SlideShare a Scribd company logo

Guaranteeing Hard Real-Time Requirements in Spacecraft Software

Santiago Urueña Pascual
Santiago Urueña Pascual

Presentation for the Ada-Europe 2015 conference (22-26 June 2015, Madrid, Spain) of the paper in the Real-Time Applications regular session. Ensuring the correct timing behavior of the control software of a spacecraft is a complex endeavor. This paper describes the real-time aspects of the Intermediate eXperimental Vehicle’s (IXV) On-Board Software (OBSW), including the schedulability analysis performed for the validation of this safety-critical, hard real-time system of the European Space Agency (ESA). We then give details of how the Ravenscar profile has been used to obtain predictability over RTEMS, and quantify the overhead of different mechanisms for measuring computation times. We provide the timing measurements of each task during the different modes of the mission, including the Guidance, Navigation, and Control (GNC) tasks, to aid in the development of future OBSW projects.

Software
1 of 19
Download to read offline
© GMV, 2015 Property of GMV All rights reserved Guaranteeing Timing Requirements in the IXV On-Board Software Conference on Reliable Software Technologies Santiago Urueña, Nuria Pérez, Bruno N. Calvo, Carlos Flores, Andreas Jung
© GMV, 2015 IXV OVERVIEW WHAT IS THE INTERMEDIATE EXPERIMENTAL VEHICLE? Page 2 Guaranteeing Timing Requirements in the IXV OBSW Space vehicle from the European Space Agency (ESA) to experiment on atmospheric re-entry successfully launched on February 11th, 2015 2015-06-24
© GMV, 2015 IXV OVERVIEW MISSION Page 3 • Around 100 min suborbital flight • Representative return missions from Low-Earth Orbit • Fully automated flight, unmanned vehicle • No telecommanding after launch • Monitored from ground stations Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24
© GMV, 2015 IXV ON-BOARD SOFTWARE HIGHLIGHTS Page 4 Control Software in charge of autonomously flying the IXV vehicle following a predefined mission timeline  Safety-Critical Software (DAL-B) • C99 & MISRA-C:2004  Fault tolerance • 50 MHz LEON2-FT CPU (radiation hardened SPARCv8)  Hard real time requirements • Caches enabled & code optimized • RTEMS operating system • Ravenscar profile OBSW Application & Service layer: - OBSW MVM: 55 kLOC - OBSW GNC: 22 kLOC OBSW Basic layer: - BSW (drivers): 7 kLOC - RTEMS (subset): 16 kLOC Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24
© GMV, 2015 RAVENSCAR PROFILE INTRODUCTION Page 5 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Ada run-time profile – Subset of concurrency features to allow schedulability analysis  Advantages: – Timing predictability, strict deadlines, low jitter – Small run-time to enable certification to high-integrity levels – Low resource consumption, high performance  Defined in IRTAW 1997 (held in English village of same name) – 8th International Real-Time Ada Workshop  Part of Annex D (Real-Time Systems) since Ada 2005 pragma Profile (Ravenscar);
© GMV, 2015 RAVENSCAR PROFILE ARM 2012 DEFINITION Page 6 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24 pragma Task_Dispatching_Policy (FIFO_Within_Priorities); pragma Locking_Policy (Ceiling_Locking); pragma Detect_Blocking; pragma Restrictions ( No_Abort_Statements, No_Dynamic_Attachment, No_Dynamic_Priorities, No_Implicit_Heap_Allocations, No_Local_Protected_Objects, No_Local_Timing_Events, No_Protected_Type_Allocators, No_Relative_Delay, No_Requeue_Statements, No_Select_Statements, No_Specific_Termination_Handlers, No_Task_Allocators, No_Task_Hierarchy, No_Task_Termination, Simple_Barriers, Max_Entry_Queue_Length => 1, Max_Protected_Entries => 1, Max_Task_Entries => 0, No_Dependence => Ada.Asynchronous_Task_Control, No_Dependence => Ada.Calendar, No_Dependence => Ada.Execution_Time.Group_Budget, No_Dependence => Ada.Execution_Time.Timers, No_Dependence => Ada.Task_Attributes, No_Dependence => System.Multiprocessors.Dispatching_Domains);
© GMV, 2015 RAVENSCAR PROFILE ADAPTATION TO RTEMS Page 7 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Success of Ravenscar profile, not just for Ada – Adapted to Java (A. Wellings & J. Kwon) – No previous publications to enforce Ravenscar in RTEMS  Analysis of RTEMS documentation and source code internals – Qualified version of RTEMS by Edisoft in IXV – API compatibility (e.g. scheduling and synchronization policies) – Find primitives requiring memory allocation/deallocation  Classification of RTEMS primitives – Unrestricted use (e.g. rtems_semaphore_obtain) – OBSW initialization only (e.g. rtems_interrupt_catch) – Completely forbidden (e.g. rtems_task_delete)  Creation of RTOS wrapper (just allowed RTEMS primitives) – Periodic / sporadic tasks, mutexes, and interrupt service routines – Ported in new OBSW projects to different RTOS / CPU
© GMV, 2015 IXV OBSW VALIDATION OVERVIEW Page 8 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  System validation tests – Open-loop and closed-loop tests – Emphasis in fault injection test (OBSW, OBC, avionics devices…)  100% branch coverage (ECSS-E-ST-40C decision coverage)  Stack analysis – Check maximum stack usage at different validation tests  Timing analysis – Validation & Flight: Task overruns monitored (event to Ground) – Validation: 1. Response time analysis (dynamic analysis)  All tasks and mutexes 2. WCET with RapiTime (dynamic & static analysis)  Critical tasks only  Analysis of results reveals coding errors (e.g. nesting of locks)
