Extended supervisor #1272
Extended supervisor #1272
Conversation
|
So these are some important references to emergency stop in the high level commander This is the trajectory command, which we should probably still keep in here for Crazyswarm or others, but there should be some deprecation sign here? Or we change the functionality that only the planner is stopped but it's not changing the setpoint but instead sends a stop request. When the planner is stopped, this logic will actually return a nullsetpoint (with the pose states to ModeDisable) such that all motors will stop when the stabilizer This should either be removed or changed as an emergency stop request: crazyflie-firmware/src/modules/src/crtp_commander_high_level.c Lines 319 to 323 in 39cf2a2 This function belong so the COMMAND_STOP, my comments are the same as above crazyflie-firmware/src/modules/src/crtp_commander_high_level.c Lines 548 to 557 in 39cf2a2 I think the issues is the following, as currently there are 2 trajectory or planner states on which the crtp_commander_high_level is responding on differently
So crtpCommanderHighLevelGetSetpoint sets the setpoint in case of TRAJECTORY_STATE_IDLE to a nullsetpoint, while it does not do that with TRAJECTORY_STATE_DISABLED. The latter was introduced with the push-based commander with mixing of HL and normale setpoints (see this PR) as you don't want the drone to fall out of the sky if it gets a lower level setpoint, but you do want to simple disable the planner (done with crtpCommanderHighLevelDisabled() Anyway, we might need to take a good look at the logic of this to make sure it all goes okay. |
|
This is the emergency stop handled by generic commander: There is a packet type of the [crtp_commander_generic], on which the reaction is to do nothing, assuming the setpoint is already on zero upon initialization (which might not be the case with the HL commander coming in front) (https://github.com/bitcraze/crazyflie-firmware/blob/master/src/modules/src/crtp_commander_generic.c) that also handles stopping of motors crazyflie-firmware/src/modules/src/crtp_commander_generic.c Lines 81 to 87 in 39cf2a2 Here we should probably not assume that the setpoint is zero, and put out a request to stop for the supervisor instead perhaps? |
|
Now for the localization services I see that this is already in the first commits, but I'll add it anyway just for the sake of completion :) Couple of localization services message types that are related: crazyflie-firmware/src/modules/src/crtp_localization_service.c Lines 296 to 301 in 39cf2a2 And these are related to these functions in stabilizer loop: crazyflie-firmware/src/modules/src/stabilizer.c Lines 340 to 355 in 39cf2a2 I guess... the question is, what was the function of the emergencystoptimeout that I don't really understand yet |
|
And the emergency stop from the stabilizer itself which can be enabled from a parameter. crazyflie-firmware/src/modules/src/stabilizer.c Lines 371 to 374 in 39cf2a2 And the functions are the same that localization srvs are using. I see that the first commits of this PR have already taken this into account |
ForceArm has now been changed, its parameter renamed to arm and the persistance has been removed. It has also been made CORE. Now there is only one variable "arm" which can be changed by the system or parameter. The parameter update was also fixed so it only sends notifications if a client is connected.
|
I think the high level commander looks OK and that both the stop and idle states are valid. To me it does not look like they are related to emergency stop, but rather just a normal stop. What I think is missing though, is a connection between the high level commander and the isFlying in the supervisor. Currently the isFlying is only checking if the motors are spinning. The problem is that the supervisor changes state (from flying to landed) based on isFlying and we might end up being landed in mid-air, if we temporarily stop the motors. |
|
For the generic commander I think the same reasoning holds, the stop set point is probably not an emergency stop function, it simply means "stop the motors". @ataffanel Can you shed any light on the semantics? I don't think we need to do anything here. |
|
The functionality in localization services is the real emergency stop. This functionality has been implemented in the new supervisor and I don't think there is anything more here that must be added at this point. The idea is that the emergency stop message stops the motors - pretty straight forward. The timeout is related to making sure the emergency stop communication is working. An "emergency stop device" is expected to continuously send "heartbeats" to show that it is alive, if no heartbeat is received, the Crazyflie will assume the device is broken and do an emergency stop. |
|
The stop parameter in stabilizer has now been re-implemented in the supervisor and should behave the same way as before. |
This is correct. The reason we have both a stop message and an emergency stop is that the stop message is intended for normal operation to stop the motors (for example when implementing a landing sequence controlled remotely). The e-stop is designed to be independent from the setpoint so that it can be activated independently from the normal control algorithms. |
|
canFly state becomes wrong if system is disarmed in ready to fly state. |
|
@tobbeanton It looks like it should go back to crazyflie-firmware/src/modules/src/supervisor_state_machine.c Lines 75 to 79 in 1fd1259 This should set canFly to false I assume something is broken here? |
|
I added a canArm log variable but I think we still need to discuss how we want things to work. It wasn't as easy as anticipated 😄 |
krichardsson
force-pushed
the
krichardsson/supervisor
branch
from
2db918e to
183fe51
Compare
This PR improves the supervisor functionality to handle bigger, brushless platforms in a better way. It is still work in progress but the goal is to move handling of conditions such as arming, loss of connection, emegency stop and similar to the supervisor.