## The COTS Technology Authority EMBEDDED SYSTEMS VOLUME 2 NUMBER 4 WINTER 2006

IN THIS ISSUE:

## Chris A. Ciufo

Remembering December 7

## Joe Paylat

MicroTCA in the military

## **Hermann Strass**

MAE Show, Europe

WWW.MIL-EMBEDDED.COM

## DoD addresses IPv6 But is the Internet ready?

Mil systems lose their insecurities Java's the answer to legacy portability

PM40048627

PRST STD U.S. POSTAGE PAID BLAINE, WA PERMIT NO. 226

©2006 OpenSystems Publishing. Not for distribution.

## Keep your SPARC supply lines open.



USP Ile™ VMEbus Computer

650-MHz UltraSPARC<sup>®</sup> IIi+ CPUs 4GB SDRAM

Optional TGA3D+™ and TGA-100™ graphics support Gigabit Ethernet

PCI expansion to four slots

Four serial ports

VME Interface - VME64X via Tundra Universe II

PS/2 or USB keyboard/mouse

Solaris™ 8/9/10 Support



Two UltraSPARC IIIi

1.2 GHz CPUs

4GB 266DDR SDRAM
per CPU, 8GB total
Optional TGA3D+
and TGA-100 graphics
Gigabit Ethernet port
One 64-bit/66-MHz PMC slot
Up to four PMC expansion slots
Dual FC-AL/SCSI ports
Additional VME-backplane access
Up to 30G shock
Solaris OS Support



Do your mission critical applications depend on SPARC/ Solaris solutions? Many suppliers are ending their support for SPARC-based single board computers. Not Themis. Themis is committed to providing its customers and industry with high performance UltraSPARC VMEbus single board computers.

Themis has solutions. We are committed to providing you with the industry's widest breadth of high performance UltraSPARC-based VME single board computers. To support thousands of Solaris platform solutions for the most demanding mission critical applications.

Don't be forced into changing your computing platform today. Extend the life of your system and gain control over your program lifecycle and budget with Themis SPARC solutions.

Themis is keeping the SPARC supply lines open so call Themis today.

www.themis.com (510) 252-0870



Transformational.

RSC# 2 @www.mil-embedded.com/rsc



Take a closer look at your encryption.

## Are you getting the protection you need?

Members of the Sierra™ family of encryption modules are easily integrated into communications devices of all kinds. Sierra encrypts classified information, processes data at a higher speed, is extremely power efficient, and allows modules to be reprogrammed as missions change.

It's benefits like these that led the U.S. Department of Defense to select Sierra II for one of the most important communications programs in recent history. Sierra II has been chosen to encrypt 100 percent of the radios under Cluster 1 of the U.S. Joint Tactical Radio System program.

www.harris.com

RF Communications
Government
Broadcast
Microwave



assuredcommunications™

# EMBEDDED SYSTEMS

**VOLUME 2** NUMBER 4

www.mil-embedded.com

## **DEPARTMENTS**

## **Industry Analysis**

- 8 MicroTCA: High performance in a small package
- **Embedded computing systems take IPv6** 10 switches to heart By Duncan Young
- Special Report: Military Technology in Europe: 14 MAE Show, Ascot (UK) Bv Hermann Strass

## **Departments**

- **Editor's Choice Products**
- 46 **New Products** By Sharon Schnakenburg

## **Crosshairs Editorial**

- December 7 still lives in infamy By Chris A. Ciufo
- Advertiser Index

## **E-CAST**

Mapping Multi-function Radar Algorithms Across a VPX-REDI System
January 25, 2 p.m. EST
www.opensystems-publishing.com/ecast

## **COVER**

COTS electronics and software are now routinely used in avionics applications, but the need for safety-critical software in mission-critical applications remains acute. From operating systems to Java to IPv6, software is increasingly becoming robust enough for use in aircraft like this F-16 Fighting Falcon or the KC-135 tanker that's refueling it. (Image courtesy of US Air Force; photographed by Senior Airman Brian Ferguson.)

© Military Embedded Systems

All registered brands and trademarks within Military Embedded Systems magazine are the property of their respective owners.

Published by:



**SOFTWARE:** More OS options open up

- Java technology trends offer renewed promise for portable embedded applications By Dave Wood, Aonix
- Custom real-time kernels versus COTS Real-Time Operating Systems By Alex Polmans and David Mosley, DDC-I, Inc.

**TECHNOLOGY**: Feeling confident: Mil systems lose their insecurities

- 30 Building secure software: Your language matters! By Robert B.K. Dewar, PhD, AdaCore and Roderick Chapman, PhD, Praxis High Integrity Systems
- 34 IPv6 — The next-generation Internet By Brad Ryan, Juniper Networks
- PRODUCT GUIDE: MPC7448 PowerPC SBCs 42 and Systems

www.mil-embedded.com/eletter

Adaptive meshing helps Army develop **Future Combat Systems** 

By Jerry Fireman, representing Fluent Inc. and Benét Labratories

Using resource partitioning to build secure, survivable military systems

By Paul N. Leroux and Kerry Johnson, QNX Software Systems

Using your existing test and measurement platform to perform Serial RapidIO protocol analysis

By Barbara Aichinger, FuturePlus Systems

Visit us online for the complete list of articles

## Subscribe to the magazine or E-letter:

www.opensystems-publishing.com/subscriptions

**Industry news:** 

Read: www.mil-embedded.com/news

Submit: www.opensystems-publishing.com/news/submit

Submit new products:

www.opensystems-publishing.com/vendors/submissions/np

4 / FALL 2006

MILITARY EMBEDDED SYSTEMS

©2006 OpenSystems Publishing. Not for distribution.



## **Advertiser** Information

### Page/RSC# Advertiser/Product description 45 ACCES I/O - Analog, Digital, Relay, and Serial I/O Products

Advantech - Rugged Solutions 48

Annapolis Micro Systems - FPGA Systems 53

Arrow Electronics - MicroTCA Communications Servers 11

Concurrent Computer Corporation – Dual-core Processors 52

56 Curtiss Wright - VPX, VPX-REDI

9 DIGITAL-LOGIC - MPCX48, MPCX47

46 Embedded Planet - EP8548A Serial RapidIO AMC

26 **Excalibur Systems - Avionics Communications** 

GE Fanuc - Q104-1553 55

35 General Micro Systems - V394, CC61X

21 General Standards Corporation - Analog, Digital, and

Serial I/O Products

Harris RF Communications Division - Sierra Encryption Modules 3

Hybricon - Ruggedized COTS Solutions 49

15 Hypertronics - Connectors, Solutions

7 ICS Sensor Processing - ICS-8550

5 Intel - Intel Solutions

41 Jacyl Technology - Project Solutions

Merlin – Product Obsolescence Solutions 44

MPL AG - Rugged Embedded Computers 39

50 North Atlantic Industries - Military Power Supplies

Phoenix International - Data Storage Modules 13

RTD Embedded Technologies – PC/104 Modules and Systems 28

32 Sealevel Systems - Relio Computing Solutions

TEWS Technologies - COTS I/O Solutions 6

Thales - PowerMP6 27

Themis Computer - SPARC SBCs 2

Tri-M Systems - 100 MHz PC/104 Module 17

Tri-M Systems - Distribution Services 19

51 VMETRO - High-speed Data Recording



with Outstanding Software Support.

**CPU Carrier** IP and PMC Carriers Ethernet Communication CAN Bus Field Bus Digital I/O Analog I/O PC Card/CardBus

**Motion Control** 





VxWorks Linux

Windows LynxOS



TEWS TECHNOLOGIES LLC: 9190 Double Diamond Parkway, Suite 127- Reno, NV 89521/USA Phone: +1 (775) 850 5830 - Flax: +1 (775) 201 0347 - E-mail: utassales@firest.com

TEWS TECHNOLOGIES GmbH: Am Bahnhof 7 - 25469 Halstences / Germany Phone: +49 (0)4101-4058-0-Fax: +49 (0)4101-4058-19-E-mail: info@tows.com

## Military embedded systems

AN OPENSYSTEMS PUBLICATION

## Military and Aerospace Group

DSP&FPGA Product Resource Guide

DSP-FPGA.com

DSP-FPGA.com E-letter

Military Embedded Systems

Military Embedded Systems E-letter

PC/104 & Small Form Factors

PC/104 & Small Form Factors E-letter

PC/104 & Small Form Factors Resource Guide 

VME and Critical Systems

VME and Critical Systems E-letter

Group Editorial Director Chris A. Ciufo

cciufo@opensystems-publishing.com

Senior Editor (columns) Terri Thorson

tthorson@opensystems-publishing.com

Assistant Editor Sharon Schnakenburg

sschnakenburg@opensystems-publishing.com

Hermann Strass **European Representative** 

hstrass@opensystems-publishing.com

Steph Sweet Art Director

**Senior Web Developer** 

**Graphic Specialist** David Diomede

Circulation/Office Manager Phyllis Thompson

subscriptions@opensystems-publishing.com

## OpenSystems Publishing

### Editorial/Production office:

16872 E. Ave of the Fountains, Ste 203, Fountain Hills, AZ 85268

Tel: 480-967-5581 Fax: 480-837-6466

Website: www.opensystems-publishing.com

Publishers John Black, Michael Hopper, Wayne Kristoff

Vice President Editorial Rosemary Kristoff

## **Communications Group**

Editorial Director Joe Paylat

Assistant Managing Editor Anne Fisher

Senior Editor (columns) Terri Thorson

Technology Editor Curt Schwaderer

European Representative Hermann Strass

## **Embedded and Test & Analysis Group**

Editorial Director Don Dingee Editorial Director Jerry Gipper Technical Editor Chad Lumsden

Associate Editor Jennifer Hesse

European Representative Hermann Strass

Special Projects Editor Bob Stasonis

## Reprints and PDFs

Becky Mullaney 717-399-1900, Ext. 166

mesreprints@opensystems-publishing.com

ISSN: Print 1557-3222

Military Embedded Systems (USPS 019-288) is published four times a year (Spring, Summer, Fall, Winter) by OpenSystems Publishing LLC, 30233 Jefferson Avenue, St. Clair Shores, MI 48082

Subscriptions are free to persons interested in the design or promotion of Military Embedded Systems. For others inside the US and Canada, subscriptions are \$28/year. For 1st class delivery outside the US and Canada, subscriptions are \$50/year (advance payment in US funds required).

Canada: Publication agreement number 40048627

Return address WDS, Station A PO Box 54, Windsor, ON N9A 615

POSTMASTER: Send address changes to Military Embedded Systems 16872 E. Ave of the Fountains, Ste 203, Fountain Hills, AZ 85268



## More reasons to choose Radstone.

The one and only ICS-8550.

Designed for high-speed data acquisition applications such as Software Defined Radio, SIGINT, tactical communications and radar, the ICS-8550 XMC module – which is available for both benign and rugged environments – can simultaneously sample two RF/IF inputs at frequencies up to 210 MHz at a resolution of 12 bits.

With the industry-leading Xilinx Virtex-4 FPGA at its heart to deliver unprecedented power and user programmability – and enabling IF/UHF signals to be processed directly on the board itself, freeing the host board for other tasks - the ICS-8550 is truly an ADC module that sets new standards.

And with up to eight lanes of high-speed serial I/O, the ICS-8550 provides the throughput to match its performance and flexibility. Configure it with Radstone's remarkable V4DSP FPGA/PowerPC processor, and the partnership is unbeatable.

Radstone. For when you need more.



RSC# 7 @www.mil-embedded.com/rsc

## MicroTCA: High performance in a small package

By Joe Pavlat



MicroTCA is a new open computing standard developed by PICMG that provides high performance and modularity. However, it is physically small enough to be used in a variety of mobile military applications, including vehicle and airborne platforms. MicroTCA uses the new AdvancedMC mezzanine cards that were originally designed for AdvancedTCA applications but uses them in a different way. AdvancedMC cards provide high performance in a small package. They are fabric-based and can use PCI Express, Ethernet, or RapidIO for high-speed data transfer. They are also fully managed and hot swappable, making them ideal for high-availability applications where systems resources can be made redundant so that cards can fail and the system keeps operating. In MicroTCA, AdvancedMCs (see Figure 1, courtesy of GE Fanuc Embedded Systems) plug directly into the system backplane, whereas they typically plug onto a carrier card in AdvancedTCA applications.

MicroTCA provides a high-performance multiprocessor architecture that supports CISC and RISC processors, DSPs, FPGAs, and network processors simultaneously. Data throughput exceeds 10 Gbps per slot, so MicroTCA is ideal for applications requiring lots of data manipulation and transfer, including voice, image, and radar processing. The MicroTCA backplane supports star, dual star, and full mesh topologies.

The MicroTCA architecture is very scalable. Simplex systems with single resources can be built quite inexpensively and are suitable for applications where low cost is critical and occasional failures can be tolerated. Duplex systems with redundant cards and high-availability software are more complex and expensive, but can offer 5 Nines availability, 99.999 percent uptime.

Military electronic systems designers are rapidly warming to the concept of availability, borrowed from the telecom world where systems are often expected to operate continuously for 30 years or longer. Simple Mean Time Between Failure (MTBF) calculations, which are often little more than an estimate of how often systems might fail, are increasingly viewed as insufficient for the job at hand. The underlying concept of availability is that the system provides redundant hardware and software management such that no single element can be a single point of failure for the entire system. In a highly available system, single elements, payload cards, and power supplies can fail and be replaced at a convenient time without bringing the system down. Because MicroTCA is a switched fabric architecture and not a parallel data bus such as VME or CompactPCI, sys-tems can be designed in a way that a single card failure need not bring the entire system down. The hardware management structure of MicroTCA is largely borrowed from the wellwrung-out AdvancedTCA management architecture. Industry standard highavailability middleware, defined by the Service Availability Forum, can be used.

MicroTCA was originally conceived as a smaller, lower-cost cousin to AdvancedTCA, and telecom was viewed as its primary market. Since the specification has been ratified, a high degree of interest for nontelecom applications has surfaced. Prime among them are military applications. (Refer to our sister publication *PC/104 and Small Form Factors*: "Rugged MicroTCA: A swappable alternative" at www. smallformfactors.com/articles/id/?1861).

While MicroTCA is ruggedized to telecom standards for shock, vibration, temperature, earthquake, and so on, it is not yet ready for the extreme requirements of the mobile military environment. But a number of PICMG member companies



Figure 1

## Industry Analysis \_

are working on developing concepts that range from cocooning a MicroTCA chassis inside an ATR box with shock mounting and conduction cooling (shown in Figures 2 and 3, courtesy of Hybricon Corporation).

At least one PICMG member company is working on metal clamshells that encase AdvancedMC cards and are then rigidly mounted in a special chassis and directly conduction cooled. It is expected that this work will move into PICMG and become a formal specification development activity at the end of 2006. A lot of work remains both in terms of defining the requirements and then designing a so-lution, but the wide range of expertise in PICMG's 300-strong membership will be brought to bear as usual.



Figure 3



Figure 2

You can learn more about MicroTCA and its architecture in another OpenSystems Publishing publication, CompactPCI and AdvancedTCA Systems magazine.

For more information, contact Joe at jpavlat@opensystems-publishing.com.

Editor's Note: As we went to press, Motorola announced \$1.0 million in MicroTCA product sales – a significant milestone event. See www.vmenow.com for more information.



presented by OpenSystems Publishing



## **UPCOMING E-CASTS JANUARY 2007**

Mapping Multi-Function Radar Algorithms Across a VPX-REDI System January 25, 2 p.m. EST Presented by: Mercury Computer Systems

## DID YOU MISS AN E-CAST? DON'T WORRY.

Archived E-casts are at www.opensystems-publishing.com/ecast

www.opensystems-publishing.com/ecast



## **In-Vehicle PCs**

smallest dimensions. fanless, high reliability, rugged design





- VGA, DVI, LVDS, Audio, Video-in
- LAN, COM1, COM2, 6x USB
- Options: WLAN, GPS, GSM, CAN



## MPCX47 (IP65)

- Intel® Pentium® M 738, 1.4GHz
- VGA, DVI, LVDS, Audio, Video-in
- LAN, COM1, COM2, 4x USB, 2x firewire, Digital I/O
- Exchangeable mediapack 40GB automotive HDD 1x CF TypeII
- Options: UPS-battery, preheating, GSM, GPS, WLAN, CAN

Further informations: www.digitallogic.com

DIGITAL-LOGIC offers a wide range of embedded computer boards and systems for stationary and mobile applications.

Advanced Digital Logic Inc. 4411 Morena Blvd. Suite 101 San Diego, CA 92117-4328 Phone +1 858 490 0590 Fax +1 858 490 0599 sales@adlogic-pc104.com www.digitallogic.com





## Field Intelligence By Duncan Young

## **Embedded computing systems** take IPv6 switches to heart



Military operations have seen a massive emphasis shift from the physical domain of the soldier, tank, or combat aircraft to the informational and intelligence domains. This drive toward tactical awareness domination will be the key to the efficiency and speed of military operations in the future networked digital battlefield. Obviously, much enhanced communications capacity and security will be needed at all levels to implement these network-centric operations. This is why IPv6 has been selected as the common future protocol for sharing voice, data, and video across all levels of operations from the soldier and sensors, to weapons platforms, to logistics, to planning and strategic operations.

IPv6 is the foundation of interoperability for the DoD's Global Information Grid (GIG), which uses Internet technology to provide seamless integration of information all the way from an Unmanned Aerial Vehicle (UAV), a helicopter, or a soldier in the field, to the Pentagon and back (known as reachback). IPv6 has been selected now to allow time for the creation of

new infrastructure plus the gradual transition IPv4 to IPv6. After many years adoption, IPv4 is finally running out of steam, requiring three major areas of improvement for military applications that are resolved by IPv6:

- Built-in protocol and payload encryption While IPv4 supports some levels of encryption, it is implemented as an add-on rather than an inherent part of its functional capability. The additional encryption support provides military applications with the security needed for the protection of data and command structures, although it requires more processor power within a switch for effective network operation.
- Selectable Quality Of Service (QOS) for different classes of communications – High priority and security are vital for critical applications where real-time response and data integrity must be achieved. Other services may be less time-critical and may not need to rely 100 percent on data integrity. Streaming MPEG video is a good example of such a service where decompression and reconstruction can tolerate some timing jitter and data errors created by transmission through a network.

of legacy systems from ... IPv6 has been selected as the common future of worldwide protocol for sharing voice, data, and video across all levels of operations from the soldier and sensors, to weapons platforms, to logistics, to planning and strategic operations.