© GMV, 2015 IXV OBSW VALIDATION TIMING ANALYSIS Page 9 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Measure the computation times of tasks and critical sections – Timestamps at beginning and end of each task activation – Timestamps at lock and unlock routines  Store all the timestamps generated in different system tests  Script to analyze the computation time of every task activation and critical section
© GMV, 2015 IXV OBSW VALIDATION TEST ENVIRONMENTS Page 10 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Software Validation Facility (SVF) – Pure software emulation of OBC and avionics, Real-World simulator – LEON2-FT tsim emulator – Flexibility: introspection, debugging, fault injection  Avionics / GNC Test Bench (AGTB) – Hardware avionics (engineering models) & software Real-World – OBC Functional Model (FPGA LEON2) – Representative avionics hardware  Proto-Flight Model (PFM) – Flight hardware avionics + Real-World simulator (GPS stimulators…) – OBC with AT697E (ASIC LEON2) – Flight software
© GMV, 2015 TIMING ANALYSIS MEASUREMENT TECHNIQUES Page 11 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Measurement techniques analyzed (SVF only) 1. Low overhead traces (invalid instruction processed by tsim module) • Instrumented executable • Very easy to use, convenient just for application code • Some overhead (more instructions in memory, less code optimizations) 2. Breakpoints (debugger) • No instrumentation needed • Difficult to use, but very flexible • Initially no overhead  Both techniques can also be used with RapiTime
© GMV, 2015 TIMING ANALYSIS COMPARISON AVERAGE COMPUTATION TIMES Page 12 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Average task times comparison measured with both techniques – Higher overhead of traces than breakpoints as expected – Some tasks execute faster with traces! (cache anomalies?) Task Priority Period Breakpoints Traces Overhead MILB 150 10.00 0.427 0.435 0.0077 1.8% RCS 155 10.00 0.085 0.089 0.0045 5.3% SUP 160 50.00 0.036 0.038 0.0014 3.9% ACQ 165 50.00 1.634 1.657 0.0238 1.5% GNC_C 170 50.00 1.956 1.973 0.0168 0.9% EH 175 50.00 2.353 2.361 0.0078 0.3% MVM 177 50.00 0.059 0.060 0.0002 0.3% CMD 180 50.00 0.063 0.064 0.0008 1.3% GPS 182 50.00 0.188 0.194 0.0063 3.4% HK 185 50.00 2.061 2.066 0.0049 0.2% TTM 190 50.00 1.190 1.124 –0.0662 –5.6% TC 195 50.00 0.034 0.039 0.0054 16.0% GNC_N 200 500.00 10.655 10.458 –0.1977 –1.9% GNC_G 210 500.00 1.574 1.601 0.0267 1.7%
© GMV, 2015 TIMING ANALYSIS COMPARISON WITH NO TIMING MEASUREMENTS Page 13 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24 Event message Reference timestamp (no timing measurements) Interference breakpoints Interference traces … … EV_MOS_ACTION_TRIGGERED 4316.97509 second +0.00 ms +424.32 ms EV_ACTION_SUCCESSFUL_EXEC 4316.97686 second +0.00 ms +424.38 ms EV_MOS_TRANS_TO_REENTRY 4371.97497 second +0.06 ms –75.68 ms EV_ACTION_SUCCESSFUL_EXEC 4371.97552 second +0.06 ms –75.62 ms … …  Timestamp comparison of transmitted packets in same SVF test 1. Flight executable with no timing measurements 2. Flight executable with breakpoints 3. Instrumented executable with traces  Breakpoints also introduce some timing overhead  Overhead of traces affects test behavior  Similar comparison with AGTB (SVF adds less than 1 ms)
© GMV, 2015 TIMING ANALYSIS SCHEDULABILITY ANALYSIS Page 14 ASCENT ORBITAL RE-ENTRY DESCENT SEA LANDING Thrusters Flaps Parachutes Balloons Thrusters VEGA Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Separate schedulability analysis for each mission phase  The OBSW is schedulable in all phases, with 35% CPU margin  No task overrun ever detected during validation or the mission
© GMV, 2015 TIMING ANALYSIS TIMING RESULTS Page 15 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Publication of response times of every thread per mission mode  Useful in future projects (budget estimations at early phases)
© GMV, 2015 TIMING ANALYSIS CONCLUSIONS Page 16 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Ravenscar profile allows the schedulability analysis – IXV OBSW schedulable in all phases  Different measurement techniques analyzed 1. Low-overhead traces • Easy to use, but just application code • Some overhead and noticeable software interference • Convenient during development 2. Breakpoints • Very flexible, both for application and RTOS code • Negligible overhead, minor software interference • Difficult to use manually, just for final tests  Emulators and CPUs must provide better timing features  Critical software should monitor its timing attributes
© GMV, 2015 Property of GMV All rights reserved Thank you Santiago Urueña Section Head Critical Software Software Engineering department Email: suruena@gmv.com www.gmv.com
© GMV, 2015 IXV OVERVIEW PAST (EUROPE) & FUTURE Page 18 HERMES (1990) (cancelled) ARD (1998) (successful) X38/CRV (1999) (cancelled) PHOENIX (2004) (cancelled) USV1,2,3 (2007…) (successful) EXPERT (2012) (on-hold) IXV (2015) (successful) Reentry vehicle applications: - Servicing of orbital infrastructures (e.g. ISS) - Servicing of satellites (e.g. refueling or disposal) - Robotic exploration (e.g. sample return from Mars) - Microgravity experiments - Earth sciences (e.g. high-altitude atmospheric research) - Earth observation (e.g. crisis monitoring) Next step: PRIDE (Programme for Reusable In-orbit Demonstrator for Europe) Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24
© GMV, 2015 IXV INTRODUCTION MISSION Page 19 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24

