
Green Hills Software has achieved certification of conformance of its INTEGRITY-178 Time-Variant Unified Multi Processing (tuMP) real-time operating system (RTOS) to the Future Airborne Capability Environment (FACE) Technical Standard edition 3.0. The certification covers both the Safety Base profile and the Security profile. Reportedly, the INTEGRITY-178 tuMP RTOS is the first software component of any type to be certified conformant to edition 3.0.
Said to be a major improvement over the prior version 2.1.1, Version 3.0 of the FACE Technical Standard addresses the use of multicore processors in safety-critical applications. The technical standard now requires any Operating System Segment (OSS) that claims support for multicore partitions to meet ARINC-653 Part 1 Supplement 4, including the requirement for multicore operation as defined in Section 2: “Multiple processes within a partition scheduled to execute concurrently on different processor cores.” In ARINC-653, each application is called a partition and has its own memory space.
Asymmetric Multi-Processing (AMP) is not enough to meet the requirements of Supplement 4. The company claims its INTEGRITY-178 tuMP is the only certified FACE-compliant operating system to meet the requirements of ARINC-653 Supplement 4, and it does so with the availability of Bound Multi-Processing (BMP) in addition to AMP and Symmetric Multi-Processing (SMP). BMP is an enhanced and restricted form of SMP that can statically bind an application’s ARINC-653 processes (i.e., tasks) to a specific set of cores, allowing the system architect to more tightly control the concurrent operation of multiple cores. INTEGRITY-178 tuMP allows the system developers to bind ARINC-653 processes within an application to a core using an API or using the system configuration file. In addition, INTEGRITY-178 tuMP meets the ARINC-653 Part 2 Supplement 3 requirements for SMP operation.
INTEGRITY-178 tuMP supports all combinations of AMP, SMP, and BMP in a time-partitioned manner (i.e., Time-Variant Unified Multi-Processing) on a multicore processor. Meeting worst-case execution times (WCET) while multiple cores are executing concurrently can be very challenging no matter the choice of AMP, SMP, or BMP. Contention from multiple cores trying to access a given shared resource, such as memory or I/O, can create interference between cores. Certification authorities have emphasized their concerns about such interference by including objectives for interference identification, mitigation, and verification in the CAST-32A position paper.
INTEGRITY-178 tuMP includes both a fully capable multicore scheduler and support for bandwidth allocation and management of shared processor resource access. The supported bandwidth management technique emulates a high-rate hardware-based approach to ensure continuous allocation enforcement. These capabilities greatly lower integration and certification risk, while also enabling the integrator to manage significant software retest costs that would occur when a software application changes or is added. Get more details and insights, peruse the Integrity-178 page.