© Arm 2017

James Scobie

Senior Product Manager, Arm

Arm Tech Symposia 2017, Hsinchu

Functional safety: What is Arm doing to support this

critical capability?

© 2017 Arm Limited

© Arm 2017 2

Agenda

• What’s new

• Standards and trends

• Safety portfolio

• Bringing it all together

© Arm 2017 3

What’s new with functional safety in 2017?

New products New capabilities

ASIL D on Cortex-A

New software

Software Test Libraries (STLs)

Arm Compiler 6

© Arm 2017 4

Organizing for growth

Automotive line of business established

Create a vibrant ecosystem through collaboration and thought leadership

Functional Safety Center of Excellence

The world drives on Arm-based technologies

© Arm 2017

Standard and trends

© Arm 2017 6

Increasing complexity in functional safety markets

AutomotiveAutonomous driving

IndustrialFactory automation

HealthcareRobotic surgery

TransportationTrain control systems

AvionicsFlight systems

ConsumerDomestic robots

© Arm 2017 7

What is driving system complexity?

Compute-intensive applications

Software delivered from multiple vendors

Security threats growing exponentially

Higher safety integrity requirements

© Arm 2017 8

Workload consolidation

‘Mixed-criticality’ systems

Reduce development cycles

Reduce physical footprints

Reduce attack surface

Individual tasks on separate SoCs

Safe task A

Task DTask CSafe

task B

GPOSRTOS

SoC SoC SoCSoC

RTOS RTOS

Multi-core CPU

Safety app

Security app

GUIServo

control

Monitor / hypervisor

RTOS GPOS

Vision

© Arm 2017 9

Applicable standards – scaling across verticals

Standards always represent an industry consensus

• Long lead times for standards development (5-10 years)

• Often lagging behind true state-of-the-art

Functional safety

of E/E/PE systemsIEC 61508

Automotive

ISO 26262

Railways

EN 5012x

Machinery

IEC 62061ISO 13849

Aviation

DO-178DO-254

Medical

IEC 62304

Industrial

IEC 61511IEC 61513

Safety Integrity Levels

HighLow

SIL 1ASIL A

SIL 2ASIL B

SIL 3ASIL DASIL C

© Arm 2017 10

Requirements: From IP to system

IP integratore.g. MCU designer

Tier 1 designer Automotive OEMIP supplier

ISO 26262

-1-2-3-4-5-6-7-8-9

Applicable requirementNot applicable requirements

Requirements, assumptions

Supporting documentation (evidence)

ISO 26262

-1-2-3-4-5-6-7-8-9

ISO 26262

-1-2-3-4-5-6-7-8-9

ISO 26262

-1-2-3-4-5-6-7-8-9

© Arm 2017 11

Arm functional safety package

• Design and verification process

• Fault detection and control

• Verification summary

• Assumptions of use

Safety manual

• Evidence of safety analysis on the Arm IP

• Aids partners with their own SoC level FMEA

• Interworking relationship

• Replaces conventional DIA

• Ambiguity avoidance

FMEA reportDevelopment Interface Report

© Arm 2017

Safety portfolio

© Arm 2017 13

The broadest safety CPU portfolio

† availability dependent on processor

▪ Cache parity / ECC†

▪ Exception handling▪ MMU

▪ Exception handling▪ MPU

Cortex-M3/M4

Cortex-M0+

Cortex-A

Armv8-A

▪ Virtualization▪ Bus protection▪ SW test library▪ System error▪ Bus ECC▪ Error management▪ TCM ECC▪ MBIST interface▪ Dual core lockstep▪ Cache ECC▪ Exception handling▪ Two-stage MPU

▪ TCM ECC interface▪ MBIST interface▪ Dual core lockstep▪ Cache ECC▪ Exception handling▪ MPU

▪Dual core lockstep†

▪ECC interface†

▪Exception handling▪MPU▪Stack limit check

▪ Bus ECC▪ Error management▪ TCM ECC▪ MBIST interface▪ Dual core lockstep▪ Cache ECC▪ Exception handling▪ MPU

Cortex-M33Cortex-M23

Cortex-M7

Cortex-R52

Cortex-R5

▪ Cache parity / ECC▪ Exception handling▪ MMU▪ RAS features

Cortex-AA55…

SIL3/ASIL D systematic capabilitySIL2/ASIL B systematic capability

© Arm 2017 14

Beyond CPU – other assets

Arm Compiler 6

• Functional safety qualified

• Qualification kit

• Extended maintenance

System IP

• “Quality managed” IP across CCI, CMN, NIC, GIC, SMMU, CryptoCell and CoreSight

• Robust ASIL D roadmap with supporting collateral

© Arm 2017 15

What are Software Test Libraries (STL)?

The most optimized STLs for Arm cores with the best-in-class diagnostic coverage

• Complements the industry’s broadest safety CPU portfolio

• Delivered pre-certified for production software integration

• Targeting 90% diagnostic coverage

• Common API framework

• Minimized system impact

• Modularized tests executed across multiple fault tolerant time intervals (FTTI)

CPU Schedule

Cortex-R52 CY17Q4

Cortex-M0+, Cortex-M3, and

Cortex-M4CY18Q1

Cortex-M23 andCortex-M33

CY18Q3

© Arm 2017 16

Why STLs?

Any safety system relies on multiple error detection mechanisms

• ECC & parity

• DCLS

Software Test Libraries provide another detection mechanism

• Libraries are broken down in to functions that cover specific blocks of the CPU core to ensure correct behaviour

• Multiple suppliers across the ecosystem

TimingProtection

DCLS

LBIST

Error management

MBIST

Parity

© Arm 2017

The system view

© Arm 2017 18

Safety island concept

Combine ‘safety island’ with application processors

• Integrate checker functions into SoC

• Reduces BOM cost and footprint

• Sits on independent power and clock rails to reduce common cause failures

• Manages overall safety for SoC

• Enables both high compute with high safety integrity

SoC

Cortex-A

Cortex-R52

Cortex-A

Cortex-ACortex-A

Sensors(Cortex-M)

Sense Perceive Decide Actuate

CoreLink interconnect

Lockstep CPU

© Arm 2017 19

The system view: bringing it all together

Arm Cortex CPUs

Safety-certifiable Hypervisor

ASIL B partition

Gateway partition

Safety Certifiable RTOS / GPOSGPOS / RTOS

Non-critical partition

Infotainment (IVI)

Safety Certifiable RTOS / GPOS

Drivers

ASIL B partition

Instrument cluster

Applications

Drivers Drivers

Applications Applications

© Arm 2017 20

Arm leads the way in functional safety

Arm offers the most comprehensive, scalable portfolio for safety.

Arm is addressing higher compute performance and higher safety integrity requirements.

Targeted products such as Software Test Libraries reduce certification burdens and shorten time to market.

2121

Thank You!Danke!Merci!謝謝!ありがとう!Gracias!Kiitos!

© 2017 Arm Limited

2222 © 2017 Arm Limited

The Arm trademarks featured in this presentation are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners.

www.arm.com/company/policies/trademarks