Unmanned Systems Technology 010 | nuTonomy driverless taxi | Embedded computing | HFE International marine powertrain | Space vehicles | Performance monitoring | Commercial UAV Show Asia report

12 Platform one ARM’s Cortex-R52 separates software tasks to isolate safety-critical code Processor core designer ARM has developed a real-time processor with advanced safety features for autonomous vehicles (writes Nick Flaherty). The ARM Cortex-R52 was designed to address functional safety in systems that have to comply with ISO 26262 ASIL D and IEC 61508 SIL 3, the most stringent safety standards in the automotive and industrial markets. This allows the R52 to be used as the safety monitor in a more complex, high- performance processor chip. “The Cortex-R52 is the first processor built on the ARM V8-R architecture, and it was designed from the ground up to address functional safety,” said James McNiven, general manager for CPU and media processing groups at ARM. “We are helping partners to meet particular market opportunities, especially in fully autonomous vehicles and robotics systems where specific functionality is required for safety-critical tasks. Documenting the strict development process, fault modelling and supporting software isolation helps our partners with a faster route to market.” ARM developed the V8-R instruction set and architecture two years ago for safety-critical applications, and has now produced the design of a processor core. The key to the Cortex-R52 is hardware-enforced separation of software tasks to ensure that the safety- critical code is fully isolated. This allows the hardware to be managed by a software hypervisor policing the execution and resourcing of tasks. The separation reduces the amount of code that must be safety-certified, speeding up development by making the software integration, maintenance and validation easier. The processor also deals with increased software complexity while delivering deterministic responses in a set time and the fast context switching that real-time systems need. The core is 35% faster than the existing R5 core, which was based on the previous V7 architecture. This comes from the AutoBench developed by the EEMBC company, which gave a score of 1.36 Automark/MHz using the Green Hills Compiler 2017. The design has been licensed to STMicroelectronics to create highly integrated ‘systems on chips’ for the automotive market. Combined with other processors such as ARM’s Cortex A-series, the R52 provides a safety island to protect the operation of the system. For an autonomous system controller, inputs can be gathered from sensors such as cameras, radar and Lidar. This data is processed and combined by the Cortex-A processors to identify and classify targets.  That information can be passed to the Cortex-R52, which is unique in providing the hardware to support both isolation and real-time execution, and is achieved by adding a new exception level and two-stage processor unit that was introduced in the V8-R architecture. This can be used by monitor or hypervisor software to manage access to resources and create sandboxes to protect each task. This allows system developers to partition their core into a smaller, faster safety block that also has a smaller attack surface to protect against cyber attacks and is easier to test. Safety first for real-time chip Functional safety October/November 2016 | Unmanned Systems Technology Separation allows the hardware to be managed by a software hypervisor, which polices task execution and resourcing