Professional Documents
Culture Documents
Adapilot Public-Pres 2016
Adapilot Public-Pres 2016
Adapilot Public-Pres 2016
eu 1
What is AdaPilot?
AdaPilot is a Open-Source Safety Critical Autopilot Project based on the Ada-SPARK
safety programming language and ARM Cortex-M/R processors.
The autopilot, also known as the Digital Flight Control System, is subdivided into
several main bricks allowing a high future-proof modularity and flexibility:
Primary Flight Control Computer (PFCC)
Attitude Heading Reference System (AHRS)
Mission Management Computer (MMC)
Electronic Speed Controller (ESC)
Digital Data Link (DDL)
Handheld Ground Control Station (HGCS)
Mission Management & Planning Software (MMPS)
Copyright 2016 - AdaPilot The LikeAbird Open Source Safety Critical Autopilot Project adapilot.likeabird.eu 2
AdaPilot Function Block Diagram
Backup
GPS/AHRS Sensors Payload
Data Link
4-10
ESCs Custom I/Os
ESCs
ESCs / Primary Flight Mission ADC
orESCs
oror PWM Avionics Data Bus
Servosor Control Computer Management I2C
Servos
Servos USART
Servos CAN (Simplex, Duplex or CAN
Triplex)
Computer CAN
RS422 SPI
RS232 USB
Service USB
Port DFU
Copyright 2016 - AdaPilot The LikeAbird Open Source Safety Critical Autopilot Project adapilot.likeabird.eu 4
Primary Flight Control Computer - PFCC
Firmware: FlightOS - FOS
The embedded firmware is named FlightOS FOS and is the official AdaPilot PFCC
firmware. Three firmware revisions will be available:
The FOS will be entirely programmed in Ada and SPARK languages following DO-178C
guide lines and procedures defined by the CERT Team.
Copyright 2016 - AdaPilot The LikeAbird Open Source Safety Critical Autopilot Project adapilot.likeabird.eu 5
Attitude Heading Reference System - AHRS
The AHRS is a 3-axis sensor system that provides real-time 3D orientation - pitch, roll
and heading - by integrating gyroscopes and fusing this data with accelerometer,
magnetometer, barometer and GNSS data. Its primary function is to provide
orientation data to the PFCC via a serial or CAN bus interface.
Ublox M8N
UART
3x
STM32F415 / I3G4250D IIS328DQ LIS3MDL LPS25H x3
To PFCC OG (90 Ball) SPI
3-axis 3-axis 3-axis Baro
Gyro Accel Mag
Copyright 2016 - AdaPilot The LikeAbird Open Source Safety Critical Autopilot Project adapilot.likeabird.eu 6
Attitude Heading Reference System - AHRS
Firmware: SensOS
The embedded firmware is named SensOS and is the official AdaPilot AHRS
firmware. Three firmware revisions will be available:
Frozen (Release Candidate): Certifiable Revision
Stable: RC with new tested improvements and features
Experimental: for experimental purposes only, unstable
The SensOS will be entirely programmed in Ada and SPARK languages following DO-
178C guide lines and procedures defined by the CERT Team.
The obiective is also to obtain professional AHRS calibration provided by a 3-axis rate
table with temperature chamber.
Copyright 2016 - AdaPilot The LikeAbird Open Source Safety Critical Autopilot Project adapilot.likeabird.eu 7
Mission Management Computer - MMC
The MMC is an application oriented processing unit and incorporates highly integrated
I/O capability that interfaces with the unmanned vehicles sub-systems (engine, fuel
system, battery management system, altimeter, visual sensors, air speed sensors and
many more) and the application/mission specific payload sensors.
By default, the MMC is based on a STM32F4 or F7 processor, but, any other processing
unit (FPGA, DSP, CPU, MCU) can act as a mission management computer. The MMC
communicates to the PFCC via the CANaerospace interface.
