Multi-Core (MC) processors are now the norm in such devices as personal computers, mobile phones, tablets, and the like. Data centres around the world are also exploiting the greater power efficiency of MC. We now live in the age of MC – true parallel programming, system on a chip, shared memory between cores. As a consequence, MC processors are now being proposed for safety critical and mission critical systems.

How do we mitigate the complications that MC brings to this domain, for example, non-determinism, non-sequential execution of code, cache degradation, Worst Case Execution Time (WCET) prediction and so on?  There are currently no standards that directly cover the qualification or certification of MC-based systems and little practical experience exists for doing so. UK MOD currently has no explicit guidance on how to qualify MC-based systems. Furthermore, processor manufactures are not willing to provide detailed design artefacts for third party qualification/certification due to Intellectual Property Rights (IPR) considerations; this unwillingness is an additional complication.

In the absence of any formal standards or qualification processes we have developed a strategy, which will be discussed in this talk. The strategy (supported by the results of practical research) is for the qualification of an airborne safety critical system that uses MC processors. The approach taken is based upon a combination of separation, independence and testing, along with a deliberate choice not to fully exploit all of the possible MC advantages (e.g. parallel programming, shared Real Time Operating System among multiply cores).

© Crown copyright (2016), Dstl. This material is licensed under the terms of the Open Government Licence except where otherwise stated. To view this licence, visit http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gsi.gov.uk.