■ Much larger addressing range without resorting to address translation - IP was conceived long before the Worldwide Web became the force it is today, resulting in just not enough address space to go around. Current IP addresses have a 32-bit field giving approximately 4.3 billion unique addresses but, because of different classes of address, typically only 3 billion of these are readily available. The number of Internet users is doubling every year and will very soon exceed the number of addresses available. However, Network Address Translation (NAT) is used extensively by local networks and ISPs whereby just one global IP address can be mapped to many local unregistered IP addresses, thus extending the number of potential users to many times that which would be available directly. IPv6's 128-bit address field reduces the need for address translation and would allow a very large user such as the DoD to assign its own unique IP addresses to every intelligent node and subsystem in its entire inventory without NAT.

At the heart of almost every operational platform such warships, submarines, armored vehicles, helicopters, combat aircraft and so on - is a combat system or a mission system. In addition, there will be a mix of current and legacy subsystems, weapons, and sensors

attached, using both point-to-point connected (for example, federated) and networked architectures for interconnection. With the exception of a few newly designed platforms, these older platforms are the ones that will present the greatest challenges to the introduction of IPv6 and integration within the GIG. For example, a Naval combat aircraft, such as an F/A-18 Super Hornet, might have sophisticated networked connectivity between its mission computer and its primary sensors and weapons systems using Fibre Channel but may also have many legacy subsystems connected via MIL-STD-1553B. External communications, such as radios, are often limited to voice and a number of highly secure data links used to share data with other aircraft and surface ships within the local tactical environment. Such platform systems typically use unique internal data structures and maintain physical separation of mission data and sensor video. This makes them unsuited to an Internet-like communications environment without extensive modification to their application software packages.



Back in 1981, while people were busy spinning on their heads, Motorola launched VME and left the embedded computing competition flat on its back.

## Now, 25 years later, Arrow Electronics and Motorola are defining the new era in embedded computing with MicroTCA™ solutions.

**MicroTCA communications servers** use a revolutionary system architecture to meet the military's budget requirements and work within an open architecture computing environment. Motorola is recognized for its key role in ushering in this innovative technology. Backed by Arrow's broad line card, technical expertise, services, outstanding integration capabilities, and supply chain solutions, MicroTCA technology reduces the time required to deploy and refresh systems.





**WONN** 

Offering the economies of commercial off-the-shelf products and the flexibility of custom solutions, MicroTCA technology co-exists with VME and extends the life of previous investments through:

- · Adherence to standards-based open architecture systems requirements
- Very compact form factor
- Superior chassis flexibility
- Compute density and scalability
- Hot-swappable Advanced Mezzanine Cards
- A common base platform and associated cost savings



Arrow and Motorola—

Defining the New Era in Defense and Aerospace Efficiency

## Development units available.

Call 888-427-2250 or visit www.arrownac.com/NotAPassingTrend to learn why MicroTCA technology is destined to influence embedded computing for a long time to come. Quantities are limited, so call now!

©2006 Arrow Electronics, Inc. Arrow and the Arrow logo are registered trademarks; MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. PICMG and the PICMG logo are registered trademarks, and MicroTCA is a trademark of the PCI Industrial Computer Manufacturers Group.



## Field Intelligence

## IPv6 gateway

The most likely initial steps will be to incorporate IPv6 by means of a gateway. This will consist typically of an intelligent subsystem incorporating a switch with a high-bandwidth external connection to the GIG. Other connections to the switch will be the platform's sensors and its combat or mission system (Figure 1), offering only filtered views of the total information content available locally. It is likely that in addition to newer subsystems designed specifically with IPv6, many legacy pieces of equipment will be connected to the gateway, probably a mix of older IPv4 systems and subsystems using 100 Mbps or 1 Gbps Ethernet in copper or fiber. Additionally, such a gateway could be used to connect further legacy subsystems using MIL-STD-1553B or RS-485. For these legacy connections, the gateway needs to provide translation and support for the upper layers of the communications model in order to transfer any meaningful information.

Small platforms such as an armored vehicle may have only one gateway; larger platforms such as a Naval vessel may have many.

The ideal way to implement such a gateway is as a COTS-based embedded subsystem with an IPv6-capable Ethernet switch and whatever legacy interfaces might be required to connect to the older subsystems. IPv6 can handle IPv4 traffic through its network though it retains the limitations of IPv4, reducing the need to replace or upgrade every existing subsystem for compliance.

## Platform-level switched fabrics

But Ethernet and IPv6 are not just limited to the interplatform network domain of the GIG. Within platforms, there is growing demand for high-speed switched fabrics typified by Fibre Channel, Serial RapidIO, and PCI Express. These are used to enable data and resource sharing between multiple processors of a mission or combat system and the many subsystems making up the complete platform. These fabrics are usually characterized by their high line speeds (>1 Gbps) and low latency, which are both required for real-time, deterministic operation of the platform's system. Ethernet will have the capability and latency to become a platform's primary switched fabric. This reflects

## **Typical Mission System with Gateway**



## Field Intelligence-

best practice in the commercial and telecommunications worlds, where Ethernet is firmly established as the *de facto* standard.

Hence a number of COTS vendors such as Curtiss-Wright Controls Embedded Computing, Radstone, and GE Fanuc Embedded Systems have introduced IPv6-capable Ethernet switches into their product portfolios. These switches offer built-in flexibility to support a number of physical connections and line speeds and include a processor for local network management functions. COTS switches are available in many formats including VME and CompactPCI, both of which are ideal for implementing gateway functions or intraplatform networks in deployed military applications. Typical of these is GE Fanuc's RM921 (Figure 2) managed VME Ethernet switch with copper or fiber connections, 12 or 24 ports with support for IPv6. This product line is soon to be complemented with a next-generation managed switch offering much improved performance. Based upon the latest Broadcom devices, IPv6's lower protocol layers are handled directly by hardware for lower latency and improved throughput.

## Reaching the heart

Bringing effective Ethernet communications to a force on the move will itself be a challenge, requiring vastly more wireless bandwidth than is available today; however, the intention behind the introduction of IPv6 is also to take communications deep into the heart of platforms, their systems, and subsystems. This will facilitate not only the sharing of data, but may also permit the operation and control of sensors, weapons, propulsion, and navigation systems from any remote location or even multiple locations and users. This migration of intelligence and control out of a deployed platform to a war fighter's console could make today's concept of an "onboard embedded intelligent subsystem" redundant, being replaced by a population of simple "remote terminals" instead.

This level of intrusion could well be seen first in small UAVs and Unmanned Combat Aerial Vehicles (UCAVs). In these vehicles, the volume of sensor data that could be acquired requires massive off-board computing resources to process and assimilate into the tactical situation. As a result, the vehicle's mission could be redirected in real time as situations develop. This also offers the potential for security vulnerabilities, but intrusion will inevitably be required anyway for software maintenance and network management just like any other Information Technology (IT) system. While network security will be enhanced by IPv6's encryption, it will still rely heavily on secure, partitioned operating systems such as ARINC-653 and MILS for protection.

## DoD committed to switch

IPv6 has been selected and will be implemented by the DoD, eventually finding a place in every platform, touching most embedded systems in some form or another within the next few years. It may even radically change the way these embedded



systems are implemented. Ethernet switch device technology is on the fast track for more performance through hardware execution of the protocol, fueled by the telcos' desire for more payload through their networks and the division of their services by quality requirements. The DoD will benefit from this rapid growth as will COTS vendors, such as GE Fanuc, and their customers by offering ultra-competitive, mainstream technology solutions for gateways, switched fabrics for platform networks and, eventually, fully integrated systems and subsystems incorporating IPv6.

For more information, contact Duncan at young.duncan1@btinternet.com.



## Special report: MAE show, Ascot (UK)



By Hermann Strass

The UK has Europe's largest military equipment and services market. Each year, record numbers of visitors attend the Farnborough Air Show in southern England. However, so far there was no military aerospace electronics show. For the first time, though, on September 26, 2006, the Military & Aerospace Electronics (MAE) Technical Conference and Exhibition presented *The Future of Electronic Systems for Military and* 

This inaugural show was well received by attendees and exhibitors. More than 30 companies demonstrated hardware and software, and several trade magazines including *Military Embedded Systems* and *VMEbus Systems* supported the event. Other supporters included SAE-UK and VITA. There were 18 presentations organized into three tracks (in three theatres) throughout the day. Conference topics included:

- » Designing with COTS
- » Development tools
- » Lead-free issues
- » Microprocessors, controllers, and FPGAs
- » Networks
- » Obsolescence management
- » Power electronics
- » Real-time operating systems and middleware
- » Reliability
- » Rugged electronics
- » Using open standards to design net-centric warfare systems
- » Test and measurement

Presentations were carefully selected by an independent, neutral panel of experts from many applications. The main focus was on the latest developments, technical issues, and



Figure 1

Aerospace at a historic venue west of London. The Ascot Racecourse site, close to Windsor Castle, has large facilities for conventions and exhibitions that are also used as the venue for the world-famous horse races. The traditional red brick style buildings (see Figure 1, courtesy of Technology Consulting) contrast with the modern grandstand (see Figure 2, courtesy of Technology Consulting) where formally dressed gentlemen and ladies with fancy hats would watch the horse races. Obviously, there were no horse races during the time of the military and aerospace electronics show.



Figure 2



## TO GREAT LENGTHS FOR OUR CUSTOMERS.

From the toughest terrains in the universe to the antiseptic environment of the operating room, Hypertronics delivers the highest reliability electronic connectors for our customers' most demanding applications. But our commitment doesn't end there. We provide complete, custom design solutions for customers, including cabling, mechanical design, integrated electronics and electrical modeling capabilities. Hypertronics custom solutions can save you valuable engineering and manufacturing time and ensure the overall reliability of your final product. Our complete solutions are as dependable as our connectors, and our service and support is unmatched. For more information on Hypertronics reliable connectors and dependable solutions, call 1-800-225-9228, email info@hypertronics.com or visit our web site at www.hypertronics.com/wego.html.







## HYPERTRONICS: RELIABLE CONNECTORS. DEPENDABLE SOLUTIONS.

HYPERTRONICS CORPORATION

Hudson, MA 1-800-225-9228 www.hypertronics.com

ISO 9001, AS9100, 13485 & 14001 certified

©2006 OpenSystems Publishing. Not for distribution.

## **Industry Analysis**

implementation decisions for secure and reliable systems in harsh and mission-critical environments. The event was packed with real case studies, practical demonstrations, and highly technical information. A brief overview of selected presentations indicates the wide range of topics covered during this *future-directed* event

## Cooling: Paul Rose, Flomerics

Paul Rose gave a presentation on the simulation of cooling of electrical/electronic components on boards and in systems. Devices and systems are getting smaller all the time, but performance and power stay the same or increase. This means heat is concentrating in smaller volume and has less surface area for dissipation. In military systems, space-limited and environmental conditions are harsh. Cooling (deheating) methods used on commercial systems are therefore insufficient. It would be extremely expensive and time consuming to test many possible configurations by producing real systems, because several iterations would be needed.

Flomerics Ltd., UK, the leader in computer simulation of deheating and cooling methods and designs, has developed FLOTHERM, a Computational Fluid Dynamics (CFD) simulation program and toolset to solve heat transfer design issues without a need to produce real components or systems. CFD is the analysis of systems involving fluid flow, heat transfer, and associated phenomena such as chemical reactions by means of computer-based simulations. A set of (NavierStokes) equations is solved to fully simulate the physics of flow. Only a subset of the possible equations is required to iteratively calculate solutions for electronic systems. It may take about one night to run each simulation. This is not too long, because it would take much longer to produce a board or a system, and to learn that the product still runs too hot. A virtual model can be repeated easily using different parameters.

In addition to adequate deheating, the solution will also be optimal in terms of energy to cool it, noise, and reliability. FLOTHERM software and toolsets are available from Flomerics Ltd. or under license, sometimes using company-specific names from manufacturers and electronic systems integrators.

## COTS: Richard Jaenicke, Mercury Computer Systems, Inc.

Richard Jaenicke gave a detailed analysis of Intel versus PowerPC multiprocessor platforms. A comparison was presented on VMEbus systems meeting COTS industrial requirements. Topics included were Symmetric MultiProcessor (SMP) systems, Non-Uniform Memory Access (NUMA) systems, and other variants.

PowerPC-based systems showed much higher GFLOPS and in some cases higher memory bandwidth than Intel Xeon and Core Duo variants. Interprocessor bandwidth was almost the same for both platforms. PowerPC is enhanced when a large amount of floating-point performance is needed. The Intel platform is better when Multichip SMP is required.

## Lead-free: Ken Hall, Triteq

Ken Hall discussed lead-free topics, which are of particular interest in Europe. Every contractor, manufacturer, or system integrator is confronted with lead-free issues. The market for electronic components in the military and aerospace industry is constantly declining. For instance, the UK market share dropped from 9 percent in 1984 to 0.9 percent in 2005. Currently, Triteq estimates that components are made obsolete at a rate of 13,000 per month.

Some military components are exempt from Restriction of the use of certain Hazardous Substances (RoHS) compliance, but COTS components are not. There are many legal, commercial, and technical issues. A technically competent and quality-oriented partner may be required to provide cost-effective turnkey solutions to obsolescence redesign. Triteq is the only TUV-certified subcontract design house in the UK. It is one of a few design subcontractors in the UK with ISO 13485 certification for safety-critical medical design.

## Networks: Bob Pickles, SBS Technologies, Inc.

Bob Pickles reported about Avionics Full Duplex Switched Ethernet (AFDX), a deterministic and failure-resistant version of Ethernet. AFDX was developed for the Airbus A380 and is currently used on the Boeing B787 Dreamliner. The Airbus A400M (military transporter) and Airbus A350 (civil transporter) will be next to use it. It is a replacement for ARINC 429, using a deterministic protocol as defined in ARINC 664 Part 7. This real-time Ethernet version is switched, eliminating data collisions. The transmission rate is bounded to eliminate loss of packets. Real-time, deterministic operation and a fully redundant transmission channel make AFDX usable in mission-critical systems. Jitter and latency are also bounded to ensure there are no hidden performance problems during operation.

The SBS system, AFDX-E1000, uses standard hardware components and a software stack running in an FPGA. The stack is written in higher-level language. It is very easy to add functions and to transport it to different hardware. A hardware solution would make upgrades lengthy, expensive, and subject to End-Of-Life (EOL) issues. The SBS solution makes the system hardware independent and dynamically upgradeable.

## Reliability: John Jones, IGG Component Technology Ltd.

John Jones presented information about identifying counterfeit components, reliability testing, lead-free issues, and long-term storage of COTS components. Clearly identified second source products, when properly tested and certified, are acceptable to use. However, counterfeit (nonoriginal) components of unknown or low quality are a severe problem in high-reliability systems because what you see is not always what you get.

Technical reliability issues may include corrosion, (silver) metallization migration, intermetallics (gold-aluminum and tin-copper), or fatigue. Quality and reliability testing may include Destructive Physical Analysis (DPA), life testing, accelerated testing, or thermal cycling.

## Industry Analysis -

Preparation for a long-term storage of 20+ years includes stabilization bake at 85 °C for 48 hours, individually sealed components, and storage under specified humidity and temperature conditions.

## Safety: Alex Wilson, Wind River Systems, Inc.

Alex Wilson gave information on MIL/ COTS operating systems requirements. Modern warfare is all about sharing information using IP-based information networks. The Multiple Independent Levels of Security (MILS) architecture specifies compartmentalized hierarchical systems required by the National Security Agency (NSA). These systems include Non-bypassable, Evaluatable, Alwaysinvoked, and Tamper-proof (NEAT). Assured trust levels are required on a component-by-component basis. Changes in noninteracting components need reevaluating of only the changed component, resulting in huge cost savings. The MILS concept benefits from ARINC 653 time and space partitioning, deterministic, predictable execution, and other requirements of this standard. Safety assurance is possible through DO-176B Level A certification. VxWorks RTOS with a MIKS Kernel Layer runs in kernel mode, provides separation and security, and controls information flow between partitions.

## VITA's presentation on standards

Representing VITA Europe at MAE, I reported on standards for industrial and military systems, which have more demanding requirements than commercial systems. They are used for much longer times in hard real-time and deterministic applications. VITA

ommercial systems. They are used for systems for military space applications and deterministic applications. VITA

provides standards for products that have to operate under such conditions. VMEbus technology, which started 25 years ago, was standardized by VITA and is continuously enhanced to meet the increasing demands of military, industrial, and aerospace requirements. A recent major step forward is the introduction of the VITA 46 standard for increased speed (12.5 Gbps), number of transmission circuits, and I/O contacts (728 total). Cooling, reliability, and lead-free issues are also topics of VMEbus technology standardization by the VITA Standards Organization (VSO).

For about 20 years now, VMEbus technology has been and still is the leading open standard for modular computer systems in real-time, high-availability, highreliability applications. New or enhanced standards ensure this will be so for the next 25 years. One project that proves this is VITA 58 Electronics Integration for Level 2 maintenance. Systems will be packed into sealed standardized enclosures called *canisters*. These canisters can be installed or replaced by anyone without operator intervention or system shutdown. This is obviously a standard for very long-term usage. VITA and the VSO provide the standards for these long-term applications.

## **Success at MAE**

The MAE show proved itself effective (see Figure 3, courtesy of Technology Consulting). Attendees left the event with in-depth technical information about state-of-the-art and future electronic systems for military, defense, and aerospace applications.

