Single-Core Integrated Modular Avionic (IMA) is an established technology used in modern aircraft. Due to the foreseeable obsolescence of single-core processors and the constantly increasing number of new system functions, multi-/many-core processors are seen as a key technology for meeting these challenges. The integration of multiple system functions on a single hardware device offers potential for weight and energy savings as well as increased efficiency. However, running multiple functions concurrently on different processor cores does not prevent them from sharing other resources such as cache, memory, buses and I/O peripherals. The resulting interference may increase latency and jitter of operations and thus violates safety and reliability requirements if not handled properly. The same effects occur when a function with highly parallelized code blocks is executed. Therefore, the development of an avionics platform using multi-/many-core processors is subject to strict regulations and certification processes.
The challenging timing behavior caused by modern hardware/software high performance architectures prevents the use of such platforms in real-time systems. State-of-the-art approaches focus on strict isolation mechanisms to guarantee reliable timing of safety-critical applications. However, the performance of the entire system suffers as a result.
At the Institute of Computer and Network Engineering, we propose a different approach to address the challenging timing behaviour that relies on a established technique from fault-tolerant system design, namely modular redundancy. In systems with higher criticality, modularity is mandatory to raise the reliability of a system above that of their components. In Avionics, modular redundancy is commonly used to detect hardware errors and software errors, additionally we extend it to mask timing outliers. We call this approach Timing Diversity.
A Timing Diversity set-up consists of at least two hardware platforms. A safety-critical application is executed on both hardware platforms. As timing errors should be sporadic (safety critical functions are usually well specified and tested due to certification), it may be assumed a timing error does not occur on two hardware platforms simultaneously. As a consequence, one platform provides the correct result before deadline.
The MC-ADAMS project involves 4 national partners:
The following people are currently involved in the MC-ADAMS project:
| Robin Hapka, Rolf Ernst, "Conservative Design with High-Performance COTS Architectures - Beyond Traditional Approaches" in 2024 International Conference on Emerging Technologies and Factory Automation (ETFA) , IEEE, September 2024. |
| Robin Hapka, Anika Christmann, Rolf Ernst, Alexander Kuzolap, Peter Hecker, Marius Rockschies, Martin Halle and Frank Thielecke, "Safe Usage of Multi-Cores in Neural Network Avionics Applications" in 2023 IEEE/AIAA 42nd Digital Avionics Systems Conference (DASC), IEEE/AIAA, Oktober 2023, Best of Track Award in Integrated Modular Avionics. |
| Anika Christmann, Robin Hapka and Rolf Ernst, "Formal Analysis of Timing Diversity for Autonomous Systems" in 2023 Design, Automation & Test in Europe Conference & Exhibition (DATE), IEEE, April 2023. |
| Robin Hapka, Anika Christmann and Rolf Ernst, "Controlling High-Performance Platform Uncertainties with Timing Diversity" in IEEE International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA), August 2022. |
| Anika Christmann, Adam Kostrzewa, Rolf Ernst, Marius Rockschies, Martin Halle, Frank Thielecke, Alexander Peuker, Alexander Kuzolap, Meiko Steen, Peter Hecker, Kai-Frederik Nessitt and Selma Saidi, "Integrating Multi-/Many-Cores in Avionics: Open Issues and Future Concepts" in IEEE Digital Avionics Systems Conference (DASC) 2021, Oktober 2021, author created copy. |
The MC-ADAMS project is funded by the German Federal Ministry for Economic Affairs and Climate Action funding number 20E1920B.