SlideShare a Scribd company logo

Guaranteeing Timing Requirements in the IXV On-Board Software

Santiago Urueña Pascual
Santiago Urueña Pascual

Presentation for the Ada-Europe 2015 conference (22-26 June 2015, Madrid, Spain) of the paper in the Real-Time Applications regular session. Ensuring the correct timing behavior of the control software of a spacecraft is a complex endeavor. This paper describes the real-time aspects of the Intermediate eXperimental Vehicle’s (IXV) On-Board Software (OBSW), including the schedulability analysis performed for the validation of this safety-critical, hard real-time system of the European Space Agency (ESA). We then give details of how the Ravenscar profile has been used to obtain predictability over RTEMS, and quantify the overhead of different mechanisms for measuring computation times. We provide the timing measurements of each task during the different modes of the mission, including the Guidance, Navigation, and Control (GNC) tasks, to aid in the development of future OBSW projects.

Software
1 of 19
Download to read offline
© GMV, 2015 Property of GMV All rights reserved Guaranteeing Timing Requirements in the IXV On-Board Software Conference on Reliable Software Technologies Santiago Urueña, Nuria Pérez, Bruno N. Calvo, Carlos Flores, Andreas Jung
© GMV, 2015 IXV OVERVIEW WHAT IS THE INTERMEDIATE EXPERIMENTAL VEHICLE? Page 2 Guaranteeing Timing Requirements in the IXV OBSW Space vehicle from the European Space Agency (ESA) to experiment on atmospheric re-entry successfully launched on February 11th, 2015 2015-06-24
© GMV, 2015 IXV OVERVIEW MISSION Page 3 • Around 100 min suborbital flight • Representative return missions from Low-Earth Orbit • Fully automated flight, unmanned vehicle • No telecommanding after launch • Monitored from ground stations Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24
© GMV, 2015 IXV ON-BOARD SOFTWARE HIGHLIGHTS Page 4 Control Software in charge of autonomously flying the IXV vehicle following a predefined mission timeline  Safety-Critical Software (DAL-B) • C99 & MISRA-C:2004  Fault tolerance • 50 MHz LEON2-FT CPU (radiation hardened SPARCv8)  Hard real time requirements • Caches enabled & code optimized • RTEMS operating system • Ravenscar profile OBSW Application & Service layer: - OBSW MVM: 55 kLOC - OBSW GNC: 22 kLOC OBSW Basic layer: - BSW (drivers): 7 kLOC - RTEMS (subset): 16 kLOC Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24
© GMV, 2015 RAVENSCAR PROFILE INTRODUCTION Page 5 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Ada run-time profile – Subset of concurrency features to allow schedulability analysis  Advantages: – Timing predictability, strict deadlines, low jitter – Small run-time to enable certification to high-integrity levels – Low resource consumption, high performance  Defined in IRTAW 1997 (held in English village of same name) – 8th International Real-Time Ada Workshop  Part of Annex D (Real-Time Systems) since Ada 2005 pragma Profile (Ravenscar);
© GMV, 2015 RAVENSCAR PROFILE ARM 2012 DEFINITION Page 6 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24 pragma Task_Dispatching_Policy (FIFO_Within_Priorities); pragma Locking_Policy (Ceiling_Locking); pragma Detect_Blocking; pragma Restrictions ( No_Abort_Statements, No_Dynamic_Attachment, No_Dynamic_Priorities, No_Implicit_Heap_Allocations, No_Local_Protected_Objects, No_Local_Timing_Events, No_Protected_Type_Allocators, No_Relative_Delay, No_Requeue_Statements, No_Select_Statements, No_Specific_Termination_Handlers, No_Task_Allocators, No_Task_Hierarchy, No_Task_Termination, Simple_Barriers, Max_Entry_Queue_Length => 1, Max_Protected_Entries => 1, Max_Task_Entries => 0, No_Dependence => Ada.Asynchronous_Task_Control, No_Dependence => Ada.Calendar, No_Dependence => Ada.Execution_Time.Group_Budget, No_Dependence => Ada.Execution_Time.Timers, No_Dependence => Ada.Task_Attributes, No_Dependence => System.Multiprocessors.Dispatching_Domains);
© GMV, 2015 RAVENSCAR PROFILE ADAPTATION TO RTEMS Page 7 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Success of Ravenscar profile, not just for Ada – Adapted to Java (A. Wellings & J. Kwon) – No previous publications to enforce Ravenscar in RTEMS  Analysis of RTEMS documentation and source code internals – Qualified version of RTEMS by Edisoft in IXV – API compatibility (e.g. scheduling and synchronization policies) – Find primitives requiring memory allocation/deallocation  Classification of RTEMS primitives – Unrestricted use (e.g. rtems_semaphore_obtain) – OBSW initialization only (e.g. rtems_interrupt_catch) – Completely forbidden (e.g. rtems_task_delete)  Creation of RTOS wrapper (just allowed RTEMS primitives) – Periodic / sporadic tasks, mutexes, and interrupt service routines – Ported in new OBSW projects to different RTOS / CPU
© GMV, 2015 IXV OBSW VALIDATION OVERVIEW Page 8 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  System validation tests – Open-loop and closed-loop tests – Emphasis in fault injection test (OBSW, OBC, avionics devices…)  100% branch coverage (ECSS-E-ST-40C decision coverage)  Stack analysis – Check maximum stack usage at different validation tests  Timing analysis – Validation & Flight: Task overruns monitored (event to Ground) – Validation: 1. Response time analysis (dynamic analysis)  All tasks and mutexes 2. WCET with RapiTime (dynamic & static analysis)  Critical tasks only  Analysis of results reveals coding errors (e.g. nesting of locks)
