Development and certification of Avionics Platforms on Multi-Core processors Marc GATTI – August 29th, 2013.

Slides:



Advertisements
Présentations similaires
droit + pub = ? vincent gautrais professeur agrégé – avocat
Advertisements

European Commission DG DEV B2 CONDITIONALITY REFORMULATED THE BURKINA FASO PILOT CONDITIONALITY REFORMULATED THE BURKINA FASO PILOT.
GERPISA Eleventh International Colloquium June 11-13, 2003 Paris The Origins and the Limits of the Productive Models Diversity Research questions and research.
1 © CEA Tous droits réservés. Toute reproduction totale ou partielle sur quelque support que ce soit ou utilisation du contenu de ce document est.
Département fédéral de lintérieur DFI Office fédéral de la statistique OFS Implementing the economic classification revision (NACE / ISIC) in the Business.
Practical Session – Defining Learning Outcomes
Targets of the approach
THALES Communications Les informations contenues dans ce document sont la propriété exclusive du Groupe THALES. Elles ne doivent pas être divulguées sans.
(Nom du fichier) - D1 - 01/03/2000 FTR&D/VERIMAG TAXYS : a tool for the Development and Verification of RT Systems a joint project between France Telecom.
Le Passé Composé J'ai fini Elle a dansé Il a voyagé
Branche Développement Cnet La communication de ce document est soumise à autorisation du Cnet © France Télécom - (Nom du fichier) - D1 - 11/01/2014 Diffusion.
Thales Communications
1 La bibliométrie pour l'évaluation stratégique des institutions de recherche : usages et limites Indicators for strategic positioning of the research.
Primary French PowerPoints What’s Your Name?.
Revenir aux basiques !. 1 Revenir aux basiques Processus Nécessité daméliorer la Maîtrise les Offres et Projets: lanalyse des causes racines montre un.
Talking about yourself
Time with minutes French II Le 30 Octobre.
Cliquez et modifiez le titre Cliquez pour modifier les styles du texte du masque Deuxième niveau Troisième niveau Quatrième niveau Cinquième niveau 23/01/2014©
Tbilisi – November 27, 2007 FAO / EBRD COOPERATION PROGRAMME ______ PROTECTION OF GEORGIAN WINE APPELLATIONS.
Status report SOLEIL April 2008
1 Découverte des Outils SI de Cadence Ecole dElectronique Numérique IN2P3 Roscoff 2006 Découverte des Outils dAnalyse dIntégrité du Signal de Cadence ®
Coopération/Distribution DEA Informatique Nancy. Content 4 Introduction - Overview 4 Coordination of virtual teams : –explicit interaction model –explicit.
Minimisation Techniques 1 Assimilation Algorithms: Minimisation Techniques Yannick Trémolet ECMWF Data Assimilation Training Course March 2006.
Reading an analog clock
Université Des Sciences Et De La Technologie DOran Mohamed Boudiaf USTO République Algérienne Démocratique et Populaire Département de linformatique Projet.
Defence R&D Canada R et D pour la défense Canada Novel Concepts for the COP of the Future Denis Gouin Alexandre Bergeron-Guyard DRDC Valcartier.
Cest quel animal? Relie les mots aux symbols Un hamster Un chien Un chat Un cochon dInde Un serpent Une souris Un poisson Un oiseau Une araignée Une tortue.
JTI – Eco-Design Platform (Ecolonomic1 platform)
TM.
Defence Research and Development Canada Recherche et développement pour la défense Canada Canada 11-1.
The Benefits of Technology in the Classroom By: Jennifer Langer.
Assessment and the new secondary curriculum S. Barfoot.
How to solve biological problems with math Mars 2012.
Core Module 9 Family and Community Engagement Association des conseils scolaires des écoles publiques de lOntario (ACÉPO) Association franco-ontarienne.
AFNOR NF Z – "Online Consumer Reviews
