All these systems require functional safety that ensures that products are able to operate safely and are able to continue to do so even if they fail.
For example, the ISO 26262 standard for automotive electronics defines functional safety as being the absence of ‘unreasonable risk due to hazards caused by malfunctioning behaviour of electrical or electronic systems’.
Standards for functional safety vary from market to market and will have their own definitions as to what constitutes functional safety and, more importantly, will provide guidance in terms of what is required in terms of safe product development.
However, whatever those definitions are and how they pertain to a particular sector, in practice when the issue of functional safety is discussed it means a system that is demonstrably safe when assessed by a third party and that behaves in a predictable manner even if it should develop a fault.
If a system does develop a fault it should be able to provide full functionality or, if that’s not possible, degrade ‘gracefully’, providing reduced functionality or just simply shutting down completely.
Faults do not always result in hazardous situations and timing delays are usually built into most systems, which means that devices will be able to operate and tolerate faults for an extended period of time.
But that will depend on the nature of any potential hazardous event and how the system has been designed.
ARM has recently launched a real-time processor core with a number of advanced safety features. Called the Cortex R-52, the core has been engineered to help move the company into new, fast growing markets and has been designed with extended safety features, a much higher level of performance and hard determinism.
“We’re targeting the automotive, healthcare and industrial spaces with the Cortex R-52, which looks to address functional safety and is capable of detecting and managing faults in real time,” said Phil Burr, product marketing manager. “It has been specifically designed to comply with ISO 26262 ASIL D and IEC 61508 SIL 3, which are among some of the most stringent safety standards in the automotive and industrial markets.”
According to Burr: “It is our most advanced processor for safety and is intended to simplify the integration of software in complex safety systems and is intended for systems that require not only advanced safety features but both efficient and responsive execution.
“It has been designed from the ground up,” Burr continued, “and is the first processor built using the ARMv8-R architecture.”
According to ARM, STMicroelectronics will be the first of its partners to license the processor, which will be used in integrated SoCs for the automotive market. The company has also said it is in conversation with car manufacturers, including Ford, BMW and Volvo, as well as with Uber and Google who are working in the autonomous space about installing the chip in cars.
“The development of the Cortex R-52 has come in response to the rise in the number and sophistication of applications in which safety is important,” explained James Scobie, a senior product developer at ARM. “Wherever there is a risk of loss of life or limb due to machine-human interaction, the R-52 could be deployed.”
The chip works by identifying and then rectifying faults explains Burr, “whether there’s a problem with the hardware, software or if a device has been hacked. It is able to address higher workloads with increased performance, when compared to the Cortex-R5.”
ARM is seen as being particularly interested in cracking the automotive market where many prospective customers have never used an ARM processor.
“The automotive sector is a classic example of a sector in which functional safety is becoming more important,” Burr said. “Whether in terms of engine management, which is becoming ever more stringent, or with driving systems that are now being required to deliver more. We can, for example, use the Cortex R-52 to find problems in a vehicle’s braking or steering. In an autonomous vehicle that will be crucial when it comes to obstacle avoidance, for example. Ensuring the passenger’s safety is critical.”
According to Scobie, ARM is working with partners to meet particular market opportunities, “not only in the automotive space but across robotics systems deployed, for example in healthcare and the industrial space – wherever specific functionality is required for safety-critical tasks.” By documenting the strict development process, fault modelling and supporting software isolation, “we are able to support a faster route to market for partners addressing these applications.”
“When you look at the industrial space,” Burr added, “we are seeing a move to the use of more collaborative robots which are increasingly autonomous but having to operate more closely with humans. These devices not only have to be safe but should someone step out in front of them or behave differently they will have to be able to manage and change their behaviours in response.”
The Cortex-R52 offers hardware-enforced separation of software tasks to ensure safety-critical code is fully isolated. This means that it allows the hardware to be managed by a software hypervisor which polices the execution and resourcing of tasks.
“By enabling the precise and robust separation of software, the Cortex-R52 decreases the amount of code that must be safety-certified, so helping to speed up development as software integration, maintenance and validation is made easier,” Burr noted.
The ARM Cortex-R52 delivers a very high level of integrated capability for functional safety, more than any previous ARM processor and builds on the capabilities of the Cortex-R5 processor to meet the rising performance needs of advanced real-time embedded systems.
The processor also deals with increased software complexity while delivering the determinism and fast context switching that real-time systems demand.
“Today processors and MCUs need to be able to manage more of the safety,” Burr suggested.
The new processor, which took ARM five years to develop, “is able to switch between tasks 14 times faster than its predecessor model, the Cortex R-5,” Burr asaid, “but not only that, it offers a 35% uplift in terms of performance.”
ARM isn’t the only chipmaker pushing into the expanding market for safety-critical chips however. Intel recently purchased the Italian semiconductor designer Yogitech, which specialises in the development of safety chips.
The Cortex R-52 will enable ARM to fill a critical gap in its existing intellectual property portfolio, according to Scobie and should be able to “bolster ARM’s position in the market for connected devices.”