OpenGL ES Safety-Critical Profile Philosophy



Similar documents
ARINC 653. An Avionics Standard for Safe, Partitioned Systems

Managing Product Variants in a Software Product Line with PTC Integrity

ENEA: THE PROVEN LEADER IN SAFETY CRITICAL AVIONICS SYSTEMS

The evolving ARINC 653 standard and it s application to IMA

Parameters for Efficient Software Certification

Finger Paint: Cross-platform Augmented Reality

TI Linux and Open Source Initiative Backgrounder

Dynamic Digital Depth (DDD) and Real-time 2D to 3D conversion on the ARM processor

Automating Software License Management

The MaXX Desktop. Workstation Environment. Revised Road Map Version 0.7. for Graphics Professionals

Virtualization: Hypervisors for Embedded and Safe Systems. Hanspeter Vogel Triadem Solutions AG

How To: Choosing the Right Catalog for Software License Management

evm Virtualization Platform for Windows

Base One's Rich Client Architecture

Meeting DO-178B Software Verification Guidelines with Coverity Integrity Center

How To Teach Computer Graphics

POSIX : Certified by IEEE and The Open Group a briefing.

Programmabilty. Programmability in Microsoft Dynamics AX Microsoft Dynamics AX White Paper

Six ways to accelerate Android mobile application development

Rigorous Methods for Software Engineering (F21RS1) High Integrity Software Development

Writing Applications for the GPU Using the RapidMind Development Platform

Only Athena provides complete command over these common enterprise mobility needs.

Improving Embedded Software Test Effectiveness in Automotive Applications

What can DDS do for Android?

Technical Data Sheet SCADE R17 Solutions for ARINC 661 Compliant Systems Design Environment for Aircraft Manufacturers, CDS and UA Suppliers

NEXT GENERATION ARCHIVE MIGRATION TOOLS

3D-based CAD design collaboration

Notes and terms of conditions. Vendor shall note the following terms and conditions/ information before they submit their quote.

Parallel Web Programming

CA APM Cloud Monitor. Scripting Guide. Release 8.2

Introduction to WebGL

How To Manage Software License Management With An Aspera Catalog

Android Development: Part One

Development Process Automation Experiences in Japan

How To Create A Flood Simulator For A Web Browser (For Free)

Satish Mohan. Head Engineering. AMD Developer Conference, Bangalore

Developing software for Autonomous Vehicle Applications; a Look Into the Software Development Process

1 File Processing Systems

The Windows Telephony Application Programming Interface Combining the Power of the Computer With the Functionality of the Telephone.

SCADE SUITE SOFTWARE VERIFICATION PLAN FOR DO-178B LEVEL A & B

Protecting Virtual Servers with Acronis True Image

Driving the User Interface. Trends in Automotive GUIs

4 Applying DO-178B for safe airborne software

DO-178B compliance: turn an overhead expense into a competitive advantage

Flash Memory. For Automotive Applications. White Paper F-WP001

Interactive Guidance for Safety Critical Avionics

SYCL for OpenCL. Andrew Richards, CEO Codeplay & Chair SYCL Working group GDC, March Copyright Khronos Group Page 1

Applying Multi-core and Virtualization to Industrial and Safety-Related Applications

Demand & Requirements Management Software Development QA & Test Management IT Operations & DevOps Change Management Agile, SAFe, Waterfall Support

NVIDIA Jetson TK1 Development Kit

An Oracle White Paper January Using Oracle's StorageTek Search Accelerator

Hyper-V Private Cloud Virtualization & Optimization

Intel Media SDK Library Distribution and Dispatching Process

ORACLE PROJECT PORTFOLIO MANAGEMENT CLOUD

Advanced Testing Methods for Automotive Software

How To Compare Fax Servers To A Hosted Fax Server

What can DDS do for You? Learn how dynamic publish-subscribe messaging can improve the flexibility and scalability of your applications.