28th Conference of Directors of Paying agencies Namur, 27 to 29 October 2010 The Belgian Presidency of the Council of the European Union Workshop 2 : Control.
Mardi 20 Novembre 2012 Recap I can
Eri Prasetyo Universitas Gunadarma
TortoiseSVN N°. Subversion : pour quoi faire ? Avoir un espace de stockage commun – Tous les étudiants du SIGLIS ont un espace svn commun Partager vos.
PURCHASING PHASE REVIEW Cornerstones of Purchase baseline
Laboratoire de Bioinformatique des Génomes et des Réseaux Université Libre de Bruxelles, Belgique Introduction Statistics.
L’ensemble microcanonique
Présentation dun modèle dinterface adaptative dun système de diagnostique et dintervention industriel: ADAPTS (Adaptive Diagnostics And Personalized Technical.
Ce document est la propriété d EADS CCR ; il ne peut être communiqué à des tiers et/ou reproduit sans lautorisation préalable écrite d EADS CCR et son.
Systèmes distribués Le futur des systèmes dinformation est: Networked Diverse Numerous Mobile Ubiquitous Systèmes multiagents Middlewares: CORBA JINI HLA.
Jeudi le 7 novembre. F 3 DUE: Virtual tour in LMS by 7:30 for the 70! DUE: Flashcards also for the 70 today (50 Friday) 1. Poem practice Le dormeur du.
Donnez l’heure “Time”… it’s a ticking!.
OHT 44 Starter 5, page 79 House vocabulary eée e a o auii e eueau aaàae esc. aaeeais a ae aoue acae eaae aa eeeu eai.
BIOS – – SADI Semantic Automated Discovery and Integration Sébastien Carrere.
INDICATOR DEFINITION An indicator describes the manifestation of a process of change resulting from the pursuit of an action. Un indicateur décrit la manifestation.
Différencier: NOMBRE PREMIER vs. NOMBRE COMPOSÉ
Modifications of working conditions in the host states Report on the AT Board held on 18 April 2000 New minimum wages in Switzerland Impact of the 35-hour.
16-Oct-00SL-BI and QAP Presented to QAWG on 23/10/2000Slide 1 Quality Assurance in SL/BI Jean-Jacques GRAS (SL-BI)
Branche Développement Le présent document contient des informations qui sont la propriété de France Télécom. L'acceptation de ce document par son destinataire.
VTHD PROJECT (Very High Broadband Network Service): French NGI initiative C. GUILLEMOT FT / BD / FTR&D / RTA
Passive Voice French 3. Types of Voice There are three types of voice in French. – Active – Passive – Pronominal You already know how to do active and.
KM-Master Course, 2004 Module: Communautés virtuelles, Agents intelligents C3: Collaborative Knowledge construction & knowledge sharing Thierry NABETH.
Study & revise the numbers carefully.
All Rights Reserved © Alcatel-Lucent 2006, ##### Kick off ECOSCELLS Project 9 November 2009 Université D’Avignon.
8th International Conference on psychosocial and economic aspects of HIV infection
Quelle heure est-il? What time is it ?.
2010 CAADP A FRICA F ORUM M EETING THE C HALLENGES OF C LIMATE C HANGE S TRATEGIES OF S MALLHOLDER FARMERS TO ACHIEVE F OOD S ECURITY AND I NCOME G ROWTH.
Ministère de l’Éducation, du Loisir et du Sport Responsables des programmes FLS et ELA: Diane Alain et Michele Luchs Animateurs: Diane Alain et Michael.
Slide 1 of 39 Waterside Village Fête ses 20 ans.
RozoFS KPI’s edition /04/2014. © Fizians Ce document ne peut être reproduit ou communiqué sans autorisation écrite. 2 RozoFS high level architecture.
IP Multicast Text available on
High-Availability Linux Services And Newtork Administration Bourbita Mahdi 2016.
University : Ammar Telidji Laghouat Faculty : Technology Department : Electronics 3rd year Telecommunications Professor : S.Benghouini Student: Tadj Souad.
A Solution for Every Network
Transcription de la présentation:

