Federal Aviation Administration FAA Status on Multi- Core Processors

Similar documents
Certification Authorities Software Team (CAST) Position Paper CAST-9

The evolving ARINC 653 standard and it s application to IMA

Parameters for Efficient Software Certification

Design & Manufacture Seminar SOFTWARE SECURITY & DESIGN ASSURANCE JAYSON ROWE SENIOR ENGINEER AVIONICS

Qualtech Consulting Inc.

ISOLATING UNTRUSTED SOFTWARE ON SECURE SYSTEMS HYPERVISOR CASE STUDY

Advisory Circular. U.S. Department of Transportation Federal Aviation Administration

AC REUSABLE SOFTWARE COMPONENTS

WORKSHOP RC EVI Integração de Sistemas Junho de 2011 Eng. Nelson José Wilmers Júnior

ARINC 653. An Avionics Standard for Safe, Partitioned Systems

Date: 9/30/15 AC No: Initiated by: AFS-300 Change: 0

Certification Authorities Software Team (CAST) Position Paper CAST-3

Certification Authorities Software Team (CAST) Position Paper CAST-13

SAFE SOFTWARE FOR SPACE APPLICATIONS: BUILDING ON THE DO-178 EXPERIENCE. Cheryl A. Dorsey Digital Flight / Solutions cadorsey@df-solutions.

Product & Supply Chain Improvement Supply Chain Management Handbook

PikeOS: Multi-Core RTOS for IMA. Dr. Sergey Tverdyshev SYSGO AG , Moscow

Subject Software Aspects of Certification

WIND RIVER RTCA DO-178 SOFTWARE CERTIFICATION SERVICES

You count on availability. We provide reliable solutions.

Critical Systems and Software Solutions

Flight-Critical Data Integrity Assurance for Ground-Based COTS Components

Boeing B Introduction Background. Michael J. Morgan

ENEA: THE PROVEN LEADER IN SAFETY CRITICAL AVIONICS SYSTEMS

Methods, techniques, and practices contained in manufacturer s Instructions for Continued Airworthiness (ICA),

Reaping the benefits of Reusable Software Components

MULCORS-UseofMULticore procesorsinairbornesystems

Meeting DO-178B Software Verification Guidelines with Coverity Integrity Center

How To Understand The Requirements Of The Software Safety Handbook

A Data Centric Approach for Modular Assurance. Workshop on Real-time, Embedded and Enterprise-Scale Time-Critical Systems 23 March 2011

The Comprehensive and Fully Compliant Certification Solution. Certification Services

Composite Program in Taiwan Aviation Industry and Areas of Interest(s)

Memorandum Date: February 5, 2014

Understanding Compliance with Automatic Dependent Surveillance Broadcast (ADS-B) Out

Certification Authorities Software Team (CAST) Position Paper CAST-10

CERTIFICATION MEMORANDUM

EXPORT AIRWORTHINESS APPROVALS

Modular Safety Cases

The UK National Aeronautics Technology Strategy

Civil Aviation and CyberSecurity Dr. Daniel P. Johnson Honeywell Aerospace Advanced Technology

Get Instant Access to ebook Ata Codes Faa PDF at Our Huge Library ATA CODES FAA PDF. ==> Download: ATA CODES FAA PDF

Reliable. Innovative. Accessible. Your life cycle support partner.

Interactive Guidance for Safety Critical Avionics

Part-145: Approved Maintenance Organisations (Annex II (EC) 2042/2003)

Safety Analysis and Certification of Open Distributed Systems. P. M. Conmy; Department of Computer Science, University of York, York, YO10 5DD U.K.

SCADE SUITE SOFTWARE VERIFICATION PLAN FOR DO-178B LEVEL A & B

Philotech Your Engineering and Consulting Company Company Overview

Memory Access Control in Multiprocessor for Real-time Systems with Mixed Criticality

The future of range instrumentation.

