GNATforLEON / ORK+ User Manual - dit/UPM
Contents
1. GNATforLEON ORK reference 4 1 Installation and directory structure 4 1 1 Getting GNATforLEON and ORK 4 1 2 Installing GNATforLEON 4 1 8 Installing the GNATforLEON 4 1 4 Directory structure 4167 Documentation quic dhe wr guis 42 Kermel interlace n eroe ds erus ban UK bane ein 4 2 3 Threads and 22 5 Jie dudmigenietb s wig pes 4 2 4 Interrupt handling MM Duro NN ee ee an ts Da RS 4 4 Run time considerations 44 0 aaa de Sate b Oa cau 4 5 Tailoring the 4 5 1 Configurable parameters 4 5 2 4 5 3 Compiling the kernel The Ravenscar profile Introductions sq e sors E S ey ato n Oe dock he aute en ea A 2 1 Forbidden features A 2 2 Supported features A 2 3 Dynamic semantics A 3 Denoting the restrictions due qc ae dte dee2. signal once every 10s end if Cycle Cycle 1 Next Next Period end loop end Periodic task body Sporadic is Cycle Cycle Count begin loop Event Wait Cycle Put Line Hello sporadic end loop end Sporadic protected body Event is procedure Signal C Cycle Count is begin Occurred True Cycle SC 3 3 COMPILING AND LINKING ADA PROGRAMS 21 end Signal entry Wait C out Cycle Count when Occurred is begin Occurred False C Cycle end Wait end Event end Tasking Notice that the background procedure actually does nothing but increment a count in an endless loop In real applications it might include some useful work to be executed at the lowest priority The Tasking package contains two tasks a periodic task and a sporadic task latter is activated by the periodic task by means of a synchronization protected object Event This is a common way to implement software activated sporadic tasks Burns and Wellings 2001 The periodic task activates the sporadic task once every ten cycles Each task writes a string to the serial output every time it is activated There is a copy of the above files in the examples hello distribution directory In order to compile and link the example files you should copy them to a working directory and follow the steps that are described in the next section 3 3 Compiling and linking Ada programs You can compile and link
3. Currently integrated into EADS Astrium 1 12 DOCUMENT OVERVIEW 7 The same team worked in collaboration with AdaCore to port GNAT to LEON2 and to develop the adapted runtime packages that enable GNAT to work with ORK GNATforLEON was developed in the framework of the ASSERT and THREAD projects It is based on AdaCore GNAT Pro ERC32 product which in turn was based on ORK ORK 4 was ported to XtratuM by a team of the Department of Telematics Engineering Universidad Polit cnica de Madrid DIT UPM lead by Juan Antonio de la Puente The other members of the team are Juan Zamorano ngel Esquinas and Daniel Brosnan 1 12 Document overview rest of this document is organised as follows e Chapter 2 describes the general structure of the GNATforLEON software and the Ravenscar profile restrictions e Chapter 3 contains instructions for writing compiling linking executing and debugging programs with the GNATforLEON software e Chapter 4 describes in detail the functions of GNATforLEON and the way it is linked with Ada programs e Appendix A describes the Ravenscar profile in detail e Appendix B contains a comprehensive example of a Ravenscar compliant pro gram and its compilation with GNATforLEON e Appendix C contains a copy of the GNU General Public License GPL CHAPTER 1 INTRODUCTION Chapter 2 Software overview 2 1 The ORK kernel ORK Open Ravenscar Real Time Kernel is a small high performance
4. 5 sau ho aute eae ema 6 ILI 1 22m Bis ke oe 6 1 11 1 Contributors to 6 1 11 2 Contributors to 6 1 12 Document overview lunius 44 34 AO E PS 2 Software overview 9 2 1 SRS ORK kerjel tects hd Y rd Y pes et 9 2 2 Architecture of ORK 1e uocum 10 2 3 Interface Tor 11 2 4 Ada XtratuM binding 11 2 5 Hardware and software environment 12 2 5 1 Development platform 13 2 5 2 Execution platform 13 3 How to use GNATforLEON 15 3 1 Software development 2 22 ae Sak a 15 3 2 Writing Ada programs 15 3 2 1 Ravenscar profile 15 3 2 2 The GNAT configuration file e Ro 17 3 2 8 A first example e RUE S 18 3 3 Compiling and linking Ada programs 21 3 4 Creating and running XtratuM partition 22 3 5 Debugging Ada programs 24 3 6 Interrupt 3 6 1 Protected procedure handlers 3 6 2 An example with interrupts
5. POLITECNICA GNATforLEON ORK User Manual Version 1 4 11 January 2013 For GNATFORLEON 2 3 0 ORK AND XTRATUM ON LEON3 COMPUTERS UNIVERSIDAD POLITECNICA DE MADRID GRUPO DE SISTEMAS DE TIEMPO REAL Y ARQUITECTURA DE SERVICIOS TELEMATICOS 2008 2009 2013 Universidad Polit cnica de Madrid UPM Published by Departamento de Ingenieria de Sistemas Telematicos Universidad Polit cnica de Madrid ETSI Telecomunicaci n Ciudad Universitaria E 28040 Madrid SPAIN Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission noice are preserved on all copies Permission is granted to copy and distribute modified versions of this manual under the conditions for verbatim copying provided also that the sections entitled Copying and GNU General Public License see appendix C are included exactly as in the original and provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one Permission is granted to copy and distribute translations of this manual into another language under the above conditions for modified versions except that this permission notice may be stated in a translation approved by the Free Software Foundation This manual has been adapted to GNATforLEON from the Operation Manual for the Open Raven scar Real Time Kernel ORK The original software and its associated documentation
6. 4 1 5 Tools GNATforLEON includes the following tools in the usr local gnatforleon bin directory sparc elf addr2line utility to translate program addresses into file names and line numbers Sparc elf ar library archiver Sparc elf as cross assembler sparc elf c filt utility demangle C symbols Sparc elf gcc C cross compiler Sparc elf gccbug a tool for reporting GCC Bugs Sparc elf gcov coverage testing tool sparc elf gdb the GNU Debugger Sparc elf gnat utility to list GNAT commands qualifiers and options sparc elf gnatbind Ada binder sparc elf gnatchop Ada source code splitter sparc elf gnatfind Ada utility for locating definitions and or references to a specified entity or entities sparc elf gnatkr Ada file name kruncher sparc elf gnatlink Ada linker sparc elf gnatls Ada library lister sparc elf gnatmake Ada make utility sparc elf gnatprep Ada pre processor sparc elf gnatxref Ada utility to generating a full report of all cross references Sparc elf 1d linker sparc elf nm utility to print symbol table Sparc elf objcopy utility to convert between binary formats Sparc elf objdump utility to dump various parts of executables 30 CHAPTER 4 GNATFORLEON ORK REFERENCE sparc elf ranlib library sorter sparc elf size utility to display segment sizes sparc elf strings utility to dump strings from executables spar
7. All the tasks print the value of Real_Time Clock whenever they start and fin ish executing their body Only absolute delays and the monotonic clock of the Real_Time package are used In order to avoid undesirable interactions between input output and task scheduling the special Put operation of the System IO pack age is used The example program is designed to cover all the features which are needed in space embedded applications In particular the example includes e Task management Task synchronization e Time keeping and absolute delays e Ada interrupt management Floating point calculations 53 54 APPENDIX EXAMPLE PROGRAM B 2 Temporal requirements of the tasks Figure B 1 shows the structure of the task set The task set will be analysed for the temporal requirements of the tasks as shown in table B 1 The period for task A is interpreted as a minimum inter arrival time demo HRT si ASER BY External Interrupt BY IT External Interrup WCET C2 A WCET 2 Real Time Monitor Exclusive E Text IO E Workload Figure B 1 Example task set Task Period Activities 14 01 20 by 36 C2 Table 1 Temporal requirements of the example tasks Tasks A and C contain two logical blocks of activities while task B has only one Activity a4 cor
8. Unit procedure Background is begin loop Workload Small_Whetstone 25 Print RTClok null end loop end Background task A is pragma Priority System Priority Last end A task B is pragma Priority System Priority Last 1 end B task C is pragma Priority System Priority Last 2 end C protected Monitor is pragma Priority System Priority Last procedure Exclusive Time Ada Real Time Time Span Running Task Tasks end Monitor This task simulates a interrupt every Period A task Interrupt is pragma Interrupt Priority System Interrupt Priority Last end Interrupt protected Interrupt Semaphore is pragma Priority Ada Interrupts Names External Interrupt 2 Priority pragma Interrupt Priority System Interrupt Priority Last 5 61 entry Wait procedure Signal pragma Attach Handler Signal Ada Interrupts Names External_Interrupt_2 private Signaled Boolean False end Interrupt Semaphore protected body Interrupt Semaphore is entry Wait when Signaled is begin Signaled False end Wait procedure Signal is begin Signaled True end Signal end Interrupt Semaphore task body Interrupt is Next Time Ada Real Time Time Time Zero begin loop delay until Next Time Force External Interrupt 2 Next Time Next Time Period A end loop end Interrupt protected
9. Watchdog Timer Priority constant System Interrupt Priority System OS Interface Watchdog Timer Priority Shutdown constant ID Interrupt ID System OS Interface Shutdown Shutdown Priority constant System Interrupt Priority System OS Interface Shutdown Priority Sampling Port constant Interrupt ID Interrupt ID System OS Interface Sampling Port Sampling Port Priority constant System Interrupt Priority System OS Interface Sampling Port Priority Queuing Port constant Interrupt ID Interrupt ID System OS Interface Queuing Port Queuing Port Priority constant System Interrupt Priority CHAPTER 4 GNATFORLEON ORK REFERENCE System OS Interface Queuing Port Priority Cyclic Slot Start constant Interrupt ID Interrupt ID System OS Interface Cyclic Slot Start Cyclic Slot Start Priority constant System Interrupt Priority System OS Interface Cyclic Slot Start Priority Protect constant Interrupt ID Interrupt ID System OS Interface Mem Protect Mem Protect Priority constant System Interrupt Priority System OS Interface Mem Protect Priority UART 1 RX TX constant Interrupt ID Interrupt ID System OS Interface UART 1 TX UART 1 RX TX Priority constant System Interrupt Priority System OS Interface 1 RX TX Priority UART 2 RX TX constant ID Inter
10. critical space applications The kernel supports Ada 2005 applications on LEON based computer GNATforLEON is fully integrated with other GN AT based tools and with GDB the GNU debugger 1 3 Applicability statement This manual applies to the following versions of software e GNATforLEON 2 3 0 ORK 2 3 0 e GNAT GPL 2011 e GCC 4 5 e GDB 7 2 2 CHAPTER 1 INTRODUCTION 1 4 Compliance to standards ORK supports the tasking model defined the Ada 2005 standard ISO IEC 8652 1995 Amd 1 2007 including appendices C and D except for the following 1 The tasking model is restricted as specified by the Ravenscar profile Ada Reference Manual D13 1 Consequently e Pragma Priority Specific Dispatching is not supported e Only the FIFO Within Priorities dispatching policy with the Ceiling Locking policy is supported 2 The following exceptions to the Ravenscar profile are supported e At most one statically declared execution time timer per task is allowed e Statically declared group budgets are allowed 1 5 Free software The ORK kernel is free software developed and maintained by UPM and dis tributed under the GNU General Public Licence GPL You can also download the latest version of GNATforLEON ORK 4 from the ORK web site http www dit upm es ork 1 6 Related documents The following documents contain additional information about software tools that can be used to develop real time software with
11. ee ee AA Extended profilen a EU qua a ca Example program Dal Description aru acy hae Pea e A p qo B 2 Temporal requirements of the tasks B 3 Sehedulability analysis Example program output aoa aa code ei quies GNU General Public License Bibliography Chapter 1 Introduction 1 11 Intended readership This manual contains instructions for the use of the Open Ravenscar real time Kernel ORK and the GNATforLEON compilation toolchain with the XtratuM hyper visor It should be read by application programmers and system administrators of software projects using ORK and GNATforLEON Prior knowledge of the Ada ARMO05 programming languages and the XtratuM Masmano et al 2005 hypervisor is assumed The reader should also be familiar with the GNAT and GCC programming environments GNATRM the GDB debug ger Stallman and Pessch 2007 and the fundamentals of real time programming and the Ravenscar profile ISO IEC a 1 2 Purpose The purpose of this document is to describe how to use install and configure GNATforLEON for the XtratuM hypervisor GNATforLEON is an integrated package combining an instance of the GNAT compiler for the SPARC v8 architecture with ORK an open source real time kernel of reduced size and complexity for which users can seek certification for mission
