The ASSERT Virtual Machine Kernel: Support for preservation of temporal properties.

The ASSERT Project1 is aimed at defining new software engineering methods and tools for the development of critical embedded real-time systems in the aerospace domain. One of its main achievements is a new model-driven software process, which is based on the concept of property-preserving model transformations. Functional models developed with appropriate tools for the application domain are embedded in containers defining component interfaces and non-functional (e.g. timing) properties in a platform-independent set of notations. The resulting model is then automatically transformed to a platform-specific model using deployment information on target computer nodes, communication channels, and software platforms. Finally, source code for each computer node is automatically generated from the platform-specific model. The key element of the ASSERT process is that non-functional properties must be preserved during all phases of model transformations. In order to ensure that properties are preserved in model transformations and that the different views of each model are consistent with each other, a common meta-model has been defined which provides a formal basis to the whole process. This meta-model is called the Ravenscar Computational Model (RCM)

The design and implementation of the Open Ravenscar Kernel

Abstrac

Enabling Ada and OpenMP runtimes interoperability through template-based execution

The growing trend to support parallel computation to enable the performance gains of the recent hardware architectures is increasingly present in more conservative domains, such as safety-critical systems. Applications such as autonomous driving require levels of performance only achievable by fully leveraging the potential parallelism in these architectures. To address this requirement, the Ada language, designed for safety and robustness, is considering to support parallel features in the next revision of the standard (Ada 202X). Recent works have motivated the use of OpenMP, a de facto standard in high-performance computing, to enable parallelism in Ada, showing the compatibility of the two models, and proposing static analysis to enhance reliability. This paper summarizes these previous efforts towards the integration of OpenMP into Ada to exploit its benefits in terms of portability, programmability and performance, while providing the safety benefits of Ada in terms of correctness. The paper extends those works proposing and evaluating an application transformation that enables the OpenMP and the Ada runtimes to operate (under certain restrictions) as they were integrated. The objective is to allow Ada programmers to (naturally) experiment and evaluate the benefits of parallelizing concurrent Ada tasks with OpenMP while ensuring the compliance with both specifications.This work was supported by the Spanish Ministry of Science and Innovation under contract TIN2015-65316-P, by the European Union’s Horizon 2020 Research and Innovation Programme under grant agreements no. 611016 and No 780622, and by the FCT (Portuguese Foundation for Science and Technology) within the CISTER Research Unit (CEC/04234).Peer ReviewedPostprint (published version

Implementation of an ADA95 Crosscompiler for the Real-Time Executive for Military Systems (RTEMS)

This thesis represents a continuation of the assessment of the Unified Telerobotics Architecture Project (UTAP), a proposed Air Force standard. This architecture was developed by the NASA Jet Propulsion Laboratory and the National Institute of Standards under contract to the Air Force Materiel Command Robotics and Automation Center of Excellence at Kelly AFB, Texas. Due to operating system constraints, the only UTAP implementation to date has required a separate software interface layer, adding complexity and overhead to the overall system, while reducing portability. This thesis proposes a long term effort to design and implement UTAP-compliant application software devoid of this interface layer. Because the Ada programming language offers increased portability, and other software engineering benefits, emphasis is placed on developing a run-time infrastructure that will allow UTAP applications to be written in Ada. The first several steps of building this infrastructure is performed, including implementation of an Ada cross-compiler and real-time operating system. Further UTAP research is recommended. The run-time infrastructure should be completed and UTAP application software developed using the Ada95 tasking model. Recommendations for UTAP specification improvements are also made

In support of extending the Ravenscar profile

This paper discusses different approaches for implementing an EEPROM memory driver which is part of the UPMSat2 satellite on-board computer software. The Ravenscar profile restrictions are to be observed in order to ensure the analysability of the system, and therefore the approaches are evaluated against the profile. Results of this evaluation as well as considerations on a possible extension of the Ravenscar profile with respect protected entries are presented

Leveraging Ada 2012 and SPARK 2014 for assessing generated code from AADL models

Modeling of Distributed Real-time Embedded systems using Architecture Description Language provides the foundations for various levels of analysis: scheduling, reliability, consis- tency, etc.; but also allows for automatic code generation. A challenge is to demonstrate that generated code matches quality required for safety-critical systems. In the scope of the AADL, the Ocarina toolchain proposes code generation towards the Ada Ravenscar profile with restrictions for High- Integrity. It has been extensively used in the space domain as part of the TASTE project within the European Space Agency. In this paper, we illustrate how the combined use of Ada 2012 and SPARK 2014 significantly increases code quality and exhibits absence of run-time errors at both run-time and generated code levels

Experience in programming device drivers with the Ravenscar profile.

The Ravenscar profile defines a subset of Ada tasking that can be statically analysable for real-time properties. The implications of the Ravenscar profile and other commonly used high-integrity restrictions for developing device drivers are analysed in the paper, and some guidelines are provided based on the analysis. The technical content of the paper is based on the authors' experience in developing communication drivers for the Open Ravenscar real time Kernel (ORK) that are well suited for space onboard applications. A reference architecture for device drivers is proposed, and two instances of drivers based on it are described

A hierarchical architecture for time- and event-triggered real-time systems

[EN] This paper proposes an architecture for combining the execution of time- and event-triggered real-time task sets. This makes it possible for the designer to choose the most appropriate mechanism depending on the role and nature of each task in the system. The proposed architecture allows one to choose the priority levels at which time- and event-triggered tasks are executed. This gives the designer an additional degree of freedom to make compromise decisions upon contradicting timing requirements, such as granting reduced jitter and at the same time providing prompt service to non-periodic events, for example. The proposed model is accompanied with a Ravenscar implementation of the time-triggered scheduler and a library of utilities for specifying time-triggered schedules and reusing time-triggered task patterns.This work has been partly supported by Spanish Government and FEDER funds (AEI/FEDER, UE) under grant (TIN2017-86520-C3-1-R) (PRECON-I4); and by European Commission project AQUAS (ECSEL-JU, Contract 737475).Real Sáez, JV.; Sáez Barona, S.; Crespo, A. (2019). A hierarchical architecture for time- and event-triggered real-time systems. Journal of Systems Architecture. 101:1-15. https://doi.org/10.1016/j.sysarc.2019.101652S11510

Ravenscar cross compiler for the Gurkh Project

Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004.Includes bibliographical references (leaves 54-56).Concurrency has greatly simplified the design of embedded software, but the gain in design simplicity is offset by the complexity of system implementation. The Ravenscar profile of Ada95 defines safe tasking constructs that enable the use of deterministic concurrency. The translation of these high-level constructs by the compiler to deterministic object code is dependent on both the underlying operating system and the system operation platform. The commonly available open-source development tools for compiling Ravenscar compliant Ada95 assume that the operating system is implemented as software. A hardware implemented run-time kernel requires a radical rethink of the execution architecture because operating system calls have to be routed from the host processor running the tasks to the hardware implemented kernel RavenHaRT. The redesigned compiler pGNAT is based on the open-source GNAT compiler and uses the GCC back end to cross compile application code to PowerPC object code. The GNAT run-time library (GNARL) is modified to support the use of RavenHaRT. This thesis presents the technical challenges faced and the modifications carried out for generating RavenHaRT compatible, Ravenscar compliant object code.by Pee Seeumpornroj.M.Eng

Software Requirements Specification for Lunar Icecube

A thesis presented to the faculty of the College of Science at Morehead State University in partial fulfillment of the requirements for the Degree Master of Science by Michael R. Glaser-Garbrick on April 21, 2017