© GMV, 2015 IXV OBSW VALIDATION TIMING ANALYSIS Page 9 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Measure the computation times of tasks and critical sections – Timestamps at beginning and end of each task activation – Timestamps at lock and unlock routines  Store all the timestamps generated in different system tests  Script to analyze the computation time of every task activation and critical section
© GMV, 2015 IXV OBSW VALIDATION TEST ENVIRONMENTS Page 10 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Software Validation Facility (SVF) – Pure software emulation of OBC and avionics, Real-World simulator – LEON2-FT tsim emulator – Flexibility: introspection, debugging, fault injection  Avionics / GNC Test Bench (AGTB) – Hardware avionics (engineering models) & software Real-World – OBC Functional Model (FPGA LEON2) – Representative avionics hardware  Proto-Flight Model (PFM) – Flight hardware avionics + Real-World simulator (GPS stimulators…) – OBC with AT697E (ASIC LEON2) – Flight software
© GMV, 2015 TIMING ANALYSIS MEASUREMENT TECHNIQUES Page 11 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Measurement techniques analyzed (SVF only) 1. Low overhead traces (invalid instruction processed by tsim module) • Instrumented executable • Very easy to use, convenient just for application code • Some overhead (more instructions in memory, less code optimizations) 2. Breakpoints (debugger) • No instrumentation needed • Difficult to use, but very flexible • Initially no overhead  Both techniques can also be used with RapiTime
© GMV, 2015 TIMING ANALYSIS COMPARISON AVERAGE COMPUTATION TIMES Page 12 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Average task times comparison measured with both techniques – Higher overhead of traces than breakpoints as expected – Some tasks execute faster with traces! (cache anomalies?) Task Priority Period Breakpoints Traces Overhead MILB 150 10.00 0.427 0.435 0.0077 1.8% RCS 155 10.00 0.085 0.089 0.0045 5.3% SUP 160 50.00 0.036 0.038 0.0014 3.9% ACQ 165 50.00 1.634 1.657 0.0238 1.5% GNC_C 170 50.00 1.956 1.973 0.0168 0.9% EH 175 50.00 2.353 2.361 0.0078 0.3% MVM 177 50.00 0.059 0.060 0.0002 0.3% CMD 180 50.00 0.063 0.064 0.0008 1.3% GPS 182 50.00 0.188 0.194 0.0063 3.4% HK 185 50.00 2.061 2.066 0.0049 0.2% TTM 190 50.00 1.190 1.124 –0.0662 –5.6% TC 195 50.00 0.034 0.039 0.0054 16.0% GNC_N 200 500.00 10.655 10.458 –0.1977 –1.9% GNC_G 210 500.00 1.574 1.601 0.0267 1.7%
© GMV, 2015 TIMING ANALYSIS COMPARISON WITH NO TIMING MEASUREMENTS Page 13 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24 Event message Reference timestamp (no timing measurements) Interference breakpoints Interference traces … … EV_MOS_ACTION_TRIGGERED 4316.97509 second +0.00 ms +424.32 ms EV_ACTION_SUCCESSFUL_EXEC 4316.97686 second +0.00 ms +424.38 ms EV_MOS_TRANS_TO_REENTRY 4371.97497 second +0.06 ms –75.68 ms EV_ACTION_SUCCESSFUL_EXEC 4371.97552 second +0.06 ms –75.62 ms … …  Timestamp comparison of transmitted packets in same SVF test 1. Flight executable with no timing measurements 2. Flight executable with breakpoints 3. Instrumented executable with traces  Breakpoints also introduce some timing overhead  Overhead of traces affects test behavior  Similar comparison with AGTB (SVF adds less than 1 ms)
© GMV, 2015 TIMING ANALYSIS SCHEDULABILITY ANALYSIS Page 14 ASCENT ORBITAL RE-ENTRY DESCENT SEA LANDING Thrusters Flaps Parachutes Balloons Thrusters VEGA Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Separate schedulability analysis for each mission phase  The OBSW is schedulable in all phases, with 35% CPU margin  No task overrun ever detected during validation or the mission
© GMV, 2015 TIMING ANALYSIS TIMING RESULTS Page 15 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Publication of response times of every thread per mission mode  Useful in future projects (budget estimations at early phases)
© GMV, 2015 TIMING ANALYSIS CONCLUSIONS Page 16 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Ravenscar profile allows the schedulability analysis – IXV OBSW schedulable in all phases  Different measurement techniques analyzed 1. Low-overhead traces • Easy to use, but just application code • Some overhead and noticeable software interference • Convenient during development 2. Breakpoints • Very flexible, both for application and RTOS code • Negligible overhead, minor software interference • Difficult to use manually, just for final tests  Emulators and CPUs must provide better timing features  Critical software should monitor its timing attributes
© GMV, 2015 Property of GMV All rights reserved Thank you Santiago Urueña Section Head Critical Software Software Engineering department Email: suruena@gmv.com www.gmv.com
© GMV, 2015 IXV OVERVIEW PAST (EUROPE) & FUTURE Page 18 HERMES (1990) (cancelled) ARD (1998) (successful) X38/CRV (1999) (cancelled) PHOENIX (2004) (cancelled) USV1,2,3 (2007…) (successful) EXPERT (2012) (on-hold) IXV (2015) (successful) Reentry vehicle applications: - Servicing of orbital infrastructures (e.g. ISS) - Servicing of satellites (e.g. refueling or disposal) - Robotic exploration (e.g. sample return from Mars) - Microgravity experiments - Earth sciences (e.g. high-altitude atmospheric research) - Earth observation (e.g. crisis monitoring) Next step: PRIDE (Programme for Reusable In-orbit Demonstrator for Europe) Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24
© GMV, 2015 IXV INTRODUCTION MISSION Page 19 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24

