An Irreversible Transition towards Multicore Platform in Safety- Critical Domain for the Aviation Industries (original) (raw)
Related papers
2017 IEEE Real-Time Systems Symposium (RTSS), 2017
In this paper we outline Design Space Exploration methodology aimed at homogeneous multi-core architectures, where the safety-criticality is the crux of a system design. Multi-core architectures provide better computational abilities, but at the same time complicate the computation of timing bounds. Determining suitable architectures that achieve timing requirements is an important aspect for a system designer. The proposed work conceptualizes ways to automate and explore different design facets of a multi-core processor. The intention is to ensure that the particular application meets its deadlines, while optimizing other objectives such as minimizing hardware costs, energy consumption and floor area. The automated exploration builds upon Mulitcore Response Time Analysis for timing verification and multicube for heuristic search methods. The aim is to generate an architecture design in the end that can be used directly to build a custom application specific processor.
2012
The European ARTEMIS ACROSS project aims to overcome the limitations of existing Multi-Processor Systemson-a-Chip (MPSoC) architectures with respect to safety-critical applications. MPSoCs have a tremendous potential in the domain of embedded systems considering their enormous computational capacity and energy efficiency. However, the currently existing MPSoC architectures have significant limitations with respect to safety-critical applications. These limitations include difficulties in the certification process due to the high complexity of MPSoCs, the lacking temporal determinism and problems related to error propagation between subsystems. These limitations become even more severe, when subsystems of different criticality levels have to be integrated on the same computational platform. Examples of such mixed-criticality integration are found in the avionics and automotive industry with their desire to integrate safety-critical, mission critical and non-critical subsystems on the same platform in order to minimize size, weight, power and cost. The main objective of ACROSS is to develop a new generation of multicore processors designed specially for safety-critical embedded systems; the ACROSS MPSoC. In this paper we will show how the ACROSS MPSoC overcomes the limitations of existing MPSoC architectures in order to make the multi-core technology available to the safety-critical domain.
2017
This paper presents the practical implementation of a multi-core mixed-criticality scheduling algorithm. The goal of this work is to show the practical platform utilisation gain by allowing the concurrent execution of applications having different levels of criticality. We implemented the port of an existing industrial application provided by Thales Research & Technology on an embedded real-time operating system featuring task execution budget control, multi-core scheduling and multiple execution mode changes. We evaluated our solution by measuring the time that remains available for a low-criticality application running concurrently with the high-criticality use case mentioned above.
The continues improvement of aircraft's as well as the steady optimization of the overall air traffic during the last decade increased the demand for processing power in the aircraft and on ground, simultaneously. Typical improvements include (1) the Fly-by-wire systems, where hydraulic systems are partly replaced by electrical components and electronic platforms with software performing the avionic functions, (2) tighter aircraft sep-aration during take-off & landing, (3) on-board maintenance to prevent unscheduled repair and (4) provisions to reduce the environmental impact (noise, fuel usage). Multi-Core platforms could offer the perfect balance of processing power and form factor to match with the limited resources of the avionic compartment. But to-day's powerful components off-the-shelf multi-core platforms are principally not usable for the safety critical systems of the avionic domain, because these components are optimized for average case performance and not for pr...
Studying co-running avionic real-time applications on multi-core COTS architectures
For the last decades, industries from the safetycritical domain have been using Commercial Off-The-Shelf (COTS) architectures despite their inherent runtime variability. To guarantee hard real-time constraints in such systems, designers massively relied on resource over-provisioning and disabling the features responsible for runtime variability.
2015
The use of multicore processors in general-purpose real-time embedded systems has experienced a huge increase in the recent years. Unfortunately, critical applications are not benefiting from this type of processors as one could expect. The major obstacle is that we may not predict and provide any guarantee on real-time properties of software running on such platforms. The shared memory bus is among the most critical resources, which severely degrades the timing predictability of multicore software due to the access contention between cores. To counteract this problem, we present in this paper a new approach that supports mixed-criticality workload execution in a multicore processor-based embedded system. It allows any number of cores to run less-critical tasks concurrently with the critical core, which is running the critical task. The approach is based on the use of a dedicated Deadline Enforcement Checker (DEC) implemented in hardware, which allows the execution of any number of ...
Design Automation for Embedded Systems
Mixed-criticality systems are promoted in industry due to their potential to reduce size, weight, power, and cost. Nonetheless, deploying mixed-criticality applications on commercial multi-core platforms remains a highly challenging problem. To name a few reasons: (i) Industrial mixed-criticality applications are usually complex reactive applications, which cannot be specified by traditional, e.g., dataflow-based, models of computation. Appropriate mixed-criticality models of computation built upon Vestal's assumptions are missing; (ii) Scheduling such applications on multicores with shared resources, such as memory buses, requires that any timing interference among applications of different criticality is bounded in order to guarantee-the necessary for certification-temporal isolation and to enable incremental design; (iii) The implementation of isolation-preserving mixed-criticality schedulers is itself subject to certification. Hence, it needs to be not only efficient, but also provably correct. This paper proposes, for the first time, a complete design flow covering all aspects from specification, using a novel mixed-criticality aware model of computation (DOL-Critical), to correct-by-construction implementation, using the principle 'what you verify is what you generate' which is based on a novel variant of task automata (BIP). We demonstrate the applicability of our design flow with an industrial avionic test case on the state-of-the-art Kalray MPPA R-256. Keywords real-time systems • mixed-criticality systems • multi-core scheduling • rigorous design • software synthesis • avionics
EN-50128 certification-oriented design of a safety-critical hard real-time kernel
ISSREW, 2019
The growing complexity and the need for high safety standards in railways infrastructures are pushing the infrastructure operators toward the adoption of newer solutions able to exploit modern platforms and state-of-the-art software solutions while guaranteeing safety and timing constraints, and maintaining the compliance with the standards. This paper presents the design guidelines of a novel real-time kernel whose development is based on the Italian use case, highlighting its focus on adherence to the standards.