For further information, e-mail Hermann at hstrass@ opensystems-publishing.com.



Figure 3

## Java technology trends offer renewed promise for portable embedded applications

## By Dave Wood

Because of the promise of increased productivity and reduced error incidence, achieving program portability has always been an important goal in software engineering. The goal of portability has been met with mixed success because of varying approaches to portability from one programming language to another. Further, the special characteristics of embedded, real-time, and safety-critical applications present additional challenges to portability. Dave examines the characteristics of C++, Ada, and Java and their implications for portability in embedded development.

Creating highly portable code is an important mechanism for increasing software development productivity while improving software maintenance and longevity. Today's primary languages for military embedded systems – C++ and Ada – along with emerging embedded Java technology, each provide their own portability characteristics.

## Not all portability is created equal

C and C++ programs often are presumed to be portable. Consider the following code:

#include <stdio.h>
main()
{
 printf ("This code is
portable!\n");
}

This piece of code will compile and run on practically every commercial processor/operating system combination in existence. The fact that it will do so is not a reflection of anything inherently portable about the language itself, but rather it is a reflection of the fact that C or C++compilers are available on essentially every platform. As such, C qualifies as a portable language, at least so long as the programs adhere to commonly supported core syntax. Thus C/C++ are portable in the sense of *platform pervasiveness*.

On the other hand, Ada was designed specifically to promote code portability with an emphasis on tightly controlled international standardization and rigorous conformance test suites. Although Ada includes many implementation-dependent features, its portability features provide substantial built-in standard libraries and a standard multi-threaded execution model. As such, Ada also qualifies as a portable language. Yet, although Ada compilers are available on a wide array of platforms, they are not nearly as widely available as C/C++ compilers. Therefore, we consider Ada portable in the sense of platform independence.

C/C++ is portable thanks to ubiquity rather than design. Ada is portable thanks to design rather than ubiquity. These kinds of distinctions form a rich basis for "my language is better than your language" debates among advocates.

## **Defining portability**

Clearly, portability means different things to different people. By evaluating the merits of various portability paradigms against the actual needs of a particular audience, we can make value judgments about the suitability of a given language's portability characteristics. Table 1 lists cross-platform portability factors, and their relative importance is dependent upon individual needs.

Choosing between C++ and Ada offers a trade-off between a more portable design (Ada) and a wider potential pool of available platforms (C++). A third option, Java, offers the promise of both platform pervasiveness and platform independence at the same time.

In the nonembedded software community, Java has already emerged as the favorite. Studies indicate that Java popularity has

| Component   | Possible Cross-platform Portability Requirements     |  |  |  |  |  |
|-------------|------------------------------------------------------|--|--|--|--|--|
| Compiler    | Compilers for language exist on required platforms   |  |  |  |  |  |
| Compiler    | Compilers exist and conform to same standard         |  |  |  |  |  |
| Libraries   | Common library types are commercially available      |  |  |  |  |  |
|             | Common libraries inclusive in language standard      |  |  |  |  |  |
| Source Code | Compatible across platforms and OS versions          |  |  |  |  |  |
|             | Compatible across variants of language and libraries |  |  |  |  |  |
|             | GUI code same across platforms without change        |  |  |  |  |  |
|             | No exposed OS or hardware dependencies               |  |  |  |  |  |
| Runtime     | Same runtime API across platforms                    |  |  |  |  |  |
|             | Consistent runtime behavior across platforms         |  |  |  |  |  |

Table 1

## Usage Trends of Ada, C, C++, and Java



Data Source: *Programming Language Trends, An Empirical Study of Programming Language Trends,* Yaofei Chen, PhD dissertation, New Jersey Institute of Technology, August 2003.

Figure 1

overtaken that of C/C++ in enterprise and desktop computing (see Figure 1), and is available on most computing platforms. At the same time, Java's design features mirror and even exceed many of the high-portability characteristics of Ada. This is a reflection of the "Write Once – Run Anywhere" philosophy that drove the design of the Java language, the Java library set, and the Java virtual machine.

As seen in Table 2, C++, Ada, and Java each offers its own strengths. For military embedded applications, the question is which of these options presents the best match to priorities. To help answer that

question, three key areas to consider are source code portability, library portability, and behavioral portability.

## Source code portability

At the source code level, it is certainly possible to write portable C/C++ code, given careful attention coding to practices. However, C/C++ presents many opportunities for making nonportable code. An example of some of thought the processes recommended for C/C++ programmers to improve portability can be found in The C++ Portability Guide (see sidebar).

This publication identifies a number of areas where C and C++ programmers need to tread carefully in order to achieve higher portability.

In contrast to C++, Ada is a rigorously specified language with very well-defined and longstanding international standardization. Even so, Annex M of the language standard identifies more than 100 implementation-dependent aspects of the language that should be carefully encapsulated to facilitate portability.

An example of an area where a programmer needs to take extra care with C/C++

| Portability Factor    | Ada      | C++       | Java      |  |  |  |
|-----------------------|----------|-----------|-----------|--|--|--|
| Platforms             | moderate | pervasive | growing   |  |  |  |
| Standardization       | high     | moderate  | high      |  |  |  |
| Built-in Libraries    | moderate | minimal   | extensive |  |  |  |
| Third Party Libraries | moderate | extensive | extensive |  |  |  |
| Commercial Use        | minimal  | extensive | extensive |  |  |  |
| Runtime Behavior      | defined  | undefined | defined   |  |  |  |
| Safe Programming      | yes      | no        | yes       |  |  |  |

Table 2



is with the type system. C/C++ typing is comparatively loose and implementation dependent. Details of atomic types such as type size (for example, the number of bits in shorts, ints, and longs) as well as "endianness" are implementation-specific. Other nonportable behavior includes the value of uninitialized variables and the results of accessing memory that has been freed. For Java, details and behaviors of this sort are either explicitly defined and abstracted away from the programmer or simply not applicable.

## Library portability

Building complex systems is not practical without the availability of off-the-shelf libraries. Many such libraries exist for all three of the languages discussed herein, but not all are equally portable. Libraries can be considered most portable if they are defined as part of the standard, if the content of the standard libraries is comprehensive, and if the standard is widely adopted across implementations.

In this regard, Java clearly excels to levels far beyond any competing offering. The core Standard Edition libraries alone consist of 166 packages and 3,279 classes. Although the C/C++ ecosystem provides an extensive collection of open source and commercial libraries, the libraries that are inclusive in the language standard are comparatively Spartan. Library support can vary from implementation to implementation and from platform to platform, with the consequence of having an impact on portability.

The standard Ada library set is consistent across implementations and very well-defined. In comparison, the scope of the standardized set of Java libraries is staggering and growing because of the participation of a large, cooperative, and vibrant development community. Like C/C++, Java enjoys a very large ecosystem beyond the standard such as APIs for 3-D graphics, OpenGL, compression, and numerical analysis. Some libraries have achieved quasi-standard status and ubiquitous availability. An example of this is the SWT graphics library from the Eclipse Foundation.

## The C++ Portability Guide

(www.mozilla.org/hacking/portable-cpp.html)

- 1. Be very careful when writing C++ templates.
- Don't use static constructors.
- 3. Don't use exceptions.
- 4. Don't use runtime type Information.
- 5. Don't use C++ standard library features, including iostream
- 6. Don't use namespace facility.
- 7. main() must be in a C++ file.
- 8. Use the common denominator between members of a C/C++ compiler family.
- 9. Don't put C++ comments in C code.
- 10. Don't put carriage returns in XP code.
- 11. Put a new line at end-of-file.
- 12. Don't put extra top-level semicolons in code.
- 13. C++ filename extension is .cpp.
- 14. Don't mix varargs and inlines.
- 15. Don't use initializer lists with objects.
- 16. Always have a default constructor.
- 17. Be careful with inner (nested) classes.
- 18. Be careful of variable declarations that require construction or initialization.
- 19. Make header files compatible with C and C++.
- 20. Be careful of the scoping of variables declared inside for () statements.
- 21. Declare local initialized aggregates as static.
- 22. Expect complex inlines to be nonportable.
- 23. Don't use return statements that have an inline function in the return expression.
- 24. Be careful with the include depth of files and file size.
- 25. Use virtual declaration on all subclass virtual member functions.
- 26. Always declare a copy constructor and assignment operator.
- 27. Be careful of overloaded methods with like signatures.
- 28. Type scalar constants to avoid unexpected ambiguities.
- 29. Always use PRBool for boolean variables in XP code.
- 30. Use macros for C++ style casts.
- 31. Don't use mutable.
- 32. Use nsCOMPtr in XPCOM code.
- 33. Don't use reserved words as identifiers.

The C++ Portability Guide was made available for distribution under the Creative Commons License (http://creativecommons.org/licenses/by-sa/2.0/).

## When It Comes to Him,

"It" is information. And as a leading supplier of High-Performance Analog, Digital, and Serial I/O, we offer Large FIFOs, Large FPGAs and the Highest Bus Speed in the industry.

Get the Free
Mission Critical Report:
Top Ten Things to
Remember
Before Specifying
a Data Acquisition Board

Call about our Free Loaner Board offers.

Fast Is Not Good Enough.

VME PMC PCI 104+ cPCI

RSC# 21 @www.mil-embedded.com/rsc

General Standards Corporation

High Performance Bus Interface Solutions

REAL-TIME REAL-FAST

Phone: 800-653-9970 Fax: 256-880-8788 www.generalstandards.com

## Behavioral portability

Even if portability is achieved at the source code level and at the library level, the runtime behavior of a program may be very different from one platform to another. In the case of C/C++, runtime behavior is undefined. C/C++ does not specify mechanisms for execution threads, priorities, or even interprocess communications. Thus, these types of issues are relegated to the operating system, and the interfaces are application-specific.

In contrast, both Java and Ada specify a clear runtime semantic. Java goes further than Ada in specifying not only semantics related to thread execution and communication, but also in defining an abstracted operating system complete with its own virtual machine code and memory management known as *byte code* and *garbage collection*, respectively.

For a particular application, all of these runtime characteristics may be fully implemented within the Java Virtual Machine, or may be partially mapped to underlying operating system functionality where available. In any case, the application code is unaware of the implementation layer, and so is completely portable.

It is this sense of portability that makes Java so attractive for embedded development: It is intrinsically much easier to move from one real-time operating system to another, making mission-critical developers much less dependent on, and less locked into, a particular RTOS supplier.

Even with Java's high level of portability, there remain behavioral characteristics that are not consistent across platforms. Most notably, the Java standard does not specify thread timing behaviors, nor predictability of garbage collection activities. These deficiencies generally are not a concern for desktop and enterprise applications but are a major hindrance to the spread of Java to real-time and embedded applications where timing and predictable runtime behavior are critical.

Technologies such as real-time garbage collection and predictable thread semantics, which are embodied in Aonix's PERC Virtual Machine, provide the behavior required for mission-critical applications while remaining fully portable thanks to syntactic compatibility with Java standards. In the realm of hard realtime behaviors, new technologies have been developed that provide precise memory management and hard real-time guarantees suitable for highly constrained and safety-critical applications. These updates to the Java standard are being developed under the umbrella of the Java Community Process [JSR 302 - Safety Critical Java Technology]. This effort is being directed by the Open Group with the cooperation of key companies including Sun, Boeing, Aonix, Rockwell Collins, and Siemens.

Similarly, abstract interfaces for "close to the silicon" activities such as interrupt handling, memory mapping, and device control are being developed based on specifications that are friendly to cross-platform portability.

## Java's portability reduces risk, increases productivity

As embedded applications become increasingly complex, placing the burden of source code, library, and behavioral portability on developers is increasingly risky and nonproductive. It also results in software that is more error-prone and more costly to maintain. Although C++, Ada, and Java each have strengths in terms of portability, the capabilities offered by Java technologies are inherently more productive and scalable, and therefore represent a better long-term bet for embedded systems development.

## **Graphics pose portability problem**

One of the biggest obstacles to portability for desktop and enterprise applications is at the GUI level. Traditionally, GUIs have been application-specific both in characteristics and in terms of the API. A measure of portability can be achieved by building an abstraction layer that is consistent across platforms. Underneath, the abstracted API binds to the underlying graphics engine, such as the Win32 API for Windows, or a flavor of X11 on UNIX or Linux platforms. Traditionally, the GUI has been considered to be tightly tied to the operating system because that operating systems' users are sensitive to a particular look and feel and expect a consistent functionality across applications on their platform.

Neither C/C++ nor Ada provide a standard GUI API, leaving questions of GUI-specific bindings outside the scope of the language. In contrast, Java incorporates GUI APIs (Swing and AWT) directly in the standard. Applications written to the Swing standard ought to have high portability between conforming platforms through the use of a common API. As mentioned previously, the SWT API, defined as part of the open-source Eclipse libraries, offers another portable graphics interface that is widely used by Java programmers. Whereas the goal of Swing is to offer a consistent cross-platform look and feel, the goal of SWT is to offer cross-platform portability with a look and feel matching that expected on the target platform. Which is better is a matter of opinion, but both offer a means to source code portability.

Increasingly, complex embedded applications require more sophisticated graphics capabilities, yet these applications continue to be demanding in terms of performance and footprint characteristics. Swing solutions, typically mapped to a native GUI such as X11, are usually too big, slow, and unpredictable for use in mission-critical embedded applications. Specialized embedded graphics engines such as PEG+ from Swell Software are a more appropriate fit. SWT bindings to PEG+ exist, offering the high performance needed for multi-platform embedded applications while also accentuating portability.



Dave Wood has been involved with realtime and embedded software for more than 25 years. His activities have included analysis, design, coding, testing,

research, and marketing of technology in commercial avionics, telecom, defense, multimedia, software tools, and consumer electronics applications. Dave has worked for Lear Siegler, General Electric, SofTech, ComLogic, and the Software Engineering Institute at Carnegie Mellon University, and presently serves as marketing director for Aonix. He holds a BA from Kalamazoo College.

### Aonix

5930 Cornerstone Court W, #250 San Diego, CA 92121 858-824-0254 • Fax: 858-824-0212 dave.wood@aonix.com www.aonix.com

# Your community resource for VME-industry news, user groups, and the VME blog We will be a series of the series of

## Safety-critical Java enhances reliability while reducing test and certification costs

By Ole N. Oest, DDC-I

Java provides an excellent environment for developing embedded software. Until now, however, Java has been too big, complex, and unpredictable for safety-critical applications. To address this shortcoming, the Safety-Critical Java Expert Group (JSR 302) (http://jcp.org/en/jsr/detail?id=302) is working on a subset of real-time Java that will make it easier to develop reliable, deterministic code suitable for safety-critical applications requiring FAA certification.

The Java Community first addressed the real-time limitations of Java when it convened the Real-Time for Java Expert Group (RTJEG) in 1999, which developed the Real-Time Specification for Java (RTSJ). This specification, an extension of The Java Language Specification and The Java Virtual Machine Specification, enhances real-time responsiveness by introducing mechanisms for preemptive scheduling and priority inversion avoidance, and providing tools that allow tasks to avoid garbage collection delays.

The Safety-Critical Java Expert Group will further refine the RTSJ, making it suitable for safety-critical applications with the most demanding testing requirements. In particular, the Safety-Critical Java Expert Group will trim the RTSJ spec, ensuring that conforming safety-critical applications can be run without requiring a garbage collector or heap at all, and ensuring that the rigors of FAA certification to DO-178B level A can be met.

As a member of the Safety-Critical Java Expert Group, Phoenix-based tool developerDDC-I,Inc.(www.ddci.com/pr) will be drawing on its pioneering work in developing the Ada 95 specification, which is the "gold standard" for safety-critical programming languages. DDC-I will also bring to bear its extensive FAA DO-178B experience, which is the "gold standard" for certifying safety-critical systems.

Ole N. Oest is the chief operating officer of DDC-I, Inc., a manufacturer of safety-critical software development tools for more than 20 years. Ole can be contacted at ooest@ddci.com.

## Custom real-time kernels versus COTS Real-Time Operating Systems

By Alex Polmans and David Mosley

Embedded systems need framework software such as an operating system, communication stacks, and device drivers, but choosing whether to purchase an RTOS or develop a custom framework is not an easy decision. Development time and effort must be weighed against the needs of certification testing in order to determine the most cost-effective approach to follow. Making the wrong choice early in the development effort can carry a significant time and cost penalty. Development tools can help defer that choice until it becomes clearer.

Software has become the dominant cost factor in today's embedded systems, leaving design teams with a critical choice: make or buy? The choice may not be as simple as it first appears, however, especially for the framework code needed by safety-critical applications. The interplay of factors such as development effort and certification testing requires careful consideration when choosing between a commercial operating system and custom-developed software. The right development tools can help.

## The custom vs. COTS choice

To keep software costs at a minimum, and to maximize system reliability, software should be optimized for the design. Optimized software contains only the code for performing the required tasks, and no more. This code has two elements: application code and framework code. Application code handles all of the application-specific data analysis and manipulation tasks, while framework code provides common support functions such as task scheduling and the interface to resources such as hardware, I/O, storage, and user interfaces. Application code is typically custom-written; however,

because the framework will be common between multiple applications, it may be bought as a library or provided as part of the development environment.

The way to create an optimized framework is to assemble it from a combination of small, reusable existing code modules obtained either commercially or from prior projects, and then add new, custom-written code elements. By thus implementing only the bare bones of a framework, developers can ensure that the framework is as small as possible, and contains only the essential support code required by the application. The bare bones framework code may also be simpler to test and more reliable than full-blown commercial software. Because of its size and general purpose nature, a commercial operating system often contains unused and sometimes unexpected pathways that can create surprising behaviors during development and add time and complexity to certification testing.

Still, choosing the buy option for software has several advantages. A COTS Real-Time Operating System (RTOS) may contain nearly every framework element that a system might require. Moreover, these elements are already integrated and tested. Eliminating the integration and testing of framework elements from the development task can save from one to six months of effort on average. Although the COTS framework code may be far from optimal in size, its completeness and robustness reduces project software development to application development alone.