Recommended

Safety Critical Research
Safety Critical ResearchSafety Critical Research
Safety Critical ResearchJennifer (Hui) Li
 
DvClub 2102 tlm based software control of uvcs for vertical verification re...
DvClub 2102 tlm based software control of uvcs for vertical verification re...DvClub 2102 tlm based software control of uvcs for vertical verification re...
DvClub 2102 tlm based software control of uvcs for vertical verification re...Amit Bhandu
 
Proceso de certificación de gráficos
Proceso de certificación de gráficosProceso de certificación de gráficos
Proceso de certificación de gráficosMarketing Donalba
 
Ada at Barco avionics
Ada at Barco avionicsAda at Barco avionics
Ada at Barco avionicsGneuromante canalada.org
 
Caiso MRTU implementation workshop nov 2008
Caiso MRTU implementation workshop nov 2008Caiso MRTU implementation workshop nov 2008
Caiso MRTU implementation workshop nov 2008Kevin Forbes
 
HIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CHIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CAdaCore
 
Christopher_Collins_Resume__2016
Christopher_Collins_Resume__2016Christopher_Collins_Resume__2016
Christopher_Collins_Resume__2016Christopher Collins
 
Leica-Jfleet-FMSAUv1.01single
Leica-Jfleet-FMSAUv1.01singleLeica-Jfleet-FMSAUv1.01single
Leica-Jfleet-FMSAUv1.01singleNaran-Erdene Narankhuu
 

Recommended

Safety Critical Research
Safety Critical ResearchSafety Critical Research
Safety Critical ResearchJennifer (Hui) Li
 
DvClub 2102 tlm based software control of uvcs for vertical verification re...
DvClub 2102 tlm based software control of uvcs for vertical verification re...DvClub 2102 tlm based software control of uvcs for vertical verification re...
DvClub 2102 tlm based software control of uvcs for vertical verification re...Amit Bhandu
 
Proceso de certificación de gráficos
Proceso de certificación de gráficosProceso de certificación de gráficos
Proceso de certificación de gráficosMarketing Donalba
 
Ada at Barco avionics
Ada at Barco avionicsAda at Barco avionics
Ada at Barco avionicsGneuromante canalada.org
 
Caiso MRTU implementation workshop nov 2008
Caiso MRTU implementation workshop nov 2008Caiso MRTU implementation workshop nov 2008
Caiso MRTU implementation workshop nov 2008Kevin Forbes
 
HIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CHIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CAdaCore
 
Christopher_Collins_Resume__2016
Christopher_Collins_Resume__2016Christopher_Collins_Resume__2016
Christopher_Collins_Resume__2016Christopher Collins
 
Leica-Jfleet-FMSAUv1.01single
Leica-Jfleet-FMSAUv1.01singleLeica-Jfleet-FMSAUv1.01single
Leica-Jfleet-FMSAUv1.01singleNaran-Erdene Narankhuu
 
Viavi_TeraVM Core Emulator.pptx
Viavi_TeraVM Core Emulator.pptxViavi_TeraVM Core Emulator.pptx
Viavi_TeraVM Core Emulator.pptxmani723
 
