new armv8r technology for real time control in safety...
TRANSCRIPT
Title 44pt sentence case
Affiliations 24pt sentence case
20pt sentence case
© ARM 2016
New ARMv8-R technology for real-time control in safety-related applications
James Scobie
ARM Technical Symposium China: Automotive, Industrial & Functional Safety
Product manager
October 31st 2016 – November 4th 2016
© ARM 2016 2
Title 40pt sentence case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Today’s presentation
Increasing system complexity
New ARM Cortex-R52 processor
Functional safety support
Software separation
Real-time execution
Where Cortex-R52 fits
© ARM 2016 3
Title 40pt sentence case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Increasing complexity in functional safety markets
Cleaner engines
Autonomous driving
Automotive
Factory automation
Smart robots
Robotic surgery
Advanced medical mobility
Industrial Healthcare
© ARM 2016 4
Title 40pt sentence case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Autonomous systems share a common foundation
Autonomous system
Sense Perceive Decide Actuate
Gather environment
information from
sensors
Filter, interpret
and understand
sensor data
Safely choose
actions Initiate actions
© ARM 2016 5
Title 40pt sentence case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Complementary processor solutions
Fast real-time control
Real-time processors
Extended safety
ISO 26262 ASIL D
High-performance compute
Application processors
Coherent multicore
ARM big.LITTLE technology
Performance Efficiency Determinism Safety Security
© ARM 2016 6
Title 40pt sentence case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Collaborative robots
Autonomous flexible operation Collaborative autonomy
Flexible operation
Higher levels of autonomy
Functional safety demand
Real-time control for decision and actuation
Autonomous drones
Sense Perceive Decide Actuate
© ARM 2016 7
Title 40pt sentence case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Advanced driver assistance systems (ADAS)
Lane detection Highway pilot
Adoption time
City pilot
Rising-system complexity
Higher levels of autonomy
Functional safety demand
Real-time control for decision and actuation
Sense Perceive Decide Actuate
Lane keeping
© ARM 2016 8
Title 40pt sentence case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Cortex-R52: the most advanced processor for safety
ARM’s highest performance real-time
processor for safety applications
Enhanced software reliability and simplified software
consolidation with real-time, deterministic virtualization
Simplifying functional safety. Providing
enhanced-safety features and safety support
© ARM 2016 9
Title 40pt sentence case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Cortex-R52: first implementation of new ARMv8-R architecture
Storage
and
modem
Functional
safety
ARMv8-R ARMv7-R
Cortex-R8
Highest-
performance 5G
modem and storage
Cortex-R5
Real-time
performance with
functional safety
Cortex-R52
Most advanced processor for
functional safety
Cortex-R7
High-performance
4G modem
and storage
Legend:
© ARM 2016 10
Title 40pt sentence case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Functional safety controls risks of hazards
Safety application
Patient-controlled
drug delivery
Safety application
Pro
tect
ion
agai
nst
Braking system
Random
errors
Run-time errors
Product
safety
features
Systematic
faults
Design errors
Software errors
Processes
© ARM 2016 11
Title 40pt sentence case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
TCM ECC interface
MBIST interface
Dual core lockstep
Cache ECC
Exception handling
MPU Exception handling
MPU
Dual core lockstep†
ECC interface†
Exception handling
MPU
Stack limit check
Bus ECC
Error management
TCM ECC
MBIST interface
Dual core lockstep
Cache ECC
Exception handling
MPU
Virtualization
Bus protection
SW test library
System Error
Bus ECC
Error management
TCM ECC
MBIST interface
Dual core lockstep
Cache ECC
Exception handling
Two-stage MPU
Cache parity / ECC†
Exception handling
MMU
RAS features (v8.2-A)
Functional safety for ARM Cortex processors
Standard systematic capability Extended systematic capability
Standard safety package: Safety manual, FMEA
report, development interface report Extended safety package: Safety manual, FMEA
report, development interface report
3rd party functional safety assessment report
† availability depending on processor
Cortex-M3/M4
Cortex-M0+
Cortex-A
ARMv8-A
Cortex-M33
Cortex-M23
Cortex-M7
Cortex-R5
Cortex-R52
© ARM 2016 12
Title 40pt sentence case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Developed within robust requirements
tracing and validation framework
Safety manual
Failure modes and effects analysis
Development interface report
Providing support for
SIL 3 / IEC 61508
ASIL D / ISO 26262
New privilege level
Bus-interconnect protection
Dual-core lockstep
Self-test library
Error management
System event interrupt
ECC-protected memory and busses
Two-stage MPU
Cortex-R52 extended functional safety support
Fault management Processes
Random errors Systematic faults
© ARM 2016 13