Recommended

Safety Critical Research
Safety Critical ResearchSafety Critical Research
Safety Critical ResearchJennifer (Hui) Li
 
DvClub 2102 tlm based software control of uvcs for vertical verification re...
DvClub 2102 tlm based software control of uvcs for vertical verification re...DvClub 2102 tlm based software control of uvcs for vertical verification re...
DvClub 2102 tlm based software control of uvcs for vertical verification re...Amit Bhandu
 
Proceso de certificación de gráficos
Proceso de certificación de gráficosProceso de certificación de gráficos
Proceso de certificación de gráficosMarketing Donalba
 
Ada at Barco avionics
Ada at Barco avionicsAda at Barco avionics
Ada at Barco avionicsGneuromante canalada.org
 
Caiso MRTU implementation workshop nov 2008
Caiso MRTU implementation workshop nov 2008Caiso MRTU implementation workshop nov 2008
Caiso MRTU implementation workshop nov 2008Kevin Forbes
 
HIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CHIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CAdaCore
 
Christopher_Collins_Resume__2016
Christopher_Collins_Resume__2016Christopher_Collins_Resume__2016
Christopher_Collins_Resume__2016Christopher Collins
 
Leica-Jfleet-FMSAUv1.01single
Leica-Jfleet-FMSAUv1.01singleLeica-Jfleet-FMSAUv1.01single
Leica-Jfleet-FMSAUv1.01singleNaran-Erdene Narankhuu
 

Recommended

Safety Critical Research
Safety Critical ResearchSafety Critical Research
Safety Critical ResearchJennifer (Hui) Li
 
DvClub 2102 tlm based software control of uvcs for vertical verification re...
DvClub 2102 tlm based software control of uvcs for vertical verification re...DvClub 2102 tlm based software control of uvcs for vertical verification re...
DvClub 2102 tlm based software control of uvcs for vertical verification re...Amit Bhandu
 
Proceso de certificación de gráficos
Proceso de certificación de gráficosProceso de certificación de gráficos
Proceso de certificación de gráficosMarketing Donalba
 
Ada at Barco avionics
Ada at Barco avionicsAda at Barco avionics
Ada at Barco avionicsGneuromante canalada.org
 
Caiso MRTU implementation workshop nov 2008
Caiso MRTU implementation workshop nov 2008Caiso MRTU implementation workshop nov 2008
Caiso MRTU implementation workshop nov 2008Kevin Forbes
 
HIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CHIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CAdaCore
 
Christopher_Collins_Resume__2016
Christopher_Collins_Resume__2016Christopher_Collins_Resume__2016
Christopher_Collins_Resume__2016Christopher Collins
 
Leica-Jfleet-FMSAUv1.01single
Leica-Jfleet-FMSAUv1.01singleLeica-Jfleet-FMSAUv1.01single
Leica-Jfleet-FMSAUv1.01singleNaran-Erdene Narankhuu
 
Viavi_TeraVM Core Emulator.pptx
Viavi_TeraVM Core Emulator.pptxViavi_TeraVM Core Emulator.pptx
Viavi_TeraVM Core Emulator.pptxmani723
 
