A Tool for Satisfying Real-Time Requirements of Software Executing on ARINC 653 with Undocumented Multicore

ARINC 653 aims to simplify integration of independently developed (avionics) application software executing on a shared computer platform. A key idea is that the application software is organized as a set of partitions, potentially with different criticality levels, and the underlying operating system attempts to achieve certain isolation properties between the partitions. When using ARINC 653 on multicore, the existence of undocumented hardware is a challenge because it influences timing of software but we do not know exactly how the hardware works. A recent method [8] has addressed this. The main idea is to (i) describe the software system as a set of processes and describe each process with parameters, (ii) introduce an abstraction that describes the execution speed of a process as a function of co-runner processes on other processor cores, (iii) empirically find the numeric values of this abstraction, and (iv) use a formal verification technique (called schedulability test) that takes as input the description of processes and outputs a statement on whether all timing requirements will be satisfied at run-time for all cases assumed to be possible. Unfortunately, no software tool that implements this schedulability test was available. Therefore, in this paper, we present such a tool. As part of developing this tool, one challenge we faced (and addressed) is that the schedulability test was formulated as a condition but to make this useful, we need to have an algorithm that can evaluate this condition (to true or false) and this turns out to be non-trivial. We also apply this tool on randomly-generated software models; this shows that our tool runs reasonable fast when analyzing systems with 12 tasks and 8 processor cores.