RVS 3.13 Launched
Zero-footprint verification with RVS 3.12
Rapita COVID-19 Notice – What it means for our customers
FACE Components: Interchangeable but not Equal
How the Operating System Segment fits into the FACE architecture
Generating low level tests from system tests
Future Airborne Capability Environment (FACE) Technical Interchange Meeting
Safe Use of Multi-Core Processors Seminar
Digital Avionics Systems Conference
AMC 20-193
EASA and the FAA have been developing new guidelines for development of multi-core systems for DO-178 aerospace projects. These include the generic EASA Certification Review Item – Multi-core Processor (CRI MCP), CAST-32A and the soon to be released AMC 20-193. Acceptable Means of Compliance documents (AMCs) and the FAA's equivalent, Advisory Circulars, provide guidance for compliance with airworthiness regulations without creating or changing existing regulatory requirements.
AMC 20-193 is a joint effort by EASA and the FAA that supplements the guidance in position paper "CAST-32A: Multi-core Processors". AMC 20-193 will highlight how industry advancements are aiding the certification process for multicore processors (MCPs) and will recommend best practices to consider when dealing with MCPs. It is anticipated that AMC 20-193 will primarily address the topics of dynamic allocation and interference management. AMC 20-193 is due to be published in late 2020 – updates can be found at the EASA website.
Background
For some years, multicore processors have been used more within avionics systems, and this trend is likely to continue. These processors offer increased performance compared to single core processors and allow more functionality to be included within hardware. They can also contain other embedded functions such as memory management and embedded security, reducing the chip count for a system. Furthermore, as single-core processors are used in se few other industries, their future supply is a serious concern for avionics suppliers.
Whilst MCPs offer a great deal of advantages, their behavior is harder to verify due to the presence of interference channels.
Interference channels can be caused by a variety of factors, including contention over shared hardware resources. This interference can have a significant affect on timing behavior, raising critical safety concerns. Consequently, conventional DO-178C guidance (designed for single-core systems) is insufficient to verify the behavior of MCPs, hence the need for additional guidance such as CAST-32A and AMC 20-193.
CAST-32A
In response to the increasing use of MCPs and the need to meet compliance guidelines in projects using MCPs, the Certification Authorities Software Team (CAST) published Position Paper CAST-32A named ‘Multicore Processors’ (often referred to as just ‘CAST-32A’). This paper identifies topics that could impact the safety, performance and integrity of airborne software systems executing on MCPs and provides objectives intended to guide the production of safe multicore avionics systems.
You can find out more about more about CAST-32A here
Rapita Systems has a unique solution to help you meet CAST-32A objectives including analyzing software timing behavior within the context of multicore interference. Taking advantage of this solution will provide a head start in adhering to the guidelines that will be provided in the upcoming AMC 20-193. Find out more about Rapita’s solution here.