From the Desktop to the Mobile Cloud: Extending your Qt Widget Desktop Application as a Back-end Service

Creating and Using Databases for Android Applications

AND Recorder 5.4. Overview. Benefits. Datenblatt

<Insert Picture Here> Java, the language for the future

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

How to test OpenGL drivers with Free Software

Systems Engineering with RUP: Process Adoption in the Aerospace/ Defense Industry

HOW MANY USERS CAN I GET ON A SERVER? This is a typical conversation we have with customers considering NVIDIA GRID vgpu:

Using the TASKING Software Platform for AURIX

Software Engineering Introduction & Background. Complaints. General Problems. Department of Computer Science Kent State University

Plug and Play for Windows 2000

SGI HPC Systems Help Fuel Manufacturing Rebirth

Advanced Encryption Standard (AES) User's Guide

technical notes trimble realworks software

Criteria for Software Tools Evaluation in the Development of Safety-Critical Real-Time Systems 1

WHITE PAPER Personal Telepresence: The Next Generation of Video Communication VIDYO

Integrated Development of Distributed Real-Time Applications with Asynchronous Communication

Ensim VoIP White Paper

Issues in Smart Card Development

Designing for Mobile. Jonathan Wallace

Technical Solution & White Paper. AFDX/ARINC664 End System Testing JS, AIM GmbH

Parallel Computing with MATLAB

WHITEPAPER. Mobile Workforce Productivity Solutions. Streamline Field Reporting Workflow with Speech Recognition

Track-It! 8.5. The World s Most Widely Installed Help Desk and Asset Management Solution

Avaya Aura Session Manager

Development of AUTOSAR Software Components within Model-Based Design

WWT View Point. Journey to the Private Cloud: Take the First Steps with FlexPod

Introduction GPU Hardware GPU Computing Today GPU Computing Example Outlook Summary. GPU Computing. Numerical Simulation - from Models to Software

Trimble Realworks Software

Talend Technical Note

Development. SriSeshaa Technologies. Table of Contents

Halogen TalentSpace for Professional Services

The Comprehensive and Fully Compliant Certification Solution. Certification Services

Using Adobe Acrobat X to enhance collaboration with Microsoft SharePoint and Microsoft Office

Transcription:

OpenGL ES Safety-Critical Profile Philosophy Claude Knaus July 5th, 2004 OpenGL is a registered trademark, and OpenGL ES is a trademark, of Silicon Graphics, Inc. 1

1 Overview The Safety-Critical profile of OpenGL is being defined to meet the unique needs of the Safety-Critical market which include: ˆ minimizing code size and complexity to ease certification ˆ to enable the porting of legacy applications that themselves have already been safety certified This goal will be achieved by starting with the Common profile of OpenGL ES 1.0 and making minimal changes. The changes might include features that are introduced by future versions of the Common profile. No changes will be made to prevent implementations of the Safety-Critical profile over a hardware accelerated Common profile implementation. Along with the specification, conformance tests will be provided to protect the integrity of the trademark. 2 Justification and Motivation The avionic space has a strict certification process, described by the document RTCA DO-178B. It defines the guidelines for development of aviation software. The automotive industry has so far no standard for certification of Safety-Critical software. It is expected that if implementations of an API and applications using them are certifiable by DO-178B, the API will be adopted by the automotive industry as well. Safety-Critical applications are otherwise not expected to be as resource (memory and performance) constrained as much as other embedded systems such as mobile information devices. The types of applications used in the avionic and automotive industry are visualization of: ˆ instruments (2D) ˆ maps (2D) ˆ terrain (3D) 2

ˆ augmented reality (3D) Since desktop OpenGL was not designed with Safety-Critical certification in mind, many avionic companies created a subset of OpenGL themselves, only including the features which they needed. As a result, many applications and OpenGL variants were created which have been Safety-Critical certified. There is a need of creating an open standard OpenGL ES profile for Safety-Critical applications to enhance portability of Safety-Critical applications and to simplify Safety-Critical certification. The OpenGL ES Common profile which has been created with mobile handsets in mind cover the visualization needs of applications used in the Safety-Critical space. However, the Common profile is partially still too complex to allow Safety-Critical certification. Another reason to have a separate profile is that existing applications which have already been certified, would otherwise require re-certification which is costly and may impact adoption of the profile. The Safety-Critical working group will use the OpenGL ES 1.0 Common profile as a starting point to leverage the initial investment for the specification of the Common profile. The Safety-Critical profile will be kept as similar as possible to the Common profile to allow implementations of the Safety-Critical profile on top of a hardware accelerated Common profile implementation. If the above stated requirements are met by the profile, the avionics companies are expected to adopt it as the single flavor of OpenGL for Safety-Critical applications. The automotive industry has been using OpenGL for non-safety-critical back-seat applications. They are expected to use this profile for safety-critical front-seat instrumentation when it becomes available. 3