A hybrid option exists for obtaining partially-optimized software: strip COTS software of unneeded elements. Many RTOS vendors offer mechanisms for removing unneeded elements from the RTOS during compilation. Typically these mechanisms take the form of software switches that the developer invokes during the build and compilation processes. These switches may be coded as **#defines** in C header files, or set in XML files, and specify which elements to include in or remove from the generated output.

The amount and granularity of the "whittling" that is possible varies with the vendor. Often, the options are too global to provide a high degree of optimization. For example, the disk subsystem of one popular OS contains more than 100 library elements, and developers cannot pick-and-choose among those elements. Even if a project requires only one portion of the disk subsystem, the OS will provide the entire subsystem, leaving a lot of surplus "meat" on the "bare bones." The reduced version may be lighter than the full-scale RTOS, but the size and complexity are still far greater than needed, as illustrated in Figure 1. Custom bare bones framework software, even with scheduling included, requires far less code than the typical COTS RTOS. This size reduction can translate into significant savings during testing.

## **Optimization still required**

The importance of having optimized code has changed subtly over the past decade. Code's impact on system memory requirements used to be the dominant factor in determining how much optimization was necessary. But both memory size increases and cost-per-bit decreases have been so dramatic that memory is not usually a significant factor in the makeversus-buy trade-off for any but the most resource-sensitive systems. The dominant factors now are development effort and certification testing.

pplication

**CORBA** 

200k

20k



### Figure 1

## Development effort considerations

Development effort increases dramatically as a function of system software's complexity. To gauge if a project is simple enough to not require a full-blown RTOS, consider the framework services that its software requires. A basic runtime operating system, for instance, provides a scheduler for organizing tasks, timers to support scheduling, a program loader to activate the application code, and basic communications such as a serial port or keypad. The application itself is not necessarily trivial, but as long as its demands for services are simple, a basic runtime kernel may be sufficient and custom software may provide the lowest cost alternative.

The same holds true for systems that run multiple applications, as long as the applications do not interact. In such cases, adding a round-robin time scheduler can account for the additional applications without adding significant complexity to the software. As with the single application, developers can readily support multiple, independent applications with a basic, custom runtime OS.

When system requirements include multiple, interdependent applications, however, a COTS RTOS becomes the stronger candidate. While any competent programmer can create a cyclic task scheduler or serial interface, systems that must handle multiple concurrent tasks with interrupt-driven re-entry or must provide an Internet-compatible protocol stack need programmers with specific expertise in these areas. If such expertise is not available in-house, it must be sought and acquired from outside, delaying that aspect of project development. If the expertise is available in-house, applying

those personnel resources to develop the framework software may not be a profitable use of their time. Their work on the framework makes them unavailable to work on the application code, which is usually where a product's added value resides.

The COTS RTOS is also a good choice for systems that need to support downloadable applications. Creating framework software that can handle applications without knowing in advance what the applications will require can quickly become an overwhelming task. Similarly, a COTS RTOS may also be the best way of handling security requirements such as preventing downloaded applications from interfering with one another. For example, an ARINC 653 compliant RTOS, can guarantee that downloaded applications are separated by both time and memory space partitioning so that there in no risk of one application gaining access to

another's data or other resources. Both the development time and expertise requirements of complex systems, then, favor purchasing a COTS RTOS to provide framework code. As illustrated in Figure 2, the effort it takes to add a COTS RTOS into the system can be as low as one to two weeks (mostly for training on the new software), while developing and integrating a custom framework can take substantially longer. The final system code using the RTOS is suboptimum in terms of its size and complexity, however.



## Consider certification and test costs, too

That added software complexity can have a financial impact. In addition to development efforts, test and certification costs must be examined when considering the make-versus-buy decision. These costs include all of the unit and system testing needed to validate that the software functions as intended, and the documentation artifacts required to verify the software's compliance with applicable guidelines, standards, and regulations. Unfortunately, in the make-versus-buy decision for software, development and test cost considerations can often come into conflict. A decision that reduces one can trigger a significant increase in the other.

The cost and difficulty of FAA certification, for instance, unilaterally increases as a function of code size and the consequences of an undetected error. Such costs can be as great as three times

## Software—more os options open up

the cost of development for safety- or mission-critical system software, where certification standards often require that testing exercise all possible combinations of execution pathways through the software, regardless of whether or not they are expected to occur during normal software operation. As shown in Figure 3, the number of test steps needed in these cases increases exponentially with the number of branch statements (N), for

example, by  $2^N$ . Thus, the surplus code of a COTS RTOS can greatly increase the amount and cost of the certification testing, outweighing the savings in reduced development effort.

The hybrid approach of reducing the COTS RTOS may not be an option. Safety-and mission-critical software standards often require the complete removal of unused code from the system. By not

allowing *dead* code, these standards seek to avoid problems that might occur if a system glitch causes normally dormant code to get executed. Removal of all dead code may be difficult or impossible with a COTS RTOS.

The need for safety and certification testing, therefore, tends to favor custom development. Yet, the results are not clear cut. Custom development leads to smaller code, which leads in turn to reduced testing. On the other hand, COTS software may already have achieved certification. Commercial RTOSs, for example Wind River's VxWorks Platform for Safety Critical and LynuxWorks' LynxOS-178 are precertified, so that their certification costs are spread across multiple customers, reducing the burden on a specific project. Depending on the nature of such certification, its applicability in supporting project certification, and the cost savings involved, precertified COTS software may actually prove to be costcompetitive with custom software in the testing stage.

## Tools reduce risk

The complex and interrelated factors of development time and certification costs are not amenable to simple decision making, yet the choice is critical to minimizing total project costs. The risk of making the wrong choice is high, especially because such choices are often made in the early stages of system software development. Later, when system needs have become clearer, the choice is less risky. As a result, development teams should consider an approach that helps defer the COTS versus bare-bones choice.

Development tools offer this type of approach. Tools such as DDC-I's SCORE are OS-agnostic, meeting standards such as ARINC 653, Eclipse, and POSIX for producing portable code. Such tools allow application code to be developed without first choosing the operating system that the code will run under, freeing teams from the risks of locking in an RTOS choice early in the project. They achieve this flexibility by providing a software switch to use at compilation time that directs the compiler's output to conform



RSC# 26 @www.mil-embedded.com/rsc

to whichever application programming interface the user indicates, whether a COTS RTOS or the small runtime kernel that DDC-I supplies. This flexibility can provide developers with the freedom to delay the makeversus-buy and what-to-buy decisions until the project's needs are stable and clear.

## Waiting clarifies choice

The complexity of the makeversus-buy decision still remains, but having the opportunity to develop the application software first

removes much of the risk. Development tools that allow the application code to remain independent of the operating system provide that opportunity. With the application code in hand, the suitability of each operating system option becomes clearer. Then, making the choice between a COTS RTOS and a custom bare-bones

## **Test Effort**



Relative Code Size Figure 3

approach becomes a comparison of development and test costs.



Alex Polmans, Senior Software Engineer at DDC-I, Inc., has 15 years of experience as a software engineer in naval systems

and 5 years' experience in software tools and runtime development for DDC-I.

He holds a BSc in Engineering (Electronics) and a BSc (honors) in Computer Science from the University of Natal, South Africa.



David Mosley is a Senior Software Engineer at DDC-I, Inc. He has 28 years of experience in compiler development,

specializing in embedded environments. He holds an MS in Computer Science from the University of Arizona.

## DDC-I, Inc.

1825 E. Northern Avenue, Suite 125 Phoenix, AZ 85020 602-275-7172 sales@ddci.com www.ddci.com

## Nothing empowers performance like PowerMP!

The PowerMP concept is designed to provide off-the-shelf and off-the-chart performance for your critical computing needs in demanding environments. Each MP system is a high-performance, low-cost COTS-based multiprocessor computing solution based on industry standards and Pentium and/or PowerPC architecture.

## The new PowerMP6 - a multi-Pentium, ready-to-use solution

When you place a premium on software productivity and performance turn to the turnkey computer system that sizzles—PowerMP6. The newest in the PowerMP line, the PowerMP6 consists of multiple Pentium-M boards in a 19-inch rack. Running Red Hat Linux on the Intel processors supports software productivity and portability through an extensive set of open source and commercial tools and libraries. Performance is dictated by the number of Pentium M processors the system runs and the PowerMP6 available in various customized configurations of up to eight processor boards in a rack.

The PowerMP6 features optimized message passing interface (MPI) for multiprocessor communications and contains software tools geared for such tasks as real-time performance analysis, remote control operations and monitoring system management.

## The PowerMP4-60 - RapidIO™ system entry

The PowerMP4 fills the embedded industry's need for reliability, increased bandwidth and faster bus speeds. It combines PowerPC and Pentium-M technology and takes advantage of the outstanding compute power to power dissipation ratio of the PowerPC technology as well as the wide spectrum of software tools available on PC platforms. PowerMP4-60's RapidloTM high-performance and packet-switched interconnect technology meet your demanding embedded system needs.

## The specialists in embedded performance

Thales' Computers include development of commercial and ruggedized VMEbus & CompactPCI systems solutions based on PowerPC and Pentium microprocessors. Thales' products are optimized for a wide variety of applications in the military, aerospace, transportation, communications, and industrial markets and are used by blue chip customers worldwide.



For more information please contact:

Luc Torres

Tel: 33(0)4 98 16 33 95

e-mail: luc.torres@thalescomputers.fr

www.thalescomputers.com



## RTD Embedded Technologies, Inc.

"MIL Value for COTS prices"™







Pentium\* M cpuModules\*\*



8000 MIPS dspModules"

| deduc epartidudes           |                                                         |                  |                  |                      | l cikiaiii iii cpaniodales |                 |                 |                 |                 | 1               |                 |                 |                 |                 |
|-----------------------------|---------------------------------------------------------|------------------|------------------|----------------------|----------------------------|-----------------|-----------------|-----------------|-----------------|-----------------|-----------------|-----------------|-----------------|-----------------|
|                             |                                                         | Pentium® M       |                  |                      | Intel® Celeron®            |                 |                 |                 |                 | AMD Geode       |                 |                 |                 |                 |
| cpuModules™<br>-40 to +85°C |                                                         | CMX58886PX1400HR | CMD58886PX1400HR | CMX58886PX1400HR-BRG | CMD58886PX1400HR-BRG       | CME47786CX650HR | CME47786HX650HR | CML47786CX650HR | CML47786HX650HR | CMX47786CX650HR | CMX47786HX650HR | CME26686HX333HR | CME27686HX333HR | CME27686CX333HR |
|                             | AT Expansion Bus                                        |                  |                  | ~                    | 1                          | 1               | ~               | 1               | V               | ~               | 1               | 1               | 1               | 1               |
| Bus                         | PCI Universal Expansion Bus                             | 1                | 1                | V                    | 1                          | 1               | 4               | 1               | 1               | ~               | 1               |                 | 4               | V               |
| 8                           |                                                         | 4                | 4                | 4                    | 4                          | - 4             | 4               | 4               | - 4             | - 4             | 4               |                 | 4               | 4               |
|                             | APIC (add'l PCI interrupts)                             | 9                | 9                | 9                    | 9                          | 9               | 9               | 9               | 9               | 9               | 9               |                 |                 |                 |
| CPU and BIOS                | CPU Max Clock Rate (MHz)                                | 1400             | 1400             | 1400                 | 1400                       | 650             | 650             | 650             | 650             | 650             | 650             | 333             | 333             | 333             |
|                             | L2 Cache                                                | 2MB              | 2MB              | 2MB                  | 2MB                        | 256k            | 256k            | 256k            | 256k            | 256k            | 256k            | 16K             | 16k             | 16k             |
|                             | Intel SpeedStep Technology                              | 1                | 1                | ~                    | 1                          |                 |                 |                 |                 |                 |                 |                 |                 |                 |
|                             |                                                         | 2.0              | 2.0              | 2.0                  | 2.0                        | 1.0             | 1.0             | 1.0             | 1.0             | 1.0             | 1.0             |                 |                 |                 |
|                             | Max Onboard DRAM (MB)                                   | 512              | 512              | 512                  | 512                        | 512             | 512             | 512             | 512             | 512             | 512             | 256             | 256             | 256             |
|                             | RTD Enhanced Flash BIOS                                 | V                | 4                | ~                    | 1                          | 1               | ~               | 1               | 1               | V               | 1               | 1               | ~               | 1               |
|                             | Nonvolatile Configuration                               | V                | 1                | ~                    | V                          | 1               | ~               | 1               | 1               | V               | 1               | 1               | ~               | 1               |
|                             | Quick Boot Option Installed                             | 1                | 1                | 4                    | 1                          | 1               | 1               | 1               | 1               | V               | 1               | 1               | 1               | 1               |
|                             | USB Boot                                                | 1                | 1                | -                    | 1                          | 1               | 1               | 1               | 1               | ~               | 1               |                 |                 |                 |
|                             | Watchdog Timer & RTC                                    | 1                | 1                | 1                    | 1                          | 1               | ~               | 1               | 1               | ~               | 1               | 1               | ~               | 1               |
|                             | IDE and Floppy Controllers                              | 1                | 1                | V                    | 1                          | 1               | ~               | 1               | 1               | ~               | 1               | 1               | ~               | 1               |
|                             | SSD Socket, 32 DIP                                      |                  |                  |                      |                            |                 | 1               |                 | - 1             |                 | 1               | 1               | 1               |                 |
| Peripherals                 | ATA/IDE Disk Socket, 32 DIP                             |                  | 1                | 1                    | 1                          | 1               |                 | 1               |                 | 1               |                 |                 |                 | 1               |
| þ                           | Audio                                                   | 1                | 1                | ~                    | 1                          | 1               | ~               | 1               | 1               | *               | 1               |                 |                 |                 |
| ÷                           | Digital Video                                           | 200000           | LVDS             |                      |                            |                 |                 | TTL             | TTL             | 1000000         | LVDS            | The second      |                 | TTL             |
| ď                           |                                                         | - Contract to    |                  | SVGA                 |                            | 0.00            | SVGA            |                 | SVGA            | SVGA            |                 | 100000000       |                 | SVGA            |
|                             | AT Keyboard/Utility Port                                | 1                | 1                | ×                    | 1                          | 1               | ×               | ~               |                 | ~               | 1               | 4               | × .             | 4               |
|                             | PS/2 Mouse                                              | 1                | 4                | ·                    | *                          | 1               | *               | 1               | *               | V               | Y               | 1               | -               | ~               |
| _                           | USB Mouse/Keyboard                                      | 1                | 1                | 1                    | 1                          | 1               | ~               | 1               | V               | ¥.              | 1               | · /             | 1               | ~               |
|                             | RS-232/422/485 Ports                                    | 2                | 2                | 2                    | 2                          | 2               | 2               | 2               | 2               | 2               | 2               | 2               | 2               | 2               |
|                             | USB 2.0 Ports                                           | 2                | - 4              | 2                    | 4                          | 20              |                 | 76211           |                 |                 |                 |                 | - 22            |                 |
| 0                           | USB Ports<br>10/100Base-T Ethernet                      |                  |                  |                      |                            | 2               | 2               | 2               | 2               | 2               | 2               | 2               | 2               | 2               |
| 2                           | ECP Parallel Port                                       | 1                | 1                | -1                   | 1                          | 1               | 1               | 1               | 1               | 1               | 1               | 1               | 1               | 1               |
|                             |                                                         | V                | 833              | ·                    |                            | V               | Y               | ¥               | 1               | V               | *               | 1               | -               | V               |
|                             | aDIO(Advanced Digital I/O)<br>multiPort(aDIO, ECP, FDC) | 18               | 18               | 18                   | 18                         | 18              | 18              | 18              | 18              | 18              | 18              | 18              | 18              | 18              |
| _                           | DOLL BOST - II I                                        | 1                | 1                | -                    | 1                          | 1               | 4               | 1               | V               | 4               | 1               | 1               | 4               | 4               |
| SW                          |                                                         | 1                | 1                |                      |                            | 1               | 1               | 1               | 1               | ×,              | 1               | 1               | 1               | 1               |
| 4)                          | DOS, Windows, Linux                                     | V                |                  | V                    | V .                        | V               |                 | 1               | V .             | · V             | 1               | V               | ~               | /               |



## IDAN"- Intelligent Data Acquisition Node

- Easily build your PC/104 system
- Rugged PC/104 stackable framed modules
- Quick interchangeability and expansion
- Structural heat sinks and heat pipes
- Optional cooling fins
- Milled aluminum frames
- Standard PC connectors
- · Optional MIL-SPEC paint & shock mounts
- −40 to +85 °C

## **Full Product Line and Pricing Online**

A Founder of the PC/104 Consortium • ISO9001:2001 Certified Copyright © 2006 RTD Embedded Technologies, Inc. All rights reserved.

