VTG Selects INTEGRITY-178 tuMP RTOS for Safety-Critical Battery Management System

VTG in Chantilly, Virginia, has selected the INTEGRITY-178 tuMP real-time operating system (RTOS) from Green Hills Software as the software foundation of their Critical Battery Management System (CBMS). The CBMS is designed to enable the safe operation of Lithium-Ion (Li-ion) batteries for a variety of maritime power system applications, and the system will be fielded on special operations submersibles. VTG selected the FACE conformant INTEGRITY-178 tuMP RTOS to run on the CBMS because it meets the highest design assurance level (DAL A) as defined in DO-178C/ED-12C, including multicore operation, and INTEGRITY-178 tuMP will be deployed on quad-core Intel Xeon processors.

Li-ion batteries are the most-used electrical storage medium due to a combination of high energy-density, low self-discharge, and affordability. The challenge is that Li-ion batteries present a significant risk of fire, outgassing toxic fumes, and even explosions. Confined spaces in aircraft, submarines, and surface ships increase the impact of a Li-ion battery fire in terms of equipment damage, injury to personnel, and loss of life. To enable those battery systems to be used in submersibles and transported on ships and submarines, VTG took a new approach focused on increasing the reliability of monitoring and preventing the scenarios that can lead to battery fires.

A basic BMS generally monitors current and voltage during charge and discharge and controls charging to stay within the current and voltage limits. During both charging and discharging, the BMS also monitors cell temperature as an indication of imminent thermal runaway. If a cell exceeds its temperature threshold, the BMS shuts down any active charging. To get an earlier read on any problems, VTG’s CBMS also measures heat sink temp, total battery voltage, battery current, pressure, and water intrusion to determine if it is safe to operate.

To provide the safest operation, the early warning of any battery issues must have high reliability and availability. VTG decided to leverage a safety-certifiable operating system and hardware from commercial aviation due to the extremely high level of rigor in meeting safety assurance objectives. For example, aviation hardware that meets the DAL A must have a probability of failure of less than 1×10^ 9/flight-hour. The VTG CBMS includes reductant fault-tolerant monitoring and control that extends down to the sensor level and up through the components of the CBMS so that there is no single point of failure.

The INTEGRITY-178 tuMP safety-critical RTOS from Green Hills Software is the only operating system to be part of a successful multicore certification to DO-178C DAL A and CAST-32A objectives. INTEGRITY-178 tuMP was the first RTOS to be certified conformant to a FACE Technical Standard that addressed multicore requirements, which was edition 3.0. INTEGRITY-178 tuMP is the only RTOS with multicore interference mitigation for all shared processor resources, enabling the system integrator to meet CAST-32A objectives with robust partitioning. Robust partitioning is a prerequisite for a full implementation of integrated modular avionics (IMA) or being able to reuse an application component without complete retesting and reverification of the entire system.

