Your browser does not support JavaScript! Skip to main content
Free 30-day trial Customer portal Careers DO-178C Handbook
 
Rapita Systems
 

Industry leading verification tools & services

Rapita Verification Suite (RVS)

  RapiTest - Unit/system testing   RapiCover - Structural coverage analysis   RapiTime - Timing analysis (inc. WCET)   RapiTask - Scheduling visualization   RapiCoverZero - Zero footprint coverage analysis   RapiTimeZero - Zero footprint timing analysis   RapiTaskZero - Zero footprint scheduling analysis

Multicore Verification

  MACH178  Multicore Timing Solution  RapiDaemons

Engineering Services

  V & V Services  Qualification  Training  Tool Integration  Support

Industries

  Aerospace (DO-178C)   Automotive (ISO 26262)   Space

Other

  RTBx   Mx-Suite   Software licensing   Product life cycle policy  RVS development roadmap

Latest from Rapita HQ

Latest news

RVS 3.18 Launched
Solid Sands partners with Rapita Systems
Danlaw Acquires Maspatechnologies - Expanding Rapita Systems to Spain
Rapita co-authored paper wins ERTS22 Best paper award
View News

Latest from the Rapita blog

Measuring response times and more with RapiTime
Why mitigating interference alone isn’t enough to verify timing performance for multicore DO-178C projects
There are how many sources of interference in a multicore system?
Supporting modern development methodologies for verification of safety-critical software
View Blog

Latest discovery pages

do178c DO-178C Guidance: Introduction to RTCA DO-178 certification
matlab_simulink MATLAB® Simulink® MCDC coverage and WCET analysis
code_coverage_ada Code coverage for Ada, C and C++
amc-20-193 AMC 20-193
View Discovery pages

Upcoming events

NAVAIR FACE & SOSA TIM and Expo
2023-09-12
DASC 2023
2023-10-01
HISC 2023
2023-10-17
Aerospace Tech Week Americas 2023
2023-11-14
View Events

Technical resources for industry professionals

Latest White papers

DO178C Handbook
Efficient Verification Through the DO-178C Life Cycle
A Commercial Solution for Safety-Critical Multicore Timing Analysis
Compliance with the Future Airborne Capability Environment (FACE) standard
View White papers

Latest Videos

Challenges of certifying multicore avionics in line with A(M)C 20-193 objectives - ATW Europe 2023
Streamlined software verification with RVS 3.18
Sequence analysis with RapiTime
Visualize call dependencies with RVS thumbnail
Visualize call dependencies with RVS
View Videos

Latest Case studies

Supporting ISO 26262 ASIL D software verification for EasyMile
RapiCover’s advanced features accelerate the certification of military UAV Engine Control
Front cover of whitepaper collins
Delivering world-class tool support to Collins Aerospace
View Case studies

Other Downloads

 Webinars

 Brochures

 Product briefs

 Technical notes

 Research projects

Discover Rapita

Who we are

The company menu

  • About us
  • Customers
  • Distributors
  • Locations
  • Partners
  • Research projects
  • Contact us

US office

+1 248-957-9801
info@rapitasystems.com
Rapita Systems, Inc.
41131 Vincenti Ct.
Novi
MI 48375
USA

UK office

+44 (0)1904 413945
info@rapitasystems.com
Rapita Systems Ltd.
Atlas House
Osbaldwick Link Road
York, YO10 3JB
UK

Spain office

+34 93 351 02 05
info@rapitasystems.com
Rapita Systems S.L.
Parc UPC, Edificio K2M
c/ Jordi Girona, 1-3
Barcelona 08034
Spain

Working at Rapita

Careers

Careers menu

  • Current opportunities & application process
  • Working at Rapita
Back to Top

Breadcrumb

  1. Home
  2. Certifying eVTOL

Discover eVTOL Certification

  • Intro
  • Technology
  • Need for certification
  • Can car software fly?
  • Road to certification
  • Rapita's approach

What is eVTOL?

