Software Safety Monitor for COTS Graphics Processors 

CoreAVI’s TrueCore™ graphics processor (GPU) safety monitor is designed to monitor the health and integrity of a GPU in order to prevent the display of hazardously misleading information in safety critical systems. TrueCore facilitates Federal Aviation Administration (FAA) and European Aviation Safety Agency (EASA) Design Assurance Level (DAL) A certification of systems using commercial off-the-shelf (COTS) graphics processors and addresses the concerns in Certification Authority Software Team (CAST) Position Paper 29 - Use of COTS Graphical Processors (GCP) in Airborne Display Systems. The software monitoring architecture supports multi-core and hypervisor platforms ensuring the integrity of a graphics processor, display controller and the graphics driver across multiple and independent partitions and guest operating systems. 

While TrueCore tests the hardware fixed function graphics pipeline functionality, it may not be testing all hardware used in the application’s rendering due to dynamic allocation of GPU resources that is beyond external control of the GPU. That is, GPUs have functions that control the allocation of internal resources which cannot be configured or easily manipulated.

Plug-in Modules to Certify Mixed Levels of Safety Critical Partitions

As part of the TrueCore product suite, CoreAVI offers additional GPU and driver monitoring modules to detect and prevent any erroneous rendering or overutilization of the GPU by one partition that could negatively impact the rendering of other partitions. The product facilitates the design assurance level A certification of platforms with multiple software applications having different levels of safety certification running on the same hardware platform. 

FAA Review

CoreAVI completed a product design meeting on TrueCore with the FAA where it was concluded that TrueCore addresses the certification concerns associated with use of complex COTS Graphics Processors in systems requiring Level A compliance.  

Features & Benefits 

  • Eliminates the need for expensive external FPGA based monitor, reducing development time, and system complexity
  • Allows application to have full control over GPU test execution and design flexibility for response to any GPU fault (reboot, pilot notification, fault log report, etc.)
  •  Allows continuous real-time health monitoring of a COTS GPU
  •  Facilitates low GPU and CPU utilization impact
  •  Supports multicore and CoreAVI’s HyperCore™ (hypervisor GPU manager) virtualized system configurations
  •  Supports RTOS, including Wind River VxWorks, SYSGO PikeOS, Green Hills Integrity, DDCI-Deos, Lynx Software LynxOS, Linux and configurable for proprietary RTOS
  •  Operates in conjunction with ArgusCore SC™ (CoreAVI’s OpenGL driver suite)
  •  Available with CertCore178™ (DO-178C / ED12-C Avionics) Level A safety certification packages
  •  Available with CertCore26262™ (ISO 26262 ASIL D Automotive) safety certification packages