Lockheed Martin leans on DDC-I’s DACS-80×86 development tools to minimize maintenance costs for the safety-critical core of the world-class Mark 41 Vertical Launch System
Product: DACS 80×86
Over the last twenty years, the battle-proven Lockheed Martin Mark 41 Vertical Launch System (MK 41 VLS) has revolutionized naval warfare, expanding the mission capability of surface combatants via its unique level of simultaneous multi-mission capacity. Delivering the widest range of ballistic ordinance available from a shipboard system, from SeaSparrows to Tomahawk cruise missiles, the system combines unmatched flexibility and unflinching performance on military ships stationed around the globe.
The U.S. Navy deploys the MK 41 VLS on AEGIS-equipped Ticonderoga-class cruisers and Spruance and Arleigh Burke-class destroyers, with plans to use the launcher on the next generation of surface ships. Onboard warships flying the flags of eleven different nations, the MK 41 launcher is deployed in thirteen configurations, ranging from a single eight-cell module to sixteen integrated modules totaling 128 cells.
The MK 41 launcher has been, or is currently being, integrated with sixteen different ship classes and eleven different weapon control systems. Capable of rapidly firing an aggregate of anti-aircraft, anti-surface, anti-submarine and land strike missiles, as well as theater ballistic missile defense munitions, the MK 41’s primary mission is the quick delivery of deadly accurate ordinance during armed combat.
Safety-critical embedded systems — where system failure is measured in human lives — originated in the defense industry, and nowhere do they remain more important than on the modern electronic battlefield. Most important to the engineers keeping the launching system on the forefront of missile technology is the reliability of the real-time embedded systems at the core of the MK 41 VLS fire controls.
“We take safety-critical systems extremely seriously…we do layers and layers of tests,” explains Staff Engineer David Farlow, the Integrated Product Team Lead for every deployed variant of the MK 41 launch sequencer still afloat. Farlow is based at the Baltimore, Maryland headquarters of the Marine Systems division, one of five components that comprise the Naval Electronics & Surveillance Systems (NE&SS) arm of the Lockheed Martin Corporation.
According to Farlow, safely firing a missile using the MK 41 VLS requires error-free communication between three primary components: The Launch Sequencer, Launch Control Unit (LCU), and the man-machine interface, the Weapon Control System (WCS).
When a launch order is given, the WCS fires a signal to one of two parallel LCU’s in each eight-cell launcher module, which issues prelaunch and launch commands for the selected missile. During normal operation one LCU controls the Launch Sequencer — the critical communication link between the upstream fire control systems and the missile itself — allowing the module to fire armament in tandem from two individual cells. Either LCU can control all eight cells if the other suffers damage.
“When you’re firing a live missile, the first concern is for the safety of the people using the embedded systems that relay human commands to the launcher. Within our group, a fundamental part of system development is a strict process as part of code design and testing that scrutinizes specifically from a safety standpoint. We also have a whole separate group whose entire job is evaluating and prioritizing safety-critical development issues,” says Farlow.
In addition to uncompromising safety, minimizing ongoing system costs is an important aspect of his role and responsibilities. Since the launching system has been in production since 1982, the embedded systems underlying the Launch Sequencer, LCU and WCS are well into the maintenance phase.
Fighting to maximize safety-critical performance and minimize maintenance and support costs for the MK 41 launcher, directly alongside Farlow and his team of engineers, is software development tools provider DDC-I. Their DACS-80×86 Ada compiler and tools maintain the assembly code for the run-time systems they embed on Intel 186 and 386 targets, which reside on separate boards within the Launch Sequencer.
Headquartered in Phoenix, Arizona, DDC-I is a long-standing developer of Ada and C development systems and tools, including compilers, run time systems, and debuggers. Beyond their software engineering products, DDC-I also offers consulting and support services to a distinguished list of civil, commercial, and defense contractors, including Boeing, Sikorsky, and United Technologies.
The high level of importance assigned to controlling maintenance costs at Lockheed Martin is no mystery to DDC-I’s Vice President of Technology, Joyce Tokar.
“When you look at computer systems from the total lifecycle perspective, between sixty and eighty percent of costs occur after development and implementation. In other words, the maintenance phase accounts for the lion’s share of the cost in traditional projects,” she details.
Like Tokar, Farlow has worked in the safety-critical embedded systems arena for well over a decade, and he feels that the largest improvements in software development have come at the hands of vendors like DDC-I, who have dramatically improved the programming suites and testing tools available in recent years.
“I started working with embedded systems back in the late eighties, and the tools were very crude, black and white text-only displays. GUI environments have made it a lot more efficient. The biggest problem I’m running into now is finding modern tools that support older targets like the 186 and the 386,” he states.
