Accelerate the development of your eVTOL aircraft and unlock the full potential of multi-core processors

 

SYSGO eVTOL article_image_source IrenaR  Stock-Illustration ID: 2433226325

Image source: IrenaR Stock-Illustration ID: 2433226325

 

By Franz Walkembach, Sysgo

As our towns and cities get busier, existing transport networks are becoming more congested. We’ve all seen ambulances struggling to get through gridlocked streets, or being late for appointments as a result of traffic. This is why those responsible for urban mobility are looking for smarter ways of moving people and goods around, particularly in situations where every second counts.

As well as making better use of existing infrastructure, one of the solutions being explored is to take to the skies. Electrically powered unmanned aerial vehicles (UAVs) are already widely used for overhead photography and videography, inspecting infrastructure, and surveillance. As technology advances, so these aircraft will be able to transport larger payloads, initially cargo, and later even people.

This promises to be genuinely transformational. It could become standard practice for ambulance services to airlift emergency medical supplies or even paramedics directly to an incident, without the need to use expensive helicopters – which can also be difficult to land in urban areas. Elsewhere, it could reduce the cost and environmental impact of national and regional travel for all.

eVTOL: Unlocking the skies above our urban areas

To make use of the skies above built-up and densely populated areas for the movement of goods and people, aircraft that can take off and land vertically, using electric propulsion, will be key. This type of aircraft is known as an electric vertical take-off and landing (eVTOL) aircraft. Analysts at Research Dive forecast that the global eVTOL aircraft market will increase by nearly 30% per year between 2025 and 2033, to a total value of $4.2 billion.

This market represents a huge opportunity, but it’s not a simple one to break into. Those creating civil eVTOL aircraft for this purpose essentially need to create an aircraft that can be certified to comparable safety and security levels as commercial aircraft but for a fraction of the cost. This includes the avionics safety standard DO-178C. And where there is the potential for catastrophic impact that endangers several lives, the highest level of DAL A needs to be achieved – the same as for large commercial airliners.

eVTOL aircraft require different control systems to conventional aircraft

Overall, eVTOLs are simpler than large commercial airliners. This can help reduce costs since onboard systems can also be less complex. However, engineers can’t simply repurpose conventional aircraft control systems for eVTOL aircraft, for various reasons.

Firstly, while many eVTOL aircraft are essentially helicopters, they’ll usually have more rotors than a traditional helicopter. This results in greater control-system complexity. Secondly, unlike conventional aircraft, eVTOL aircraft typically have no hydraulic systems and are instead fully electronic. Thirdly, the electric motors used for propulsion respond very differently to turbine engines or turboprops, notably their ability to produce power near-enough instantaneously. Fourthly, energy storage and delivery from batteries is markedly different from using conventional aircraft fuel. Another consideration is that eVTOLs without wings can’t glide, the way a fixed-wing plane can. Consequently, the eVTOL aircraft needs an alternative means of landing safely in an emergency.

All of this results in very different requirements for the onboard systems – and that’s before you add in the need for designers to ensure every component is secure from cyberattack. The cost and complexity of creating eVTOL systems and achieving certification can therefore be significant.

The good news is that there are techniques to keep these costs down, while still ensuring the aircraft is safe and secure. We’ll explore some ways in which engineers can do this below, but let’s first outline the key safety-critical electrical subsystems and the underlying systems they rely on.

Architectural overview, electronic subsystems, and safety measures

For an eVTOL aircraft to operate safely, it requires a variety of systems to integrate seamlessly with one another. These typically include among others:

  • Battery management system (BMS)
  • Flight control system (FCS)
  • Motor control unit
  • Situational awareness systems
  • Navigational systems
  • Communication systems
  • Human-machine interfaces (HMIs)
  • Monitoring systems
  • Recovery systems

Each subsystem has its own modules that need to be partitioned from one another, such that no element can interfere with the correct operation of another. This is important for a number of reasons.

