industry news
Subscribe Now

Green Hills Software Demonstrates DAL A Application Running Across Multiple Processor Cores

INTEGRITY-178 tuMP is the Only FACE Conformant RTOS with that Capability

SANTA BARBARA, CA — September 17, 2019 — Green Hills Software, the worldwide leader in high-assurance operating systems, today announced that it is demonstrating its bound multi-processing (BMP) and symmetric multi-processing (SMP) capabilities of the INTEGRITY®-178 Time-Variant Unified Multi-Processing (tuMP™) RTOS for DAL A, B, and C applications at the FACE™ & SOSA™ technical interchange meeting and exposition (Booth #47) in Dayton, Ohio. INTEGRITY-178 tuMP is the only operating system conformant to the FACE Technical Standard edition 3.0 with the capability to execute a DO-178C Level A, B, or C application across multiple processor cores as defined in ARINC 653 Part 1, Supplement 4, Section 2 – “Multiple ARINC 653 processes within a partition scheduled to execute concurrently on different processor cores” (i.e. BMP). INTEGRITY-178 tuMP is also the only RTOS that meets the optional SMP requirement defined in ARINC 653, Part 2, Supplement 3.

Hypervisor offerings claiming support for their unbounded SMP execution environments are commonplace for non-safety critical applications. Although claims of a safety-critical SMP execution environment and ARINC 653 Part 1, Supplement 4 compliance for multicore are often confusing and misleading. Thus system integrators must confront the RTOS or hypervisor supplier directly and ask if their solution supports the execution of a multi-threaded Level A, B or C application on two or more cores, which is a fundamental multicore requirement of Part 1, Supplement 4 as well as the recently released Supplement 5. The obvious question to ask is, does the supplier include a real-time DAL A compliant kernel that is capable of scheduling threads of execution across multiple cores, one that hopefully is also compliant with ARINC 653, Part 1, Supplement 4 or 5. The lack of functional BMP multicore support from other RTOS and hypervisor suppliers could be due to a lack of design support or simply a lack of understanding of the ARINC 653 standard. For example one of the hypervisor suppliers claiming support for Supplement 4 has stated the following: “ARINC 653P1-4 does not include the ability to run an instance of a partition across multiple cores (known as a multicore partition), but states that this capability may be added in a future update of the standard.”

The capability to execute multiple threads of an application across multiple processor cores is critical to achieving optimal performance and flexibility when using multicore processors.  Although such solutions are readily available for non-safety-critical operating systems such as Linux, or even Linux in a hypervisor’s virtual machine environment, it is much more challenging for safety-critical applications. As a true Integrated Modular Avionics (IMA) multicore operating system with a proven 9-year service history, the INTEGRITY-178 tuMP RTOS was designed from the beginning as a multicore solution for safety and security-critical applications, and it has the capability to run multi-threaded applications at all design assurance levels up to and including Level A.

A second challenge of using multicore processors for safety-critical applications is the inherent contention from multiple cores trying to access a given shared resource, such as memory or I/O. Certification authorities have emphasized their concerns about such interference by including objectives for interference identification, mitigation, and verification in the CAST-32A position paper. Whereas most RTOS and hypervisor offerings leave multicore interference mitigations as an exercise for the system integrator, INTEGRITY-178 tuMP includes a fully capable multicore scheduler, and a bandwidth allocation and management capability, called BAM, to control and monitor shared processor resource access. The supported bandwidth management technique emulates a high-rate hardware-based approach to ensure continuous allocation enforcement. These capabilities greatly lower integration and certification risk, while also enabling the integrator to manage significant software retest costs that would occur when a software application changes or is added. An architecture based on multicore processors can only be considered an IMA system if the integrator or sustainment operation can easily mitigate and control multicore interference as new software functionality is added to the system or existing applications are updated, which is the basic premise behind IMA.

INTEGRITY-178 tuMP is the only commercial multicore operating system capable of hosting Multi-Level Security (MLS) applications within its secure MILS partitions, without restricting the MLS application (such as a high assurance guard or downgrader) to a bare-metal execution environment. INTEGRITY-178 tuMP is also the only commercial multicore operating system able to guarantee and enforce a Cross Domain Solution’s (CDS) information flows. INTEGRITY-178 tuMP MLS and CDS capabilities are backed by a comprehensive and massive set of security assurance evidence that is aligned with the NSA High-Robustness and the Common Criteria’s EAL 6+ assurance requirements. When an RTOS supplier claims that their solution can meet MLS or CDS assurance requirements, such claims should be thoroughly scrutinized by conducting a deep-dive audit into their functional security capabilities and corresponding software assurance evidence. After all, while it is easy to claim a high level of security, unproven claims will not prevent rogue applications or malicious actors from compromising the system.

About Green Hills Software
Founded in 1982, Green Hills Software is the worldwide leader in embedded safety and security. In 2008, the Green Hills INTEGRITY-178 RTOS was the first and only operating system to be certified by NIAP (National Information Assurance Partnership comprised of NSA & NIST) to EAL 6+, High Robustness, the highest level of security ever achieved for any software product. Our open architecture, integrated development solutions address deeply embedded, safety/security and high-reliability applications for the military/avionics, medical, industrial, automotive, networking, consumer and other markets that demand industry-certified solutions. Green Hills Software is headquartered in Santa Barbara, CA, with European headquarters in the United Kingdom. Visit Green Hills Software at

Leave a Reply

featured blogs
Jun 22, 2021
Have you ever been in a situation where the run has started and you realize that you needed to add two more workers, or drop a couple of them? In such cases, you wait for the run to complete, make... [[ Click on the title to access the full blog on the Cadence Community site...
Jun 21, 2021
By James Paris Last Saturday was my son's birthday and we had many things to… The post Time is money'¦so why waste it on bad data? appeared first on Design with Calibre....
Jun 17, 2021
Learn how cloud-based SoC design and functional verification systems such as ZeBu Cloud accelerate networking SoC readiness across both hardware & software. The post The Quest for the Most Advanced Networking SoC: Achieving Breakthrough Verification Efficiency with Clou...
Jun 17, 2021
In today’s blog episode, we would like to introduce our newest White Paper: “System and Component qualifications of VPX solutions, Create a novel, low-cost, easy to build, high reliability test platform for VPX modules“. Over the past year, Samtec has worked...

featured video

Reduce Analog and Mixed-Signal Design Risk with a Unified Design and Simulation Solution

Sponsored by Cadence Design Systems

Learn how you can reduce your cost and risk with the Virtuoso and Spectre unified analog and mixed-signal design and simulation solution, offering accuracy, capacity, and high performance.

Click here for more information about Spectre FX Simulator

featured paper

Choose a high CMTI gate driver that cuts your SiC switch dead-time

Sponsored by Maxim Integrated

As GaN and SiC FETs begin to replace MOSFET and IGBT technologies in power switching applications, this paper discusses the key considerations when selecting an isolated gate driver. Maxim explains the importance of CMTI and propagation delay skew and presents an isolated gate driver IC ideal for use with these new power transistors.

Click to read more

featured chalk talk

TI Robotics System Learning Kit

Sponsored by Mouser Electronics and Texas Instruments

Robotics projects can get complicated quickly, and finding a set of components, controllers, networking, and software that plays nicely together is a real headache. In this episode of Chalk Talk, Amelia Dalton chats with Mark Easley of Texas Instruments about the TI-RSLK Robotics Kit, which will get you up and running on your next robotics project in no time.

Click here for more information about the Texas Instruments TIRSLK-EVM Robotics System Lab Kit