Avionics systems require high integrity processing. State of the art avionics systems are designed to provide high integrity processing that is transparent to software applications. Current methodologies for achieving a high integrity, transparent processing platform require two discrete host processors executing the same software simultaneously in a lockstep fashion. The executing software is not aware of the integrity architecture implemented by the hardware. The transactions generated by the software are exposed by the processors and are validated by external comparison logic.
Future devices will be based on performance driven multi-core system-on-a-chip (SoC) architecture that does not directly support transparent lockstep execution. Such devices do not expose the low level busses needed to design a fully transparent high integrity processing architecture using the hardware lockstep approach. The synchronization of asynchronous hardware events within and between multi-core SoCs (such as internal clock domain crossings, divergent branch predictions, multi-core interference channel latency jitter, out-of-order execution, or unexpected machine state interrupts) presents a challenge for integrity architectures.
Additional complexities arise in a multi-core SoC environment when trying to synchronize the scheduling of multiple threads executing across local or remote processing cores with sufficient determinism to show that output comparison monitoring provides integrity coverage without generating a high rate of false comparison errors.
Consequently, it would be advantageous if an apparatus existed that is suitable for implementing transparent high-integrity processing in a multi-core SoC environment.