Warning: This material may contain defense sensitive data, competitive and sensitive trade secret or technicalinformation of KAI proprietary rights. The use (to provide, disclose, reproduce or copy to the third person/party) of thismaterial without the prior approval of KAI is strictly prohibited in accordance with the related laws and regulations.
T-50 Avionics Embedded Software Development using Java
ISET 2011 - The 6th International Symposium on Embedded Technology (May 20-21, 2011)
Overview
• The Flagship Project
− Core Software
• Why Java?
− C/C++ Experience in Other Projects
• Pointer Problems
− Java Pros and Cons
• Real-time Java
• Language Selection
• Development
− OFP Layers
− Speed & Size Issues
− Optimizations
• Points to Ponder
2Korea Aerospace Industries Proprietary Information
The Flagship Project
• Total systems development
− Core software: FC, MFDS, IUFC, HUD, and SMS
− Core avionics hardware: KMC, SMC
− Test bench, and Mission support system
Korea Aerospace Industries Proprietary Information 3
RTOS Certification
- NEOS by MDS Technology(DO-178B Level A Certifiable)
Test Bench Development
- System Integration Laboratory- Software Development Station
Hardware Development
- KMC by Intellics
- SMC by DoDaam Systems
Ground Support System
- MPSS by KIDA
Software Development
- FC
- MFDS
- IUFC by AMC
- HUD by DoDaam Systems
Avionics Embedded System Verification
Operation & Maintenance
KMC: Korea Mission ComputerMFDS: Multi-Function Display SetMPSS: Mission Planning and Support SystemSMC: Stores Management ComputerSMS: Stores Management System
FC: Fire ControlHUD: Head Up DisplayIUFC: Integrated Up Front ControlsKIDA: Korea Institute for Defense Analysis
Core Software
• Software (OFP) developed from scratch with enhanced capabilities compared to initial T-50 OFPs
− 6 independent 5x7 MFD pages (3 for each seat)
− Embedded Training functions
Korea Aerospace Industries Proprietary Information 4
Aerial Gunnary Target Simulation
MFD: Multi-Function DisplayOFP: Operational Flight Program
Core Software
• Central to Systems integration & mission operations
Avionic Systems
Secondary, Tertiary Software
Core SoftwareFlight Control
Stores Mgmt
Mission & Displays
Targeting
Vehicle Management
Pilot InterfaceAircraft & Weapon Specific Characteristics
Communication
Static & Dynamic Parameters
Nav. Aids
PilotControl &
Command
Mission/FlightInformation
ControlCommands
5Korea Aerospace Industries Proprietary Information
Why Java?
• Avionics Needs
− Safety (DO-178)
− Long lifecycle support
• Language Trends
− F-16: Jovial
− F-22: Ada
− F-35: C++
− T-50: C/C++
• Evolution of Java
− Real-time Java (JSR-1)
− Safety Critical Java (JSR-302)
Korea Aerospace Industries Proprietary Information 6
An Empirical Study of Programming Language Trends, IEEE Software, 2005
Java
C++
Ada
CJava
Ada
C++
C
Perc
ent
of
resp
ondents
Year1993 1998 2003 2008
10
15
20
25
5
0
30
TIOBE Programming Community Index, www.tiobe.com, 2011
Java
C++
CJava
C++
C
Perc
ent
searc
h h
its
Year2002 2005 2008 2011
10
15
20
25
5
0
JSR: Java Specification Request
C/C++ Experience in Other Projects
• C/C++ demands high alertness and workload
− Resource management : new/delete, open/close, lock/unlock
• For C++, RAII helps but not without attention to copy constructors and copy assignment operators (The Rule of Three)
− Exception handling: assert was used instead for debugging
− Pointers: cannot live without but usually the culprit of most of the troubles
− Many other do’s and don’ts
• Lessons learned from prior projects including T-50 went into KUH
− Coding guidelines became Coding Standards
− Peer review prerequisites are enforced with automated tools
• LDRA coding rule checking and PolySpace static verification
Korea Aerospace Industries Proprietary Information 7
KUH: Korea Utility HelicopterRAII: Resource Acquisition is Initialization
Pointer Problems
• Problems such as an example shown below would easily be identified by a static analysis tool
− An example of one of the problems• extract_data outputs an address of a data block to MESSAGE_DATA
• sidd_write_link uses MESSAGE_DATA to transmit the data block
Korea Aerospace Industries Proprietary Information 8
// doubleTrouble.c
typedef void* Data_Pointer_Type;
Data_Pointer_Type MESSAGE_DATA;
void extract_data(Data_Pointer_Type* MSG_DATA_PTR,...);
void write_link(Data_List_Type* DATA_LIST,...);
:
:
extract_data(MESSAGE_DATA,...);
...
