An update from the Khronos Vulkan SC Working Group on Offline Pipelines, MISRA C alignment and rigorous conformance testing

The upcoming release of the Vulkan® SC™ 1.0 specification by Khronos will mark an important milestone in developing an open API standard that leverages the performance of modern GPUs to satisfy the graphics and compute needs of future safety critical systems. As the Vulkan SC Working Group continues to make significant progress, we take this opportunity to share some of the challenges that have been overcome on our journey to define a state-of-the-art API specifically designed to benefit the automotive and avionics industries.

Work started on the design of Vulkan SC in February of 2019, and the last two and a half years have seen significant advances in adapting the Vulkan 1.2 API for safety critical markets. These include the development of Offline Pipelines for static dataflows, aligning the Vulkan SC header files with MISRA C, and the creation of a rigorous conformance test suite to assist system integrators using Vulkan SC to meet or exceed industry safety standards.

Adding More Control to CPU and GPU Dataflows

Run-time determinism is a key requirement for safety critical software development. The design of Vulkan SC, following in the footsteps of OpenGL® SC 2.0, increases determinism in many ways, and one of the most significant is eliminating the deterministic uncertainty of online compilation through the use of Offline Pipelines. Applications use Offline Pipelines to statically define the dataflow from an application to the GPU, and also the dataflow between execution units within the GPU itself. As Vulkan SC is based on Vulkan 1.2 it already has low overhead and a high degree of control over resource management with explicit synchronization. The combination of Vulkan’s inherent explicit design and Offline Pipelines gives safety critical application developers detailed control of GPU acceleration in a way that can be rigorously specified and tested to meet safety certification standards such as ISO 26262 and DO-178C.

MISRA C Alignment

The MISRA C software development guidelines identify an appropriate subset of the C language for use in safety critical applications. Evaluating Vulkan SC for compliance with MISRA C was another important step in aligning this new API with safety standards such as ISO 26262, and will also help safety critical application developers use Vulkan SC in compliance with the RTCA DO-178C and EASA ED-12C certification standards for avionics. The Vulkan SC Working Group used GrammaTech’s CodeSonar tool to analyze the Vulkan SC header files to identify all deviations from MISRA C, enabling any issues to be seamlessly addressed.

The Importance of Conformance

Conformance tests are critical for any open interoperability standard, and rigorous conformance testing for APIs targeting safety critical markets such as Vulkan SC are particularly important. Safety critical software development requires significant effort to ensure functional safety, and system integrators value any tools that assist in confirming that system components, including APIs such as Vulkan SC, are well documented and tested. Khronos has made significant investments to create the Vulkan SC 1.0 Conformance Test Suite, which builds upon the already extensive test suite for Vulkan 1.2. This robust testing tool will enable API implementers to exercise the completeness of their Vulkan SC implementations, and give system integrators confidence in specification compatibility, aligning with safety certifications, as well as maximizing software portability and reuse across systems.

Conclusions

Vulkan SC’s explicit control of device scheduling, synchronization and resource management combined with Offline Pipelines determinism, MISRA C alignment and a rigorous Conformance Test Suite will make Vulkan SC the ideal API for developing the next generation of safety critical graphics and compute applications targeting modern GPUs.

As the Working Group moves toward the public release of the Vulkan SC 1.0 specification, now is an excellent time for anyone interested in receiving updates to subscribe to the Khronos Safety Critical Newsletter. We look forward to sharing more news on our journey to deploying Vulkan SC!