Element Separation in Safety Critical and Mixed Criticality Systems

We are faced with increasing complexity and scale of software in safety critical systems.  The trend towards workload consolidation platforms using multi-core processors brings entanglement and interference issues that complicate resource provisioning, predictability, understand-ability, element separation and, ultimately, certify-ability, security and safety. It is not just hard resources such as CPU, memory and devices that need to be managed and considered by the run-time environment but also orthogonal attributes such as determinism, bandwidth, boot-time, certification level, viral license considerations, static vs. adaptable software, dynamic update and other system integration considerations.

The natural implication of this situation is to base such systems on an integration platform that provides for robust partitioning – and to pursue a system architecture that uses the principle of separation of concerns. And to separate software elements that have differing core attributes. It is necessary to separate non-real-time hardware and software from software and hardware that is real-time, for example. And software certified to certain standards need to be separated from software not certified to those standards. When you follow this approach to its conclusion, integration platforms that endeavor to achieve diverse workload consolidation will have many separate elements that require hard partitioning – perhaps even more than the number of cores available in the processors that run them.

One solution to this situation is to partition mixed criticality software integration systems using a certified real-time hypervisor that supports fractional core scheduling in addition to robust space partitioning.  This allows any number of elements to be engineered into the system regardless of their certification level or run-time attribute requirements.  As elements are hardened in such a system, the promise is that they can more easily be moved forward as building blocks into future systems since they are not as entangled with other elements in the system.  This allows more of the significant cost of hardening those elements (and certifying them) to be amortized across a longer time-period.

As the AI winter thaws and we feel more comfortable that our AI systems have seen enough black swans and aren’t just lucky, the companies that have a system integration-friendly hardware and software platform in place that can aggregate and evolve such elements without having to fundamentally re-engineer them each time, will be the companies able to deploy more easily, faster, and more inexpensively.

I invite you to join my upcoming webinar on Thursday, October 4 where I will cover this topic and touch on requirements of good hardware platforms vs. bad ones, discuss software mechanisms that overcome hardware issues, and give examples of well-known products using these techniques. I will also introduce Wind River’s ‘islands’ concept for executing real-time, best-effort, and safety applications in the process of describing element separation. Click here to register.

Author: Maarten Koning