write_link((Data_List_Type *)(*(unsigned int*)MESSAGE_DATA),...
Should be a reference:&MESSAGE_DATA Should not dereference:
(MESSAGE_DATA)
Would read better if named:MESSAGE_DATA_PTR
Casting not needed
Java Pros and Cons
• Lessons learned from prior projects also led to considering Java
− Boosted by the presence of OOTiA and RTSJ (2004)
• Pros
− C/C++ like syntax : easier transition to the new language
− No pointers, No header files
− Safer and more secure
• Cons
− Garbage Collection
− Big
− Slow
Korea Aerospace Industries Proprietary Information 9
JamaicaVM caught our attention so it was evaluated
OOTiA: Object Oriented Technology in AviationRTSJ: Real-time Specification for Java
Real-time Java
• JSR-1 RTSJ adds features that are immune to GC
− Memory models and regions that are not subject to GC
− Real-time threads that are not preemptible by GC
Korea Aerospace Industries Proprietary Information 10
GC: Garbage CollectionJSR: Java Specification RequestRTSJ: Real-time Specification for Java
From aicas technology brief
Real-time Java
• JamaicaVM from aicas
− Implements Work-Based GC which runs when and where memory allocation occurs
− Also implements RTSJ but having deterministic GC enables real-time programming easier
Korea Aerospace Industries Proprietary Information 11
GC: Garbage CollectionRTSJ: Real-time Specification for Java
From aicas technology brief
Language Selection
• Performance Evaluation
− Test program
• Existing in-house tool written in Cwas converted to Java
• The tool was a weapon delivery accuracy analysis software based on actual ballistics algorithm
− Target Environment
• OS: VxWorks 5.5.1, BSP 1.2/1.10
• CPU: SBS CK5 MPC 7447A 999MHz
• RAM: 512MB
− Some optimizations were done with profiling and adjusting compile options to get the best possible results
Korea Aerospace Industries Proprietary Information 12
BSP: Board Support Package
Language Selection
Korea Aerospace Industries Proprietary Information 13
• Results
• Conclusion
− Target CPU speed (1.6 GHz) and large memory size (1 GB) were thought to be sufficient enough to run Java applications
• JamaicaVM was selected for the development of the Flagship Project
C Java
Speed (msec) 1.43 2.8 Java is 1.98 times slower
File Size 157KB 4MBJava includes JVM which is
3~4MB depending on packages
Development
• Development Environment
− Models containing code are put under configuration control
Korea Aerospace Industries Proprietary Information 14
Requirements : DOORSVersion Control : PVCS
GUI : GL Studio - evaluated but not integrated with the process, yet
Rhapsody
STE & SIL
Ground Test / Flight Test
Eclipse
JamaicaVM
EMMA / CodeCover
VeriFlux
SIL: System Integration LaboratorySTE: Software Test Equipment
OFP Layers
• JVM’s platform independence enables modular development
− Success story : One day integration of JVM and HUD OFP
Korea Aerospace Industries Proprietary Information 15
CDU: Control & Display Unit JNI: Java Native Interface JOGL: Java OpenGL JVM: Java Virtual Machine KUH: Korea Utility Helicopter OXF: Object Execution Framework PFD: Primary Flight Display SC: Safety CriticalSMM: System Mission Management
KAI Works
Vendor Works
OS*
T-50 Java Applications (OFP)
Real-time JVM
OpenGL SCDevice Drivers
FC HUD MFDS IUFC
* OS : VxWorks, NEOS, Windows
JNI JOGL
JVM provided portability
OS*
KUH C++ Applications (OFP)
OpenGL
Device Drivers
SMM PFD MFDS CDU
KAI Framework based on
Rhapsody OXF(OS Services)
* OS : VxWorks, Windows
KAI API
Self (KAI) provided portability
Speed & Size Issues
• OFP is designed with 50Hz rate groups
− Each rate group should complete well within 20msec
• Initially, it took almost 40msec for a FC OFP rate group to complete which was double the time limit
− One of the reasons was data I/O utilizing JNI, especially MIL-STD-1553 due to its tight coupling with the OFP
− The other reasons were compile options
• HUD and MFDS were also suffered
− HUD requires many JNI calls to present cursive graphic objects on the display
− MFDS initially had a size of over 300MB before optimization
Korea Aerospace Industries Proprietary Information 16
Optimizations
• Took a few months to optimize
− Compile/build options including
• Tradeoff between profiled interpreter code vs compiled code
• Static binding for virtual calls (no dynamic class loading), etc.
