CAST-32A Compliance

CAST-32A Compliance
Solving the challenges of multicore certification


Our CAST-32A Compliance Package is an end-to-end solution for meeting DO-178C guidelines (including CAST-32A objectives) for multicore projects. The package is a combination of mature products and expert services (for example hardware characterization) that can be delivered alone or as part of a complete solution.

Multicore timing analysis using a V-model approach


By following a V-model process, our engineers investigate multicore systems and produce evidence about their timing behavior.

Our industry-leading tooling, including our unique RapiDaemon technology (which generates interference during tests), reduces analysis effort through automation.

Our approach has been specifically designed to support multicore aerospace projects following DO-178C and CAST-32A guidance.

V model

Addressing CAST-32A Objectives


Our Multicore Timing Solution is designed for CAST-32A compliance, addressing the following objectives:



Later in your CAST-32A project, we help you produce the evidence needed to implement your plans:



Expertise & Analysis


Timing analysis of single core systems can be entirely automated by using software tools such as RapiTime which analyze the worst-case execution time (WCET) of tasks running on the system.

This isn’t the case for multicore systems, for which we must consider the effects of interference caused by resource contention on software execution times. Interference effects are complex, interlinked, and involve components specific to both the multicore architecture and the scheduling and resource allocation systems in the software.

This means that, to properly perform the analysis, we need to apply the expertise of engineers who know the system in detail. While this expertise can be used to direct the use of software tools (for example specifying levels of contention to apply to specific resources), no automated timing analysis tool will be able to understand a multicore system in enough depth to perform the analysis alone.

We have multicore experts based in the US and UK who work full-time on this analysis; meet our team leaders:

Christos Evripidou

Dr. Christos Evripidou, Multicore lead, UK
Dr. Christos Evripidou is the Technical Lead of Rapita Systems' UK Multicore Timing Analysis team. He earned his EngD (Doctor of Engineering in Large-Scale Complex IT Systems) in 2018 at the University of York for his work on scheduling for mixed-criticality hypervisor systems in the automotive domain. Christos has been involved in requirements-based testing for DO-178C DAL-A projects and various multicore timing analysis research projects. Christos is actively working on the refinement of tooling and processes for performing timing analysis, satisfying DO-178C and CAST-32A objectives.

steve vanderleest

Dr. Steven Vanderleest, Multicore lead, US
Dr. Steven Vanderleest leads Rapita Systems' Multicore Solutions team in the US, which analyzes complex timing interference on multicore hardware. Dr. Vanderleest has years of experience related to shared resource interference on multicore systems, holding several patents and having presented multiple conference papers on the subject.

Tool automation


CAST-32A automation

We use our mature software verification toolsuite – the Rapita Verification Suite – to apply tests to multicore hardware (RapiTest) and collect timing metrics (RapiTime) and other metrics such as scheduling metrics (RapiTask) from them. Using these tools, we automate various stages of the multicore timing analysis process.

To analyze the timing behavior of a specific multicore system, the Rapita Systems multicore timing analysis solution uses the following software, hardware and service components:

  • Rapita Verification Suite (RVS), a collection of embedded software verification tools that is widely used in the critical aerospace industry.
  • RapiDaemons, a collection of specialized programs to generate contention on shared hardware resources.
  • RTBx, a high-rate datalogger used to collect and timestamp execution information from embedded hardware.
  • Integration of hardware and software into the multicore development environment under analysis.

Tests & RapiDaemons


We provide a set of carefully designed tests designed to provide evidence of interference channels in your multicore processor. We have standard libraries of tests for a range of multicore processors.

RapiDaemons are specialized applications designed to generate targeted contention on specific hardware resources such as buses, caches and GPUs. By generating contention on shared resources during multicore tests, RapiDaemons support the analysis of multicore timing behavior.

RapiDaemons

Each RapiDaemon applies contention to a specific hardware resource on a specific hardware architecture, either matching a desired level of contention or maximizing contention on the resource.

RapiDaemons are built on the Barcelona Supercomputing Center's microbenchmark technology (MuBT).

Evidence & qualification


Our CAST-32A compliance package produces evidence to satisfy all of the CAST-32A objectives.

All components of our Multicore Timing Solution are designed for compliance with DO-178C and CAST-32A guidance:

  • Our RVS automation tools are classified as Tool Qualification (TQL) 5 tools as per DO-178C. Qualification support is available for RapiTest and RapiTime, which have been qualified in multiple DAL A aerospace projects.
  • The performance and behavior of our RapiDaemons are validated through extensive testing and we provide evidence of this testing on delivery. Timing tests are performed using RapiTime, a qualifed tool recognised by the FAA as a “an example of a mature tool in this aspect”. As RapiDaemons are not considered to be tools as per DO-178C, they do not need to be qualified.

How we support CAST-32A compliance


Objective

Description

Customer role

RTOS/HW role

Rapita role

MCP_Planning_1

System description

Document in PSAC/PHAC

Early architecture evaluation

Early platform evaluation

MCP_Planning_2

List of MCP shared resources, active HW dynamic features

Document in PSAC/PHAC, how to verify in SVP

RTOS + HW information

HW characterization

MCP_Resource_Usage_1

Configuration settings

Incorporation of recommendations in PSAC, add HLR

Recommendations of mitigation strategies

Analysis and recommendations

MCP_Resource_Usage_2

Mitigations for inadvertently altered CCS

Document in PSAC/PHAC, verify and analyze

N/A

Architecture analysis, review, test

MCP_Resource_Usage_3

List of interference channels and verification methods

Review results, incorporate in PSAC, identify in HLRs, V&V methods in SVP

RTOS + HW information

HW characterization

MCP_Resource_Usage_4

In a worst-case scenario, it has been verified that the software's resource demands do not exceed those available

Review results, incorporate in PSAC, identify in HLRs, V&V methods in SVP

RTOS information

HW characterization

Analysis and methods

Verify and analyze

MCP_Software_1

WCET analysis of all SW components

Support in running tests, review results

RTOS Information

WCET analysis and results; we provide evidence on the execution time behavior of your code that takes multicore interference into account

MCP_Software_2

Data Coupling/Control Coupling analysis by RBT

Customer to define and perform

N/A

Tools & services

MCP_Error_Handling_1

SafetyNet

Customer to define and perform

Customer or RTOS

Review, test

MCP_Accomplishment_Summary

 

Showing compliance

 

Incorporate results in SAS

Support

 

Rapita to support evidence; we provide multicore timing evidence that you can easily include in your SAS, including traceability information and a summary of test plans, implementation and results

 

CAST-32A

Background of the CAST-32A position paper

In response to the increased use of multicore processors, the Certification Authorities Software Team (CAST) published Position Paper CAST-32A named ‘Multicore Processors’ (often referred to as just ‘CAST-32A’). This paper identifies topics that could impact the safety, performance and integrity of airborne software systems executing on multicore processors and provides objectives intended to guide the production of safe multicore avionics systems.

Working with us

  • We recognize that each test project is different, and work with you to meet your needs.
  • We run testing activities on-site, at our headquarters in the UK, and at Rapita Systems, Inc. in Novi, Michigan. We can support projects with UK / US EYES ONLY requirements.
  • We can answer multicore timing questions and produce evidence for you, or implement a method and provide training so you can do so yourself.

Find out more

Get in touch today for more information on our multicore timing services and to discuss your needs.