Firstly, when used with a real-time operating system (RTOS), partitioning enables aircraft designers to guarantee that tasks will run within a defined timeframe – the worst-case execution time (WCET). This is because they know that the necessary CPU and memory resources are ringfenced for it. This is essential for safety-critical systems, such as the flight control system: you need to be absolutely sure a steering maneuver will be carried out more or less instantaneously, for example.

Secondly, partitioning provides recovery mechanisms. If one system fails or crashes, it won’t cause others to crash, or for incorrect actions to be taken. A battery management system and its associated health-monitoring capabilities, for instance, should be deployed in its own partition, as shown in the extract from a sample eVTOL architecture diagram in Figure 1.

Each partition has its own data acquisition application (DAQ), which collects data from sensors in the battery packs, connected via IO drivers. This data is published to the eVTOL aircraft’s centralized monitoring and management platform. If this platform identifies a problem with one of the battery packs, it can initiate whatever intervention is required to address this (e.g. a shutdown of that battery pack), without affecting the other battery pack or the wider aircraft. Such a recovery event for an intervention could be for example the overheating of one of the battery packs.

Figure 1: An extract from a sample eVTOL architecture diagram, showing a redundant battery management system (BMS).

Figure 1: An extract from a sample eVTOL architecture diagram, showing a redundant battery management system (BMS).

This partitioning is where safety-certified execution environments, such as ARINC 653-compliant partitions, come in. The ARINC 653 specification describes (operating) systems that manage resources in avionics systems. Sysgo’s PikeOS, for example, comes with its own ARINC 653-compliant guest operating system that is encapsulated in such a partition that isolates the various systems running on top of the underlying processor(s) and memory.

In modern aircraft, security is an integral part of safety. This means that aircraft also require secure architecture. Therefore, it is highly beneficial to have a ground-laying system that comes with pieces of evidence of a secure architecture such as those who have a valid and high Common Criteria certification.

Streamlining whole-aircraft certification by using proven, certified systems

Because the most important aspect when it comes to eVTOL aircraft safety is functional safety, designers need a base system or foundation that includes certification artifacts that can be reused in new projects.

Choosing an RTOS and hypervisor that provide a DO-178C certification kit that demonstrates safe functionality up to DAL A, means engineers don’t need to certify the execution environment or OS from scratch. Instead, they can provide this evidence to their certifying authority, as part of their wider aircraft certification process. This ultimately accelerates certification and brings down its cost.

The multi-core processor opportunity

The other significant advantage that Sysgo’s PikeOS provides to eVTOL aircraft engineers is the ability to unlock the cost and performance potential of multicore processors (MCPs). In the eVTOL space, this can mean using MCPs to control multiple of the above onboard systems, as well as non-safety-critical components. By consolidating hardware in this way, engineers can reduce their bill of materials (BOM), and aircraft weight.

MCPs have traditionally been avoided in avionics, due to the complexity of determining the aforementioned WCETs. However, there is new guidance on how to use MCPs in this space from EASA (see AMC 20-193). This means eVTOL designers can now use MCPs in symmetric multiprocessing (SMP) mode, sharing safety-critical and other tasks across all cores, in a way that can meet stringent safety and security certifications.

Using an MCP in SMP mode requires an ARINC 653-compatible execution environment, to ensure safety-critical systems using the MCP can’t be interfered with. By doing this, engineers can predictably define their WCETs. The second main requirement is a hypervisor that facilitates the running of all systems in the ARINC 653 execution environment, thereby providing a single, secure platform for designers to build their aircraft on.

1 | 2  Next Page »


Read the complete story ...



© 2024 Internet Business Systems, Inc.
670 Aberdeen Way, Milpitas, CA 95035
+1 (408) 882-6554 — Contact Us
ShareCG™ is a trademark of Internet Business Systems, Inc.

Report a Bug Report Abuse Make a Suggestion About Privacy Policy Contact Us User Agreement Advertise