12. 5 7 1997 Proceedings of the 8th International Ada Real Time Work shop John Barnes Ada 2005 Rationale Number 5020 in Lecture Notes in Computer Science Springer Verlag 2008 ISBN 978 3 540 79700 5 Alan Burns Preemptive priority based scheduling An appropriate engineering approach In S Son editor Advances in Real Time Systems Prentice Hall 1994 Alan Burns and Ben Brosgol Session summary Future of the Ada language and language changes such as the Ravenscar profile Ada Letters XXII 4 December 2002 Proceedings of the 11th International Real Time Ada Workshop Alan Burns and Andy J Wellings Real Time Systems and Programming Languages Addison Wesley 3 edition 2001 Alan Burns and Andy J Wellings Restricted tasking models In Proceedings of the 8th International Ada Real Time Workshop pages 27 32 Ada Letters 1997 Alan Burns Brian Dobbing and George Romanski The Ravenscar tasking profile for high integrity real time programs In Lars Asplund editor Reliable Software Technologies Ada Europe 98 number 1411 in LNCS pages 263 275 Springer Verlag 1998 73 74 BIBLIOGRAPHY Brian Dobbing and Juan Antonio de la Puente Session report Status and future of the Ravenscar profile Ada Letters XXIII 4 55 57 December 2003 Proceedings of the 12th International Real Time Ada Workshop IRTAW 12 ECSS ECSS E ST 40C Space engineering Software European Cooperation for Space Standardization Marc
13. Ada as well see the ALRM ISO IEC b for guidelines on the Ada features you may wish to limit GNATforLEON assumes that the following restrictions are also applicable to your program e No allocators this means that there are no new statements This is required as GNATforLEON supports only static storage e No Ada Text IO package This is required as ORK does not directly sup port any input output device but a serial output line which is not accessible through Ada Text IO Notice that the above restrictions are common in embedded systems and do not impose any additional limitation on what could be considered as common practice Warning 3 1 GNATforLEON ORK users are recommended to assign distinct priorities to all tasks and protected objects 3 2 2 GNAT configuration file Configuration pragmas are put in a special source file called gnat adc see the GNAT Reference Guide GNATUG You can have GNAT check all the above restrictions for you by compiling the program with a Ravenscar configuration pragma as shown in the following template Listing 3 1 Sample gnat adc file gnat adc minimum configuration file template for the Ravenscar profile pragma Profile Ravenscar Any other configuration pragma can be included here copy of this file is included in the examples directory for your convenience Appendix A describes the Ravenscar Profile and the set of equivalent pragmas to pragma Pr
14. ELF 32 SPARC executable resident_sw 24 CHAPTER 3 HOW USE GNATFORLEON 3 5 Running and debugging Ada programs on the development platform The simplest way you can test your program is by using LEONS3 simulator on your development platform If you have the TSIM simulator you can do tsim leon3 mmu resident sw And typing go from the command prompt you will get the following output RSW Start Resident Software RSW Starting XM at 0x40001000 XM Hypervisor 3 Detected 50 0MHz processor HWClocks LEON clock 1000Khz HwTimer LEON timer 1000Khz 1 Partition s created PO Partitioni 0 flags SYSTEM 1 0x40080000 0x40080000 Ox4037ffff 0x4037ffff flags 0 200 Hello periodic Hello periodic Hello periodic Hello periodic Hello periodic Hello periodic Hello periodic Hello periodic Hello periodic Hello periodic Hello sporadic Hello periodic Running the program on TSIM by itself does not provide enough information on the behaviour of the program You can have a better view of the program execution by using the GDB debugger connected to the TSIM LEON simulator In this case TSIM must be started with the gdb option so that it waits for a connection from GDB tsim leon3 mmu gdb gdb interface using port 1234 After that GDB can be started in the usual way for instance in another win dow Before loading the program to debug GDB must be connected to the simu lat
15. Export C Set Priority system bb set priority Set the active priority of the executing thread to the given value function Get Priority Id Thread Id return System Any Priority pragma Inline Get Priority pragma Export Get Priority system bb get priority Get the current active priority of any thread procedure Sleep pragma Export C Sleep system_bb sleep The calling thread is unconditionally suspended procedure Wakeup ld Thread 14 pragma Export Wakeup system bb wakeup Thread ld becomes ready the thread must be previously suspended procedure Set ATCB ATCB System Address pragma Inline Set ATCB This procedure sets the ATCB passed as argument for the currently running thread function Get ATCB return System Address pragma Inline Get ATCB Returns the ATCB of the currently executing thread Execution Time functions 4 2 KERNEL INTERFACE 39 type Handler is access protected procedure 1 Integer Global_TM_Pointer Integer 1 Global Pointer Integer 1 Budget Array array 1 255 of System BB Time Time Span function Get Timer ld return Integer function Get GB ld return Integer Global Pointer Integer 1 function Get ld return Integer type TE Alarm Queue This type contains the time of alarms relative of Timing Events the
16. GNATforLEON 1 Ada 2005 Reference Manual ARM05 2 Ada 2005 Rationale Barnes 2008 3 GNAT Reference Manual GNATRM 4 GNAT User s Guide GNATUG 5 Using the GNAT Programming Studio GPSUG 6 Debugging with GDB Stallman and Pessch 2007 1 7 Problem reporting instructions If you obtained GNATforLEON from a support organization we recommend you contact that organization first You can find contact information for support orga nizations on the ORK web site http www dit upm es ork 1 8 GLOSSARY 3 In any event we also recommend that you send bug reports for GNATforLEON to ork dit upm es We welcome bug reports as they are a vital part of the process of the continuing improvement of You will help us and make it more likely that we will look at your report in a timely manner if you follow these guidelines e Please report each bug in separate message and add a short but specific subject e Please include full sources We can t duplicate errors without the full sources Include all sources in the single email message with appropriate indications in the multiple file cases see below Also say exactly what you saw do not assume that we can guess what you saw or duplicate the behaviour you encountered sources must be sent in plain ASCII or UTF 8 format e Please include complete identification of the version of the system you are running i e development and target environments
17. Management Unmask IRQ Ada Interrupts Names External Interrupt 2 Error Ada Interrupts Management Set IRQ Ada Interrupts Names External Interrupt 2 end Force External Interrupt 2 Listing B 5 Configuration file gnat adc minimum configuration file template for the Ravenscar profile pragma Profile Ravenscar Any other configuration pragma can be included here 64 APPENDIX EXAMPLE PROGRAM Appendix GNU General Public License Version 2 June 1991 Copyright 1989 1991 Free Software Foundation Inc 59 Temple Place Suite 330 Boston MA 02111 1307 USA Everyone is permitted to copy and distribute verbatim copies of this license docu ment but changing it is not allowed Preamble The licenses for most software are designed to take away your freedom to share and change it By contrast the GNU General Public License is intended to guarantee your freedom to share and change free software to make sure the software is free for all its users This General Public License applies to most of the Free Software Foundation s software and to any other program whose authors commit to using it Some other Free Software Foundation software is covered by the GNU Library General Public License instead You can apply it to your programs too When we speak of free software we are referring to freedom not price Our General Public Licenses are designed to make sure that you have
18. No Elaboration Code with System Used for Address Null_Address 4 2 KERNEL INTERFACE 31 Any_Priority with System Parameters Used for Size with System BB CPU Primitives Used for Context Buffer with System BB Time Used for Time with System BB Interrupts Used for Interrupt Set Empty_Interrupt_Set package System BB Threads is pragma Preelaborate type Thread_Descriptor This type contains the information about a thread type Thread ld is access all Thread Descriptor Type used as thread identifier Null Thread ld constant Thread ld null pragma Export C Null Thread 1 system bb null thread id Identifier used to define an invalid value for a thread identifier type Thread States is Runnable Suspended Delayed These are the three possible states for a thread under the Ravenscar profile restrictions Runnable not blocked and it may also be executing Suspended waiting on an entry call and Delayed waiting on a delay until statement type Exec Handler is access procedure 1 Integer type Thread Descriptor is record Context aliased System BB CPU Primitives Context Buffer Location where the hardware registers stack pointer program counter are stored This field supports context switches among threads ATCB System Address Ad
19. Pending Alarm variable function Get Pending Partition Alarm return Boolean Return Pending Partition Alarm variable procedure Turn True Pending Alarm Turns Pending Alarm variable to true procedure Turn True Pending Partition Alarm Turns Pending Partition Alarm variable to true 98 CHAPTER 4 GNATFORLEON ORK REFERENCE procedure Inmediate_Alarm Now in out System BB Time Time procedure Inmediate Partition Alarm Now out System BB Time Time end System BB Time ORK provides direct support for the Ravenscar profile time services i e Ada Real_Time Clock absolute delays global timing events and execution time clocks It also supports execution time timers and group budgets as an extension to the Ravenscar profile The original implementation of these time services is based on two hardware timers a periodic timer and a single shot timer Urue a et al 2007 It must be noted that hardware timers are indeed elapsed time timers How ever the XtratuM hypervisor as it is common in partitioned systems has a dual concept of time in addition to the common notion of elapsed real time there is the notion of partition time which only advances when a partition is scheduled Accordingly Xtratum provides two kinds of software timers as well as two kinds of clocks elapsed time clocks and timers and partition time clocks and timers The real time mechanisms i e Ada Real_Time Clock absolute
20. U Low Level Library NU Low Level Library Interface G G G G G G G G GNU Public License G NAT Programming Studio Graphic User Interface High Integrity System International Real Time Ada Workshop International Standards Organization Lesser GNU Public License formerly Library GPL Open Real Time Ravenscar Kernel Operating System IBM Personal Computer architecture Programmable Read Only Memory 1 9 REFERENCES 5 RAVENSCAR Reliable Ada Verifiable Executive Needed for Scheduling Critical RP Applications in Real Time Ravenscar Profile RP program Ada program that complies with the Ravenscar profile RTOS Real Time Operating System UPM Universidad Polit cnica de Madrid Technical University of Madrid URL Uniform Resource Locator 1 9 References 1 9 1 Applicable documents 1 2 ECCS E ST 40C Space Engineering Software ECSS Ada Reference Manual 5 Guide for the use of the Ada Ravenscar Profile in high integrity systems ISO TEC a Guidance for the Use of the Ada Programming Language in High Integrity Systems ISO IEC b XtratuM Hypervisor Reference Manual Masmano et al 2011 1 9 2 Reference documents 1 2 LEONS Manuals LEON3 GRMON User s Manual Gaisler Research 2007 Sparc 8 Architecture Manual SPARCv8 Ada 2005 Rationale Barnes 2008 Ada Quality and Style Guide 0505 GNAT Manuals GNATRM GNATUG Debu
21. body Monitor is procedure Exclusive Time Ada Real Time Time Span Running Task Tasks is begin Execution Time Time System IO Put Task System IO Put Running Task System IO Put finishing Print RTClok APPENDIX EXAMPLE PROGRAM System IO New Line end Exclusive end Monitor task body A is begin loop Interrupt Semaphore Wait System IO Put Task running Print RTClok System IO New Line Execution Time WCET A1 Monitor Exclusive 2 end loop end A task body B is Next Time Ada Real Time Time Time begin loop delay until Next Time System IO Put Task B running Print RTClok System lO New Line Execution Time WCET B Next Time Next Time Period B System IO Put Task B finishing Print RTClok System IO New Line end loop end B task body C is Next Time Ada Real Time Time Time Zero begin loop delay until Next Time System IO Put Task C running Print RTClok System lO New Line Execution Time WCET C1 Monitor Exclusive WCET C2 C Next Time Next Time Period end loop end C end Tasks 5 68 Listing B 4 Force_External_Interrupt_2 with Interfaces with Ada Interrupts Names with Ada Interrupts Management procedure Force_External_Interrupt_2 is Error Integer begin Error Ada Interrupts
22. by software patents We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses in effect making the program proprietary To prevent this we have made it clear that any patent must be licensed for everyone s free use or not licensed at all The precise terms and conditions for copying distribution and modification fol low Terms and conditions for copying distribution and modification 0 This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License The Program below refers to any such pro gram or work and a work based on the Program means either the Program or any derivative work under copyright law that is to say a work containing the Program or a portion of it either verbatim or with modifications and or translated into another language Hereinafter translation is included without limitation in the term modification Each licensee is addressed as you Activities other than copying distribution and modification are not covered by this License they are outside its scope The act of running the Program is not restricted and the output from the Program is covered only if its contents constitute a work based on the Program independent of having been made by running the Program Whether that is true depends on what the Program does 1 You may co