The best measure of DDC-I’s steady focus on their customer’s needs is their continuing provision and support for programming tools that support older Intel processor cores like those embedded within the MK 41 VLS Launch Sequencer.
“We have broad experience with the ‘bare-metal boys’ in the safety-critical embedded systems field, and our focus remains on getting the best possible application performance out of each processor,” Tokar adds.
DDC-I is also among the leaders establishing Open-Standard ANDF-based multi-language development capability (Ada and C) via their SCORE integrated development environment. Coincidentally, Farlow’s programming team in Baltimore was one of the beta test sites for the initial release of SCORE. While they helped DDC-I root out bugs in the beta release, they also homed in on the early version of the AdaCAST Vector test tools.
“Inside my group, it would be nice if we had more tools to handle code analysis. Manual analysis and testing is very time-consuming, and we’re looking for efficient automated tools. The AdaCAST Vector test tools integrated with SCORE allowed us to run unit testing directly on our target machine and still debug it, get a full dump of the inputs and outputs, everything,” he illustrates.
Though the prospect of his team acquiring SCORE was nil, since the MK 41 VLS project is long past development and implementation, Farlow felt that the basic principle behind the technology — addressing the growing need to combine reusable software components, written in different languages, targeting different processors and developed on different development platforms — was sound.
The first multi-language, multi-target, multi-host IDE for real-time safety-critical embedded system developers based on non-proprietary open system standards, SCORE is a prime example of the improving functionality and flexibility of software design tools alluded to by Farlow.
DDC-I’s Tokar explains that maximum flexibility is paramount to reducing development costs via shorter design cycles, resulting in improved time to market for new and redesigned products.
She adds that developing in Ada can also have positive repercussions on long-term system costs like maintenance. Despite predictions of its demise after the DoD lifted their mandate to develop with Ada for defense contracts in 1997, Ada usage is increasing and recognition of the language’s advantages in code reliability, reusability, readability, and portability is on the rise.
“Boeing’s choice to remain with Ada on the Comanche helicopter sends a clear signal that Ada is still the language of choice for large-scale, safety-critical embedded system development,” she adds.
Hard numbers back Tokar’s assertions. In studies conducted during the eighties, Ada consistently outperformed established programming languages like Pascal, Fortran, and C. In the nineties, Ada continued to surpass C++ in wide-ranging performance evaluations measuring capability, efficiency, maintenance, risk, and total project lifecycle costs.
“There’s a lot of discovery going on right now. For assembly language programmers, just moving to C is a big step, while the C++ crowd is working hard to figure out ‘how can we do this on an embedded chip?’ Ada offers a parallel set of features and functionality, and it’s been tailored for embedded chips,” she says.
In describing his experience prior to the MK 41 VLS, Farlow calls himself “old school.” Starting his programming career working with Fortran and assembly language for one megabyte machines running flight simulators, he was accustomed to writing ultra-tight code — even getting down to counting clock cycles. He began working with Ada in 1990, and was not immediately thrilled with the language.
Since his early experiences, Ada compiler technology has improved exponentially, with the latest designs capable of providing the tightest, most compact RTOS kernels in safety-critical real-time embedded system world. DDC-I’s Tokar was also a member of the team responsible for developing the Ravenscar Profile, an initiative within the Ada industry that developed the most efficient Ada compilation technology available.
“Space is still limited in the embedded world and efficiency was a major concern as we developed the SCORE compilers,” she says. “The results from a specific European Union project for the TGV validated our approach and philosophy that nothing extra should reside on the chip, only what the developers need.”
Farlow’s initial reticence toward Ada waned as he became familiar with the constructs of the language and found it quite easy to code in Ada, describing the self-documenting nature and strong typing of the language, if utilized, as “very helpful,” especially in the safety-critical world.
“I primarily utilize Ada in a functional flow process rather than an object-oriented one, but I have worked with it in an object-oriented realm, and it seems to lend itself quite well to both,” he relates.
Though as a Lockheed Martin employee and DoD contractor Farlow can’t directly endorse a company or product, he does recall a recent set of interactions with DDC-I that he feels are reflective of the company’s positive approach.
“We have a separate group that handles maintenance contracts and vendor relations, but in the last six months, I spent a lot of one-on-one time working with them,” he recalls. “I found their engineering and support staff to be extremely responsive and enthusiastic. I received several calls made by their engineers at 5:00 a.m. Arizona time, just so it would match my local time. They provide better visibility than I think any of the other vendors…that I’ve dealt with”
