Paul Parkinson

Those of you who have read my earlier blogs ('Astute optronic mast case study', 'Astute Submarine') will be aware that I am fascinated by submarines.

So, I was really pleased to see that the BBC have produced a documentary 'How to Build a Nuclear Submarine', which was broadcast on BBC2 in the UK on Sunday evening, and followed the progress of the design and construction of one of the world's most complex and technologically advanced machines (see Royal Navy website for details).

In case you missed it, the programme will be shown again on BBC2 at 11.20pm on Tuesday, and the programme is also available for Internet download via BBC iPlayer until 18th July (If you want a quick preview, there's a short clip on the BBC News website).

If you watch the end credits closely, you'll see real sensor imagery from Astute's VxWorks-powered optronic mast at a classified location (with dolphins)...

In case you missed it, yesterday Wind River announced that VxWorks has been selected for the European Geostationary Navigation Overlay Service (EGNOS), and has been chosen to run the Integrity Processing Facility (IPF) check set.

The IPF, developed and delivered by Logica, is the crucial element that validates the information broadcast by the satellites to safety-critical users such as aircraft in flight or ships navigating through narrow channels. This is essential, because satellite navigation systems alone do not provide sufficient positional accuracy to be used in safety-critical applications.

The IPF is really good example of a critical system which needs to consistently provide hard real-time performance and total reliability, and this posed some interesting challenges for development and safety certification to the joint avionics software safety standards RTCA DO-178B and EUROCAE ED-12B at Level B.

Logica and the European Space Agency (ESA) have kindly allowed us to produce a case study which discusses the development and certification challenges and how they were successfully overcome, and this has just been published on the Electronics Weekly website. (Update: the case study can now also be downloaded in PDF from the Wind River website)

I hope you'll find this interesting, and the next time you are on a European flight on a landing approach in very poor visibility conditions, you'll know how VxWorks is helping to guide the aircraft to a safe landing.

There's an interesting editorial column 'Multicore Processing Becomes the New Mainstream' in the latest edition of COTS Journal. Jeff Child discusses how multicore processors, after becoming all pervasive in the desktop and server market, are now becoming the norm for embedded aerospace and defence systems. He also shares some insights into why the transition to multicore is necessary, and provides an example of the deployment of multicore in the Aegis Modernization Program (Congressional Research Service report on FAS website: PDF).

Rather tantalizingly, Jeff only mentions software architectures in his final paragraph (maybe that's a subject for a future editorial), where he contrasts the use of Symmetric Multiprocessing (SMP) on multicore devices with tiled processors (which can be massively parallel architectures). 

As a software engineer, I think this is where things start to get really interesting, and there are actually quite a number of different possible permutations on homogeneous multicore architectures when you include visualization using a hypervisor into the overall software architecture. This can support a system with separate instances of an operating system or runtime per core, known as asymmetric multiprocessing (AMP); or a single instance of an operating system running across multiple cores, known as symmetric multiprocessing (SMP), or even a combination of both.

Customers often ask me 'Which is better, AMP or SMP?', and my answer is 'It depends'. It depends on the nature of their application, the degree of parallelism within it which determines the scalability across cores; it depends on the I/O architecture and throughput requirements and more besides. But by analyzing the system requirements in detail, these can be mapped to a suitable implementation which may comprise AMP, SMP or both. Bill Graham discusses how this complexity can be simplified into a number of key uses cases in this recent blog.

Back to the COTS Journal editorial, Jeff also mentions that tiled processors (and massively parallel architectures in general) present a programming challenge due to the complexity involved. This subject was also recently discussed in some technical depth by Mark Hermeling in a recent blog 'A sea of cores, now what?'.

Last week, I attended the The Open Group, Rome 2010 conference, specifically the Real-Time Embedded Systems Forum track (agenda), in order to participate in the MILS API standardization working group sessions.

The goal of the working group is to produce a standardized API for a Minimal Runtime (MRT) environment which is suitable for High Assurance systems, which will enable portability of middleware between MILS platforms and aid interoperability. The working group wrestled with some fundamental aspects of the MRT, including goals/objectives, characteristics and implementation architecture, but these were productive sessions. There's still a long way to go, but these were important steps in the right direction. Watch this space for further developments!

It was also useful to have the opportunity to attend the RTES Forum presentations. Some of the highlights for me were Ed Roberts of Elparazim's presentations on AADL, Olaf Tetteo of Brightsight's presentation on 'Certification & Mutual Recognition above EAL-4 in Europe', and my colleague Alex Wilson's presentation on 'Challenges of Multicore, potential impact on Safety Critical and High Assurance Security Environments'. Open Group members can download the proceedings from here (login required).

With such a packed agenda, I was worried that we might not have an opportunity to see the delights of Rome, but fortunately for the Tuesday evening, The Open Group had arranged a tour of the stunning Capitoline Museum followed by the conference dinner on the rooftop terrace which had a spectacular view of the city skyline.

