Second TCRTS Workshop on Certifiable Multicore Avionics and Automotive Systems (CMAAS)



21 April 2017

Starting at 8.45 am


Pittsburgh, PA, USA

Room #315, part of CPSWeek'17


Multicore computer platforms pose new challenges for hard real-time systems, because of the complex temporal coupling between processing cores' shared last level cache, shared memory, I/O bandwidth and interconnections. Much of the real time scheduling for single core chips has centered on the CPU, because it has been the bottleneck resource. The emergence of multicore architectures has moved bottleneck resource away from CPU and towards the now globally shared memory, last level cache, and communication infrastructure.

Temporal coupling among concurrently running applications on different cores makes certification of safety-critical systems particularly challenging. Such problem particularly impacts the avionics and automotive industries, and has been largely recognized by the academic community. In the avionics domain, the Certification Authorities Software Team (CAST), an international group of avionics certification and regulatory representatives from North and South America, Europe, and Asia has formally expressed its concern toward the adoption of multi-core solutions for avionics system. In May 2014, CAST released Position Paper 32 on Multi-Core Processors (MCP, see CAST-32) to discuss topics related to safety of avionics software on multicore systems. Among other issues, the position paper identifies MCP Interference Channels, such as shared memory, cache and interconnect features, as possible sources of safety violations. While the position paper does not constitute binding policy on certification, it nevertheless strongly suggests that all such sources of interference must be:

  • identified;
  • analyzed;
  • certifiably mitigated.

Recently, CAST released an update to the CAST-32 document, namely CAST-32A. The new document introduces important guidelines about how to extend temporal partitioning as in DO-248C / ED-94C and DO-297 / ED-124 standards to multicore platforms. The new certification guidance specifies that robust resource and time partitioning can be used to demonstrate compliance to the Applicable Software Guidance (e.g., DO-178).

In the automotive domain, the International Organization for Standardization has published the ISO-26262 standard for functional safety. ASIL decomposition can be performed by partitioning OS applications to different areas of the same multi-core ECU. The requirement is that logically independent partitions run without causing any mutual interference - freedom from interference. Although the requirements are well understood, there is a lack of consensus on the technology for next-generation automotive systems using multicore ECUs.

Inspired by the CAST-32, CAST-32A position papers and by the safety principles of the ISO-26262 standard, the goal of the workshop is to bring together the Real-Time Systems (RTS) community, industry, and regulatory agencies to address the challenges in the certification of multicore avionics and automotive systems. In particular, we will seek contributions from the community on how to analyze and mitigate the effects of interference channels in Commercial-Off-The-Shelf (COTS) multicore processors. Major goals involve:

  • identify the set of timing-related challenges to be addressed;
  • determine which solutions are available for such challenges, and whether the community agrees on a set of such solutions;
  • determine which challenges remain as open problems and
  • identify evidence based validation and certification procedures.

The previous edition of this workshop (CMAS'15) has led to a position paper that summarizes the fundamental principles and guidelines for the certification of multicore avionics. The paper, formally known as "Position Paper On Minimal Multicore Avionics Certification Guidance" has been officially endorsed by a number of research institutions and industries around the globe. The latest draft is available here.


Open call - 1-page abstracts: We invite interested speakers to submit a 1-page abstract describing their proposed work and the technical results they want to present as Workshop speaker. Each 1-page abstract should be sent to both the following email addresses: and Submissions will be reviewed by the steering committee.

Alongside, we will have some invited speakers from industry and academia to present their viewpoints and proposed solutions for the adoption of multicore systems for safety-critical applications.

The workshop will be full-day and comprise two parts. In the first part, each speaker will be given a slot to present his or her positions and existing results. In the second part, we will host a panel/round table with all members of the technical committee (moderated by the chair). The goal of the round table is to reach an agreement on challenges, solutions and open problems, as discussed in the introduction.

Important Dates

Abstract Submission Deadline

Feb 10, 2017

Authors Notification

Feb 24, 2017


The Workshop will follow the program below:

Room #315
8.45 am
Opening Remarks
  • speaker5


  • speaker5


  • (University of Illinois
    at Urbana-Champaign)

Room #315
9:00 am

Multicore Devices in Safety Applications – Normative Aspects

  • speaker5



Room #315
9.30 am
Talk 1

Revisiting Resource Patitioning for Multi-core Chips: commercial RTOS which supports isolation of entire memory system

  • speaker5


  • (ETRI Korea)

10.00 am
Room #315
10.30 am
Talk 2

MC2 Challenges for Mission Management of Unmanned Systems

  • speaker5


  • (Northrop Grumman Aerospace Systems)

Room #315
11.00 am
Talk 3

Communication Centric Design for Composability & Data Consistency in Automotive Embedded Systems

  • speaker5


  • (Robert Bosch GmbH)

Room #315
11.30 am
Talk 4

Multicore Migration Study in Automotive Powertrain Domain

  • speaker5


  • (Hitachi, Ltd., Research & Development Group)

12.00 pm
Room #315
1.30 pm
Talk 5

Multicore Processing in the Avionics Industry

  • speaker5


  • (Rockwell Collins - Advanced Technology Center)

Room #315
1.55 pm
Talk 6

The Single-Core Equivalent (SCE) technology package

  • speaker5


  • (University of Illinois at Urbana-Champaign)

Room #315
2.20 pm
Talk 7

Cache Partitioning on Contemporary COTS Multicore Processors

  • speaker5


  • (University of Kansas)

Room #315
2.45 pm
Talk 8

The One-Out-Of-m Multicore Problem

  • speaker5

    James H.

  • (University of North Carolina at Chapel Hill)

3.10 pm
Room #315
3.40 pm
Talk 9

Coordinating Mechanisms for more Predictable Memory Accesses

  • speaker5

    Bjorn Andersson
    and Dionisio de Niz

  • (Carnegie Mellon
    Software Engineering Institute)

Room #315
4.10 pm
Talk 10

AutoV: An Automotive Testbed for Real-Time Virtualization

  • speaker5

    Meng Xu
    and Insup Lee

  • (University of Pennsylvania)

Room #315
4:40 pm

Open discussion on best practices and open challenges for robust partitioning in multicore

5:20 pm

Program Chairs

Workshop Organizers

Steering Committee

List of steering committee members


Full List of Speakers




The location of CMAAS'17

Main Conference Venue