A community for safety certification on multi-core processors
Last week, Tim Skutt of Wind River, participated in one of a series of collaborative workshops on Multi-Core Processor (MCP) Certification at Wright-Patterson Air Force Base hosted by the US Army. Wait, was that a typo? No. The US Army Combat Capability Development Command (CCDC) Aviation and Missile Centre was indeed the host for a workshop at a US Air Force base.
Guest blog written by Tim Skutt, Wind River.
This is part of an effort to address the increasing complexity of safety certification for aircraft systems built on multi-core processors.
Throughout the industry, both civilian and military airworthiness certification/approval stakeholders are wrestling with the challenges of certifying systems based on MCPs. One of the primary issues is shared resources (memories, busses, etc.) within the MCP and the interference that may arise from functions on one core with functions on another core via these shared resources.
These challenges impact a diverse set of stakeholders, including:
- Policymakers such as the military services and civilian agencies
- CPU and SoC designers and manufacturers
- Board and box level OEMs and ODMs
- Software operating system and infrastructure suppliers
- Application developers
- Tool vendors
As a catalyst for driving success in the approval and operation of safe multi-core based systems, the US Army brought multiple representatives from each of these stakeholder groups together for the workshop. Participants shared perspectives, research, plans, and results in an open and cooperative exchange reinforcing the concept that whether we’re partners, regulators, customers, suppliers, or competitors, we need to work together to establish the patterns needed for assuring the safety of systems based on MCPs.
The choice of the workshop to have a US Army hosted event at a US Air Force base is an example of the diversity of participants and of their highly collaborative efforts. There were multiple presentations by the US Army, US Air Force, and US Navy as well as research organisations such as the University of North Carolina and Carnegie Mellon University. A representative from the RTCA (part of the civilian regulatory community) presented and an FAA representative participated in the workshop, having presented at prior workshop events.
There were too many highlights to fully capture them in a short blog, but one that hit close to home was the presentation on multi-core processor testing and verification by Wind River’s David Reiter. Mr. Reiter provided in-depth insight into multi-core processor interference testing methodologies and tools leveraged for our successful DO-178C based certification efforts on an FAA program of record. He described how the complexities of multi-core interference identified in DOT/FAA/TC-16/51, “Assurance of Multicore Processors in Airborne Systems”, is minimised through those methodologies and tools.
Later that same day, Harold Tiedeman, Jr. of Collins Aerospace presented providing insight into the Collins Aerospace experience gained from the MCP-based DO-178C safety certification effort on an FAA program of record. Wind River and Collins Aerospace jointly developed a white paper based on our experience on this programme.
In his presentation, Mr. Tiedeman described the techniques, tools, and processes Collins used in their MCP-based certification effort. This included how multi-core interference concerns were addressed and how FAA CAST-32A MCP objectives were satisfied. His presentation highlighted how the solution embodies a reusable, repeatable approach for certification of MCP systems.
Reusable, repeatable approaches are key to cost effective, affordable systems and the workshop was a great forum for cross-pollinating perspectives and solutions so we can establish successful patterns for approval and operation of safe multi-core based systems. It was refreshing to be part of such a collaborative exchange from a range of diverse participants and we are definitely looking forward to these continued opportunities to work together on how we address the challenges of certifying systems based on multi-core processors.
Courtesy of Wind River.