industry news
Subscribe Now

Green Hills Software Demonstrates DAL A Application Running Across Multiple Processor Cores

INTEGRITY-178 tuMP is the Only FACE Conformant RTOS with that Capability

SANTA BARBARA, CA — September 17, 2019 — Green Hills Software, the worldwide leader in high-assurance operating systems, today announced that it is demonstrating its bound multi-processing (BMP) and symmetric multi-processing (SMP) capabilities of the INTEGRITY®-178 Time-Variant Unified Multi-Processing (tuMP™) RTOS for DAL A, B, and C applications at the FACE™ & SOSA™ technical interchange meeting and exposition (Booth #47) in Dayton, Ohio. INTEGRITY-178 tuMP is the only operating system conformant to the FACE Technical Standard edition 3.0 with the capability to execute a DO-178C Level A, B, or C application across multiple processor cores as defined in ARINC 653 Part 1, Supplement 4, Section 2 – “Multiple ARINC 653 processes within a partition scheduled to execute concurrently on different processor cores” (i.e. BMP). INTEGRITY-178 tuMP is also the only RTOS that meets the optional SMP requirement defined in ARINC 653, Part 2, Supplement 3.

Hypervisor offerings claiming support for their unbounded SMP execution environments are commonplace for non-safety critical applications. Although claims of a safety-critical SMP execution environment and ARINC 653 Part 1, Supplement 4 compliance for multicore are often confusing and misleading. Thus system integrators must confront the RTOS or hypervisor supplier directly and ask if their solution supports the execution of a multi-threaded Level A, B or C application on two or more cores, which is a fundamental multicore requirement of Part 1, Supplement 4 as well as the recently released Supplement 5. The obvious question to ask is, does the supplier include a real-time DAL A compliant kernel that is capable of scheduling threads of execution across multiple cores, one that hopefully is also compliant with ARINC 653, Part 1, Supplement 4 or 5. The lack of functional BMP multicore support from other RTOS and hypervisor suppliers could be due to a lack of design support or simply a lack of understanding of the ARINC 653 standard. For example one of the hypervisor suppliers claiming support for Supplement 4 has stated the following: “ARINC 653P1-4 does not include the ability to run an instance of a partition across multiple cores (known as a multicore partition), but states that this capability may be added in a future update of the standard.”

The capability to execute multiple threads of an application across multiple processor cores is critical to achieving optimal performance and flexibility when using multicore processors.  Although such solutions are readily available for non-safety-critical operating systems such as Linux, or even Linux in a hypervisor’s virtual machine environment, it is much more challenging for safety-critical applications. As a true Integrated Modular Avionics (IMA) multicore operating system with a proven 9-year service history, the INTEGRITY-178 tuMP RTOS was designed from the beginning as a multicore solution for safety and security-critical applications, and it has the capability to run multi-threaded applications at all design assurance levels up to and including Level A.

A second challenge of using multicore processors for safety-critical applications is the inherent contention from multiple cores trying to access a given shared resource, such as memory or I/O. Certification authorities have emphasized their concerns about such interference by including objectives for interference identification, mitigation, and verification in the CAST-32A position paper. Whereas most RTOS and hypervisor offerings leave multicore interference mitigations as an exercise for the system integrator, INTEGRITY-178 tuMP includes a fully capable multicore scheduler, and a bandwidth allocation and management capability, called BAM, to control and monitor shared processor resource access. The supported bandwidth management technique emulates a high-rate hardware-based approach to ensure continuous allocation enforcement. These capabilities greatly lower integration and certification risk, while also enabling the integrator to manage significant software retest costs that would occur when a software application changes or is added. An architecture based on multicore processors can only be considered an IMA system if the integrator or sustainment operation can easily mitigate and control multicore interference as new software functionality is added to the system or existing applications are updated, which is the basic premise behind IMA.

INTEGRITY-178 tuMP is the only commercial multicore operating system capable of hosting Multi-Level Security (MLS) applications within its secure MILS partitions, without restricting the MLS application (such as a high assurance guard or downgrader) to a bare-metal execution environment. INTEGRITY-178 tuMP is also the only commercial multicore operating system able to guarantee and enforce a Cross Domain Solution’s (CDS) information flows. INTEGRITY-178 tuMP MLS and CDS capabilities are backed by a comprehensive and massive set of security assurance evidence that is aligned with the NSA High-Robustness and the Common Criteria’s EAL 6+ assurance requirements. When an RTOS supplier claims that their solution can meet MLS or CDS assurance requirements, such claims should be thoroughly scrutinized by conducting a deep-dive audit into their functional security capabilities and corresponding software assurance evidence. After all, while it is easy to claim a high level of security, unproven claims will not prevent rogue applications or malicious actors from compromising the system.

About Green Hills Software
Founded in 1982, Green Hills Software is the worldwide leader in embedded safety and security. In 2008, the Green Hills INTEGRITY-178 RTOS was the first and only operating system to be certified by NIAP (National Information Assurance Partnership comprised of NSA & NIST) to EAL 6+, High Robustness, the highest level of security ever achieved for any software product. Our open architecture, integrated development solutions address deeply embedded, safety/security and high-reliability applications for the military/avionics, medical, industrial, automotive, networking, consumer and other markets that demand industry-certified solutions. Green Hills Software is headquartered in Santa Barbara, CA, with European headquarters in the United Kingdom. Visit Green Hills Software at

Leave a Reply

featured blogs
Jul 2, 2020
Using the bitwise operators in general, and employing them to perform masking operations in particular, can be extremely efficacious....
Jul 2, 2020
In June, we continued to upgrade several key pieces of content across the website, including more interactive product explorers on several pages and a homepage refresh. We also made a significant update to our product pages which allows logged-in users to see customer-specifi...
Jun 26, 2020
[From the last episode: We looked at the common machine-vision application and its primary .] We'€™ve seen that vision is a common AI these days, and we'€™ve also talked about the fact that our current spate of neural networks are not neuromorphic '€“ that is, they'€™...

featured video

Product Update: What’s Hot in DesignWare® IP for PCIe® 5.0

Sponsored by Synopsys

Get the latest update on Synopsys' DesignWare Controller and PHY IP for PCIe 5.0 and how the low-latency, compact, power-efficient, and silicon-proven solution can enable your SoCs while reducing risk.

Click here for more information about DesignWare IP Solutions for PCI Express

Featured Paper

Cryptography: A Closer Look at the Algorithms

Sponsored by Maxim Integrated

Get more details about how cryptographic algorithms are implemented and how an asymmetric key algorithm can be used to exchange a shared private key.

Click here to download the whitepaper

Featured Chalk Talk

RX23W Bluetooth

Sponsored by Mouser Electronics and Renesas

Adding Bluetooth to your embedded design can be tricky for IoT developers. Bluetooth 5 brings a host of new capabilities that make Bluetooth integration more compelling than ever. In this episode of Chalk Talk, Amelia Dalton chats with Michael Sarpa from Renesas about the cool capabilities of Bluetooth 5, and how you can easily integrate them into your next project.

More information about Renesas Electronics RX23W 32-bit Microcontrollers