Development and certification of Avionics Platforms on Multi-Core processors Marc GATTI – August 29th, 2013

Access to MULCORS report Context This presentation is based on the final report that concludes the MULCORS project contracted with EASA. The reports provides the main outputs, recommendations and conclusions per EASA Specifications attached to the Invitation to Tender EASA.2011.OP.30.   Access to MULCORS report https://www.easa.europa.eu/safety-and-research/research-projects/large-aeroplanes.php

Multi-core: Conclusion Introduction Problems to Solve AGENDA Multi-core: Introduction Problems to Solve Regarding certification Software Aspects Failure Mitigation Means & COTS Relative Features Conclusion

Introduction Multi-core

Multi-Core: Introduction Multi-Core processor Architecture: Unified Memory Access Multi-Core processor Architecture: Distributed Architecture Multi-Core processor Architecture: Single Address space, Distributed Memory

Multi-Core: Introduction Airb. SW Airb. SW Airb. SW Intended Function HW adaptation Layer (BSP) Hypervisor layer (when required) Operating System Drivers Airborne Software Drivers Drivers Drivers O.S. O.S. O.S. Hypervisor BSP BSP BSP Core Core Core Core Core Core Cache Cache Cache Cache Cache Cache External Bus External Network BUS Register Register BUS Register Register EXT MEMORY BOARD SUPPORT PACKAGE BSP_Remark1: When a Hypervisor is not required, privileged accesses has to be given in Supervisor or Hypervisor mode to the Operating System to allow programming of shared resources like hardware accelerators, arbiters, in order to fulfill safety requirements such as determinism.   BSP_Remark2: if two Operating Systems are used on, for example, a dual-core processor, one of these two Operating Systems has to be set in the Supervisor or Hypervisor mode to have the privilege to access to programming of shared resources, the second one has to be set respectively in User or Supervisor mode. HYPERVISOR HYP_Remark1: we see that there is a relationship between the intended function and objectives with respect to safety and foreseeable conditions, as, at least for functional operation, the influence of external Airborne Software input authority is limited by such a hypervisor, while the latter is providing the deterministic behavior, performance characteristics and integrity necessary to the end-user Airborne Software. HYP_Remark2: if a Hypervisor is not required, the Airborne Software applications have to be clearly described to demonstrate the absence of conflicts (between Airborne Software in AMP or between threads or processes in SMP) or that conflicts are managed using, for example, Airborne Software DAL level for managing access priorities to shared resources OPERATING SYSTEM Real-time: A multitasking operating system that aims at executing real-time Airborne Software. Real-time operating systems often use specialized scheduling algorithms so that they can achieve a deterministic nature of behavior. The main objective of real-time operating systems is their quick and predictable response to events. They have an event-driven or time-sharing design that switches between tasks based on their priorities or external events while time-sharing operating systems switch tasks based on clock interrupts. Multi-user: A multi-user operating system allows multiple users to access a computer system at the same time. Note that Single-user operating systems have only one user but may allow multiple programs to run at the same time. Multi-tasking vs. single-tasking: A multi-tasking operating system allows more than one program to be running at a time; an ARINC653 Operating System is a Multi-tasking one. A single-tasking system has only one running program. Multi-tasking can be of two types: pre-emptive or co-operative. In pre-emptive multitasking, the operating system slices the CPU time and dedicates one slot to each of the programs. Distributed: A distributed operating system manages a group of independent cores and makes them appear to be a single processor.. Embedded: They are designed to operate on small machines like PDA’s with less autonomy. They are able to operate with a limited number of resources. They are very compact and extremely efficient by design. DEVICE DRIVER Pieces of software developed to mask the complexity of interactions with Hardware devices. EXT MEMORY INTERCONNECT Register Register Register Register

Problems to Solve Multi-core

Multi-Core: Introduction What’s a multicore processor? Multicore processor characterized by N (N ≥ 2) processing cores + a set of shared resources (Memories, PCIe, Ethernet, Cache, Registers, etc.) Two main types of processors The first one where interconnect between cores is based on an arbitrated bus The second one where interconnect between cores is based on a network Multicore management in certified embedded platform can be summarize to shared resources conflicts management for DAL_A, DAL_B or DAL_C constraints

Multi-Core: Introduction Access conflits Interconnect between cores If InterConnect = bus  Accesses arbitration is done at this level If InterConnect = network  Accesses arbitration depend of numbers of authorized parallel routes (Memories accesses, Bus accesses, Networks accesses, etc.) Conflicts Management Si InterConnect = BUS Si InterConnect = Réseau Conflicts Management Conflicts Management Conflicts Management Conflicts Management