IRJET- Design and Implementation of High Speed FPGA Configuration using SBI
IRJET- Design and Implementation of High Speed FPGA Configuration using SBIIRJET- Design and Implementation of High Speed FPGA Configuration using SBI
IRJET- Design and Implementation of High Speed FPGA Configuration using SBIIRJET Journal
 
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...IRJET Journal
 
ANSYS SCADE Usage for Unmanned Aircraft Vehicles
ANSYS SCADE Usage for Unmanned Aircraft VehiclesANSYS SCADE Usage for Unmanned Aircraft Vehicles
ANSYS SCADE Usage for Unmanned Aircraft VehiclesAnsys
 
Case Study on IV&V of the Landing Gear Controller
Case Study on IV&V of the Landing Gear ControllerCase Study on IV&V of the Landing Gear Controller
Case Study on IV&V of the Landing Gear ControllerOak Systems
 
Lewis Chu,Marketing Director,GUC
Lewis Chu,Marketing Director,GUC Lewis Chu,Marketing Director,GUC
Lewis Chu,Marketing Director,GUC chiportal
 
S7 PLCSim Advanced 2.0 - SIMATIC Siemens
S7 PLCSim Advanced 2.0 - SIMATIC SiemensS7 PLCSim Advanced 2.0 - SIMATIC Siemens
S7 PLCSim Advanced 2.0 - SIMATIC SiemensFelipeSchaefferFerna
 
Istio Service Mesh for Developers and Platform Engineers
Istio Service Mesh for Developers and Platform EngineersIstio Service Mesh for Developers and Platform Engineers
Istio Service Mesh for Developers and Platform EngineersSaiLinnThu2
 
Quadratisch. Praktisch. Gut. K8s-native Quality Assurance mit Testkube @ Java...
Quadratisch. Praktisch. Gut. K8s-native Quality Assurance mit Testkube @ Java...Quadratisch. Praktisch. Gut. K8s-native Quality Assurance mit Testkube @ Java...
Quadratisch. Praktisch. Gut. K8s-native Quality Assurance mit Testkube @ Java...QAware GmbH
 
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...InfoSeption
 
Mechatronics engineer
Mechatronics engineerMechatronics engineer
Mechatronics engineerSamuel Narcisse
 
Functional and non-functional testing with IoT-Testware
Functional and non-functional testing with IoT-TestwareFunctional and non-functional testing with IoT-Testware
Functional and non-functional testing with IoT-TestwareAxel Rennoch
 
Time-Predictable Communication in Service-Oriented Architecture - What are th...
Time-Predictable Communication in Service-Oriented Architecture - What are th...Time-Predictable Communication in Service-Oriented Architecture - What are th...
Time-Predictable Communication in Service-Oriented Architecture - What are th...RealTime-at-Work (RTaW)
 
Case Study_IV&V of AutomaticFlightControlPanel.pdf
Case Study_IV&V of AutomaticFlightControlPanel.pdfCase Study_IV&V of AutomaticFlightControlPanel.pdf
Case Study_IV&V of AutomaticFlightControlPanel.pdfOak Systems
 
Ten Things You Should not Forget in Mainframe Security
Ten Things You Should not Forget in Mainframe Security Ten Things You Should not Forget in Mainframe Security
Ten Things You Should not Forget in Mainframe Security CA Technologies
 
Automated Virtualized Testing (AVT) with Docker, Kubernetes, WireMock and Gat...
Automated Virtualized Testing (AVT) with Docker, Kubernetes, WireMock and Gat...Automated Virtualized Testing (AVT) with Docker, Kubernetes, WireMock and Gat...
Automated Virtualized Testing (AVT) with Docker, Kubernetes, WireMock and Gat...VMware Tanzu
 
IRJET- A Testbed for Real Time Water Level Control System
IRJET- A Testbed for Real Time Water Level Control SystemIRJET- A Testbed for Real Time Water Level Control System
IRJET- A Testbed for Real Time Water Level Control SystemIRJET Journal
 
Alley vsu functional_coverage_1f
Alley vsu functional_coverage_1fAlley vsu functional_coverage_1f
Alley vsu functional_coverage_1fObsidian Software
 
Aerospace maintenance facility increases utilization by 50%, saves money
Aerospace maintenance facility increases utilization by 50%, saves moneyAerospace maintenance facility increases utilization by 50%, saves money
Aerospace maintenance facility increases utilization by 50%, saves moneyIntelligentManufacturingInstitute
 
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...IRJET Journal
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 

More Related Content

Similar to Guaranteeing Timing Requirements in the IXV On-Board Software

Viavi_TeraVM Core Emulator.pptx
Viavi_TeraVM Core Emulator.pptxViavi_TeraVM Core Emulator.pptx
Viavi_TeraVM Core Emulator.pptxmani723
 
IRJET- Design and Implementation of High Speed FPGA Configuration using SBI
IRJET- Design and Implementation of High Speed FPGA Configuration using SBIIRJET- Design and Implementation of High Speed FPGA Configuration using SBI
IRJET- Design and Implementation of High Speed FPGA Configuration using SBIIRJET Journal
 