ADVISORY CIRCULAR ON SAFETY RISK ASSESSMENT AND MITIGATION

2. CANCELLATION. This AC cancels AC B, Use of Portable Electronic Devices Aboard Aircraft, dated August 25, 2006.

Software Review Job Aid - Supplement #1

[Special Report] AVIONICSmagazine. Real-Time Operating Systems Versatility Plus Security

Advisory Circular. U.S. Department of Transportation Federal Aviation Administration. AC No: Change: Date: 06/22/2011 Initiated by: AFS-460

MODEL REGULATION SAFETY MANAGEMENT SYSTEM REGULATION. International Civil Aviation Organisation

EUROCONTROL AT THE WORLD ATM CONGRESS

What is Requirements Management?

The Systems Security Engineering Capability Maturity Model (SSE-CMM)

AeroMACS Briefing / Update

S1000D Implementation In Civil Aviation

Mixed-Criticality: Integration of Different Models of Computation. University of Siegen, Roman Obermaisser

TRAINING CATALOGUE. All courses can be animated in French or English. APSYS french training agreement : N TRAINING CATALOGUE

SERVICE INFORMATION No. SI

Technical Data Sheet SCADE R17 Solutions for ARINC 661 Compliant Systems Design Environment for Aircraft Manufacturers, CDS and UA Suppliers

Notes and terms of conditions. Vendor shall note the following terms and conditions/ information before they submit their quote.

[Docket No. FAA ; Directorate Identifier 2015-NE-02-AD; Amendment ; AD ]

FedEx HUD/EFVS Update Aviation New Technology Workshop June 7th, 2012, Beijing, China

Terms of Reference for a rulemaking task. Miscellaneous in Part-66

Safety Management 1st edition

Safety Management Systems (SMS) guidance for organisations

[Docket No. FAA ; Directorate Identifier 2014-NM-067-AD; Amendment ; AD ]

AEROSPACE ENGINEERING SERIES, GS-0861

Preface. This handbook supersedes Advisory Circular (AC) 91-23A, Pilot s Weight and Balance Handbook, revised in iii

Aircraft Design Original Equipment Manufacturer/Design Approval Holder Continuous Monitoring of Service History Best Practices Task Force

DISMANTLING OF AIRCRAFT WITHDRAWN FROM SERVICE

ARINC IA Project Initiation/Modification (APIM)

[Docket No. FAA ; Directorate Identifier 2010-NM-146-AD; Amendment ; AD ]

AC No. : AC/AW/006R02 Date : 15 Nov 13

With all of the new hype the

Avionics Instruments Accessories Calibrations

FAA AIRCRAFT SYSTEMS INFORMATION SECURITY PROTECTION OVERVIEW. Abstract

Repair Station Training Suspected Unapproved Parts

TRAINING PROGRAM APPROVAL PROCESS FOR APPROVED MAINTENANCE ORGANISATIONS (AMOs)

Sikorsky Contractor Logistics Support Pioneering solutions for UH-72A Lakota life cycle management

Date: 07/20/07 Initiated by: AFS-800

Applying Multi-core and Virtualization to Industrial and Safety-Related Applications

[Docket No. FAA ; Directorate Identifier 2010-NM-117-AD; Amendment ; AD ]

Andrew J. Kornecki Embry Riddle Aeronautical University Daytona Beach, FL

The new software standard for the avionic industry: goals, changes and challenges

Integrating System Safety and Software Assurance

Mechanic Questions and Answers

[Docket No. FAA ; Directorate Identifier 2013-SW-042-AD; Amendment ; AD ]

Airbus Group. Marwan Lahoud Airbus Group, CSMO. London 10 December 2014

Related Rules This Advisory Circular relates specifically to Civil Aviation Rule Parts 43 and 91.

Socio technical Systems. Ian Sommerville 2006 Software Engineering, 8th edition. Chapter 2 Slide 1

Improving Embedded Software Test Effectiveness in Automotive Applications

Note are at issue. 2 Standard parts, raw material and consumables

[Docket No. FAA ; Directorate Identifier 2014-NM-194-AD; Amendment ; AD ]

The Software Process. The Unified Process (Cont.) The Unified Process (Cont.)

