Sunday, March 22, 2015

Safety Cert for Multicore processors in unmanned aircraft in the future

Transitioning to DO-178C and ARP4754A for UAV software development
using model-based design - Military Embedded Systems
Multicore processors and unmanned aircraft trending in avionics safety certification circles - Military Embedded Systems

Avionics safety certification – for software and hardware – is increasingly seen as an ongoing evolving process, reflected in the enhancements to standards such as DO-178C [RTCA - Software Considerations in Airborne Systems and Equipment Certification]. This long-term understanding is enabling avionics experts to account for complex situations in certification standards such as the growth of multicore processors, avionics computing, and the role of safety certification in unmanned aircraft systems (UASs).

"Certification is finally being correctly perceived as a life-of-product activity, where lives are measured in decades, not months or years like consumer products," says Vance Hilderman, director of global services for Vector Software (www.vectorcast.com). "Certification is increasingly seen as an ecosystem of systems and operations, instead of application to single system boundaries. This certification ecosystem theme permeates all certification."

The future of unmanned aircraft in national airspace

Managing complexity may be an understatement when it comes to determining the path to safety certification for unmanned aircraft systems (UAS) platforms in the national airspace.
Although there are still no solid ground rules from the FAA pertaining to UASs in the national airspace, the FAA has committed to having a roadmap ready later this year, DDC-I's Gilliland says.
"As a result, we are seeing increasing interest in companies developing UASs moving from an in-house or -based environment to a COTS DO-178 RTOS environment. There is a lot of interest in the ARM SoC [system-on-chip] platforms in this space because they have extreme requirements for minimum SWaP," he continues.  
Without knowing exactly what the FAA will require, it's difficult to anticipate what the next move should be. "We're trying to make sure we've got a path to get to certifiability, but at this point in time we don't exactly know what's going to be required," McGee says. "The thing that people sometimes overlook is that if you're not looking at the system at a top-level design, it's difficult to go in and then piecemeal figure out how you're going to get safety certifiability on each part," he explains. 

Background


  • The overview of software and hardware characteristics is presented in this paper.
  • We reviewed DO-178B and DO-254 in terms of diverse perspectives.
  • We reviewed coordinated approaches for software/hardware certification processes.

To ensure the safety of avionic systems, civil avionic software and hardware regulated by certification authorities must be certified based on applicable standards (e.g., DO-178B and DO-254). The overall safety integrity of an avionic system, comprising software and hardware, should be considered at the system level. Thus, software and hardware components should be planned, developed and certified in a unified, harmonized manner to ensure the integral safety of the entire avionic system. One of the reasons for the high development costs of avionic systems complying with standards may be a lack of sufficient understanding of how to employ these standards efficiently. Therefore, it is important to understand the similarities and differences between DO-178B and DO-254 to effectively manage the processes required by these standards, to minimize cost, and to ultimately ensure the safety of the entire avionic system. Thus, the goal of this paper is to compare various aspects of DO-178B and DO-254 comprehensively. The paper may serve as a useful supplementary material for the practitioner to understand the rationales behind and the differences between two main standards used in avionic industries.

Reference Links

  • Abstract — Modern avionic system development is undergoing a major transition, from federated systems to Integrated Modular Avionics (IMA) where several applications with mixed criticality will reside on the same platform. Moreover, there is a departure from today’s single core computing, and we need to address the problem of how to guarantee determinism (in time and space) for application tasks running on multiple cores and interacting through shared memory. This paper summarizes the main challenges and briefly describes some active directions in research regarding temporal partitioning. It also outlines the forthcoming research that we will pursue for quantifying time bounds on memory access related interference, to ensure determinism and comply with certification requirements.

No comments: