Satisfying Real-Time Requirements of Multicore Software on ARINC 653: The Issue of Undocumented Hardware

ARINC 653 aims to simplify integration of independently developed (avionics) application software executing on a shared computer platform. A key idea is that the application software is organized as a set of partitions, potentially with different criticality levels, and the underlying operating system attempts to achieve certain isolation properties between the partitions. Unfortunately, when using ARINC 653 on multicore, the existence of undocumented hardware resources makes satisfying real-time requirements challenging. We adapt a previously proposed technique (not for ARINC 653 but for undocumented hardware) so that it works for ARINC 653. The main idea of our solution is to (i) describe the software system as a set of processes and describe each process with parameters, (ii) introduce an abstraction that describes the execution speed of a process as a function of co-runner processes on other processor cores, (iii) empirically find the numeric values of this abstraction, and (iv) use a formal verification technique (called schedulability test) that takes as input the description of processes and outputs a statement on whether all timing requirements will be satisfied at run-time for all scenarios assumed to be possible.