Experiences of Civil Certification of Multi-Core Processing Systems in Commercial and Military Avionics, Integration Activities, and Analysis
Published March 19, 2019 by SAE International in United States
Downloadable datasets for this paper availableAnnotation of this paper is available
Event: AeroTech Americas
Avionics systems are currently undergoing a transition from single core processor architectures to multi-core processor architectures. This transition enables significant advantages in reduction in size, weight, power (SWaP) and cost. However, avionics hardware and software certification policies and guidance are evolving as research and experience is gained with multi-core processor architectures. The unique challenges of using multi-core processors in certified avionics will be discussed. The requirements for a virtualization platform supporting multiple real-time operating system (RTOS) partitions on a multi-core processor used in safety-critical avionics systems are defined, including the ability to support multiple design assurance levels (DAL) on multiple cores, fault isolation and containment, static configuration as per ARINC 653, role-based development as per DO-297, and robust partitioning to reduce cost of incremental certification. The paper will present a collaborative approach undertaken by a leading avionics system supplier and a leading safety-critical commercial-off-the-shelf (COTS) RTOS supplier in the development of a multi-core real-time system with DO-178C DAL A software and DO-254 DAL A hardware safety certification on an FAA Program of Record (PoR). The approach taken to comply with FAA CAST-32A objectives will be presented. Particular focus is provided for integration activities and program specific analysis performed by the IMA application developer and integrator to guarantee determinism in the deployed system. Using the approach defined under the PoR, the application developer performs activities including foot-printing under worst-case execution time (WCET) loads and application of numerical methods to predict interference effects. The IMA integrator uses this data to define a performance restricted environment (PRE) and uses WCET verification in the PRE. Tools, analysis methods, and sample results will be presented. The method to capture results is discussed. Finally the paper includes lessons learned during the program.
CitationTiedeman, H. and Parkinson, P., "Experiences of Civil Certification of Multi-Core Processing Systems in Commercial and Military Avionics, Integration Activities, and Analysis," SAE Technical Paper 2019-01-1382, 2019, https://doi.org/10.4271/2019-01-1382.
Data Sets - Support Documents
|[Unnamed Dataset 1]|
- U.S. Federal Aviation Administration, “Microprocessor Evaluations for Safety-Critical, Real-Time Applications: Authority for Expenditure No. 43 Phase 5 Report,” DOT/FAA/AR-11/5, 2011, https://www.faa.gov/aircraft/air_cert/design_approvals/air_software/media/11-5.pdf.
- Jean, X., Gatti, M, Berthon, G., and Fumey, M., “MULCORS - Use of MULticore proCessORS in Airborne Systems,” Research Project EASA.2011/6, EASA, Nov. 2012, http://easa.europa.eu/system/files/dfu/CCC_12_006898-REV07%20-%20MULCORS%20Final%20Report.pdf.
- “QorIQ P3041 Family Reference Manual,” P3041RM Rev 4, NXP, Jul. 2016, https://www.nxp.com/webapp/Download?colCode=P3041RM.
- “QorIQ T2080 Family Reference Manual,” T2080RM Rev 1, NXP, May 2015, https://www.nxp.com/webapp/Download?colCode=T2080RM.
- “Multi-Core Processors,” Position Paper, Certification Authorities Software Team, CAST-32A, FAA, November 2016, https://www.faa.gov/aircraft/air_cert/design_approvals/air_software/cast/cast_papers/media/cast-32A.pdf.
- IEEE, “POSIX PSE-52 Realtime Controller Profile,” P1003.13, 2003, http://get.posixcertified.ieee.org/docs/pse52-2003.html.
- ARINC, “Avionics Application Software Standard Interface, Part 1, Required Services,” ARINC Specification 653 Part 1 Supplement 3, Nov. 2010.
- The Open Group, “Technical Standard for Future Airborne Capability Environment (FACE™) Edition 2.1, https://publications.opengroup.org/c145.
- RTCA Inc., “Software Considerations in Airborne Systems and Equipment Certification,” DO-178C, Dec. 2011.
- EUROCAE, “Software Considerations in Airborne Systems and Equipment Certification,” ED-12C, 2011.
- Parkinson, P.J. and Kinnan, L.M., “Safety-Critical Software Development for Integrated Modular Avionics,” Wind River Technical White Paper, 2018, http://www.windriver.com/whitepapers/aerospace-defense/safety-critical-software-development-for-integrated-modular-avionics/.
- “Major Organizations Achieve FACE™ Conformance as Program Gains Momentum,” Press Release, The Open Group, March 7, 2018, http://www.opengroup.org/news/press/Major-Organizations-Achieve-FACE%E2%84%A2-Conformance-as%20Program-Gains-Momentum.
- RTCA, “Integrated Modular Avionics (IMA) Development Guidance and Certification Considerations,” DO-297, 2007, http://www.rtca.org/store_product.asp?prodid=617.
- RTCA, “Design Assurance Guidance for Airborne Electronic Hardware,” DO-254, https://my.rtca.org/NC__Product?id=a1B36000001IcjTEAS.
- EUROCAE, “Design Assurance Guidance for Airborne Electronic Hardware,” ED-80, https://eshop.eurocae.net/eurocae-documents-and-reports/ed-80.
- EUROCAE, “Integrated Modular Avionics (IMA) Development Guidance and Certification Considerations,” ED-124, Jun. 2007, https://standards.globalspec.com/std/1217319/eurocae-ed-124.
- FAA, “Real-Time Operating Systems and Component Integration Considerations in Integrated Modular Avionics Systems Report,” DOT/FAA/AR-07/39, August 2007.