NASA selects Rapita Verification Suite for the Lunar Gateway
York Aerospace and Rocketry Society Update
FACE Technical Interchange Meeting - September 2021
Bell selects Rapita for Invictus 360 FARA Project
Introducing the RapiTest Editor
Software verification on the Solar Orbiter
Metrowerks CodeTest - How and why to upgrade
Leveraging FACE Conformance Artifacts to Support Airworthiness
DO-178C
MATLAB Simulink MCDC coverage and WCET analysis
Code coverage for Ada, C and C++
AMC 20-193
Aerospace TechWeek 2021
Safe Use of Multi-Core Processors Seminar
How to perform Cost-Effective Multicore Verification – An Industrial Tutorial
AMC 20-193
EASA® and the FAA™ have been developing guidelines for development of multi-core systems for DO-178 aerospace projects. These include the EASA Certification Review Item – Multi-core Processor (CRI MCP), CAST-32A and the soon to be released AMC 20-193. Acceptable Means of Compliance documents (AMCs) and the FAA's equivalent, Advisory Circulars, provide guidance for compliance with airworthiness regulations without creating or changing existing regulatory requirements.
AMC 20-193 is a joint effort by EASA and the FAA that supplements the guidance in position paper "CAST-32A: Multi-core Processors". AMC 20-193 will build on industry advancements that are aiding the certification process for multicore processors (MCPs) and will recommend best practices to consider when dealing with MCPs. It is anticipated that AMC 20-193 will address the topics of dynamic allocation and multicore inteference mitigation. The final version of AMC 20-193 is due to be published in late 2021 – updates can be found at the EASA website.
Background
Multicore processors are increasingly used within avionics systems, and this trend is likely to continue. These processors offer increased performance compared to single core processors and allow more functionality to be included within hardware. They can also contain other embedded functions such as memory management and embedded security, reducing the chip count for a system. Furthermore, as single-core processors are used in so few other industries, their future supply is a serious concern for avionics suppliers.
Whilst MCPs offer a great deal of advantages, their behavior is harder to verify due to the presence of interference channels.
Interference channels can be caused by a variety of factors, including contention over shared hardware resources. This interference can have a significant effect on timing behavior, raising critical safety concerns. Consequently, conventional DO-178C and DO-297 guidance (designed for single-core systems) is insufficient to verify the behavior of MCPs, hence the need for additional guidance such as CAST-32A and AMC 20-193.
CAST-32A
In response to the increasing use of MCPs and the need to meet compliance guidelines in projects using MCPs, the Certification Authorities Software Team (CAST) published Position Paper CAST-32A named ‘Multicore Processors’ (often referred to as just ‘CAST-32A’). This paper identifies topics that could impact the safety, performance and integrity of airborne software systems executing on MCPs and provides objectives intended to guide the production of safe multicore avionics systems.
You can find out more about more about CAST-32A here
Rapita Systems has a unique solution to help you meet CAST-32A objectives including analyzing software timing behavior within the context of multicore interference. Taking advantage of this solution will provide a head start in adhering to the guidelines that will be provided in the upcoming AMC 20-193. Find out more about Rapita’s solution here.