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...IRJET Journal
 
ANSYS SCADE Usage for Unmanned Aircraft Vehicles
ANSYS SCADE Usage for Unmanned Aircraft VehiclesANSYS SCADE Usage for Unmanned Aircraft Vehicles
ANSYS SCADE Usage for Unmanned Aircraft VehiclesAnsys
 
Case Study on IV&V of the Landing Gear Controller
Case Study on IV&V of the Landing Gear ControllerCase Study on IV&V of the Landing Gear Controller
Case Study on IV&V of the Landing Gear ControllerOak Systems
 
Lewis Chu,Marketing Director,GUC
Lewis Chu,Marketing Director,GUC Lewis Chu,Marketing Director,GUC
Lewis Chu,Marketing Director,GUC chiportal
 
S7 PLCSim Advanced 2.0 - SIMATIC Siemens
S7 PLCSim Advanced 2.0 - SIMATIC SiemensS7 PLCSim Advanced 2.0 - SIMATIC Siemens
S7 PLCSim Advanced 2.0 - SIMATIC SiemensFelipeSchaefferFerna
 
Istio Service Mesh for Developers and Platform Engineers
Istio Service Mesh for Developers and Platform EngineersIstio Service Mesh for Developers and Platform Engineers
Istio Service Mesh for Developers and Platform EngineersSaiLinnThu2
 
Quadratisch. Praktisch. Gut. K8s-native Quality Assurance mit Testkube @ Java...
Quadratisch. Praktisch. Gut. K8s-native Quality Assurance mit Testkube @ Java...Quadratisch. Praktisch. Gut. K8s-native Quality Assurance mit Testkube @ Java...
Quadratisch. Praktisch. Gut. K8s-native Quality Assurance mit Testkube @ Java...QAware GmbH
 
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...InfoSeption
 
Functional and non-functional testing with IoT-Testware
Functional and non-functional testing with IoT-TestwareFunctional and non-functional testing with IoT-Testware
Functional and non-functional testing with IoT-TestwareAxel Rennoch
 
Time-Predictable Communication in Service-Oriented Architecture - What are th...
Time-Predictable Communication in Service-Oriented Architecture - What are th...Time-Predictable Communication in Service-Oriented Architecture - What are th...
Time-Predictable Communication in Service-Oriented Architecture - What are th...RealTime-at-Work (RTaW)
 
Case Study_IV&V of AutomaticFlightControlPanel.pdf
Case Study_IV&V of AutomaticFlightControlPanel.pdfCase Study_IV&V of AutomaticFlightControlPanel.pdf
Case Study_IV&V of AutomaticFlightControlPanel.pdfOak Systems
 
Ten Things You Should not Forget in Mainframe Security
Ten Things You Should not Forget in Mainframe Security Ten Things You Should not Forget in Mainframe Security
Ten Things You Should not Forget in Mainframe Security CA Technologies
 
Automated Virtualized Testing (AVT) with Docker, Kubernetes, WireMock and Gat...
Automated Virtualized Testing (AVT) with Docker, Kubernetes, WireMock and Gat...Automated Virtualized Testing (AVT) with Docker, Kubernetes, WireMock and Gat...
Automated Virtualized Testing (AVT) with Docker, Kubernetes, WireMock and Gat...VMware Tanzu
 
IRJET- A Testbed for Real Time Water Level Control System
IRJET- A Testbed for Real Time Water Level Control SystemIRJET- A Testbed for Real Time Water Level Control System
IRJET- A Testbed for Real Time Water Level Control SystemIRJET Journal
 
Alley vsu functional_coverage_1f
Alley vsu functional_coverage_1fAlley vsu functional_coverage_1f
Alley vsu functional_coverage_1fObsidian Software
 
Aerospace maintenance facility increases utilization by 50%, saves money
Aerospace maintenance facility increases utilization by 50%, saves moneyAerospace maintenance facility increases utilization by 50%, saves money
Aerospace maintenance facility increases utilization by 50%, saves moneyIntelligentManufacturingInstitute
 
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...IRJET Journal
 

Similar to Guaranteeing Timing Requirements in the IXV On-Board Software (20)

Viavi_TeraVM Core Emulator.pptx
Viavi_TeraVM Core Emulator.pptxViavi_TeraVM Core Emulator.pptx
Viavi_TeraVM Core Emulator.pptx
 
IRJET- Design and Implementation of High Speed FPGA Configuration using SBI
IRJET- Design and Implementation of High Speed FPGA Configuration using SBIIRJET- Design and Implementation of High Speed FPGA Configuration using SBI
IRJET- Design and Implementation of High Speed FPGA Configuration using SBI
 
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...
 
ANSYS SCADE Usage for Unmanned Aircraft Vehicles
ANSYS SCADE Usage for Unmanned Aircraft VehiclesANSYS SCADE Usage for Unmanned Aircraft Vehicles
ANSYS SCADE Usage for Unmanned Aircraft Vehicles
 
Case Study on IV&V of the Landing Gear Controller
Case Study on IV&V of the Landing Gear ControllerCase Study on IV&V of the Landing Gear Controller
Case Study on IV&V of the Landing Gear Controller
 
Lewis Chu,Marketing Director,GUC
Lewis Chu,Marketing Director,GUC Lewis Chu,Marketing Director,GUC
Lewis Chu,Marketing Director,GUC
 
S7 PLCSim Advanced 2.0 - SIMATIC Siemens
S7 PLCSim Advanced 2.0 - SIMATIC SiemensS7 PLCSim Advanced 2.0 - SIMATIC Siemens
S7 PLCSim Advanced 2.0 - SIMATIC Siemens
 
Istio Service Mesh for Developers and Platform Engineers
Istio Service Mesh for Developers and Platform EngineersIstio Service Mesh for Developers and Platform Engineers
Istio Service Mesh for Developers and Platform Engineers
 
Quadratisch. Praktisch. Gut. K8s-native Quality Assurance mit Testkube @ Java...
Quadratisch. Praktisch. Gut. K8s-native Quality Assurance mit Testkube @ Java...Quadratisch. Praktisch. Gut. K8s-native Quality Assurance mit Testkube @ Java...
Quadratisch. Praktisch. Gut. K8s-native Quality Assurance mit Testkube @ Java...
 
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
 
Mechatronics engineer
Mechatronics engineerMechatronics engineer
Mechatronics engineer
 
Functional and non-functional testing with IoT-Testware
Functional and non-functional testing with IoT-TestwareFunctional and non-functional testing with IoT-Testware
Functional and non-functional testing with IoT-Testware
 
Time-Predictable Communication in Service-Oriented Architecture - What are th...
Time-Predictable Communication in Service-Oriented Architecture - What are th...Time-Predictable Communication in Service-Oriented Architecture - What are th...
Time-Predictable Communication in Service-Oriented Architecture - What are th...
 
Case Study_IV&V of AutomaticFlightControlPanel.pdf
Case Study_IV&V of AutomaticFlightControlPanel.pdfCase Study_IV&V of AutomaticFlightControlPanel.pdf
Case Study_IV&V of AutomaticFlightControlPanel.pdf
 
Ten Things You Should not Forget in Mainframe Security
Ten Things You Should not Forget in Mainframe Security Ten Things You Should not Forget in Mainframe Security
Ten Things You Should not Forget in Mainframe Security
 
Automated Virtualized Testing (AVT) with Docker, Kubernetes, WireMock and Gat...
Automated Virtualized Testing (AVT) with Docker, Kubernetes, WireMock and Gat...Automated Virtualized Testing (AVT) with Docker, Kubernetes, WireMock and Gat...
Automated Virtualized Testing (AVT) with Docker, Kubernetes, WireMock and Gat...
 
IRJET- A Testbed for Real Time Water Level Control System
IRJET- A Testbed for Real Time Water Level Control SystemIRJET- A Testbed for Real Time Water Level Control System
IRJET- A Testbed for Real Time Water Level Control System
 
Alley vsu functional_coverage_1f
Alley vsu functional_coverage_1fAlley vsu functional_coverage_1f
Alley vsu functional_coverage_1f
 
Aerospace maintenance facility increases utilization by 50%, saves money
Aerospace maintenance facility increases utilization by 50%, saves moneyAerospace maintenance facility increases utilization by 50%, saves money
Aerospace maintenance facility increases utilization by 50%, saves money
 
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...
 

Recently uploaded

8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxBUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxalwaysnagaraju26
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Pharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyPharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyAnusha Are
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedDelhi Call girls
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfryanfarris8
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfayushiqss
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is insideshinachiaurasa2
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 

Recently uploaded (20)

8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxBUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Pharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyPharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodology
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 