23. code distributed need not include anything that is normally distributed in either source or binary form with the major components compiler kernel and so on of the operating system on which the executable runs unless that component itself accompanies the executable If distribution of executable or object code is made by offering access to copy from a designated place then offering equivalent access to copy the source code from the same place counts as distribution of the source code even though third parties are not compelled to copy the source along with the object code You may not copy modify sublicense or distribute the Program except as expressly provided under this License Any attempt otherwise to copy modify sublicense or distribute the Program is void and will automatically terminate your rights under this License However parties who have received copies or rights from you under this License will not have their licenses terminated so long as such parties remain in full compliance You are not required to accept this License since you have not signed it How ever nothing else grants you permission to modify or distribute the Program or its derivative works These actions are prohibited by law if you do not ac cept this License Therefore by modifying or distributing the Program or any work based on the Program you indicate your acceptance of this License to do so and all its terms and conditions for copyin
24. delays and global timing events are implemented in ORK XtratuM in a similar way to the bare ma chine version i e by using the elapsed time clock and timer However execution time clocks cannot be implemented in the same way Since the hypervisor switches the running partition without giving any notice to the software running in the parti tions implementing execution time clocks on elapsed time timers would also account for the time the partition is not running In order to avoid this inconvenience all execution time mechanisms i e execution time clocks and timers as well as group budgets are implemented using partition time timers Time is represented in the ORK kernel as a 64 bit integer number of ticks A tick is a real time interval during which the clock value as observed by calling the System BB Clock function remains constant The number of ticks per second can be read from the constant called Ticks Per Second The XtratuM hypervisor provides both notions of time with a microsecond resolution Therefore tick is equal to one microsecond for ORK Xtratum The current value of the real time clock can be obtained calling function Clock This function returns the number of ticks elapsed since system startup providing a time zone independent monotonically increasing absolute time value When a thread needs to be suspended until an absolute time the procedure Delay_Until is called The effect of this call is the suspension of the c
25. for building the GNATforLEON examples 2 3 0 xtratum 3 tgz gzipped tarfile which contains some examples of the GNATforLEON functionality The example described in section 3 2 3 as well as the demo application described in appendix B together with some examples of inter partition communication are included 4 1 2 Installing GNATforLEON The GNAT directory tree has been compiled to reside in any directory After obtain ing the gzipped tarfile gnatforleon 2 3 0 xtratum 3 1686 pc linux gnu bin tgz which includes the binary distribution uncompress and untar it in the desired location The GNATforLEON distribution can be installed with the following commands assuming the gzipped tar file is in directory tmp tar zxvf gnatforleon 2 3 0 xtratum 3 1686 pc linux gnu bin tgzN C desired location 2T 28 CHAPTER 4 GNATFORLEON ORK REFERENCE After the cross compilation system is installed the directory desired_location gnatforleon 2 3 0 bin must be added to the search path usually environment variable PATH in your shell 4 1 3 Installing the GNATforLEON sources In the following the installation directory for source files is assumed to be usr local gnatforleon src although they can be installed at any other location as well After obtaining the gzipped tarfile gnatforleon 2 3 0 xtratum 3 src tgz which contains the sources of the GNATforLEON cross compilation system uncom press and untar it to usr local gnatforleon src T
26. hello example package Tasking is procedure Background pragma No Return Background background activity does not terminate end Tasking The Tasking package specification contains no other declarations All the appli cation activities are included in the package body listing 3 4 Listing 3 4 Body of the Tasking package tasking adb application tasks for the hello example with Ada Real Time used for Clock Time Span Milliseconds with System BB Serial Output use System BB Serial Output used for Put Line package body Tasking is use Ada Real Time Task and protected object declarations type Cycle Count is mod 10 task Periodic is pragma Priority 1 end Periodic task Sporadic is pragma Priority 2 end Sporadic protected Event is pragma Priority 2 procedure Signal C Cycle Count entry Wait out Cycle Count private Occurred Boolean False Cycle Cycle Count 0 20 CHAPTER 3 HOW USE GNATFORLEON end Event Background procedure procedure Background is Cycle Count 0 begin loop 1 end loop end Background Task and protected object bodies task body Periodic is Period 5 Milliseconds 1 000 15 Next Time Clock Cycle Cycle Count 1 begin loop delay until Next Put Line Hello periodic if Cycle 0 then Event Signal Cycle
27. in the distribution together with a proper Makefile for compiling linking and creating an XtratuM executable In other to do that gnatforleon binaries must be placed in the search path in addition to the binaries for compiling XtratuM export PATH desired location SW sparc linux 3 4 4 bin PATH export PATH desired location SW gnatforleon xtratum 3 bin PATH After that the demo application can be built issuing the Makefile make The following output will be shown Sparc linux gcc Wall 02 ASSEMBLY fno builtin Dsparcv8 I libxm include nostdlib nostdinc include xm inc config h boot o c sparc elf gnatmake g f hello o partitioni largs nostartfiles boot o common traps o common std T xmsparcleon x lxm L libxm sparc elf gcc c g hello adb hello adb 2 06 warning System BB Serial_Output is an internal GNAT unit hello adb 2 06 warning use of this unit is non portable and version dependent sparc elf gnatbind x hello ali sparc elf gnatlink hello ali g o partitionl nostartfiles boot o common traps o common std T xmsparcleon x lxm L libxm After these steps a loadable image called partitioni is created Then the XtratuM tools are used to build a loadable image 3 4 CREATING AND RUNNING AN XTRATUM PARTITION 23 xmeformat build c partitionl o partitioni xef dideb2fe475364dd8118e94051d3c8cb xmcparser xm_cf bin xmc
28. otherwise tasks could delay the virtual interrupt handling The implication of this correct and important recommendation is that the user should not assign priorities in the Interrupt Priority range to software tasks 4 3 Errors Errors in the kernel are signalled to the application program by means of the Ada exception mechanism 44 RUN TIME CONSIDERATIONS Al 4 4 Run time considerations Storage allocation Dynamic storage should only be allocated from a preallocated pool during the initialization of the kernel as a result of task creation ATCBs stacks If the preallocated pool is completely full any request for new space raises Tasking_Error Interrupt priorities When attaching protected procedures to virtual interrupts the ceiling priority of the protected object should be carefully chosen The compiler checks that the ceiling pri ority of the protected object is in the range of System Interrupt_Priority This range of priorities is mapped to one interrupt level provided by the XtratuM hypervisor Therefore when assigning priorities to protected objects that contain protected pro cedure handlers the priority value must be equal to the priority of virtual interrupts Otherwise the execution of the program is erroneous ALRM C 3 1 Potentially blocking operations Pragma Profile Ravenscar includes the pragma Detect_Blocking Therefore the ex ception Program_Error will be raised whenever this kind of bounde
29. packages e Xtratum Root package empty interface e Xtratum PM Interfaces to Xtratum partition management hypercalls e Xtratum IPC Interfaces to Xtratum inter partition communication hypercalls used for managing queuing and sampling ports e Xtratum Streams Definition of types to be used with sampling and queuing port messages 2 5 Hardware and software environment The GNATforLEON kernel is intended to be used with a GNAT compilation sys tem targeted a LEON3 computer In order to use it effectively the following components are required 2 5 HARDWARE AND SOFTWARE ENVIRONMENT 13 2 5 1 Development platform Real time software based be developed on PC compatible sys tem with a GNU Linux operating system The software has been tested with the Ubuntu 12 04 distribution of GNU Linux cross development system consists of the following packages targeted to ELF 32 LEONS e GNAT GPL 2011 GNU Ada 2005 compilation system e GCC 4 5 GNU C compiler e GMP 4 2 2 GNU library for arbitrary precision arithmetic e MPC 0 8 GNU library for the arithmetic of complex numbers e MPFR 2 3 1 GNU library for multiple precision floating point computations GDB 7 2 GNU debugger e newlib 1 14 Cygnus C library e binutils 2 16 1 GNU binary utilities e ORK 2 3 0 ORK kernel and GNAT patches You can download all the above mentioned packages from http www dit upm es ork Section 4 1 show
30. the freedom to distribute copies of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that you know you can do these things To protect your rights we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it For example if you distribute copies of such a program whether gratis or for a fee you must give the recipients all the rights that you have You must make sure that they too receive or can get the source code And you must show them these terms so they know their rights We protect your rights with two steps 1 copyright the software and 2 offer you this license which gives you legal permission to copy distribute and or modify the software Also for each author s protection and ours we want to make certain that every one understands that there is no warranty for this free software If the software is modified by someone else and passed on we want its recipients to know that what 65 66 APPENDIX GNU GENERAL PUBLIC LICENSE they have is not the original so that any problems introduced by others will not reflect on the original authors reputations Finally any free program is threatened constantly
31. Execution Time System BB Time Time Execution Time of the task Time Remaining System BB Time Time Time remaining of timer associated to the task Is Timer Alarm Boolean Flag that indicates if it has been put an alarm associated to the timer associated to the task Is Alarm Boolean Flag that indicates if it has been put an alarm associated to the 4 2 KERNEL INTERFACE 33 timer associated to the group of the task TM Integer Integer Index to the array with the handlers associated to the timers Time Diff System BB Time Time Difference of time between time of the init of the execution of the task and the asignation of the timer to the task Time Diff GB System BB Time Time Difference of time between time of the init of the execution of the task and the asignation of the timer to the group of the task Handler Exec Handler Handler associated to the Execution Time Timer of the task GB 1 nteger Identifier associated to the Group Budget of the task GB Index nteger Place of the array associated to the Group Budget where the task data is stored Handler GB Exec Handler Handler associated to the Group Budget of the task end record for Thread Descriptor use record Context at 0 range 0 System BB CPU Primitives Context Buffer Size 1 end record It
32. H 0 12 APPENDIX C GNU GENERAL PUBLIC LICENSE YOU SHOULD THE PROGRAM PROVE DEFECTIVE YOU ASSUME THE COST OF ALL NECESSARY SERVICING REPAIR OR CORREC TION IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER OR ANY OTHER PARTY WHO MAY MODIFY AND OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE BE LIABLE TO YOU FOR DAMAGES IN CLUDING ANY GENERAL SPECIAL INCIDENTAL OR CONSEQUEN TIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES End of terms and conditions 71 How to Apply These Terms to Your New Programs If you develop a new program and you want it to be of the greatest possible use to the public the best way to achieve this is to make it free software which everyone can redistribute and change under these terms To do so attach the following notices to the program It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty and each file should have at least the copyright line and a pointer to where the full notice is found one line to give the program s name and an idea of what it does Copyright yyyy name of author
33. M 1 0 40080000 0 40080000 Ox4037ffff 0x4037ffff flags 0 200 Task Task Task Task Task Task Task Task Task Task Task Task Task Task Task Task Task Task Task Task Task Task Task Task Task Task Task Task Task Task A running 1 finishing RT Clock running RT Clock finishing RT Clock running RT Clock finishing RT Clock running RT Clock finishing RT Clock running RT Clock finishing RT Clock running RT Clock finishing RT Clock running RT Clock finishing RT Clock running RT Clock finishing RT Clock running RT Clock finishing RT Clock running RT Clock finishing RT Clock running RT Clock finishing RT Clock running RT Clock finishing RT Clock running RT Clock finishing RT Clock running RT Clock running RT Clock finishing RT Clock finishing RT Clock 0 000970000 0 296557000 0 297352000 0 887957000 0 888693000 1 680429000 1 681160000 1 977238000 2 000449000 2 591501000 2 800932000 3 096647000 3 600449000 4 392197000 4 392930000 4 688339000 4 689146000 5 280242000 5 600934000 5 896649000 6 000447000 6 591497000 7 000933000 7 296844000 7 297653000 8 089246000 8 089976000 8 400964000 8 696658000 8 978672000 57 There small variations with respect to the timetable of figure B 2 which a
