Let’s talk certification. Anyone in safety critical industries knows that certifications to the highest levels can be a long, arduous task, stressful to navigate and difficult to accomplish. When feeling your way through the certification process, it helps to use a Vulkan® SC™-based GPU acceleration driver, like CoreAVI’s VkCore® SC, which allows for a smoother certification process. Let’s look at how.
Before discussing how offline pipeline compilation can make it easier to certify a safety critical graphics or compute application, there are some important factors of safety critical software to consider for the certification process: determinism, pre-established resource usage, and low complexity. A piece of software is deterministic when the exact output being produced for a given input is reliable within a strict timeline. Pre-established resource usage means that the amount of a CPU or GPU resource’s usage is bounded by a known upper limit. Last is low complexity, which is not a requirement for certification but helps reduce the time and effort involved with it. Moving the compilation of pipelines offline makes it easier for safety-critical graphics or compute software to conform to these factors.
To keep things simpler for the certification process, the Vulkan SC specification requires that the graphics or compute pipeline state be compiled offline instead of at runtime using a pipeline cache compiler. This is in contrast to a commercial Vulkan driver which usually has some form of a shader compiler built into it that is able to process shaders written for the application at runtime. In contrast, a Vulkan SC driver requires that the entire pipeline state, including shaders, be compiled offline before running the Vulkan SC application. This offline compiled state is then loaded by the Vulkan SC graphics or compute application when it runs. Using precompiled pipelines in this manner eliminates delays associated with compiling shaders and processing pipeline state at runtime. This can ultimately reduce an application’s startup or initialization time. Additionally, the Vulkan SC driver itself will be less complex and have a smaller memory footprint because the need to implement a shader compiler within the driver itself is eliminated. Safety-Critical Real-Time Operating Systems (RTOSes) generally have restrictions on dynamic memory allocation and have limited support for programming language libraries, in addition to other restrictions. Since compiler toolchains generally involve a lot of complexity, a constrained environment like that provided by a safety-critical RTOS might not be sufficient to be able to leverage the full functionality of a compiler toolchain. Moving compilation offline means that compilation can be carried out on a different OS which allows us to take advantage of the full functionality of a complex compiler toolchain.
You may be asking how offline pipeline compilation works. Let’s explain how the compiler functions:
- The compiler takes in the graphics or compute pipeline state information specified in a particular format. The Vulkan SC specification requires that the JSON format be used for this purpose.
- The compiler then produces a GPU-specific binary that can be loaded into a Vulkan SC application at runtime.
- The Vulkan SC driver reads the loaded binary and sets up the rendering state of the application accordingly.
This is different from a commercial Vulkan driver where:
- The driver includes a shader compiler which can ingest a shader at execution time.
- The shaders are compiled as part of the pipeline state, which is specified online in a Vulkan application.
Moving pipeline compilation outside the application also allows for additional features to be added to the offline compiler toolchain without affecting the software that uses the offline-compiled pipelines.
Additionally, for aerospace, compiling pipelines offline means that the code for the pipeline compiler does not have to be certified as flight software; however, it would potentially need to be qualified as a development tool. DO-178C indicates that tools need to be qualified only when they facilitate safety life cycle processes where the outputs are not verified in accordance with the software verification process. In the case of pipeline compilers, the outputs become part of the graphics pipeline used by the application to render images. All application graphical outputs would already need to be verified as per DO-178C, and therefore an offline pipeline compiler does not require tool qualification.
While meeting certification regulations can be daunting, there are ways to ease your journey in the certification process. Offline compilation is one way to help achieve a flexible and efficient certification process.