As electronics become ever more pervasive in the automotive, industrial automation and medical device sectors, fault-tolerant electronics sub-systems are becoming a standard requirement. Designing these systems with Cortex-R series processors that have a high level of fault tolerance realizes benefits such as:
Functional safety support is increasingly becoming an essential part of these systems. As the various functional safety standards continue to develop in complexity, ARM has developed the Cortex-R5 Safety Documentation Package to speed time to market, simplify the certification effort and enable higher levels of certification to be obtained.
The ARM Cortex-R series processors have been developed to be used in applications that require high dependability and detection of any errors that can arise in the processor or the system. The types of faults that can occur in any system include hardware faults (such as failures from aging memory or temperature induced stresses) that cause erroneous values and random faults (such as random radiation hits to the silicon which ‘flip’ a bit or gate or even cause permanent hardware damage). If the system has safety implications, where any failure could have serious consequences, then any error must be detected and handled in the appropriate way for the particular system.
For addressing this, two key strategies exist:
ECC on Reading TCM
These key areas, when combined with many other features within the Cortex-R series enable SoCs and wider systems to be developed that meet the requirements of many functional safety standards.
The Cortex-R series have been adopted by more than 70 partners, many of whom rely on the error detection features. The processors have shipped in more than 1.5 billion devices and their reliability proven in many markets such as automotive, industrial, storage and medical, where data integrity is critical.
However, just having a processor with these features is not sufficient to meet the needs of applications which have functional safety requirements.
Functional safety standards such as ISO 26262 and IEC 61508 require evidence to demonstrate particular system or system component properties. The safety documentation package for Cortex-R5 has been designed to simplify certification, and helps SoC integrators develop and demonstrate the required level of functional safety.
In the context of functional safety standards, ISO 26262 in particular, semiconductor IP can be treated as a safety element out of context (SEooC). For such elements the actual use cases are not necessarily known during design time. This is of course exactly the case for Cortex-R5, which can be used in a huge number of real-time applications. The safety documentation package has been designed with this in mind, to allow SoC integrators to develop products for particular applications with safety requirements.
The Cortex-R5 Safety Documentation Package contains information about the Cortex-R5 product itself, focusing on its fault detection and control mechanisms such as dual-core lock-step and memory protection options with ECC or parity. To facilitate integration of the Cortex-R5 into safety-related designs, an FMEA report with example failure rate distributions is also included.
The information is structured into a set of three documents: Cortex-R5 Safety Manual, Cortex-R5 FMEA Report, and a document describing the allocation of roles and responsibilities for functional safety in projects integrating the Cortex-R5 processor. The Safety Manual includes details on measures used to avoid and control systematic faults during the processor design and verification activities. It also includes details on the processor behavior when faults are detected. The FMEA Report includes a detailed analysis of the design, which can be used a starting point for system-level safety concept definition and subsequent analyses.
This information helps the SoC integrators to create required safety documentation for their products, reducing the time to market for new products. The information can also be used to support functional safety assessment activities for the SoC products with an integrated Cortex-R5 processor.
ARM is only making this information available for the SoC integrators. Therefore if you are a system or software developer targeting safety-related designs, you need to refer to any safety documentation provided by your SoC vendor. The key reason for this is the fact that Cortex-R5 is highly configurable, with different configuration options having possible impact on the processor fault behavior. Since the ARM Safety Manual for Cortex-R5 describes all these configuration options, we want to ensure that any safety documentation available to system and software developers correctly reflects the actual feature set of your chosen SoC implementation.
It's worth remembering that complementary to the Cortex-R5 Safety Documentation Package, the ARM Compiler toolchain has also been certified by TÜV SÜD, a recognized safety industry expert. The TÜV Certificate and the accompanying report confirm that the ARM Compiler 5.04 fulfils the requirements for development tools for safety-related applications. This enables you to use the ARM Compiler 5.04 for safety-related development up to SIL 3 (IEC 61508) or ASIL D (ISO 26262) without further qualification activities when following the recommendations and conditions documented in the Qualification Kit.
For related information please see the whitepaper "Safety standards in the ARM ecosystem". We will be expanding support for functional safety for our CPU products this year, so please keep an eye open for further announcements!