34. NJ USA 1992 URL http www sparc com standards V8 pdf Richard M Stallman and Roland H Pessch Debugging with GDB Free Software Foundation 9th edition 2007 For GDB version 6 6 for GNAT GPL 2007 Santiago Uruetia Jos Antonio Pulido Jos Redondo and Juan Zamorano Imple menting the new Ada 2005 real time features on a bare board kernel Ada Letters XXVII 2 61 66 August 2007 Proceedings of the 13th International Real Time Ada Workshop IRTAW 2007 Andy Wellings 10th International Real Time Ada Workshop Session summary Status and future of the Ravenscar profile Ada Letters XXI 1 March 2001
35. This program is free software you can redistribute it and or modify it under the terms of the GNU General Public License as published by the Free Software Foundation either version 2 of the License or at your option any later version This program is distributed in the hope that it will be useful but WITHOUT ANY WARRANTY without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE See the GNU General Public License for more details You should have received a copy of the GNU General Public License along with this program if not write to the Free Software Foundation Inc 59 Temple Place Suite 330 Boston MA 02111 1307 USA Also add information on how to contact you by electronic and paper mail If the program is interactive make it output a short notice like this when it starts in an interactive mode Gnomovision version 69 Copyright C year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY for details type show w This is free software and you are welcome to redistribute it under certain conditions type show c for details The hypothetical commands show w and show c should show the appropri ate parts of the General Public License Of course the commands you use may be called something other than show w and show c they could even be mouse clicks or menu items whatever suits your program You should also get your employer if you work as a pr
36. a end Interrupt Notice that you should assign a ceiling priority to the protected object with a pragma Interrupt Priority You should use a priority level equal or greater than the priority of the interrupt source However there is only one value within the Interrupt Priority Range for the case of for XtratuM as it is customary for Ada run time based on operating systems 26 CHAPTER 3 HOW USE GNATFORLEON Warning 3 2 You should only use priorities in the Interrupt Priority range for protected objects that contain interrupt handlers ALRM 3 1 3 6 2 example with interrupts Appendix B describes an example application with interrupt handlers Chapter 4 GNATforLEON ORK 4 reference 4 1 Installation and directory structure 4 1 1 Getting GNATforLEON and ORK GNATforLEON ORK 4 is distributed via http www dit upm es ork sources used to build the GNATforLEON cross compilation system can be also found at the same location The GNATforLEON distribution includes gnatforleon 2 3 0 xtratum 3 i686 pc linux gnu bin tgz gzipped tarfile which contains the binary distribution for GNU Linux The current distribution has been built on Ubuntu 12 04 However it runs on most modern Linux distri butions In order to avoid problems with different versions of libc binaries are statically linked gnatforleon 2 3 0 xtratum 3 src tgz gzipped tarfile which contains the sources as well as the procedures
37. a protected object and a background procedure files tasking ads and tasking adb Notice that GNAT requires that each compilation unit is in a separate file with the same name as the unit see the GNAT User s Guide GNATUG for the details Figure 3 2 shows the task structure of the program The main procedure code is provided in listing 3 2 Listing 3 2 Main procedure of the hello program hello adb Main procedure for the hello example with Tasking used for Background procedure Hello is pragma Priority 0 begin do some background work must not terminate Tasking Background end Hello Notice that the main procedure does nothing but start a background procedure The Priority pragma specifies the lowest possible priority for the environment task 3 2 WRITING ADA PROGRAMS 19 i e the initial task that does all initialization and then calls the main procedure In this way we ensure that the background procedure is only executed when there are no other executable tasks The environment task is not allowed to terminate in GNAT when the pragma Profile Ravenscar is in place In order to prevent this to happen the background procedure must never return This is checked at compile time by writing a No_Return pragma near the procedure specification in file tasking ads see listing 3 3 Listing 3 3 Specification of the Tasking package tasking ads application tasks for the
38. alize table containing the pointers to the different interrupt stacks Should be called before any other subprograms in this package procedure Attach Handler Handler Interrupt Handler Id Interrupt ID pragma Inline Attach Handler pragma Export C Attach Handler system bb attach interrupt handler Attach the procedure Handler as handler of the interrupt Id function Priority Of Interrupt Id Interrupt ID return System Any Priority renames System BB Peripherals Priority Of Interrupt This function returns the software priority associated to the interrupt given as argument 40 CHAPTER 4 GNATFORLEON ORK REFERENCE function Current Interrupt return Interrupt ID pragma Inline Current Interrupt Function that returns the hardware interrupt currently being handled if any In case no hardware interrupt is being handled the returned value is Interrupt function Within Interrupt Stack Stack Address System Address return Boolean pragma Inline Within Interrupt Stack Function that tells whether the Address passed as argument belongs to the interrupt stack that is currently being used if any It returns True if Stack Address is within the range of the interrupt stack being used In case Stack Address is not within the interrupt stack interrupt is being handled end System BB Interrupts Noti
39. alling thread until the value of the clock is equal to or greater than the specified time If the alarm time is not in the future the ownership of the processor is transferred to the next ready thread with the currently active priority There is also a function Partition Clock that gives support for execution time clocks As well as subprograms that provide for execution time timers group bud gets and timing events 4 2 4 Interrupt handling Interrupt operations are declared in the package System BB Interrupts 4 2 KERNEL INTERFACE 39 Listing 4 3 Specification of System BB Interrupts Package in charge of implementing the basic routines for interrupt management pragma Restrictions No Elaboration Code with System Used for Any_Priority with System BB Parameters Used for Interrupt_Levels with System BB Peripherals Used for Priority Of Interrupt package System BB Interrupts is pragma Preelaborate Interrupt constant System BB Parameters Interrupt Levels interrupts are distinguished by its interrupt level subtype Interrupt ID is Natural range 0 Max Interrupt Interrupt identifier No_Interrupt constant Interrupt ID 0 Special value indicating no interrupt type Interrupt Handler is access procedure 14 Interrupt ID Prototype of procedures used as low level handlers procedure Initialize Interrupts Initi
40. as well as versions of GNATforLEON and all other software you are using e Please try to reduce your example to a simple one If you think that you have found a bug in GNAT GCC or GDB rather than GNATforLEON or the ORK4 kernel please send the bug report to the appropriate address e report gnat com e bug gccOgnu org e GDB bug gdbOgnu org 1 8 Glossary 1 8 1 Definitions Development platform The computer system hardware and software which is used to write compile and debug embedded software Execution platform The computer hardware and possibly basic ROM resident software such as a bootstrap loader where the embedded software is executed Target platform The same as the execution platform RP program A program that complies with the Ravenscar profile restrictions CHAPTER 1 INTRODUCTION 1 8 2 Acronyms ALRM API ATCB CCS DSU ESA ESTEC FPU FSF GDB GNAT GNARL GNARLI GNORT GNU GNULL GNULLI GPL GPS GUI HIS IRTAW 5 LGPL ORK OS PC PROM Ada Language Reference Manual Application Program Interface Ada Task Control Block Cross Compilation System Debug Support Unit European Space Agency European Space Research and Technology Center Floating Point Unit Free Software Foundation NU Debugger NU New York University Ada Translator NU Ada Run Time Library Z U Ada Run Time Library Interface NAT No Run Time Z U is Not Unix Z
41. c elf strip utility to remove symbol table 4 1 6 Documentation Extensive documentation for all the tools can be found in the the usr local gnatforleon info and usr local gnatforleon man directories Documentation for the XtratuM hypervisor can be found at the FentISS site located at http www xtratum org Documentation for the LEON3 processor can be found at the Aeroflex Gaisler site located at http www gaisler com 4 2 Kernel interface 4 2 1 Introduction The ORK kernel provides all the required functionality to support real time pro gramming on top of the XtratuM facilities and the LEON3 hardware architecture kernel functions are grouped as follows 1 Task management including task creation synchronization and scheduling 2 Time services including absolute delays and real time clock 3 Interrupt handling All these functions are described in the following subsections kernel is normally used as a low level layer providing the basic functionality to the upper GNAT run time system However it can be used directly from an application program written in either Ada or C 4 2 2 Threads and synchronization The operations related with the initialization of the kernel thread management synchronization and scheduling are implemented in the package System BB Threads Listing 4 1 Specification of System BB Threads Package that implements basic tasking functionalities pragma Restrictions
42. ce that XtratuM virtualizes the 16 interrupt sources of the SPARC archi tecture and defines 32 additional virtual interrupt sources that are intended to be used for Xtratum services Moreover XtratuM does not support priorities for in terrupt sources Therefore all the interrupt sources have the same priority as it is customary for hypervisor and operating systems Interrupt handlers are always executed using an interrupt stack size of the interrupt stack can be modified by the user changing the value of System BB Parameters Interrupt Stack Size Interrupt handlers are called directly from the XtratuM virtual interrupt sources and are executed as if they were directly invoked by the interrupted thread but using the interrupt stack The procedure Attach Handler must be called to attach a handler to an interrupt required arguments for this procedure are e Handler The address of the procedure used as interrupt handler e Id The interrupt identifier If the active priority of a running thread is equal to or greater than the one of virtual interrupts the virtual interrupt will not be processed However the virtual interrupt will remain pending until the active priority of the running task becomes lower than the priority of interrupts and only then will the interrupt be processed An important implication of this interrupt model is that users should always use distinct priorities for threads and virtual interrupt handlers
43. d error is detected Potentially blocking operations are ALRM 9 5 1 e Protected entry calls e delay until e Ada Synchronous Task Control Suspend Until True ALRM D 10 An external call on a protected subprogram with the same target object as that of the protected action or a call on a subprogram whose body contains a potentially blocking operation is also a blocking operation ALRM 9 5 1 4 5 Tailoring the kernel ORK can be tailored to different applications by means of configuration param eters Paarmeters are declared in System BB Parameters file s bbpara xtratum ads This file as well as other ORK files can be found in the gcc 4 5 gcc ada directory You can modify this file and rebuild the whole cross compilation system in order to build GNATforLEON kernel that satisfies your requirements It is recommended that the file s bbpara xtratum ads be previously compiled with the same flags which will be later used to compile the whole run time library sparc elf gcc c gnatpg s bbpara xtratum ads After updating s bbpara xtratum ads the GNATforLEON cross compilation system can be rebuilt from the sources see section 4 5 3 42 CHAPTER 4 GNATFORLEON ORK REFERENCE 4 5 1 Configurable parameters The configurable parameters included in the System BB Parameters package are e Interrupt Stack Size Size of the interrupt stack e Clock Frequency Frequency of the LEON3 processor It is also possible to configure
44. d to apply in other circumstances 10 11 69 It is not the purpose of this section to induce you to infringe any patents other property right claims or to contest validity of any such claims this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system it is up to the author donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License If the distribution and or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries so that distribution is per mitted only in or among countries not thus excluded In such case this License incorporates the limitation as if written in the body of this License The Free Software Foundation may publish revised and or new versions of the General Public License from time to time Such new versions will be similar in spirit to the present version but may differ in detail to add
