The project coordinator
Project map
Russian version
English version
Write the mail
Integrity-178 tuMP is first FACE 3.0 multicore real-time operating system
News/ > 2019/ > Integrity-178 tuMP is first FACE 3.0 multicore real-time operating system/
Integrity-178 tuMP is first FACE 3.0 multicore real-time operating system
26 March 2019 Real-time software specialist Green Hills Software in Santa Barbara, Calif., is staking another claim to the growing movement towards open-systems standards for U.S. military electronics.

According to Green Hills, their Integrity-178 Time-Variant Unified Multi Processing (tuMP) is the first real-time operating system to achieve FACE’s 3.0 standard. The real time system uses asymmetric multi-processing (AMP) and bound multi-processing (BMP) in a time-partitioned manner on a multicore processor.

Green Hills first started system verification and validation with an independent FACE conformance verification authority in September. The system was verified for three different multicore architectures, or units of conformance: Intel, Arm and PowerPC/QorIQ. Each unit of conformance from the Integrity-178 tuMP system was verified against both the safety base and security profiles for C, C++ and Ada support.

The certification covers the Safety Base profile and the Security profile for safety-certifiable software in the Integrity-178 tuMP RTOS, and underscores the commitment of Green Hills for certification to open standards, company officials say.

Version 3.0 of the FACE Technical Standard represents a major improvement over the prior version 2.1.1 in that it addresses the use of multicore processors in safety-critical applications. FACE 3.0, published in November 2017, has, among other things, added system model metadata definition and introduced improvements to the data architecture area of the standard as well.

The standard is published by the Open Group’s FACE Consortium, a partnership between industry suppliers, government experts and operators to provide avionics that use an open system architecture. The consortium has continually updated their standard, which integrates and builds off proven standards like OpenGL, ARINC 729 and POSIX.

The technical standard now requires any operating system segment (OSS) that claims support for multicore partitions to meet ARINC-653 Part 1 Supplement 4, including the requirement for multicore operation as defined in Section 2: «Multiple processes within a partition scheduled to execute concurrently on different processor cores.» In ARINC-653, each application is called a partition and has its own memory space. >>>
>>> Asymmetric multi-processing (AMP), the simplest software architecture in a multicore-based system, is not sufficient to meet the requirements of Supplement 4. Integrity-178 tuMP meets the requirements of ARINC-653 Supplement 4, and it does so with the availability of Bound Multi-Processing (BMP) in addition to AMP and Symmetric Multi-Processing (SMP).

By definition, BMP is an enhanced and restricted form of SMP that can statically bind an application's ARINC-653 processes (i.e., tasks) to a specific set of cores, allowing the system architect to more tightly control the concurrent operation of several cores.

Integrity-178 tuMP enables system developers to bind ARINC-653 processes within an application to a core using an API or using the system configuration file. In addition, Integrity-178 tuMP meets the ARINC-653 Part 2 Supplement 3 requirements for SMP operation.

Integrity-178 tuMP supports combinations of AMP, SMP, and BMP in a time-partitioned manner on a multicore processor. Meeting worst-case execution times (WCET) while several cores are executing concurrently can be very challenging no matter the choice of AMP, SMP, or BMP.

Contention from several cores trying to access a given shared resource, such as memory or I/O, can create interference between cores. Certification authorities have emphasized their concerns about such interference by including objectives for interference identification, mitigation, and verification in the CAST-32A position paper.

As a multicore IMA operating system, Integrity-178 tuMP includes a capable multicore scheduler and support for bandwidth allocation and management of shared processor resource access.

The supported bandwidth management technique emulates a high-rate hardware-based approach to ensure continuous allocation enforcement. These capabilities greatly lower integration and certification risk, while also enabling the integrator to manage significant software retest costs that would occur when a software application changes or is added.

Without operating system features and support for bandwidth management of the shared multicore resources, such software changes would require analysis and retest of all other potential concurrent applications. When considering the following: (a) development, integration and certification risks, (b) future application growth requirements, and (c) long-term system sustainment objectives, Integrity-178 tuMP is the ideal multicore high-assurance RTOS solution. >>>
>>> While this is the first FACE 3.0 certification approved for the Integrity-178 tuMP, it is featured on boards used by Curtiss-Wright, Mercury Systems, and Extreme Engineering among others, a representative for Green Hills told Avionics International in an emailed statement.

Northrop Grumman also features the system on its third-generation FlightPro mission computer featured on avionics upgrades to in-service UH-1Y and AH-1Z helicopters. It is also featured on the Esterline CMC Electronics multi-function smart display, which was part of an avionics refresh program for the CH-53GS/GE Sea Stallion fleet operated by the Finnish Air Force.

«The ability to execute an application across a user allocated core or group of cores in a bounded and time-partitioned manner is necessary for achieving maximum performance and minimum size, weight, and power for integrated modular avionics,» Dan O'Dowd, founder and chief executive officer of Green Hills said of the new achievement.

For more information, please visit the following links:


Search on the project
© 2019 State Research Institute of Aviation Systems. All rights reserved. Terms of Use.