VTOL (vertical takeoff and landing aircraft) is an aeronautics vehicle category that includes fixed-wing aircraft (e.g. Harrier and F35 Lightning II), rotorcraft, cyclocopters and tiltrotor aircraft. VTOL aircraft can take off and land without needing a runway, and can perform maneuvers that conventional aircraft cannot.

Electric VTOL (eVTOL) is a subcategory of VTOL. eVTOLs use electric power to drive their propulsion mechanisms. To date, eVTOL technology has primarily been developed for unmanned applications, however, the technology is now being more widely applied for use in personal aerial vehicles (PAVs).


Drone delivery

Why use eVTOL technology?

One use case for eVTOL is to reduce traffic volumes in many major cities and increase the speed of journeys in these environments. One of the well-known initiatives in this sector is Uber Elevate which is being developed by the ride-hailing company Uber. They are working towards large-scale aerial ridesharing, which is set to launch in 2023. Another use case is for ‘last mile’ delivery solutions, where packages can be flown by an eVTOL from a warehouse to a residential destination. This technology is currently being tested by Amazon.

eVTOLs are cheaper and quieter compared to jet-propulsion or piston engine planes and are more environmentally friendly as they contribute no emissions within their area of operation, improving air quality.

Need for regulations and certification

For traditional passenger-carrying commercial aircraft, DO-178C is the primary document by which certification authorities such as FAA, EASA and CAA approve aerospace software systems. Complying with DO-178C guidelines requires significant testing of software to ensure that the probability of software failure is extremely remote.

Some manufacturers have avoided conforming with the rigors of DO-178C certification by classifying their aircraft as ultralight vehicles as the FAA has a certification section for these. However, eVTOLs have developed significantly and need to be classified on their own and certified for revenue-generating operation. Some can’t fall under UAV regulation as they are designed to carry passengers, some will be heavier than the set allowable weight for ultralight vehicles, and some will be autonomous.

If this new mode of transportation is to be adopted, passenger safety as well as safety of people near the aerial vehicles area of operation needs to be addressed by appropriate certification. eVTOL technology is developing at a rapid rate and certification approaches are only catching up reactively. The major regulatory bodies have not yet developed the complete regulatory framework required for the increasingly ambitious eVTOL systems that are in development.

Can car software fly?

With the increased interest and development of eVTOL, companies experienced in the automotive sector often wonder if the same methodology used to develop automotive software can be used to develop aerospace software. Several analyses have shown that, while avionics software methodologies in guideline DO-178 and generated artefacts map well to, and satisfy, ISO 26262 requirements, this is not true in reverse. These analyses lead us to conclude that using automotive software methodologies in avionics development is not directly possible and would lead to issues later, during the certification stage.

A cursory evaluation may lead one to assume that these methodologies are replaceable and just applications in two different domains. Both ISO 26262 and DO-178C/ED-12C follow similar V-cycle development models, and both suggest similar software development and verification methodologies. However, there is a fundamental difference between the two which can be summarized in requirements traceability and certification of the final product. Avionics software standards are process-based compliance guidelines and are oriented towards demonstrating compliance in certification of one specific aircraft, which requires both downstream and upstream traceability from/to the high-level requirements, enabling certification of the complete process by an independent authority.

V model process

All functionality, software and its testing must be traced back to high-level requirements from the aircraft assigned to the software. On the other hand, automotive software development focuses on improving safety to acceptable levels for a given risk through demonstrating that recommended practices have been applied internally by the development teams as a self-check measure, or with compliance analysis of processes employed but with no need for independent certification.

Another common misconception is to equate software quality with certification compliance for software and to think that software of a high standard can be used without further consideration. ISO 26262 part 6, the standard for development of automotive software, has guided the improvements in software quality in modern cars but it has also led to extensive use of independent common software libraries. An average modern car contains over 100 million software lines of code. By contrast, a Boeing 787, a large modern aircraft, features only 6.5 million lines of code. Intrinsically verified and validated software does not exist in the avionics context independently of upstream system or downstream hardware considerations. All code must be traceable to a high-level system requirement allocated to this software component or, if not, must be removed.