45. dress of the Ada Task Control Block corresponding to the Ada task 92 CHAPTER 4 GNATFORLEON ORK REFERENCE that executes on this thread Base Priority System Any Priority Base priority of the thread Active Priority System Any Priority pragma Volatile Active Priority Active priority that differs from the base priority due to dynamic priority changes required by the Ceiling Priority Protocol This field is marked as Volatile for a fast implementation of Get Priority Of Stack System Address Address of the top of the stack that is used by the thread Bottom Of Stack System Address Address of the bottom of the stack that is used by the thread Next Thread 14 Points to the ready thread that is in the next position for execution Alarm Time System BB Time Time Time absolute when the alarm for this thread expires Next Alarm Thread Id Next thread in the alarm queue The queue is ordered by expiration times The first place is occupied by the thread which must be first awaken State Thread_States Encodes some basic information about the state of a thread Wakeup Signaled Boolean Variable which reflects whether another thread has performed Wakeup operation on the thread Time Init Execution System BB Time Time Time when task has received the CPU
46. e degree of integrity that is required for the program The restrictions can be enforced at compilation time by means of appropriate restriction pragmas The code generated by GNATforLEON for XtratuM can be used as a loadable image in an XtratuM partition Debugging support is available with the GDB version that comes with the GNATforLEON distribution GNATforLEON can be used from the GNAT Programming Studio GPS 2 2 Architecture of ORK The kernel consists of the following Ada packages figure 2 1 e System BB Root package empty interface e System BB Threads Thread management including synchronization and schedul ing control functions e System BB Threads Queues Different kernel queues such as alarm queue and ready queue e System BB Time Clock and delay services including support for timing events e System BB Time Execution Time Support Execution time clocks and timers as well as group budgets support e System BB Interrupts Interrupt handling e System BB Parameters Configuration parameters e System BB CPU Primitives Processor dependent definitions and operations e System BB Peripherals Support for peripherals in the target board e System BB Peripherals Registers Definitions related to input output registers of the peripheral devices e System BB Serial Output Support for serial output to a console e System BB Xtratum The interface to XtratuM hypercalls kernel is not intended to be d
47. g distributing or modifying the Program or works based on it Each time you redistribute the Program or any work based on the Program the recipient automatically receives a license from the original licensor to copy distribute or modify the Program subject to these terms and conditions You may not impose any further restrictions on the recipients exercise of the rights granted herein You are not responsible for enforcing compliance by third parties to this License If as a consequence of a court judgment or allegation of patent infringement or for any other reason not limited to patent issues conditions are imposed on you whether by court order agreement or otherwise that contradict the conditions of this License they do not excuse you from the conditions of this License If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations then as a consequence you may not distribute the Program at all For example if a patent license would not permit royalty free redistribution of the Program by all those who receive copies directly or indirectly through you then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program If any portion of this section is held invalid or unenforceable under any par ticular circumstance the balance of the section is intended to apply and the section as a whole is intende
48. gging with GDB Stallman and Pessch 2007 Additional details and references can be found in the bibliography at the end of this volume 6 CHAPTER 1 INTRODUCTION 1 10 History ORK the first version of the Open Ravenscar real time Kernel was developed under ESA ESTEC contract in the period 1999 2000 with subsequent updates up to 2003 It was targeted to ECR32 computers based on a SPARC 7 architecture and was integrated with a custom crafted version of GNAT 3 13p In the period 2003 2005 UPM and AdaCore developed a commercially sup ported version of the kernel This version was integrated in the GNAT Pro for ERC82 product which is commercialized by AdaCore The current version of the kernel now called ORK was developed in the frame work of the ASSERT project ORK has been ported to XtratuM in the framework of this project 1 11 Contributors 1 11 1 Contributors to ORK ORK was developed by a team of the Department of Telematics Engineering Uni versidad Polit cnica de Madrid DIT UPM led by Juan Antonio de la Puente The other members of the team were Juan Zamorano Jos F Ruiz Ramon Fernandez and Rodrigo Garcfa Alejandro Alonso and Angel Alvarez acted as document and code reviewers and contributed to the technical discussions with many fruitful com ments and suggestions The same team developed the adapted packages that enable GNAT to work with ORK GDB was adapted to ORK by Jes s Gonz lez Barahona Vicente Ma
49. h 2009 Available from ESA Gaisler Research GRMON User s Manual 2007 Available at http www gaisler com doc grmon pdf LEONS LEONS High performance SPARC V8 32 bit Processor GRLIB IP User s Manual Gaisler Research 2012 E W Giering and T P Baker The GNU Ada Runtime Library GNARL De sign and implementation In WADAS 94 Proceedings of the eleventh annual Washington Ada symposium amp summer ACM SIGAda meeting on Ada pages 97 107 New York NY USA 1994 ACM Press ISBN 0 89791 684 0 doi http doi acm org 10 1145 197978 197989 ARM05 ISO IEC 8652 1995 E TC1 2000 AMD1 2007 Information Technol ogy Programming Languages Ada ISO 2007 ISO IEC ISO IEC TR 24718 2005 Guide for the use of the Ada Ravenscar Profile in high integrity systems ISO 2005a Based on the University of York Technical Report YCS 2003 348 2003 ISO IEC ISO IEC TR 15942 2000 Guide for the use of the Ada programming language in high integrity systems 2000b Miguel Masmano Ismael Ripoll and Alfons Crespo An overview of the XtratuM nanokernel In OSPERT 2005 Workshop on Operating System Platforms for Embedded Real Time Applications Palma de Mallorca July 2005 Miguel Masmano Javier Coronel Alfons Crespo and Patricia Balbastre Xtra tuM Hypervisor for LEON3 Volume 4 Reference Manual Fentiss 2011 SPARCv8 The SPARC architecture manual Version 8 SPARC International Upper Saddle River
50. handlers RP20 Local timing events RP21 Execution time timers RP22 Group budgets A 2 2 Supported features The above restrictions still support a wide range of tasking features such as RP23 Task objects restricted as above RP24 Protected objects restricted as above RP25 Atomic and Volatile pragmas RP26 Delay until statements RP27 Ceiling Locking policy and FIFO within priorities dispatching RP28 Count attribute but not within entry barriers RP29 Task identifiers e g T Identity E Caller RP30 Synchronous task control RP31 Task discriminants RP32 Ada Real Time package RP33 Protected procedures as statically bound interrupt handlers RP34 Execution time clocks declared at library level RP35 A global fall back handler A 2 3 Dynamic semantics Some aspects of the profile require their dynamic semantics to be defined RP36 If an entry call is made on an entry that already has a queued call i e the queue length would become 2 then Program Error is raised RP37 It is implementation defined what happens if a task attempts to terminate A global fall back handler see 5 C 7 3 can be set for the environment task The handler is called whenever a task attempts to terminate RP38 If task executes a potentially blocking operation from within a protected object then Program Error must be raised 50 APPENDIX THE RAVENSCAR PROFILE A 3 Denoting the restrictions The run time profile Ra
51. he GNATforLEON distribution can be installed with the following commands assuming the gzipped tar file is in tmp gnatforleon 2 3 0 xtratum 3 src cd usr local tar zxvf tmp gnatforleon 2 3 0 xtratum 3 src tgz sources have been adapted using AdaCore patches and specific GNATfor LEON patches These sources are ready to build GNATforLEON CCS The source distribution contains procedures Makefile for building the whole GNATforLEON CCS and the GNATforLEON adalib see sections 4 5 and 4 5 3 4 1 4 Directory structure Contents of usr local gnatforleon bin executables info gcc documentation in info format lib gcc libraries which include GNATforLEON adalib for XtratuM LEON3 target libexec gcc libraries man man pages sparc elf newlib libc library for SPARC family Contents of usr local gnatforleon src binutils 2 16 1 Adapted sources of binutils for GNATforLEON newlib 1 14 0 Adapted sources of newlib for GNATforLEON gmp 4 2 2 Sources of library for arbitrary precision arithmetic mpc 0 8 Sources of library for the arithmetic of complex numbers mpfr 2 3 1 Sources of library for multiple precision floating point computa tions gcc 4 5 Adapted sources of gcc for GNATforLEON 4 1 INSTALLATION AND DIRECTORY STRUCTURE 29 gcc 4 5 gcc ada Adapted sources of GNAT GPL 2011for GNATforLEON including GNATforLEON itself gdb 7 2 Adapted sources of gdb for GNATforLEON
52. he Program or a work based on it under Section 2 in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following a Accompany it with the complete corresponding machine readable source code which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange or b Accompany it with a written offer valid for at least three years to give any third party for a charge no more than your cost of physically per forming source distribution a complete machine readable copy of the corresponding source code to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange or c Accompany it with the information you received as to the offer to dis tribute corresponding source code This alternative is allowed only for noncommercial distribution and only if you received the program in ob ject code or executable form with such an offer in accord with Subsection b above The source code for a work means the preferred form of the work for making modifications to it For an executable work complete source code means 68 APPENDIX GNU GENERAL PUBLIC LICENSE all the source code for all modules it contains plus any associated interface definition files plus the scripts used to control compilation and installation of the executable However as a special exception the source
53. ined in System BB Parameters and to set infinite speed in the UART channel With a time unit of 100ms the actual output is tsim leon3 freq 50 fast_uart mmu resident_sw This TSIM evaluation version will expire March 1 2010 TSIM LEON3 SPARC simulator version 2 0 14 evaluation version Copyright C 2001 Gaisler Research all rights reserved This software may only be used with a valid license For latest updates go to http www gaisler com Comments or bug reports to tsim gaisler com serial port A on stdin stdout allocated 4096 K RAM memory in 1 bank s allocated 16 M SDRAM memory in 1 bank allocated 2048 K ROM memory icache 1 4 kbytes 16 bytes line 4 kbytes total dcache 1 4 kbytes 16 bytes line 4 kbytes total section text addr 0x40380000 size 17692 bytes section rodata addr 0x40384520 size 579 bytes section container addr 0x4000 size 172048 bytes section got addr 0x2e010 size 8 bytes section eh_frame addr 0 2 018 size 64 bytes read 42 symbols tsim gt g resuming at 0x403811c8 RSW Start Resident Software RSW Starting XM at 0x40001000 The start and termination time of each task cycle can vary depending of the GNATforLEON version 4 EXAMPLE PROGRAM OUTPUT XM Hypervisor 3 3 r2 Detected 50 0MHz processor gt gt HWClocks LEON clock 1000Khz HwTimer LEON timer 1000Khz 1 Partition s created Partitioni 0 flags SYSTE
54. irectly used from Ada programs Instead an interface to the GNU Ada Runtime Library GNARL is used so that Ada tasking constructs can be directly used by the real time application programmer This interface is described in the next section 1 stands for bare board kernel 2 3 INTERFACE FOR PROGRAMS 11 lt lt component gt gt Bare Board Kernel Protecci n Manejo de Sincronizaci n Planificaci n Primitives BB Parameters E Manejo de interrupciones Servicios de temporizaci n BB Xtratum E BB Peripherals Salida serie BB Peripherals Registers Figure 2 1 Architecture of ORK 2 3 Interface for Ada programs Ada tasking is implemented in GNAT by means of the run time library called GNARL Giering and Baker 1994 The parts of GNARL which are dependent on a particular machine and operating system are known as GNULL and its in terface to the platform independent part of the GNARL is called GNULLI The GNATforLEON instance of GNULL is built on top of the bare board kernel i e which provides all the low level tasking support functionality required by the Ravenscar profile subset of Ada tasking figure 2 2 Ravenscar compliance of Ada programs is enforced by means of the configuration pragma Profile Ravenscar GNATforLEON uses a restricted version of GNARL with reduced size and complexit
