AC 20-193 & AMC 20-193 objectives: MCP_Planning_1, MCP_Planning_2

MCP_Planning_1 applies to DAL A, B and C systems. For all software assurance levels, the platform must be described, including the hardware, peripherals, and the RTOS being used. For DAL A and B systems, plans should include information on the verification processes that will be followed to produce AMC 20-193 compliance evidence.

MCP_Planning_2 requires that you provide a description of how your multicore platform’s resources will be used, allocated and verified, identify any enabled dynamic hardware features, and identify the aspects of the multicore platform that require the use of a safety net.

Rapita Systems’ MACH178 solution supports planning for A(M)C 20-193 projects. MACH178 Foundations includes template plans and checklists to help you write up and review your plans. Specifically, it includes a template Plan for Multicore Aspects of Certification (PMAC) and Multicore Software Verification Plan (MSVP), which links to verification procedures also included in MACH178 Foundations. We can also support you in planning through consultancy.

AC 20-193 & AMC 20-193 objective: : MCP_Resource_Usage_1

MCP_Resource_Usage_1 requires that you identify and document the MCP configuration settings that will enable the hardware and the software hosted on the MCP to satisfy the functional, performance, and timing requirements of the system.

Rapita Systems’ MACH178 solution supports meeting this objective. A procedure that you can follow to identify Critical Configuration Settings is included in MACH178 Foundations. This is used to identify the hardware registers that can be used to mitigate multicore interference on your platform . MACH178 Foundations also includes a template output and a checklist to ensure that the outputs have been reviewed.

AC 20-193 & AMC 20-193 objective: MCP_Resource_Usage_2

This objective was introduced in CAST-32A, but was not included in AC 20-193 and AMC 20-193 as it is already covered in AC 20-152A / AMC 20-152A objective COTS-8.

The objective asked for the applicant to implement a mechanism to detect and recover from inadvertent modifications to critical configuration settings.

Rapita Systems can help you identify critical configuration settings on your multicore platform, see MCP_Resource_Usage_1.

AC 20-193 & AMC 20-193 objective: MCP_Resource_Usage_3

MCP_Resource_Usage_3 requires that you identify interference channels on your platform and verify any interference mitigation strategies you have deployed. This requires detailed understanding of the multicore platform and its resources, and access to detailed technical reference material about the architecture and behavior of multicore hardware.

Rapita Systems’ MACH178 solution supports meeting this objective. Procedures, results templates and review checklists that you can follow to identify and characterize interference channels on multicore platforms are available in MACH178 Foundations. The output of this characterization contains the set of interference scenarios that can be used for the verification of mitigation mechanisms and interference analysis of the hosted software.

RVS and RapiDaemon tools support the characterization of interference by letting you write multicore interference tests and run them on target. We can support you applying the procedures yourselves or provide services through our specialist multicore engineering team to produce DO-178C compliance evidence on your multicore system.

AC 20-193 & AMC 20-193 objectives: MCP_Resource_Usage_4

MCP_Resource_Usage_4 requires that you identify the capacity of hardware resources on your multicore processor, and demonstrate that the software will not exceed this capacity.

Rapita Systems’ MACH178 solution supports meeting this objective. Automation tools including RVS and RapiDaemons facilitate the measurement of resource capacity and measurement of software resource usage. Guidance on achieving the objective is included in procedures, templates and checklists available in MACH178 Foundations.

We can also provide consultancy and services to support the verification of resource capacity and usage on your multicore platform.

AC 20-193 & AMC 20-193 objective: MCP_Software_1

MCP_Software_1 requires that you verify that your software meets its timing deadlines in the multicore environment, including interference that can be encountered on the system. It is expected that you produce this evidence through on-target testing. This requires an environment in which interference can be generated in a repeatable fashion.

Rapita Systems’ MACH178 solution supports meeting this objective. MACH178 Foundations includes guidance on selecting strategies for multicore WCET analysis, as well as results templates and checklists to support the activity. RVS tools and RapiDaemons support the collection of WCET evidence on-target. We can also provide consultancy and services to support the definition of WCET analysis methods for your multicore platform.

AC 20-193 & AMC 20-193 objective: MCP_Software_2

MCP_Software_2 requires that you verify the data coupling and control coupling (DCCC) of your multicore system. A wide range of perspectives exist on what DCCC means for single core systems, and several different analysis methods have been accepted when certifying DO-178C software. Likewise, as of today, there is no one accepted method for performing DCCC analysis for multicore systems in line with AC 20-193 and AMC 20-193 objectives.

For single-core systems, DCCC analysis is bounded by coupling between components. A(M)C 20-193 specifically mentions that “Interference may occur between tasks of a single component when the tasks execute on different cores”, and implies that interference should be considered during DCCC verification.

While data coupling and control coupling analysis for multicore systems is of yet a little discussed topic, Rapita Systems lead the way in commercial solutions to multicore verification, and we can work with you to define a strategy that fits for your project.

Rapita provide DCCC services and are developing in-depth, flexible support for DO-178C data and control coupling analysis through the RapiCoupling tool, which will include guidance on selecting criteria for the analysis. A case study including use of the tool in collaboration with Collins Aerospace was presented at DASC 2024.

Our DCCC services include working with you to determine a strategy for DCCC analysis that fits your project, helping you set up the automation infrastructure to support the analysis, and V&V to produce on-target DCCC evidence for your software.

AC 20-193 & AMC 20-193 objective: MCP_Error_Handling_1

This objective asks the applicant to identify the effect of failures that may occur within the multicore platform, and demonstrate that detection and recovery mechanisms have been implemented where necessary.

Safety nets should be developed in line with the aircraft-level safety assessment.

Rapita Systems can help with the verification of a safety net implementation through automation tools and services.

AC 20-193 & AMC 20-193 objective: MCP_Accomplishment_Summary

Verification results generated to meet AC 20-193 and AMC 20-193 objectives should be summarized in an Accomplishment Summary.

This should include a high-level summary of results from all verification activities, traceability back to the plans, and a compliance matrix showing which results trace to which A(M)C 20-193 objectives.

We can provide support for generating an Accomplishment Summary through our MACH178 solution. We use technology that can automate the generation of summaries from results generated through our MACH178 services.