Sensors Payloads
Copyright 2016 - AdaPilot The LikeAbird Open Source Safety Critical Autopilot Project adapilot.likeabird.eu 8
The AdaPilot Initiative
Copyright 2016 - AdaPilot The LikeAbird Open Source Safety Critical Autopilot Project adapilot.likeabird.eu 9
Why AdaPilot Initiative?
The Problem
UAV/RPAS or also better knows as Drones if used improperly and improperly
constructed, can become very dangerous and provide serious injuries to peoples and
object damages.
Copyright 2016 - AdaPilot The LikeAbird Open Source Safety Critical Autopilot Project adapilot.likeabird.eu 10
Why AdaPilot Initiative?
Solution proposals
Certifiable Software Packages: The software that controls and monitors unmanned
aerial vehicles (UAVs) or drones that fly in highest-risk level environments (buildings,
peoples, events, etc), both on the ground and in the air, must be verified to ensure
device safety and reliability and should be developed to the same exacting DO-178B/C
standards as software for manned aircraft types. To achiev this goal, the Ada and
SPARK programming language has been selected.
Reference Hardware Kits: For the preliminary software development stage, the
STM32F4 Cortex-M4 has been selected due their wide availability on open-source
projects and global developers communities. The Cortex-M AdaPilot development
board will be made available to the open source community.
For the DO-178C certification purpose, a TI TMS570 safety critical processor will be
used and the AdaPilot code ported.
UAV Certification Package: This documentation is used by the Aviation Authorities for
tracing system safety requirements and design specifications in order to obtain a type
certificate for the UAS.
Copyright 2016 - AdaPilot The LikeAbird Open Source Safety Critical Autopilot Project adapilot.likeabird.eu 11
What Makes The AdaPilot Difference?
The AdaPilot initiative is differente compared to all the other existing open source
projects. AdaPilot Core Technology has been designed with flexibility, reliability and
safety in mind. To assure safety and flexibility can be coexist inside the same core
architecture, a well defined modular approach was chosen as listed below:
1. Modular Core Brick Architecture consistent of indipendent Flight Controller, AHRS
and Mission Controller boards
2. End-to-End Workflow including Handheld Groud Control Station, Digital Data Link
and Electronic Speed Controllers
3. AdaPilot Core Code Architecture build on Connector_API, and ViSDB Virtual
Memory Mapping Communication
Copyright 2016 - AdaPilot The LikeAbird Open Source Safety Critical Autopilot Project adapilot.likeabird.eu 12
AdaPilot Core Technologies
Copyright 2016 - AdaPilot The LikeAbird Open Source Safety Critical Autopilot Project adapilot.likeabird.eu 13
AdaPilot Core Technologies
Copyright 2016 - AdaPilot The LikeAbird Open Source Safety Critical Autopilot Project adapilot.likeabird.eu 14
Ada-SPARK Provably Secure Software
SPARK GPL meets the requirements of all high-integrity software safety standards,
including:
DO-178B/C (and the Formal Methods supplement DO-333)
CENELEC 50128 , IEC 61508, and DEFSTAN 00-56
The SPARK GPL toolset generates evidence that can be used to build a constructive
assurance case and demonstrate conformance to the appropriate standard.
Copyright 2016 - AdaPilot The LikeAbird Open Source Safety Critical Autopilot Project adapilot.likeabird.eu 15
Ada for ARM New Business Opportunites
Current ARM support is for the Cortex v7 architecture, specifically Cortex-R and
Cortex-M microcontrollers:
Texas Instruments Stellaris LM3S zfp-lm3s
Texas Instruments TMS570 ravenscar-full/sfp-tms570; zfp-tms570
ST Microelectronics STM32F4 ravenscar-full/sfp-stm32f4; zfp-stm32f4
Copyright 2016 - AdaPilot The LikeAbird Open Source Safety Critical Autopilot Project adapilot.likeabird.eu 16
ARM Cortex-M Cost-sensitive MCU
Copyright 2016 - AdaPilot The LikeAbird Open Source Safety Critical Autopilot Project adapilot.likeabird.eu 17
ARM Cortex-R Safety Critical MCU
Copyright 2016 - AdaPilot The LikeAbird Open Source Safety Critical Autopilot Project adapilot.likeabird.eu 18
CANaerospace CAN Avionics Data Bus
Copyright 2016 - AdaPilot The LikeAbird Open Source Safety Critical Autopilot Project adapilot.likeabird.eu 19
AdaPilot Project Development
Structures
Copyright 2016 - AdaPilot The LikeAbird Open Source Safety Critical Autopilot Project adapilot.likeabird.eu 20
Work Breakdown Structures & Packages
The AdaPilot project is structured in "Work Breakdown Structures (WBS)" and "Work
Packages".
