David Faura

Ensuring robust partitioning in multicore platforms for IMA systems

Robust partitioning enforcement is a mandatory requirement in IMA1 systems. In this paper, we refine this requirement in the context of multicore processors and discuss a strategy to ensure it. We focus on a scenario in which several ARINC 653 partitions hosted on the same platform are executed at the same time on different cores. When this scenario is deployed on modern COTS2 hardware, robust partitioning may be impaired by inter-core conflicts sequences. The issue with such a deployment strategy lies in the isolated parallel execution of several partitions. The approach presented here aims at identifying conditions that entail inter-core conflicts with a sufficient level of detail. This representation helps identifying robust partitioning failure causes. Such information is a first step towards an acceptation of true parallelism in partitioned systems, i.e. deployment on multicores.

Model driven early exploration of IMA execution platform

Nowadays the conception of avionics platform follows the Integrated Modular Avionics (IMA) concept. This concept specifies network architectures, composed of computing modules capable of hosting more than one application that communicates through the AFDX network. Thanks to IMA, the number of modules aboard is reduced, as their footprint in term of space and weight. But the complexity of the design, verification and certification processes for the execution platform (hardware and OS) increases, while time to market tends to decrease. Facing this growing complexity, platform design relies on model-based approaches to assist the refinement of system requirements and to proceed to early analysis. Current model-based approaches focus on software description and approximate hardware components characteristics by set of predefined properties corresponding to a general category of component, and interactions between components in terms of distribution over time. In this paper, we propose a modeling approach allowing describing with different levels of detail an execution platform and simulate it in order to retrieve dynamic performance at early phase of the development process, and test the compliancy between the proposed architecture and a given set of applications. Applications are considered as entry point, and we focus on the response of the platform services and hardware architecture to the applications stimuli. Our method relies on two standardized languages: AADL to model with high level of abstraction the complete platform, and SystemC to refine the description of the execution platform and simulate this latter. In this paper we present our approach, the two languages it relies on, and expose the mapping rules we defined to generate a SystemC model from the execution platform model described in AADL. We also present promising experimental results obtained on an avionic use-case.

A design approach for predictable and efficient multi-core processor for avionics

This paper presents design principles of a predictable and efficient multi-core system to meet embedded computers requirements in avionics. Multi-core processors are commonplace for massive data processing and personal use. Much of such systems have a number of features whose primary purpose is to improve performance. It results in the design of a set of hardware features which are difficult to analyze for certifiable avionic hard realtime applications. Such analysis is necessary because a fault in these applications could jeopardize the flight itself. Throughout a study of various academic and industrial works, we propose an approach to manage bottlenecks to meet avionic requirements in terms of partitioning, performance and predictability (determinism).

Model driven resource usage simulation for critical embedded systems

Facing a growing complexity, embedded systems design relies on model-based approaches to ease the exploration of a design space. A key aspect of such exploration is performance evaluation, mainly depending on usage of the hardware resources. In model-driven engineering, hardware resources usage is often approximated by static properties. In this paper, we propose an extensible modeling framework, to describe with different levels of detail the hardware resource usage. Our method relies on the AADL to describe the whole system, and SystemC to refine the execution platform description. In this paper we expose how we generate and compose SystemC models from the execution platform model described in AADL. We also present promising experimental results obtained on an avionics use-case.

A new modeling approach for IMA platform early validation

This past few years, avionics platform conception changed to integrated architecture, permitting one processor to host some applications, in order to reduce weight and space. But this method entails more complexity, especially in safety domain, while time to market tends to decrease, so new development processes are needed. Model-based approaches are now mature enough to design embedded critical systems and perform architecture exploration. In this paper we present a new modeling approach allowing avionics platform description and dynamic simulation. This method aim at dimensioning the architecture according to the applications it has to process, and to achieve early platform validation.

A software approach for managing shared resources in multicore IMA systems

Multicore processors are now considered as relevant candidates for the next generation of Integrated Modular Avionics (IMA) systems. One expected benefit of multicore introduction inside IMA platforms is an increase of the number of avionic applications hosted on a single platform. This can be achieved by deploying several ARINC 653 partitions simultaneously on different cores. However to be certifiable, such an architecture must fulfill many dependability requirements. In this paper we focus on the problem of Worst Case Execution Time (WCET) computation of embedded partitions under the Robust Partitioning constraint. Todays multicore processors internal features make those requirements fulfillment difficult to ensure on the platform for any set of hosted partitions. That comes from the difficulty to characterize with a satisfying confidence the processor behavior when several unknown applications use simultaneously shared hardware resources, such as the main memory. We present in this paper a generic software solution that constrains the use of shared resources to remain inside predefined usage domains for which the processor has a deterministic behavior. We illustrate this approach with a case study based on a COTS processor from the Freescale QorIQ series.

A versatile input interface for avionic computers

During the last decades, the Integrated Modular Avionics (IMA) concept has allowed important cost-savings in the development of avionic equipment thanks to an important reduction of the number of different modules. However, modularity in avionics is still limited by hardware concerns: current avionic computers have to interface with a lot of different inputs or outputs, from environment sensing to intercomputer communications, and the applications which can be hosted on the computer directly depends on these inputs and outputs. In this paper, we propose a new concept of input interface, named versatile input interface, which could facilitate the design and reuse of avionic equipment by allowing more flexibility in the development of Input/Output boards. The versatile input interface is meant to be used in avionic environment, and therefore will comply with avionic environmental procedures such as DO160-F [1].

An optimized answer toward a Switchless Avionics Communication Network

Actually, ARINC664 is the standard in reference for the Avionics Core Network and particularly the Part7 for Deterministic Network. The current communication architecture already deployed is based on the use of dedicated Ethernet Switch for the management of all data exchanges. These ones are not favorable regarding their SWaP (Size Weight and Power) impact on avionics suite addressing Bizjet or Regional Aircraft. This paper proposes new principles avoiding the systematic implementation of such dedicated communication equipment with a new communication architecture identified as Distributed Network System. This concept is the response towards a Switchless Avionics Communication Network.

Reducing certification granularity to increase adaptability of avionics software

A strong certification process is required to insure the safety of airplanes, and more specifically the robustness of avionics applications. To implement this process, the development of avionics software must follow long and costly procedures. Most of these procedures have to be reexecuted each time the software is modified. In this paper, we propose a framework to reduce the cost and time impact of a software modification. With this new approach, the piece of software likely to change is isolated from the rest of the application, so it can be certified independently. This helps the system integrator to adapt an avionics application to the specificities of the target airplane, without the need for a new certification of the application.

A high voltage programmable input interface for avionic equipment

Avionic computers are required to sense their environment or interact with other devices through the use of various sensors or communication buses. Currently, these sensors and buses use dedicated interfaces, which limits the functionalities that can be implemented in the computer. In this paper, we propose a programmable interface meant to interface most common sensors found in avionics, which could facilitate the design and reuse of avionic computers. The architecture of the interface is presented, with a focus on the programmable analog signal conditioning stage which is able to withstand the high voltages present in the harsh avionic environment.