## ©2006 OpenSystems Publishing. Not for distribution.



## dspModules<sup>zm</sup>

- Coprocessors
- Accelerators

## Specialty I/O

- · Pulse width modulator
- Incremental encoder
- Opto-isolated MOSFET

## Frame Grabbers

- · Single or multi-channel
- MPEG-2 compression

### Video Controllers

- Analog VGA
- · TTL and DVI panels

## **Communication Modules**

- · Copper or fiber Ethernet
- USB 2.0 and Firewire
- · CAN Bus & CAN Spider
- Dual Synchronous Serial
   Quad Serial w/ Ethernet
- Octal PCI Serial

## Wireless Telematics

- GSM, GSM-R, CDMA
- · EDGE, GPRS, SMS
- · GPS, Wi-Fi, Bluetooth

### **Motion Controllers**

- DC motor controllers
- Synchro, resolver, LVDT

## **Power Supplies**

- 50/75/83/88/100 Watts
- Wide input range
- ATX Power Supply
- UPS backup
- MIL-STD-704/461

## Mass Storage

- 1.8/2.5" IDE & PCMCIA
- CompactFlash



## HighRel PC/PCI-104 Modules and Systems

-40 to +85°C





dataModules®

-40 to +85°C

AT Expansion Bus

Single-Ended Inputs

Max Throughput (kHz)

Max Resolution (bits)

Autonomous SmartCal **Data Marker Inputs** Channel-Gain Table

Scan/Burst/Multi-Burst A/D FIFO Buffer

DMA or PCI Bus Master

Bit Programmable I/O

**Advanced Interrupts** 

Opto-Isolated Inputs

User Timer/Counters

**External Trigger** 

**Relay Outputs** 

**Analog Outputs** 

Resolution (bits)

**Output Ranges** 

D/A FIFO Buffer

Incr. Encoder/PWM

Max Throughput (kHz)

**Opto-Isolated Outputs** 

Input FIFO Buffer

Sample Counter

SyncBus Total Digital I/O

Input Ranges/Gains

**Differential Inputs** 

**PCI Expansion Bus Master** McBSP Serial Ports

Smart A/D

SDM7540HR

16 16

8 я

1250 1250 40 500

12 12

3/7 3/7

8k 8k

16 16

8k

8k

1

8

2

8k

3

SDM8540HR

Analog I/O

16

R

12 16

8k

16

8

2

8k

2 3 3 3 3 ્ય

2

200 100

12 16

3 1 4 4

2 2 2 2

8k

3/1 3/4

100 1250

1/4 3/6

8k Sk

16

8

81

200 200

12 12

8k 81



Wireless Telematics Digital I/O

32

16 48 16

16 16

32 48

16

2

4M

10

48 18/9



Frame Grabbers

### RTD FieldPads™

- · Ruggedized, embedded computer systems
- User-specified CPU and PC/PCI-104 expansion
- Weathertight components
- Integrated 6.5-inch video panel, keyboard
- Heat pipes for high performance CPUs
- User-defined MIL connectors
- Internal and external battery packs
- Expand with any RTD PC/PCI-104 product



## Industrial FieldPad"

Ideal for control and monitoring of processes on factory floors or industrial installations. Mounting flanges allow the unit to be installed on machinery or walls, enabling standard PC access in a rugged enclosure resistant to industrial environments.



## Tactical FieldPad"

Designed for mobile and portable applications where the angled panel and ergonomic design allow for optimal viewing with flexible positioning, Data collection/downloading and information access accomplished through wired or wireless connections.

## 8k HiDAN" and HiDANplus" - HighRel Intelligent Data Acquisition Node

HiDAN is a rugged, watertight enclosure for a stack of PC/104 modules

200 200

12 12

4 4

- HiDANplus combines the modularity of IDAN with the environmental ruggedness of HiDAN
- Integrated tongue and groove O-ring for environmental sealing and EMI suppression
- Structural heat sinks and heat pipes
- Optional cooling fins
- Milled aluminum frames
- Stackable signal raceway
- Optional MIL-SPEC paint
- MIL I/O connectors Shock-mount optional
- -40 to +85 °C





## "Accessing the Analog World"

## www.rtd.com

Specifications, manuals, drivers, and plant tour

## RTD Embedded Technologies, Inc.

103 Innovation Blvd . State College, PA 16803 T: 814-234-8087 • F: 814-234-5218

## **Technology**

## **Building secure software:** Your language matters!

By Robert B.K. Dewar, PhD, and Roderick Chapman, PhD

Producing secure systems requires advance planning: You have to design security in from the start, rather than reactively patch software in response to vulnerability reports. This "security up front" approach demands programming languages that help prevent bugs and insecurities from being introduced into software in the first place, static analysis tools that catch errors early, and development techniques that can provide confidence in the correctness of the resulting system. The Ada and SPARK languages satisfy these requirements more easily than alternatives such as C, C++, and Java, and SPARK has advanced the state of the practice with its rigorous proof-based approach to system security verification.

Reliability is obviously important for any piece of software, but there are two domains where reliability is not just a desirable goal but an essential requirement. The first is safety-critical systems, where a defect can directly lead to loss of life or have other catastrophic consequences. Familiar examples are commercial aviation, medical instrumentation, and automobile control. The second is the area of security-critical systems. Here we demand not only completely reliable behavior in normal operation, but also resistance to deliberate attempts at subversion. High-profile areas include banking, power station control, and electronic voting.

Developing a secure system involves an end-to-end analysis of all hardware and software components, and an analysis of possible vulnerabilities caused by human links in the chain. We focus herein on the choice of programming language and related tools. Although this is just one of the issues that must be considered, its effect is pervasive. We will look in particular at Ada[1] and at the Ada-based SPARK language[2], which have been successfully used for safety-critical systems and are attracting growing interest in the security community.

## Maintainability

Recognizing that in large, critical projects the major costs come from verification and maintenance, Ada and SPARK have been designed with an emphasis on ease of reading versus ease of writing. For example, a compact notation like the "++" operator in C and C++ may be convenient for writers, but its succinctness comes at the price of understandability, especially in contexts such as x[i++]. Since its effect can be obtained by alternative and clearer constructs with equivalent performance, "++" is not provided by Ada or SPARK. As another example, Ada and SPARK allow underscores in numeric literals as a way of making the value easily understood. The hexadecimal literal



16#FFFF\_FFFF\_FFFFFFF# in Ada and SPARK is readily seen to mean 2<sup>64</sup>-1; the corresponding literal in C, C++, and Java would be 0xFFFFFFFFFFFFFFFFFF, which requires careful scrutiny by the reader to check that the number of digits is correct.

## **Modularity**

Arguably the most important feature of Ada, and inherited by SPARK, is its modularization facility. The package construct, by partitioning a module clearly into a specification and a separately compiled implementation, helps developers to decompose complex programs into manageable pieces. A key aspect of developing a secure system is to build it from separate components where the correctness of each component can be individually verified, and where the interactions among the components are controlled. The separation of specification and implementation (see Listing 1) is important in achieving this goal, and is a point of contrast between a language like Ada or SPARK and other languages. In C++, the use of header files can be used to partially obtain this effect, but the language does not enforce this usage. Java makes no attempt at such separation – a class combines a module's specification and its implementation - and a supplemental tool such as JavaDoc must be used to separate these concerns.

## Semantics for scalar data

One of Ada's and SPARK's strengths is the ability to specify ranges on scalar data, for example constraining an integer variable to be in the range 1 through 100. Whether it is used in testing during unit debugging, in data validation of user input during program execution, or in formal correctness proofs during system development, the specification of allowable ranges is an important Ada and SPARK idiom, absent from the C family of languages and Java. Range checking is automatically performed on array indexing, helping Ada and SPARK avoid the "buffer overflow" problems that are a well-known vulnerability in C and C++ programs.

## Listing 1: Ada package structure

```
-- Package specification:

package Crypto is

function Encode (Plaintext : String) return String;
function Decode (Ciphertext : String) return String;
end Crypto;

-- Package body (implementation):
package body Crypto is

... -- Auxiliary declarations

function Encode (Plaintext : String) return String is
begin
 ... -- Algorithm
end Encode;

function Decode (Ciphertext : String) return String is
```

The package body for Crypto contains all of the implementation details for the Encode and Decode functions. Users of the package see only the source code for the package specification; the package body can be completely hidden.

Integer overflow is another potential source of insecurity. In Ada, this issue is addressed with well-defined and intuitive semantics: An integer overflow raises an exception rather than yielding an undefined result (as in C and C++, which presents a security vulnerability) or silently wrapping around to the most negative number (as in Java, which is unintuitive and error prone). SPARK goes even further than Ada, with static analyses to prove that an overflow could not occur for any input data.

## Concurrency

... -- Algorithm
end Decode;
end Crypto;

Many kinds of applications are naturally concurrent, comprising a set of activities (referred to as "threads" or "tasks," depending on the specific language) that operate either with actual parallelism on a multiprocessor or are multiplexed on a single processor under the control of an operating system or runtime executive. Designing concurrent programs and demonstrating their correctness is intrinsically more difficult than for sequential programs, since concurrency introduces opportunities for new sorts of errors that can lead to bugs or insecurities:

■ Race conditions, where the result of a program depends on the relative speed at which threads execute

- Data corruption, where one thread is assigning to a data object while some other thread is trying to access the same object
- Deadlock, where several threads are blocked and unable to proceed because each is waiting for some resource that is held by one of the other threads
- Starvation, where a thread is eligible to run but makes no progress because of preemption by other threads

Although such errors cannot be completely prevented through language features, Ada's concurrency model makes these problems easier to avoid. As one example, the semantics of Ada's protected object construct ensures that between the time a task checks the state of a shared object and when it takes some action based on that value, the state could not have changed. This assurance helps prevent a subtle race condition that could lead to an insecurity. SPARK includes a restricted set of Ada concurrency features, known as the *Ravenscar Profile*[3], that is amenable to formal analysis. C and C++ do not have concurrency features, so the programmer needs to deal with these issues in a platform-specific manner based on whichever thread library is being used. Java's concurrency model is built on low-level

## -Technology—feeling confident: mil systems lose their insecurities-

primitives that are rather error prone and require extreme care in practice to avoid these problems.

## **Subsetting**

Like their safety-critical counterparts, security-critical systems have a frustrating dilemma: Languages that might be useful because of their expressiveness are too complex to be used in their full generality. Their semantic richness is beyond the state of the art in demonstrating correctness, both for a program using the features and for the runtime support libraries that implement them. The solution in practice is to define subsets that are large enough to provide the needed functionality but small enough to allow verification of correctness. Indeed, the subsetting approach is being used for C, C++, Ada, and Java.

Two characteristics make Ada distinctive. First, its design is more orthogonal and thus more amenable to subsetting than other languages. As examples, MISRA C[4] has a number of ill-defined and awkward boundaries, and any attempt to subset Java by removing its dynamic flexibility immediately clashes with that language's main design philosophy. Second, through the language feature known as *pragma Restrictions*, Ada subsets can be defined by the application programmer, most likely on a project-by-project basis. As an example, it is straightforward to define a subset in which heap allocation is prohibited:

pragma Restrictions (No\_Allocators);

**pragma** Restrictions (No\_Implicit\_Heap\_Allocations);\
The specific subset can be tailored to the requirements of the application and to the analysis and verification techniques that will be used during development. This is preferable to using a "one-size-fits-all" subset defined by some third party, which might not match project requirements.

### Formal methods and SPARK

In the safety-critical field, traditional testing-based verification approaches have been rather successful. However, it is well known that testing can reveal the presence of bugs but cannot demonstrate their absence. For security-critical systems, testing alone is insufficient; a higher degree of assurance is required. This can be accomplished through a more rigorous process: specify in advance the properties required of the program, and then formally demonstrate that these properties are satisfied by the running program. Achieving this type of assurance affects the entire process from start to end. It requires a language that allows the design decisions and requirements to be embedded into the code from the outset, and an associated toolset that can verify that these design decisions are met.

Ada can serve as an effective basis for such a language, but it would need to be restricted to avoid constructs that interfere with verification as well as augmented to include constructs that allow

the specification of program properties in the source code. The SPARK language[2], developed by Praxis High Integrity Systems, may be regarded as the result of carrying out such a design. It inherits the advantages of Ada discussed previously but then adds a layer of "annotations," expressed in Ada comment syntax and illustrated in Listing 2, which allow a program to specify the criteria that must be satisfied by the running code. Static analysis tools process the annotations and either confirm that the program will meet its stated criteria or else detect and identify the defects. Detected insecurities include references to uninitialized variables, buffer overflow, storage overrun, arithmetic overflow, and division by zero. SPARK uses theorem-proving technology to show that a program could never exhibit such a failure at runtime for any input data. This offers a level of protection and assurance beyond any other language or toolset. The SPARK annotations are also designed so that the analyses are modular: You can analyze individual components and do not need to wait until you've finished the whole program to get meaningful results.



Watch your language:



## Listing 2: SPARK example

**function** Sgrt (X : **in** Natural) **return** Natural: --# **return** Y => (Y \* Y) <= X and (Y + 1) \* (Y + 1) > X;

This example shows the specification of a function that returns the truncated integer square root of its argument. Note that Natural is the non-negative subrange of Integer values.

## You never know who might be listening

For security-critical systems, and as summarized in Table 1, the language choice has a major impact on the ease or difficulty of demonstrating freedom from vulnerabilities.

Ada, with its emphasis on readability, its flexible modularization facility, its type model (including range checks on scalar data and mathematically intuitive overflow semantics), and its high-level concurrency features, is a stronger foundation for developing secure systems than C, C++, or Java. Moreover, Ada's flexible approach to subsetting lets applications define a la carte subsets that can reflect specific project requirements. SPARK, with Ada semantic underpinnings, goes further and allows documenting a program's intent through annotations and then generating formal proofs to verify that the program does what it is supposed to do and does not do what it is not supposed to do. Although building secure systems is a huge challenge, languages such as Ada and SPARK go a long way toward making this effort manageable.



Dr. Robert Dewar is cofounder, president, and CEO of AdaCore. He has also served as a professor of computer science at the Courant Institute of New York University. He has been involved with the Ada programming language

since its inception in the early 1980s and led the NYU team that developed the first validated Ada compiler. A principal architect of AdaCore's GNAT Ada technology, Dr. Dewar has written and presented on a variety of topics including software licensing, programming language issues, and safety certification.

### AdaCore

104 Fifth Ave., 15th Floor • New York, NY 10011 212-620-7300

dewar@adacore.com • www.adacore.com



Dr. Roderick Chapman is a principal engineer with Praxis High Integrity Systems, specializing in the development of programming languages and static analysis tools for high-integrity systems. He holds a DPhil in Computer Science and is a chartered engineer and Fellow of the British Computer Society. Dr. Chapman

is internationally renowned for his work on verification of correctness properties of high-integrity software.

## **Praxis High Integrity Systems**

20 Manvers Street • Bath BA1 1PX, U.K. +44 1225 466991

rod.chapman@praxis-his.com • www.praxis-his.com

### References

- Ada Reference Manual, ISO/IEC 8652:200y(E) Ed. 3. www.adaic.org/ standards/ada05.html
- John Barnes. High Integrity Software: The SPARK Approach to Safety and Security. Addison-Wesley, April 2003. ISBN 0-321-13616-0. See also www.sparkada.com
- A. Burns, B. Dobbing, and G. Romanski. "The Ravenscar tasking profile for high integrity real-time programs," Reliable Software Technologies, Proceedings of the Ada Europe Conference, Uppsala, Sweden, pp. 263-275. Springer Verlag, 1998.
- The Motor Industry Software Reliability Association. MISRA-C:2004, Guidelines for the use of the C language in critical systems. MISRA Limited, 2004. See also www.misra-c.com

## Summary of language support for security requirements

|                        | Ada    | SPARK          | C      | C++    | Java   |
|------------------------|--------|----------------|--------|--------|--------|
| Maintainability        |        |                |        |        |        |
| Ease of reading        | High   | High           | Medium | Medium | Medium |
| Ease of writing        | Medium | Medium         | High   | High   | High   |
| Modularity             |        |                |        |        |        |
| Spec/body separation   | High   | High           | Low    | Medium | Low    |
| Namespace control      | High   | High           | Low    | Medium | Medium |
| Scalar data            |        |                |        |        |        |
| Range constraint       | High   | High           | None   | None   | None   |
| Index checks           | High   | High           | None   | None   | High   |
| Overflow checks        | High   | High           | None   | None   | None   |
| Concurrency support    | High   | Medium         | None   | None   | Medium |
| Subsettability support | High   | Not applicable | Low    | Low    | Low    |
| Formal methods support | Medium | High           | Low    | Low    | Medium |

## IPv6 - The next-generation Internet

By Brad Ryan

In order for federal agencies to transition to IPv6, they must first understand the limitations of the current protocol and how IPv6 will provide a base for the next-generation Internet.

The Office of Management and Budget (OMB) has created a basic set of deadlines for federal agencies to transition their networks to IPv6 by June 2008. The migration is one of the most important issues facing government today, as it will directly support the federal government's

modernization of the overall IT infrastructure at large, and in particular, the Department of Defense's (DoD) network-centric initiative. However, the inherent benefits of implementing IPv6 seem unclear, largely adding to the perception that the transition will require an extensive overhaul to a current infrastructure that appears stable and secure. Similarly, some believe that IPv6 does not provide an advantage over IPv4 other than additional address space. In order to grasp the incentives to transition to IPv6, we must first examine the limitations of the current protocol, and what agencies must keep in mind as they prepare for the next-generation Internet.

OMB's mandate was instituted to create a stable foundation that future innovations can be built upon. A recent audit by the Government Accountability Office (GAO) found that 10 of the 24 major agencies between August 2005 and May 2006 have yet to develop IPv6 policies and enforcement mechanisms. As of February 2006, the GAO found that 14 agencies have not begun maintenance and monitoring of networks for the transition. Despite the delay and apparent reluctance of many agencies to initiate an action plan, the DoD has clearly asserted itself as the government leader in the IPv6 movement. Recognizing the magnitude of the challenge for an organization of its measure and complexity, DoD officials are taking a phased, mission-driven approach to the transition (Figure 1).



## IPv4 - Nearing obsolescence

IPv4, the present protocol utilized in TCP/IP communication, was designed solely for data exchange. When IPv4 was implemented in 1981, it was assumed that the protocol would operate in a physically secured environment, as little to no regard was attributed to data protection. Internet history is replete with examples of protocol enhancements and technology work-arounds to keep the Internet functioning. It is also full of examples of security concerns and upgrades to prevent denial of service and loss of critical data. As network architectures and integration become increasingly complex, security devices – both hardware and applications – must continually adapt to keep pace with potential attacks and threats to data security.



