Once, on New Year's holidays, lazily browsing the Internet, the bunglers in our * R&D office noticed a video from the tests of a robotaxi prototype. The commentator responded with an enthusiastic tone - a revolution, after all. It's great, yes, but the time is now - the revolution is around, and IT is leading them.
But the trained ear heard something else in the noise from the test site. The speed controller (the thing to control the thrust of the propellers) played a melody at the start, as drone pilots like to do, who often use the Betaflight flight controller. Is there a beta flight? It seems that yes. Well, or some of its varieties - there are only about half a dozen open flight controllers.
Flashbacks ran before my eyes, somewhere from the depths of the subconscious, forgotten information about the firmware for Toyota for millions of thousands of lines of C and 2,000 global variables surfaced ( Toyota: 81564 errors in the code ).
After reviewing the Betaflight source code on github, it got even worse, and the further, the worse . We suspect that the self-written code will be about the same level. This means that there is no guarantee and the ability not only to ensure the trouble-free operation of the code, but also to completely understand its work to the end. And this is the control program for a heavy device with sharp screws that flies high, fast. It's getting scary: toys are one thing, but I would not want to fly in such a taxi.
But is it possible otherwise? You can, we decided!
And they decided to prove it. An acrobatic FPV quadric based on STM32F405 was purchased on Avito, a Discovery board for the same controller was purchased for debugging, and then everything is like a fog.
So how could it be otherwise?
After a quick meeting, the following thoughts arose:
we need a different approach
, .
, - , . , [FC] .
:
- embedded
runtime RTOS, RTOS
, .
, , . , Ada. , , SPARK. [SRM] SPARK Ada, .
SPARK, , , , , , , , . Rust.
. , . , .
, , , , . , .
SPARK, :
null-
.
, .
, . !
, ?
SPARK , , , . , , , .
SPARK , Ada. Runtime; SPARK , .
:
:
, , .
SPARK , โโ , . , - () .
SPARK : "" (Stone level) "" "" "" (Gold) "". :
Stone |
, SPARK |
Bronze |
Stone + / |
Silver |
Bronze + runtime- |
Gold |
Silver + - - |
Platinum |
Gold + |
Gold, - Boing 777 MAX.
SPARK: , , (SMT - Z3), . , .
[SUG]
, "" - ECMA-, , . , , , . Rust, - - Perl, .
, , , , , , , , . Ada ( SPARK Ada) . , Ada embedded-.
"". , . , " ". " ". " ". " ". , .
Ravenscar, embedded-. , : -, , stdlib- .
Ravescar,
Runtime
embedded - , RTOS, . Ada - Ada ( Ada tasks, ), (, , entries) . , .
embedded- :
zero-footprint - ; , TO MSP430
small footprint - Ada, , RAM
full ravenscar - Ravenscar/Extended Ravenscar
, - green threads, . , , .
, Ada stdlib STM32, . , .
โrustRustRUSTโ!
, , Rust . ? , Spark .
Ada - access types, , , - Spark , Rust. , ( /), ( ) .
, , - Rust, , , Ada/SPARK. [UPS]
, Ada/SPARK ? , ( - , - , - - ?), Ada . , (, ), placement constructor, .. limited- - , .
, โ , . . - , , Ada.
layout : , . - , , .
IDE
IDE, VSCode , .
. , [EFF], , , โยป Ada :
, SPARK/Ada . 21 [LIC] Ada, BasiLEO Ada 12, .
-
, - . , , .
, :
Veriflight - , .
Veriflight_board - , - . , .
, USB STM32 Interop Ada.
:
STM32F405 168 (192 RAM, 1M flash)
S.BUS USART1
6- -
PWM
USB-, PHY- .
ยซยป 2 :
(CMD task ) . , ยซ , ยป. , - , . 20 .
- - . 3 PID-, . , - . - 200 . , .
, , .
PID :
-
PID- ,
PID-
, ,
, - ( Arduino ) - C Wiring . . , - , [MHN], .
, , . 90 - (disarm).
, , PID . , , , , -- , .
, .
, . , : , , Ada, .
Ada/SPARK , , , , .
R&D , , , , , , .
, runtime- , - , , .
, embedded Ada.
, robotics automotive , ยซ ยป, , , : , .
[SUG] SPARK user guide https://docs.adacore.com/spark2014-docs/html/ug/index.html
[SRM] SPARK reference manual (https://docs.adacore.com/live/wave/spark2014/html/spark2014_rm/index.html)
[FC] Frama-C - platform for modular analysis of C code https://frama-c.com/
[UPS] https://blog.adacore.com/using-pointers-in-spark
[MHN] https://nitinjsanket.github.io/tutorials/attitudeest/mahony
[EFF] https://greenlab.di.uminho.pt/wp-content/uploads/2017/10/sleFinal.pdf
[LIC] https://en.wikipedia.org/wiki/Lunar_IceCube