus 200ms explicit delay)
    .failsafe_off_delay = SETTING_FAILSAFE_OFF_DELAY_DEFAULT,                           // 20sec
    .failsafe_throttle_low_delay = SETTING_FAILSAFE_THROTTLE_LOW_DELAY_DEFAULT,         // default throttle low delay for "just disarm" on failsafe condition
    .failsafe_procedure = SETTING_FAILSAFE_PROCEDURE_DEFAULT,                           // default full failsafe procedure
    .failsafe_fw_roll_angle = SETTING_FAILSAFE_FW_ROLL_ANGLE_DEFAULT,                   // 20 deg left
    .failsafe_fw_pitch_angle = SETTING_FAILSAFE_FW_PITCH_ANGLE_DEFAULT,                 // 10 deg dive (yes, positive means dive)
    .failsafe_fw_yaw_rate = SETTING_FAILSAFE_FW_YAW_RATE_DEFAULT,                       // 45 deg/s left yaw (left is negative, 8s for full turn)
    .failsafe_stick_motion_threshold = SETTING_FAILSAFE_STICK_THRESHOLD_DEFAULT,
    .failsafe_min_distance = SETTING_FAILSAFE_MIN_DISTANCE_DEFAULT,                     // No minimum distance for failsafe by default
    .failsafe_min_distance_procedure = SETTING_FAILSAFE_MIN_DISTANCE_PROCEDURE_DEFAULT, // default minimum distance failsafe procedure
    .failsafe_mission_delay = SETTING_FAILSAFE_MISSION_DELAY_DEFAULT,                   // Time delay before Failsafe activated during WP mission (s)
);

4. FAILSAFE阶段&状态机

typedef enum {
    FAILSAFE_IDLE = 0,
    /* Failsafe mode is not active. All other
     * phases indicate that the failsafe flight
     * mode is active.
     */
    FAILSAFE_RX_LOSS_DETECTED,
    /* In this phase, the connection from the receiver
     * has been confirmed as lost and it will either
     * transition into FAILSAFE_RX_LOSS_RECOVERED if the
     * RX link is recovered immediately or one of the
     * recovery phases otherwise (as configured via
     * failsafe_procedure) or into FAILSAFE_RX_LOSS_IDLE
     * if failsafe_procedure is NONE.
     */
    FAILSAFE_RX_LOSS_IDLE,
    /* This phase will just do nothing else than wait
     * until the RX connection is re-established and the
     * sticks are moved more than the failsafe_stick_threshold
     * settings and then transition to FAILSAFE_RX_LOSS_RECOVERED.
     * Note that this phase is only used when
     * failsafe_procedure = NONE.
     */
    FAILSAFE_RETURN_TO_HOME,
    /* Failsafe is executing RTH. This phase is the first one
     * enabled when failsafe_procedure = RTH if an RTH is
     * deemed possible (RTH might not be activated if e.g.
     * a HOME position was not recorded or some required
     * sensors are not working at the moment). If RTH can't
     * be started, this phase will transition to FAILSAFE_LANDING.
     */
    FAILSAFE_LANDING,
    /* Performs NAV Emergency Landing using controlled descent rate if
     * altitude sensors available.
     * Otherwise Emergency Landing performs a simplified landing procedure.
     * This is done by setting throttle and roll/pitch/yaw controls
     * to a pre-configured values that will allow aircraft
     * to reach ground in somewhat safe "controlled crash" way.
     * This is the first recovery phase enabled when
     * failsafe_procedure = LAND. Once timeout expires or if a
     * "controlled crash" can't be executed, this phase will
     * transition to FAILSAFE_LANDED.
     */
    FAILSAFE_LANDED,
    /* Failsafe has either detected that the model has landed and disabled
     * the motors or either decided to drop the model because it couldn't
     * perform an emergency landing. It will disarm, prevent re-arming
     * and transition into FAILSAFE_RX_LOSS_MONITORING immediately. This is
     * the first recovery phase enabled when failsafe_procedure = DROP.
     */
    FAILSAFE_RX_LOSS_MONITORING,
    /* This phase will wait until the RX connection is
     * working for some time and if and only if switch arming
     * is used and the switch is in the unarmed position
     * will allow rearming again.
     */
    FAILSAFE_RX_LOSS_RECOVERED
    /* This phase indicates that the RX link has been re-established and
     * it will immediately transition out of failsafe mode (phase will
     * transition to FAILSAFE_IDLE.)
     */
} failsafePhase_e;

