Skip to Main Content



October 24, 2023

Harmonizing Safety with Software to Streamline Unmanned Aircraft Development

Unmanned aircraft are the solution for many of today’s aviation challenges, encompassing a wide variety of use cases. They include transport of personnel and cargo, telecommunications (non-terrestrial communications), environmental monitoring, border security and intelligence, as well as surveillance and reconnaissance. Some new systems rely on innovative, eco-friendly zero-carbon or sustainably powered propulsion technologies.

They are also equipped with a great number of integrated communication devices, sensors, and electronic control systems containing sophisticated software, which need to be certified so they can fly safely, especially above populated areas. Developing safety-critical embedded software and performing functional safety analysis are key to ensuring safe functionality, streamlining the safety certification process, and optimizing the embedded system’s performance.

As the number and the complexity of embedded systems increase, system, safety, and software engineers are facing increasing pressure to pursue competing goals which must be balanced. These goals include:

  • Developing safe, reliable, and high-performance embedded control systems.
  • Complying with numerous safety standards and requirements, such as ARP4761, DO-178C.
  • Reducing development costs of new products.
  • Accelerating system and software development to reduce time to market.

Meeting the challenges of unmanned aircraft requires new development methods. Model-based design is one such solution which addresses system, software, and safety. Ansys SCADE and Ansys medini analyze jointly allow an efficient, model-based system engineering (MBSE) and model-based safety analysis (MBSA) approach to achieve system and software design that meets airworthiness objectives with efficient collaboration between system architects, safety engineers, and software developers.

Skydweller Aero, the transatlantic aerospace company, is developing an unprecedented autonomous solar-powered aircraft with the wingspan of a 747 that weighs less than a Range Rover. The company, who says its aircraft will ultimately be capable of perpetual flight, has adopted Ansys’ “Safe Systems” solution to meet its stringent requirements.

Let’s take a quick look at how Skydweller deployed a holistic MBSE methodology by integrating safety into the system design processes via a single tool chain to develop their autonomous flight control and power management systems.

SKA scaled

What are Skydweller's Development Challenges?

There are several drivers for implementing this rigorous MBSE/ MBSA development process. The first is agility, meaning development of the product incrementally in integrated capability sets. These capability sets can then be released frequently to provide enhancements to both software and hardware. Another important aspect is to reinforce system thinking to understand the big picture of how everything works together. An additional key step is to harmonize safety engineering with the system design process, moving from a document-centric to a model-centric approach. Finally, it is absolutely critical for Skydweller to support their business process by ensuring that customer requirements are considered in the design.

Process driven MBSE

Harmonization safety engineering. MBSE methods make safety more transparent and accessible.

What is Process-Driven Model-Based Systems Engineering? 

Skydweller’s process-driven, model-based system engineering starts with the development of the concept of operation (CONOPS), from which the operational scenarios are derived, and the different system functions are identified. The outcome is a multi-layered system architecture model with an operational layer, a functional layer, and a physical layer — all connected with precise allocations and traceability links, and interconnected with safety analysis.

Model-based safety analysis includes safety assessments based on the system architecture model at the aircraft level, system level, and equipment levels to identify the best ways to reduce risk to a reasonably low level. For example, one of the safety analysis methods done in medini analyze is the Fault Tree Analysis to efficiently determine eventbased failure rates and understand how the system can possibly fail. Ansys medini analyze supports tool-based traceability of hazardous events to the physical architecture and the indication of the design assurance level of each component.

Harmonization safety engineering

Using harmonization safety engineering elements with accompanying software solutions to ensure safety

“Battery thermal management is one of the biggest challenges for electric aircraft,” says Xavier Roy, ECS & Modeling Engineer, Skydweller Aero. “With Ansys simulation tools, we can simulate various mission days to validate our design and ensure the success of our mission. This enables us to save a lot of time and money to prevent design iteration.”

Model-based architecture and requirements are also accessible to the software engineers early in the design phases. Software engineers implement and test their control algorithms using models, without having to code manually, which avoids wasting time and resources to debug and test the source code. The automated synchronization between architecture models and model-based software is key for efficient iterations, and this is streamlined thanks to the use of Ansys SCADE tools.


The Models are the Single Source of Truth

The integration between Ansys safety analysis and software design tools is highly automated, bringing efficiency and digital continuity to the process.

In the approach described, the organizational silos between the different engineering disciplines are broken down because they all have a common language, backed-up by the models: the single source of truth.



* = 必須項目