Uncrewed Systems Technology 043 l Auve Tech Iseauto taxi l Charging focus l Advanced Navigation Hydrus l UGVs insight l MVVS 116 l Windracers ULTRA l CES 2022 show report l ECUs focus I Distant Imagery

103 Coding for safety Another issue worth discussing is safety. This may seem an obvious factor for vehicle manufacturers, and it might seem odd to suggest that safety is more important now than 10 years ago. However, the UAV market has undoubtedly shifted towards using bigger, more professional, certified components that must be trusted to routinely ferry urgent cargo such as human organs or cinematography equipment, potentially over densely populated areas without posing any risk to the people below. In response, ECU makers are working harder to make sure the ECU does not fail, despite new software releases and firmware updates ushering in the prospect of new bugs. One target for achieving that is to ensure that every exception the chosen processor is capable of can be handled. Many developers will routinely write in exception handlers for the major interrupts and other problems that could directly affect the core functions, while others are left unaccounted for, but neglecting these smaller errors often culminates in an ECU failure entering through this obvious back door. Granted, it can take 100 hours or so for such a breakdown to occur, but ‘uptime’ has become a byword among professional UAV operators, and for a good reason. A hundred hours of flight time can easily be racked up within 1-2 weeks, and the fault in some low-quality ECU software can wind up being effectively cloaked amid other components going awry during lengthy back-to-back flights. Another way to ensure robust safety is to have a comprehensive system of real-time performance monitoring in the ECU. In programming terms, this means the software should track and report parameters such as how much stack space is being used by the processor, how many interrupts go by per second, the duration of the longest interrupt, and the longest duration of interrupts being blocked. Having a watchdog timer integrated into the ECU’s board and behaviour can also help immensely, by monitoring (and resetting after) for when the software freezes or gets stuck in a loop. Going further, an ECU manufacturer might include a parameter for tracking how long it has been since the end-user serviced its watchdog to ensure that it keeps detecting pertinent issues and corrects them accordingly. As a potential last resort, a block of ‘back-up RAM’ can be mounted in the processor chip, and the ECU software can be programmed to continually write performance information from the past few minutes into it. That way, if the ECU does have to be rebooted, it can check the RAM at restart, in order to be alerted to the fact that it is meant to be managing an already-running engine. It can therefore bypass all its standard start-up checks and reading its EEPROM – both of which would last hundreds of milliseconds – and jump straight into running the engine. Open architectures and analytics Amid all these new trends shaping ECU software, the shift towards open architectures must also be kept in mind. As discussed in our investigation into autopilots ( UST 39, August/September 2021), open source systems are becoming popular not only because of their rapid rate of updates but also the transparency with which their technology can be understood. The various software solutions used in autonomous systems can appear to be something of a ‘black box’ to the technicians who have to manage them. That can be daunting when it comes to managing something critical such as the engine. To that end, it is increasingly common for ECU suppliers to make all their documentation, release notes, software development kits (SDKs) and as mentioned their ICDs available to end-users, at a glance in their software application layer. Unmanned Systems Technology | April/May 2022 ECUs | Focus ECU manufacturers are modifying their architectures for greater safety and more openness to end-users’ data requirements and software modifications (Courtesy of Performance Electronics)