tech symposia functional safety with arm architecture · gpos / rtos safety certifiable rtos / gpos...
Post on 22-Mar-2020
19 Views
Preview:
TRANSCRIPT
• Neil Stroud• Director, Technology Strategy &
Functional Safety
Functional Safety With Arm Architecture
Tech Symposia
2 © 2018 Arm Limited
Agenda
• Introduction
• Market, applications & Standards
• Arm functional safety headlines
• Safety Ready
• Cortex-A76AE
• STL’s
• Certification
• Summary
3 © 2018 Arm Limited
Introduction
4 © 2018 Arm Limited
Functional Safety
“Absence of unreasonable risk due to hazards caused by malfunctions”
• Systems must function correctly– Faults must be detected and controlled– Products must be properly specified and developed accordingly
• Safety critical– Systems relied upon to always function– High risk of hazard and loss of life
• Safety ‘nominal’– Systems that are helpful rather than essential– User can act to avoid hazards if aware of fault
5 © 2018 Arm Limited
Safety application
Patient-controlled drug delivery
Functional Safety Controls Risks of Hazards
Safety application
Pro
tect
ion
ag
ain
st
Braking system
Systematicfaults
Design errorsSoftware errors
Processes
Randomfaults
Run-time errors
Productsafety features
6 © 2018 Arm Limited
Types of Fault
▪ Hard errors
▪ Soft errors
▪ Permanent faults
▪ Transient faults
▪ Latent faults
Managed by including features forfault detection and control
▪ Hardware errata
▪ Software bugs
▪ Incorrect specification
▪ Incomplete requirements
▪ Unfulfilled assumptions
Managed through design process, verification and assessment
Random faults Systematic faults
7 © 2018 Arm Limited
Market, applications and Standards
8 © 2018 Arm Limited
Markets and Applications
AutomotiveAutonomous driving
IndustrialFactory automation
HealthcareRobotic surgery
TransportationTrain control systems
AvionicsFlight systems
ConsumerDomestic robots
9 © 2018 Arm Limited
Applicable standards – scaling across verticals
Standards always represent an industry consensus
• Long lead times for standards development (5-10 years)
• Often lagging behind true state-of-the-art
• Objective based or objective and method oriented
Safety Integrity Levels
Low
ASIL ANominalNominalNominal
ASIL B90%60%<10-7 / h
ASIL D99%90%<10-8 / h
ASIL C97%80%<10-7 / h
SPFMLFMFIT
SIL 1 SIL 2 SIL 3IEC 61508
ISO 26262
High
10 © 2018 Arm Limited
Arm Functional Safety Headlines
11 © 2018 Arm Limited
Requirements: From IP to system
IP integratore.g. MCU designer
Tier 1 designer Automotive OEMIP supplier
ISO 26262
-1-2-3-4-5-6-7-8-9
Applicable requirementNot applicable requirements
Requirements, assumptions
Supporting documentation (evidence)
ISO 26262
-1-2-3-4-5-6-7-8-9
ISO 26262
-1-2-3-4-5-6-7-8-9
ISO 26262
-1-2-3-4-5-6-7-8-9
© 2
01
8A
rm L
imit
ed
Safety Ready: Safer solutions, faster time to market
Reduces design effort Accelerates deploymentEases certification to ISO26262
Accelerating time to market for the whole automotive supply chain
13 © 2018 Arm Limited
A head-start on safety
Software tools Systematic
certification to ISO26262
Certified software components
Broadest functional safety IP
Comprehensive safety documentation
Innovative safety features for automotive
applications
Leading features and technologies
Software components and tools
Robust methodologies and certification
14 © 2018 Arm Limited
Arm functional safety package
• Design and verification process
• Fault detection and control• Verification summary
Safety manual
• Evidence of safety analysis on the Arm IP
• Aids partners with their own SoC level FMEA
• Interworking relationship• Replaces conventional DIA• Ambiguity avoidance
FMEA reportDevelopment Interface Report
© 2
01
8A
rm L
imit
ed
Safety Ready Products
16 © 2018 Arm Limited
▪ Cache parity / ECC▪ Exception handling▪ MMU▪ RAS features
Cortex-A55 Cortex-A76
Functional Safety throughout Arm CPUs
† availability dependent on processor
Cortex-M3/M4Cortex-M0+
▪ Exception handling▪ MPU▪ SW test library
▪ Cache parity / ECC†
▪ Exception handling▪ MMU
Cortex-AArmv8-A ▪ Dual core lockstep
▪ Exception handling▪ MMU▪ RAS features▪ SW test library
Cortex-A76AEHelios AE
▪ Dual core lockstep†
▪ Exception handling▪ MPU▪ Stack limit check▪ SW test library
Cortex-M33Cortex-M23
▪ TCM ECC interface▪ MBIST interface▪ Dual core lockstep▪ Cache ECC▪ Exception handling▪ MPU
