[SystemSafety] multi-core validation for aerospace

Tom Ferrell tom at faaconsulting.com
Wed Nov 14 12:32:13 CET 2018 

Concerning this topic in civil aviation:  The current multi-core guidance from both the FAA and EASA cannot be viewed in isolation,  Both regulators have additional guidance for dealing with COTS microcontrollers.  While it used to be the case that a microprocessor could be 'accepted' without further compliance demonstration IFF the software test program was conducted on target such that the processor's suitability could be inferred through this test exposure, those days are over for all but the most 'simple' microprocessors.  The additional guidance relates to handling of device errata, levels of change control, service experience in the market, and targeted verification to prove unused capabilities are benign.


-----Original Message-----
From: systemsafety [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of Paul Sherwood
Sent: Wednesday, November 14, 2018 6:18 AM
To: safetyyork at phaedsys.com
Cc: systemsafety at lists.techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] multi-core validation for aerospace

At the risk of taking another beating from the folks here, I'd like to 
point out that there's a huge amount of 'firmware' and 'microcode' 
(which i read as 'software') in modern microprocessors. I am struggling 
to understand how folks can extrapolate methods designed primarily for 
baremetal microcontroller-scale devices to this level of complexity.

FWIW a lot of this 'firmware' is delivered as binary-only, however if 
the target device is Arm-based, perhaps [1] may be of interest.

[1] https://www.trustedfirmware.org

On 2018-11-13 16:10, Chris Hills wrote:
> Hi All
> 
> I have a customer who is looking at a project that will be multi-core
> processors for aviation use.  They are going to have to validate the
> system and its software. They are trying to work out how they would
> gather sufficient evidence for this.
> 
> They are looking at different cores on the same device.  Different
> cores could potentially run different functions each, or could use
> something across all the cores. Design is up in the air just now, so
> they are looking for a general certification approach and what they
> would need to achieve this and  any ways they  could do it using more
> automated methods where possible.
> 
> Does anyone have any pointers for them to get started?
> 
> This is a UK based project.
> 
> Regards
>   Chris
> 
> Phaedrus Systems Ltd
> 
> 96 Brambling B77 5PG
> 
> FREEphone 0808 1800 358    International +44 1827 259 546
> Vat GB860621831  Co Reg #04120771
> Http://www.phaedsys.com [1]  chills at phaedsys.com
> 
> 
> 
> Links:
> ------
> [1] http://www.phaedsys.com/
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
> Manage your subscription:
> https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE
Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety

More information about the systemsafety mailing list