From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: a07f3367d7,7c1ca6be7961c074 X-Google-Attributes: gida07f3367d7,public,usenet X-Google-NewGroupId: yes X-Google-Language: ENGLISH,ASCII Path: g2news2.google.com!postnews.google.com!h18g2000yqj.googlegroups.com!not-for-mail From: MRE Newsgroups: comp.lang.ada Subject: Re: OT?: AF 447 and avionics software Date: Tue, 9 Jun 2009 23:12:59 -0700 (PDT) Organization: http://groups.google.com Message-ID: <2a9ac0ad-b865-4705-aa6c-83137ba130c9@h18g2000yqj.googlegroups.com> References: <78pifuF1k9uvuU1@mid.individual.net> <9ab9c181-bad4-4859-97f6-5ee70acf0ad9@c36g2000yqn.googlegroups.com> <4a2ecedd$0$2858$ba620e4c@news.skynet.be> <2b2fc088-d343-4ac6-b5b2-1474a0c43def@o30g2000vbc.googlegroups.com> NNTP-Posting-Host: 84.182.214.91 Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: posting.google.com 1244614379 30909 127.0.0.1 (10 Jun 2009 06:12:59 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Wed, 10 Jun 2009 06:12:59 +0000 (UTC) Complaints-To: groups-abuse@google.com Injection-Info: h18g2000yqj.googlegroups.com; posting-host=84.182.214.91; posting-account=9oKlagoAAAArpDKc-z70x-nwdNs7Rw_P User-Agent: G2/1.0 X-HTTP-UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; de; rv:1.9.0.10) Gecko/2009042315 Firefox/3.0.10,gzip(gfe),gzip(gfe) Xref: g2news2.google.com comp.lang.ada:6403 Date: 2009-06-09T23:12:59-07:00 List-Id: On 10 Jun., 00:14, Martin wrote: > On Jun 9, 10:06=A0pm, Olivier Scalbert > wrote: > > > > > Ludovic Brenta wrote: > > > dedicated hardware. Consolidating multiple systems on a single > > > hardware CPU (aka Integrated Modular Avionics) is the trend nowadays; > > > it requires partitioning the CPU into multiple virtual machines > > > running software certified for different criticality levels. > > > > [1]http://www.cs.kuleuven.ac.be/~dirk/ada-belgium/events/07/070612-ab= ga-... > > > > -- > > > Ludovic Brenta. > > > Hi Ludovic, > > > Consolidating multiple systems on a single CPU, is not it too dangerous > > (single point of failure) ? > > > Olivier > > From the s/w side, the different systems would be separated into their > own VM, so any one of the s/w apps going down would not affect any > other system. You get this sort of separation in a lot of embedded OS > these days, e.g. Green Hills Integrity. > > From the h/w side, the risk of the single CPU going down would have to > be considered and mitigated in the system safety hazard analysis. - it > depends on your risk requirements. > > Cheers > -- Martin It is being considered. The (original) ideal of IMA being that one faulty system will be switched off and some other CPU will take the task (the "M" in IMA representing "Modular"). Cheers, Marc