Arm Community
Arm Community
  • Site
  • User
  • Site
  • Search
  • User
Arm Community blogs
Arm Community blogs
Embedded and Microcontrollers blog Addressing functional safety applications with ARM Cortex-R5
  • Blogs
  • Mentions
  • Sub-Groups
  • Tags
  • Jump...
  • Cancel
More blogs in Arm Community blogs
  • AI blog

  • Announcements

  • Architectures and Processors blog

  • Automotive blog

  • Embedded and Microcontrollers blog

  • Internet of Things (IoT) blog

  • Laptops and Desktops blog

  • Mobile, Graphics, and Gaming blog

  • Operating Systems blog

  • Servers and Cloud Computing blog

  • SoC Design and Simulation blog

  • Tools, Software and IDEs blog

Tags
  • Cortex-R
  • automotive
  • automation
  • Cortex-R5
  • functional_safety
  • fmea
  • industrial
  • safety
  • medical
Actions
  • RSS
  • More
  • Cancel
Related blog posts
Related forum threads

Addressing functional safety applications with ARM Cortex-R5

Neil Werdmuller
Neil Werdmuller
January 21, 2015

As electronics become ever more pervasive in the automotive, industrial automation and medical device sectors, fault-tolerant electronics sub-systems are becoming a standard requirement. Designing these systems with Cortex-R series processors that have a high level of fault tolerance realizes benefits such as:

  • Improved reliability
  • Enhanced fault detection and coverage
  • Reduced cost of operation

Functional safety support is increasingly becoming an essential part of these systems. As the various functional safety standards continue to develop in complexity, ARM has developed the Cortex-R5 Safety Documentation Package to speed time to market, simplify the certification effort and enable higher levels of certification to be obtained.


Key technologies to support functional safety in the ARM Cortex-R series


The ARM Cortex-R series processors have been developed to be used in applications that require high dependability and detection of any errors that can arise in the processor or the system. The types of faults that can occur in any system include hardware faults (such as failures from aging memory or temperature induced stresses) that cause erroneous values and random faults (such as random radiation hits to the silicon which ‘flip’ a bit or gate or even cause permanent hardware damage). If the system has safety implications, where any failure could have serious consequences, then any error must be detected and handled in the appropriate way for the particular system.

For addressing this, two key strategies exist:

  • Detection of errors in memory: Additional Error Correcting Codes (ECC) are appended to all memory values and checked before the data is used. This enables automatic detection and correction of single bit errors and detection, but not correction, of multiple bit errors. This requires the use of wider memory that has extra bits to store the ECC and is used on all memories in the system, including caches and tightly coupled memory (TCM). The processor automatically checks the ECC codes when data is read in, and automatically corrects single bit errors, and signals the error to the system if it is uncorrectable. On writing memory the processor automatically creates the ECC codes. The Cortex-R5 also enables detection of errors on all the buses that connect the processor to the system.

EEC Picture.jpgECC on Reading TCM

  • Detection of errors in the processor: Radiation could hit any gate in a system and if this causes an error, not in the memory but in the actual logic, then this must also be detected. Dual Core Lock Step (DCLS) implements two identical processors with identical inputs, though one is slightly delayed to ensure events that affect the whole system at the same time are detected, and checks that the output from both processors are identical. If the compared outputs do not match then there must have been an error in the system and this is signaled so the system can take the appropriate action.
DCLS Diagram.jpg

Redundant Dual Core Lock Step

These key areas, when combined with many other features within the Cortex-R series enable SoCs and wider systems to be developed that meet the requirements of many functional safety standards.

The Cortex-R series have been adopted by more than 70 partners, many of whom rely on the error detection features. The processors have shipped in more than 1.5 billion devices and their reliability proven in many markets such as automotive, industrial, storage and medical, where data integrity is critical.


However, just having a processor with these features is not sufficient to meet the needs of applications which have functional safety requirements.


How does ARM support functional safety for the Cortex-R5?


Functional safety standards such as ISO 26262 and IEC 61508 require evidence to demonstrate particular system or system component properties. The safety documentation package for Cortex-R5 has been designed to simplify certification, and helps SoC integrators develop and demonstrate the required level of functional safety.


In the context of functional safety standards, ISO 26262 in particular, semiconductor IP can be treated as a safety element out of context (SEooC). For such elements the actual use cases are not necessarily known during design time. This is of course exactly the case for Cortex-R5, which can be used in a huge number of real-time applications. The safety documentation package has been designed with this in mind, to allow SoC integrators to develop products for particular applications with safety requirements.

Safety Package Diagram.jpgCortex-R5 Safety Documentation Package for SoC integrators

The Cortex-R5 Safety Documentation Package contains information about the Cortex-R5 product itself, focusing on its fault detection and control mechanisms such as dual-core lock-step and memory protection options with ECC or parity. To facilitate integration of the Cortex-R5 into safety-related designs, an FMEA report with example failure rate distributions is also included.

The information is structured into a set of three documents: Cortex-R5 Safety Manual, Cortex-R5 FMEA Report, and a document describing the allocation of roles and responsibilities for functional safety in projects integrating the Cortex-R5 processor. The Safety Manual includes details on measures used to avoid and control systematic faults during the processor design and verification activities. It also includes details on the processor behavior when faults are detected. The FMEA Report includes a detailed analysis of the design, which can be used a starting point for system-level safety concept definition and subsequent analyses.


This information helps the SoC integrators to create required safety documentation for their products, reducing the time to market for new products. The information can also be used to support functional safety assessment activities for the SoC products with an integrated Cortex-R5 processor.


ARM is only making this information available for the SoC integrators. Therefore if you are a system or software developer targeting safety-related designs, you need to refer to any safety documentation provided by your SoC vendor. The key reason for this is the fact that Cortex-R5 is highly configurable, with different configuration options having possible impact on the processor fault behavior. Since the ARM Safety Manual for Cortex-R5 describes all these configuration options, we want to ensure that any safety documentation available to system and software developers correctly reflects the actual feature set of your chosen SoC implementation.


It's worth remembering that complementary to the Cortex-R5 Safety Documentation Package, the ARM Compiler toolchain has also been certified by TÜV SÜD, a recognized safety industry expert. The TÜV Certificate and the accompanying report confirm that the ARM Compiler 5.04 fulfils the requirements for development tools for safety-related applications. This enables you to use the ARM Compiler 5.04 for safety-related development up to SIL 3 (IEC 61508) or ASIL D (ISO 26262) without further qualification activities when following the recommendations and conditions documented in the Qualification Kit.


For related information please see the whitepaper "Safety standards in the ARM ecosystem". We will be expanding support for functional safety for our CPU products this year, so please keep an eye open for further announcements!

Anonymous
Embedded and Microcontrollers blog
  • Formally verifying a floating-point division routine with Gappa – part 2

    Simon Tatham
    Simon Tatham
    A method of testing whether a numerical error analysis using Gappa really matches the code it is intended to describe.
    • September 4, 2025
  • Formally verifying a floating-point division routine with Gappa – part 1

    Simon Tatham
    Simon Tatham
    Learn the basics of using Gappa for numerical error analysis, using floating-point division in Arm machine code as a case study.
    • September 4, 2025
  • Adapting Kubernetes for high-performance IoT Edge deployments

    Alexandre Peixoto Ferreira
    Alexandre Peixoto Ferreira
    In this blog post, we address heterogeneity in IoT edge deployments using Kubernetes.
    • August 21, 2024