3 Requirements in Detail The requirements of the Safety-Critical profile in decreasing priority are as follows: 3.1 Minimize Legacy Code Change Every application in the avionic space must be certified. The certification test is required to test every possible code path of a software. To ease certification and to reduce errors, large parts of applications are code generated. The code generators are certified (includes careful review), which may relax the certification process for the applications. Code generators are very sensitive to any change. They would require re-certification, which in turn requires re-certification of the applications generated with the code generators. The company providing the code generator is not necessarily the same company writing the application. 3.2 Meet Functional Requirements of Avionic and Automotive Applications Input on required features are provided by the Safety-Critical working group of The Khronos Group. Some of them may act as proxy to several avionic companies with experience in implementing OpenGL variants and using them. Additionally, a review process with ISVs and OEMs of the avionic and automotive industry will provide feedback to assure validity of the included features. 3.3 Simplify Certification 3.3.1 Reduce Complexity Certification tests have to be written in a way that they test every possible code path of an application or library they test. The API must be carefully chosen, such that a combinatorial explosion of possible code paths is avoided to make writing and execution of certification tests possible at all. 4

To reduce the burden of implementation and certification testing, redundant features should be reduced to a minimum. Exceptions are cases where legacy code would be widely impacted. Data format conversions in the implementation often require a lot of code paths to be tested. The goal of the API is to make data format conversion the responsibility of the application where possible. Unused functionality is by definition redundant but would require testing as well. Careful selection of accepted parameter types to functions is required. 3.3.2 Guarantee Repeatability System certification tests are typically executed multiple times to ensure repeatability. The API should therefore avoid undefined behavior where possible. The outcome of a legal operation should always be the same. Decisions made by the implementation should be minimized. A feature is either supported or not supported for all implementations. Hints which may or may not be respected by an implementation are acceptable, provided that their exact behaviors are documented and guarantee repeatability. 3.3.3 Allow Compliance with Real-Time Requirements The design of the specification should not preclude implementations to meet real-time requirements. Specifically, every function of a particular implementation of the API must be able to specify an upper bound limit of the time it takes to execute for a particular input and for any possible state. Certification tests might not (need to) test for it, but consumers of Safety-Critical software may demand real-time compliance. Complex strategies such as memory management (display lists, texture) will need to be carefully implemented. 3.4 Relationship to OpenGL ES and Desktop OpenGL The Safety-Critical profile will be kept as similar as possible to the Common profile to allow implementations of the Safety-Critical profile on top of a Common profile implementation. 5

The Common-Lite profile targets pure software implementations and systems without a floating point unit. Safety-Critical implementations are expected to be hardware accelerated and offer floating point units. Safety-Critical applications are typically developed on desktop systems, using OpenGL. To ease development and early testing, the OpenGL part of a Safety- Critical application should be able to run with little or no modification on a desktop system. That is, the common function signatures, types and enums of the OpenGL ES Safety-Critical profile and desktop OpenGL (and its extensions) must have the same semantics. Extensions introduced by the Safety-Critical profile which do not overlap with desktop OpenGL and its extensions are excluded from this requirement. 4 Deliverables The OpenGL ES Safety-Critical Profile 1.0 specification will comprise the following deliverables: ˆ specification document ˆ conformance test suite and process ˆ header files The specification document is written against the OpenGL 1.3 specification. Annotated reasoning is written against the Common profile to emphasize their close relationship. A suite of conformance tests is delivered to protect the integrity of the OpenGL trademark. Additionally, a conformance test process will be set up, similar to the existing one for the Common and Common-Lite profiles. Header files are delivered for the convenience of the implementers. 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information