55. is important that the Context field is placed at the beginning of the record because this assumption is using for implementing context switching procedure Initialize Environment Thread Thread ld Main Priority System Any Priority Procedure to initialize the board and the data structures related to the low level tasking system This procedure must be called before other tasking operation procedure Thread_Create Id Thread ld Code System Address Arg System Address Priority System Any Priority Stack Address System Address Stack Size System Parameters Size Type pragma Export C Thread Create system bb thread create Create a new thread The new thread executes the code at address Code and using Args as argument Priority is the base priority of the new 34 CHAPTER 4 GNATFORLEON ORK REFERENCE thread The new thread is provided with a stack of size Stack Size that has been preallocated at Stack Address A procedure to destroy threads is not available because that is not allowed by the Ravenscar profile function Thread Self return Thread ld pragma Inline Thread Self pragma Export C Thread Self system bb thread self Return the thread identifier of the calling thread procedure Set Priority Priority System Any Priority pragma Inline Set Priority pragma
56. lled Since this procedure takes a long time it is possible to selectively rebuild only the GNATforLEON adalib However GNATforLEON must have been previously compiled in order to do this If the GNATforLEON cross compilation system has been built previously the subdirectories called tmp gcc 4 1 3 build must already exist in usr local gnatforleon src It is then possible to rebuild only the GNATforLEON adalib by typing make adalib in the usr 1ocal gnatforleon src directory Warning 4 1 You will need a native GNAT GPL 2011 distribution installed on your computer in order to rebuild or adapt GNATforLEON 2 3 0 46 CHAPTER 4 GNATFORLEON ORK REFERENCE The Ravenscar profile Introduction The Ravenscar Profile is the best known result of the 8th International Real Time Ada Workshop IRTAW 8 which was held in April 1997 in Ravenscar Yorkshire Baker and Vardanega 1997 Burns and Wellings 1997 Burns et al 1998 The purpose of the profile is to identify a subset of the tasking features of Ada which can be implemented using a small reliable kernel The expected benefits of this approach are e Improved memory and execution time efficiency by removing features with a high overhead e Improved reliability by removing non deterministic and non analysable fea tures e Improved timing analysis by removing non deterministic and non analysable features The profile was revised at subsequent
57. lowing activities 1 Write the source code for the program 2 Compile and link the program 3 Debug the program on the development platform 4 Debug the program on the target platform Only Ada programs restricted as defined by the Ravenscar profile are supported by GNATforLEON and Figure 3 1 describes the data flow for the GNATforLEON compilation system Notice that purely sequential Ada programs do not require ORK support and can be compiled using a bare board version of GNAT 3 2 Writing Ada programs The first step in compiling an Ada application is to write the source code for the program units that make up the application You can use your favourite text editor for this purpose or use an IDE such as GPS the GNAT Programming Studio 3 2 11 Ravenscar profile restrictions When writing your Ada application code you should bear in mind that only the Ada subset defined by the Ravenscar profile can be used This means that you should not use any of the following features see appendix A for a full description of the Ravenscar profile e Task types and object declarations other than at the library level e Dynamic allocation and unchecked deallocation of protected and task objects For details about the different version GNAT contact Ada Core at http www adacore com 15 16 CHAPTER 3 HOW USE GNATFORLEON Restricted GNARL and ORK ALI Ada Library Information files Application co
58. meetings including IRTAW 9 Asplund et al 1999 IRTAW 10 Wellings 2001 IRTAW 11 Burns and Brosgol 2002 and IRTAW 12 Dobbing and de la Puente 2003 It is included in the ISO report Guide for the use of the Ada Programming Language in High Integrity Systems HIS ISO IEC b and in the current Ada standard ARM05 The summary presented here is based on the Guide for the use of the Ada Ravenscar Profile in High Integrity Systems ISO IEC a with a few changes to adapt it to the Ada 2005 standard definition of the Ravenscar profile is based on Ada including the Systems Programming and Real Time annexes 5 annexes C amp D It only addresses tasking constructs as the reliability aspects of the sequential part of Ada are covered in other sections of the HIS report ISO IEC b profile is based on computation model with the following features e single processor e fixed number of tasks e A single invocation event for each task The invocation event may be generated by the passing of time for time triggered tasks or by a signal from either another task or the environment for sporadic tasks 47 48 APPENDIX THE RAVENSCAR PROFILE e Task interaction only by means of shared data with mutually exclusive access This set of features effectively supports building systems with the following kinds of components e Periodic tasks e Program driven sporadic tasks Interrupt dri
59. mpilation units Application ALI Ada Restricted GNARL Library Information and other library Library files of files files XtratuM D libxm a Initilization file EN b xxx ads P b Xxxx o Application objects Restricted GNARL and ORK specifications ELF 32 SPARC executable Linker script Figure 3 1 Compilation flow for GNATforLEON ORK applications Requeue statement ATC asynchronous transfer of control via the asynchronous select state ment Abort statements including Abort Task in package Ada Task Identification Task entries Dynamic priorities Ada Calendar package Relative delays Execution time timers and group budgets Non local timing events Protected types and object declarations other than at the library level Protected types with more than one entry Protected entries with barriers other than a single boolean variable declared within the same protected type Entry calls to a protected entry with a call already queued Asynchronous task control All forms of select statements As an exception to the Ravenscar profile ORK supports one execution time timer per task and group budgets 3 2 WRITING ADA PROGRAMS 17 e User defined task attributes e Dynamically attached interrupt handlers e Task termination If your program has strong integrity requirements you may also wish to restrict some of the sequential constructs of
60. next alarm type TE_Alarm_Queue_ld is access all TE_Alarm_Queue Type used as TE Alarm Queue identifier Null TE_Alarm_Queue_Id constant TE Alarm Queue Id null type TE Alarm Queue is record Previous Alarm TE Alarm Queue 14 Null Alarm Queue 14 Alarm Time System BB Time Time System BB Time Time Last TE Id Integer 0 Next_Alarm TE Alarm Queue ld Null TE_Alarm_Queue_ld end record end System BB Threads Before calling any kernel operation the initialization routine Initialize must be explicitly invoked Its purpose is to initialize the ready queue as well as the descriptors of the environment thread which executes the main procedure and the dummy thread which is executed when there is no ready thread in the system Once the kernel has been initialized threads can be created invoking the pro cedure Thread_Create This procedure needs to know the pointer to the function to execute and its argument its priority and its required stack size With this information a new thread is created Both the thread descriptor and the new stack for the thread are obtained from a preallocated pool so that no dynamic memory allocation is needed The function Thread Self is used to obtain the identity of the currently running thread 36 CHAPTER 4 GNATFORLEON ORK REFERENCE The base priority of the thread which is the priority of the thread without taking into account the dynamic priori
61. ofile Ravenscar Notice that the following restrictions must be removed if you want to use the ORK extended functionality No_Dependence gt Ada Execution Time Group Budget 3GNATforLEON ORK allows priorities to be shared as long as it is compatible with the ceiling locking policy but this is not a commendable practice unless the task and protected object population exceeds the allowable range of priorities See section 4 5 on how to configure the range of priorities and the maximum number of tasks The directory examples is located directly under the directory where you have installed the gnatforleon distribution usr local gnatforleon in a standard installation 18 CHAPTER 3 HOW USE GNATFORLEON environment Background Periodic Sporadic priority 0 priority 1 priority 2 Signal Event ceiling priority 2 Figure 3 2 Task structure of the hello program see 3 2 3 Parallelograms repre sent tasks and rounded rectangles represent protected objects The arrows denote procedure or entry calls No_Dependence gt Ada Execution_Time Timers Of course you should add any additional restrictions you would like to enforce on your program 3 2 3 first example Let us now see a simple Ravenscar compliant Ada program The program consists of two compilation units the main procedure file hello adb and a package with all the application code including two tasks
62. ogrammer or your school if any to sign a copyright disclaimer for the program if necessary Here is a sample alter the names Yoyodyne Inc hereby disclaims all copyright interest in the program Gnomovision which makes passes at compilers written by James Hacker signature of Ty Coon 1 April 1989 Ty Coon President of Vice This General Public License does not permit incorporating your program into proprietary programs If your program is a subroutine library you may consider it more useful to permit linking proprietary applications with the library If this is what you want to do use the GNU Library General Public License instead of this License 72 APPENDIX GNU GENERAL PUBLIC LICENSE Bibliography GNATRM GNAT Reference Manual AdaCore 2011 GNAT GPL Edition Version 2011 GNATUG User s Guide AdaCore 2011 GNAT GPL Edition Version 2011 GPSUG Using the GNAT programming Studio AdaCore 2011 GNAT GPL Edition Version 2011 AQS05 Ada Quality and Style Guide 2008 URL http en wikibooks org Style Guide Available at http en wikibooks org wiki Ada_ Style Guide Lars Asplund Bob Johnson and Kristina Lundqvist Session summary The Raven scar profile and implementation issues Ada Letters XIX 25 12 14 1999 Pro ceedings of the 9th International Real Time Ada Workshop Ted Baker and Tullio Vardanega Session summary Tasking profiles Ada Letters XVII 5
63. or using the extended remote target 9 TSIM is not free software and it is not part of GNATforLEON See http www gaisler com for futher details 3 6 INTERRUPT HANDLERS 25 sparc elf gdb resident_sw gdb target extended remote 127 0 0 1 1234 gdb load gdb cont gdb detach For a complete description of GDB commands see the document Debugging with GDB Stallman and Pessch 2007 You can have a better view with the graphical source level front end to GDB of the GNAT Programming Studio GPS 3 6 Interrupt handlers 3 6 1 Protected procedure handlers The Ravenscar profile allows the use of protected procedures as interrupt handlers Interrupt handlers are declared as parameterless protected procedures attached to an interrupt source Interrupt sources are identified in the Ada Interrupts Names package This package contains the identifiers of all the XtratuM for interrupts A general template is shown in listing 3 5 Listing 3 5 Template for interrupt handlers with Ada Interrupt Names use Ada Interrupt Names used for External Interrupt 0 External Interrupt 0 Priority protected Interrupt is public protected operations private the handler need be visible outside the protected object pragma Interrupt Priority External Interrupt 0 Priority procedure Handler pragma Attach Handler Handler External Interrupt 0 other private operations and dat
64. py and distribute verbatim copies of the Program s source code as you receive it in any medium provided that you conspicuously and appro priately publish on each copy an appropriate copyright notice and disclaimer of warranty keep intact all the notices that refer to this License and to the absence of any warranty and give any other recipients of the Program a copy of this License along with the Program You may charge a fee for the physical act of transferring a copy and you may at your option offer warranty protection in exchange for a fee 2 You may modify your copy or copies of the Program or any portion of it thus forming a work based on the Program and copy and distribute such modifications or work under the terms of Section 1 above provided that you also meet all of these conditions a You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change b You must cause any work that you distribute or publish that in whole or in part contains or is derived from the Program or any part thereof to be licensed as a whole at no charge to all third parties under the terms of this License 67 If the modified program normally reads commands interactively when run you must cause it when started running for such interactive use in the most ordinary way to print or display an announcement including an appropriate copyright notice and a notice that there is no warrant
65. qual to WCET of activity i e 6 Task C is the lowest priority task and so can not suffer blocking i e Be 0 maximum response time of every task can now be calculated The minimum inter arrival time will be used as the period in order to calculate the worst case response time for the low priority task Following common practice an initial value w equal to the sum of the WCET of higher priority task plus the WCET of the task itself is used 3 6 9 9 1 6 6 5 15 AEE 3 18 14 18 3 1 6 6 Fale 8 17 17 1 farm w 8 Fa x3 Fa x 6 20 20 20 2 8 x3 x 6 20 Figure B 2 shows the schedule of the tasks starting at time zero for 60 time units of 100ms each Up arrows denote activation time and down arrows denote deadlines Filled boxes denote sections executed at ceiling priority 56 APPENDIX EXAMPLE PROGRAM Task A Y Y Task B 1 Y 2 A 0 5 10 15 20 25 30 35 40 45 50 55 60 time units Figure B 2 Schedule of tasks 4 Example program output The output of the example program shows the start and termination time of each task cycle You can use TSIM for executing it the options freq 50 fast_uart can be used to set the clock frequency def
