azaion/autopilot
1
0
Fork 0
mirror of https://github.com/azaion/autopilot.git synced 2026-06-21 10:21:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
1c993d86b3b76c096e750d9a10af0b8c714b8719
autopilot/crates/mavlink_layer/src/internal/codec/crc.rs
T
Oleksandr Bezdieniezhnykh 740bf37d76 [AZ-641] [AZ-642] [AZ-644] mavlink transport + codec + mission pull 
Lands the second batch under epic AZ-626's implementation plan.

mavlink_layer (AZ-641 + AZ-642):
- Hand-rolled MAVLink v2 codec covering the §7.7 surface: HEARTBEAT,
  SYS_STATUS, SET_MODE, ATTITUDE, GLOBAL_POSITION_INT, MISSION_* (7),
  COMMAND_LONG, COMMAND_ACK, EXTENDED_SYS_STATE, STATUSTEXT (17 total).
- Streaming decoder demuxes arbitrary-sized byte arrivals, drops malformed
  frames with typed parse-error counters (crc/truncated/unknown_id/seq_gap),
  and surfaces sequence gaps without hard-failing the link.
- Encoder tracks the per-link tx_seq counter and applies the MAVLink v2
  trailing-zero payload truncation rule.
- UDP and POSIX-serial transports behind a single async Transport trait;
  the run loop owns transport open with bounded exponential backoff
  (2 s serial / 5 s UDP cap) and a tokio::select! per-link read+write
  loop.
- 1 Hz outbound HEARTBEAT scheduler + inbound-heartbeat watchdog that
  fires LinkUp / LinkLost on a broadcast channel and feeds health detail
  (connected, last_heartbeat_age_ms, signing_enabled, parse_errors).

mission_client (AZ-644):
- HTTPS GET /missions/{id} over rustls (no OpenSSL on the airframe).
- Bundled JSON Schema (crates/shared/contracts/mission-schema.json,
  draft-07, additionalProperties:false) validates every response;
  schema-invalid bodies surface as FetchError::SchemaInvalid with a
  1 KiB sample of the raw body for offline analysis.
- Transient failures (timeout, 5xx, 429) retry with bounded exponential
  backoff up to MissionClientOptions.max_attempts (default 5); permanent
  failures (4xx, malformed URL) abort immediately.
- Health surface mirrors AC-1's contract: last_fetch_ts,
  fetch_errors_total, schema_version, connection_state.

Caught and fixed before commit (NOT a code-review finding — caught by
the unit test that hand-computed CRC("123456789")): the hand-rolled
X.25 CRC accumulator was operating in u16 throughout. The MAVLink C
reference declares `tmp` as uint8_t, which silently truncates the
shifted-in bits. Round-trip tests passed (encoder and decoder shared
the bug); a real MAVLink peer would have rejected every frame. Fixed
by mirroring the C reference: `let mut tmp: u8 = …; tmp ^= tmp.wrapping_shl(4);`.
Added a regression test asserting CRC("123456789") == 0x6F91 against
pymavlink's reference value (NOT the textbook 0x29B1 — MAVLink uses a
byte-wise variant, not the bit-reflected CCITT).

AC verification (full detail in
_docs/03_implementation/batch_02_cycle1_report.md):

AZ-641: AC-1 + AC-3 + AC-4 verified via UDP loopback integration tests;
        AC-2 (serial) requires a socat pty pair and runs in the SITL/CI
        tier (test exists as #[ignore]-marked stub).
AZ-642: AC-1 + AC-2 + AC-3 verified via exhaustive codec round-trip and
        decoder negative-path tests; AC-4 (SITL round-trip) requires
        ArduPilot SITL — the CRC fix above means the codec is now
        wire-correct, ready for the sitl-conformance Woodpecker stage.
AZ-644: all four ACs verified via wiremock-driven integration tests.

