Everyone, good morning, good afternoon, or good evening, whatever time it is where you are. Allow me to introduce myself. My name is Charles Anthony Raj. I currently serve as a senior manager for systems and software engineering at Collins Aerospace and RTX Company. In my current role within the Electric Systems Business Unit, I lead engineering efforts focused on advancing cutting edge aerospace technologies. With about two decades of experience in the aerospace industry, I've had the opportunity to work across a wide range of aircraft subsystems, contributing to several major platforms throughout my career. Today I will be talking to you all about DL 1 78 C in Multicore avionics. Certification paths for electric aircraft, the multi-core revolution in aviation. The aviation industry is entering the multi-core revolution after having lived on the single core processes for a very long time, and it is driven by demand for higher performance, efficiency, and autonomy. Multi core processors are transforming how next generation and electric aircrafts are designed and certified. Just look at the adoption rate. Multi-core processors are now widely deployed in multiple modern platforms. From electric propulsion systems to advanced avionics. They enable greater computing power and system integration essential for the next wave of intelligent aircraft. It does come with the baggage. Certification delays many programs, first face certification delays. Due to the complexity of multi-core timing and interference analysis, these challenges highlight the need for early planning and robust verification strategies. Teams are using proven partitioning, measurement based timing analysis, and early certification engagement. To see significant time savings. These best practices shorten compliance cycles and help bring advanced aircraft to the market much faster. The multi-core revolution is here. Success depends on pairing innovation with disciplined proven certification methods, why multi-core for air electric aircraft demand faster, smarter, and more efficient computing. Multi-core processors provide the foundation for this generation of flight systems. There are these three major advantages, performance, integration, and efficiency. Multi-core processors deliver enhanced computational power needed for complex robotic control and autonomous operations. It enables an advanced flight management sensor fusion and onboard AI to operate in real time. Multicore processor architecture allows multiple avionics functions to run on fewer hardware platforms, which is a great boon. This reduces weight wiring and system complexity, all absolutely critical for electric aircraft efficiency. Multicore architectures enable optimized power consumption. Maximize maximizing energy available for propulsion. This balance of performance and efficiency is essential in electric aircraft. In short, multi-core computing powers the Electric Aviation Revolution, delivering performance, integration and energy efficiency for the aircraft of the future. The certification challenge. Address the elephant in the room. Multi-core architectures are transforming avionics, but they also fundamentally change how we certify safety critical software under DO 1 7 8 C. Especially for design assurance levels A through C, the challenge lies in maintaining predictability and determinism across multiple processing cores. Multiple core share cashes. Memory buses and IO channels. This competition introduces unpredictable timing behavior, which complicates safety validation. Cross core interference can disrupt deterministic execution, must for flight critical control functions. Ensuring isolation and predictable scheduling becomes a key design focus. Then we gotta talk about wicked validation. Wicked AKA. Worst case execution time grows exponentially harder to verify. In a multi-core system, traditional single core analysis no longer applies, which means we need or require new tools and measurement based approaches. The certification challenge isn't just technical, it's procedural. Success means combining innovative analysis methods with early continuous collaboration with certification authorities. Let's talk about the frameworks to certify multi-core avionic software. We rely on two key frameworks, do 1 7, 8 C that we all know of and so used to, and C 32 a. Together, they define the foundation and the specialized guidance needed for modern multi-core systems. What is D 1 7 8 C? That's the foundation D one seven eight C software consideration in airborne systems and equipment certification that set the baseline for air airborne software safety. It defines desu design assurance levels A to E, guiding the rigor of development and verification. It also establishes expectations for verification and validation, configuration management and quality assurance, ensuring traceability and integrity throughout the cycle. CAS 32. A guidance issued by the certification authorities focuses on multi-course specific challenges. It addresses interference, mitigation, timing analysis, and resource usage validation. It also outlines documentation expectations to demonstrate control and predictability in multi-core environments. In short, D 1 7 8 C provides the what? The foundation for certification and C 32 A provides The how for multi-core compliance. Applying both ensures safe, certifiable, and high performance multi-core avionic systems. So the C 32 A, which is the position paper, defines the objectives and mitigation expectations for multi-core processors. And then e aa, which is the European jurisdiction, they issued something called the A MC 20 dash 1 93, which is acceptable means of compliance for multi-core. It supersedes the C 30 A for applicants in the ESR jurisdiction. FAA also. Sent out an advisory circular AC 20 dash 1 93 back in 2024, which is fas acceptable means of compliance, which aligns with the AMC 20 dash 1 21 93 though. All right, certification objective summary. Let's talk more about these early multicore processing, pro multicore processor planning and hardware characterization is very important. Resource usage, budgeting and partitioning, demonstrating wicked bounds under interference, error detection, handling for MCP specific falls and producing an MA multi-core processor accomplishment Summary for this CER authority. In