The Ravenscar Profile

RavenscarA few weeks ago, I took a few days leave to enjoy the end of the British summer and went hiking amongst the green hills and valleys of the North Yorkshire Moors. What’s that got to do with Aerospace & Defence or device software? Well, apart from the early-warning radar at the RAF Fylingdales base (wikipedia), you might think not very much. But on the coast just a few miles south of the fishing village of Robin Hood’s Bay lies Ravenscar, which is now a familiar name in the field of the development of high-integrity and hard real-time systems. (Here’s a photo that I took from the Cleveland Way path which shows the profile of the coast at Ravenscar).

In 1997, at the 8th International Real-Time Ada Workshop, a subset of the Ada programming language was defined for safety-critical real-time systems. This has come to be known as the Ravenscar Profile, and was published as:

A. Burns, B. Dobbing, and G. Romanski. The Ravenscar tasking profile for high integrity real-time programs ‘. Reliable Software Technologies, Proceedings of the Ada Europe, Conference, Uppsala, pages 263–275. Springer Verlag, 1998.

Alan Burns has also created a good summary of the subsequent evolution of the Ravenscar specification, which is available from the University of Madrid website (PDF). In recent years, the Ravenscar Profile has gained widespread acceptance and was incorporated into the Ada 2005 standard. For a very good overview of Ada2005 and Ravenscar, it’s worth checking out the article  "Ada 2005 Strengthens
Ada’s Safety-Critical Muscles" by
Robert Dewar, CEO of AdaCore which was published in COTS Journal online. (If you would rather watch a video, there’s a talk on Ada 2005 for high-integrity real-time systems by Jose Ruiz on the AdaCore website).

The Ravenscar Profile’s support for concurrency has had an important impact on the development of high-integrity systems; so has the inherent support of schedulability analysis which is needed in order to determine if essential deadlines will be met in hard real-time systems.

Ravenscar has also had another important impact in the implementation of safety-critical real-time systems, due to its reduced footprint when compared to a full Ada runtime system. This is significant because there is a safety-certification cost associated with an Ada runtime, which can be easily overlooked when focusing on the application and perhaps the real-time operating system. So, the small footprint of Ravenscar can reduce the safety certification burden and costs dramatically.  There are of course other benefits to reduced footprint in embedded devices in general,  some of these were discussed by Tomas Evensen in a recent blog.

Safety….a good thing to be thinking about when walking along the Ravenscar cliff-top path.