Skip to main content
RapiTest - Functional testing for critical software
RapiCover - Low-overhead coverage analysis for critical software
RapiTime - In-depth execution time analysis for critical software
RapiTask - RTOS scheduling visualization
RVS Qualification Kits - Tool qualification for DO-178 B/C and ISO 26262 projects
RapiCouplingPreview - DCCC analysis
MACH178 - Multicore Avionics Certification for High-integrity DO-178C projects
MACH178 Foundations - Lay the groundwork for A(M)C 20-193 compliance
Multicore Timing Solution - Solving the challenges of multicore timing analysis
RapiDaemon - Analyze interference in multicore systems
RTBx - The ultimate data logging solution
Sim68020 - Simulation for the Motorola 68020 microprocessor
V&V Services
Data Coupling & Control Coupling
Training
Consultancy
Tool Integration
Support
Rapita System Announces New Distribution Partnership with COONTEC
Rapita partners with Asterios Technologies to deliver solutions in multicore certification
SAIF Autonomy to use RVS to verify their groundbreaking AI platform
RVS 3.22 Launched
What does AMACC Rev B mean for multicore certification?
How emulation can reduce avionics verification costs: Sim68020
Multicore timing analysis: to instrument or not to instrument
How to certify multicore processors - what is everyone asking?
Certifying Unmanned Aircraft Systems
DO-278A Guidance: Introduction to RTCA DO-278 approval
ISO 26262
Data Coupling & Control Coupling
IEEE SMC-IT/SCC 2025
DASC 2025
DO-178C Multicore In-person Training (Fort Worth, TX)
DO-178C Multicore In-person Training (Toulouse)
The FAA™ and EASA® have been developing guidelines for development of multi-core systems for DO-178 aerospace projects. These include superseded documents like the EASA Certification Review Item – Multi-core Processor (CRI MCP) and CAST-32A. These have now been replaced with AC 20-193 from the FAA and AMC 20-193 from EASA (collectively known as A(M)C 20-193). Advisory Circulars (ACs) produced by the FAA and EASA's equivalent, Acceptable Means of Compliance documents (AMCs), provide guidance for compliance with airworthiness regulations without creating or changing existing regulatory requirements.
The A(M)C 20-193 guidance is a joint effort by the FAA and EASA that supersedes the information in position paper "CAST-32A: Multi-core Processors". It builds on industry advancements that are aiding the certification process for multicore processors (MCPs) and recommends best practices to consider when dealing with MCPs, including considerations for dynamic allocation and multicore interference mitigation. AMC 20-193 was released in January 2022, and AC 20-193 was released some two years later in January 2024. The two guidance documents are fully aligned from a technical and certification perspective.
Background
Multicore processors are increasingly used within avionics systems, and this trend is likely to continue. These processors offer increased performance compared to single-core processors and allow more functionality to be included within hardware. They can also contain other embedded functions such as memory management and embedded security, reducing the chip count for a system. Furthermore, as single-core processors are used in so few other industries, their future supply is a serious concern for avionics suppliers.
Whilst MCPs offer a great deal of advantages, their behavior is harder to verify due to the presence of interference channels.
Interference channels can be caused by a variety of factors, including contention over shared hardware resources. This interference can have a significant effect on timing behavior, raising critical safety concerns. Consequently, conventional DO-178C and DO-297 guidance (designed for single-core systems) is insufficient to verify the behavior of MCPs, hence the need for additional guidance such as AC 20-193 and AMC 20-193.
AMC 20-193 vs CAST-32A Webinar
CAST-32A
In response to the increasing use of MCPs and the need to meet compliance guidelines in projects using MCPs, the Certification Authorities Software Team (CAST) published Position Paper CAST-32A named ‘Multicore Processors’ (often referred to as just ‘CAST-32A’). This paper identifies topics that could impact the safety, performance and integrity of airborne software systems executing on MCPs and provides objectives intended to guide the production of safe multicore avionics systems.
A(M)C 20-193 vs. CAST-32A
We’ve spent some time reviewing the new guidance in order to highlight the differences between AMC 20-193 and CAST-32A. Here are the differences we found:
- Dynamic allocation of software execution – CAST-32A discouraged the use of dynamic allocation mechanisms for software execution (such as task migration) in ED-12C/DO-178C projects. AMC 20-193 states that “justification for using dynamic allocation features within the scope of this AMC may rely on robust and proven limitations that lead to deterministic behavior”. Activities relating to the appropriate use and verification of dynamic allocation of software execution remains outside the scope of the AMC.
- Simultaneous multithreading – guidance was given for certification of systems using simultaneous multithreading in CAST-32A. AMC 20-193 specifically states that this is not a multicore issue and offers no guidance for it. You’ll almost certainly still need to take any simultaneous multithreading into account in your ED-12C/DO-178C developments, but this isn’t covered by AMC 20-193.
- Exemptions – CAST-32A specified some exemptions as to situations in which a multicore ED-12C/DO-178C would not need to meet CAST-32A objectives. AMC 20-193 adds a new exemption for systems where cores are acting as co-processors under the control of another core, such as GPUs whose execution is under the control of a CPU.
- Integrated Modular Avionics (IMA) – AMC 20-193 includes a definition of IMA, which states that in the context of the AMC, an IMA platform meets the robust resource and time partitioning criteria listed in the AMC.
- Other definitions and clarifications – AMC 20-193 clarifies a number of other things that were mentioned in CAST-32A, for example clarifying that a multicore platform includes platform software such as an RTOS or hypervisor, and providing extra definitions for what constitutes a software or hardware component.
-
Mitigation of changes to critical configuration settings – CAST-32A’s
MCP_Resource_Usage_2objective provided guidance on the need to mitigate against inadvertent changes to critical platform configuration settings for ED-12C/DO-178C certification of multicore systems. AMC 20-193 does not include such guidance, stating that this objective is already provided in AMC 20-152A (ObjectiveCOTS-8). -
Use of simulators – AMC 20-193 discourages the use of simulators in its
MCP_Software_1objective. - Data Coupling Control Coupling – AMC 20-193 clarifies that tasks on one component may execute on other cores, so tasks on the same component may interfere with each other.
Rapita Systems have a unique solution to help you meet AMC 20-193 and CAST-32A objectives including analyzing software timing behavior within the context of multicore interference. Taking advantage of this solution will provide a head start in adhering to the guidelines that will be provided in the upcoming AMC 20-193. Find out more about Rapita’s solution here.