On Thursday last week, I read that an unmanned air vehicle (UAV) had been recently used by the UK's Merseyside Police in the tracking and arrest of two suspected car thieves (BBC News:'Merseyside police drone tracks car theft suspects').

A quick Google search revealed some additional details in the Liverpool Echo ('Merseyside police make UK's first ever flying drone arrest'), specifically that the UAV had been used in thick fog.

I was really surprised when I read this, because this type of UAV is remotely-piloted, requiring line-of-sight operation, and does not have autonomous 'see and avoid' capabilities (unlike some more sophisticated autonomous military UAVs). So how could it be remotely-piloted safely in poor visibility conditions and in an urban environment?

I was struggling to reconcile this with the fact that the UK Civil Aviation Authority is carefully researching the integration of UAVs into civil airspace, and there are still a number of safety issues to be addressed. I had even discussed some of these, urban environments in particular, in the blog post 'Police Drone' in May 2007 when the media had been reporting the Merseyside Police's UAV trials (BBC News: 'Pilotless Police Drone Takes Off').

However, things began to make more sense when I read about more recent developments of the story, which were reported earlier this week (BBC News: 'Unlicensed Merseyside Police drone grounded' and Guardian: 'Eye in the sky arrest could land Police in the dock'). These reveal that the UAV was being flown by Merseyside Police without a CAA license, and this breach of regulations could lead to prosecution.

So Merseyside Police could be involved in a different type of UAV trial soon...

On Wednesday, it will be exactly ten years since I joined Wind River.

I was thinking about this on my flight to San Francisco on Saturday, and as well as wondering how I long I've spent watching the VxWorks boot loader counting down to zero on the serial console over the years, I was also reminiscing about my early days with the company.

In many ways, it doesn't feel like a decade (as they say: time flies when you're having fun). This is the longest that I've worked for a company, and I was thinking about what it is that keeps me so interested and motivated in my job.

It's hard to put into words, but I have to admit that I really enjoy being at the cutting edge, observing the continual technological advances, not just for technologies' sake (although I admit to being a technophile), but in order to work out these can be applied to real world applications to meet customer requirements and solve their problems.

I started at Wind River in 2000, just before the dot com boom turned into the dot com crash, which many people would rather forget, but this was still a significant point when Internet connectivity was starting to spread from the Enterprise arena into the outside world. In my own area of specialization, Aerospace & Defense, IP-based networking was only just starting to replace stove pipe systems, but the adoption of commercial-off-the-shelf (COTS) technologies was fragmented and interoperability hindered by a lack of standardization. This made presented an unwanted challenge of developing a solutions stack for programmes.

Ten years on, I'm not so naive as to claim that things are now perfect, but the widespread adoption of open standards and open architectures in recent years is providing programmes with a range of interoperable implementation options, increasing choice and flexibility, and also resulting in lower risk for long term support and managed obsolescence.

I've also noticed that embedded devices have become a lot smarter in the last decade, passive remotely controlled devices are now being superseded by intelligent semi-autonomous and even fully-autonomous systems which are capable of flying UAVs and even aircraft without a pilot (see previous blog: Airborne Control of UAV Swarms). A lot of this has only become possible due to the massive increase in processor performance in relation to power dissipation (especially in airborne systems, and with the advent of multicore processors this provides even greater potential for exploitation). I wonder whether in ten years time we will have seen the introduction of autonomous commercial aircraft, maybe for cargo initially?

The Internet has become all-pervasive, and we now rely on IP-based networking for everything from communication between desktop computers, multimedia broadcast, through to critical national infrastructure. This presents new challenges in terms of increased cybersecurity threat due to the inter-connectivity of networks and some of the IPv4 protocols were not designed with security in mind. However, the deployment of IPv6 and the on-going developments of processor hardware virtualisation support and provably secure implementations of the Multiple Independent Levels of Security (MILS) will provide the foundations for secure robust systems which can mitigate this threat and more besides.

A decade on, the future still looks exciting.

I recently had the privilege of working with one of our partners, LDRA, and one of our customers, Ultra Datel, on writing a case study of their experiences of a mid-life upgrade of an existing avionics system.

What caught my attention was the fact that the existing system was uncertified, and the upgrade involved migrating the existing system to a commercial-off-the-shelf (COTS) and undertaking DO-178B Level B safety certification.

As a result, the project faced a number of development challenges because the pre-existing software and device drivers were not developed with safety certification in mind, and the code needed to be re-engineered and modified to meet safety certification requirements.