正常情况下,系统处在FAILSAFE_IDLE状态,INAV只有在RC链路出现断链的情况才会触发FAILSAFE,这个从另外一个侧面证明了该固件是航模,而非无人机,因为RC控制是最直接的航模控制方式。

当RC链路断链,进入FAILSAFE_RX_LOSS_DETECTED后,测试Inav Configurator配置的三种FAILSAFE方式:

  • FAILSAFE_PROCEDURE_AUTO_LANDING:触发FAILSAFE_LANDING
  • FAILSAFE_PROCEDURE_DROP_IT:触发FAILSAFE_LANDED
  • FAILSAFE_PROCEDURE_RTH:触发FAILSAFE_RETURN_TO_HOME

在这里插入图片描述
本次炸机的情况发生在RC链路断链后,FAILSAFE_PROCEDURE_RTH触发FAILSAFE_RETURN_TO_HOME,GPS信号丢失从而进入FAILSAFE_LANDING阶段,此时发生了坠落。

因此,这里最为纠结的问题是到底Inav是如何处理Emergency Landing的。

目前这块代码尚未进行研读,但是从资料以及反馈信息可以看出,最早的设计是使用failsafe_throttle在有限的failsafe_off_delay时间段内进行降落。

目前,从设计上看,有baro高度、nav_mc_hover_thr等有效数据,airmode模式的IMU姿态保持方法,是否已经有更新、可靠、安全的Emergency Landig有待明确。

注:有时间,后续对这部分代码进行研读,以便了解真实原因。如有兴趣的朋友可以继续关注What will happen, when RC & GPS signal lost? – inav 6.1.1 #9167

5. 假设分析

如果按照最早的Emergency Landing方式考虑,由于笔者使用的是默认值,failsafe_throttle = 1000,会出现一些如文档中所述的意外情况。