safety, critical avionics partitioning is essential to protect critical robotic control processes from lower criticality functions. The goal prevent failures from crossing, design assurance levels, boundaries, and maintain predictable system behavior. Spatial partitioning. This assigns dedicated memory regions to each functions prevents unauthorized access or data corruption between partitions, which are crucial. Then comes temporal partitioning. This uses time sliced execution to ensure every critical task gets guaranteed. CPU access. This maintains deterministic performance even under high load. And then comes resource allocation. Careful core and cash allocation reduces interference between partitions, optimizes performance while maintaining isolation. Then comes the validation, testing, robustness and stress testing. Verify that partitions remain secure and stable under all conditions. Confirms the integrity of safety boundaries before certification. Effective partitioning, underpins both safety and reliability. It's the foundation for certifiable, multi-core robotic avionic systems. Let's talk about interference channels. Multi-core architectures introduce interference channels that can impact timing and pre predictability of safety critical systems. Understanding these channels is essential for certification and robust systems design. Then comes cash interference. Shared L two or L three caches can EV affect data unexpectedly affecting execution. Timing of critical task, multiple core accessing memories simultaneously can create weight states delaying execution. Peripheral access, right? Shared IO controllers and DMA channels may slow down critical operations, if not managed carefully. So core to core. Communications across the interconnect fabric adds unpredictable latency to distributed functions, mitigating these interference channels through partitioning the right scheduling, and the measurement based analysis is key to ensuring deterministic behavior in multi-core avionics. We also need the right set of tools, the right operating system and vendor support. Successful multi-core avionics development relies on a combination of all of those RTAs, okay? A real-time operating system with multi-core partitioning. Example, like the integrity 1 78 UMP proven in early multi-core certification programs provides strong spatial and temporal partitioning. Essential for safety critical applications, timing analysis, and measurement suites like tools like rapida, LDRA, vendor Tool chains and vendor specific profilers help analyze execution time, and verify worst case execution times test harnesses. Similar to TTC N'S support structured repeatable test campaigns. Hardware assisted tracing and monitoring is a must have ETM or PTM based tracing platform configuration managements and QOS monitors enable deep visibility into multi-cloud behavior. These tools help detect interference, validate timing, and ensure predictable operation combining partition artis. Measurement tools and hardware tracing ensures multi-core avionics can really meet both performance and certification requirements. Let's talk about the certification strategy for electric aircraft phase one, right? Electric aircraft programs or adopting proven certification method. To safely deploy multicore while staying compliant? The phase one part of it is defining partitioning strategies to isolate critical functions. Selecting a certified OSH with multicore support to ensure a strong foundation for creative critical software. Phase two, you get into the analysis part, perform performing interference analysis to understand shared resource effects. Start interference characterization. In parallel with software development ed work streams basically automate instrumentation and regression under stress harnesses. Establish timing budgets following cast 32 a. Guidance phase three is our integration phase. Use measurement based validation to verify worst case execution times ensure comprehensive test coverage across platform and test scenarios. Test stress scenarios. Phase four is certification compiler, evidence packages, demonstrating compile compliance. This is no different to what we do on the D 1 7 8 C route that we are doing on all the other avionics platforms these days com. Having the right amount of evidence packaged together is very important. In some cases use using vendor provided certification. PA packages again, when available can help shorten evidence gathering or generation engaging certification authorities early and continuously will help streamline the approval. One. Following these four phases accelerates multiple multi-core adoption. While ensuring safety, predictability, and regulatory compliance, robotic control system integration. There's the critical considerations here. Robotic control systems rely on precise timing and deterministic execution. Every control loop must behave predictably, especially in safety critical domains like drones or autonomous vehicles. On modern multicore platforms, maintaining those realtime guarantees becomes both essential and challenging. Sensor data from imus cameras and lighter must be processed in real time. Assigning sensor fusion to dedicated course prevent timing jitter cost by other processes. This ensures consistent data availability for control loops. Flight control laws with guaranteed response times core flight control algorithms demand fixed low latency response. Realtime scheduling and task prioritization are vital to ensure control commands are computed and applied within strict deadlines. Even microsecond delays can affect stability. Autonomous decision making with temporal isolation. High level autonomy, like path planning, obstacle avoidance, things like that should not interfere with low level control loops. Temporal and spatial isolation ensures that computationally have we AI tasks don't delay a time. Critical control. Threats fail. Safe monitoring without interference. Safety monitors and watch docs must continuously check system health, but without introducing any extra latency, use separate cores or realtime partitions to guarantee independence and quick recovery in fault condition. In short, successful integration of robotic control systems and multiple multi-core platforms depends on real time determinism, isolation and fault