Multi-Core: Introduction Determinism in embedded aircraft systems Abstract notion partially described in DO-297 Definition based on Execution Integrity WCET analysis Platform Usage Domain Robust Partitioning (not only for IMA system) Multicore COTS Processors Conflicts Management Spatial Management: how to manage accesses to be sure that one core can’t access to a space reserved for another core. Temporal Management: For Memory Accesses Operating System Architecture Choice regarding Industry needs (AMP or SMP) EXECUTION INTEGRITY Note: The behavior of the interconnect between cores, memory and shared resources has to be known by design, by experimental test or by other means and present as a proof to reach acceptance of this component. Note: in most multi-core architectures, from Dual Core like in the P2020 (from Freescale), up to an octo-cores like in the P4080 (from Freescale) or a quad-cores like in the ARM_CORTEX_A15, the interconnect is the key point where all the accesses are performed. A chapter is dedicated to Interconnect Management PLATFORM USAGE DOMAIN Note: In a low complex multi-core processor for example in a Dual-Core processor, this Usage Domain can be more easily demonstrated if Airborne Software can be known and managed to match with safety requirements. When the Airborne Software is unknown, the Airborne System usage Domain has to be defined as described above.

Regarding Certification Multi-core

Manufacturer Selection criteria Experience in Avionic domain Processor Selection Manufacturer Selection criteria Experience in Avionic domain Experience with the certification process Publication Life expectancy Long term support Design information on COTS processor Robustness tests like SEE (Single Event Effect) or SER Processor Architecture Focus Virtual Memory service MMU components Use of hierarchical memory to improve Software performances

Multi-Core Processor features Interconnect The first shared resource between cores. Interleaves concurrent transactions sent by the cores to the shared resources Architecture and impact on determinism Architecture and partitioning insurance Interconnect services to be managed Arbitration of incoming requests Arbitration rules Arbiter internal logic Network topology Allocation of the physical destination devices Allocation of a path to the destination. Support for atomic operations, Hardware locking mechanisms Snooping mechanisms for cache coherency Inter Processors Interruptions (IPI) for inter-core communications An interconnect is usually characterized by: A Protocol: The different stages of a transaction processing. Most interconnects protocols are divided in three phases: arbitration, transfer and termination. A Topology: The different point-to-point connections between nodes. The most classic topologies are: Busses: One connection links all masters to all slaves. A bus may be duplicated on a chip (we talk about multiple busses), thus allowing multiple parallel transfers. A bus may be pipelined, allowing several transactions to be transferred at the same time in different pipeline steps. In case of duplicated busses, the arbitration module will allocate one bus to one master when arbitrating his transaction. Crossbars: There is one point to point connection between each master and slave. Thus no routing is necessary. Usually, a local arbitration module is provided on each slave interface to interleave incoming accesses. Switch fabrics: This is the intermediate topology: point-to-point connections link internal bridges that are connected to the master and slave interfaces. The arbiter is in charge of routing the incoming transactions inside this network. This solution is a usual compromise between the number of point-to-point connections and the interconnect performances through parallel transaction service. An Arbitration policy: The rules that are applied to access sequentially an atomic resource that was requested by different masters at the same time. Usually, the arbitration policy is designed for good average performances and granting fair access grant to the requesters. One example is the Least Recently Granted arbitration policy that is implemented in Corelink™ (see ARM Cortex-A15 MPCore interconnect).

Multi-Core Processor features Shared cache Shared cache in Embedded Aircraft Systems requires a solution to the following problems: Shared cache content prediction. Cache content integrity. . Concurrent accesses impact. Cache organizations Fully associative N-way set associative cache Direct mapped cache Replacement policies Cache coherency mechanism Required in architecture that integrates several storage devices hosting same data. Coherency protocols: Invalidate protocols Update protocols Shared cache in Embedded Aircraft Systems requires a solution to the following problems: Shared cache content prediction. WCET calculability and robust partitioning requirements. Cache content integrity. SEU/MBU. Concurrent accesses impact. Restrictions on allowed concurrent accesses. Cache organizations Fully associative: Each memory row may be stored anywhere in the cache. N-way set associative cache: Each memory row may be stored in any way of some specific sets of cache lines. Direct mapped cache: Each memory row may be stored in a single cache line. Classic replacement policies are: Least Recently Used Pseudo Least Recently Used: Most Recently Used First In First Out Random Cache coherency mechanism Required in architecture that integrates several storage devices hosting one same data. Two families of coherency protocols: Invalidate protocols: Accessed cache line is marked as invalidated in all locations. Further accesses will miss and require a load to the main memory. Class of protocols easier to implement and offers better performances. Update protocols: Accessed cache line is updated. Update request is broadcasted to all nodes : the ones containing the cache line are automatically updated. Benefit: cache access will always hit without requesting the interconnect, thus traffic on the interconnect may be easier to control.

