https://github.com/nasa/ogma Skip to content Sign up * Why GitHub? + Features + Mobile + Actions + Codespaces + Packages + Security + Code review + Issues + Integrations + GitHub Sponsors + Customer stories * Team * Enterprise * Explore + Explore GitHub + Learn and contribute + Topics + Collections + Trending + Learning Lab + Open source guides + Connect with others + The ReadME Project + Events + Community forum + GitHub Education + GitHub Stars program * Marketplace * Pricing + Plans + Compare plans + Contact Sales + Education [ ] * # In this repository All GitHub | Jump to | * No suggested jump to results * # In this repository All GitHub | Jump to | * # In this organization All GitHub | Jump to | * # In this repository All GitHub | Jump to | Sign in Sign up {{ message }} nasa / ogma Public * Notifications * Star 127 * Fork 4 * 127 stars 4 forks Star Notifications * Code * Issues 0 * Pull requests 0 * Actions * Projects 0 * Wiki * Security * Insights More * Code * Issues * Pull requests * Actions * Projects * Wiki * Security * Insights develop Switch branches/tags [ ] Branches Tags Could not load branches Nothing to show Loading {{ refName }} default View all branches Could not load tags Nothing to show {{ refName }} default Loading View all tags 6 branches 1 tag Code Loading Latest commit @ivanperez-keera ivanperez-keera Merge branch 'develop-readme-videos' into develop. Close #32. ... 49e78e4 Nov 30, 2021 Merge branch 'develop-readme-videos' into develop. Close #32. 49e78e4 Git stats * 83 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time docs Briefly introduce FRET, add image of FRET and X-Plane. Refs #16. Nov 23, 2021 ogma-cli Include videos in README. Refs #32. Nov 30, 2021 ogma-core Initialize all CHANGELOGs. Refs #31. Nov 23, 2021 ogma-extra Initialize all CHANGELOGs. Refs #31. Nov 23, 2021 ogma-language-c Initialize all CHANGELOGs. Refs #31. Nov 23, 2021 ogma-language-cocospec Initialize all CHANGELOGs. Refs #31. Nov 23, 2021 ogma-language-copilot Initialize all CHANGELOGs. Refs #31. Nov 23, 2021 ogma-language-fret-cs Initialize all CHANGELOGs. Refs #31. Nov 23, 2021 ogma-language-fret-reqs Initialize all CHANGELOGs. Refs #31. Nov 23, 2021 ogma-language-smv Initialize all CHANGELOGs. Refs #31. Nov 23, 2021 .gitignore Introduce library for C header parsing/AST representation. Refs #1. Sep 13, 2021 LICENSE.pdf Replace symbolic link for destination. Refs #5. Sep 14, 2021 README.md Introduce license and README at top level. Refs #4. Sep 13, 2021 View code [ ] OGMA Features Table of Contents Installation Pre-requisites Compilation Usage Language transformations: FRET cFS Application Generation Struct Interface Generation Contributions Acknowledgements License README.md OGMA Ogma is a tool to facilitate the integration of safe runtime monitors into other systems. Ogma extends Copilot, a high-level runtime verification framework that generates hard real-time C99 code. Features * Translating requirements defined in NASA's requirements elicitation tool FRET into corresponding monitors in Copilot. * Generating NASA Core Flight System applications that use Copilot for monitoring data received from the message bus. * Generating message handlers for NASA Core Flight System applications to make external data in structs available to a Copilot monitor. * Generating the glue code necessary to work with C structs in Copilot. Conversion of requirements into C code Conversion of FRET requirements into C code. Monitoring within simulation video Integration of monitors into larger applications (e.g., simulators). Table of Contents * Installation + Pre-requisites + Compilation * Usage + Language Transformations: FRET + cFS Application Generation + Struct Interface Generation * Contributions * Acknowledgements * License Installation ^(Back to top) Pre-requisites ^(Back to top) To install Ogma from source, users must have the tools GHC and cabal-install. At this time, we recommend GHC 8.6 and a version of cabal-install between 2.4 and 3.2. (Ogma has been tested with GHC versions up to 8.10 and cabal-install versions up to 3.6, although the installation steps may vary slightly depending on the version of cabal-install being used.) On Debian or Ubuntu Linux, both can be installed with: $ apt-get install ghc cabal-install On