Title 40pt sentence case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Growth in software complexity
SoC
SoC
<code>
<code>
<code>
<code>
<code>
<code>
<code> <code>
SoC
<code> <code>
<code>
<code>
<code>
<code>
Mixed software
With different criticality
From multiple sources
Resulting in
Complex integration
Large, complex safety
certification
Safety-critical function
Safety function
Applications providers
© ARM 2016 14
Title 40pt sentence case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Reducing software complexity
Software separation
Simplified integration of complex
software from multiple sources
Reduced effort for certification
Real-time execution maintained
<code> <code> <code> <code>
SoC
<code> <code> <code>
<code>
<code>
<code>
Safety-critical function
Safety function
Applications providers
© ARM 2016 15
Title 40pt sentence case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Cortex-R52 simplifies real-time software separation
ARMv8-R architecture introduces
an additional exception level
Create ‘sandboxes’ protected
from other software
Monitor (or hypervisor) manages
software separation and simplifies
isolation of tasks
Real-time switch rapidly between
tasks and ‘sandboxes’
Safe
task A
Task
D
Task
C
Safe
task B
Monitor
RTOS
Cortex-R52
The only processor with real-time deterministic virtualization
© ARM 2016 16
Title 40pt sentence case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Enabling consolidation onto fewer platforms
>100 million lines
of code
150 different
subsystems in
a car
Cortex-R52
Safe
task A
Task
D
Task
C
Safe
task B
Hypervisor
RTOS RTOS
Complete operating systems and tasks virtualized
© ARM 2016 17
Title 40pt sentence case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Cortex-R52 delivers best-in-class performance
Up to
35% performance
uplift
14x faster context
switch
1.36x 1.30x 1.25x
0
0.2
0.4
0.6
0.8
1
1.2
1.4
1.6
AutoMark DMIPS CoreMark
Cortex-R5 Cortex-R52
Rela
tive
iso
-fre
quency
perf
orm
ance
2x faster interrupt
entry
Compared to Cortex-R5
* Green Hills compiler
*
© ARM 2016 18
Title 40pt sentence case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Advanced features and capabilities
Deterministic
microarchitecture
In-order execution
Superscalar pipeline with
extensive dual issuing
Integer and floating-point
calculations
Advanced SIMD instructions
Optional ARM NEON
Double-precision floating
point
Cycle-redundancy check
instructions
Scalability
From 1 to 4 cores
Up to 4 cores in lockstep
© ARM 2016 19
Title 40pt sentence case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Deterministic memory
Scalable tightly coupled
memory for fast access
Flexible data or instruction
allocation
Extensibility
Rich set of interface ports
Dedicated low-latency
ports
Wide Flash interface port
Fastest interrupt entry
2x faster than Cortex-R5
Interrupt controller
integrated within cluster
Rapid responsiveness
14x faster context switch
than Cortex-R5
Hard real-time
determinism
Built for real-time determinism
© ARM 2016 20
Title 40pt sentence case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Cortex-R52 provides real-time performance
Sensors
CoreLink interconnect
Cortex-R52 Cortex-R52
Cortex-R52 Cortex-R52
Real-time control systems Dual-core lockstep system
Multiple homogeneous processors
Execute both safety and application software
Ideal for applications such as Industrial control
Powertrain
Chassis
SoC
Lockstep processor
Sense Decide Actuate
© ARM 2016 21
Title 40pt sentence case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Creating a safety island with Cortex-R52
Cortex-A
Cortex-R52
Cortex-A
Cortex-A Cortex-A
Autonomous system
Sensors
Combined as a safety island with
application processors
Partitioned for safety and
determinism vs throughput
Ideal for applications such as Robotics
ADAS
Lockstep processor
Sense Perceive Decide Actuate
CoreLink interconnect
SoC
© ARM 2016 22
Title 40pt sentence case
Bullets 24pt sentence case
Sub-bullets 20pt sentence case
Functional safety
Comprehensive features for
fault detection and control
Developed for safety
Virtualization
Application consolidation
Systematic fault protection
Real-time performance
High-performance execution
Fast deterministic response
Flexible memory system
Cortex-R52
Cortex-R52
Safe
Task A
Task
D
Task
C
Safe
Task B
Monitor / Hypervisor
RTOS RTOS
CPU
Delay
Memory
CPU
Delay
Delay
Check
ers
Delay
ECC
generate
ECC
chk/crrct
ECC
generate
Parity
generate
Parity
check
Parity
generate
ECC
chk/crrct
ECC
generate
ECC
chk/crrct
Parity
check
Parity
generateParity
check
Inte
rconnect
logi
c
ProcessorD
ata
(and Inst
ruct
ions)
Addre
ss &
Contr
ol
ECC
Data
ECC
Data
Parity
Parity
Addr/Ctrl
Addr/Ctrl
Mem
ory
sys
tem
ECC detect
& correct
ECC detect
& correct
ECC
generate
RMW
if <32b
CPU
I
D
64-b
its
EC
C b
its
64-b
its
EC
C b
its
64-b
its
EC
C b
its
64-b
its
EC
C b
its
64-b
its
EC
C b
its
64-b
its
EC
C b
its
64-b
its
EC
C b
its
64-b
its
EC
C b
its
32-b
its
EC
C b
its
32-b
its
EC
C b
its
32-b
its
EC
C b
its
32-b
its
EC
C b
its
32-b
its
EC
C b
its
32-b
its
EC
C b
its
32-b
its
EC
C b
its
32-b
its
EC
C b
its