Re: Ada Run-time for embedded systems

[l107353@cliffy.lfwc.lockheed.com (Garlington KE)]

R.A.L Williams (bill@valiant.gmrc.gecm.com) wrote:
: OK, but you can extend this concept to gain a further reduction in life-cycle
: costs and an increase in reliability. If you consider *all* the processing
: functions of the platform to be resident in a single distributed system,
: and allow `reconfiguration' across that system then the total number of
: redundant units needed to achieve a reliability goal can be reduced. Imagine,
: for example, that you calculate you need 60% redundant units of a particular
: processor module, but the boxes in your federated architecture have only
: two processor cards each, then you need to add two more cards, ie. 100% 
: redundant units. OTOH, if you move all the processing to a larger system 
: with 10 of that type of card, you can add 6 cards and achieve exactly the 
: additional redundancy you need.

Dynamic reconfiguration of this type sounds good in theory, and was studied
in some of the pre-F22 avionics trades, but it turns out there are a lot
of "gotchas" in terms of additional bus structures, software complexity,
etc. 

The other issue is, in what context are we using the word "reliability"? If
you mean mission reliability, then given current technology, in a lot of
cases redundant hardware isn't needed. If we are talking about safety-critical
systems, then other factors such as reconfiguration time start to be a problem.

: The catch is that to take advantage of this technique you have to:
: 1. make reconfiguration actually work

Not just work, but in practice it usually has to work deterministicly. It
ain't easy in the general case.

: 2. integrate the sw from a number of different boxes into a single system
: hence my further points...

You have to do this in an integrated architecture, whether dynamic
reconfiguration is used or not. This is happening today.

: : For us, the OS is built on top of the run-time and takes advantage of it.
: : Note that our cross-compilers do not expect to have full and exclusive
: : access to hardware, although there are constraints.

: So how would I achieve my desired aim of multiple independent applications
: on a single CPU? If I just merge two applications together, as two tasks
: for example, then I've got a single application and I've made the task
: of certification that much hardware because of the additional complexity
: of the single application.

The OS (and the hardware) establish partitions in which each application
runs. A system-wide table is built and fed into the OS which describes how
to treat each partition with respect to priority, etc. Each application
(and the OS) is a seaprate load image.

: BTW, which cross compiler(s) are you using? Is there a prospect of Ada95
: from the vendor?

The CIP avionics uses the ICC compiler. We don;t know if Ada95 will be
supported yet for our use.

--------------------------------------------------------------------
Ken Garlington                  GarlingtonKE@lfwc.lockheed.com
F-22 Computer Resources         Lockheed Fort Worth Co.

If LFWC or the F-22 program has any opinions, they aren't telling me.