AdaCore
New York, NY
www.adacore.com

The Climate Absolute Radiance and Refractivity Observatory (CLARREO) Pathfinder Reflected Solar mission is a NASA-directed mission executed under the direction of the Science Mission Directorate - Earth Science Division with two primary mission goals: measure Earth-reflected sunlight with accuracy of 0.3% (k=1) and serve as an on-orbit inter-calibration reference to other orbiting sensors.

The high-accuracy, spectrally resolved measurements the CLARREO Pathfinder (CPF) will take are critical to the physical drivers of, and the Earth’s response to, climate change. The CPF instrument is a reflected solar spectrometer that measures energy from the Sun reflected back from Earth. The main objective of the CPF mission is to improve our understanding of Earth’s changing climate. The measurements obtained, which will be anchored to international standards, will be five to ten times more accurate than those from existing sensors. CPF will also showcase novel techniques in transferring its high accuracy to other sensors monitoring Earth. CLARREO Pathfinder’s advances in accuracy and intercalibration of satellite sensors will demonstrate techniques and technologies that, when applied on future missions, can significantly reduce the time needed to detect climate change trends using Reflected Solar (RS) Earth remote sensing observations. These advances would also serve to rapidly reduce the uncertainty in societally critical research areas such as climate sensitivity and cloud feedback.

The mission framework supports the flight of a reflected solar hyperspectral imaging spectrometer hosted on the International Space Station (ISS) in the late-2022 timeframe. After launch and a 2.5-month deployment and commissioning phase, the prime mission operations on ISS are planned for one year, with a strong desire for at least one additional year of operations.

Technical Challenges

Developing hardware and software systems for space comes with its own set of unique challenges. Unlike terrestrial applications, space applications must function in a harsh electromagnetic environment. The onboard software needs to be able to respond and recover from any hardware malfunction. Electronic hardware that is not protected by the Earth’s atmosphere is exposed to tremendous spectral radiation, some of which can be detrimental to the operation of the unit. For these situations, engineers must use specialized radiation-tolerant hardware that is capable of withstanding the harsh environment of space.

For this mission, the Laboratory for Atmospheric and Space Physics (LASP) at the University of Colorado Boulder selected an ARM Cortex M1 implementation on a radiation-hardened FPGA to act as the control unit to interact with the sensor arrays. The ARM Cortex M1 is an Armv6-M Architecture soft IP core highly optimized for use in FPGA implementations. Like its other Cortex M series counterparts, the Cortex M1 is designed for discrete processing and microcontroller applications where energy efficiency, power conservation, and size are key.

Despite the ARM Cortex M1’s small size and power efficiency, the requirements for the software application that will run on the hardware are quite demanding. The application software must be designed as a high-frequency control system, taking sensor readings and handling data and control communication with the ISS in real time. In the past, this was accomplished with two work-loops running on two separate processors. To simplify the system configuration, both systems will be integrated into one software application in the new hardware, which will require the two work-loops to be replaced by a real-time tasking environment.

An important feature of any mission-critical system is software integrity. This is especially true in space applications where software updates or re-deployment are particularly challenging and where the system is expected to function for months or years without downtime. There are many elements that contribute to the integrity of a software application but primary factors are system simplicity, runtime efficiency, software readability and maintainability, and tooling to aid software developers in developing robust code.

The Solution

To address the technical challenges outlined by the mission requirements, LASP selected the Ada programming language and GNAT Pro Bare-Metal development environment from AdaCore that are designed for safety-critical, real-time systems for the ARM M series processor architecture.

In order to accomplish complex tasks, the LASP engineers need to keep the software as simple as possible and as close to the hardware as possible, while also maintaining an ambitious development schedule. The Ada programming language was designed specifically to meet these requirements by giving developers the ability to capture their designs in high-level, problem-oriented abstractions, with checks performed at compile time or runtime to detect errors early while also allowing direct access to hardware registers and facilities. With Ada, the compiler is responsible for generating the proper code and can even add extra checking on the record’s layout representation to ensure that fields don’t accidentally overlap, there are no gaps or holes in the record, and the component types fit in the allocated layout.

The compiler can also be used to emit code to correctly orient the endianness of a record. The LASP engineers use a pragma called Scalar_Storage_Order that allows them to specify the endianness of a specific record. If that record has the opposite endianness to the native system, the compiler will insert the proper instructions to swap the layout at runtime. This is particularly useful when handling incoming big-endian packets over communication interfaces on little endian architectures. The compiler’s enforcement of such checks and insertion of runtime code makes it easier for developers, allowing them to focus on solving the problems at hand. Features like this in the Ada language allow the LASP engineers to develop their flight software code faster and safer.

The GNAT Pro Ada Bare-Metal development environment contains customizable Ada runtimes, complete with Ravenscar-compliant microkernels, which allow engineers to meet their real-time software constraints with Ada’s built-in tasking or concurrency constructs without needing a separate Real-Time Operating System (RTOS).

The simplicity of the built-in tasking model saves the engineering team from needing to configure and maintain an extraneous piece of software to accomplish their concurrency requirements. The Ada runtimes supplied can also be customized to include only the components that are necessary for the system’s design, which allows the engineering team to utilize their restricted memory resources for mission-critical purposes. For the LASP engineers, having a complete understanding of the entire software stack from bottom to top is critical to developing robust software. For this reason, keeping the number of layers and the complexity of each layer low is essential. Using the Ravenscar microkernel allowed them to reduce software complexity to an absolute minimum, giving them greater control over system behavior.

Conclusion

After a comprehensive trade study, the LASP engineering team chose to use AdaCore’s GNAT Pro Ada Bare-Metal tool suite for their application because it allows them to develop their spaceflight software quickly and safely while maintaining readability and modularity. This helps LASP future-proof their designs for current and next-generation NASA-funded climate change research missions.

For Free Info Visit Here .


Tech Briefs Magazine

This article first appeared in the July, 2020 issue of Tech Briefs Magazine.

Read more articles from this issue here.

Read more articles from the archives here.