decision. Balancing performance and predictability is the key to achieving reliable, safe robotics behavior. We gotta talk about documentation and evidence For multi-core safety certification, authorities require clear defensible evidence. That multi-core systems meet safety and determinism requirements. No different to the other ones that we've needed all along, even with a single core system. But this just means more. The goal is to show not just performance, but predictable behavior under all operating condition becomes a major point. We gotta talk about interference analysis. Start with the comprehensive interference assessment. Assessment. Across shared resources, cash, memory, buses, memory buses, and io. Identify all potential interference channels and describe mitigation strategies such as partitioning or bandwidth control. This forms the foundation for demonstrating multi-course safety. Timing reports provide wicked validation with confidence levels and margins. The reports should show consistent timing under load and justify that real-time deadlines remain intact even during contention in and test results include robustness and stress testing resulting results to prove that partitioning mechanisms are effecti. Show that once one course heavy workload does not degrade another's timing or safety performance, these results are key to demonstrating practical isolation. Finally, the compliance matrix and certification artifacts present a compliance matrix mapping each cast 32, a objective to corresponding verification evidence. Include tool qualification data for any automated tools used in analysis of testing. Summarize all evidence in the multi-core certification plan. Accomplishment summary, ensuring full traceability to DO 1 78 C. Objectives, strong documentation and traceability are vital as the technical design itself. A well structured evidence package gives certification authorities confidence in the system's safety, determinism and compliance. Let's talk about some of the common pitfalls and how to avoid them. Let working with multi-core avionics, certain assumptions can lead to costly setbacks. Let's highlight a few common pitfalls and how I provide them. Single core versus multi-core OTs. Don't ever again, don't ever assume single core wickeds or worst case execution Time applies to multi-core systems. Shared resources. Cost interferences, meaning multi-core timing can be very different. Second one is late platform selection. Choosing your hardware platform too late can cause major rework. Early platform decisions enable realistic testing and timing validation sooner. Thirdly, incomplete interference testing. Insufficient stress testing, leaves hidden timing conflicts, uses stress metrics that covers all combinations of shared resources, and ensure that you have enough. So what is the solution? Introduce hardware in the loop testing as early as possible. Use interference generators to expose timing issues, leverage tools, support or trace analysis for deeper visibility into system behavior. By addressing these pitfalls, early teams can reduce rework, improve predictability, and accelerate certification readiness. I just wanted to show you guys a case study here, the P 3000 Multi-Core Certification success Story. The P 3000 from CMC electronics represents a major milestone in avionics. It's one of the very first platforms to achieve civil multi-core certification to D 1 78 C dll level A. This certification demonstrate that multi-core processors can certainly meet the highest level of safety assurance in civil aviation. The key points here are, the P 3000 integrates the integrity one 70 A-T-U-M-P realtime operating system from Greenhill software. That the R task provides temporal and spatial partitioning, ensuring predictable deterministic performance across multiple core. The project provided real certification evidence addressing CAST 32 a. Objectives such as interference analysis, timing validation, and core isolation. It demonstrated that D 1 7 8 C DA a compliance is achievable on multi-core hardware and supported by rigorous design verification and documentation. So this P 3000 certification sets a practical precedence for future multi-core avionics programs. It proves that with the right architecture, verification strategy, safety, critical multi-core systems can certainly achieve full certification without compromising performance of predictability. So what's the path forward? Multicore Avionics are the foundation of next generation robotics driven aerospace system. They deliver the processing power needed for autonomy, AI if need be, and complex mission functions, balancing innovation and safety, right? Innovation must be matched with rigorous safety and certification discipline, which is a must for. Aircraft systems, we must integrate new technologies without ever compromising reliability or compliance. Use trusted partitioning methods to isolate critical functions. This ensures false or contained and safety critical task remain protected with them. Apply measurement based timing analysis to validate a real time performance paired with comprehensive test coverage to ensure predictable behavior and under all conditions. The most important part, early and continuous engagement with certification Authorities involve certification bodies early in the development phase. Maintain an open continuous dialogue through streamline approval and reduce rework the path forward. Combines innovation, safety, and collaboration by following these three principles. We can confidently advance toward an intelligent autonomous aerospace future. I would like to leave you all with an example certification plan. Basically, it's a recap of everything that we've talked about so far. The first phase is the selection of the right platform, the R task, making sure that you have the multi-core risk assessment completed. Platform characterization and interference map. Partitioning and resource budgets are defined, which includes time, memory, and io. First case execution time analysis, under interference testing, integration test metrics, error handling verifications, and finally, the multi-core processor accomplishment, summary and submission. If you have any questions or would like to discuss anything on this topic, please. Feel free to reach out to me. Thank you all.