Figure 1

## ENGINEERED LIKE NO OTHER

FROM CONCEPTS TO DEPLOYMENT



## V394 "MAVERICK" Ultra High Performance, Dual PMC, PowerPC VME SBC

- · Dual 7447A/7448 PowerPC up to 1.2GHz
- · Up to 1MB of L2 Cache
- · Full Symmetric Multi Processing (SMP) support via Discovery®-III
- . 128-bit AltiVec™ technology support
- · Dual 64-bit 66/100MHz PCI-X local buses
- · Up to 1GB of 333 MHz DDR SDRAM via SODIMM modules
- Two 64-bit 66/100MHz PMC expansion sites, one with rear I/O
- · Ultra SCSI 160 with differential output
- · Three Gigabit Ethernet ports
- · Dual USB, IDE DMA-100, Serial, PS2 Mouse and Keyboard
- · 32MB of application Flash
- · One Multi Protocol Sync/Async Serial port
- · 2MB of Bootable Flash
- · Onboard 2.5 inch IDE Hard Disk Drive (Optional)
- · Parallel port and 21 discreet digital I/O lines
- · Optional triple 66MHz, 64-bit PMC expansion module
- · Supports VME-64 via Tundra Universe-II®
- · Support for 5-row or 3-row VME card cages
- · Front panel LEDs for POST code and Status display
- · Support for VxWorks®, Linux® and QNX® Operating Systems



## CC61X "ROCK"

High Performance, 3U Conduction Cooled, Rugged CompactPCI Pentium® M SBC

- · Up to 1.4GHz Pentium® M processor with up to 2MB of L2 Cache
- · Ultra-low power requirements as low as 12W Max
- · Up to 2GB of 266MHz DDR SDRAM
- · Up to 16GB of Bootable Flash memory
- · Baseboard Management Controller (BMC) to meet PICMG2.9
- Full Health reporting and monitoring with extensive BIT/EBIT
- · Dual Gigabit Ethernet ports with TCP/IP Offloading Engine
- · Dual Video to support DVI and RGB
- · Full Power Management control:
- ACPI 2.0 compliant (Suspend to memory/disk etc.)
- Geyserville® III support (Speed and Voltage stepping)
- Support for battery operation and standby power
- · Four USB-2.0 ports, two Serial ATA and two Serial ports
- 512KB of BIOS/user Flash and 2Kb of Serial EEPROM
- · RTC with onboard and external battery support
- . High speed I/O via SAM™ bus expansion connector (PCI-X or AGP)
- Available in standard 0-55°C or extended temperature -40° to +85°C
- · Onboard heaters allow extended low temperature storage/operation
- Support for Windows® XP/2000, VxWorks® and Linux®

LEADING THE EMBEDDED MARKET SINCE 1979.







PERFORMANCE, RELIABILITY, LONGEVITY

## GENERAL MICRO SYSTEMS, INC.

TEL(800) 307-4863 - gms4sbc.com

©200 BSG# 35 SWWW. PULTER PHON HOLD FOR MISSELLION.

The prevalence of the Internet as an open network architecture, capable of supporting the convergence of multiple services on a common infrastructure, is pushing the limits of IPv4. The supply of Internet address space will not support the current growth rate and it is projected that we will run out of IPv4 addressses by 2008 (Figure 2). Fixes such as Network Address Translation (NAT) and private IPv4 addresses, which were deployed to stem the depletion of IPv4 addresses, will be tested as new computing and communications paradigms emerge.

## **Technical benefits of IPv6**

In 2003, the DoD made a commitment to IPv6 as it began integrating IPv6-compliant equipment into "infostructure" (information infrastructure) upgrades and war fighting applications. As the DoD moves to implement the concept of *network-centric warfare*, each weapon, soldier, helmet, and battlefield asset will require an individual IP address in order to be part of the network, dramatically increasing the DoD's demand for IP addresses. Prospects for an improved Global Information Grid were particularly influential in the DoD's decision, moving it a step closer to its goal of net-centric warfare.

It is important to note that positive benefits from IPv6 implementation are not as palpable as they would be from purchasing a new security technology. As a protocol, IPv6 has great potential for interoperability and scalability within defense programs, but it is the responsibility of each agency to become educated and take the necessary steps to reach that common goal. Only by understanding the *need* and *value* of IPv6 will we be able to instill a plan to turn the DoD's vision of net-centricity into a reality. IPv6 addresses the critical need for more address space and offers a number of benefits, namely end-to-end security and connectivity, secure mobility, quality assurance, scalability, and improved networking management and operations.



### **IPsec security**

The prime component of IPv6 – as it is commonly perceived – will be an increase in the amount of available Internet addresses. The number of available IP address spaces allowed by IPv4 is approximately 4.3 billion, whereas IPv6 substantially increases the number to approximately 3.4 X 10<sup>38</sup>. The improvements in address space are a result of IPv6's 128-bit addressing scheme, compared to the 32-bit scheme used by IPv4. Although NAT has served as an effective temporary solution to the issue of limited address space, it does not promote end-to-end security to the extent of IPv6. Because NAT rewrites IP headers, secure transfer can be achieved only when data moves through a firewall. The significant increase in available IP addresses will allow individual devices to have their own addresses, enhancing the military's ability to track and manage operations remotely (Table 1).



Table 1

Evolving into IPv6 compatible applications will also have a positive impact on various interoperability issues, both at the technical and administrative levels. The simplified headers embedded within IPv6 are regarded primarily for their security

benefits, but the data routing and configuration capabilities inherent within the protocol will assist officials in supporting data sharing efforts, a key focus of net-centricity.

Improved security has been cited as one of the key benefits in upgrading to IPv6, primarily the mandatory incorporation of IPSec. IPSec is embedded within IPv6, whereas it is an optional feature in IPv4. IPSec enables two modes of operation: transport and tunnel. *Transport mode* encrypts the data payload, but not the header information, and is implemented directly between remote systems. *Tunnel mode*, the more secure mode of operation, encrypts both the header and payload of the data packet. Data is decrypted only after reaching its

authorized destination, which is verified by a public key shared by both sending and receiving devices. The added encryption layer of IPv6 enhances security to end-to-end communication, which is critical for military applications.

IPSec supports the secure exchange of packets through the use of two integrated extension headers, simplifying the need for various fields in IPv4. As compared in figure 3, he simplified headers promote flexibility by enabling extensions, which can provide specialized instructions to routers. The Authentication Header (AH) provides authentication and integrity for data packets. Because IPSec self-authentication features eliminate the need for checksums, packet processing time is decreased, leading to general improvements in overall network speed and bandwidth capacity. By providing origin authentication of data packets, the header protects against packet spoofing and modification of fixed fields within the packet. While AH protects against masquerading attacks, it does not provide encryption or ensure confidentiality. The second protocol header of IPSec is the Encapsulating Security Payload (ESP), which uses an independent encryption algorithm to provide confidentiality. Used in conjunction, AH and ESP headers can provide improved security in data transmission.

Although IPSec is embedded within IPv6, it only addresses a fragment of the security issues. The use of these headers requires that both parties involved in end-to-end communication use a common key to create and validate the headers. The integrated AH and ESP headers secure data transmission through the channel, but once received by the host, there is a need for additional security at the application layer. Because IPv6 dynamically assigns IP addresses, it is critical that routing information be verified prior to reaching its destination.

It should be reiterated that data security cannot be centralized to a single layer or even the individual protocol; effective security is a product of the IP protocol, network architecture and access, as well as the policies attributed to a network and its users. In some ways, the evolution of the Internet has resembled a cat and mouse game between hackers and network administrators: As network vulnerabilities are identified, administrators and programmers must develop patches to counter such attacks. It is inevitable that hackers will discover deficiencies within IPv6, but by moving to next-generation networks, we will be better equipped to implement proactive rather than reactive strategies. Table 2 shows the typical network security issues between IPv4 and IPv6, with IPv6's advantages on the right.

Secure and reliable ad hoc connections are a critical element of our nation's defense. The use of wireless communication has clearly progressed to the next phase of its development. However, the potential for data interception and interference raises skepticism among military officials and often deters its routine use. The added layers of authentication and cryptography within



Table 2

### IPv4 Header



- ~20 Byte (Variable Length) Header
- Unnecessary Fields
- Not Extensible

### IPv6 Header



- 40 Byte (Flxed Length) Header
- Extensible Protocol



Figure 3

# -Technology—feeling confident: mil systems lose their insecurities:

IPv6 promote the use of ad hoc networking, as do the continuous improvements in connectivity. Not only will devices be able to configure and connect to networks automatically, static interface ID enables users to move from network to network with seamless connectivity, thus ensuring continuity of operations.

While it will take time for mobile communications to become fully integrated in all sectors of military use, the effective demonstration of its capabilities will ultimately lead to increased research and development. We have only scratched the surface of mobile technologies, but IPv6 has the potential to unlock their full capabilities and range of applications.

#### **Transition toolbox**

Change is often difficult, and transitioning from an IPv4 to an IPv6 network may be challenging and seem unnecessary at the present time. Fortunately, the physical infrastructure, the wires, connectors, cabinets, and racks are identical for both networking standards. A transition to IPv6 does not call for the removal of expensive fiber optic or twisted-pair cables, engineering of new equipment storage rooms, or installation of new wall plates and jacks. At the application level, IPv6 is transparent to the human-machine interface, meaning that officials will continue to use their familiar applications as before.

IPv6 does have an impact on the middle layers – the addressing and routing mechanisms of the network. Once the transition is complete, all of the devices on the network will have new addresses. A fortunate fact about IPv6 is that it is backwards

compatible with existing IPv4 installations. This means that both IPv4 and IPv6 can run simultaneously on the same network while the migration takes place (Figure 4).

Fortunately, it will be a few years before IPv4 is obsolete. The added time provides a window of opportunity for agencies to plan so the transition coincides with normal IT expansions and upgrades. Several sources have recently taken the initiative to outline steps specific for federal agencies. For example, Juniper Networks has developed a series of guidelines to help steer federal agencies through the transition, from evaluating current infrastructure and determining agency needs to actual implementation and management of IPv6. Juniper Networks' IPv6 Best Practices World Report Series Reports can obtained by registering at the following site: www.juniper.net/federal/IPv6.

The following "rules of thumb" were gleaned from dozens of organizations and agencies that have already transitioned to IPv6 and could save agencies significant time and money managing their own transition:

- **Start early:** Transition planning is complex, particularly where new features of IPv6 require changes in the architectural structure of the network.
- Identify and track success measures: Provide senior management with metrics defining strategy, management and governance, technical processes, and transition schedules, conveying the overall strategic value.
- Centralize transition management: In large, distributed



# **Technology**

organizations, centralized management becomes very critical in the transition process. Government agencies should consider forming a transition office.

- Build the business case: Provide the quantitative and qualitative reasons for transitioning to IPv6. When possible, the business case should reflect directly on major program activities and specific solutions and impacts.
- **Resource appropriately:** Resourcing the transition planning and implementation activities should be viewed as a budget saver, and not providing sufficient resources could have costly impacts.
- Leverage executive authority: Take advantage of the authority of the highest-level executive possible within the organization to sponsor the transition program and set policy. This provides significant help to the overall priority of the transition program when competing for resources.
- Develop clear policy and enforcement procedures: IPv6 policies should be released and emphasized on a timely basis. If available, utilize existing methods or tools for review and enforcement of policies.
- Buy and build IPv6 capable: Require that all products and services acquired or developed be IPv6 capable; a strong caveat on this approach is to create a definition of "IPv6 Capable" specific to the organization and update it on a regular basis.
- Transition development resources: Begin migrating expenditures and staff focused on solving problems in IPv4 to solving them in IPv6. Voice over IP, convergence, and QoS are examples where R&D resources could be reallocated to focus on IPv6.

The transition will inevitably result in some inconveniences for departments, partly due to the reluctance of software developers to design IPv6-compatible applications until there is a large enough market incentive. Foreseeing these obstacles, the DoD continues to plan with the future in mind. Integrating IPv6 is a central piece to moving to a net-centric mode of operations, but it is only the start. As other nations and organizations utilize IPv6, the enhancements and benefits of transitioning to IPv6 will become more apparent. In this regard, the DoD and other early innovators will ultimately set the tone and urgency by generating a knowledge base of lessons learned for IPv6 transition.



**Brad Ryan**, chief architect, federal, Juniper Networks, facilitates customers and partners with their designs of next-generation networks and architectures. He has more than 17 years of experience in networking. Brad holds a BS in

Computer Science from San Francisco State University.

#### **Juniper Networks**

Plaza Ridge I, Suite 100 2251 Corporate Park Drive • Herndon, VA 20171-2808 571-203-1700

bryan@juniper.net • www.juniper.net



# Rugged Embedded Computers for Land / Air / Sea Operations

- ECC RAM capabilities
- Fanless operation
- Low power consumption
- Rugged design
- Extended temperature option
- Long term availability
- PC/104-Plus expansions

These features make the MPL products an ideal and compact solution where high processing power, flexibility and high quality is required. MPL products are ready for military, aerospace, medical, oil/gas exploration and many industrial applications.



MPL AG, Täfernstr.20, CH-5405 Dättwil/Switzerland Tel. +41 56 483 34 34, Fax +41 56 493 39 29 US Distributor:SIP Inc. Phone 480-513-8979

# Editor's Choice Products

# On the runway: PMC DSP now ships with Virtex-5



FPGA-based signal processing modules are all the rage this year. But using a Xilinx Virtex-4 is so last year. Instead, well-dressed base boards are all sporting Virtex-5 equipped PMC modules such as the PMC-FPGA05 from VMETRO. Utilizing a very stylish V-5 LX110 FPGA, this general purpose DSP board is targeted at Software-

Defined Radios (SDRs), Electronic Warfare (EW), telecom, surveillance, and all manner of other DSP-based military systems.

Equipped with a PCI-X (66/100/133 MHz) interface that can transfer data at up to 1,067 MBps, the V-5 is a blank canvas surrounded by three banks of 8 MB QDR II SRAM and three banks of 128 MB DDR2 SDRAM, plus 256 Mb of NV configuration flash. The multiple memory banks are ideal for twiddle factors, ping-pong algorithms, or on-the-fly data movement. There's a 64-bit general purpose I/O bus, along with a 138-way high-speed connector for front panel access or customizable I/O. Users can add their own VHDL designs, choose cores from Xilinx or their partners, or rely on VMETRO for logic. VMETRO also thoughtfully provides several firmware examples to help designers dress up their system.

#### **VMETRO**

www.vmetro.com RSC# 30636

# Acoustic data acquisition system slips into 1U rack

Ever been in a nuclear attack submarine? Well, neither have we (does a diesel-electric count?), but we know that equipment's crammed

in every conceivable space, and rack-mount

COTS electronics offer an excellent compromise between cost and capability. So it stands to reason that the daqNet acoustic data acquisition/conversion system in 1U form factor would fit perfectly into an undersea environment. Based upon a design originally developed by ICS (which was acquired by Radstone), the daqNet by Radstone Sensor Processing (which was recently acquired by GE Fanuc Embedded Systems) has extremely high channel density. There are 192 analog and 240 digital I/O channels feeding into the daqNet server, which can be controlled via an Ethernet network.

On the I/O side, the server can be configured with up to four I/O modules: analog input (48 channels per module), analog output (48 channels per module), or digital I/O (60 channels per module). Each digital I/O module provides immediate external signal and time-based trigger capabilities. The dual GbE interfaces are ample for data movement due to the onboard embedded controller that aggregates the I/O. SNMP controls the server, and an unlimited number of servers can be ganged together for huge sensor array farms with the channels synchronized using Radstone Sensor Processing's time stamping capability. Optional features include an external A/D sampling clock, sync, and trigger. The rack-mount daqNet requires forced air cooling and operates over 0° to +50 °C.

#### **Radstone Sensor Processing**

www.radstone.com RSC# 32469

# UAVs talk to front line video receiver/processor

"Dull, dirty, and dangerous" describes the roll of unmanned aerial vehicles on today's battlefields. But usually those UAVs are collecting image data and feeding it to reachback operations centers. However, there is a critical need for front line war fighters to directly receive UAV feeds in order to make tactical decisions. Enter



The rugged terminal not only collects video data but telemetry information as well. This allows human assets to rely on the video terminal also as an exploitation and management system, moving data into a laptop in order to "exploit, map, manage and distribute critical images, clips and segments, or stream live video to others in the field." Additionally, the built-in video editing software is not unlike a full desktop setup, plus a 60-minute built-in Digital Video Recorder (DVR). VideoScout-MC is also integrated with FalconView mapping software.

#### L3 Communications, Advanced Products & Design

www.L-3Com.com RSC# 32468

## Rugged PC revels in sunshine

If you're going to use a PC inside in a benign environment, any old laptop will do. But if you want to toss it around outside, in the sun, or hard mount it to something solid like an armored vehicle, then you need the Wolverine from GE Fanuc Embedded Systems. Designed for industrial applications



- but right at home in defense apps - this HAZLOC approved,

NEMA  $\dot{4}$  Pentium M machine is environmentally sealed and heated for cold temp duty. It's designed to resist corrosion, work over industrial temperatures, and uses a 15" AMTFT LCD for sunlight readability.

The 1.6 GHz Intel CPU can be configured with up to 2 GB of DDR SDRAM and both wired and wireless Ethernet (complete with built-in antenna). The hard drive can be swapped in the field, either to replace a failed unit, upgrade density, or store sensitive data securely. And speaking of sensitivity – it's really the unit's screen that increases the user experience. GE Fanuc Embedded uses an Acrylic-on-Glass Resistive touchscreen, and a variety of "viewing enhancement" filters are included to reduce sunlight loading.

#### **GE Fanuc Embedded Systems**

www.gefanucembedded.com RSC# 19525

Editor's Choice Products are drawn from OSP's product database and press releases. Vendors may add their new products to our website at www.opensystems-publishing.com/vendors/submissions/np/ and submit press releases at www.opensystems-publishing.com/news/submit. OSP reserves the right to publish products based on editors' discretion alone, and does not guarantee publication of any product entries.

# Supporting Science



Supporting Industry



Supporting Military







Supporting
Homeland Security







Jacyl Technology specializes in the electronic design and production of microprocessor and FPGA based systems. Our product line of PC/104 FPGA circuit boards and custom micro-circuit boards target system design projects that require an off-the-shelf solution. Our custom design services can provide partial or a complete electronic design solution for your system design requirements.

Whether your system design requires a COTS solution, design assistance with a special portion of a system or a complete electronic system design,

# We're Your Projects Solution



Jacyl Technology is a Team Member under Lear Siegler Services, inc for the US Governments CECOM Rapid Response Contract



www.jacyltechnology.com

# Product Guide: MPC7448 PowerPC SBCs and Systems

| Form factor or size | Vendor/Website                                  | Model number               | Processor                | Description                                               | ı |
|---------------------|-------------------------------------------------|----------------------------|--------------------------|-----------------------------------------------------------|---|
| 3U Compact PCI      | Aitech Defense Systems<br>www.rugged.com        | C900                       | MPC7447A/7448<br>PowerPC | A rugged 3U CompactPCI SBC                                |   |
| 3U CompactPCI       | Aitech Defense Systems<br>www.rugged.com        | C901                       | MPC7448 PowerPC          | Rugged 3U CompactPCI<br>single-slot SBC                   |   |
| 3U CompactPCI       | Aitech Defense Systems<br>www.rugged.com        | C901L                      | MPC7448 PowerPC          | Rugged 3U CompactPCI<br>single-slot SBC                   |   |
| 3U CompactPCI       | Curtiss-Wright Embedded<br>www.cwcembedded.com  | SCP/DCP-124                | MPC7447A/7448<br>PowerPC | 3U CompactPCI SBC                                         |   |
| 3U CompactPCI       | GE Fanuc Embedded Systems<br>www.sbs.com        | CV1 3U PPC SBC             | MPC7447A/7448<br>PowerPC | A rugged 3U CompactPCI<br>PowerPC SBC                     |   |
| 3U CompactPCI       | Mercury Computer Systems<br>www.mc.com          | Momentum Series<br>CP3-102 | Dual MPC7448<br>PowerPC  | 3U CompactPCl conduction-<br>cooled single board computer |   |
| 3U CompactPCI       | Radstone Embedded Computing www.radstone.com    | IMP2A                      | MPC7448 PowerPC          | High performance 3U<br>CompactPCI processor               |   |
| 6U CompactPCI       | Radstone Embedded Computing www.radstone.com    | CP1A                       | MPC7448 PowerPC          | High-performance 6U<br>CompactPCI processor               |   |
| 6U VME              | Aitech Defense Systems<br>www.rugged.com        | C102                       | Dual MPC7448 PowerPC     | A dual processor VME SBC                                  |   |
| 6U VME              | Radstone Embedded Computing<br>www.radstone.com | PPCM2                      | Dual MPC7448 PowerPC     | A high-performance 6U VME processor                       |   |

# MPC7448 PowerPC SBCs and Systems Product Guide

| Memory                                                                                                                                                       | 1/0                                                                                                                                                                                                                                                                                                                      | Environment                                                                              |
|--------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------|
| 1 GB DDR SRAM with ECC 64 MB user flash 32 MB boot flash 1 GB flash File 128 KB NVRAM                                                                        | 2 GbE<br>2 Serial<br>2 USB 2.0<br>8 GPIO or 4 RS-422                                                                                                                                                                                                                                                                     | Harsh/rugged                                                                             |
| Up to 1 GB of DDR400 SDRAM with ECC<br>64 MB boot flash memory<br>128 MB user flash memory<br>Up to 2 GB flash file memory (NAND)<br>128 kb Autostore NVSRAM | 2x 10/100/1000 Mbps Ethernet 2x USB 2.0 2 multiprotocol high-speed Serial supporting RS-232/422/485 8 single-ended TTL or 4 RS-422 differential discrete I/O lines 1 standard PMC slot                                                                                                                                   | High shock/vibration                                                                     |
| Up to 1 GB of DDR400 SDRAM with ECC<br>64 MB boot flash memory<br>128 MB user flash memory<br>Up to 2 GB flash file memory (NAND)<br>128 kb Autostore NVSRAM | 2x 10/100/1000 Mbps Ethernet 2 USB 2.0 2 multiprotocol high-speed Serial supporting RS-232/422/485 8 single-ended TTL or 4 RS-422 differential discrete I/O lines 1 standard PMC slot                                                                                                                                    | High shock/vibration                                                                     |
| 512 MB of DDR1 SDRAM with ECC at 133 MHz<br>128 MB nonvolatile flash<br>Flash for Permanent Alternate Boot Site (PABS)<br>128 KB nonvolatile RAM             | 2x 10/100/1000BASE-T Ethernet 2 RS-232 Serial port 2 HDLC/SDLC-capable EIA 422/485 Serial channels (both synchronous) 1 USB 2.0                                                                                                                                                                                          | Harsh environments                                                                       |
| 256 MB DDR SDRAM<br>128 MB flash                                                                                                                             | 2 GbE ports 32-bit PMC site with I/O lines to backplane RS-232 and RS-422/485 Serial 10 GPIO                                                                                                                                                                                                                             | Harsh/rugged                                                                             |
| 1 GB DDR2-400 memory with ECC                                                                                                                                | 2 GbE<br>2 RS-232<br>2 USB 2.0                                                                                                                                                                                                                                                                                           | Space-constrained: small<br>UAVs, airborne pods,<br>avionics, and vehicle<br>electronics |
| Up to 512 MB DDR SDRAM<br>128 MB flash<br>1 MB on-chip L2 cache                                                                                              | Onboard PCI-X capable PMC site<br>2 fast sync/async Serial<br>2x 10/100/1000BASE-T Ethernet Up to 12 bits GPIO                                                                                                                                                                                                           | Harsh/rugged                                                                             |
| DDR SDRAM on 133 MHz memory bus                                                                                                                              | 2 GbE (PICMG 2.16 compliant) 6 Serial 5 USB 2.0 2 PMC sites AFIX daughtercards                                                                                                                                                                                                                                           | Harsh/rugged and conduction-cooled                                                       |
| Up to 2 GB DDR SDRAM with ECC 512 MB total user flash 256 MB total boot flash 256 KB Total NVRAM Up to 16 GB NAND flash On-chip 32 KB L1 + 1 MB L2 cache     | 2 GbE (10/100/1000) 2 Fast Ethernet (10/100) 1 Serial ATA II (3.0 Gbps) 2 USB 2.0 ports (400+ Mbps) 2 dual redundant MIL-STD-1553B 6 multiprotocol high-speed Serial USART ports - RS-232/422/485 2 standard Serial UART ports - RS-232/422/485 16 single-ended TTL/8 differential RS-422 discrete I/O lines 2 PMC slots | Extreme temperatures, high shock/vibration                                               |
| DDR SDRAM (133 MHz memory bus)                                                                                                                               | 2 PMC sites 2 StarFabric ports 2 GbE 4 Serial 2 USB 2.0                                                                                                                                                                                                                                                                  | Rugged and air-/conduction-<br>cooled                                                    |

# Product Guide MPC7448 PowerPC SBCs and Systems

| Form factor or size | Vendor/Website                                                   | Model number | Processor                                        | Description                                                                                                                                                                                                                                               |
|---------------------|------------------------------------------------------------------|--------------|--------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 6U VME              | Radstone Embedded Computing<br>www.radstone.com                  | V4DSP        | MPC7448 PowerPC                                  | Dual Virtex-4 FX FPGA<br>processor                                                                                                                                                                                                                        |
| AdvancedTCA         | Emerson Network Power<br>Embedded Computing<br>www.artesyncp.com | KatanaPPB    | Six MPC7447A or<br>MPC7448 PowerPC<br>processors | A high-speed multiprocessor AdvancedTCA telecom blade optimized for control and packet processing applications such as WAN access, SS7/ SIGTRAN signaling, media gateways, wireless base station controllers, radio network controllers, and softswitches |
| System              | Radstone Embedded Computing www.radstone.com                     | PPC7D        | MPC7448 PowerPC                                  | Fifth-generation PowerXtreme<br>SBC                                                                                                                                                                                                                       |



4600 Kietzke Lane, Bldg. C-126 Reno, NV 89502

Toll Free: (866) 700-7704 www.merlinvme.com

Specializing in Drop-in Replacements to Obsolete Products!

# Why spend your valuable engineering time dealing with product obsolescence?

# Let Merlin VME solve the problem for you.

All we need is the user's manual for the obsolete product and we can have a working prototype running in your system with your existing software and cabling within 4 months. Production quality units can follow within 4 weeks of prototype approval.

The Merlin VME approach allows the customer to support existing installations while continuing production on new systems. We eliminate the need to re-write software, retrofit existing installations, or modify cabling.

# MPC7448 PowerPC SBCs and Systems Product Guide

| Memory                                                                                                                                                                                                       | 1/0                                                                                                               | Environment                |
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------|
| 128 MB DDR2 SDRAM 64 MB flash 4 MB QDRII SRAM PowerPC: 256 MB SDRAM 128 MB flash                                                                                                                             | Dual Xilinx Virtex-4 FPGAs<br>1 PMC/XMC site<br>2 StarFabric<br>2x 2.5 GHz MGTs to P0 for high-speed Serial I/0   | Air- and conduction-cooled |
| Up to 1 GB DDR SDRAM with ECC in SODIMM package on the baseboard Up to 512 MB DDR SDRAM on each processor module 128 MB of flash memory on the baseboard and total of 256 MB of flash memory on four modules | Dual 10/100/1000 Ethernet with access to onboard switch fabric Dual 10/100 Ethernet front panel access per module | Commercial temperature     |
| DDR SDRAM on 133 MHz main memory bus                                                                                                                                                                         | 2 PCI-X enabled PMC sites<br>2x 10/100/1000BASE-T<br>6 Serial<br>2 USB 2.0 ports                                  | Harsh/rugged               |

Data was extracted from OSP's product database on Dec.1, 2006. Description keywords searched included "7448" and "G5" on products entered 10/1/05 through search date within VMEbus Systems, CompactPCI and Advanced TCA Systems, and Military Embedded Systems magazines. Entries have been edited for publication, and OpenSystems Publishing is not responsible for errors or omissions. Vendors are encouraged to add their new products to our website at www.opensystems-publishing.com/vendors/submissions/np/.



#### By Sharon Schnakenburg

| Carrier board: PMC         | 46 | Processor: Pentium M                      | 49 |
|----------------------------|----|-------------------------------------------|----|
| Chips & cores: FPGA        | 46 | Processor: PowerPC                        | 49 |
| Data acquisition           | 47 | Processor: PowerQUICC                     | 50 |
| DSP resource boards: FPGA  | 47 | Prototyping and debugging:                |    |
| Enclosure                  | 48 | Boundary scan                             | 50 |
| Mass storage: Plug-in unit | 48 | Radiation hardened                        | 50 |
| Mezzanine                  | 48 | Test systems                              | 52 |
| Microcontroller            | 49 | Tiny-Bus expandable                       | 52 |
| Processor: Dothan          | 49 | Waveform digitizers/Digital oscilloscopes | 52 |

# CARRIER BOARD: PMC Acromag, Inc. Website: www.acromag.com Model: PMC-LX/SX RSC No: 31602

PMC modules that combine the power of a configurable Virtex-4 FPGA with interchangeable digital I/O front-ends • Customizable FPGA (Xilinx Virtex-4 XC4VLX40/60) with up to 60 K logic cells and 64 XtremeDSP slices • Supports both front and rear I/O • Plug-in I/O modules are available for front mezzanine • 64 I/O lines supported with direct connection to FPGA via rear (J4) connector • FPGA code loads from PCI bus or flash memory • 256 K x 36-bit dual-ported SRAM

# design. develop. deploy.

# **EP8548A Serial RapidIO AMC**



# Radstone Embedded Computing Website: www.radstone.com Model: ICS-7003 RSC No: 31742

A full-length PCI card with an x8 PCI Express interface capable of carrying two single-width PMC modules • Designed to deliver high performance via eight lanes of PCI Express I/O and dual FPDP connectors • Each of the PMC sites is PCI-X (64-bit, 133 MHz) compliant • Board includes a PCI Express-to-dual-PCI-X bridge, making it capable of fully exploiting the maximum theoretical transfer capability of the two PCI-X modules at the same time

#### design.

ī

Ш

EMBEDD

The next generation of connected devices.

#### develo

Your products based on our platform.

### deploy.

Your solution faster.

# **Performance in an Open Standards Package**

Powered by Freescale PowerQUICC III at 1.33GHz
Off-the-shelf or customized to your specs

Contact us about building an ATCA system for you

4760 Richmond Rd / Cleveland, OH 44128 Tel: 1-216-245-4180 / Fax: 1-216-292-0561 www.embeddedplanet.com



#### **CHIPS & CORES: FPGA**

Acqiris
Website: www.acqiris.com
Model: COTS VME/VXS Boards RSC No: 32078



# New Products-

Family of COTS VME/VXS (VITA 41 form factor) boards combining state-of-the-art Xilinx Virtex-4 SX and FX functionalities with advanced Acgiris data conversion technology • Incorporates Acgiris' JetSpeed II technology for clock generation and distribution • Features two Xilinx Virtex-4 FPGAs: one SX55 targeted at digital signal processing and one FX100 for data flow control • Provides support for the VXS interface, two optical links on the front panel, a VME64x interface, as well as DDR2 SDRAM memorv and auxiliary analog and digital I/Os • Complete optional Firmware Development Kit (FDK) for rapid and easy application development on the SX55 and FX100 FPGAs, with the capability to store multiple bitstreams in flash for complex, multimode applications • Ideal for electronic warfare, synthetic aperture and phased array radar, Software-Defined Radio, semiconductor, and medical imaging applications

**Actel Corporation** Website: www.actel.com Model: Actel Fusion PSC

RSC No: 31934



A mixed-signal FPGA that integrates analog, flash memory blocks, clock generation, management circuitry, and high-performance programmable logic in a monolithic device • Advanced 130-nm. 7-laver metal. flash-based CMOS process . Nonvolatile, retains program when powered-off • Live at Power-Up (LAPU) single-chip solution • 350 MHz system performance • User flash memory - 2 to 8 Mb - configurable 8-, 16-, or 32-bit datapath - 10 ns access in Read-Ahead mode • 1 kb of additional FlashROM • Integrated A/D Converter (ADC) and analog I/O • Up to 12-bit resolution and up to 600 KSps • Internal 2.56 V or external reference voltage • ADC: up to 30 scalable analog input channels • High-voltage input tolerance ±12 V

Connect Tech, Inc. (CTI) Website: www.connecttech.com Model: FreeForm/104

RSC No: 32004



A highly versatile and fully customizable FPGA featuring digital I/O and counter/timers • Standard and custom cores available • Customizable PC/104 board based on Xilinx's Spartan 3E • Standard core includes 96 digital I/O, six counter/timers, and 48 Opto-22 digital I/O • FPGA configured from onboard flash memory • Reconfigurable in the field or through Connect Tech engineering services • Provides external 5 V power for stand-alone, single board solution requirements • Ideal for high-speed, compute-intensive, reconfigurable applications

Website: www.synplicity.com Model: Synplify Pro RSC No: 31751

An advanced FPGA synthesis solution • Achieves industry-leading QoR by incorporating several advanced optimization techniques including Synplicity's proprietary Behavior Extracting Synthesis Technology (BEST) • Retiming may be used on a global level or selectively . HDL Analyst RTL graphical analysis and debugging tool provides instant graphical views of both highlevel block diagrams and gate-level schematics linking back to the RTL source code FSM Explorer automatically finds state machines in the user's design, then evaluates alternative encoding styles and selects the one giving the best solution for the specified timing constraints • User-defined compile points and intelligent, differencebased synthesis technology provide a high level of design stability for incremental changes without the performance penalty of other incremental design styles

Synplicity

Editors note: For more information, **Ecast** refer to the archived Synplicity E-cast at:

www.opensystems-publishing.com/ecast

#### DATA ACQUISITION



A family of USB-compatible data acquisition and control modules . Connects to any

computer's USB port • Offers choices including Reed and Form C relays, optically isolated inputs, TTL interface to industry standard solid-state relay racks, A/D and D/A functionality • I/O: 16 single-ended or 8 differential 12-bit analog inputs, two 12-bit D/A outputs, 8 optically isolated digital inputs, and 8 open collector digital outputs A/D inputs are independently software selectable for 0-5 V, 0-10 V, ±5 V, and ±10 V ranges and can be configured for measuring 0-20 mA current loop • A/D channels feature 5 MHz bandwidth track/hold and 100 KSps throughput • Eight digital inputs are rated for 5-30 Vdc and provide 300 V external isolation • Includes a highly-retentive USB A connector to prevent accidental disconnection • Standard operating temperature range is 0 °C to 70 °C • Optional extended temperature range of -40 °C to +85 °C

### **DSP RESOURCE BOARDS: FPGA**

**Orange Tree Technologies** Website: www.orangetreetech.com Model: ZestSC2 RSC No: 31931



A high-performance FPGA board that can be used stand-alone or connected by USB to a host computer • 200 user I/O pins Xilinx XC3S2000 or XC3S4000 FPGA • 32 MB SDRAM • High-speed USB 2.0 connection to host for FPGA configuration and data transfer • Flash EEPROM for FPGA configuration • Optional 8 MB SRAM

Traquair Data Systems, Inc. Website: www.traquair.com Model: micro-line C6713 RSC No: 31756



A series of embedded DSP/FPGA boards to provide embedded systems developers with an integrated suite of programmable DSP, FPGA, and I/O resources in small, standalone capable board formats • Targets highperformance floating-point DSP applications, using the Texas Instruments TMS320C6713 DSP processor • The

