Sie sind auf Seite 1von 22

Functional safety: What is

Arm doing to support this


critical capability?

James Scobie
Senior Product Manager, Arm
© 2017
Arm 2017
Arm Limited
Arm Tech Symposia 2017, Hsinchu
Agenda

• What’s new
• Standards and trends
• Safety portfolio
• Bringing it all together

2 © Arm 2017
What’s new with functional safety in 2017?

New products New software New capabilities

ASIL D on Cortex-A

Software Test Libraries (STLs)

Arm Compiler 6

3 © Arm 2017
Organizing for growth

Automotive line of business established

Create a vibrant ecosystem through


collaboration and thought leadership

Functional Safety Center of Excellence

The world drives on Arm-based technologies


4 © Arm 2017
Standard and trends

© Arm 2017
Increasing complexity in functional safety markets

Automotive Industrial Healthcare


Autonomous driving Factory automation Robotic surgery

Transportation Avionics Consumer


Train control systems Flight systems Domestic robots

6 © Arm 2017
What is driving system complexity?

Compute-intensive applications

Software delivered from multiple


vendors

Security threats growing exponentially

Higher safety integrity requirements

7 © Arm 2017
Workload consolidation

‘Mixed-criticality’
systems
Individual tasks on separate SoCs
Reduce
Safe Safe
development cycles task A task B
Task C Task D

Reduce physical RTOS RTOS GPOS RTOS


SoC SoC SoC SoC
footprints
Reduce attack
surface Safety Servo
GUI Vision
Security
app control app
RTOS GPOS
Monitor / hypervisor

Multi-core CPU

8 © Arm 2017
Applicable standards – scaling across verticals

Standards always represent an industry consensus Automotive

• Long lead times for standards development (5-10 years) ISO 26262
Medical Industrial
• Often lagging behind true state-of-the-art
IEC 61511
IEC 62304 Functional IEC 61513
safety
Safety Integrity Levels of E/E/PE
systems
Aviation IEC 61508 Machinery
Low High
DO-178 IEC 62061
SIL 1 SIL 2 SIL 3 DO-254 ISO 13849
ASIL A ASIL B ASIL D Railways
ASIL C
EN 5012x

9 © Arm 2017
Requirements: From IP to system
IP integrator
IP supplier Tier 1 designer Automotive OEM
e.g. MCU designer

Requirements, assumptions

ISO 26262 ISO 26262 ISO 26262 ISO 26262


-1 -1 -1 -1
-2 -2 -2 -2
-3 -3 -3 -3
-4 -4 -4 -4
-5 -5 -5 -5
-6 -6 -6 -6
-7 -7 -7 -7
-8 -8 -8 -8
-9 -9 -9 -9

Supporting documentation (evidence)


Applicable requirement
Not applicable requirements
10 © Arm 2017
Arm functional safety package

Development Interface
Safety manual FMEA report Report
• Design and verification process • Evidence of safety analysis on • Interworking relationship
the Arm IP
• Fault detection and control • Replaces conventional DIA
• Aids partners with their own
• Verification summary SoC level FMEA • Ambiguity avoidance
• Assumptions of use

11 © Arm 2017
Safety portfolio

© Arm 2017
The broadest safety CPU portfolio

Cortex-R52
▪ Virtualization
Cortex-R5 ▪ Bus protection
▪ SW test library
Cortex-A Cortex-M7 ▪
Cortex-M33 ▪ Bus ECC
System error
A55… ▪ Bus ECC
Cortex-M23 ▪ Error management ▪ Error management
Cortex-A ▪ TCM ECC interface ▪ TCM ECC ▪
Cortex-M3/M4 ▪ Cache parity / ECC
Armv8-A ▪Dual core lockstep†
▪ MBIST interface ▪ MBIST interface ▪
TCM ECC
MBIST interface
▪ Exception handling ▪
Cortex-M0+ ▪ MMU
▪ECC interface


Dual core lockstep
Cache ECC
▪ Dual core lockstep ▪ Dual core lockstep
▪ Cache parity /▪ ECC † ▪Exception handling ▪ Cache ECC ▪ Cache ECC
RAS features ▪ Exception handling ▪ Exception handling
▪ Exception handling ▪ Exception handling ▪MPU ▪ Exception handling
▪ MPU ▪ MPU
▪ MPU ▪ MMU ▪Stack limit check ▪ Two-stage MPU

SIL2/ASIL B systematic capability SIL3/ASIL D systematic capability

13 © Arm 2017
† availability dependent on processor
Beyond CPU – other assets

Arm Compiler 6 System IP


• Functional safety qualified • “Quality managed” IP across CCI, CMN, NIC, GIC,
SMMU, CryptoCell and CoreSight
• Qualification kit
• Robust ASIL D roadmap with supporting collateral
• Extended maintenance

14 © Arm 2017
What are Software Test Libraries (STL)?

The most optimized STLs for Arm cores with the CPU Schedule
best-in-class diagnostic coverage
Cortex-R52 CY17Q4
• Complements the industry’s broadest safety CPU portfolio
Cortex-M0+,
• Delivered pre-certified for production software integration
Cortex-M3, and CY18Q1
• Targeting 90% diagnostic coverage Cortex-M4

• Common API framework Cortex-M23 and


CY18Q3
Cortex-M33
• Minimized system impact
• Modularized tests executed across multiple fault tolerant time
intervals (FTTI)

15 © Arm 2017
Why STLs?

Any safety system relies on multiple error detection Timing


Protection
mechanisms
• ECC & parity Parity DCLS
• DCLS

Software Test Libraries provide another detection


mechanism MBIST LBIST
• Libraries are broken down in to functions that cover specific blocks of
the CPU core to ensure correct behaviour Error
• Multiple suppliers across the ecosystem management

16 © Arm 2017
The system view

© Arm 2017
Safety island concept

Sense Perceive Decide Actuate


Combine ‘safety island’ with
application processors
SoC
• Integrate checker functions into SoC
Cortex-A Cortex-A
• Reduces BOM cost and footprint Sensors
• Sits on independent power and clock rails to (Cortex-M)
Cortex-A Cortex-A
reduce common cause failures
• Manages overall safety for SoC CoreLink interconnect
• Enables both high compute with high safety
integrity

Cortex-R52
Lockstep CPU

18 © Arm 2017
The system view: bringing it all together
ASIL B partition Non-critical partition ASIL B partition
Instrument cluster Infotainment (IVI) Gateway partition

Applications Applications Applications

Safety Certifiable RTOS / GPOS GPOS / RTOS Safety Certifiable RTOS / GPOS

Drivers Drivers Drivers

Safety-certifiable Hypervisor

Arm Cortex CPUs

19 © Arm 2017
Arm leads the way in functional safety

Arm offers the most comprehensive, scalable portfolio for safety.

Arm is addressing higher compute performance and higher safety integrity


requirements.

Targeted products such as Software Test Libraries reduce certification burdens and
shorten time to market.

20 © Arm 2017
Thank You!
Danke!
Merci!
謝謝!
ありがとう!
Gracias!
Kiitos!

21 © 2017 Arm Limited


The Arm trademarks featured in this presentation are registered trademarks or
trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights
reserved. All other marks featured may be trademarks of their respective owners.

www.arm.com/company/policies/trademarks

22 © 2017 Arm Limited