Specialist in high-assurance operating systems, Green Hills Software, has added Intel architecture to the certifications of conformance for its INTEGRITY-178 Time-Variant Unified Multi Processing (tuMP) RTOS to the Future Airborne Capability Environment (FACE) Technical Standard edition 3.0. INTEGRITY-178 tuMP was previously certified for Power Architecture.
The certification covers both the Safety Base and Security profiles, and includes verification for C, C++ and Ada support for both profiles. The INTEGRITY-178 tuMP RTOS was the first software component of any type to be certified conformant to edition 3.0, and this latest certification extends that commitment to open standard certification.
Published in November 2017, Version 3.0 of the FACE Technical Standard requires any Operating System Segment (OSS) that claims support for multicore partitions to meet ARINC-653 Part one Supplement four, including the ability for ‘Multiple processes within a partition scheduled to execute concurrently on different processor cores’.
Simplistic multi-processing architectures, such as Asymmetric Multi-Processing (AMP), are not sufficient to meet the requirements of Supplement 4. INTEGRITY-178 tuMP implements a richer set of multi-processing functionality, allowing any combination of AMP, Bound Multi-Processing (BMP), and Symmetric Multi-Processing (SMP).
BMP is an enhanced and restricted form of SMP that can statically bind an application’s ARINC-653 processes to a specific set of cores, allowing the system architect to more tightly control the concurrent operation of multiple cores. The INTEGRITY-178 tuMP implements AMP, BMP, and SMP on all of its FACE-conformant architectures, including Intel, Arm, and Power Architectures.
“Green Hills Software stands alone in our commitment to both FACE certification and support for the broadest set of software multi-processing architectures,” said Dan O’Dowd, Founder and Chief Executive Officer of Green Hills Software. “The ability of the INTEGRITY-178 tuMP multicore RTOS to execute a multi-threaded application across multiple processor cores within a time partition enables optimal performance, portability, and sustainment for Integrated Modular Avionics (IMA).”
Meeting worst-case execution times (WCET) while multiple cores are executing concurrently can be very challenging no matter the choice of AMP, SMP, or BMP. Contention from multiple cores trying to access a given shared resource, such as memory or I/O, can create interference between cores. Certification authorities have emphasized their concerns about such interference by including objectives for interference identification, mitigation, and verification in the CAST-32A position paper.
As a true multicore IMA operating system with a proven nine year service history, INTEGRITY-178 tuMP includes both a fully capable multicore scheduler and support for bandwidth allocation and management of shared processor resource access. The supported bandwidth management technique emulates a high-rate hardware-based approach to ensure continuous allocation enforcement.
These capabilities greatly lower integration and certification risk, while also enabling the integrator to manage significant software retest costs that would occur when a software application changes or is added.