The Impact of RTCA DO-178C on Software Development

Transcription:

FAA Status on Multi- Core Processors April 2014 John Strasburger

Outline FAA Certification Process How is the Civil Aviation Community Addressing MCPs? Challenges CAST 32 Processor Evolution Summary Questions 2

FAA Certification Process 3

FAA Cert Process FAA has airworthiness standards which are codified in Title 14 of the Code Of Federal Regulations Part 23 normal, utility, acrobatic, commuter category airplanes Part 25 transport category airplanes Part 27 normal category rotorcraft Part 29 transport category rotorcraft These rules establish the minimum requirements Note: there are also airworthiness standards for aircraft engines, baloons and propellers 4

FAA Cert Process (cont) No specific Part 23, 25, 27, or 29 rules for software or multi-core processors FAA has rules of general applicability that may be applied Note: Part 33.28 (g) does have a standard for engine control software 5

FAA Cert Process (cont) 25.1301 Function and installation. (a)each item of installed equipment must-- (1) Be of a kind and design appropriate to its intended function; (2) Be labeled as to its identification, function, or operating limitations, or any applicable combination of these factors; (3) Be installed according to limitations specified for that equipment; and (4) Function properly when installed. 6

FAA Cert Process (cont) 25.1309 Equipment, systems, and installations. (a) The equipment, systems, and installations whose functioning is required by this subchapter, must be designed to ensure that they perform their intended functions under any foreseeable operating condition. (b) The airplane systems and associated components, considered separately and in relation to other systems, must be designed so that-- (1) The occurrence of any failure condition which would prevent the continued safe flight and landing of the airplane is extremely improbable, and 7

FAA Cert Process (cont) An applicant for a Type Certification or Supplemental Type Certification Must show compliance to the applicable rules such as 1301 and 1309 Proposes a means of compliance Advisory Circulars (AC) can provide one acceptable means of compliance AC 20-115C identifies DO-178C as an acceptable means of compliance for the software aspects of airborne systems and equipment certification FAA finds compliance to the rules 8

FAA Cert Process Issue Papers Provide a vehicle to document the negotiation and resolution of certification issues that may require special emphasis for resolution Become project specific and proprietary When we invoke an identical issue paper for numerous projects, this indicates mature policy suitable for written guidance (e.g. Advisor Circular) We are not yet there for MCPs 9

How is the Aviation Community Addressing MCPs? 10

How is the Aviation Community Addressing MCPs? MCP Issue Paper Has been harmonized with the European Aviation Safety Agency (EASA) Certification Review Item (CRI) Harmonized technical content can be found in Certification Authority Software Team CAST 32 which has 24 objectives http://www.faa.gov/aircraft/air_cert/design_approvals/air_softw are/cast/cast_papers/media/cast-32.pdf AeroSpace and Defence and EASA working group is revising the CRI objectives Expect < 24 objectives 11

How is the Aviation Community Addressing MCPs? MCFA Multi-Core For Avionics (MCFA) Industry working groups established to address the challenges of multi-core certification Provides a consistent set of data to support certification projects Provided considerable feedback on the MCP CRI Civil aviation industry has already expended considerable resources on MCPs Have proprietary solutions 12

How is the Aviation Community Addressing MCPs? 1 st Workshop January 2013 at EASA to discuss the CRI with MCFA Airbus Commercial, Airbus Military, BAE, BARCO, Boeing, Cassidian, CMC, Dassault Aviation, EADS, Elbit, Eurocopter, Freescale, GE, Rockwell-Collins, SAAB, Thales, UTC Aerospace EASA presented the MCP features that caused concern industry agreed with these concerns. Industry feedback EASA/FAA has a good understanding of the subject material. Suggested we introduce objectives and reorganization of topics. Issue paper and CRI were revised to incorporate industry suggestions 13

How is the Aviation Community Addressing MCPs? 2 nd Workshop Cologne 8-10 July 2014 Goal of the workshop: Sharing of technical knowledge on MCP technology Sharing of experience on usage of MCP Discussion on concerns Sharing of research studies Industry attendees Airbus Aircraft, BAE System, Barco, Boeing, Airbus Defence and Space, CMC Electronics, Dassault Aviation, EADS, ELBIT, Airbus Helicopter, Freescale, GE Aviation, Rockwell Collins, SAAB, Sagem, Thales Avionics, UTC Aerospace Systems, Honeywell, Green Hills, Wind River, Sysgo, DDC-I, Verocel Certification Authority attendees FAA, EASA 14

