As commercial and personal unmanned aircraft gain popularity and begin to account for more traffic in the sky, the reliability and integrity of their flight controllers becomes increasingly important. As these aircraft get larger and start operating over longer distances and at higher altitude they will start to interact with other controlled air traffic and the risk of a failure in the control system becomes much more severe.
As any engineer who has investigated any space bound technology will know, digital systems do not always behave exactly as they are supposed to. This can be attributed to the effects of high energy particles in the atmosphere that can deposit energy randomly throughout a digital circuit. These single event effects are capable of producing transient logic levels and altering the state of registers in a circuit, corrupting data and possibly leading to a failure of the flight controller. These effects become more common as altitude increases, as well as with the increase of registers in a digital system.
High integrity flight controllers also require more development effort to show that they meet the required standard. Formal methods can be used to verify digital systems and prove that they meet certain specifications. For traditional software systems that perform many tasks on shared computational resources, formal methods can be quite difficult if not impossible to implement. The use of discrete logic controllers in the form of FPGAs greatly simplifies multitasking by removing the need for shared resources. This simplicity allows formal methods to be applied during the development of the flight control algorithms & device drivers.
In this thesis we propose and demonstrate a flight controller implemented entirely within an FPGA to investigate the differences and difficulties when compared with traditional CPU software implementations. We go further to provide examples of formal verifications of specific parts of the flight control firmware to demonstrate the ease with which this can be achieved. We also make efforts to protect the flight controller from the effects of radiation at higher altitudes using both passive hardware design and active register transfer level algorithms
