new armv8r technology for real time control in safety...

Title 44pt sentence case

Affiliations 24pt sentence case

20pt sentence case

© ARM 2016

New ARMv8-R technology for real-time control in safety-related applications

James Scobie

ARM Technical Symposium China: Automotive, Industrial & Functional Safety

Product manager

October 31st 2016 – November 4th 2016

© ARM 2016 2


Bullets 24pt sentence case

Sub-bullets 20pt sentence case

Today’s presentation

Increasing system complexity

New ARM Cortex-R52 processor

Functional safety support

Software separation

Real-time execution

Where Cortex-R52 fits

© ARM 2016 3




Increasing complexity in functional safety markets

Cleaner engines

Autonomous driving

Automotive

Factory automation

Smart robots

Robotic surgery

Advanced medical mobility

Industrial Healthcare

© ARM 2016 4




Autonomous systems share a common foundation

Autonomous system

Sense Perceive Decide Actuate

Gather environment

information from

sensors

Filter, interpret

and understand

sensor data

Safely choose

actions Initiate actions

© ARM 2016 5




Complementary processor solutions

Fast real-time control

Real-time processors

Extended safety

ISO 26262 ASIL D

High-performance compute

Application processors

Coherent multicore

ARM big.LITTLE technology

Performance Efficiency Determinism Safety Security

© ARM 2016 6




Collaborative robots

Autonomous flexible operation Collaborative autonomy

Flexible operation

Higher levels of autonomy

Functional safety demand

Real-time control for decision and actuation

Autonomous drones


© ARM 2016 7




Advanced driver assistance systems (ADAS)

Lane detection Highway pilot

Adoption time

City pilot

Rising-system complexity

Higher levels of autonomy

Functional safety demand

Real-time control for decision and actuation


Lane keeping

© ARM 2016 8




Cortex-R52: the most advanced processor for safety

ARM’s highest performance real-time

processor for safety applications

Enhanced software reliability and simplified software

consolidation with real-time, deterministic virtualization

Simplifying functional safety. Providing

enhanced-safety features and safety support

© ARM 2016 9




Cortex-R52: first implementation of new ARMv8-R architecture

Storage

and

modem

Functional

safety

ARMv8-R ARMv7-R

Cortex-R8

Highest-

performance 5G

modem and storage

Cortex-R5

Real-time

performance with

functional safety

Cortex-R52

Most advanced processor for

functional safety

Cortex-R7

High-performance

4G modem

and storage

Legend:

© ARM 2016 10




Functional safety controls risks of hazards

Safety application

Patient-controlled

drug delivery

Safety application

Pro

tect

ion

agai

nst

Braking system

Random

errors

Run-time errors

Product

safety

features

Systematic

faults

Design errors

Software errors

Processes

© ARM 2016 11




TCM ECC interface

MBIST interface

Dual core lockstep

Cache ECC

Exception handling

MPU Exception handling

MPU

Dual core lockstep†

ECC interface†

Exception handling

MPU

Stack limit check

Bus ECC

Error management

TCM ECC

MBIST interface

Dual core lockstep

Cache ECC

Exception handling

MPU

Virtualization

Bus protection

SW test library

System Error

Bus ECC

Error management

TCM ECC

MBIST interface

Dual core lockstep

Cache ECC

Exception handling

Two-stage MPU

Cache parity / ECC†

Exception handling

MMU

RAS features (v8.2-A)

Functional safety for ARM Cortex processors

Standard systematic capability Extended systematic capability

Standard safety package: Safety manual, FMEA

report, development interface report Extended safety package: Safety manual, FMEA

report, development interface report

3rd party functional safety assessment report

† availability depending on processor

Cortex-M3/M4

Cortex-M0+

Cortex-A

ARMv8-A

Cortex-M33

Cortex-M23

Cortex-M7

Cortex-R5

Cortex-R52

© ARM 2016 12




Developed within robust requirements

tracing and validation framework

Safety manual

Failure modes and effects analysis

Development interface report

Providing support for

SIL 3 / IEC 61508

ASIL D / ISO 26262

New privilege level

Bus-interconnect protection

Dual-core lockstep

Self-test library

Error management

System event interrupt

ECC-protected memory and busses

Two-stage MPU

Cortex-R52 extended functional safety support

Fault management Processes

Random errors Systematic faults

© ARM 2016 13




Growth in software complexity

SoC

SoC

<code>

<code>

<code>

<code>

<code>

<code>

<code> <code>

SoC

<code> <code>

<code>

<code>

<code>

<code>

Mixed software

With different criticality

From multiple sources

Resulting in

Complex integration

Large, complex safety

certification

Safety-critical function

Safety function

Applications providers

© ARM 2016 14




Reducing software complexity

Software separation

Simplified integration of complex

software from multiple sources

Reduced effort for certification

Real-time execution maintained

<code> <code> <code> <code>

SoC

<code> <code> <code>

<code>

<code>

<code>

Safety-critical function

Safety function

Applications providers

© ARM 2016 15




Cortex-R52 simplifies real-time software separation

ARMv8-R architecture introduces

an additional exception level

Create ‘sandboxes’ protected

from other software

Monitor (or hypervisor) manages

software separation and simplifies

isolation of tasks

Real-time switch rapidly between

tasks and ‘sandboxes’

