DDC-I and Rapita Systems Simplify Verification and Certification of Multicore Avionics Applications

April 21, 2020

DDC-I, a leading supplier of software and professional services for mission and safety-critical applications, and Rapita Systems, a leading provider of software verification tools and services, announced the integration of Rapita’s verification tools (RVS) with DDC-I’s Deos DO-178C DAL A certifiable safety critical RTOS. The integrated platform simplifies multicore verification and certification by providing the safety critical timing information needed to satisfy CAST-32A guidance, enabling developers to simulate multicore resource contention, characterize interference patterns, and provide the certification evidence needed to prove that competition for shared resources does not adversely affect the execution of safety-critical tasks.

DDC-I and Rapita have worked closely to develop a seamless, hardware-agnostic integration of RVS with Deos, portable to every architecture supported by Deos (PowerPC, ARM, and x86). Tracing is accomplished by applying RVS instrumentation with a trace mechanism available within the Deos kernel. Rapita’s RapiDaemons provide a means of generating contention for specific resources that are shared by multiple cores in the system and observing the resulting interference. Together, these capabilities enable developers to understand timing and cross-core interference on Deos-based multicore systems and determine how to best coordinate multicore applications for optimal system performance consistent with the CAST-32A objectives.

“We are excited to be working with Rapita to offer Deos users seamless access to Rapita’s world-class verification tools,” said Greg Rose, vice president of marketing and product management at DDC-I. “Rapita tools running atop Deos provide an ideal platform for characterizing multicore resource contention issues, bounding real-world worst-case execution times, and providing the certification evidence needed to meet CAST-32A objectives.”

“RTOS/tool integration often requires substantial NRE for our customers at the application level,” added Guillem Bernat, CEO at Rapita Systems. “Deos provided the native hooks we needed for a seamless integration that minimizes NRE and provides a best-in-class, out-of-the-box verification, WCET timing analysis and certification solution for our joint avionics customers.”

RapiTask provides scheduling visualization and analysis, helping avionics developers identify and analyze system level resource issues. By displaying CPU utilization metrics at each time point of code execution, and allowing programmers to jump to specific time intervals, RapiTask makes it easy to identify utilization issues and verify that each application meets its requirements. With the addition of RapiTime, which provides on-target timing analysis, programmers can also determine worst-case execution time (WCET) for each task.

RapiDaemons interference generators provide a means of simulating contention for shared resources from applications running on multiple cores and form a key part of Rapita’s end-to-end CAST-32A Compliance package.

Deos is a safety-critical embedded RTOS that employs patented slack scheduling, memory pools and cache partitioning to deliver higher CPU utilization than any other certifiable safety-critical COTS RTOS. First certified to DO-178 DAL A in 1998, Deos provides a FACE Safety Base Profile that features hard real-time response, time and space partitioning, and both ARINC-653 and POSIX interfaces.

Deos SafeMC™ technology extends those advanced capabilities to multiple cores, enabling developers of safety-critical systems to achieve best in class multicore performance without compromising safety-critical task response and guaranteed execution time. SafeMC employs a bound multiprocessing (BMP) extension of the symmetric multiprocessing architecture (SMP), safe scheduling and cache partitioning to minimize cross-core contention and interference patterns. These features enable avionics systems developers to address issues that could impact the safety, performance and integrity of a software airborne system executing on Multi-Core Processors (MCP), as specified by the Certification Authorities Software Team (CAST) in its Position Paper CAST-32A for Multi-core Processors.

DDC-I and Rapita will offer free a joint webinar on this solution for multicore analysis on April 22 at 8:30 PDT, 16:30 BST. Registration information - https://bitly.com/DDCWB2002