2 min read

Multicore Certification: Not Losing Track of Our Avionics Heritage

Earlier this week, Lynx announced a set of products for a number of target applications. Each of these feature a combination of Lynx technology, guest operating systems from third parties and system integrations. Much of the early coverage has discussed our expansion into certain green- and brown-field industrial applications, and we are certainly excited about the opportunities there.

That said, it is important to note that we aren’t doing this at the expense of giving up on our core market of Avionics. One of the items that I am now able to share a few more details on is Lynx’s engagement around the Multicore Analysis Service and Tools for Embedded Critical Systems (MASTECS) project, which is supported by the Barcelona Supercomputing Center, Marelli, Rapita Systems, and Raytheon Technology Research Center (RTRC).

Multicore processors are needed for the next generation of mission critical embedded, aerospace and automotive applications, yet there are substantial challenges involved in building safe software systems on multicore processors. The EU-funded MASTECS project has recognized the market need for multicore processor timing analysis to support advanced software functions.

Real-time systems based on a single core processor (SCP) are well understood in the industry, which has adopted a real-time system engineering process built on the constant worst case execution time (WCET) assumption, which states that the measured worst case execution time of a software task when executed alone on a single core remains the same when that task is running together with other tasks. While the assumption of a constant WCET is correct for single core chips, it is NOT true for current multicore processor (MCP) chips, due to interference across cores in accessing shared resources.

As it is now, the interference between cores can cause spikes in worst cases execution times as high as 6X compared to the case of a single core. The problem scales roughly with the number of cores and depends on the intricacies in resource sharing implemented in each specific MCP product. This discovery has deeply shaken the well-established foundations of the systems engineering process used on real-time systems, and has consequently exposed critical challenges towards the safety certification for systems based on multicore architecture.

MASTECS diagram b

In many cases, certification has been achieved only when a single core in a multicore system is used. The FAA has promised to allow the use of multiple cores in a multicore processor chip but only if adequate mitigations can be demonstrated to certifiers, based the CAST-32A specifications.

This is the area of focus for the two-year project funded by the Horizon 2020 Initiative. There is a great outline here of the hardware that is being used for this system. You will see this is NOT a simple demo board. This is a Civil Certified Vehicle Management computer which supports three different processor architectures.

Lynx is working closely with the to support the Avionics use case for this platform, providing our LynxSecure separation kernel hypervisor. Like many, we are excited to see the conclusions that come out of this program. Hopefully, I will be able to share interim updates in this forum as the program progresses.

2 min read

Electronica: Big Tradeshows Are Back!

I was lucky enough to be in Germany last week for Electronica, a massive show held every two years. This year, according to the organizers, around...

Read More

1 min read

Lynx and Rust

The Military and Aerospace industries are facing a diverse set of challenges right now. If I were to sum it up, there is a desire for the US to drive...

Read More

2 min read

Cybersecurity in the Connected Aircraft

In early October 2022, I participated in a panel discussion at the Aerospace IT Conference in Chicago. The panel topic was “Cybersecurity in the...

Read More