developing functional safety systems with arm architecture solutions stroud

Title 44pt sentence case

Affiliations 24pt sentence case

20pt sentence case

Confidential © ARM 2017

Developing functional safety systems with ARM architecture solutions

Neil Stroud

Embedded World 2017, Nűrnberg

Director of functional safety

Wednesday 15th March, 2017

Confidential © ARM 2017 2


Bullets 24pt sentence case

bullets 20pt sentence case

Functional safety

Systems that must function correctly to avoid unacceptable risk of damage or injury§ Faults must be detected and controlled§ Products must be properly specified and developed accordingly

Safety critical§ Braking, steering, acceleration, chassis control, air bag, seat belt§ Driver relies on these systems to always function correctly§ High Safety Integrity Level (SIL)

Safety ‘nominal’§ Lane departure, speedometer, rear camera…§ So long as the driver is made aware the system is not working§ Medium Safety Integrity Level (SIL)





Increasing complexity in functional safety markets

Cleaner engines

Autonomous driving

AutomotiveFactory automation

Smart robotics

Robotic surgery

Advanced medical mobility

Industrial Healthcare


Text 54pt sentence case Thanks for reading

For more about functional safety and ARM visit arm.com

Sign-up for the latest news and information from ARM





Applicable standards

A number of functional safety standards exist§ IEC 61508 – Electrical, electronic, programmable

electronic systems§ ISO 26262 – Road vehicles§ DO 254 – Aircraft electronics

Standards always represent an industry consensus§ Long lead-times for standards development (5-10 years)§ Often lagging behind true state-of-the-art

Safety Integrity Levels (low to high)§ SIL 1 to SIL 3

§ Typically SIL 1 or SIL 3§ ASIL A to ASIL D

§ Typically ASIL B (e.g. parking) or ASIL D (e.g. braking)

Automotive

Medical

Aviation

Railways

Machinery

Industrial

Functional safety of E/E/PE systemsDO-178

DO-254

IEC 62304

EN 5012x

IEC 61508

IEC 61511IEC 61513

ISO 26262

IEC 62061ISO 13849





Safety standardization

§ IEC 61508 addresses a wide range of industries

§ ISO 26262 specifically for automotive electronics§ Developed from IEC 61508 and published in 2011

§ Standardization§ Provides a framework for the development process§ Drives implementation of hardware and software to

achieve safety goal

§ ISO 26262 in revision for 2nd edition§ Guidelines for applying ISO 26262 to semiconductors§ Extended coverage for trucks, buses and motorcycles§ ARM is actively contributing





Complementary processor solutions

Fast real-time control

Real-time processors

Extended safetyISO 26262 ASIL D

High-performance compute

Application processors

Coherent multicore ARMbig.LITTLE technology

Performance Efficiency Determinism Safety Security





Growth in software complexity

SoC

SoC

<code>

<code>

<code>

<code>

<code>

<code>

<code> <code>

SoC

<code> <code>

<code><code>

<code>

<code>

Mixed software § With different criticality§ From multiple sources

Resulting in§ Complex integration§ Large complex safety

certification

Safety-critical functionSafety functionApplications providers





Environment

§ Some languages are great in making the distinction difficult:安全, sécurité, Sicherheit, säkerhet, turvallisuus, ……i.e. not all languages differentiate between safety and security in terminology

Safety vs. security

System under consideration

Security Safety

SecurityKeeping what’s inside the box safe

SafetyKeeping what’s outside the box safe





Safety island concept

§ Repartitioning of functions within the system to address the trends outlined

Cortex-ACortex-R52

Cortex-A

Cortex-ACortex-A

Autonomous system

SensorsCortex-M

§ SoC combination§ Cortex-A cluster(s) for compute intensive

applications§ Cortex-R52 for deterministic decision

making and actuation with high SIL§ Partitioned for safety and determinism vs

throughput§ Applications such as

§ Robotics§ ADAS

Safety Island core(s) on separate clock and power domains

Sense Perceive Decide Actuate

Corelink interconnect

SoC





§ TCM ECC interface§ MBIST interface§ Dual core lockstep§ Cache ECC§ Exception handling§ MPU

§ Exception handling§ MPU

§ Dual core lockstep†

§ ECC interface†

§ Exception handling§ MPU§ Stack limit check

§ Bus ECC§ Error management§ TCM ECC§ MBIST interface§ Dual core lockstep§ Cache ECC§ Exception handling§ MPU

§ Virtualization§ Bus protection§ SW test library§ System error§ Bus ECC§ Error management§ TCM ECC§ MBIST interface§ Dual core lockstep§ Cache ECC§ Exception handling§ MPU

§ Cache parity / ECC†

§ Exception handling§ MMU§ RAS features (v8.2-A)

Functional safety for ARM Cortex processors

ASIL B capability ASIL D capability§ Standard safety package: Safety manual, FMEA

report, development interface report§ Extended safety package: Safety manual, FMEA

report, development interface report§ 3rd party functional safety assessment report

† availability dependent on processor

Cortex-M3/M4Cortex-M0+

Cortex-AARMv8-A

Cortex-M33Cortex-M23

Cortex-M7

Cortex-R5

Cortex-R52





ARM safety summary

Functional safety applications are driving both hardware and software complexity

High performance compute, deterministic real-time control, safety and security require innovative system architectures.

The ARM processor functional safety portfolio enables safety islands increasing fault detection and control for high compute platforms

The trademarks featured in this presentation are registered and/or unregistered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners.Copyright © 2017 ARM Limited

Confidential © ARM 2017

developing functional safety systems with arm architecture solutions stroud

Technology