One of today's critical design issues in mission-critical trusted computing involves multi-core processing
Designers of mission-critical trusted computing like flight computers and avionics must be able to accommodate the latest multi-core microprocessors.
By John Bratton
ANDOVER, Mass. – Today's mission-critical processing resources must be trusted, uncompromised, and highly deterministic in the age of smarter and autonomous missions.
Processing determinism means that a system will not fail and that it will deliver a reliable and predictable outcome based on the input conditions. Such mission-critical processing functions include fire control, flight and mission computing, avionics, vetronics, and other effector controls. Like trust, the presence of determinism increasingly is required; for autonomous platforms and other machine-decision-made effector operations, it has to be demonstrable.
As all manner of vehicles become smarter and increasingly autonomous, they use trusted computing to perform complex missions in more places, including populated and urban areas. Governments are no longer granting defense vehicles special exemptions for safety as they may have in the past. Instead, smarter manned and unmanned, ground, sea, and air vehicles must demonstrate similar levels of mission assurance that have been mandated in the commercial aerospace domain for decades.
Design Assurance Level (DAL) is used by national aviation safety organizations including European Aviation Safety Agency (EASA), the U.S. Federal Aviation Administration (FAA), European Joint Aviation Authorities (JAA), and Transport Canada to measure and regulate intrinsic flight-safety worthiness through a certification process.
DAL defines the process of establishing that hardware (DO-254) and software (DO-178B) will operate in a precise and predictable manner. Flight-safety certification is complex and detailed work requiring all software and hardware processing permutations to be evaluated for determinism, and to remove opportunities for unplanned outcomes.
The number of permutations is proportional to the number of inputs, possible outcomes, and processing paths. As such, single-core processors have become the de-facto processors for flight-safety certification because the number of permutations is somewhat manageable.
As mission-critical processing tasks become more compute-intense, more processing power is required. The capability boost comes with multi-core processors that increase throughput and processing power with multithreading, deliver better size, weight and power (SWaP) performance, and have extended silicon availability support.
Increasingly, silicon roadmaps are dropping single-core devices in favor of those with more popular and capable multi-cores.
Multi-core flight-safety certification has become the endgame for performance mission-critical systems. However, multi-core processors not only scale the processing permutations possible by the number of cores present, but also introduce shared on-die resources, adding further to the processing permutations and as such certification complexity.
Anticipating that multi-core flight-safety certification although challenging, will become the new norm, next generation defense electronics design and manufacturing companies are making the investments necessary to make multi-core flight-safety certification a reality. These companies are forming strategic alliances with silicon manufacturers who are similarly working towards the new paradigm of big, on-platform deterministic processing.
Modern mission-critical processing solutions are built with a top-down approach for scalability, interoperability, ease of configuration, and flight-safety certification. This next level of deterministic compute power often is open systems compliant and compatible with the sensor open systems architecture (SOSA) -- the emerging and dominant defense industry embedded processing architecture.
More information about a top down approach to flight-safety certification from Mercury Systems is online at www.mrcy.com/mission-computing-safety-dal.
John Bratton is product marketing director for sensor and mission processing at Mercury Systems in Andover, Mass. Contact him by email at firstname.lastname@example.org.