笔者认为如果上述情况坠落,大概率是"prop stall",也就是所谓的“失速坠落”。没听错哦,螺旋桨失速会导致多轴飞机失去平衡,最终导致坠落。

注:当然这里是假设的分析,毕竟这个文档是有点过期的,最终还是要看代码。

在这里插入图片描述
相关描述链接:setting-up-failsafe-with-return-to-home

6. 参考资料

【1】iNav开源代码之严重炸机 – 危险隐患
【2】BetaFlight模块设计之二十八:MainPidLoop任务分析

lida2003
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
iNav源代码严重 -- 紧急降落
lida2003的专栏
07-21 567
分析虽然缩小的范围,但基于上述数据尚无法给出明确的结论。同时源社区,缺少仿真环境、人力的情况下,尚未得到有效的问题分析结论。中,已经做了初步的分析,并且将重点怀疑的方向放到了Emergency Landing阶段。8. 在电池没有拔掉,飞控未重启情况下,起飞直接翻跟斗;为了更好的可控跌落,设置一个高度保持(因为没有GPS,所以无法位置保持)。为了进一步缩小问题范围,本章节将跟进测试紧急降落功能。【第一次严重后续】正常飞,操作很灵活,无任何问题。,确认相关配置项,确保一致性。经过重新上电后,飞行正常!
日记
LockeDr的博客
03-30 182
怎么说,这次可能损失四千RMB左右,而且也白忙活了一个下午,测试什么也没做成,倍感失落!事后细思,要是自己主动承担起飞手的职责,这个悲剧可能就不会发生,一言难尽。。。总之这次也给了我们深刻的教育,这里写出来提供友们共签: 1.当你是更好更有经验的飞手时或者旁边有更好的飞手时,本于对自己负责也是对他人负责,特别是在场地、视野天气等不好的户外环境时,务必让技术更加成熟的飞手来飞,在人方面就...
iNav飞控之FAILSAFE
最新发布
lida2003的专栏
08-03 1136
根据FAILSAFE策略、触发流程、状态,以及异常场景的分析,当iNav执行救援时,如果配置恰当,风险相对来说是可控,但是要注意参数的设置,尤其是【值得关注】的参数。
BetaFlight模块设计之二:SERIAL任务分析
lida2003的专栏
05-22 1058
BetaFlight模块设计之二:SERIAL任务分析SERIAL任务1.总体情况2.主要函数分析2.1 taskHandleSerial任务2.2 命令行处理函数cliProcess 基于BetaFlight源代码框架简介的框架设计,逐步分析内部模块功能设计。 SERIAL任务 描述:主要用于BetaFlight飞控与上位(配置程序)之间的通信。 1.总体情况 ├──> 初始化 │ ├──> [v]硬件初始化usbCableDetectInit │ └──> [x]业务
Betaflight飞控之FAILSAFE
lida2003的专栏
07-28 567
根据FAILSAFE策略执行流程以及GPS救援状态的分析,当Betaflight执行救援时,如果遇到异常,仍然存在风险。当然相关问题,还在和官方沟通中,期待后续能有比较完美的解决方案。#11970。
iNav源代码之EmergencyLanding
lida2003的专栏
07-22 367
多轴飞行器,在紧急着陆消息例程中,最为重要的就是不断更新x-y坐标位置,在x-y坐标有效的情况下,确保垂直降落。因此,从进一步认识、理解问题的角度看,需要进一步深入“【传感数据】IMU姿态”和“【PID】姿态计算”的调查。更新着陆x-y位置,如果检测到成功,则反馈NAV_FSM_EVENT_SUCCESS触发后续完成事件。通过表面上的分析及测试验证,初步确认问题的方向已经找到,并最终指向的是紧急降落出现了翻滚,导致失控。任务,不过从代码看,Betaflight做了更好的整理和封装。
inav-6.1.1-AOCODARCH7DUAL-fix-beeping
06-27
修正AOCODARCH7DUAL的inav固件不间断蜂鸣器鸣叫的问题 1)提供inav 6.1.1修复的hex固件 2)提供inav 6.1.1patch源代码
INAV-Configurator_win64_2.1.4 中文版
05-09
INAV-Configurator_win64_2.1.4 中文版 F3最高只能刷 INAV 2.1.X 系列,由于自己试用F3做航拍,用E问版本的不方便,如是顺手编译了一个中文版本。
国外源飞控搬运inav-master.zip
11-13
Runs on the most popular F4 and F7 flight controllers ,Multiple sensor support,Advanced gyro filtering: Matrix Filter and RPM filter
INAV-Configurator_win64_2.2.1.zip
03-18
INAV-Configurator_win64 INAV Configurator:一款能控制的chrome插件
INAV-Configurator_win32_2.0.0.zip
03-18
INAV-Configurator_win32 INAV Configurator:一款能控制的chrome插件
INAV-Configurator_win64_2.1.4.zip
05-12
]INAVflight(INAV)最新版调参软件 INAV-Configurator_win64_2.1.4
INAV-Configurator_win64_4.0.0.zip
12-24
INAV-Configurator_win64_4.0.0.zip
INAV-Rangefinder-I2C-interface
05-15
不推荐使用,请勿使用,不适用于INAV 2.0及更高版本 HC-SR04和US-100声纳测距仪的I2C接口 大多数现代飞行控制器不允许连接HC-SR04和US-100测距仪。 原因很简单:没有足够的引脚用于优先级较低的设备。 该接口可用于...
INAV-Configurator_win64_2.2.0.zip
07-14
截止2018.7.14,最新版本INAV-Configurator软件,2.2.0版本,64位
自己写的SBUS连接betaflight时BAD_RX_RECOVERY MSP报错原因
Jack的小窝
04-12 1162
自己写的SBUS连接betaflight时BAD_RX_RECOVERY MSP报错原因欢迎使用Markdown编辑器新的改变功能快捷键合理的创建标题,有助于目录的生成如何改变文本的样式插入链接与图片如何插入一段漂亮的代码片生成一个适合你的列表创建一个表格设定内容居中、居左、居右SmartyPants创建一个自定义列表如何创建一个注脚注释也是必不可少的KaTeX数学公式新的甘特图功能,丰富你的文章UML 图表FLowchart流程图导出与导入导出导入 欢迎使用Markdown编辑器 你好! 这是你第一次使用
java集群插件_别说,Cerebro还真好用!老板再也不用担心ES集群了
weixin_39777637的博客
02-17 137
2020年Java原创面试题库连载中Cerebro 是以前的 Elasticsearch 插件 Elasticsearch Kopf 的演变(https://github.com/lmenezes/elasticsearch- kopf) – 这不适用于 Elasticsearch 版本5.x或更高版本。它是查看分片分配和最有用的界面之一,通过图形界面执行常见的索引操作,并且允许您添加用户,密码或...
那么如何给远航穿越安装inav固件呢?
03-26
以下是安装inav固件的...需要注意的是,安装inav固件前需要备份原始固件,以便在需要时恢复远航穿越的原始状态。同时,在安装过程中要遵循相关安全操作规程,确保操作过程安全、正确,防止造成不必要的损失和风险。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值