IRJET- Design and Implementation of High Speed FPGA Configuration using SBI
IRJET- Design and Implementation of High Speed FPGA Configuration using SBIIRJET- Design and Implementation of High Speed FPGA Configuration using SBI
IRJET- Design and Implementation of High Speed FPGA Configuration using SBIIRJET Journal
 
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...IRJET Journal
 
ANSYS SCADE Usage for Unmanned Aircraft Vehicles
ANSYS SCADE Usage for Unmanned Aircraft VehiclesANSYS SCADE Usage for Unmanned Aircraft Vehicles
ANSYS SCADE Usage for Unmanned Aircraft VehiclesAnsys
 
Case Study on IV&V of the Landing Gear Controller
Case Study on IV&V of the Landing Gear ControllerCase Study on IV&V of the Landing Gear Controller
Case Study on IV&V of the Landing Gear ControllerOak Systems
 
Lewis Chu,Marketing Director,GUC
Lewis Chu,Marketing Director,GUC Lewis Chu,Marketing Director,GUC
Lewis Chu,Marketing Director,GUC chiportal
 
S7 PLCSim Advanced 2.0 - SIMATIC Siemens
S7 PLCSim Advanced 2.0 - SIMATIC SiemensS7 PLCSim Advanced 2.0 - SIMATIC Siemens
S7 PLCSim Advanced 2.0 - SIMATIC SiemensFelipeSchaefferFerna
 
Istio Service Mesh for Developers and Platform Engineers
Istio Service Mesh for Developers and Platform EngineersIstio Service Mesh for Developers and Platform Engineers
Istio Service Mesh for Developers and Platform EngineersSaiLinnThu2
 
Quadratisch. Praktisch. Gut. K8s-native Quality Assurance mit Testkube @ Java...
Quadratisch. Praktisch. Gut. K8s-native Quality Assurance mit Testkube @ Java...Quadratisch. Praktisch. Gut. K8s-native Quality Assurance mit Testkube @ Java...
Quadratisch. Praktisch. Gut. K8s-native Quality Assurance mit Testkube @ Java...QAware GmbH
 
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...InfoSeption
 
Mechatronics engineer
Mechatronics engineerMechatronics engineer
Mechatronics engineerSamuel Narcisse
 
Functional and non-functional testing with IoT-Testware
Functional and non-functional testing with IoT-TestwareFunctional and non-functional testing with IoT-Testware
Functional and non-functional testing with IoT-TestwareAxel Rennoch
 
Time-Predictable Communication in Service-Oriented Architecture - What are th...
Time-Predictable Communication in Service-Oriented Architecture - What are th...Time-Predictable Communication in Service-Oriented Architecture - What are th...
Time-Predictable Communication in Service-Oriented Architecture - What are th...RealTime-at-Work (RTaW)
 
Case Study_IV&V of AutomaticFlightControlPanel.pdf
Case Study_IV&V of AutomaticFlightControlPanel.pdfCase Study_IV&V of AutomaticFlightControlPanel.pdf
Case Study_IV&V of AutomaticFlightControlPanel.pdfOak Systems
 
Ten Things You Should not Forget in Mainframe Security
Ten Things You Should not Forget in Mainframe Security Ten Things You Should not Forget in Mainframe Security
Ten Things You Should not Forget in Mainframe Security CA Technologies
 
Automated Virtualized Testing (AVT) with Docker, Kubernetes, WireMock and Gat...
Automated Virtualized Testing (AVT) with Docker, Kubernetes, WireMock and Gat...Automated Virtualized Testing (AVT) with Docker, Kubernetes, WireMock and Gat...
Automated Virtualized Testing (AVT) with Docker, Kubernetes, WireMock and Gat...VMware Tanzu
 
IRJET- A Testbed for Real Time Water Level Control System
IRJET- A Testbed for Real Time Water Level Control SystemIRJET- A Testbed for Real Time Water Level Control System
IRJET- A Testbed for Real Time Water Level Control SystemIRJET Journal
 
Alley vsu functional_coverage_1f
Alley vsu functional_coverage_1fAlley vsu functional_coverage_1f
Alley vsu functional_coverage_1fObsidian Software
 
Aerospace maintenance facility increases utilization by 50%, saves money
Aerospace maintenance facility increases utilization by 50%, saves moneyAerospace maintenance facility increases utilization by 50%, saves money
Aerospace maintenance facility increases utilization by 50%, saves moneyIntelligentManufacturingInstitute
 
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...IRJET Journal
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 

More Related Content

Similar to Guaranteeing Hard Real-Time Requirements in Spacecraft Software

Viavi_TeraVM Core Emulator.pptx
Viavi_TeraVM Core Emulator.pptxViavi_TeraVM Core Emulator.pptx
Viavi_TeraVM Core Emulator.pptxmani723
 
IRJET- Design and Implementation of High Speed FPGA Configuration using SBI
IRJET- Design and Implementation of High Speed FPGA Configuration using SBIIRJET- Design and Implementation of High Speed FPGA Configuration using SBI
IRJET- Design and Implementation of High Speed FPGA Configuration using SBIIRJET Journal
 
