Multicore Timing Analysis for DO-178C

The Need for Multicore Processors in Avionics Systems

Avionics systems, especially those found in modern aircraft, demand increasingly sophisticated functionalities to meet the growing demands of safety, performance, and efficiency. Multicore processors offer a viable solution to address these requirements by providing higher computational power, improved parallelism, and better resource allocation. They enable the execution of multiple software tasks simultaneously, allowing avionics systems to perform numerous critical functions in parallel.

Challenges in Multicore Timing Analysis for DO-178C

While multicore processors bring numerous advantages, they also introduce complexities in terms of timing analysis, particularly in safety-critical systems governed by the DO-178C standard. Key challenges in multicore timing analysis include:

Interference and Shared Resources

Multicore processors typically share various hardware resources, such as memory, buses, and peripherals. The contention of these shared resources can lead to interference and potential delays in task execution, affecting the timing behavior of critical software functions.

Determinism and Preemption

The introduction of multiple cores introduces the possibility of task preemption and non-deterministic behavior, making it challenging to predict and analyze worst-case execution times (WCETs) accurately. The timing analysis must consider the potential effects of preemption and the scheduling policies employed by the operating system.

Task Assignment and Partitioning

Determining an optimal assignment and partitioning of software tasks to different cores is crucial to achieving efficient and predictable timing behavior. Improper task assignment can lead to resource contentions and suboptimal utilization, compromising the system’s timing guarantees.

Multicore Timing Analysis Techniques

To overcome the challenges posed by multicore processors, various techniques and methodologies have been developed for timing analysis in DO-178C-compliant systems:

Worst-Case Execution Time (WCET) Analysis

WCET analysis is a fundamental technique used to determine the maximum time required for a task or function to complete its execution. For multicore systems, WCET analysis needs to consider both intra-core and inter-core interference, considering shared resources and potential preemption.

Partitioning and Scheduling Analysis

Partitioning and scheduling analysis involves determining an optimal assignment of software tasks to different cores and establishing a suitable scheduling policy. Techniques such as static and dynamic partitioning, as well as various scheduling algorithms (e.g., fixed priority, earliest deadline first), can be employed to allocate tasks to cores and ensure timing requirements are met.

Interference Analysis

Interference analysis aims to quantify and predict the interference between tasks running on different cores. This analysis considers shared resources, cache effects, and inter-core communication mechanisms. It helps identify potential bottlenecks and contention points, allowing for appropriate mitigation strategies.

Verification and Validation

Validation and verification techniques, including simulation, model checking, and formal methods, play a crucial role in assessing the timing behavior of multicore systems. These techniques help identify potential timing violations, validate the correctness of timing analysis, and ensure compliance with DO-178C objectives.

Considerations for Certification

Certifying multicore-based avionics systems under DO-178C requires adherence to specific guidelines and considerations:

Objectives and Criteria

Understanding and following the objectives and criteria defined in DO-178C for multicore systems is paramount. Compliance with guidelines related to interference analysis, task assignment, and partitioning is crucial for successful certification.

Evidence Collection

Collecting evidence of timing analysis is essential for certification. Documentation should include detailed timing analysis reports, WCET analysis results, partitioning and scheduling evidence, and any other artifacts necessary to demonstrate compliance.

Tool Qualification

The qualification of timing analysis tools used for multicore systems is critical. The tools employed for WCET analysis, interference analysis, and scheduling should undergo rigorous verification and validation to ensure their suitability for safety-critical applications.

Safety Assessment

Performing a comprehensive safety assessment, including fault tree analysis and failure mode and effects analysis, is essential to identify potential hazards and assess the impact of multicore timing on system safety. The safety assessment should consider both normal and abnormal operating conditions.