New-Tech Europe | December 2016 | Didital Edition

Towards avionics safety certification on multi- core processor architectures

Paul Parkinson, Wind River

to achieve performance gains. The introduction ofmulti-core processor architectures has provided performance gains for enterprise general purpose applications; it has also presented some unique challenges for their use in safety-critical avionics systems. This is because avionics applications have specific requirements, including (but not limited to) application isolation and determinism, and these are not the primary considerations of semiconductor manufacturers when designing multi-core processors for the commercial market. The avionics industry, academia and certification authorities have research projects into the use of multi-core processor architectures in avionics applications. A number of researchers have found that there is variation between multi-core processor designs in terms of their suitability for use in avionics applications, due to the impact of architectural design features on

Abstract Single-core processor architectures which are widely-used in safety-critical avionics applications are now becoming scarce due to the migration of semi- conductor manufacturers to multi-core processor architectures. In this article, the suitability of commercial-off-the- shelf (COTS) multi-core processor architectures for safety-critical avionics applications will be considered, and the challenges of undertaking avionics safety-certification will be discussed. The Challenge of Multi- core Processor Selection Over the last decade, in order to meet the demands of ever increasing performance from the commercial market, and faced with the fundamental performance limit which could be achieved on a single-core processor due to clock speed ceiling, semi- conductor manufacturers transitioned to multi-core processor architectures

application isolation and determinism [1]. These relate to factors arising from shared resources on the device, which include use of a single memory controller or shared bus is used by multiple cores (providing a risk of resource contention), and similarly use of separate or shared Level 2 caches per core. This uncertainty about the selection of multi-core processors for avionics programmes, has been compounded by the following factors: i) Although the avionics safety certification agencies EASA and FAA have published the MULCORS research report and the CAST-32 position paper respectively, on the use of multi-core processors in avionics, this does not constitute formal policy or guidance. ii) Single-core processors which have been used in safety-critical avionics applications are now nearing the end of silicon availability or are no longer available [2].

48 l New-Tech Magazine Europe