# New Products

## www.mil-embedded.com/rsc

C6713Compact incorporates up to 64 MB SDRAM, 8 MB boot program flash ROM, and an onboard, high-density 250 kGate, 500 kGate, or 1 MGate Virtex-II FPGA (optionally programmable) • A 400 Mbps IEEE1394a FireWire interface is included onboard for communications with other embedded DSP resources, cameras, sensors, and PCs • Small (98 mm x 67 mm) footprint • Up to 64 MB SDRAM, 2 MB boot program flash ROM . High-density 400 kGate or 1 MGate Spartan-3 FPGA

#### **ENCLOSURE Hybricon Corp.** Website: www.hybricon.com Model: OF-XC 12U Desktop RSC No: 31913



A line of open frame desktop test chassis (the OF-XC Series) designed for today's high-power VPX REDI boards • Designed to the latest VITA 46.0, 46.1, 46.3, 46.10, 48.0, and 48.1 draft standards . Provisions for 80 mm rear plug-in modules and transition modules in both VME64x and VPX slots • Front and rear ground clips provide proper grounding (per IEC 950 Section 2) for all plug-in modules, thereby reducing the chances of circuit damage by electrostatic discharge • Custom configurations available Available with fan speed control

#### MASS STORAGE: PLUG-IN UNIT

Phoenix International Website: www.phenxint.com Model: VF1-250-SC-RHD

RSC No: 31978



A dual removable hot-swap disk drives option that has been added to Phoenix International's line of rugged mass storage VME plug-in modules • Allows portability in transporting a data storage device for secure or archival storage or for transferring files between systems . Ideal for host-based RAID 1 applications • Ultra-320 LVD SCSI interface • SCSI connections via front panel or P2 connectors . Sensiterm automatic internal bus termination • Shock: 60 gs @ 2 msec (operating), 275 gs @ 2 msec (nonoperating) • Vibration: 1.5 gs @ 5-400 Hz (operating), 3 gs @ <500 Hz (nonoperating)

#### MEZZANINE

**Conduant Corporation** Website: www.conduant.com

Model: LVDS-16 RSC No: 32080



A low-voltage differential signaling mezzanine board for Conduant's StreamStor Amazon high-speed recording system Provides 16-bit, 200 MHz data recording

# **Total Rugged Solutions for Extreme Environments** Trusted ePlatform Services

#### **Advantech Stackable SBCs that Provide Rugged Features for Total Solutions**

- Extended Temperature Testing (ETT) Services
- Phoenix Operation, for Wideband Temperature
- -Phoebus Design, for Extreme Temperature (-40 ~ 85°C)
- Conformal Coating Service
- Glued DRAM Service







PCM-3380 PCI-104 Pentium® M



PCM-3341 PC/104 STPC Altas



PCM-9582











Suite A-106 Irvine, CA 92618 Toll Free: 1-800-866-6008 Ph: 949-789-7178 Fax: 949-789-7179 Email: ECGInfo@advantech.com Website: www.advantech.com

Advantech Corporation 15375 Barranca Parkway,

AD\4NTECH



# New Products-

and playback interfaces for Conduant's StreamStor Amazon SATA disk controllers • Provides improved data integrity and longer cable lengths when compared with typical TTL parallel interfaces • Can directly connect to customer FPGA devices over copper cables for data recording applications • Can serve as an alternative to the FPDP II interface already available for the StreamStor Amazon recorder at sustained data rates of 400 MBps

MICROCONTROLLER

Microchip Technology, Inc.

Website: www.microchip.com Model: PIC10F and Baseline

PIC Microcontroller

Eight-bit PIC microcontrollers • Available in 2 x 3 DFN packages • Ultra-small 2 mm x 3 mm Dual Flat No-lead (DFN) packages for space-constrained applications • Available 8-bit analog-to-digital converter • Comparators available • Precision internal oscillator operating at up to 8 MHz • 256 to 1 K instructions (x12-bit program words) of flash program memory• 1.125 ms Device Reset Timer (DRT)

#### PROCESSOR: DOTHAN

WinSystems, Inc. Website: www.winsystems.com Model: EBC-855

RSC No: 32075

**RSC No: 31475** 



A full-featured SBC with a variety of onboard peripherals that eliminate the need for additional standard I/O peripheral cards
• Fanless Intel Zero Cache Dothan (ZCD)
1 GHz processor • EBX-compatible platform
5.75" x 8.00" (147 mm x 203 mm) with -40 °C
to +70 °C operation • PC-compatible supports Linux, Windows CE and XP embedded, plus other x86-compatible RTOS • Integrated graphics utilizing Intel Extreme Graphics 2 technology supports resolutions up to 1600 x 1200 • 10/100 Mbps Ethernet controller and four serial ports: two with RS-232/422/485 and two with RS-232 interface • Target applications include industrial

automation, medical/diagnostic equipment, MIL/COTS, security, test and measurement, and transportation

#### PROCESSOR: PENTIUM M

SECO S.R.L. Website: www.seco.it Model: M671R

RSC No: 31653



Pentium M CPU up to 1.8 GHz frequency • Front side bus at 400 MHz • Intel Celeron M and Pentium M up to 1.8 GHz • Intel

855GME chipset • AGP4X 2/3D graphic controller for LCD TFT and CRT • U-ATA 1200 IDE • Two RS-232 full modem, four USB, and one LPT • Fast Ethernet 10/100BASE-T • Single and dual channel 18-bit LVDS interface

#### PROCESSOR: POWERPC

Cornet Technology Communications Website: www.cornet.com/ctc Model: Celero CVME-7448S

RSC No: 32280



# Extreme environments require extreme solutions...



The Challenge: Develop rugged systems that operate anywhere anytime...Mission complete !!!



Hybricon Corporation is a world-class leader in the design and manufacture of electronic packaging solutions for high performance military and ruggedized COTS applications.



Hybricon has a successful track record of proven and deployed COTS solutions that have been designed to meet stringent military and shipboard requirements.

www.hybricon.com

**Hybricon Corporation** 12 Willow Road Ayer, MA 01432 ISO 9001-2000 Certified

Call Today 1-877-HYBRICON

# **New Products**

## www.mil-embedded.com/rsc

A PowerPC single board computer designed for COTS VME military and aerospace applications • Freescale MPC7448 PowerPC processor . Suitable for any air-cooled VME application requiring high performance • Enables systems designers to develop SIGINT and Automated Testing Equipment (ATE) applications that require an embedded computing platform capable of collecting, analyzing, and disseminating large amounts of data in real time . Offers builtin Altivec optimized DSP capabilities and a 1 MB on-processor cache • 1.6 GHz clock speed • Includes Board Support Packages (BSPs) for VxWorks 6.x and Linux operating systems

## PROCESSOR: POWERQUICC

**ACTIS Computer** Website: www.actis-computer.com

Model: VSBC-6872

RSC No: 32122



A 6U VME PowerQUICC II single board computer • Based on the MPC8270 processor • Local PMC expansion slot and support for CompactFlash memory cards • 855 DMIPS @ 450 MHz clock • Three Fast Ethernet ports • Four serial RS-232 or RS-422/485/V.35 on front panel • 32-bit PMC slot • Includes 128 MB SDRAM, 16 MB flash memory, and 1 MB SRAM • The interface to the VMEbus is designed around a complex FPGA device and supports the 32-bit VME rev. C standard • Includes an onboard monitor ECMON . BSPs including VxWorks and Linux are available

#### PROTOTYPING AND DEBUGGING: **BOUNDARY SCAN**



# ASSET InterTech, Inc.

Website: www.asset-intertech.com

Model: PCI-200EJ

RSC No: 31949



Boundary-scan controller capable of applying both JTAG and functional microprocessor emulation tests on the same circuit board • Increases test coverage by supporting ScanWorks' JTAG operations and the functional testing capabilities of ITT's µMaster emulation testers • Supports all of the ScanWorks boundary-scan operations • Supports emulation testing on PowerPC microprocessors • PCI compatible

#### RADIATION HARDENED



Radiation hardened space computer, 900 MFLOPS/4,000 MIPS . Powered by Texas Instrument DSPs • 900 MFLOPŚ (floating point) and 4,000 MIPS (fixed point) processing speed • SEL >70 LET (MeV/mg/ cm2) SEU <1 per 1,000 days TID 100krad (Si) SEFI 100% recoverable • Interfaces: CompactPCI, 32-bit, 33 MHz internal/external bus • 3.3 V I/O voltage • UART fourchannel buffered async w/RS-422 (std) • Options: LVDS; 1553; SpaceWire; CAN; Ethernet; USB, and so on • 16 GPIO • Power: 5 W (standard board, options will demand more power) • Memory: 64 MB



# Military Power Supplies & DC/DC converters that do more.

What makes NAI Power Supplies different? Take a close look:

- One box "Plug and Play" solutions
- **NEW!** Self-monitoring features
- **NEW!** Higher efficiency
- Integrated EMI Filtering
- Improved reliability due to de-rating the components
- Mil-Standard 810 and 704 compliance
- ~ Multiple input and output configurations
- ~ Full-Mil or COTS Mil-Type religibility levels
- ~ Standard VME & VXI voltages & signaling
- Standard products or custom solutions available



To find out more about NAI Power Supplies, visit <a href="https://www.nail.com/power">www.nail.com/power</a> or call us at 631-567-1100 today.



Embedded Boards | Power Supplies | Instruments 631-567-1100 • Fax: 631-567-1823 • email: sales@nail.com

# Explore High Speed Data Recording



# Powerful

- Up to 700 MB/s sustained recording performance
- Scalable Fibre Channel SAN architecture providing virtually limitless storage capacity
- Ready-to-run application examples

## **Flexible**

- Customer Programmable Recorder and Playback System
- Ready-to-run versions available through Targeted Recorders
- VME, CompactPCI and Industrial PC versions available

# Innovative

- Access and Control using web browser or XMI-RPC
- Disk Grouping & Intelligent Disk Management



Processing and FPGA

Input/Output

Data Recording

Bus Analyzers

For more information, please visit http://recorder.vmetro.com or call (281) 584-0728





# - New Products

(std) to 256 MB SDRAM with EDAC • 1 MB (std) to 8 MB EEPROM • Mechanical: 3U (std), or 6U (optional); custom sizes • Operating system: Linux (C and limited C++) TI DSP BIOS TI Code Composer Studio

#### **TEST SYSTEMS**

Signal Forge, LLC

Website: www.signalforge.com

Model: Wave Manager 5

RSC No: 31974



Wave Manager release 5 expands test applications for the Signal Forge 1000 Signal Generator • BPSK and Chirp functions assist developers in testing RFID, WiFi, Zigbee, and radar devices • BPSK waveform operates with a carrier frequency between 1 Hz and 100 MHz • Chirp and pulsed chirp waveforms operate from 1 Hz to 1 GHz • Powers Signal Forge 1000 signal generators

#### TINY-BUS EXPANDABLE

Liantec Systems Corporation

Website: www.liantec.com

Model: ITX-6900

RSC No: 31473



Mini-ITX Intel 915GM Express EmBoard with Tiny-Bus embedded modular expansion solution • Mini-ITX form factor: 170 x 170 mm • Intel embedded 915GM Express platform with GMA graphics core • PCI Express x16 graphics, PCI Express x4/x1, and PCI bus master interface • Onboard GbE, Azalia HD Audio, SATA interfaces

#### WAVEFORM DIGITIZERS/DIGITAL OSCILLOSCOPES

RT Logic

Website: www.rtlogic.com

Model: DG3000 Digitizer

RSC No: 32185



A flexible platform for IF and baseband processing • A high-rate digitizer is tightly coupled to a Xilinx Virtex FPGA for customizable firmware-based signal processing • High-speed front end digitizer: 12 bits at 213 MSps • Support for 70 MHz, 160 MHz, 266 MHz IF • 10 MHz reference input • Configurable trigger in/out • Standard firmware supported includes digital down-conversion, filtering, decimation, PSK and PM carrier demodulation, subcarrier BPSK/QPSK demodulation, bit synchronization, Viterbi decoding, and others • CompactPCI and/or USB 2.0 Interface • PCI 64-bit/66 MHz interface • Software/support for integration into custom systems • Options for digital spectrum analysis

Email: info@gocct.com

Tel: (734) 971-6309

Affiliate

# Annapolis Micro Systems The FPGA Systems Performance Leader!

FOPEN Radar Systems Software Defined Radio FLIR SIGINT ELINT Digital Receivers Recording Systems









High Performance
Signal Processing in
Scalable FPGA Computing

Above and Beyond -----

FPGA Acceleration

190 Admiral Cochrane Drive, Suite 130, Annapolis, Maryland 21401 wfinfo@annapmicro.com (410) 841-2514 www.annapmicro.com







# **December 7 still lives in infamy**

Some people may have missed the fact that December 7 was Pearl Harbor Day, the day in 1941 when Japan attacked Pearl Harbor, Hawaii. But with the world a pretty scary place these days due to terrorism, rogue states like North Korea, and wars raging in Iraq and Afghanistan, is it really necessary to remember the event that kicked off the US entry into World War II?

Every year I swear I'm going to hang my American flag on December 7 in honor of Pearl Harbor Day, 1941. Trouble is, this time of the year in the Pacific Northwest, it's dark when I leave in the morning and pitch black when I get home. Even worse, it's either raining, snowing, or the wind is howling in the Columbia River Gorge at 40 mph. A flag doesn't stand a chance.

Still, it's important to remember December 7 *not* because we are at war on two fronts in the world or because the Global War on Terrorism (GWOT) has changed our lives, and *not* so we think of our Japanese allies in a negative light. Rather, there are three reasons I like to think of December 7, the day that then-president Roosevelt said will "live in infamy":

- 1. Japan and the Japanese people are US allies. Japan has consistently sided with the US in recent world events, and was even an active member of the "Coalition of the Willing" during OEF [Operation (Iraqi) Enduring Freedom]. I believe that Japan has withdrawn most of its "advisors" as a result of pressure from the Japanese people, but that doesn't negate the fact that they stood by us over the past four years.
- 2. A lot of critical US military technology comes from Japan. Don't believe me? It always makes me laugh when people of my parents' generation speak ill of "foreigners" like the



tech powerhouses in Southeast Asia. Where do you think the majority of our LCD displays used in fighter cockpits come from? (Japan and, increasingly, South Korea.) In fact, the typical NIMITZ class aircraft carrier has more than 3,000 LCD displays on it. Last time I checked, there were only one or two domestic manufacturers of LCD displays. (One of them is Planar, close to me and located in Oregon: www.planar.com).

And although the recently introduced Sony PlayStation 3 (PS3) is making headlines because there aren't enough of them to go around for the 2006 Christmas season (a rumored 200,000 are only available for sale in the US), the PS3 is based upon the IBM/Sony/Toshiba CellBE processor. Guess which multicore CPU forms the core (pun intended) of Mercury Computer's next-gen ultra high-performance image processors for radar and sonar systems? Yep: the CellBE ... jointly developed with Japanese engineers.

3. And finally, World War II brought to us incredible technology and really was the past century's catalyst for breakthroughs we today take for granted. I'm a student of World War II and am constantly fascinated by electrical, mechanical, and other breakthroughs from the late '30s into the transistor age. Some key examples: FM radio. nylon, production-worthy plastic (remember Bakelite, the precursor to modern plastic?), tin cans, microbots (insects and bats were rigged with explosives but never successfully deployed), long-haul telephone encryption, the first mainframe computer (a huge subject I won't go into here), robust vacuum tubes, high-quality production recording machines (used by Hitler to spread "real-time" propaganda across Germany), rockets, jet engines (ME262), and of course: the atom bomb. Love 'em or hate 'em ... these are but a small example of the technology developed as a run-up to, during, and shortly after World War II.

For me, December 7 – Pearl Harbor Day – isn't about remembering the death and carnage, the hatred, or the "glory" of war. It's a time to reflect on what we learned about technology then, and how quite literally the "world of technology" continues to evolve today – from America, to Europe, to India, Korea, China ... and Japan.

To read more of Chris Civio's commentary sheet

To read more of Chris Ciufo's commentary, check out www.vmenow.com.



# Imagine what we can do for you now.

GE Fanuc Embedded Systems: Combining the heritage of Condor Engineering and SBS Technologies.

Now that two of the leading MIL-STD-1553 companies have joined forces at GE Fanuc Embedded Systems, the sky really is the limit. More than ever, with our joint experience and engineering resources, you'll have access to superior products, tools and support.

We have multiple MIL-STD-1553 options in the PC/104 form factor—everything from single channel, single function, air cooled modules to auad channel, multifunction conduction cooled

rugged boards. And the cards themselves are only the beginning of what we now have to offer.

Our bus analysis tools are unmatched and our support is legendary. It includes an extensive knowledge base available for download, product manuals, IP cores and APIs that can make the development process a whole lot easier. For more information on this exciting development, visit our web site at www.gefanucembedded.com.



Q104-1553 High Density PC/104-Plus Interface







Now a part of GE Fanuc Embedded Systems



LINE REPLACEABLE, SECURELY CONNECTABLE,
XMC EXPANDABLE, PERFORMANCE DEPENDABLE,
SUPREMELY RELIABLE, AND NOW AVAILABLE!







#### THE NEXT PHASE OF EMBEDDED COMPUTING IS HERE!

Curtiss-Wright, one of the key industry leaders responsible for the development of the VPX standard, is proud to announce the release of the CHAMP-AV6 VPX DSP Engine. The CHAMP-AV6 utilizes the new VPX-REDI format to unleash the tremendous I/O bandwidth of its eight FreeScale PowerPC 8641 processor cores (four 8641D dual-core processors). The local and off-board Serial RapidIO interfaces provide up to 10X the communications bandwidth achievable with the VME format while the dual 64-bit DDR2 memory subsystem associated with each 8641 processor optimizes data flow. Along with blazing performance, the CHAMP-AV6 also provides new support capabilities with its high-reliability connector, built-in electrostatic discharge protection, and line replaceability!

Need performance, toughness and easy maintenance? The CHAMP-AV6 VPX DSP Engine is ready, willing and able!



Innovation In Motion

RSC# 56 @www.mil-embedded.com/rsc

WWW.CWCEMBEDDED.COM