The answer is functional safety applications. At least, that's where TI's ARM® Cortex™-R cores are utilized - in high performance, real-time microcontrollers. As many real-time applications are now required to integrate functional safety, our customers need controllers and the supporting safety materials to help them get their safety conforming products to market as quickly and painlessly as possible.
While extremely compatible from an instruction set perspective, the Cortex-R series processors differ from both the Cortex-A and Cortex-M series processors. Most notably, the Cortex-R core offers much higher performance than the Cortex-M while offering the deterministic operation that can be difficult to achieve with an application processor like the Cortex-A series. So, performance-wise the Cortex-R is positioned between Cortex-A and Cortex-M but, in general, is targeted in-silicon for microcontrollers vs. microprocessors.
The Cortex-R core utilizes a Harvard architecture and provides higher clock frequency via its deep 8-stage dual issue pipeline and superscalar execution. Hardware SIMD instructions provide very high-performance digital signal processing and media functions. In addition, the Cortex-R is set apart by its performance-enhancing features not found on your typical microcontrollers such as an instruction pre-fetch unit, branch prediction and a hardware divider. These architectural features help enable the high DMIPs/MHz benchmark of the Cortex-R4 and Cortex-R5 (>1.6). Other interesting feature of the Cortex-R is that the IEEE-754 compliant floating-point pipeline supports both single precision (32-bit) and double precision (64-bit) formats and operates in parallel to the fixed-point pipeline.
The cores use tightly coupled low-latency memories local to the processor, which allow for quicker responses to real-time events and high-performance interrupt handling that is both predictable and bounded to help you budget and meet your real-time deadlines. The high performance and high determinism of the Cortex-R enables very quick response in real-time to events that a functional safety application probably requires.
If you are in the safety business, when you hear about functional safety for programmable electronic components, you may first think of IEC 61508. This basic international safety standard has been around for almost 20 years and has been applied to many, many industries. Functional safety applies to transportation (aerospace, railway and off-road vehicles), industrial, medical and renewable energy, just to name a few. All of these industries have either developed their own safety standard or have been directed to comply with some other international safety standard, like IEC 61508. Of particular note, in 2012, the automotive industry had its own international functional safety standard ratified - ISO 26262.
So, what exactly makes these Cortex-R cores good for functional safety? First and foremost, unique to the ARM Cortex-R core, are a number of configurable features enabling error detection. These features are options that ARM has designed directly into the core and include ECC detection/correction protecting the Level-1 memory systems and buses, user and privileged software operating modes with Memory Protection (MPU), and the support of dual-core Lock Step (DCLS) redundant core configurations.
While TI adds many additional MCU-level features to make our Hercules™ MCUs suitable for use in applications requiring conformance to IEC 61508 SIL-3 or ISO26262 ASIL-D, for this article, we want to focus on the safety features of the core itself. So, why should you care about dual core lockstep (DCLS)? Well, if you are a software engineer working on a safety project DCLS could make your life a whole lot easier. This is especially true if you are using two MCUs or two independent cores as your approach to diagnosing errors in your core.
There are a couple of specific challenges with the independent core approach. First, you have to write "extra" code on each MCU to monitor the other. Second, you have now made that extra code a fundamental part of your system safety case which means you must create all the evidence required to mount a serious defense of the development process, functionality, diagnostic coverage, error responsiveness, etc of every line of that code. With DCLS, this "extra" safety-critical code and the need to defend it goes away. There is still plenty of safety-related code that needs to be written but this bit can be taken off your plate.
"Dual core lockstep" may be easier to think about as a combination of a main processor and the checker. As a programmer, your core/programming model is no different from a "typical" single core MCU. The second core, the checker, along with comparison logic, now does the job (and then some) of the "extra" code above. In fact, the comparison logic can signal a fault in just a few CPU cycles compared to the discrete core approach that could take hundreds or even thousands of cycles to detect and notify. So, DCLS is much faster at detecting the fault and can save person-weeks of software and safety-case development time.
I think most folks understand the concept of Single Error Correct-Double Error Detect Error Correcting Codes (ECC) but if not, the benefits of ECC as well as MPU-based protection in functional safety applications could be subjects for future blog posts.
If you're interested in experimenting with ARM Cortex-R cores, you should try out TI's dual-core Hercules LaunchPad for just $19.99. It's an easy (and inexpensive) way to evaluate the ARM Cortex-R core and TI's Hercules MCUs. And if you want a more in-depth study of the Hercules safety features and their advantages check out the SafeTI™ Hitex Safety Kit.
I'm curious, if you've experimented with safety application development, which core or product did you use?
Brian Fortman is currently a product marketing manager for Hercules™ microcontrollers (MCUs) at Texas Instruments. He was instrumental in the launch of the Hercules MCU platform in 2010. Fortman has held several product line marketing roles at TI for automotive systems, including product line strategy manager in TI's automotive Embedded processor and advanced embedded control team, as well as worldwide marketing manager of TI's automotive infotainment business.