Multi-core processing platforms, isolation, and partitioning aren’t the first thing most people think of when they’re flying through the air at 30,000 feet, and that’s exactly the way it should be.
When a passenger in business class orders a decaf coffee from the console on the seat in front of him, that demand on the passenger plane’s processing capacity shouldn’t interfere with the navigation system in the cockpit. In traditional system architectures, preventing interference between those two applications would not be guaranteed.
Fortunately, modern airliners aren’t going to be running on a single computer. Some still separate critical applications from non-critical by separating the computing hardware, literally. But multiple hardware architectures require multiple layers of certification, thus making multicore processor systems a more attractive choice for avionics developers.
This is where partitioning comes in.
Phones out of airplane mode are not be the only interference an airliner’s navigational systems need to deal with.Safety-critical processes, like a passenger plane’s navigation system, in this case, fall under the domain of the ARINC 653 specification. That standard defines how multiple, mixed-criticality applications should operate within a real-time operating system (RTOS), all running on the same computer. ARINC 653 compliant software relies on a separation policy to ensure strict isolation and partitioning, keeping computer commands related to coffee orders and those related to aileron adjustments completely independent from each other.
DornerWorks has been working with virtualized embedded systems and secure technologies like ARINC 653 compliant applications for years. Our own open source Xen-based Virtuosity distribution is currently helping product developers in aerospace and defense bring the same application safety and security to their own embedded systems, and at the 37th annual Digital Avionics Systems Conference (DASC), themed “Intelligent Automation and Autonomy for a safe and secure Air Transport System,” DornerWorks Chief Operating Officer, Dr. Steven VanderLeest, proposed a framework to guide avionics developers implementing avionics partitioning.
DornerWorks Chief Operating Officer,
Dr. Steven VanderLeest
Written along with co-author DornerWorks engineers Jesse Millwood and Chris Guikema, “A Framework for Analyzing Shared Resource Interference in a Multicore System” is one of the first published documents to lay out the design steps needed to achieve isolation and partitioning on multicore processor avionics platforms. Multi-Processor System on Chips (MPSoCs) like those based on the Xilinx Zynq UltraScale+ family of processors are being used more and more in Integrated Modular Avionics products, as they provide immense processing capability at reduced cost.
As avionics technology becomes more complex and consolidated, a framework for isolating and securing safety-critical processes becomes more important.“In the past, you’d normally have your systems running on separate hardware,” Millwood says. “Now, with multi-core systems, other isolation techniques are needed to keep those processes separate from each other.”
The paper presented at DASC, “…proposes an approach for analyzing the use of shared resources by partitions in an Integrated Modular Avionics (IMA) system, particularly for those built around a multicore processor, as a conceptual scheme to identify all possible avenues for interpartition interference that might cause non-determinism and then to validate and verify the system isolation mechanisms to bound such interference.”
This framework includes a taxonomy of isolation techniques and a basic outline of how to analyze shared resource interference in a multicore architecture. While the ARINC 653 specification covers isolation in broad strokes, this paper is the first to focus on the design steps to select and implement isolation techniques to the multicore class of hardware and could provide a foundation for more specific standards in the future. According to VanderLeest, “although many aerospace companies are already grappling with the design details for utilizing multicore technology, they have not published their ideas, so DornerWorks is one of the first to start outlining the best practices in this area and to share those ideas with the broader avionics community.”
The 37th annual Digital Avionics Systems Conference (DASC), was themed “Intelligent Automation and Autonomy for a safe and secure Air Transport System,” and focused heavily on the challenges autonomous avionics developers face.As avionics technology advances, multicore hardware architectures are becoming essential for both manned and unmanned aircraft. This new framework will help developers enable greater application safety and cybersecurity along with increases in efficiency.
If you are developing a project that needs to meet rigorous safety-critical avionics standards, the engineers at DornerWorks can guide you to success. They are not only fluent in the requirements to meet those standards, they’re already building the foundation out of which new standards may soon evolve.