Mac, they can be installed with: $ brew install ghc cabal-install Compilation ^(Back to top) Once GHC and cabal are installed, the simplest way to install Ogma is with: $ git clone https://github.com/nasa/ogma.git $ cd ogma $ export PATH="$HOME/.cabal/bin/:$PATH" $ cabal v1-install alex happy $ cabal v1-install BNFC copilot $ cabal v1-install ogma-*/ After that, the ogma executable will be placed in the directory $HOME /.cabal/bin/, where $HOME represents your user's home directory. Usage ^(Back to top) The main invocation of ogma with --help lists sub-commands available: $ ogma --help ogma - an anything-to-Copilot application generator Usage: ogma COMMAND Generate complete or partial Copilot applications from multiple languages Available options: -h,--help Show this help text Available commands: structs Generate Copilot structs from C structs handlers Generate message handlers from C structs cfs Generate a complete cFS/Copilot application fret-component-spec Generate a Copilot file from a FRET Component Specification fret-reqs-db Generate a Copilot file from a FRET Requirements Database Language transformations: FRET ^(Back to top) FRET is a requirements elicitation tool created by NASA Ames Research Center. Requirements can be specified in structured natural language called FRETish, and the tool helps users understand them, validate them, and formalize them. For instructions on how to specify, analyze and export FRET requirements, see the FRET manual. [fret] ^Screenshot of requirement specified inside NASA's requirements elicitation tool FRET. Ogma can convert specifications generated by FRET into Copilot monitors. Specifically, the commands fret-component-spec and fret-reqs-db allow users to interact with the different kinds of files produced by FRET. FRET files include properties encoded using Temporal Logic, both in SMV and in CoCoSpec, the latter of which is an extension of Lustre. Ogma uses the SMV expressions by default, but the CLI flag --cocospec can be used to select the CoCoSpec variant of requirements instead. As an example, from the following FRET requirement: test_component shall satisfy (input_signal <= 5) Ogma generates the following Copilot specification: import Copilot.Compile.C99 import Copilot.Language hiding (prop) import Copilot.Language.Prelude import Copilot.Library.LTL (next) import Copilot.Library.MTL hiding (since, alwaysBeen, trigger) import Copilot.Library.PTLTL (since, previous, alwaysBeen) import Language.Copilot (reify) import Prelude hiding ((&&), (||), (++), not, (<=), (>=), (<), (>)) input_signal :: Stream Double input_signal = extern "input_signal" Nothing -- | propTestCopilot_001 -- @ -- test_component shall satisfy (input_signal <= 5) -- @ propTestCopilot_001 :: Stream Bool propTestCopilot_001 = ( alwaysBeen (( ( ( input_signal <= 5 ) ) )) ) -- | Complete specification. Calls the C function void handler(); when -- the property is violated. spec :: Spec spec = do trigger "handlerpropTestCopilot_001" (not propTestCopilot_001) [] main :: IO () main = reify spec >>= compile "fret" This program can be compiled using Copilot to generate a fret.c file that includes a hard real-time C99 implementation of the monitor. The specification generated by FRET for the FRETish requirement shown above is included with the Ogma distribution, and can be tested with: $ ogma fret-component-spec --cocospec --fret-file-name examples/fret-reqs-small.json > FretCopilot.hs $ runhaskell FretCopilot.hs The first step executes ogma, generating a Copilot monitor in a file called FretCopilot.hs. The second step executes the Copilot compiler, generating a C implementation fret.c and C header file fret.h. The resulting fret.c file can be tested with the main provided in examples/fret-reqs-small-main.c, which defines a handler for Copilot to call when the property monitored is violated, and a main function that steps through the execution, providing new data for the Copilot monitor: #include double input_signal; // Input data made available for the monitor void step(void); // Copilot monitor's main entry point void handlerpropTestCopilot_001(void) { printf("Monitor condition violated\n"); } int main (int argc, char** argv) { int i = 0; input_signal = 0; for (i=0; i<10; i++) { printf("Running step %d\n", i); input_signal += 1; step(); } return 0; } To compile both files, run gcc examples/fret-reqs-small-main.c fret.c -o main. Executing the resulting main shows that the condition is violated after a number of steps: Running step 0 Running step 1 Running step 2 Running step 3 Running step 4 Running step 5 Monitor condition violated Running step 6 Monitor condition violated Running step 7 Monitor condition violated Running step 8 Monitor condition violated Running step 9 Monitor condition violated Take a peek inside the intermediate files FretCopilot.hs, fret.c and fret.h to see what is being generated by Ogma and by Copilot. The generated C code can be integrated as part of a larger application. For example, the following shows a Copilot monitor generated from a FRET file integrated in an X-Plane widget that presents information to users during a flight in the X-Plane simulator. [xplane] ^Screenshot of Copilot monitor generated by Ogma from FRET requirement, integrated into the X-Plane flight simulator. The widget on the right side of the screen presents information received and returned by the monitor, with a red/fire icon to signal that the monitor has been triggered (i.e., that the property has been violated). Numeric Representations FRET Component Specifications use the types real and int to represent different numeric variables. Copilot distinguishes between different numeric representations and supports multiple precisions, and so does the final C code generated from the Copilot specification. To help users generate code that works as part of a larger system without modifications, Ogma includes two additional flags to map the types real and int to specific Copilot (Haskell) types. For example, the following command would generate a Copilot specification for a hypothetical numeric-example.json FRET CS file while mapping all real variables to the type Double and all integer variables to the type Int32: $ ogma fret-component-spec --fret-file-name numeric-example.json --map-int-to Int32 --map-real-to Double In the name of flexibility, Ogma does not sanitize the values of these variables and copies the types passed to these options verbatim to the generated Copilot code. It is the user's responsibility to ensure the types passed are valid Haskell types within the scope of the module generated. Note that Copilot supports only a limited subset of numeric types, which must be instances of the type class Typed. cFS Application Generation NASA Core Flight System (cFS) is a flight software architecture to implement complex systems by combining multiple reusable applications that communicate to one another via a software bus. cFS has been used, among others, on spacecraft, cubesats, and drones. Ogma includes multiple facilities to generate cFS applications. The cFS applications generated by Ogma perform three steps to connect Copilot monitors to the application: * Subscribe to a message in the cFS communication bus. * When a message of the desired kind arrives, copy the data to make it available to Copilot and call the monitor's main entry point. * Declare handlers that are executed when the property being monitored is violated. When using this facility, Ogma produces a Copilot file that the user is expected to modify to implement the property to monitor. To avoid having to modify the generated C files that implement the cFS app itself, Ogma gives the ability to state what information one is interested in monitoring. If the kind of information is known to Ogma, it will automatically subscribe to the necessary messages and make it available to Copilot. Ogma provides additional flags to customize the list of known variables, so that projects can maintain their own variable databases beyond what Ogma includes by default. cFS applications are generated using the Ogma command cfs, which receives three main arguments: * --app-target-dir DIR: location where the cFS application files must be stored. * --variable-file FILENAME: a file containing a list of variables that must be made available to the monitor. * --variable-db FILENAME: a file containing a database of known variables, and the message they are included with. The following execution generates an initial cFS application for runtime monitoring using Copilot: $ ogma cfs --variable-db