In the case study, we discuss the following development challenges and how they were overcome using the LDRA Tool Suite during the development of the safety-critical VxWorks application running on a GE Intelligent Platforms ruggedised PowerPC platform:

1. Porting to the VxWorks DO-178B safety-critical subset
2. Reduction of high cyclomatic complexity
3. Programming language subset compliance
4. Code coverage to meet DO-178B Level B objectives

The case study has now been published on the Wind River website on the Aerospace & Defence customers page (and the PDF file can be accessed directly here).

Today, the Boeing 787 Dreamliner made its first flight from Everett, Washington. One of our Wind River colleagues, Chip Downing, was able to attend this historic event in person, and shot the following video:

This is the culmination of years of development of a completely new aircraft which uses many state-of-the-art technologies to significantly improve efficiency, operating range and passenger comfort.

For instance, the 787 employs an Integrated Modular Avionics (IMA) architecture using VxWorks 653, Wind River's world-class ARINC 653 compliant RTOS. This approach which drastically reduces the amount of space, weight and power (SWaP) required for the aircraft's on-board avionics systems. The reduction in weight of avionics systems and cabling results in a reduced fuel load requirement, or increased range for the same fuel load, and of course reduced CO₂ emissions. Similarly, the reduction in the space required for the avionics systems can increase the space available for passengers, luggage and cargo.

(If you want to know more about the 787 development and DO-178B safety certification approach, read Alex Wilson's recent blog, and for details of VxWorks 653, there's a white paper available for download here).

In addition, the composite fuselage not only helps to make the aircraft lighter (improving fuel consumption further), but also enables higher cabin pressures to be used, which will result in passengers feeling more relaxed and less fatigued. When coupled with the advanced air-conditioning systems and state-of-the-art Rolls-Royce Trent 1000 jet engines and noise-reductions technologies, this provides the promise of greater passenger comfort on long haul flights.

This is of course, just the start, as the 787 will continue to evolve through its operational lifetime, just as the 747 has done over the last forty years. So, I wonder what other technologies will appear in the future?

In the meantime, I'm looking forward to seeing the 787 grace the skies above the Farnborough Air Show and taking a flight on one with British Airways in the near future. Congratulations, Boeing!

I've recently finished updating presentations on The Essentials of Multicore Software and Challenges of Security Software Development for our forthcoming Aerospace & Defence Conferences which we are holding across Europe in November.

It's been interesting to think about how multicore can be used in technology refreshes and applied to new programmes. I'm looking forward to discussing these issues with customers, as well as understanding their security requirements, particularly as the need for interoperability continues to grow. We also recently demonstrated some of the capabilities to meet these security requirements in a cross-domain system and Gigabit Ethernet demo running on VxWorks MILS at MILCOM in the US, and the videos are available on YouTube.

If you've not received an invitation to one of the European conferences yet or had a chance to register, why not visit our conference portal? I hope to see you there.

Last week, I downloaded AdaCore's GNAT Pro 6.2.2 and the latest GNATbench 2.3.1 release (which was announced yesterday), as I wanted to port an Ada & C mixed-language application to VxWorks 6.7.

I wanted to do this to show a customer how they can develop new Ada applications (as well as reusing existing intellectual property) and integrate them with network protocol stacks, graphics libraries and other middleware which are often implemented in C or C++.

Whilst the Ada 95 and Ada 2005 language standards provide inter-language compatibility with C and C++ respectively, close integration between the development tools is needed in order to really exploit these capabilities fully, for example being able to debug communication modules and/or tasks implemented in different languages.

My mixed language application consists of two VxWorks tasks (written in C), and two Ada tasks. One of the VxWorks tasks sends messages to an Ada task via a VxWorks message queue, and I wanted to step through the sending and receiving of the messages in a debugger to confirm that individual messages were sent and received correctly. This would not be a very user-friendly activity if I had to use two different debuggers to debug the Ada and C code separately. In addition, I also wanted to check that the inter-language calls that I had made (C function calling an Ada procedure and vice versa) had passed parameters using the correct language types and the data values were interpreted correctly.

Workbench provides an open and extensible framework based on Eclipse, so this has enabled AdaCore to integrate capabilities of GNAT Pro seamlessly through the GNATbench plugin. This enabled me to develop and run my mixed language application in Workbench. I was able concurrently debug multiple tasks in mixed languages (see below), and set task specific breakpoints on the Ada and C tasks individually and step over the calls to msgQSend() and msgQReceive() respectively, and confirm that the messages were passed correctly; and I was able to walk up and down the stackframes in the Workbench Debug View and confirm that parameters had been passed correctly between C function and Ada procedure and vice versa.

I also used Workbench's analysis tools System Viewer, Memory Analyser and Performance Profiler to verify the behaviour of Ada & C tasks at system level, and monitor memory & CPU utilisation of each of the Ada procedures and C functions in the mixed language application.

Even after many years working with these technologies, I am still excited by advances in capabilities which make the complex tasks of embedded software development easier. I just wish I was able to spend more time in Workbench and less time in PowerPoint!