angleTop Created with Sketch.

High Integrity Software 2017 Conference — October 17 — Bristol, UK

angleBottom Created with Sketch.
« Back to main Programme

Multi-Core (MC) Processor Qualification for Safety Critical Systems

Dr Mark Hadley

Senior Scientist - Software Systems, DSTL

Mike Standish

Senior Engineer - Systems, DSTL

Multi-Core (MC) processors are now the norm in such devices as personal computers, mobile phones, tablets, and the like. Data centres around the world are also exploiting the greater power efficiency of MC. We now live in the age of MC – true parallel programming, system on a chip, shared memory between cores. As a consequence, MC processors are now being proposed for safety critical and mission critical systems.

How do we mitigate the complications that MC brings to this domain, for example, non-determinism, non-sequential execution of code, cache degradation, Worst Case Execution Time (WCET) prediction and so on?  There are currently no standards that directly cover the qualification or certification of MC-based systems and little practical experience exists for doing so. UK MOD currently has no explicit guidance on how to qualify MC-based systems. Furthermore, processor manufactures are not willing to provide detailed design artefacts for third party qualification/certification due to Intellectual Property Rights (IPR) considerations; this unwillingness is an additional complication.

In the absence of any formal standards or qualification processes we have developed a strategy, which will be discussed in this talk. The strategy (supported by the results of practical research) is for the qualification of an airborne safety critical system that uses MC processors. The approach taken is based upon a combination of separation, independence and testing, along with a deliberate choice not to fully exploit all of the possible MC advantages (e.g. parallel programming, shared Real Time Operating System among multiply cores).

© Crown copyright (2016), Dstl. This material is licensed under the terms of the Open Government Licence except where otherwise stated. To view this licence, visit http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gsi.gov.uk.


About Dr Mark Hadley

Mark has been working in the airborne safety critical software domain for almost 20 years with UK Defence Science and Technology Laboratory (Dstl) (and its predecessor organisations) working on a range of UK Ministry of Defence (MOD) airborne systems. Mark is a senior consultant in software and provides Independent Technical Evaluation (ITE) and Subject Matter Expert (SME) advice to a host of MOD Project Teams. He is leading research into a number of areas such as: multi-core processors and the generation of diversity of evidence arguments to support the qualification of mission and safety critical systems. Mark completed his PhD in software testing at the University of York.

About Mike Standish

Mike is a senior engineer in systems at the UK Defence Science and Technology Laboratory (Dstl). Experience of all aspects of software and systems lifecycles has been gained in over 10 years within the defence sector. Mike holds a BSc in Software Engineering and an MSc in Strategic Information Systems. Mike is currently undertaking an Engineering Doctorate (EngD) in Systems at the University of Bristol; he is a Chartered Engineer (CEng) gained via the British Computer Society (BCS).

Sponsored by

AdaCore Altran Jaguar Land Rover

Supported by

BAE Systems