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...IRJET Journal
 
ANSYS SCADE Usage for Unmanned Aircraft Vehicles
ANSYS SCADE Usage for Unmanned Aircraft VehiclesANSYS SCADE Usage for Unmanned Aircraft Vehicles
ANSYS SCADE Usage for Unmanned Aircraft VehiclesAnsys
 
Case Study on IV&V of the Landing Gear Controller
Case Study on IV&V of the Landing Gear ControllerCase Study on IV&V of the Landing Gear Controller
Case Study on IV&V of the Landing Gear ControllerOak Systems
 
Lewis Chu,Marketing Director,GUC
Lewis Chu,Marketing Director,GUC Lewis Chu,Marketing Director,GUC
Lewis Chu,Marketing Director,GUC chiportal
 
S7 PLCSim Advanced 2.0 - SIMATIC Siemens
S7 PLCSim Advanced 2.0 - SIMATIC SiemensS7 PLCSim Advanced 2.0 - SIMATIC Siemens
S7 PLCSim Advanced 2.0 - SIMATIC SiemensFelipeSchaefferFerna
 
Istio Service Mesh for Developers and Platform Engineers
Istio Service Mesh for Developers and Platform EngineersIstio Service Mesh for Developers and Platform Engineers
Istio Service Mesh for Developers and Platform EngineersSaiLinnThu2
 
Quadratisch. Praktisch. Gut. K8s-native Quality Assurance mit Testkube @ Java...
Quadratisch. Praktisch. Gut. K8s-native Quality Assurance mit Testkube @ Java...Quadratisch. Praktisch. Gut. K8s-native Quality Assurance mit Testkube @ Java...
Quadratisch. Praktisch. Gut. K8s-native Quality Assurance mit Testkube @ Java...QAware GmbH
 
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...InfoSeption
 
Functional and non-functional testing with IoT-Testware
Functional and non-functional testing with IoT-TestwareFunctional and non-functional testing with IoT-Testware
Functional and non-functional testing with IoT-TestwareAxel Rennoch
 
Time-Predictable Communication in Service-Oriented Architecture - What are th...
Time-Predictable Communication in Service-Oriented Architecture - What are th...Time-Predictable Communication in Service-Oriented Architecture - What are th...
Time-Predictable Communication in Service-Oriented Architecture - What are th...RealTime-at-Work (RTaW)
 
Case Study_IV&V of AutomaticFlightControlPanel.pdf
Case Study_IV&V of AutomaticFlightControlPanel.pdfCase Study_IV&V of AutomaticFlightControlPanel.pdf
Case Study_IV&V of AutomaticFlightControlPanel.pdfOak Systems
 
Ten Things You Should not Forget in Mainframe Security
Ten Things You Should not Forget in Mainframe Security Ten Things You Should not Forget in Mainframe Security
Ten Things You Should not Forget in Mainframe Security CA Technologies
 
Automated Virtualized Testing (AVT) with Docker, Kubernetes, WireMock and Gat...
Automated Virtualized Testing (AVT) with Docker, Kubernetes, WireMock and Gat...Automated Virtualized Testing (AVT) with Docker, Kubernetes, WireMock and Gat...
Automated Virtualized Testing (AVT) with Docker, Kubernetes, WireMock and Gat...VMware Tanzu
 
IRJET- A Testbed for Real Time Water Level Control System
IRJET- A Testbed for Real Time Water Level Control SystemIRJET- A Testbed for Real Time Water Level Control System
IRJET- A Testbed for Real Time Water Level Control SystemIRJET Journal
 
Alley vsu functional_coverage_1f
Alley vsu functional_coverage_1fAlley vsu functional_coverage_1f
Alley vsu functional_coverage_1fObsidian Software
 
Aerospace maintenance facility increases utilization by 50%, saves money
Aerospace maintenance facility increases utilization by 50%, saves moneyAerospace maintenance facility increases utilization by 50%, saves money
Aerospace maintenance facility increases utilization by 50%, saves moneyIntelligentManufacturingInstitute
 
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...IRJET Journal
 

Similar to Guaranteeing Hard Real-Time Requirements in Spacecraft Software (20)

Viavi_TeraVM Core Emulator.pptx
Viavi_TeraVM Core Emulator.pptxViavi_TeraVM Core Emulator.pptx
Viavi_TeraVM Core Emulator.pptx
 
IRJET- Design and Implementation of High Speed FPGA Configuration using SBI
IRJET- Design and Implementation of High Speed FPGA Configuration using SBIIRJET- Design and Implementation of High Speed FPGA Configuration using SBI
IRJET- Design and Implementation of High Speed FPGA Configuration using SBI
 
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...
 
