As electrical/electronic (E/E) vehicle architectures continue to evolve toward centralized compute, the demand for high-performance processing, virtualization, and safety capabilities surges. After all, these are cornerstones of the software-defined vehicle. Earlier this year, we started working with Wind River Systems on a proof-of-concept that integrated Arm Software Test Library (STL) with Wind River® Helix Virtualization Platform (Helix Platform).
The results from this collaboration helps guide system architects and integrators to more easily address ISO26262 and IEC61508 hardware diagnostic coverage requirements in mixed-criticality systems. A detailed whitepaper is available now from Wind River’s website. Additionally, Stefan Harwarth, Senior Field Application Engineer at Wind River, summarizes findings and recommendations in his Arm DevSummit 2022 masterclass, available on demand.
Arm STLs provides a flexible and cost-effective way to self-test CPU functional logic for random permanent faults. As a complement to foundational hardware safety mechanisms, they extend diagnostic coverage and help demonstrate system safety metric goals. STLs are particularly useful for achieving ISO 26262 ASIL B requirements. In these applications, expensive hardware duplications, such as Dual-Core Lock-step (DCLS) are overkill and must be avoided. Similarly, methods that take processors offline for testing, such as Logic Built-In Tests (LBIST), are too intrusive and significantly impact system availability.
One of the main advantages of Arm STLs is flexibility. STLs can run both at boot- and run-time. At run-time, they can be regularly scheduled or run when the user application releases a CPU. Each time they are called, they can run all tests or just part of them to reduce latency. Furthermore, integrators are offered a choice of Exception Levels (EL) on Arm CPUs for executing most STL test functions (note that a small subset of optional control register tests require EL3 privileges).
However, with so many integration possibilities, what is the best approach to design STL into a system built on the Helix Platform? That is the question that Wind River, an industry leader in software for mission-critical systems, with assistance from our team at Arm, set out to answer. This was answered through a demonstrator platform running on a quad-core Arm Cortex-A53 CPU processor subsystem.
Three basic STL scheduling options have been explored, as per below, each offering advantages for different requirements:
Source: Wind River Systems Inc.
Wind River tests confirmed very low intrusiveness of the STL, regardless of the integration option. Including context switches and Exception level transitions, running the entire suite of applicable tests takes just between 50μs and 58μs. to complete. For reference, this equates to between 0.5% and 0.6% of total CPU capacity assuming Fault Tolerant Time Interval (FTTI) of 10ms.
With such a low impact on performance overall, STL integration choice is more likely to come down to considerations related to:
The technical content created with Wind River discusses many of these factors. Should you want to learn more, both Wind River and Arm will be happy to discuss strategies to help you achieve you safety goal faster.
Great blog post, very informative!