Guaranteeing Timing Requirements in the IXV On-Board Software

  • 1. © GMV, 2015 Property of GMV All rights reserved Guaranteeing Timing Requirements in the IXV On-Board Software Conference on Reliable Software Technologies Santiago Urueña, Nuria Pérez, Bruno N. Calvo, Carlos Flores, Andreas Jung
  • 2. © GMV, 2015 IXV OVERVIEW WHAT IS THE INTERMEDIATE EXPERIMENTAL VEHICLE? Page 2 Guaranteeing Timing Requirements in the IXV OBSW Space vehicle from the European Space Agency (ESA) to experiment on atmospheric re-entry successfully launched on February 11th, 2015 2015-06-24
  • 3. © GMV, 2015 IXV OVERVIEW MISSION Page 3 • Around 100 min suborbital flight • Representative return missions from Low-Earth Orbit • Fully automated flight, unmanned vehicle • No telecommanding after launch • Monitored from ground stations Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24
  • 4. © GMV, 2015 IXV ON-BOARD SOFTWARE HIGHLIGHTS Page 4 Control Software in charge of autonomously flying the IXV vehicle following a predefined mission timeline  Safety-Critical Software (DAL-B) • C99 & MISRA-C:2004  Fault tolerance • 50 MHz LEON2-FT CPU (radiation hardened SPARCv8)  Hard real time requirements • Caches enabled & code optimized • RTEMS operating system • Ravenscar profile OBSW Application & Service layer: - OBSW MVM: 55 kLOC - OBSW GNC: 22 kLOC OBSW Basic layer: - BSW (drivers): 7 kLOC - RTEMS (subset): 16 kLOC Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24
  • 5. © GMV, 2015 RAVENSCAR PROFILE INTRODUCTION Page 5 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Ada run-time profile – Subset of concurrency features to allow schedulability analysis  Advantages: – Timing predictability, strict deadlines, low jitter – Small run-time to enable certification to high-integrity levels – Low resource consumption, high performance  Defined in IRTAW 1997 (held in English village of same name) – 8th International Real-Time Ada Workshop  Part of Annex D (Real-Time Systems) since Ada 2005 pragma Profile (Ravenscar);
  • 6. © GMV, 2015 RAVENSCAR PROFILE ARM 2012 DEFINITION Page 6 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24 pragma Task_Dispatching_Policy (FIFO_Within_Priorities); pragma Locking_Policy (Ceiling_Locking); pragma Detect_Blocking; pragma Restrictions ( No_Abort_Statements, No_Dynamic_Attachment, No_Dynamic_Priorities, No_Implicit_Heap_Allocations, No_Local_Protected_Objects, No_Local_Timing_Events, No_Protected_Type_Allocators, No_Relative_Delay, No_Requeue_Statements, No_Select_Statements, No_Specific_Termination_Handlers, No_Task_Allocators, No_Task_Hierarchy, No_Task_Termination, Simple_Barriers, Max_Entry_Queue_Length => 1, Max_Protected_Entries => 1, Max_Task_Entries => 0, No_Dependence => Ada.Asynchronous_Task_Control, No_Dependence => Ada.Calendar, No_Dependence => Ada.Execution_Time.Group_Budget, No_Dependence => Ada.Execution_Time.Timers, No_Dependence => Ada.Task_Attributes, No_Dependence => System.Multiprocessors.Dispatching_Domains);
  • 7. © GMV, 2015 RAVENSCAR PROFILE ADAPTATION TO RTEMS Page 7 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Success of Ravenscar profile, not just for Ada – Adapted to Java (A. Wellings & J. Kwon) – No previous publications to enforce Ravenscar in RTEMS  Analysis of RTEMS documentation and source code internals – Qualified version of RTEMS by Edisoft in IXV – API compatibility (e.g. scheduling and synchronization policies) – Find primitives requiring memory allocation/deallocation  Classification of RTEMS primitives – Unrestricted use (e.g. rtems_semaphore_obtain) – OBSW initialization only (e.g. rtems_interrupt_catch) – Completely forbidden (e.g. rtems_task_delete)  Creation of RTOS wrapper (just allowed RTEMS primitives) – Periodic / sporadic tasks, mutexes, and interrupt service routines – Ported in new OBSW projects to different RTOS / CPU
  • 8. © GMV, 2015 IXV OBSW VALIDATION OVERVIEW Page 8 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  System validation tests – Open-loop and closed-loop tests – Emphasis in fault injection test (OBSW, OBC, avionics devices…)  100% branch coverage (ECSS-E-ST-40C decision coverage)  Stack analysis – Check maximum stack usage at different validation tests  Timing analysis – Validation & Flight: Task overruns monitored (event to Ground) – Validation: 1. Response time analysis (dynamic analysis)  All tasks and mutexes 2. WCET with RapiTime (dynamic & static analysis)  Critical tasks only  Analysis of results reveals coding errors (e.g. nesting of locks)
  • 9. © GMV, 2015 IXV OBSW VALIDATION TIMING ANALYSIS Page 9 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Measure the computation times of tasks and critical sections – Timestamps at beginning and end of each task activation – Timestamps at lock and unlock routines  Store all the timestamps generated in different system tests  Script to analyze the computation time of every task activation and critical section