66. ram Offset constant Ada Real Time Time Span Ada Real Time Milliseconds 500 Time Zero constant Ada Real Time Time Ada Real Time Time of 0 Ada Real Time Time Span Zero Offset This procedure prints Real Time Clock Time Zero procedure Print is Seconds Count From Time Zero Ada Real Time Seconds Count Time Span From Time Zero Ada Real Time Time Span Duration From Time Zero Duration begin Ada Real_Time Split Ada Real Time Clock Offset Seconds Count From Time Zero Time Span From Time Zero Duration From Time Zero Duration Seconds Count From Time Zero Ada Real Time To Duration Time Span From Time Zero System IO Put RT Clock_ System IO Put Duration Image duration From Time Zero end Print RTClok Temporal parameters of Tasks subtype Tasks is character range A C WCET 1 constant Ada Real Time Time Span 1 Time Unit WCET 2 constant Ada Real Time Time Span 2 Time Unit Period constant Ada Real Time Time Span 14 Time Unit WCET B constant Ada Real_Time Time_Span 6 Time Unit 60 APPENDIX EXAMPLE PROGRAM constant Ada Real_Time 5 20 Time_Unit WCET constant Ada Real Time Time Span 2 Time Unit WCET_C2 constant Ada Real Time Time Span 6 Time Unit Period C constant Ada Real Time Time Span 36 Time
67. re due to 1 Kernel overhead 2 The code of the tasks includes calls to the Whetstone benchmark with an actual parameter which suits the WCET defined in table B 2 As a result the execution time of protected operations delay settings clock readings and other operations increases the WCET defined in table B 2 58 APPENDIX EXAMPLE PROGRAM B 5 Example code Listing B 1 Demo main procedure with Tasks with System procedure Demo is pragma Priority System PriorityFirst begin Tasks Background end Demo Listing B 2 Tasks spec ification package Tasks is procedure Background end Tasks Listing B 3 Tasks body with System lO with Ada Interrupts Names with Ada Real Time use type Ada Real Time Time Span with System with Workload with Force External Interrupt 2 package body Tasks is Time Unit constant Ada Real Time Time Span Ada Real Time Milliseconds 100 A program for measuring this constant can be built with make f Makefile measure 5 59 Time_per_Kwhetstones constant Ada Real_Time Time Span Ada Real_Time Nanoseconds 212 000 2 3 0 procedure Execution_Time Time Ada Real_Time 5 is begin Workload Small_Whetstone Time Time_per_Kwhetstones end Execution_Time 500 Milliseconds is the initial offset for the tasks It is enough time to elaborate the prog
68. real time kernel that provides restricted tasking support for Ada programs The kernel is intended to support mission critical real time software systems In order to ensure that the software is highly reliable that if required may even be subject to a certification process program constructs which are not verifiable should not be used The exact set of language features to be avoided depends on the degree of integrity that is desired for the software and the verification methods that are to be used A detailed account of the Ada language issues in high integrity systems can be found in the ISO technical report Guide for the use of the Ada Programming Language in High Integrity Systems ISO IEC b Based on these considerations language subsets for building software with different levels of integrity can be de fined In the case of Ada there is a standard mechanism to enforce that only the required subset of the language is used by means of the pragma Restrictions and the restriction identifiers that are defined in the Ada Safety and Security annex 5 Annex Tasking has often been considered not safe for high integrity systems mainly due to the difficulty of analysing and verifying tasking programs However results in response time analysis for fixed priority preemptive scheduling Burns 1994 enable limited tasking mechanisms to be used even in this kind of systems One of the goals of the 8th International Real Time Ada Wo
69. responds to internal computation of task and to the execution time of task A inside resource Monitor Similarly corresponds to the internal execution time of task and to the execution time of task inside resource Monitor Finally b corresponds to the whole execution of task B By extension the same set of symbols denote the WCET of the corresponding block of activity Table B 2 shows the priorities assigned to the tasks Task A has the highest priority task C has the lowest priority task B has a medium priority Schedulability analysis The Ravenscar profile includes pragma Task Dispatching Policy FIFO Within Priorities and pragma Locking Policy Ceiling Locking see appendix A B 3 SCHEDULABILITY ANALYSIS 55 Task block Priority WCET Resource A a1 Priority Last 1 None Last 2 Monitor bi Priority Last 1 6 None e Priority Last 2 2 None C Priority Last 6 Monitor Table B 2 Priority assignment and Worst Case Execution Time of activities Therefore the maximum response time of every task be evaluated using equa tion jehp i J Which is solved using a recurrence relation v jehp i J As immediate ceiling locking is used the maximum blocking time can be evalu ated for every task Task A can suffer a blocking time equal to WCET of activity 6 Task B can suffer a blocking time e
70. ress new problems or concerns Each version is given a distinguishing version number If the Program specifies a version number of this License which applies to it and any later version you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation If the Program does not specify a version number of this License you may choose any version ever published by the Free Software Foundation If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different write to the author to ask for permission For software which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make exceptions for this Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally NO WARRANTY BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE THERE IS NO WARRANTY FOR THE PROGRAM TO THE EXTENT PERMIT TED BY APPLICABLE LAW EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND OR OTHER PARTIES PROVIDE THE PROGRAM 5 IS WITHOUT WARRANTY ANY KIND EITHER EXPRESSED OR IMPLIED INCLUDING BUT NOT LIM ITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WIT
71. rkshop IRTAW 8 which was held in 1997 in Ravenscar Yorkshire England was to define a safe tasking model for Ada The outcome of this work is known as the Ravenscar profile Baker and Vardanega 1997 The profile was slightly modified in the following IRTAW meetings after some experience was gained on its implementation and use It was later included in the Ada High Integrity Systems report ISO IEC b and it finally made its way into the current Ada 2005 standard ARMO05 Annex D The profile defines a subset of Ada tasking that includes static tasks with no entries and protected objects with at most one entry a real time clock and delay until statements as well as protected interrupt handler procedures and other tasking related features A detailed description can be found in appendix A The restrictions in Ada tasking defined in the Ravenscar profile enable tasking to be supported by a small reliable kernel instead of a full operating systems ORK is one such kernel which enables critical real time systems to be executed on a bare 9 10 CHAPTER 2 SOFTWARE OVERVIEW processor with no underlying operating system The kernel is integrated with the GNAT compilation system A special cross compilation version of GNAT is included in the GNATforLEON distribution Real time programs are written in a subset of Ada which is consistent with the Ravenscar profile and with other non tasking restrictions as desired according to th
72. rupt ID System OS Interface 2 TX UART 2 RX TX Priority constant System Interrupt Priority System OS Interface 2 RX TX Priority Correctable Error Memory constant Interrupt ID Interrupt_ID System OS Interface Correctable Error In Memory Correctable Error Memory Priority constant System Interrupt Priority System OS Interface Correctable Error In Memory Priority DSU constant Interrupt ID Interrupt ID System OS Interface DSU DSU Priority constant System Interrupt Priority System OS Interface DSU Priority PCI constant Interrupt ID Interrupt ID System OS Interface PCI PCI Priority constant System Interrupt Priority System OS Interface PCI Priority end Ada Interrupts Names 4 5 TAILORING THE KERNEL 45 4 5 3 Compiling the kernel Procedures for rebuilding the whole GNATforLEON cross compilation system and adapting GNATforLEON are the in usr local gnatforleon src directory In order to rebuild the whole GNATforLEON cross compilation system you need to do the following 1 Edit the file Makefile in order to change GNATforLEON default installa tion directory usr local gnatforleon and set the GNATBOOT path to a valid native GNAT GPL 2011 distribution 2 Type make The procedure will take about 10 15 minutes on a modern computer On suc cessful execution the GNATforLEON cross compilation system will be insta
73. s how to install GNATforLEON compilation system from both the binary and source distributions You also may find it useful to have the GNAT Programming Studio GPS https libre adacore com gps for developing applications with GNATfor LEON 2 5 2 Execution platform The execution platform for GNATforLEON based programs is the XtratuM hyper visor for a LEON3 computer with at least 1 MB memory An executable file can be used as a loadable image of a partition This image can be packed in a xef XtratuM Executable File format using the tool provided in the general XtratuM software development kit so that it can be included as the partition image in the resident software The resident software can be loaded into a LEON3 based computer memory by means of appropriate tools e g GRMON or mkprom Once loaded the software can be debugged by running GDB on the development computer which communicates with the target computer by means of a communication line e g serial line or Ethernet Programs can also be tested and debugged on the development platform using the TSIM simulator which can be connected to GDB using a socket connection 2TSIM is not free software and it is not part of GNATforLEON See http www gaisler com for further details 14 CHAPTER 2 SOFTWARE OVERVIEW Chapter 3 How to use GNATforLEON 3 1 Software development In order to develop programs based on GNATforLEON ORK you should perform the fol
74. tell n Andr s Arias and Juan Manuel Dodero Jos Centeno and Pedro de las Heras acted as reviewers for this part of the work All of them work at the Department of Engineering Universidad Rey Juan Carlos Madrid The ORK software was validated by Jesus Borruel and Juan Carlos Morcuende from Construcciones Aeron uticas CASA Space Division We also relied very much on Andy Wellings and Alan Burns of the University of York UK for reviewing and discussions about the Ravenscar profile and its implementation ORK was developed under contract with ESA Jorge Amador Tullio Vardanega and Jean Loup Terraillon provided many positive criticism and contributed the user s view during the development The project was carried out from September 1999 to June 2000 1 11 2 Contributors to ORK ORK the real time kernel used in GNATforLEON was developed by a team of the Department of Telematics Engineering Universidad Polit cnica de Madrid DIT UPM lead by Juan Antonio de la Puente The other members of the team were Juan Zamorano Jos Pulido Santiago Uruena Jorge L pez and Jos Redondo 1 ASSERT Automated proof based System and Software Engineering for Real Time systems is an Integrated Project partially funded by the European Commission within the Information Society Technologies priority of the 6th Framework Programme in the area embedded systems UPM s work in the project was also supported by the Spanish National R amp D Plan
75. the priority ranges by modifying the file system xi sparc full ads and then rebuilding the cross compilation system configurable parameters which define the memory region by the system inte grator to the ORK partition are included in the linker script file xmsparcleon x which can be found in the directory within the examples You can edit that file and change the RAM SIZE and SIZE values to fit in the assigned memory region There is no need to rebuild the GNATforLEON cross compilation system when this parameter is changed but just to link again the partition The maximum number of tasks is not configurable The number of tasks is limited by the task stack size and the amount of storage available As the storage space needed for tasks is allocated at compilation time if there is not enough memory a linker error message will be output 4 5 2 Interrupt names The virtual interrupt names have been defined in ORK as close as possible to the names given in the XtratuM reference manual Masmano et al 2011 The ORK 4 interrupt names are defined in System BB Peripherals l hese names are available to GNARL by appropriate renames in the GNULL package System OS Interface The standard Ada package Ada Interrupts Names contains the virtual interrupt names available for Ada applications Listing 4 4 Specification of Ada Interrupts Names with Ada Interrupts with System OS Interface package Ada Interrupts Names is E
