Multi-core Processors (MCPs) can execute several software applications at the same time by hosting them on different cores, therefore several software applications and/or hardware functions may attempt to access the same shared resources of the MCP (such as memory, cache, ‘coherency fabric/module interconnect’, or external interfaces) at the same time, causing contention for those resources.
Most MCPs have internal features to handle and arbitrate the concurrent demands for MCP resources, which may cause delays in access to the resources. These delays are a form of time interference between the software applications or tasks, which can cause the software applications to take much longer to execute than when executing on their own.
The execution of software applications may be different on MCPs than it is on single-core processors (due to parallelism and other MCP mechanisms, or software components such as operating systems or hypervisors). This may result in new or different data or control coupling paths, and functional interference between the software applications or tasks. Interference between the software applications or tasks executing on an MCP could cause safety-critical software applications to behave in a non-deterministic or unsafe manner or could prevent them from having sufficient time to complete the execution of their safety-critical functionality.
The use of multicore systems brings extra complexity to software behavior, and as a result to the certification and verification activities that must be performed to provide sufficient design assurance. As multicore systems were not used in avionics when DO-178C was released, DO-178C itself includes no guidance on certification concerns for multicore systems. This was addressed by the CAST team in CAST-32A, which is due to be superseded by AMC/AC 20-193.
Multi-core (MCP) Means of Compliance in Avionics:
Application of AMC 20-193 or AC 20-193 in Avionics:
To ensure compliance of MCPs in Avionics, EASA® and the FAA™ have been developed guidelines for development and most importantly verification of multi-core systems in DO-178C projects. The current guideline by EASA is Acceptable Means of Compliance (AMC 20-193), and upcoming/equivalent by FAA Advisory Circulars (AC 20-193). These equivalent documents provide guidance for compliance with airworthiness regulations without creating or changing existing regulatory requirements. The AMC 20-193 and AC 20-193 is a product of collaborative effort by EASA and FAA based from the position paper “CAST-32A: Multi-core Processors”.
The AC/AMC 20-193 describes an acceptable means for demonstrating compliance with the applicable airworthiness regulations for aspects related to multi-core processors contained in airborne systems and equipment used in TC/STC certification or ETSO/TSO authorization. Multicore processors are increasingly used within avionics systems, not only in applies to Civil Airborne systems, but also in applies MIL-Aero, eVTOL and UAM certification. AMC/AC 20-193 applies to systems and equipment that contain MCPs with two or more activated cores for which the item development assurance level (IDAL) of at least one of the software applications hosted by the MCP or of the hardware item containing the MCP is A, B, or C. consideration must be taken that the deactivation of cores is handled through the applicable Airborne Electronic Hardware (AEH) guidance DO-254/ED-80. However, the AC/AMC 20-193 does not apply when the software IDALs are all level D or E.