Periodic Reporting for period 1 - METASAT (MODULAR MODEL-BASED DESIGN AND TESTING FOR APPLICATIONS IN SATELLITES)
Reporting period: 2023-01-01 to 2024-12-31
Future space systems like satellites, require to process data in space instead of transmitting them to earth, including the use of Artificial Intelligence. Nowadays, the existing computers used in satellites are very simple and weak. For example, a modern smartphone has a more powerful computer, which includes a multicore, a vector unit and a GPU. Moreover, such complex systems are more difficult to program compared to the software used in space. METASAT takes the necessary steps to make space processors more similar to such complex systems used on earth.
Until now, space systems are programmed in a very simple way, similar to the software used in the past, which cannot take advantage of multicores or GPUs. Taking advantage of these features is essential to be able to execute complex algorithms eg. AI in space. On the other hand, space software is critical and has to be always correct. For this reason, METASAT enables a programming paradigm called model-based design (MBD), which allows the automatic code generation of code, which is correct by construction. Therefore, METASAT combined this feature with complex hardware and software which is already used in space systems, such as a hypervisor. This operating system-like software allows different software to be isolated, so errors in one software unit cannot affect the other one. Moreover, this concept allows software to be developed separately and put together in a plug-and-play manner in the final system.
Currently, there is no space computer which can be trusted (qualified) to be used in expensive space programs (institutional) like the ones funded by ESA and other space agencies. Therefore, METASAT developed a hardware prototype on an FPGA that can be used for that purpose and resembles the complexity of a high performance smartphone system. Model based design tools were extended to support code generation for such a complex system, and the project concepts were demonstrated with space-related software use cases, demonstrating its effectiveness.
Until now, space systems are programmed in a very simple way, similar to the software used in the past, which cannot take advantage of multicores or GPUs. Taking advantage of these features is essential to be able to execute complex algorithms eg. AI in space. On the other hand, space software is critical and has to be always correct. For this reason, METASAT enables a programming paradigm called model-based design (MBD), which allows the automatic code generation of code, which is correct by construction. Therefore, METASAT combined this feature with complex hardware and software which is already used in space systems, such as a hypervisor. This operating system-like software allows different software to be isolated, so errors in one software unit cannot affect the other one. Moreover, this concept allows software to be developed separately and put together in a plug-and-play manner in the final system.
Currently, there is no space computer which can be trusted (qualified) to be used in expensive space programs (institutional) like the ones funded by ESA and other space agencies. Therefore, METASAT developed a hardware prototype on an FPGA that can be used for that purpose and resembles the complexity of a high performance smartphone system. Model based design tools were extended to support code generation for such a complex system, and the project concepts were demonstrated with space-related software use cases, demonstrating its effectiveness.
The project’s work is structured in 3 topics: the toolchain , the prototype hardware platform and its software stack and the space-related use cases.
The METASAT hardware platform has been prototyped on an AMD VCU118 FPGA as well as on a highly accurate simulator i.e. digital twin. It consists of the open source version of FrontGrade Gaisler's NOEL-V RISC-V space processor, which has been enhanced with the SPARROW SIMD AI Accelerator, in a multicore configuration, integrated with the RISC-V based Vortex GPU. Additional peripherals such as an Ethernet and UART devices have been included to model a complete platform. Fully software support has been added for the platform, including support for bare-metal, hypervisor and RTEMS, as well as their combinations. Both the SPARROW accelerator and the GPU can be used, under several programming models, ranging from low-level ones (assembly, intrinsics, driver API), to high level ones (TensorFlow Lite, OpenGL SC 2.0 Brook Auto). In addition, shared access of all the platform components is ensured, including the network device, SPARROW and GPU.
METASAT's model-based design toolchain consists of ESA's open source tool TASTE and Mathwork's MATLAB and Simulink. TASTE has been extended to support RISC-V and ARM-based NVIDIA GPU platforms, as well configuration options for complex parallel programming models. In particular, configuration for the use of OpenMP and the SIMD programming library of the SPARROW AI accelerator has been added. Moreover, support for multicore configuration for hypervisor partitions has been added.
MATLAB and Simulink, support only non-qualifiable programming models for AI and GPUs, particularly using TensorFlow and CUDA GPU code generation for NVIDIA GPUs. Support for TensorFlow Micro and conversion of the code from CUDA to Brook Auto, a qualifiable GPU programming model developed by BSC has been implemented. Finally, Matlab/Simulink has been leveraged for sequential CPU code generation, testing, validation and verification.
The 3 large developed use cases have been integrated and demonstrated running in parallel on the METASAT platform. The demonstrator includes 8 software partitions of varying criticality. The first, from OHB, models a control instrument software with 2 different types of interlocks (protection against wrong software behaviour) and an AI-based FDIR partition, using housekeeping data (health data from satellite sensors like temperatures) from DLR’s EnMAP satellite. The other 2 (cloud screening and ship detection) require high-performance and represent lower-criticality payload software and are both adapted from ESA’s OBPMark-ML benchmarking suite, developed by BSC.