Cortex-M7Cortex-R5
▪ Virtualization▪ Bus protection▪ SW test library▪ System error▪ Bus ECC▪ Error management▪ TCM ECC▪ MBIST interface▪ Dual core lockstep▪ Cache ECC▪ Exception handling▪ Two-stage MPU
Cortex-R52
▪ Interface protection▪ Transient detection▪ SW test library▪ MBIST interface▪ Dual core lockstep▪ Integer lockstep▪ Exception handling▪ MPU
Cortex-M35P
SIL3/ASIL D systematic capabilitySIL2/ASIL B systematic capability SIL3/ASIL D systematic & diagnostic capability
17 © 2018 Arm Limited
© 2
01
8A
rm L
imit
ed
Cortex-A76AE: World's first autonomous-class processor with integrated safetyGame-changing safety innovations optimized for 7nm
*16 core Cortex-A76AE configuration with CMN-600AE at 7nm
Autonomous-class performance
>250 KDMIPS <30W SoC
<15W Compute Complex *
First application processor with Split-Lock
Developed for automotive use cases
Safety capable to industry standards ISO26262 ASIL D systematic
Best-in-class performance per watt
18 © 2018 Arm Limited
Autonomous-class compute complex• Automotive Enhanced system IP enabling high integrity safety designs
• Delivers high performance, safe compute complex up to 64 cores & multi-chip
• Scalable mesh network for many-core systems
• Arm V8.2 RAS features
• Memory virtualization and protection to ML / NN accelerators
• ML processing for automotive
• Multiple guest operating systems
CoreLink CMN-600AE
CoreLink GIC-600AE
DynamIQ Shared Unit
Cortex-A76AE
ELA
-60
0
Arm ML Processor
DynamIQ Shared Unit
Cortex-A76AEEL
A-6
00
Automotive Enhanced
CoreLinkMMU-600AE
Co
reSi
ght
SoC
-60
0 D
ebu
g &
Tra
ce
Mali-G76
Autonomous Compute Complex
19 © 2018 Arm Limited
The system view: bringing it all together
Arm Cortex-A and Cortex-R class CPUs
Safety-certifiable Hypervisor
ASIL B partition
Gateway partition
Safety Certifiable RTOS / GPOSGPOS / RTOS
Non-critical partition
Infotainment (IVI)
Safety Certifiable RTOS / GPOS
Drivers
ASIL B partition
Instrument cluster
Applications
Drivers Drivers
Applications Applications
20 © 2018 Arm Limited
Why STLs?
• Any safety system relies on multiple error detection mechanisms.• ECC & parity• DCLS
• Software Test Libraries provide another detection mechanism.• Libraries are broken down in to functions that cover specific blocks of
the CPU core to ensure correct behavior• Multiple suppliers across the ecosystem
TimingProtection
DCLS
LBIST
Error management
MBIST
Parity
21 © 2018 Arm Limited
Software test Libraries
The most optimized STLs for Arm cores with the best-in-class diagnostic coverage
• Common API framework enable
• Reduces safety hardware mitigation requirements
• Delivered pre-certified for production software integration
• Targeting 90% diagnostic coverage*
• Minimized system impact (memory and WCET)
• Modularized tests executed across multiple fault tolerant time intervals (FTTI)
• Use cases across multiple applications
CPU STL
Cortex-R52
Cortex-M0+
Cortex-M3
Cortex-M4
Cortex-M33
Cortex-M23
Cortex-A53
22 © 2018 Arm Limited
STL Deliverables
• STL Safety Package BOM will look similar to existing HW Safety Package:
• S/W Test Library
• STL Safety Manual
• STL Development Interface Report
• STL FMEDA Report & DFA Report
• STL Documentation (integration manual, user manual, configuration etc.)
• Release notes
23 © 2018 Arm Limited
Certification
24 © 2018 Arm Limited
Certification Strategy and Progress
• Certification and assessment are key parts of functional safety
• Arm’s strategy is to independently assess an increasing number of FuSa products
• Provides confidence in our own process
• Reduces certification time and effort down stream
• Cost and project efficiencies for ecosystem
• Close collaboration with multiple independent assessor organizations
• Influencing industry standards
25 © 2018 Arm Limited
What to Expect Next?
• Continued investment to support adjacent verticals and standards
• Continue to develop and expand STL portfolio
• Solutions: demonstrating the reality of multiple products in a safety system
26 © 2018 Arm Limited
Summary
• Safety Ready - Excelling in delivery of functional safety capable IP
• Expanding portfolio to include software and beyond
• Commitment to assessment and certification
27 © 2018 Arm Limited
Thank You
Confidential © Arm 2018 27
Thank You
Confidential © Arm 2018 27
Thank You
Confidential © Arm 2018 27
top related