How is the Aviation Community Addressing MCPs? 2 nd Workshop Many educational presentations and excellent discussions Keep your configuration simple and work with the MCP manufacturers to minimize the likelihood of interference Need to characterize the performance of your configuration in the lab Memory/cache management is key Applicants should clearly define the roles Platform, OS, application providers and integrators MCP maturity may be tied to the feature set in the applicants usage domain If you are using a unique feature set, then your implementation may be less mature Disabling cores may not be simple as we thought Interference gets worse as the number of cores increase 15

How is the Aviation Community Addressing MCPs? FAA Conference FAA National System, Software, and Airborne Electronic Hardware Conference Sept 2014 ½ Day of Airborne Electronic Hardware Track dedicated to the MCPs Multi-core Processors: Why, What and How - John Strasburger, FAA Multi-Core Processors Preventing Certification from Knocking Down Your Door - Patrick Huyck, Green Hills Software Time Partitioning Challenges in Multi-core Avionics Platforms - Larry Miller, Honeywell 16

How is the Aviation Community Addressing MCPs? Research FAA Handbook for the Selection and Evaluation of Microprocessors for Airborne Systems http://www.faa.gov/aircraft/air_cert/design_approvals/air_software/research/ AFE 75 COTS Assurance Identification of Issues with Multi-Core Processors just starting EASA MULCORS - Use of Multicore Processors in airborne systems http://www.easa.europa.eu/system/files/dfu/ccc_12_006898-rev07%20- %20MULCORS%20Final%20Report.pdf 17

Challenges 18

Challenges Need MCP Guidance Don t Need MCP Guidance DO-178B & DO-254 cover MCPs 19

Challenges (cont) CAST 32 has limited applicability Does not address IMAs No more than two active cores Most industry feels that the CAST 32 objectives adequately cover more than 2 active cores Small company versus large company Small may need more help Incremental verification Is DO-178B/C and DO-254 sufficient Evaluating a proposed approach of measuring WCET 20

Certification Authority Software Team (CAST) 32 21

CAST 32 Content Definitions Current scope Up to Two Active Cores Single systems When does it apply Levels A, B, and C applications Smaller subset of objectives for DAL C applications. If only one core active just two objectives Depending on the project specific objectives may not apply Exempted configurations When two identical cores run in lock step Processors linked by conventional data buses, and not by shared memory, shared cache, a coherency fabric / module / interconnect 22

CAST 32 (cont) Topics Configuration Settings Analyze, determine and document the configuration for required, unused and dynamic features Processor Errata Assess the errata Process in place to continue to obtain errata Software Hypervisors and MCP Hardware Hypervisor Features Comply with DO-178B/DO-178C MCP Interference Channels Identify all interference channels and verify means of mitigation for each of those channels Shared Memory and Cache Prevent disruptions to deterministic software execution Analysis and tests to determine worse case effects of share memory and cache 23

CAST 32 (cont) Topics Planning and Verification of Resource Usage Allocate, manage and measure resource and interconnect usage Verify resource and interconnect demands do not exceed the capacity. Software Planning and Development Processes Identify the software architecture Describe the development and verification planned to demonstrate it executes deterministically Software Verification Target MCP environment or justify something else Software complies with DO-178B or DO-178C Verified that the data and control coupling between all software components hosted via shared memory 24

CAST 32 (cont) Topics Discovery of Additional Features or Problems Error Detection and Handling and Safety Nets 25

CAST 32 (cont) Each topic/issue includes Rationale describing the issue One or more objectives Suggested activities in an appendix Table that shows which of the 24 objectives apply by development assurance level 26

Evolution of Processor/Peripheral Integration Slide Source 27

Summary Civil aviation suppliers and certification authorities have expended considerable resources on MCPs We are all still learning Today s IEEE workshop is a great venue to share information FAA and EASA guidance is still evolving MCPs is the next step in processor evolution Special thanks to Lui and Heechul 28

Questions 29

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information