examples/cfs-variable-db --variable-file examples/cfs-variables The application generated by Ogma contains the following files: copilot-cfs-demo/CMakeLists.txt copilot-cfs-demo/fsw/for_build/Makefile copilot-cfs-demo/fsw/mission_inc/copilot_cfs_perfids.h copilot-cfs-demo/fsw/platform_inc/copilot_cfs_msgids.h copilot-cfs-demo/fsw/src/copilot_cfs.c copilot-cfs-demo/fsw/src/Properties.hs copilot-cfs-demo/fsw/src/copilot_cfs_msg.h copilot-cfs-demo/fsw/src/copilot_cfs_events.h copilot-cfs-demo/fsw/src/copilot_cfs_version.h copilot-cfs-demo/fsw/src/copilot_cfs.h Users are expected to modify Properties.hs to adjust the property being monitored. Although it is possible to adjust the file copilot_cfs.c to include property violation handlers, we recommend adding them in a separate C file and modifying the compilation scripts to include that additional file. That way, invoking Ogma again will not overwrite the changes made to the cFS application. In this particular example, the C code generated contains the following instruction to subscribe to an ICAROUS_POSITION_MID message to obtain the vehicle position: CFE_SB_Subscribe(ICAROUS_POSITION_MID, COPILOT_CommandPipe); The message dispatcher included in the application detects a message of this kind and calls a dedicated subroutine: void COPILOT_ProcessCommandPacket(void) { CFE_SB_MsgId_t MsgId; MsgId = CFE_SB_GetMsgId(COPILOTMsgPtr); switch (MsgId) { case ICAROUS_POSITION_MID: COPILOT_ProcessIcarousPosition(); break; ... Finally, the dedicated subroutine makes data available to the monitor and calls the main Copilot entry point step: void COPILOT_ProcessIcarousPosition(void) { position_t* msg; msg = (position_t*) COPILOTMsgPtr; position = *msg; step(); } Struct Interface Generation A lot of the information that must be monitored in real-world C applications is packed in structs. Copilot allows accessing specific fields of C structs, but requires additional definitions in the Copilot language to make the shape of those structs known to the compiler. Ogma is able to generate the boilerplate code needed to work with C structs in Copilot. For example, to use the following struct as the type of an extern stream in Copilot, the user is expected to define several Copilot (Haskell) types and type class instances: typedef struct { double x; double y; } point; Ogma can generate that code automatically with the structs subcommand: $ ogma structs --header-file-name examples/point.h data Point = Point { pX :: Field "x" Double , pY :: Field "y" Double } instance Struct Point where typename _ = "point" toValues v = [ Value Double (pX v), Value Double (pY v) ] instance Typed Point where typeOf = Struct (Point (Field 0) (Field 0)) By including these definitions in a Copilot file, users can now access the individual x and y fields of a Point in a stream. Contributions ^(Back to top) The best way to contribute to Ogma is to report any issues you find via the issue tracker, and to use Ogma to build applications or in your own research and let us know about your results. We kindly ask users not to send PRs to this project. Instead, please document the bugs you find or other suggestions as issues and we will make the necessary changes. Acknowledgements ^(Back to top) Ogma has been created by Ivan Perez and Alwyn Goodloe. The Ogma team would like to thank Dimitra Giannakopoulou, Anastasia Mavridou, and Thomas Pressburger, from the FRET Team at NASA Ames, for the continued input during the development of Ogma. We would also like to thank Cesar Munoz and Swee Balachandran, for their help with the cFS backend. X-Plane images obtained via the X-Plane 10 (Pro) flight simulator. Re-shared with permission. License ^(Back to top) Copyright 2020-2021 United States Government as represented by the Administrator of the National Aeronautics and Space Administration. All Rights Reserved. See the file LICENSE.pdf for details. About No description, website, or topics provided. Resources Readme Releases 1 tags Packages 0 No packages published Languages * Haskell 93.0% * C 5.4% * Makefile 1.3% * CMake 0.3% * (c) 2021 GitHub, Inc. * Terms * Privacy * Security * Status * Docs * Contact GitHub * Pricing * API * Training * Blog * About You can't perform that action at this time. You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.