Workspace gates green:
- cargo check --workspace                                clean
- cargo check --workspace --no-default-features          clean
- cargo fmt --all -- --check                             clean
- cargo clippy --workspace --all-targets -- -D warnings  clean
- cargo test --workspace                                 pass (1 expected ignore)

Layering invariants from module-layout.md hold: mavlink_layer and
mission_client are Layer 2 actors importing only `shared`; no sibling
Layer-2 imports; MavlinkHandle implements shared::contracts::MavlinkSink.

Jira: AZ-641, AZ-642, AZ-644 transitioned To Do → In Progress at batch
start; the matching In Testing transitions follow this commit.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-19 12:29:49 +03:00

79 lines
2.8 KiB
Rust
Raw Blame History

//! ITU-T X.25 CRC-16 — MAVLink's checksum function.
//!
//! Polynomial `0x1021` with initial value `0xFFFF`, reflected per the MAVLink
//! reference implementation. Each frame's CRC is computed over the byte range
//! `[len..payload_end]` followed by the message-specific `CRC_EXTRA` byte.
/// Initial CRC value used by MAVLink. (Polynomial is `0x1021`, implicit in the
/// reflected algorithm below.)
pub const INIT: u16 = 0xFFFF;
/// Update an in-progress CRC accumulator with a single byte.
///
/// Mirrors the MAVLink C reference `crc_accumulate` exactly: `tmp` is a
/// `uint8_t` so the intermediate `tmp ^= (tmp << 4)` truncates to a byte.
/// Implementing this in pure `u16` (without the `as u8` cast) produces a
/// **different** CRC and breaks wire compatibility with real peers.
#[inline]
pub fn accumulate_byte(acc: u16, byte: u8) -> u16 {
let mut tmp: u8 = byte ^ ((acc & 0xFF) as u8);
tmp ^= tmp.wrapping_shl(4);
let tmp = tmp as u16;
(acc >> 8) ^ (tmp << 8) ^ (tmp << 3) ^ (tmp >> 4)
}
/// CRC accumulator over a byte slice, starting from `start`.
#[inline]
pub fn accumulate(start: u16, bytes: &[u8]) -> u16 {
bytes.iter().fold(start, |acc, b| accumulate_byte(acc, *b))
}
/// Compute the full MAVLink CRC for a frame body and its `crc_extra` byte.
///
/// `frame_body` is the range `[len, incompat_flags, compat_flags, seq, sysid,
/// compid, msgid_lo, msgid_mid, msgid_hi, payload...]` — i.e. the frame
/// without `STX` and without the trailing CRC.
#[inline]
pub fn frame_crc(frame_body: &[u8], crc_extra: u8) -> u16 {
let intermediate = accumulate(INIT, frame_body);
accumulate_byte(intermediate, crc_extra)
}
// The dummy value below is the CRC of "123456789" with INIT=0xFFFF and POLY=0x1021,
// computed per the MAVLink reflection. Confirmed against the MAVLink reference
// implementation (crc_accumulate).
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn empty_slice_returns_init() {
// Act
let crc = accumulate(INIT, &[]);
// Assert
assert_eq!(crc, INIT);
}
#[test]
fn single_byte_known_value() {
// Act
let crc = accumulate(INIT, &[0x00]);
// Assert: derived by hand from the C reference. tmp = 0xFF ^ 0xFF = 0,
// wait — tmp = 0x00 ^ 0xFF = 0xFF, then tmp ^= tmp<<4 (u8) = 0xFF ^ 0xF0
// = 0x0F, then accum = 0x00FF ^ 0x0F00 ^ 0x78 ^ 0 = 0x0F87.
assert_eq!(crc, 0x0F87);
}
#[test]
fn mavlink_check_string_matches_pymavlink() {
// MAVLink's CRC variant (byte-wise, not bit-reflected) gives 0x6F91
// for the ASCII string "123456789" — verified by running the same
// bytes through pymavlink's `mavcrc.x25crc`. This is NOT the same as
// the textbook CRC-CCITT (XMODEM) value 0x29B1.
let crc = accumulate(INIT, b"123456789");
assert_eq!(crc, 0x6F91);
}
}
Reference in New Issue View Git Blame Copy Permalink