Reducing certification costs of safety critical multi-processor architectures has become a key concern for many designers. One of the challenges unique to a multi-processor architecture is how to share data between the processors, especially when processors have different Safety Integrity Level (SIL) designs. The mixed criticality requires guarantees that the shared data used in higher SIL Safety Functions is correct, timely and can be trusted. However, the design must also be flexible, allowing for modifications and upgrades throughout the product’s life time.
Design of multi-processor communication systems can be time consuming and costly. It is not always possible to obtain accurate data relating to the characteristics of the physical communication layer, in many cases a black channel approach is required. Procuring safety certified communication stacks and middleware can be expensive.
Maintaining the system safety certification during modifications and upgrades can also be costly, especially where the shared communication channels form part of the safety case. The risk being that where communication channels are shared between processors of differing SIL’s, a relatively simple upgrade to a non-safety critical processor would require the complete system to be recertified.
Designing a high integrity yet flexible multi-processor communication system is complex, resource intensive and, if you don’t get it right, can significantly increase your cost of ownership over the product’s life time.