DO-178C ve Multicore Sistemler

Giriş

Açıklaması şöyle. Yani Multicore sistemler için DO-178C ve DO-297 yetersiz kalıyor. Bu açığı kapatmak için CAST-32A, AMC 20-193 ve EASA Certification Review Item – Multi-core Processor (CRI MCP) yayınlanmış

Multicore processors are increasingly used within avionics systems, and this trend is likely to continue.

These processors offer increased performance compared to single core processors and allow more functionality to be included within hardware.

They can also contain other embedded functions such as memory management and embedded security, reducing the chip count for a system.

Furthermore, as single-core processors are used in so few other industries, their future supply is a serious concern for avionics suppliers.

Whilst MCPs offer a great deal of advantages, their behavior is harder to verify due to the presence of interference channels.

Interference channels can be caused by a variety of factors, including contention over shared hardware resources.

This interference can have a significant effect on timing behavior, raising critical safety concerns.

Consequently, conventional DO-178C and DO-297 guidance (designed for single-core systems) is insufficient to verify the behavior of MCPs, hence the need for additional guidance such as CAST-32A and AMC 20-193.

AMC Ne Demek

Açıklaması şöyle. Yani rehber belgelerin başına verilen kısaltma

Acceptable Means of Compliance documents (AMCs) and the FAA's equivalent, Advisory Circulars, provide guidance for compliance with airworthiness regulations without creating or changing existing regulatory requirements.

AMC 20-193

Açıklaması şöyle. AMC 20-193 EASA tarafından multicore sistemler için yayınlanan belge.

AMC 20-193, EASA’s official guidance document for certification of multicore software & hardware, was released 21st Jan 2022.

It is expected that the FAA will release its AC 20-193 guidance soon, which is expected to be almost identical.

AMC 20-193 vs CAST-32A

Açıklaması şöyle. CAST-32A artık eski ve yerine AMC 20-193 kullanılmalı

8 areas the ‘new’ multicore verification guidance could impact you.

AMC 20-193, EASA’s official guidance document for certification of multicore software & hardware, was released 21st Jan 2022.

It is expected that the FAA will release its AC 20-193 guidance soon, which is expected to be almost identical.

When certifying under EASA, AMC 20-193 has now superseded CAST-32A.

Here are the differences we found:

1.   Dynamic allocation of software execution – CAST-32A discouraged the use of dynamic allocation mechanisms for software execution (such as task migration) in ED-12C/DO-178C projects. AMC 20-193 states that “justification for using dynamic allocation features within the scope of this AMC may rely on robust & proven limitations that lead to deterministic behavior”. Activities relating to the appropriate use & verification of dynamic allocation of software execution remains outside the scope of the AMC.

2.   Simultaneous multithreading – guidance was given for certification of systems using simultaneous multithreading in CAST-32A. AMC 20-193 specifically states that this is not a multicore issue & offers no guidance. You’ll almost certainly still need to take any simultaneous multithreading into account in your ED-12C/DO-178C developments, but this isn’t covered by AMC 20-193.

3.   Exemptions – CAST-32A specified some exemptions as to situations in which a multicore ED-12C/DO-178C would not need to meet CAST-32A objectives. AMC 20-193 adds a new exemption for systems where cores are acting as co-processors under the control of another core, such as GPUs whose execution is under the control of a CPU.

4.   Integrated Modular Avionics (IMA) – AMC 20-193 includes a definition of IMA, which states that in the context of the AMC, an IMA platform meets the robust resource & time partitioning criteria listed in the AMC.

5.   Other definitions & clarifications – AMC 20-193 clarifies a number of other things mentioned in CAST-32A, e.g. clarifying that a multicore platform includes platform software such as an RTOS or hypervisor & providing extra definitions for what constitutes a software or hardware component.

6.   Mitigation of changes to critical configuration settings – CAST-32A’s MCP_Resource_Usage_2 objective provided guidance on the need to mitigate against inadvertent changes to critical platform configuration settings for ED-12C/DO-178C certification of multicore systems. AMC 20-193 doesn't include such guidance, stating that this objective is already provided in AMC 20-152A (Objective COTS-8).

7.   AMC 20-193 discourages the use of simulators in its MCP_Software_1 objective.

8.   Data Coupling Control Coupling – AMC 20-193 clarifies that tasks on one component may execute on other cores, so tasks on the same component may interfere with each other.