Copyright 2016 - AdaPilot The LikeAbird Open Source Safety Critical Autopilot Project adapilot.likeabird.eu 21
Work Breakdown Structures & Packages
Work Packages (WP):
A Work Package is a building block of the Work Breakdown Structure that allows the
project management to define the steps necessary for completion of the work.
Breaking down the work into work packages allows multiple teams to work
simultaneously or sequentially on different components of the project.
- Example of PFCC Work Packages and Control-Input Sub-WP Details:
Copyright 2016 - AdaPilot The LikeAbird Open Source Safety Critical Autopilot Project adapilot.likeabird.eu 22
Connector API The Real Difference
AdaPilot firmware stacks (PFCC, AHRS, MMC) are made with extreme flexibility and
reliability in mind. The hardware I/O interfaces (CAN, UART, GPIO, etc) are virtualized and
all incoming protocols are converted in the AdaPilot Message_ID format, available internaly
as the Connector API CAPI. This format is the only standard allowed to be used for
software package development. In this way no single packages have to deal with low-level
I/O stuff.
The Connector API uses pre-defined Message_IDs, to easily identify functions inside
software packages. This Message_IDs are mapped (where possible) to the CANaerospace
IDs, so it will be much more easy and confortable to follow software package
intercommunications and functions.
Each Software Package is connected through the Connector API to the Virtual Shared Data
Bus (ViSDB), this allows a flexible data exchange between various software packages,
Hardware I/O interfaces, and the CLI interface for package configuration and maintenance.
For hardware I/O interfaces different than CANaerospace, specific protocol wrapper
mapped to the Message IDs must be written. This allow to keep the entire software
intercommunication on a single standard and indipendent from the hardware I/O
interfaces.
Copyright 2016 - AdaPilot The LikeAbird Open Source Safety Critical Autopilot Project adapilot.likeabird.eu 23
CAPI Example: Control Input SW-Package
Software Package
Connector API Connector API Connector API
API Level
Virtual Memory
Mapping Communication
ViSDB - Virtual Shared Data Bus
Hardware
C2 CAN1 Port C2 UART4 Port C2 GPIO Input Port
I/O Interfaces
Copyright 2016 - AdaPilot The LikeAbird Open Source Safety Critical Autopilot Project adapilot.likeabird.eu 24
AdaPilot Development Tools
AdaPilot is developed by a team of volunteers with the objective of creating a new
global group of developers, users and enthusiasts around the Ada, SPARK, ARM, Linux
and Mac OS environment. To allow a global interaction between all team members,
AdaPilot offers the following open source development tools:
Copyright 2016 - AdaPilot The LikeAbird Open Source Safety Critical Autopilot Project adapilot.likeabird.eu 25
AdaPilot Supporters
Copyright 2016 - AdaPilot The LikeAbird Open Source Safety Critical Autopilot Project adapilot.likeabird.eu 26
AdaPilot Supporters
Copyright 2016 - AdaPilot The LikeAbird Open Source Safety Critical Autopilot Project adapilot.likeabird.eu 27
AdaPilot Project Home Link:
adapilot.likeabird.eu
Copyright 2016 - AdaPilot The LikeAbird Open Source Safety Critical Autopilot Project adapilot.likeabird.eu 28