Upload
hathien
View
227
Download
0
Embed Size (px)
Citation preview
© Arm 2017
James Scobie
Senior Product Manager, Arm
Arm Tech Symposia 2017, Hsinchu
Functional safety: What is Arm doing to support this
critical capability?
© 2017 Arm Limited
© Arm 2017 2
Agenda
• What’s new
• Standards and trends
• Safety portfolio
• Bringing it all together
© Arm 2017 3
What’s new with functional safety in 2017?
New products New capabilities
ASIL D on Cortex-A
New software
Software Test Libraries (STLs)
Arm Compiler 6
© Arm 2017 4
Organizing for growth
Automotive line of business established
Create a vibrant ecosystem through collaboration and thought leadership
Functional Safety Center of Excellence
The world drives on Arm-based technologies
© Arm 2017 6
Increasing complexity in functional safety markets
AutomotiveAutonomous driving
IndustrialFactory automation
HealthcareRobotic surgery
TransportationTrain control systems
AvionicsFlight systems
ConsumerDomestic robots
© Arm 2017 7
What is driving system complexity?
Compute-intensive applications
Software delivered from multiple vendors
Security threats growing exponentially
Higher safety integrity requirements
© Arm 2017 8
Workload consolidation
‘Mixed-criticality’ systems
Reduce development cycles
Reduce physical footprints
Reduce attack surface
Individual tasks on separate SoCs
Safe task A
Task DTask CSafe
task B
GPOSRTOS
SoC SoC SoCSoC
RTOS RTOS
Multi-core CPU
Safety app
Security app
GUIServo
control
Monitor / hypervisor
RTOS GPOS
Vision
© Arm 2017 9
Applicable standards – scaling across verticals
Standards always represent an industry consensus
• Long lead times for standards development (5-10 years)
• Often lagging behind true state-of-the-art
Functional safety
of E/E/PE systemsIEC 61508
Automotive
ISO 26262
Railways
EN 5012x
Machinery
IEC 62061ISO 13849
Aviation
DO-178DO-254
Medical
IEC 62304
Industrial
IEC 61511IEC 61513
Safety Integrity Levels
HighLow
SIL 1ASIL A
SIL 2ASIL B
SIL 3ASIL DASIL C
© Arm 2017 10
Requirements: From IP to system
IP integratore.g. MCU designer
Tier 1 designer Automotive OEMIP supplier
ISO 26262
-1-2-3-4-5-6-7-8-9
Applicable requirementNot applicable requirements
Requirements, assumptions
Supporting documentation (evidence)
ISO 26262
-1-2-3-4-5-6-7-8-9
ISO 26262
-1-2-3-4-5-6-7-8-9
ISO 26262
-1-2-3-4-5-6-7-8-9
© Arm 2017 11
Arm functional safety package
• Design and verification process
• Fault detection and control
• Verification summary
• Assumptions of use
Safety manual
• Evidence of safety analysis on the Arm IP
• Aids partners with their own SoC level FMEA
• Interworking relationship
• Replaces conventional DIA
• Ambiguity avoidance
FMEA reportDevelopment Interface Report
© Arm 2017 13
The broadest safety CPU portfolio
† availability dependent on processor
▪ Cache parity / ECC†
▪ Exception handling▪ MMU
▪ Exception handling▪ MPU
Cortex-M3/M4
Cortex-M0+
Cortex-A
Armv8-A
▪ Virtualization▪ Bus protection▪ SW test library▪ System error▪ Bus ECC▪ Error management▪ TCM ECC▪ MBIST interface▪ Dual core lockstep▪ Cache ECC▪ Exception handling▪ Two-stage MPU
▪ TCM ECC interface▪ MBIST interface▪ Dual core lockstep▪ Cache ECC▪ Exception handling▪ MPU
▪Dual core lockstep†
▪ECC interface†
▪Exception handling▪MPU▪Stack limit check
▪ Bus ECC▪ Error management▪ TCM ECC▪ MBIST interface▪ Dual core lockstep▪ Cache ECC▪ Exception handling▪ MPU
Cortex-M33Cortex-M23
Cortex-M7
Cortex-R52
Cortex-R5
▪ Cache parity / ECC▪ Exception handling▪ MMU▪ RAS features
Cortex-AA55…
SIL3/ASIL D systematic capabilitySIL2/ASIL B systematic capability
© Arm 2017 14
Beyond CPU – other assets
Arm Compiler 6
• Functional safety qualified
• Qualification kit
• Extended maintenance
System IP
• “Quality managed” IP across CCI, CMN, NIC, GIC, SMMU, CryptoCell and CoreSight
• Robust ASIL D roadmap with supporting collateral
© Arm 2017 15
What are Software Test Libraries (STL)?
The most optimized STLs for Arm cores with the best-in-class diagnostic coverage
• Complements the industry’s broadest safety CPU portfolio
• Delivered pre-certified for production software integration
• Targeting 90% diagnostic coverage
• Common API framework
• Minimized system impact
• Modularized tests executed across multiple fault tolerant time intervals (FTTI)
CPU Schedule
Cortex-R52 CY17Q4
Cortex-M0+, Cortex-M3, and
Cortex-M4CY18Q1
Cortex-M23 andCortex-M33
CY18Q3
© Arm 2017 16
Why STLs?
Any safety system relies on multiple error detection mechanisms
• ECC & parity
• DCLS
Software Test Libraries provide another detection mechanism
• Libraries are broken down in to functions that cover specific blocks of the CPU core to ensure correct behaviour
• Multiple suppliers across the ecosystem
TimingProtection
DCLS
LBIST
Error management
MBIST
Parity
© Arm 2017 18
Safety island concept
Combine ‘safety island’ with application processors
• Integrate checker functions into SoC
• Reduces BOM cost and footprint
• Sits on independent power and clock rails to reduce common cause failures
• Manages overall safety for SoC
• Enables both high compute with high safety integrity
SoC
Cortex-A
Cortex-R52
Cortex-A
Cortex-ACortex-A
Sensors(Cortex-M)
Sense Perceive Decide Actuate
CoreLink interconnect
Lockstep CPU
© Arm 2017 19
The system view: bringing it all together
Arm Cortex CPUs
Safety-certifiable Hypervisor
ASIL B partition
Gateway partition
Safety Certifiable RTOS / GPOSGPOS / RTOS
Non-critical partition
Infotainment (IVI)
Safety Certifiable RTOS / GPOS
Drivers
ASIL B partition
Instrument cluster
Applications
Drivers Drivers
Applications Applications
© Arm 2017 20
Arm leads the way in functional safety
Arm offers the most comprehensive, scalable portfolio for safety.
Arm is addressing higher compute performance and higher safety integrity requirements.
Targeted products such as Software Test Libraries reduce certification burdens and shorten time to market.
2222 © 2017 Arm Limited
The Arm trademarks featured in this presentation are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners.
www.arm.com/company/policies/trademarks