Presentations in Regular Sessions
The authors believed that many of the security problems with DNS servers, web servers, and other Internet software could be avoided by using better programming tools, such as using different programming languages and formal methods. It will probably become less so as formal methods and testing tools become a standard part of the software engineering process. Granted permissions can be freely delegated without any risk of leakage outside the target set of components.
The main objective of this work is to build a platform that allows us to develop real-time Ada applications on top of the Android operating system. The bottom layer corresponds to the Linux kernel, which provides basic system operations such as memory management, processes, and drivers. These libraries include a modification of the standard C library (glibc) called Bionic on Android.
The first consideration to solve the limitations of the Bionic library might be to modify its code to support unimplemented functions. This would involve a great deal of effort and constant adaptation to future new versions of the library. However, code 1 This work was partially funded by the Graduate Grants Program of the University of Cantabria and the Spanish Government under grant number TIN2014-56158-C4-2-P (M2C2).
Furthermore, in this work we have investigated the available mechanisms in Android to share data between the isolated real-time Ada applications and other applications executing in other cores of the same system.
Presentations in Industrial Sessions
The PUS library is the core of the Thales Alenia Space software execution platform and manages the main telecommand and telemetry (TM / TC) protocol exchanges between the satellite and external systems (typically a ground control station). It has a considerable flight heritage, having been used (with subsequent improvements) in all Thales Alenia Space platform software over the last 10 years: Globalstar 2, O3B, Iridium Next, Sentinel 3, Exomars-TGO and EDM, Spacebus NEO, as well as the recent optical observation satellites and telecommunications payloads. In addition, the same PUS library is used by other European software integrators for satellite platform software or instruments/payloads.
The PUS library is one of the most important components of the built-in software (~30,000 Ada SLOC) and is quite affected by the endianity change. In the context of this presentation, we will illustrate some practical examples of how we had to restructure the original software code and what the concrete - foreseen (or unforeseen) - consequences were of applying the GNAT pragma guidelines in the code. We will then report on the outcome of the activity, the identified problems and possible solutions or measures.
Finally, we will provide some conclusions in terms of usability, impact on development and implementation testing of the use of this approach to endianness, as well as suggest some recommendations. This industrial presentation is an experience report of our use of Ada packages within existing non-Ada embedded microprocessor systems. We have a large amount of well-established code that uses our own proprietary multitasking runtime.
Because our latest hardware will use an ARM-based microprocessor, and because GNAT now supports Ada for ARM microprocessors, we can, at least in theory, write Ada packages and use the same GCC we use to compile C and compile and run those packages. link to an existing C-based system. However, the existing system into which we want to integrate Ada packages already has a maturity. Assuming that it would be unwise to use more than one runtime and it would be impractical to modify the existing system to use Ada's runtime, we were therefore obliged to limit our use of Ada to those functions for which Ada's runtime not necessary. time.
How to use the embedded assembler and how the assembler available for Ada differs from that used by C. However, this turned out to be an unacceptable limitation and we were therefore required to integrate the compilation of Ada packages in the existing mechanism by which Modula-2 modules are elaborated. Libadalang is an Ada library that allows users to query Ada source code information and modify sources, both at the syntactic and semantic levels.
Ada was designed as a fairly tool-friendly language, but the tooling offering beyond AdaCore is not very extensive, at least compared to other languages such as Java, despite the existence of the ASIS (Ada Semantic Interface Specification) project. We plan to release several versions of Libadalang, and while we would appreciate backwards compatibility, we want to slowly evolve towards the best possible API for code tool design.
Flight Software Designed for a Simpler Validation
The design of the flight software is strongly linked to the method used to define the functional architecture of the system (the so-called Functional Unit approach). Space robotics has been identified as a key factor in improving the competitiveness of the European space industry. The reference architecture of the I3DS project is provided in AADL and defines the system interface of different sensor classes that are independent of the specific hardware implementation.
In the I3DS instance of the reference architecture, the sensor suite is controlled and connected by an ICU implemented using the high-performance Xilinx Zynq UltraScale+ MPSoC in a mixed-critical real-time system. GNAT support for ARM64 is expected in 2018 and will allow replacing parts of the C++ code on PetaLinux with Ada/SPARK in the upcoming SRC follow-up projects. The proposed industry presentation will describe the project's objectives; the challenges of the very highest.
In the next step, the results of the analysis are interpreted for multi-company, for example reliability, safety and security. Furthermore, the paper reports on the use of the proposed modification in the context of the Attitude Control Systems Engineering (ACS). The ACS plays an important role within satellites by helping to maintain the satellite's orientation in three-dimensional space and must be designed in accordance with ECSS standards to ensure a degree of reliability.
Even in unforeseen situations and in case of hardware anomalies, the software execution must be correct and meet all timing constraints to ensure the safety and reliability of the satellite and its mission. This is recognized and addressed by the ECSS, which calls for a computational model of the software to serve as a mathematical model for software scheduling analysis. In a security context such as DO-178C/ED-12C, one of the challenges is understanding and ensuring the level of interference between cores and the impact it has on software performance.
This future work includes closer integration of the technologies, adding the microbenchmark approach to the RapiTime DO-178C qualification package, and developing the processes for this to be applied seamlessly in a space project. The presentation will present the challenges and the approach to KhronoSim, as well as the most important building blocks of the framework. Guidelines such as MISRA C:2012 ("guidelines for the use of the C language in critical systems") and SEI CERT C ("SEI CERT C Coding Standard") define a set of rules and directives - MISRA (or rules and recommendations - CERT ) designed to help developers write quality code, i.e.
A case study for the application of AGILE-R was defined in the context of the Railway Sirio-LX product. Buter, Escape the Waterfall: Agile for Aerospace, Proc of the IEEE/AIAA 28th Digital Avionics Systems Conference, 2009.
