The increasing demand for processing power poses new challenges on the design of modern embedded systems. The adoption of multi-core processors seems to be a promising approach to tackle these challenges and to achieve further performance improvements combined with a reduction of energy consumption. Multi-core architectures are well known from the domain of desktop computing. However using these architectures in safety-critical applications such as aerospace, automotive, health or industrial automation leads to additional requirements, because such systems have to be certified according to domain specific safety-standards. Corresponding certification processes have been developed and established for the area of single-cores only, without taking the issue of multi-cores into account until now. An optimal solution for the field of multi-cores would be given by a modular certification process. Modularization enables saving of costs and time due to the reuse of previously certified components.
Driven by these new requirements, the ARTEMIS project RECOMP (Reduced Certification Costs for Trusted Multi-core Platforms) aims at establishing methods, tools and platforms for cost-efficient certification and re-certification of safety-critical multi-core systems. Special emphasis is placed on the consideration of mixed-criticality, i.e. systems containing both safety-critical and non-safety-critical components. Mixed-criticality systems can be found in a multitude of different areas of application. For example, a typical modern car contains a wide variety of electronic components to control highly safety-critical functions such as airbags or brakes as well as medium or less critical parts, e.g. engine control or infotainment. The traditional approach of partitioning these functions completely is economically not reasonable anymore. Hence virtualization techniques are gaining in importance.
RECOMP addresses the need for flexibility and upgradability of both the non-safety and safety-critical critical part. For that purpose reference designs and exemplary platform architectures will be developed for a large variety of domains. The concrete domains addressed by RECOMP include automotive systems, aerospace systems, industrial control systems, lifts and transportation systems.
Another focus is tool support for achieving cost-effective certification and re-certification. In this context mathematical foundations will be developed to enable formal analysis of multi-core system with virtualization support. In cooperation with tool vendors and certification authorities these methods will be integrated into tools chains and certification processes.
The project consortium of RECOMP consists of a total of 42 partners from 8 countries. Industrial partners represent the majority of the consortium, ranging from global players and large enterprises such as EADS, Infineon or Thales to numerous small and medium enterprises. The consortium has been composed such that the complete chain of suppliers and integrators has been incorporated to achieve effective innovations. Consequently system manufacturer from all domains (automotive, aerospace, industrial, health) as well as ECU vendors and semiconductor manufacturer (Infineon and Intel) participate in RECOMP. Further on software companies, tool vendors and certification authorities have been included into the consortium. Additionally 8 university partners participate in the RECOMP project to strengthen the research competence of the consortium.
The Technische Universität Braunschweig, Institute of Computer and Network Engineering plays an important role in the RECOMP project. It coordinates the german consortium in RECOMP and leads the essential and biggest workpackage that targets the development of hardware and software details for the Multi-Core architecture. The hardware will be delivered by Infineon and Intel, both global players in the silicon business. Another, research oriented, computer architecture will be provided by TU Braunschweig. The software is comprised of different parts. Operating systems (commonly Windows on regular home PCs) used among industry partners are vastly different, this requires extensive adjustments. Here leading European operating system companies with various backgrounds such as automotive, aerospace, medical and industrial technology are working on similar concepts to develop a common standard. The application software will be customized by system manufacturers (aircraft manufacturers, vehicle manufacturers, elevator manufacturers and others).
The vision on top is to guarantee safety and dependability of systems through a formal certification. Today, this expensive and long-winded process must be conducted for the entire system and entirely repeated each time a major change is applied the system. This can be complex for multi-core architectures. Thus RECOMP should develop new technology, in which the system is decomposed into modules to ease certification. This process poses extreme demands on the separation of functions which may not interfere with each other. This becomes clear when considering that although having different cores, different software functionality is still encompassed by a single piece of silicon. The functional independence must be ensured during the design process through formal verification. Here, software tools help to provide mathematical proof. Symtavision, a spin-off company of the TU which is based in Braunschweig, is an important vendor of such tools and also a partner in RECOMP.
The development of the cetification is led by TÜV Süd, which has a leading position in software certification worldwide. This ensures that new methods conform to established safety standards which allows smooth application.
The Project will run for 3 years with a total budget of €26M.
Preparatory work from the TU Braunschweig was, amongst other projects, carried out in the project AIS, deadling with reliabile Multi-Core systems. (BMBF press release)
For further information, please visit the RECOMP homepage
The RECOMP project is funded by the German Federal Ministry of Education and Research (BMBF), support code 01IS10001A, and by the ARTEMIS Joint Undertaking.
Philip Axer
Boris Motruk
Maurice Sebastian
Jonas Diemer