  • 10. © GMV, 2015 IXV OBSW VALIDATION TEST ENVIRONMENTS Page 10 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Software Validation Facility (SVF) – Pure software emulation of OBC and avionics, Real-World simulator – LEON2-FT tsim emulator – Flexibility: introspection, debugging, fault injection  Avionics / GNC Test Bench (AGTB) – Hardware avionics (engineering models) & software Real-World – OBC Functional Model (FPGA LEON2) – Representative avionics hardware  Proto-Flight Model (PFM) – Flight hardware avionics + Real-World simulator (GPS stimulators…) – OBC with AT697E (ASIC LEON2) – Flight software
  • 11. © GMV, 2015 TIMING ANALYSIS MEASUREMENT TECHNIQUES Page 11 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Measurement techniques analyzed (SVF only) 1. Low overhead traces (invalid instruction processed by tsim module) • Instrumented executable • Very easy to use, convenient just for application code • Some overhead (more instructions in memory, less code optimizations) 2. Breakpoints (debugger) • No instrumentation needed • Difficult to use, but very flexible • Initially no overhead  Both techniques can also be used with RapiTime
  • 12. © GMV, 2015 TIMING ANALYSIS COMPARISON AVERAGE COMPUTATION TIMES Page 12 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Average task times comparison measured with both techniques – Higher overhead of traces than breakpoints as expected – Some tasks execute faster with traces! (cache anomalies?) Task Priority Period Breakpoints Traces Overhead MILB 150 10.00 0.427 0.435 0.0077 1.8% RCS 155 10.00 0.085 0.089 0.0045 5.3% SUP 160 50.00 0.036 0.038 0.0014 3.9% ACQ 165 50.00 1.634 1.657 0.0238 1.5% GNC_C 170 50.00 1.956 1.973 0.0168 0.9% EH 175 50.00 2.353 2.361 0.0078 0.3% MVM 177 50.00 0.059 0.060 0.0002 0.3% CMD 180 50.00 0.063 0.064 0.0008 1.3% GPS 182 50.00 0.188 0.194 0.0063 3.4% HK 185 50.00 2.061 2.066 0.0049 0.2% TTM 190 50.00 1.190 1.124 –0.0662 –5.6% TC 195 50.00 0.034 0.039 0.0054 16.0% GNC_N 200 500.00 10.655 10.458 –0.1977 –1.9% GNC_G 210 500.00 1.574 1.601 0.0267 1.7%
  • 13. © GMV, 2015 TIMING ANALYSIS COMPARISON WITH NO TIMING MEASUREMENTS Page 13 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24 Event message Reference timestamp (no timing measurements) Interference breakpoints Interference traces … … EV_MOS_ACTION_TRIGGERED 4316.97509 second +0.00 ms +424.32 ms EV_ACTION_SUCCESSFUL_EXEC 4316.97686 second +0.00 ms +424.38 ms EV_MOS_TRANS_TO_REENTRY 4371.97497 second +0.06 ms –75.68 ms EV_ACTION_SUCCESSFUL_EXEC 4371.97552 second +0.06 ms –75.62 ms … …  Timestamp comparison of transmitted packets in same SVF test 1. Flight executable with no timing measurements 2. Flight executable with breakpoints 3. Instrumented executable with traces  Breakpoints also introduce some timing overhead  Overhead of traces affects test behavior  Similar comparison with AGTB (SVF adds less than 1 ms)
  • 14. © GMV, 2015 TIMING ANALYSIS SCHEDULABILITY ANALYSIS Page 14 ASCENT ORBITAL RE-ENTRY DESCENT SEA LANDING Thrusters Flaps Parachutes Balloons Thrusters VEGA Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Separate schedulability analysis for each mission phase  The OBSW is schedulable in all phases, with 35% CPU margin  No task overrun ever detected during validation or the mission
  • 15. © GMV, 2015 TIMING ANALYSIS TIMING RESULTS Page 15 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Publication of response times of every thread per mission mode  Useful in future projects (budget estimations at early phases)
  • 16. © GMV, 2015 TIMING ANALYSIS CONCLUSIONS Page 16 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Ravenscar profile allows the schedulability analysis – IXV OBSW schedulable in all phases  Different measurement techniques analyzed 1. Low-overhead traces • Easy to use, but just application code • Some overhead and noticeable software interference • Convenient during development 2. Breakpoints • Very flexible, both for application and RTOS code • Negligible overhead, minor software interference • Difficult to use manually, just for final tests  Emulators and CPUs must provide better timing features  Critical software should monitor its timing attributes
  • 17. © GMV, 2015 Property of GMV All rights reserved Thank you Santiago Urueña Section Head Critical Software Software Engineering department Email: suruena@gmv.com www.gmv.com
  • 18. © GMV, 2015 IXV OVERVIEW PAST (EUROPE) & FUTURE Page 18 HERMES (1990) (cancelled) ARD (1998) (successful) X38/CRV (1999) (cancelled) PHOENIX (2004) (cancelled) USV1,2,3 (2007…) (successful) EXPERT (2012) (on-hold) IXV (2015) (successful) Reentry vehicle applications: - Servicing of orbital infrastructures (e.g. ISS) - Servicing of satellites (e.g. refueling or disposal) - Robotic exploration (e.g. sample return from Mars) - Microgravity experiments - Earth sciences (e.g. high-altitude atmospheric research) - Earth observation (e.g. crisis monitoring) Next step: PRIDE (Programme for Reusable In-orbit Demonstrator for Europe) Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24
  • 19. © GMV, 2015 IXV INTRODUCTION MISSION Page 19 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24