Abstract

Single-core processor architectures

which are widely-used in safety-critical

avionics applications are now becoming

scarce due to the migration of semi-

conductor manufacturers to multi-core

processor architectures. In this article,

the suitability of commercial-off-the-

shelf (COTS) multi-core processor

architectures for safety-critical avionics

applications will be considered, and

the challenges of undertaking avionics

safety-certification will be discussed.

The Challenge of Multi-

core Processor Selection

Over the last decade, in order to

meet the demands of ever increasing

performance from the commercial

market, and faced with the fundamental

performance limit which could be

achieved on a single-core processor

due to clock speed ceiling, semi-

conductor manufacturers transitioned

to multi-core processor architectures

to achieve performance gains.

The introduction ofmulti-core processor

architectures has provided performance

gains for enterprise general purpose

applications; it has also presented

some unique challenges for their use

in safety-critical avionics systems. This

is because avionics applications have

specific requirements, including (but

not limited to) application isolation

and determinism, and these are

not the primary considerations of

semiconductor manufacturers when

designing multi-core processors for the

commercial market.

The avionics industry, academia and

certification authorities have research

projects into the use of multi-core

processor architectures in avionics

applications. A number of researchers

have found that there is variation

between multi-core processor designs

in terms of their suitability for use in

avionics applications, due to the impact

of architectural design features on

application isolation and determinism

[1]. These relate to factors arising

from shared resources on the device,

which include use of a single memory

controller or shared bus is used by

multiple cores (providing a risk of

resource contention), and similarly use

of separate or shared Level 2 caches

per core.

This uncertainty about the selection

of multi-core processors for avionics

programmes, has been compounded

by the following factors:

i)

Although the avionics safety

certification agencies EASA and FAA

have published the MULCORS research

report and the CAST-32 position paper

respectively, on the use of multi-core

processors in avionics, this does not

constitute formal policy or guidance.

ii)

Single-core processors which

have been used in safety-critical

avionics applications are now nearing

the end of silicon availability or are no

longer available [2].

Towards avionics safety certification on multi-

core processor architectures

Paul Parkinson, Wind River

48 l New-Tech Magazine Europe