Embedded Product Line Update

José Ruiz

October 1st 2015

Outline

• What is embedded

• Overview of cross targets

– Embedded OSs / bare board

– What is new

• Fun projects

What is embedded?

• Executes on a platform different from the host used for building

• Characteristics

– Reduced memory and processing power

– Limited graphical interface

– Safety/mission-critical

– Real-time requirements

– …

Embedded is expressive!

• Profiles for safety/mission-critical

– Tasking

– Multiprocessor

– Object-Oriented Programming

– Exceptions

• Ada 2012 contracts

function Sqrt (X : Integer) return Integer with

Pre => X >= 0,

Post => ((Sqrt’Result ** 2 <= X) and then

((Sqrt’Result + 1) ** 2 > X));

task Cyclic

with Priority => 100,

CPU => 3;

end Cyclic;

Embedded is verifiable!

AdaCore tools

• Static Analysis Tools

– Coding standard (GNATcheck)

– Code metrics (GNATmetrics)

– Static stack analysis (GNATstack)

– Static analysis (CodePeer)

– Formal proofs (SPARK Pro)

• Dynamic Analysis Tools

– Unit testing (GNATtest / Aunit)

– Code coverage (GNATcoverage)

– Emulation (GNATemulator)

– Debugging (GDB)

Partners• Static Analysis Tools

– Axivion

• Static Analysis

• Dynamic Analysis Tools

– VectorCAST

• Unit/Integration Testing

• Code Coverage

– Rapita

• Timing Analysis Tool

• Code Coverage

– LDRA

• Unit/Integration Testing

Qualified

Qualified

Qualified

Qualified

Qualified

Qualified

Qualified

How to do embedded development

On top of embedded OS

• OS responsible for

– BSP

– Tasking

– Multiprocessor

• OS supported

– VxWorks

– PikeOS

– LynxOS

– Embedded linux

– Android

Bare board

• Ada run time provides

– Start up code

– BSP

– Tasking

– Multiprocessor

• Targets supported

– PowerPC/e500v2

– ARM

– ERC32/LEON2/LEON3

– AVR

GNAT Pro on embedded OS

• Ada run time uses OS services

• User benefits from

– BSP provided by the OS

• File system, networking

– Portability provided by the

Ada run time

Ada Application

Ada Run Time

Operating System

Hardware

GNAT Pro for VxWorks• VxWorks 6/7 & SMP

– PowerPC / e500v2

– x86 / x86-64

– ARM

– VxWorks Simulator

• VxWorks 5.5

– PowerPC

– x86 (baselined)

– 68K (baselined)

• VxWorks 653 (1.8-3.0 supported) & MC

– PowerPC / e500v2

– x86

• VxWorks MILS

– PowerPC

• VxWorks Cert 6

– PowerPC / x86

• VxWorks Cert 5

– PowerPC

Run Times for VxWorks

CertZero Footprint

(SPARK compliant)

Ravenscar Full Kernel Full RTP

VxWorks Cert 5 & 6

VxWorks 5

VxWorks 6/7

VxWorks 653

Certified

News for VxWorks

• New platforms

– VxWorks 653 3.0

– VxWorks 7

• New targets

– ARM and x86-64

• Multicore support

– VxWorks 6 & 7

– VxWorks 653 3.0

• Zero cost exception propagation (Ravenscar and Full run times)

• Debugging support

– Active collaboration between Wind River and AdaCore

– Enhanced compiler and Workbench debugger

GNAT Pro for PikeOS

• PikeOS 3.4 hypervisor

– Support for x86 and PowerPC

• Three run-time profiles

– ZFP, Ravenscar

– Minimal

• Zero cost exception propagation (Ravenscar run time)

Certified

GNAT Pro for LynxOS

• LynxOS-178 (2.2.2)

– PowerPC

• LynxOS 5

– PowerPC / x86

• Zero cost exception propagation (Ravenscar and Full run times)

CertZero Footprint

(SPARK compliant)

Ravenscar Full

LynxOS-178

LynxOS 5

Certified

GNAT Pro for embedded linux

• Generic port for embedded linux

– x86, ARM, PowerPC, e500v2

• Reference platforms

– Wind River embedded linux (PowerPC)

– ElinOS (PowerPC / x86)

• Full Ada run times

– Zero cost exception propagation

– Multiprocessor support

GNAT Pro for Android

• Jelly Bean 4.1

• Lollipop 5.1

• GDB support

GNAT Pro for bare boards

• Most of the run time is shared among targets

• Configurable run times

– Make it easy to adapt to new board

– Startup routine

– Memory map

– Floating point support

Ada Application

Ada Run Time

Multitasking core

Hardware

BSP

Bare board targets

• PowerPC / e500v2

• ARM

– ARM Cortex M3, ARM Cortex M4F, ARM Cortex R4F

• LEON

– LEON2, LEON3, ERC32

• Baselined ports

– AVR microcontrollers

– Lego Mindstorms NXT

News for bare boards• Ravenscar

• Productizing support for multiprocessors

– PowerPC, working on LEON

– Fully partitioned model

• Math library in Ada

– Certifiable

• Extending Ravenscar

– Addressing restrictions limiting expressive power

• Protected entry queuing

• Multiple entry queues per protected object

0

3

1

2

Ravenscar system on monoprocessor

task Cyclic

with Priority => 100,

CPU => 3;

end Cyclic;

Certified

News for bare boards (II)

• Zero-cost exception propagation

– Ravenscar Full run times

• Setting up shared GitHub

– Collaborative environment for demos, BSPs, drivers,…

• Emulator/coverage for ARM

Certification of run times

Avionics DO-178B/C Certification

Bare board PowerPC Ravenscar run time SSIL

3/4

x86 PikeOS Minimal run time SSIL 3/4 (in

progress)

Railway CENELEC Certification

EN 50128:2011, 50126:1999, 50129:2003

Space

ECSS E-ST-40C Q-ST-80C

Cert run time PowerPC VxWorks 653 certified Level

A

Cert run time PowerPC VxWorks 6 Cert (Level A in

progress)

Cert run time PowerPC LynxOS 178 (Level A in

progress)

Bare board Ravenscar run time qualified

Level B and Level C (ERC32, LEON2, LEON3)

Bare board for fun

• Lego Mindstorms NXT

• ARM boards

– STM32F4-Discovery

– Atmel SAM4S (Cortex M4)

• Raspberry Pi 2

• Crazyflie

– SPARK for proving absence of run-time errors

– Ravenscar Ada tasking

Bare board for fun (II)

• Play with concurrent / parallel execution

• Develop embedded control systems

– Manually written code

– QGen to automatically generate Ada/C from Simulink/Stateflow

• Replace embedded OS by Ravenscar Ada run time

• Develop BSPs and drivers

• Use SPARK to prove

– Functional properties

– Absence of run-time errors

Summary

• Choice of OS / bare board

• Tasking available

– Multiprocessor getting there gradually

• We can make it work on small targets

– Small footprint, no dynamic memory, very low overhead

• You can trust the code embedded on your target

– You can use Ada 2012 and tools to help make your code reliable

• … and you can have fun with cross development!

Resources

• Tools<www.adacore.com/gnatpro-safety-critical>

• Crazyflie<blog.adacore.com/how-to-prevent-drone-crashes-using-spark>

• Solenoid engine on STM32F4<blog.adacore.com/make-with-ada-all-that-is-useless-is-essential>

• Tetris in SPARK on ARM (SAM4S)<blog.adacore.com/tetris-in-spark-on-arm-cortex-m4>