Multi-Core Processor features Shared services Providing Shared Services among the cores. Interrupts generation and routing to cores Core and processor clock configurations Timer configurations Watchdog configurations Power supply and reset Support for atomic operations cores Support execution of multiple software instances in parallel. Use of inter-core interrupts. Memory mapping defined in the Memory Management Unit.  Warning: A non-coherent configuration may weaken Robust Partitioning. cores Cores support the execution of multiple software instances in parallel. Interact mechanisms: Inter-core interrupts Shared memory Use of inter-core interrupts acceptable under some conditions As a protection mechanism (a core can interrupt another core if it detects a faulty execution inside it) When the destination core is actively waiting for being interrupted . Memory mapping defined in the Memory Management Unit. Multi-core platforms embed one MMU per core. T Memory mapping definition is distributed among the cores.  This raises the feature of coherency maintenance between all MMU. A non-coherent configuration may weaken Robust Partitioning.

Multi-Core Processor features Peripherals: main memory and I/O’s Sharing main memory  sharing physical storage resources and memory controllers. Space partitioning: Storage resource can be partitioned when necessary. Sharing accesses to the memory have to be well managed. Shared I/O features similar to shared services configuration: Access simultaneously read and/or write buffers. Classic rules of time and space partitioning can be applied Initiate specific protocols operations: uninterrupted access is required during the protocol execution to be able to fulfill correctly the concerned protocol. Concurrent accesses to shared I/O may occur simultaneously from different cores. Some I/O are accessed according to a protocol, others are accessed from a read and/or write buffer  Atomic access patterns have to be ensured. Several features dealing with shared peripherals have to be considered. We distinguish features concerning the main memory from those concerning I/O.   Sharing the main memory means sharing the physical storage resources and the memory controllers. The storage resource can be partitioned when necessary: disjoint memory areas can be allocated to each core (this is space partitioning). We do not consider this feature in this section. Sharing accesses to the memory controllers may in some cases increase the timing variability of a transaction with a factor higher than the number of accessing masters (see (Moscibroda & Mutlu, 2007) for an illustration: on a dual-core platform, a task is slow downed with a factor of 2.9 while the concurrent task is not). These side-effects are due to the internal structure of a DDR. It contains several banks, each bank having internal read/write buffers, internal scheduling optimized for contiguous read/write transactions. Incoming transactions have been interleaved in the interconnect. Thus, contiguous accesses sent by a core may not be contiguously serviced inside the memory controller. This phenomenon cannot be controlled by the software. Thus its worst case timing variability has to be determined and applied for each memory transaction. Sharing main memory  sharing physical storage resources and memory controllers. Storage resource can be partitioned when necessary: (space partitioning). Sharing accesses to the memory controllers may in some cases increase the timing variability of a transaction with a factor higher than the number of accessing masters. Shared I/O features similar to shared services configuration: Access simultaneously read and/or write buffers. Classic rules of time and space partitioning can apply: when it is not possible ensure that concurrent accesses will occur in disjoint time windows. Initiate specific protocols operations: uninterrupted access is required during the protocol execution to be able to fulfill correctly the concerned protocol. Like shared services, concurrent accesses to shared I/O may occur simultaneously from different cores. Some I/O are accessed according to a protocol, others are accessed from a read and/or write buffer  Atomic access patterns have to be ensured.

Software Aspects Multi-core

Partitioned system features Components evolution to take benefit of multi-core platforms The most “flexible” component is the integration software layer. Possible designs: A single OS instance shared among all the cores A private OS instance per core A virtualization layer hosting several operating systems in dedicated virtual machines. Partition Deployment One partition is activated on all cores and has an exclusive access to platform resources Symmetrical Multi-processing (SMP). Each partition are activated on one core with true parallelism between partitions  Asymmetrical Multi-processing (AMP).

