Nebula Public Library

The knowledge bank of ESA’s R&D programmes

Development of partitioned Prototype Application (IMA-SP application development and software maintenance)

Programme Reference
Prime Contractor
Start Date
End Date
Czech Republic
The objective of this activity is to evaluate challenges and strengths with parallel development of application software for a partitioned execution environment, using the IMA-SP development organisation with roles and responsibilities allowing for parallel development (defined in previous activities on IMA for Space), as well as explore our approach for on-line integration of partition software in operational flight software.
In order to do a proper evaluation of this development organisation, a setup with parallel and separate development teams is needed. The goal of this particular activity is to have one team develop a payload software for a partitionedenvironment and then to let another team integrate this into the rest of the flight software system developed by that other team. The target flight software system has been developed within the scope of the on-going activity "IMA-SP Product - In- flight Hosting of Prototype Applications (IHPA)".
In the IHPA activity, an approach for on-line integration of partition software in operational flight software is being defined. This will allow updating the software of existing partitions as well as adding software to existing empty partitions. This approach is being tested within the IHPA activity, but needs to be more thoroughly evaluated in order to assess the suitability of this approach in relation to the IMA- SP development organisation.

Integrated Modular Avionics (IMA) is a concept developed for the aeronautics industry to manage the growth in functionality and efficiency required as the industry grows. Integrated Modular Avionics for Space (IMA-SP) is a spin-in of the corresponding concept for spacecraft avionics. 

IMA-SP is foreseen as a possible technical solution for future missions, specifically for scientific missions. This is because combining different software criticality on the shared hardware reduces the computing power needed, reduces the complexity of software needed and prevents one application crashing, which affects other running applications.

Recently, ESA has launched several studies to explore possible solutions to implement IMA-SP in a form of separation kernals – a way of providing the basic functionality needed to enforce time and space partitioning without affecting communications between the applications in different partitions. These studies defined the roles and interfaces needed for software development in a partitioned environment.

A GSTP Element 1 activity with Czech Republic, has built on this framework to further develop IMA-SP processes and roles and understand how they can be implemented and integrated. The activity defined a use case for in-flight hosting of a payload to demonstrate the feasibility of the concept.

Generally speaking, the environment is not an easy one to master as it encompasses an entire on-board software. This software then has additional partitions to separate the demonstration and test environments. Finally it also has to integrate the payload software. All of these elements are largely outdated today and were not meant to be maintained over so many years.

Notably, the GSTP activity was based on a single core processor, which limits utilisation of multiple applications. But recently multi-core processors have spread around the world. If the multi-core processor is used, more interesting scenarios can be considered, such as having the IMA-SP Platform executed on one dedicated core, while the remaining cores can be utilised by payloads that may reduce the risks found in partition scheduling.

In a system built around the IMA paradigm, a number of different applications are integrated onto the same hardware. Each application is executing in their own partition with regard to memory and execution time. The segregation is guaranteed by a partitioning kernel, guaranteeing that the applications will not interfere with each other. The strict segregation of applications provides a range of benefits from the viewpoint of software development. The main ones of interest for this activity are the following:
  • Independent verification and validation. With guaranteed non-interference between applications, these can be verified and validated separately and completely before integration. Integrating the applications on top of a separation kernel will ensure that the environment of the individual applications behaves as assumed during verification and validation activities.
  • Parallel and concurrent development. If applications can be verified and validated individually and separated from each other, the actual development can be done concurrently and in parallel, using potentially different development teams for each application.
  • On-line integration of new and/or updated applications. Providing applications with their own individual partitions together with the fact that applications can be verified and validated separately, allows for individual applications to be updated, or even added, while the system is online, without any major disturbances on other applications.
This activity will explore the strengths and challenges with all the points above.
In previous activities, an IMA-SP development organisation has been definedincluding roles (e.g. System Integrator and Application Supplier) and their responsibilities, as well as information exchange between the roles. We have also developed a partitioned flight software system based on existing (flying) flight software, incorporating also an approach for on-board software maintenance (OBSM) allowing for uploading of individual partitions.
The scenario for this activity is that the System Integrator has an existing flight software system including partitioning kernel, system services and other applications. The development and verification of the new application dedicated for one partition to be integrated with this existing flight software system will be performed by an independent Application Supplier.
For A B above: This activity shall evaluate the strengths and challenges when using this development organisation, focusing on the interaction between System Integrator and Application Supplier. The evaluation will study the responsibilities of the roles and the information exchange in order to assess the suitability of the organisation and interaction.
For C above: This activity shall evaluate the strengths and challenges with the on- board software maintenance approach when combining it with the uploading and on-line integration of new application partitions. The evaluation will study the technical approach for OBSM as such, as well as the relation between the OBSM approach and the development organisation.
The technical results will provide us with feedback on the suitability of the IMA-SP development organisation and the IMA-SP OBSM approach. We will identify weaknesses and strengths which will be used to further refine the approaches so that efficiency of development and maintenance of IMA-SP systems can be improved.
Application Domain
Generic Technologies
Technology Domain
2 - Space System Software
Competence Domain
3-Avionic Systems
Initial TRL
Target TRL
Achieved TRL
Public Document
Final Presentation
Executive Summary