This content is not included in your SAE MOBILUS subscription, or you are not logged in.

An Approach to Verification of Interference Concerns for Multicore Systems (CAST-32A)

Journal Article
ISSN: 2641-9637, e-ISSN: 2641-9645
Published March 10, 2020 by SAE International in United States
An Approach to Verification of Interference Concerns for Multicore Systems (CAST-32A)
Event: AeroTech
Citation: VanderLeest, S. and Evripidou, C., "An Approach to Verification of Interference Concerns for Multicore Systems (CAST-32A)," SAE Int. J. Adv. & Curr. Prac. in Mobility 2(3):1174-1181, 2020,
Language: English


The avionics industry is moving towards the use of multicore systems to meet the demands of modern avionics applications. In multicore systems, interference can affect execution timing behavior, including worst case execution time (WCET), as identified in the FAA CAST-32A position paper. Examining and verifying the effects of interference is critical in the production of safety-critical avionics software for multicore architectures. Multicore processor hardware along with aerospace RTOS providers increasingly offers robust partitioning technologies to help developers mitigate the effects of interference. These technologies enable the partitioning of cores for different applications at different criticalities and make it possible to run multiple applications on one specific core. When incorporated into system-design considerations, these partitioning mechanisms can be used to reduce the effects of interference on software performance. In this paper we describe a novel approach to verifying the effectiveness of RTOS interference mitigation on the final hosted software. We showcase the use of the proposed approach on the NXP T2080 multicore board. The approach follows a V-model based methodology in which high- and low-level requirements for the analysis are defined before designing and implementing tests and producing verification results using the Rapita Verification Suite. Tests are supported by multicore interference generators called RapiDaemons that create a configurable degree of contention on shared resources. This provides an assessment of the robustness of the system by identifying and quantifying any remaining interference on the partitioned system, thus demonstrating that interference is bounded and thereby providing evidence of WCET to certification authorities. The presented results confirm the effectiveness of our proposed approach to independent verification of multicore interference mitigation.