Multi-core systems: 5 stages of grief

The avionics industry of the past decade has been characterized by rapid technology acceleration, as the vision of the connected cockpit is becoming an everyday reality. Fueled by hardware and software advancements, avionics suppliers can now place up to 10,000 sensors on an airplane wing, not to mention connect the flight to an array of ground control systems and fuel saving applications. A key contributor to making this reality possible was the proliferation of multi-core processors and software solutions.

In order to implement a solution on a multi-core platform, avionics suppliers are confronted with multiple implementation and certification challenges that are not present in single-core or multiple discrete processor systems. Let’s look at some of the issues that must be addressed in order to understand the potential benefits and limitations of multi-core solutions.

1.     Complying with safety and security requirements

Systems supporting new generation avionics applications need to aggregate functional safety measures with robust security capabilities. These systems must not put human lives in danger, and, at the same time, be architected in such a way that the outside world cannot tamper with them. The complexity of multi-level security architectures and multi-core solutions specifications that are required to accommodate multiple applications with different safety requirements usually makes use of multiple software layers.

For a real- time operating system (RTOS), this implementation often takes the form of space and time partitioning using Memory Management Unit (MMU) and hardware virtualization assist, deterministic software, and strict communications. To show separation, applications must run on different partitions. They can be updated and certified separately, without affecting the rest of the system. This diagram illustrates such an example.

Figure 1. Integrated Modular Avionics (IMA) with VxWorks 653 Multi-core Edition

2. Meeting stringent cycle times

As more avionics companies restructure their development processes to support the infusion of new technologies and business models, they often face pressure related to delivering the projects on time. The learning curve associated with new technologies, and the portability efforts, ranging from “simple” systems to complex systems and next-generation virtualized multi-core platforms, can encounter numerous unforeseen obstacles.

Projects often start with a predicted technology readiness level. Adding or modifying the plan in any way may trigger recertification cycles or unforeseen dependencies when it comes to reuse of software, test assets, and system simulation. However, deadlines do not move.

Solving this issue is not just a simple matter of finding and hiring people to fill the skills gap. It is also a matter of finding and collaborating with other industry players like semiconductor vendors, independent software vendors and regulatory agencies.  commercial- off-the-shelf (COTS) solutions play an important role here, helping advance new solutions at a lower risk.

3.     Overall project risk

The increasing density of embedded software in new avionics systems and the complexity of developing and testing hardware and software system dependencies in parallel pose a real challenge to avionics program and engineering managers.

Independent software vendors are always enhancing their solutions, adding capabilities and certifications to their products in an effort to help avionics suppliers with their product cycles and FAA submissions. Nevertheless, an expert workforce is still needed to integrate all these components.

4.     Affordability

Apart from time, budget is always an important factor with a program’s success. Having multiple levels of criticality, and multiple cores for separation while still meeting ARINC 653 standards and DO-178C certification requirements may prove challenging when communication channels to the outside world are always open. Avionics suppliers need to decide what parts of the system are accessible from the outside, what parts can be updated for security reasons, and what parts remain isolated in order to keep certification intact.

Figure 2. Integrated Modular Avionics (IMA) Systems

This is the part where COTS platforms supporting multiple levels of safety and COTS certification evidence come into play as well. Deciding when recertification is needed and the most cost effective path of completing certification work can make a substantial difference on overall project budgets. COTS certification evidence packages increase certification evidence quality and depth that is not affordable using single program budgets, while decreasing overall costs for certification, including any recertification work. Open platforms, with modular software blocks will also be critical to reach the next level of industry maturity: delivering on the promise of the value of software reuse across projects. A good initiative in this regard is the Future Airborne Capability Environment (FACE). The FACE approach is a government-industry software standard and business strategy for acquisition of affordable software systems that promotes innovation and rapid integration of portable capabilities across global defense projects, programs, and platforms.

Figure 3. VxWorks 653 Platform Future Airborne Capability Environment (FACE™) conformance certification for the FACE Operating System Segment (OSS) Safety Base Profile

5. Regulatory Certification Evidence

Overall, there is still uncertainty about the selection of multi-core processors for avionics programs, since no formal policy on multi-core certification has been published.

Avionics suppliers must take into consideration the evolving certification policies and guidance that include both hardware and software aspects of certification. For multi-core systems, the FAA provides strict standards, such as the DO-178C or DO-297, combined with different position papers, like the CAST-32A. CAST-32A lists 12 objectives in the categories of planning, resource usage, software and error handling. Commercial off-the-shelf (COTS) certification evidence is always helpful to support rapid customer certification, reliability, and quality. Join Wind River for “Multi-core Safety Certification Demystified,” a live webinar  on Wednesday, August 23 at 2pm ET where the topic will be further discussed.

Take a peek at what will be discussed, see video here : https://www.youtube.com/watch?v=lqMfJH3DnwQ