The METASAT hardware platform has been prototyped on an AMD VCU118 FPGA as well as on a highly accurate simulator i.e. digital twin. It consists of the open source version of FrontGrade Gaisler's NOEL-V RISC-V space processor, which has been enhanced with the SPARROW SIMD AI Accelerator, in a multicore configuration, integrated with the RISC-V based Vortex GPU. Additional peripherals such as an Ethernet and UART devices have been included to model a complete platform. Fully software support has been added for the platform, including support for bare-metal, hypervisor and RTEMS, as well as their combinations. Both the SPARROW accelerator and the GPU can be used, under several programming models, ranging from low-level ones (assembly, intrinsics, driver API), to high level ones (TensorFlow Lite, OpenGL SC 2.0 Brook Auto). In addition, shared access of all the platform components is ensured, including the network device, SPARROW and GPU.
METASAT's model-based design toolchain consists of ESA's open source tool TASTE and Mathwork's MATLAB and Simulink. TASTE has been extended to support RISC-V and ARM-based NVIDIA GPU platforms, as well configuration options for complex parallel programming models. In particular, configuration for the use of OpenMP and the SIMD programming library of the SPARROW AI accelerator has been added. Moreover, support for multicore configuration for hypervisor partitions has been added.
MATLAB and Simulink, support only non-qualifiable programming models for AI and GPUs, particularly using TensorFlow and CUDA GPU code generation for NVIDIA GPUs. Support for TensorFlow Micro and conversion of the code from CUDA to Brook Auto, a qualifiable GPU programming model developed by BSC has been implemented. Finally, Matlab/Simulink has been leveraged for sequential CPU code generation, testing, validation and verification.
The 3 large developed use cases have been integrated and demonstrated running in parallel on the METASAT platform. The demonstrator includes 8 software partitions of varying criticality. The first, from OHB, models a control instrument software with 2 different types of interlocks (protection against wrong software behaviour) and an AI-based FDIR partition, using housekeeping data (health data from satellite sensors like temperatures) from DLR’s EnMAP satellite. The other 2 (cloud screening and ship detection) require high-performance and represent lower-criticality payload software and are both adapted from ESA’s OBPMark-ML benchmarking suite, developed by BSC.
The project achieved several break throughs. For the first time, the feasibility of a qualifiable hardware and software platform with multicore, GPU and AI accelerator was demonstrated. This platform can revolutionise space, enabling space missions with more functionalities and lower cost. It can also enable the implementation of the Space Cloud approach (i.e. Satellite as a Service) for high class institutional missions, which currently is only considered for New Space with COTS components. Moreover, it demonstrated the homogeneous parallelism concept required for high performance while facilitating multicore certification.
The SPARROW AI accelerator used in the METASAT platform has been matured and it is on its way to successful exploitation through FrontGrade Gaisler’s space platforms, as well as the METASAT QEMU emulators, which are key components of the METASAT Digital Twin.
In addition, METASAT demonstrated for the first time the integration of mixed criticality flight software through its demonstrator, in which 3 use cases with 8 partitions were integrated and successfully executed in parallel, sharing hardware resources through novel techniques. It highlighted the feasibility and the benefits in qualification effort, hardware cost and impact on the V development cycle.
METASAT’s MBD developments were applied to address multicore, AI accelerators and GPUs in a qualifiable manner. Thanks to this, the shifting of protection mechanisms from hardware to software, thus reducing their qualification cost and schedule was demonstrated. Finally, AI techniques were demonstrated, both for the on-board FDIR, and data augmentation for improving the training of AI software.
METASAT technologies comply with several widely used safety critical industry standards to maximise the applicability of the project results. METASAT members actively participated in the working groups of such standards.
METASAT’s impact was disseminated internationally in premier aerospace venues, including events organised by ESA and other space agencies, and received Best Paper Awards and other awards for excellence and industrial relevance.
The SPARROW AI accelerator used in the METASAT platform has been matured and it is on its way to successful exploitation through FrontGrade Gaisler’s space platforms, as well as the METASAT QEMU emulators, which are key components of the METASAT Digital Twin.
In addition, METASAT demonstrated for the first time the integration of mixed criticality flight software through its demonstrator, in which 3 use cases with 8 partitions were integrated and successfully executed in parallel, sharing hardware resources through novel techniques. It highlighted the feasibility and the benefits in qualification effort, hardware cost and impact on the V development cycle.
METASAT’s MBD developments were applied to address multicore, AI accelerators and GPUs in a qualifiable manner. Thanks to this, the shifting of protection mechanisms from hardware to software, thus reducing their qualification cost and schedule was demonstrated. Finally, AI techniques were demonstrated, both for the on-board FDIR, and data augmentation for improving the training of AI software.
METASAT technologies comply with several widely used safety critical industry standards to maximise the applicability of the project results. METASAT members actively participated in the working groups of such standards.
METASAT’s impact was disseminated internationally in premier aerospace venues, including events organised by ESA and other space agencies, and received Best Paper Awards and other awards for excellence and industrial relevance.