AC 20-193 & AMC 20-193 objectives: MCP_Planning_1, MCP_Planning_2

MCP_Planning_1 applies to DAL A, B and C systems. For all software assurance levels, the platform must be described, including the hardware, peripherals, and the RTOS being used. For DAL A and B systems, plans should include information on the verification processes that will be followed to produce AMC 20-193 compliance evidence.

MCP_Planning_2 requires that you provide a description of how your multicore platform’s resources will be used, allocated and verified, identify any enabled dynamic hardware features, and identify the aspects of the multicore platform that require the use of a safety net.

Rapita Systems’ MACH¹⁷⁸ solution supports planning for A(M)C 20-193 projects. MACH¹⁷⁸ Foundations, part of the MACH¹⁷⁸ Core Pack, includes template plans and checklists to help you write up and review your plans. Specifically, it includes a template Plan for Multicore Aspects of Certification (PMAC) and Multicore Software Verification Plan (MSVP), which links to verification procedures also included in MACH¹⁷⁸ Foundations. Rapita Systems also supports multicore certification planning through consultancy.

AC 20-193 & AMC 20-193 objective: MCP_Resource_Usage_1

MCP_Resource_Usage_1 requires that you identify and document the MCP configuration settings that will enable the hardware and the software hosted on the MCP to satisfy the functional, performance, and timing requirements of the system.

Rapita Systems’ MACH¹⁷⁸ solution supports meeting this objective. A procedure that you can follow to identify Critical Configuration Settings is included in MACH¹⁷⁸ Foundations, which is part of the MACH¹⁷⁸ Core Pack. This is used to identify the hardware registers that can be used to mitigate multicore interference on your platform . MACH¹⁷⁸ Foundations also includes a template output and a checklist to ensure that the outputs have been reviewed. MACH¹⁷⁸ Resource Packs include Critical Configuration Settings Reports for supported multicore platforms, which can be used directly for certification.  

AC 20-193 & AMC 20-193 objective: MCP_Resource_Usage_2

This objective was introduced in CAST-32A, but was not included in AC 20-193 and AMC 20-193 as it is already covered in AC 20-152A / AMC 20-152A objective COTS-8.

The objective asked for the applicant to implement a mechanism to detect and recover from inadvertent modifications to critical configuration settings.

Rapita Systems can help you identify critical configuration settings on your multicore platform, see MCP_Resource_Usage_1.
 

AC 20-193 & AMC 20-193 objective: MCP_Resource_Usage_3

MCP_Resource_Usage_3 requires that you identify interference channels on your platform and verify any interference mitigation strategies you have deployed. This requires detailed understanding of the multicore platform and its resources, and access to detailed technical reference material about the architecture and behavior of multicore hardware.

Rapita Systems’ MACH¹⁷⁸ solution supports meeting this objective. Procedures, templates and review checklists that you can follow to identify,  characterize and document interference channels on multicore platforms are available in MACH¹⁷⁸ Foundations, which is part of the MACH¹⁷⁸ Core Pack. 

Interference Channels that have been identified are documented in an Interference Channel Identification Report. Off-the-shelf reports are available for supported resources in Resource Packs. Characterization produces on-target results for multicore interference. This is supported by RVS tools, which are included in the MACH¹⁷⁸ Core Pack, and characterization tests and RapiDaemons, which are available in Resource Packs for supported resources.

Where available, MACH¹⁷⁸ Resource Packs include Interference Channel Identification Reports, RapiDaemons and to support Interference for specific hardware resources.

AC 20-193 & AMC 20-193 objectives: MCP_Resource_Usage_4

MCP_Resource_Usage_4 requires that you identify the capacity of hardware resources on your multicore processor and demonstrate that the software will not exceed this capacity.

Rapita Systems’ MACH¹⁷⁸ solution supports meeting this objective. Automation tools including RVS, available in the MACH¹⁷⁸ Core Pack facilitate the measurement of resource capacity and software resource usage. Guidance on achieving the objective is included in procedures, templates and checklists available in MACH¹⁷⁸ Foundations, also part of the MACH¹⁷⁸ Core Pack.
 

AC 20-193 & AMC 20-193 objective: MCP_Software_1

MCP_Software_1 requires that you verify that your software meets its timing deadlines in the multicore environment, including interference that can be encountered on the system. It is expected that you produce this evidence through on-target testing. This requires an environment in which interference can be generated in a repeatable fashion.

Rapita Systems’ MACH¹⁷⁸ solution supports meeting this objective. MACH¹⁷⁸ Foundations, included in the MACH¹⁷⁸ Core Pack, provides guidance on selecting strategies for multicore WCET analysis, as well as results templates and checklists to support the activity. RVS tools, also included in the MACH¹⁷⁸ Core Pack and Characterization RapiDaemons, included in Resource Packs for supported resources, support the collection of WCET evidence on-target. Rapita Systems can also provide consultancy to support the definition of WCET analysis methods for your multicore platform.
 

AC 20-193 & AMC 20-193 objective: MCP_Software_2

MCP_Software_2 requires that you verify the data coupling and control coupling (DCCC) of your multicore system. A wide range of perspectives exist on what DCCC means for single core systems, and several different analysis methods have been accepted when certifying DO-178C software. As of today, there is no one accepted method for performing DCCC analysis for multicore systems in line with AC 20-193 and AMC 20-193 objectives.

For single-core systems, DCCC analysis is bounded by coupling between components. A(M)C 20-193 specifically mentions that “Interference may occur between tasks of a single component when the tasks execute on different cores”, and implies that interference should be considered during DCCC verification.

While data coupling and control coupling analysis for multicore systems is of yet a little discussed topic, Rapita Systems lead the way in commercial solutions to multicore verification, and we can work with you to define a strategy that fits for your project.
Rapita Systems is developing in-depth, flexible support for DO-178C data and control coupling analysis through the RapiCoupling tool, which will include guidance on selecting criteria for the analysis and be included in the MACH¹⁷⁸ Core Pack when available. A case study including use of the tool in collaboration with Collins Aerospace was presented at DASC 2024.

AC 20-193 & AMC 20-193 objective: MCP_Error_Handling_1

This objective asks the applicant to identify the effect of failures that may occur within the multicore platform, and demonstrate that detection and recovery mechanisms have been implemented where necessary.

Safety nets should be developed in line with the aircraft-level safety assessment.

Rapita Systems can help with the verification of a safety net implementation through automation tools.
 

AC 20-193 & AMC 20-193 objective: MCP_Accomplishment_Summary

Verification results generated to meet AC 20-193 and AMC 20-193 objectives should be summarized in an Accomplishment Summary.

This should include a high-level summary of results from all verification activities, traceability back to the plans, and a compliance matrix showing which results trace to which A(M)C 20-193 objectives.

Rapita Systems’ MACH¹⁷⁸ solution provides support for generating an Accomplishment Summary to meet this objective. MACH¹⁷⁸ Foundations and RVS, both included in the MACH¹⁷⁸ Core Pack, provide guidance and automation support for generating accomplishment summaries for multicore verification projects.