The planning, documentation and traceability objectives for avionics software make it intractable to convert an existing piece of code to compliant code after the fact. As such, any safety-critical eVTOL flight software that will need to be certified would benefit from using DO-178C/ED-12C-compliant software development methodologies and software verification tools from the start to avoid major problems and surprises later.

The road to eVTOL certification

On 2 July 2019, EASA released the Special Condition for VTOL and Means of Compliance document (SC-VTOL-01), the first certification authority document listing regulations that must be met for eVTOLs to be classified as airworthy in a newly defined category separate from traditional aircraft. SC-VTOL-01 includes flight requirements (flying qualities, stability and control regulations), structural regulations and lift/thrust system regulations. It does not, however, include any guidance addressing certification of the avionics software used to operate eVTOLs.

VTOL-MOC SC-VTOL Issue 1, which was released on 25 May 2020, supplements the regulations in SC-VTOL-01 by providing the proposed acceptable means of compliance for VTOL systems. Within the document, requirement MOC VTOL.2510 Equipment, systems, and installations states that, in the context of AMC 20-115, DO-178C/ED-80C is an acceptable means of compliance for eVTOL systems. This means that, for safety-critical avionics software on eVTOL, safety should be demonsrated in a similar way to the way it is demonstrated in avionics for traditional aircraft. In contrary to expectations of a general alleviation in favor of alternate software development assurance processes, there is some alleviation only for some software items of IDAL-D contributing to minor failure conditions for eVTOL software.

How Rapita fits into the picture

Currently, the most rigorous certification standard in software development is DO-178C/ED-80C, which is used in the development and testing of safety-critical avionics software. DO-178 was developed by industry professionals with practicality and cost in mind for the aerospace manufacturers. It was designed to be flexible in that it can be applied to virtually any development model, and to make avionics software as reliable as can be reasonably explained. The acceptable way for eVTOL software to be certified is to develop to DO-178C.

As leaders in aerospace certification, Rapita have developed a flexible approach to proactively tackle the challenges of certifying unconventional aircraft. We are working with some of the biggest names in the eVTOL industry as a trusted partner assisting with verification and validation of software for DO-178 certification. We provide training for our tools and guidance throughout the certification process.

Find out more about Rapita’s aerospace software testing solutions or get a free trial of our tools.

RVS

Rapita Verification Suite: On-target software verification for critical embedded systems

 
Choose your free resource:
When you contact us, we will process your personal data in accordance with our data protection policy, please see our Customer Privacy Information for more information.
  • Solutions
    • Rapita Verification Suite
    • RapiTest
    • RapiCover
    • RapiTime
    • RapiTask
    • MACH178
    • Verification and Validation Services
    • Qualification
    • Training
    • Integration
  • Latest

    • Latest menu

    • News
    • Blog
    • Events
    • Videos
  • Downloads

    • Downloads menu

    • Brochures
    • Webinars
    • White Papers
    • Case Studies
    • Product briefs
    • Technical notes
    • Software licensing
  • Company

    • Company menu

    • About Rapita
    • Careers
    • Customers
    • Distributors
    • Industries
    • Locations
    • Partners
    • Research projects
    • Contact
  • Discover
    • AMC 20-193
    • What is CAST-32A?
    • Multicore Timing Analysis
    • MC/DC Coverage
    • Code coverage for Ada, C & C++
    • Embedded Software Testing Tools
    • Aerospace Software Testing
    • Automotive Software Testing
    • Certifying eVTOL
    • DO-178C
    • WCET Tools
    • Worst Case Execution Time
    • Timing analysis (WCET) & Code coverage for MATLAB® Simulink®

All materials © Rapita Systems Ltd. 2023 - All rights reserved | Privacy information | Trademark notice Subscribe to our newsletter