Safe

task A

Task

D

Task

C

Safe

task B

Monitor

RTOS

Cortex-R52

The only processor with real-time deterministic virtualization

© ARM 2016 16




Enabling consolidation onto fewer platforms

>100 million lines

of code

150 different

subsystems in

a car

Cortex-R52

Safe

task A

Task

D

Task

C

Safe

task B

Hypervisor

RTOS RTOS

Complete operating systems and tasks virtualized

© ARM 2016 17




Cortex-R52 delivers best-in-class performance

Up to

35% performance

uplift

14x faster context

switch

1.36x 1.30x 1.25x

0

0.2

0.4

0.6

0.8

1

1.2

1.4

1.6

AutoMark DMIPS CoreMark

Cortex-R5 Cortex-R52

Rela

tive

iso

-fre

quency

perf

orm

ance

2x faster interrupt

entry

Compared to Cortex-R5

* Green Hills compiler

*

© ARM 2016 18




Advanced features and capabilities

Deterministic

microarchitecture

In-order execution

Superscalar pipeline with

extensive dual issuing

Integer and floating-point

calculations

Advanced SIMD instructions

Optional ARM NEON

Double-precision floating

point

Cycle-redundancy check

instructions

Scalability

From 1 to 4 cores

Up to 4 cores in lockstep

© ARM 2016 19




Deterministic memory

Scalable tightly coupled

memory for fast access

Flexible data or instruction

allocation

Extensibility

Rich set of interface ports

Dedicated low-latency

ports

Wide Flash interface port

Fastest interrupt entry

2x faster than Cortex-R5

Interrupt controller

integrated within cluster

Rapid responsiveness

14x faster context switch

than Cortex-R5

Hard real-time

determinism

Built for real-time determinism

© ARM 2016 20




Cortex-R52 provides real-time performance

Sensors

CoreLink interconnect



Real-time control systems Dual-core lockstep system

Multiple homogeneous processors

Execute both safety and application software

Ideal for applications such as Industrial control

Powertrain

Chassis

SoC

Lockstep processor

Sense Decide Actuate

© ARM 2016 21




Creating a safety island with Cortex-R52

Cortex-A

Cortex-R52

Cortex-A

Cortex-A Cortex-A

Autonomous system

Sensors

Combined as a safety island with

application processors

Partitioned for safety and

determinism vs throughput

Ideal for applications such as Robotics

ADAS

Lockstep processor


CoreLink interconnect

SoC

© ARM 2016 22




Functional safety

Comprehensive features for

fault detection and control

Developed for safety

Virtualization

Application consolidation

Systematic fault protection

Real-time performance

High-performance execution

Fast deterministic response

Flexible memory system

Cortex-R52

Cortex-R52

Safe

Task A

Task

D

Task

C

Safe

Task B

Monitor / Hypervisor

RTOS RTOS

CPU

Delay

Memory

CPU

Delay

Delay

Check

ers

Delay

ECC

generate

ECC

chk/crrct

ECC

generate

Parity

generate

Parity

check

Parity

generate

ECC

chk/crrct

ECC

generate

ECC

chk/crrct

Parity

check

Parity

generateParity

check

Inte

rconnect

logi

c

ProcessorD

ata

(and Inst

ruct

ions)

Addre

ss &

Contr

ol

ECC

Data

ECC

Data

Parity

Parity

Addr/Ctrl

Addr/Ctrl

Mem

ory

sys

tem

ECC detect

& correct

ECC detect

& correct

ECC

generate

RMW

if <32b

CPU

I

D

64-b

its

EC

C b

its

64-b

its

EC

C b

its

64-b

its

EC

C b

its

64-b

its

EC

C b

its

64-b

its

EC

C b

its

64-b

its

EC

C b

its

64-b

its

EC

C b

its

64-b

its

EC

C b

its

32-b

its

EC

C b

its

32-b

its

EC

C b

its

32-b

its

EC

C b

its

32-b

its

EC

C b

its

32-b

its

EC

C b

its

32-b

its

EC

C b

its

32-b

its

EC

C b

its

32-b

its

EC

C b

its

The trademarks featured in this presentation are registered and/or unregistered trademarks of ARM Limited

(or its subsidiaries) in the EU and/or elsewhere. All rights reserved. All other marks featured may be

trademarks of their respective owners.

Copyright © 2016 ARM Limited

© ARM 2016

new armv8r technology for real time control in safety...

Documents