− JNI
• Reducing the number of JNI calls
• Reducing run-time creation of temporary data buffers
− Some design considerations
• Making final and static where applicable e.g. constants
• Reducing the number of threads
• Overall efforts brought down the speed to within 20msec, and the size from over 80MB to 50MB and then to 30MB in case of FC OFP
Korea Aerospace Industries Proprietary Information 17
Points to Ponder
• JNI
− With some care, it is a nice solution for hardware interfaces
− Alternatives may be considered e.g. CORBA, XML
• But are they DO-178 compliant?
• Sound practice is needed regardless of languages
− Programming idioms such as LSP, and
− Design & Coding standards enforcing them, and
− Review processes with support from automated tools
• But within the same rules, Java eases much of a burden off the programmer
− Enables spending more time on design, or having a longer coffee break
Korea Aerospace Industries Proprietary Information 18
LSP: Liskov Substitution Principle
Points to Ponder
• DO-178C and supplement documents are due by the end of 2011
− After 7 years of preparation since OOTiA handbook in 2004
− Will enable the use of real-time Java Technology with deterministic garbage collection in critical avionics software
• Open source, cost effective tools and environments
− One such case is TOPCASED
• Eclipse based systems/software development environment promoting model-driven development and formal methods
• Java is a good language of choice for safety-critical, hard real-time embedded software development
Korea Aerospace Industries Proprietary Information 19
DO-178C: Safety Considerations in Airborne Systems and Equipment CertificationOOTiA: Object Oriented Technology in AviationTOPCASED: The Open-Source Toolkit for Critical Systems
Korea Aerospace Industries Proprietary Information 20
Thank you
Bang, KeugyeolPrincipal Research Engineer
Avionics Advanced R&D [email protected]
방극열수석연구원항전선행연구팀010-9048-0828
Acronyms
Korea Aerospace Industries Proprietary Information 21
Air-BEST Air-borne Embedded System and TechnologiesAPI Application Program InterfaceARINC Aeronautical Radio IncorporatedBSP Board Support PackageCDU Control and Display UnitFAA Federal Aviation AdministrationFC Fire ControlGC Garbage CollectionHUD Head Up DisplayIUFC Integrated Up Front ControlsJNI Java Native InterfaceJOGL Java OpenGLJSR Java Specification RequestJVM Java Virtual MachineKAI Korea Aerospace Industries, Ltd.KIDA Korea Institute for Defense AnalysisKUH Korea Utility HelicopterKMC Korea Mission ComputerLSP Liskov Substitution PrincipleMFDS Multi-function Display Set
MIL-STD Military StandardMPSS Mission Planning and Support SystemOFP Operational Flight ProgramOOTiA Object Oriented Technology in Aviation, FAAOpenCL Open Computing LanguageOpenGL Open Graphics LibraryOS Operating SystemOXF Object Execution FrameworkPDR Preliminary Design ReviewPFD Primary Flight DisplayRAII Resource Acquisition Is InitializationRTOS Real-time Operating SystemRTSJ Real-time Specification for JavaSC Safety CriticalSIL System Integration LaboratorySMC Stores Management ComputerSMM System Mission ManagementSMS Stores Management SystemSTE Software Test EquipmentUFC Up-front Controls