ANSYS SCADE Usage for Unmanned Aircraft Vehicles
ANSYS SCADE Usage for Unmanned Aircraft VehiclesANSYS SCADE Usage for Unmanned Aircraft Vehicles
ANSYS SCADE Usage for Unmanned Aircraft Vehicles
 
Case Study on IV&V of the Landing Gear Controller
Case Study on IV&V of the Landing Gear ControllerCase Study on IV&V of the Landing Gear Controller
Case Study on IV&V of the Landing Gear Controller
 
Lewis Chu,Marketing Director,GUC
Lewis Chu,Marketing Director,GUC Lewis Chu,Marketing Director,GUC
Lewis Chu,Marketing Director,GUC
 
S7 PLCSim Advanced 2.0 - SIMATIC Siemens
S7 PLCSim Advanced 2.0 - SIMATIC SiemensS7 PLCSim Advanced 2.0 - SIMATIC Siemens
S7 PLCSim Advanced 2.0 - SIMATIC Siemens
 
Istio Service Mesh for Developers and Platform Engineers
Istio Service Mesh for Developers and Platform EngineersIstio Service Mesh for Developers and Platform Engineers
Istio Service Mesh for Developers and Platform Engineers
 
Quadratisch. Praktisch. Gut. K8s-native Quality Assurance mit Testkube @ Java...
Quadratisch. Praktisch. Gut. K8s-native Quality Assurance mit Testkube @ Java...Quadratisch. Praktisch. Gut. K8s-native Quality Assurance mit Testkube @ Java...
Quadratisch. Praktisch. Gut. K8s-native Quality Assurance mit Testkube @ Java...
 
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
Driving Systems Stability & Delivery Agility through DevOps [Decoding DevOps ...
 
Mechatronics engineer
Mechatronics engineerMechatronics engineer
Mechatronics engineer
 
Functional and non-functional testing with IoT-Testware
Functional and non-functional testing with IoT-TestwareFunctional and non-functional testing with IoT-Testware
Functional and non-functional testing with IoT-Testware
 
Time-Predictable Communication in Service-Oriented Architecture - What are th...
Time-Predictable Communication in Service-Oriented Architecture - What are th...Time-Predictable Communication in Service-Oriented Architecture - What are th...
Time-Predictable Communication in Service-Oriented Architecture - What are th...
 
Case Study_IV&V of AutomaticFlightControlPanel.pdf
Case Study_IV&V of AutomaticFlightControlPanel.pdfCase Study_IV&V of AutomaticFlightControlPanel.pdf
Case Study_IV&V of AutomaticFlightControlPanel.pdf
 
Ten Things You Should not Forget in Mainframe Security
Ten Things You Should not Forget in Mainframe Security Ten Things You Should not Forget in Mainframe Security
Ten Things You Should not Forget in Mainframe Security
 
Automated Virtualized Testing (AVT) with Docker, Kubernetes, WireMock and Gat...
Automated Virtualized Testing (AVT) with Docker, Kubernetes, WireMock and Gat...Automated Virtualized Testing (AVT) with Docker, Kubernetes, WireMock and Gat...
Automated Virtualized Testing (AVT) with Docker, Kubernetes, WireMock and Gat...
 
IRJET- A Testbed for Real Time Water Level Control System
IRJET- A Testbed for Real Time Water Level Control SystemIRJET- A Testbed for Real Time Water Level Control System
IRJET- A Testbed for Real Time Water Level Control System
 
Alley vsu functional_coverage_1f
Alley vsu functional_coverage_1fAlley vsu functional_coverage_1f
Alley vsu functional_coverage_1f
 
Aerospace maintenance facility increases utilization by 50%, saves money
Aerospace maintenance facility increases utilization by 50%, saves moneyAerospace maintenance facility increases utilization by 50%, saves money
Aerospace maintenance facility increases utilization by 50%, saves money
 
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...
 

Recently uploaded

Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 

Recently uploaded (20)

Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 

Guaranteeing Hard Real-Time Requirements in Spacecraft Software

  • 1. © GMV, 2015 Property of GMV All rights reserved Guaranteeing Timing Requirements in the IXV On-Board Software Conference on Reliable Software Technologies Santiago Urueña, Nuria Pérez, Bruno N. Calvo, Carlos Flores, Andreas Jung
  • 2. © GMV, 2015 IXV OVERVIEW WHAT IS THE INTERMEDIATE EXPERIMENTAL VEHICLE? Page 2 Guaranteeing Timing Requirements in the IXV OBSW Space vehicle from the European Space Agency (ESA) to experiment on atmospheric re-entry successfully launched on February 11th, 2015 2015-06-24
  • 3. © GMV, 2015 IXV OVERVIEW MISSION Page 3 • Around 100 min suborbital flight • Representative return missions from Low-Earth Orbit • Fully automated flight, unmanned vehicle • No telecommanding after launch • Monitored from ground stations Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24
  • 4. © GMV, 2015 IXV ON-BOARD SOFTWARE HIGHLIGHTS Page 4 Control Software in charge of autonomously flying the IXV vehicle following a predefined mission timeline  Safety-Critical Software (DAL-B) • C99 & MISRA-C:2004  Fault tolerance • 50 MHz LEON2-FT CPU (radiation hardened SPARCv8)  Hard real time requirements • Caches enabled & code optimized • RTEMS operating system • Ravenscar profile OBSW Application & Service layer: - OBSW MVM: 55 kLOC - OBSW GNC: 22 kLOC OBSW Basic layer: - BSW (drivers): 7 kLOC - RTEMS (subset): 16 kLOC Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24
  • 5. © GMV, 2015 RAVENSCAR PROFILE INTRODUCTION Page 5 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Ada run-time profile – Subset of concurrency features to allow schedulability analysis  Advantages: – Timing predictability, strict deadlines, low jitter – Small run-time to enable certification to high-integrity levels – Low resource consumption, high performance  Defined in IRTAW 1997 (held in English village of same name) – 8th International Real-Time Ada Workshop  Part of Annex D (Real-Time Systems) since Ada 2005 pragma Profile (Ravenscar);
  • 6. © GMV, 2015 RAVENSCAR PROFILE ARM 2012 DEFINITION Page 6 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24 pragma Task_Dispatching_Policy (FIFO_Within_Priorities); pragma Locking_Policy (Ceiling_Locking); pragma Detect_Blocking; pragma Restrictions ( No_Abort_Statements, No_Dynamic_Attachment, No_Dynamic_Priorities, No_Implicit_Heap_Allocations, No_Local_Protected_Objects, No_Local_Timing_Events, No_Protected_Type_Allocators, No_Relative_Delay, No_Requeue_Statements, No_Select_Statements, No_Specific_Termination_Handlers, No_Task_Allocators, No_Task_Hierarchy, No_Task_Termination, Simple_Barriers, Max_Entry_Queue_Length => 1, Max_Protected_Entries => 1, Max_Task_Entries => 0, No_Dependence => Ada.Asynchronous_Task_Control, No_Dependence => Ada.Calendar, No_Dependence => Ada.Execution_Time.Group_Budget, No_Dependence => Ada.Execution_Time.Timers, No_Dependence => Ada.Task_Attributes, No_Dependence => System.Multiprocessors.Dispatching_Domains);
  • 7. © GMV, 2015 RAVENSCAR PROFILE ADAPTATION TO RTEMS Page 7 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Success of Ravenscar profile, not just for Ada – Adapted to Java (A. Wellings & J. Kwon) – No previous publications to enforce Ravenscar in RTEMS  Analysis of RTEMS documentation and source code internals – Qualified version of RTEMS by Edisoft in IXV – API compatibility (e.g. scheduling and synchronization policies) – Find primitives requiring memory allocation/deallocation  Classification of RTEMS primitives – Unrestricted use (e.g. rtems_semaphore_obtain) – OBSW initialization only (e.g. rtems_interrupt_catch) – Completely forbidden (e.g. rtems_task_delete)  Creation of RTOS wrapper (just allowed RTEMS primitives) – Periodic / sporadic tasks, mutexes, and interrupt service routines – Ported in new OBSW projects to different RTOS / CPU
  • 8. © GMV, 2015 IXV OBSW VALIDATION OVERVIEW Page 8 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  System validation tests – Open-loop and closed-loop tests – Emphasis in fault injection test (OBSW, OBC, avionics devices…)  100% branch coverage (ECSS-E-ST-40C decision coverage)  Stack analysis – Check maximum stack usage at different validation tests  Timing analysis – Validation & Flight: Task overruns monitored (event to Ground) – Validation: 1. Response time analysis (dynamic analysis)  All tasks and mutexes 2. WCET with RapiTime (dynamic & static analysis)  Critical tasks only  Analysis of results reveals coding errors (e.g. nesting of locks)
  • 9. © GMV, 2015 IXV OBSW VALIDATION TIMING ANALYSIS Page 9 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Measure the computation times of tasks and critical sections – Timestamps at beginning and end of each task activation – Timestamps at lock and unlock routines  Store all the timestamps generated in different system tests  Script to analyze the computation time of every task activation and critical section