Operating System global view APP4 T1 T2 T3 From Single Core to Multi-Core in AMP (Asymmetric multi-processing) APP1 T1 T2 T3 T4 APP2 T1 T2 T3 APP3 T1 T2 T3 T4 T5 Space & Time Partitionning Space & Time Partitionning Space & Time Partitionning APP5 T1 T2 T3 Operating System Operating System Operating System CORE CORE CORE Solve Conflict T4 T5 BRIDGE INTERCONNECT APP5 T1 T2 T3 T4 Memory Controller I/O Controller BUS / Network Interface Memory Controller I/O Controller BUS / Network Interface Memory Controller Example of two cores processor and two memory controllers. For more than two cores (or less than two Memory Controller) conflicts to the Memory Controller have to be managed

Operating System global view Space & Time Partitionning From Single Core to Multi-Core in SMP (Symmetric multi-processing) APP1 T1 T2 T3 T4 APP2 T1 T2 T3 APP3 T1 T2 T3 T4 T5 APP1 T1 Space & Time Partitionning T2 T3 T4 Operating System Operating System CORE CORE CORE Solve Conflict BRIDGE INTERCONNECT Memory Controller I/O Controller BUS / Network Interface Memory Controller I/O Controller BUS / Network Interface Memory Controller Example of two cores processor and two memory controllers. For more than two cores (or less than two Memory Controller) conflicts to the Memory Controller have to be managed

Current mono-core concept APP1 T1 T2 T3 T4 APP2 T1 T2 T3 APP3 T1 T2 T3 T4 T5 Space & Time Partitionning Operating System CORE BRIDGE Memory Controller I/O Controller BUS / Network Interface Thread / Process T5 T1 T2 T4 T3 T1 T2 T4 T3 T4 Appli. 1 T Core OS T1 T3 T2 T3 Appli. 2 T T2 Appli. 3 T T1 T1 idle time Partition 1 Partition 2 Partition 3 Partition 4

Space & Time Partitionning Space & Time Partitionning AMP APP4 APP5 APP5 APP1 APP2 APP3 T1 T1 T1 T1 T1 T2 T2 T1 T2 T2 T2 T3 T2 T3 T3 T4 T3 T4 T3 T3 T4 T5 Operating System Operating System CORE CORE INTERCONNECT Memory Controller I/O Controller BUS / Network Interface Memory Controller T5 T4 Thread / Process Core 1 T4 OS 2 T3 T3 T3 T3 Appli. 1 T T2 T2 T2 T2 T2 Appli.2 T T1 T1 T1 T1 T1 T1 Appli 3 T Partition 1.1 Partition 2.2 Partition 2.3 Partition 2.4 Appli 4 T T4 Appli 5 T Core 2 OS 1 T3 T3 T3 T3 T3 T3 Appli 6 T T2 T2 T2 T2 Appli 7 T T1 T1 T1 T1 T1 T1 T1 idle time Partition 1.1 Partition 1.2 Partition 1.3 Partition 1.4

Space & Time Partitionning SMP APP1 APP2 APP3 T2 T3 T3 T1 T1 T2 T4 In SMP mode, Processes, Threads or Tasks should be allocated to cores statically to achieve determinism T2 T1 T4 T3 T5 Operating System CORE CORE INTERCONNECT Memory Controller I/O Controller BUS / Network Interface Memory Controller T2 T4 Core 2 Thread / Process T2 T2 T2 OS Appli. 1 T T5 Appli. 2 T T4 T4 Appli. 3 T Core 1 T1 T3 T3 T3 idle T1 T3 T1 T1 T1 T1 time Partition 1 Partition 2 Partition 3 Partition 4

Failure Mitigation Means & COTS Relative Features Multi-core

Multi-Core: Failure Mitigation FMEA and/or FFPA for a single or a multi-core processor is not achievable at processor level Mitigation has to be provided, by the equipment provider, at board level where this processor is used Software Error Rate  SEE (Single Event Effect) Measurements on SER are usually performed by the manufacturers on their own Deep Sub Micronics DSM has impact of long term reliability

conclusion

Complexity of Multi-Core Processors Conclusions Complexity of Multi-Core Processors Has increased over the past few years, Level of demonstration for design assurance remains at least the same as or better than for COTS without such increment in complexity. A COTS component remains a COTS component Features proprietary data from the COTS manufacturer Approaches: Access to additional data under agreements with the COTS manufacturer And/or mitigation of potential COTS faults or errors at board or equipment level,  

Conclusions MULCORS put emphasis on specific Multi-Core features linked to Shared Resource Accesses like Memory, Bus, Network, Internal Registers, Clock Management, etc. Features that are the main differences between single-core and multi-core devices that have to be managed Airborne Software Level Airborne Software behavior Airborne Software applications allocation to cores can demonstrate the non-interaction between cores. Interconnect behavior Shall be well known and well managed Hypervisor level Hypervisor can be used to constraint the behavior of the interconnect. Constraints reduce performances but offer determinism