76. ty changes which may be caused by the Ceiling Locking policy can be changed by calling the procedure Set Priority The current base priority of a thread can be obtained calling the procedure Get Priority The synchronization of threads is usually achieved using condition variables However the Ravenscar Profile disallows complex synchronization patterns and two simple procedures are enough for supporting that simpler synchronization pattern procedure Sleep unconditionally suspends the current thread As a result the currently executing thread will leave the CPU The procedure Wakeup makes a previously suspended thread become ready The thread will be inserted at the tail of its active priority so that the thread will resume execution Scheduling of threads is performed according to the FIFO Within Priorities and Ceiling Locking policies see ALRM D 2 3 4 2 8 Time management The operations related with time are implemented in package System BB Time Listing 4 2 Specification of System BB Time Package in charge of implementing clock and timer functionalities pragma Restrictions No Elaboration Code with System BB Peripherals Used for Clock Freq Hz package System BB T ime is pragma Preelaborate type Time is mod 2 64 for Time Size use 64 XTRATUM PORT Time represent the number of microseconds type Time Span is range 2 63 2 63 1 for Time Span Size
77. up budgets as incorrect If you need to use the extended features you should provide the full set of pragmas and restrictions listed in A 3 above except for the two restrictions on Ada Execution_Time Group_Budget and Ada Execution_Time Timers 52 APPENDIX THE RAVENSCAR PROFILE Appendix Example program B 1 Description The goal of this example is to show the functionality of GNATforLEON The example program has three tasks which spend their computation time call ing the Whetstone benchmark This benchmark performs floating point operations developed for the Performance Issues Working Group PIWG test suite In order to exercise communication among tasks two of the three tasks interact through a protected object One task is sporadic and the other is periodic The third task is an independent periodic task The sporadic task is activated by a virtual interrupt for which it waits on an protected entry with a simple boolean barrier A protected procedure is used to handle the interrupt in accordance with the GNATforLEON interrupt model The protected procedure opens the barrier and then the sporadic task becomes runnable After the task executes its code the barrier is closed again A periodic task activates the virtual interrupt XtratuM has special functionality which allows the user to force virtual interrupts by software Such functionality is used by the periodic task to activate the virtual interrupt at regular intervals
78. use 64 Time_Span represents the length of time intervals and it is defined as a 64 bit signed integer Time Span Zero constant Time Span 0 Tick constant 1 A clock tick is a real time interval during which the clock value as observed by calling the Clock function remains constant Tick is the 4 2 KERNEL INTERFACE 37 average length of such intervals Number of ticks per second Per Second constant 10 6 procedure lnitialize Timers Initialize this package clock and alarm handlers Must be called before any other functions function Number Of Ticks Per Second return Time pragma Export C Number Of Per Second system ticks second Get the number of ticks or clock interrupts per second function Clock return Time pragma Export C Clock system bb clock Get the number of ticks elapsed since startup function Partition Clock return Time pragma Export C Partition Clock system bb partition clock Get the number of ticks of the executed partition elapsed since startup procedure Delay Until T Time pragma Export C Delay_Until system bb delay until Suspend the calling thread until the absolute time specified by function Left Time Right Time Span return Time function Get Pending Alarm return Boolean Returns
79. ven sporadic tasks Protected objects implementing shared data typically with no entries Protected objects for event synchronization with at most one entry called by a single signalling task These components are considered to be expressive enough for implementing high integrity systems for space applications on a single processor A 2 Definition The Ravenscar profile is defined by the following restrictions ISO IEC a A 2 1 Forbidden features RP1 Task types and object declarations other than at the library level Thus there is no hierarchy of tasks RP2 Dynamic allocation and unchecked deallocation of protected and task objects RP3 Requeue RP4 ATC asynchronous transfer of control via the asynchronous select statement RP5 Abort statements including Abort Task in package Ada Task_Identification RP6 Task entries RP7 Dynamic priorities RP8 Ada Calendar package RP9 Relative delays RP10 Protected types and object declarations other than at the library level RP11 Protected types with more than one entry RP12 Protected entries with barriers other than a single boolean variable declared within the same protected type RP13 An entry call to a protected entry with a call already queued RP14 Asynchronous task control A 2 DEFINITION 49 RP15 All forms of select statements RP16 User defined task attributes RP17 Dynamic interrupt handler attachments RP18 Task termination RP19 Specific termination
80. venscar can be enforced with the following pragma pragma Profile Ravenscar which is equivalent to the following set of pragmas pragma Task Dispatching Policy FIFO_Within_Priorities pragma Locking Policy Ceiling Locking pragma Detect Blocking pragma Restrictions Abort Statements No Dynamic Attachment Dynamic Priorities No Implicit Heap Allocations No Local Protected Objects No Local Timing Events No Protected Type Allocators No Relative Delay No Requeue Statements Select Statements No Specific Termination Handlers Task Allocators No Task Hierarchy No Task Termination Simple Barriers Entry Queue Length gt 1 Protected Entries gt 1 Task Entries gt 0 No Dependence gt Ada Asynchronous Task Control No Dependence gt Ada Calendar Dependence gt Ada Execution Time Group Budget Dependence gt Ada Execution_Time Timers No_Dependence gt Ada Task Attributes 4 EXTENDED PROFILE 51 A 4 Extended profile ORK4 supports the following features which are not allowed in the Ravenscar pro file XPO1 One execution time timer per task declared at the library level 2 Group budgets Task groups must be static and declared at the library level Notice that using pragma Profile Ravenscar in your program will make the com piler report the use of execution time timers and gro
81. were de veloped at UPM under ESA contract No 13863 99 NL MV Status Final Authors Juan A de la Puente Juan Zamorano Jorge L pez Angel Esquinas The original Operation Manual for ORK was written by Juan A de la Puente Juan Zamorano Jos F Ruiz Ram n Fern ndez Marina and Miguel Angel Ajo History Version Date Comments 1 0 2007 07 18 First public release 1 1 2008 11 18 Revised version for GNATforLEON 2 0 1 1 2 2009 03 30 Revised version with some fixes 1 3 2009 07 30 New version for GNATforLEON 2 1 0 1 4 2013 01 11 New version for GNATforLEON 2 3 0 for XtratuM LEON3 Contents 1 Introduction 1 1 1 3 1 E dDUPDOSO Ae BOB KD 1 1 3 1 14 Compliance to standards 2 Is Free software pipir Je qun due ates es 2 20 qu aM en e en 2 1 6 Related documents 2 1 7 Problem reporting instructions dnd ick ums ee 2 Ib EI Sh tg E 3 Ledi OR IOUS a ur ew xu Se LE 3 ACGONYMS a Me Os gangs are 4 1 0 References el hon eat 5 1 9 1 Applicable documents 5 1 9 2 Reference documents
82. xm_cf sparcv8 xml desired_location SW xm src_v3 xmconfig TARGET_CC TARGET_CFLAGS_ARCH x 02 Wall IS XTRATUM PATH user libxm include I XTRATUM_PATH include nostdlib nostdinc include xm inc config h include xm inc arch arch types h a c xmc o xm cf bin xmc Wl entry 0x0 TldsuwdTin xmeformat build c m xm_cf bin xmc o xm_cf xef xmc 7 298 56 154106564442 821038 996 xm cf xef xmc xmpack check xm cf xef xmc h desired location SW xm src v3 core xm core xef xm cf xef xmc p O partition1 xef gt desired location SW xm src v3 core xm core xef ok gt partitionl xef ok xmpack build desired location SW xm src v3 core xm core xef xm cf xef xmc p O partitioni xef container bin gt desired location SW xm src v3 core xm core xef ok gt partitioni xef ok rswbuild container bin resident sw Created by jzamora guayacan at 9 11 57 23 2013 XM path desired_location SW xm src_v3 XtratuM Core Version 3 Arch 8 11 desired_location SW xm src_v3 core xm_core xef Shalt d86f 578c30145a1016950521f80c85558d62572 Changed XtratuM Library Version File desired location SW xm src v3 user libxm libxm a Shai bf 230e9ce58b7bdb6e4d23f 1003c38417bf30cdc Changed XtratuM Tools File desired location SW xm src v3 user bin xmcparser Shal elf2dac3c4e42b87dcd422e12c73a66480da7368 This produces the
83. xternal Interrupt 3 constant Interrupt ID Interrupt ID System OS Interface External Interrupt External Interrupt 3 Priority constant System Interrupt Priority System OS Interface External 3 Priority External Interrupt 2 constant Interrupt ID Interrupt ID System OS Interface External Interrupt 2 External Interrupt 2 Priority constant System Interrupt Priority 4 5 TAILORING THE KERNEL 43 System OS Interface External Interrupt 2 Priority External Interrupt 1 constant Interrupt ID Interrupt ID System OS Interface External Interrupt 1 External Interrupt 1 Priority constant System Interrupt Priority System OS Interface External Interrupt 1 Priority External Interrupt 0 constant Interrupt ID Interrupt ID System OS Interface External 0 External Interrupt O Priority constant System Interrupt Priority System OS Interface External Interrupt 0 Priority Timer 2 constant Interrupt ID Interrupt ID System OS Interface Timer 2 Timer 2 Priority constant System Interrupt Priority System OS Interface Timer 2 Priority Timer 1 constant Interrupt ID Interrupt ID System OS Interface Timer 1 Timer 1 Priority constant System Interrupt Priority System OS Interface Timer 1 Priority Watchdog Timer constant Interrupt ID Interrupt ID System OS Interface Watchdog T imer
84. y or else saying that you provide a warranty and that users may redistribute the program under these conditions and telling the user how to view a copy of this License Exception if the Program itself is interactive but does not normally print such an an nouncement your work based on the Program is not required to print an announcement These requirements apply to the modified work as a whole If identifiable sections of that work are not derived from the Program and can be reasonably considered independent and separate works in themselves then this License and its terms do not apply to those sections when you distribute them as separate works But when you distribute the same sections as part of a whole which is a work based on the Program the distribution of the whole must be on the terms of this License whose permissions for other licensees extend to the entire whole and thus to each and every part regardless of who wrote it Thus it is not the intent of this section to claim rights or contest your rights to work written entirely by you rather the intent is to exercise the right to control the distribution of derivative or collective works based on the Program In addition mere aggregation of another work not based on the Program with the Program or with a work based on the Program on a volume of a storage or distribution medium does not bring the other work under the scope of this License You may copy and distribute t
85. y which was developed by AdaCore with certification in mind and just to support the Ravenscar profile A special version of GNULL is also used which interfaces directly with the kernel All this complexity is hidden to the programmer who only needs to insert the pragma Profile Ravenscar in the GNAT configuration file usually named gnat adc 2 4 Ada XtratuM binding The package System BB Xtratum see figure 2 1 provides the interface to the XtratuM hypercalls that are used by the ORK kernel These include interrupt management clock management and SPARC v8 specific hypercalls In addition to these functions there are some other XtratuM features that can be used by Ada applications even 12 CHAPTER 2 SOFTWARE OVERVIEW GDB Interface Figure 2 2 Architecture of the GNAT run time system based on ORK XtratuM though they are not used by the kernel itself Such features include inter partition communication and partition management Two Ada interface packages have been developed in order to enable Ada parti tions to communicate with other partitions and to enable partition management Both of them are part of the XtratuM hierarchy as they are intended to be directly used by the Ada partition code Xtratum IPC and Xtratum PM In the future additional interface packages may be developed if Ada partitions need additional XtratuM functionality such as health monitoring management Currently the binding consists of the following Ada
86. your program with gnatmake with the appropriate linker options for the XtratuM hypervisor For instance sparc elf gnatmake hello world largs boot o traps o std nostartfiles T xmsparcleon x lxm L directory XtratuM library command line switches are described in the GNAT User s Guide GNATUG You can also compile bind and link separately sparc elf gcc c hello adb sparc elf gcc c tasking adb sparc elf gnatbind x hello ali sparc elf gnatlink hello ali boot o traps o std c o nostartfiles T xmsparcleon x lxm L directory XtratuM library See the GNAT User s Guide GN ATUG for details on the switches and library files 22 CHAPTER 3 HOW USE GNATFORLEON A link diagnostic information file with the symbols which are mapped by the linker together with information on global common storage allocation can be ob tained by using the following switch for gnatlink sparc elf gnatmake g hello largs boot o traps o std_c o nostartfiles T xmsparcleon x lxm L directory_of_XtratuM_library 1 110 As result a link diagnostic file called hello map is created This kind of map files tend to be useful in embedded software development After all these compilation steps an ELF 32 SPARC executable called hello is obtained That file can be used as a loadable image of a XtratuM partition 3 4 Creating and running an XtratuM partition That first example is included
Download Pdf Manuals
Related Search