  • 10. © GMV, 2015 IXV OBSW VALIDATION TEST ENVIRONMENTS Page 10 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Software Validation Facility (SVF) – Pure software emulation of OBC and avionics, Real-World simulator – LEON2-FT tsim emulator – Flexibility: introspection, debugging, fault injection  Avionics / GNC Test Bench (AGTB) – Hardware avionics (engineering models) & software Real-World – OBC Functional Model (FPGA LEON2) – Representative avionics hardware  Proto-Flight Model (PFM) – Flight hardware avionics + Real-World simulator (GPS stimulators…) – OBC with AT697E (ASIC LEON2) – Flight software
  • 11. © GMV, 2015 TIMING ANALYSIS MEASUREMENT TECHNIQUES Page 11 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Measurement techniques analyzed (SVF only) 1. Low overhead traces (invalid instruction processed by tsim module) • Instrumented executable • Very easy to use, convenient just for application code • Some overhead (more instructions in memory, less code optimizations) 2. Breakpoints (debugger) • No instrumentation needed • Difficult to use, but very flexible • Initially no overhead  Both techniques can also be used with RapiTime
  • 12. © GMV, 2015 TIMING ANALYSIS COMPARISON AVERAGE COMPUTATION TIMES Page 12 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Average task times comparison measured with both techniques – Higher overhead of traces than breakpoints as expected – Some tasks execute faster with traces! (cache anomalies?) Task Priority Period Breakpoints Traces Overhead MILB 150 10.00 0.427 0.435 0.0077 1.8% RCS 155 10.00 0.085 0.089 0.0045 5.3% SUP 160 50.00 0.036 0.038 0.0014 3.9% ACQ 165 50.00 1.634 1.657 0.0238 1.5% GNC_C 170 50.00 1.956 1.973 0.0168 0.9% EH 175 50.00 2.353 2.361 0.0078 0.3% MVM 177 50.00 0.059 0.060 0.0002 0.3% CMD 180 50.00 0.063 0.064 0.0008 1.3% GPS 182 50.00 0.188 0.194 0.0063 3.4% HK 185 50.00 2.061 2.066 0.0049 0.2% TTM 190 50.00 1.190 1.124 –0.0662 –5.6% TC 195 50.00 0.034 0.039 0.0054 16.0% GNC_N 200 500.00 10.655 10.458 –0.1977 –1.9% GNC_G 210 500.00 1.574 1.601 0.0267 1.7%
  • 13. © GMV, 2015 TIMING ANALYSIS COMPARISON WITH NO TIMING MEASUREMENTS Page 13 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24 Event message Reference timestamp (no timing measurements) Interference breakpoints Interference traces … … EV_MOS_ACTION_TRIGGERED 4316.97509 second +0.00 ms +424.32 ms EV_ACTION_SUCCESSFUL_EXEC 4316.97686 second +0.00 ms +424.38 ms EV_MOS_TRANS_TO_REENTRY 4371.97497 second +0.06 ms –75.68 ms EV_ACTION_SUCCESSFUL_EXEC 4371.97552 second +0.06 ms –75.62 ms … …  Timestamp comparison of transmitted packets in same SVF test 1. Flight executable with no timing measurements 2. Flight executable with breakpoints 3. Instrumented executable with traces  Breakpoints also introduce some timing overhead  Overhead of traces affects test behavior  Similar comparison with AGTB (SVF adds less than 1 ms)
  • 14. © GMV, 2015 TIMING ANALYSIS SCHEDULABILITY ANALYSIS Page 14 ASCENT ORBITAL RE-ENTRY DESCENT SEA LANDING Thrusters Flaps Parachutes Balloons Thrusters VEGA Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Separate schedulability analysis for each mission phase  The OBSW is schedulable in all phases, with 35% CPU margin  No task overrun ever detected during validation or the mission
  • 15. © GMV, 2015 TIMING ANALYSIS TIMING RESULTS Page 15 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Publication of response times of every thread per mission mode  Useful in future projects (budget estimations at early phases)
  • 16. © GMV, 2015 TIMING ANALYSIS CONCLUSIONS Page 16 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24  Ravenscar profile allows the schedulability analysis – IXV OBSW schedulable in all phases  Different measurement techniques analyzed 1. Low-overhead traces • Easy to use, but just application code • Some overhead and noticeable software interference • Convenient during development 2. Breakpoints • Very flexible, both for application and RTOS code • Negligible overhead, minor software interference • Difficult to use manually, just for final tests  Emulators and CPUs must provide better timing features  Critical software should monitor its timing attributes
  • 17. © GMV, 2015 Property of GMV All rights reserved Thank you Santiago Urueña Section Head Critical Software Software Engineering department Email: suruena@gmv.com www.gmv.com
  • 18. © GMV, 2015 IXV OVERVIEW PAST (EUROPE) & FUTURE Page 18 HERMES (1990) (cancelled) ARD (1998) (successful) X38/CRV (1999) (cancelled) PHOENIX (2004) (cancelled) USV1,2,3 (2007…) (successful) EXPERT (2012) (on-hold) IXV (2015) (successful) Reentry vehicle applications: - Servicing of orbital infrastructures (e.g. ISS) - Servicing of satellites (e.g. refueling or disposal) - Robotic exploration (e.g. sample return from Mars) - Microgravity experiments - Earth sciences (e.g. high-altitude atmospheric research) - Earth observation (e.g. crisis monitoring) Next step: PRIDE (Programme for Reusable In-orbit Demonstrator for Europe) Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24
  • 19. © GMV, 2015 IXV INTRODUCTION MISSION Page 19 Guaranteeing Timing Requirements in the IXV OBSW 2015-06-24