ARM Cortex-R52 Meets Challenge of Autonomous Systems

The new ARM® Cortex®-R52 can meet raised functional safety standards across multiple markets, from automotive to industrial and including healthcare. ARM Product Manager, James Scobie, tells Caroline Hayes how the company’s latest processor can meet raised standards in increasingly complex systems.

Across multiple markets, automation is increasing complexity in electronic systems, fuelling demand for functionally safe operation. In vehicles, there are already driver assistance systems, with functionality on the way to autonomy, such as automatic lane changing. Engine management systems are also increasingly complex to meet stringent emission controls. They must also control the engine to prevent damage or hazards, and, as electrification progresses, systems must control powerful motors and manage large Lithium-ion batteries, which contain significant amounts of energy.

The autonomous trend is also being seen in other areas. Conventional robotic production lines, where robots carry out a defined fixed task and are segregated from operators, are being replaced by collaborative industrial robots. These have unconstrained interaction with human operators, sensing their environment and taking action safely. They may be capable of selecting and placing the correct component while working in conjunction with a human operator. They are also being used in environments that are too harsh for humans, such as the nuclear industry.

Surgical robots are increasingly being used in operating theaters with remote surgery, and to deliver medication. In future, commercial autonomous drones are expected to need these characteristics.

As a result of these levels of automation, systems require functional safety at a higher level than previous generations of systems demanded. The new ARM® Cortex®-R52 processor has been introduced to addresses the challenging needs of these types of systems.

The automotive case

A functionally safe system has to be protected against two types of errors: random or systematic (Figure 1).

Figure 1: In a vehicle braking system, safety features in the processor protect against random errors and system faults.

Figure 1: In a vehicle braking system, safety features in the processor protect against random errors and system faults.

The impact of random errors, for example a memory bit flipping due to radiation, can be protected against through the inclusion of features in the processor. Cortex-R52 integrates the highest level of safety features of any ARM processor to guard against this type of error.

Figure 2: The features and processes within the Cortex-R52 that enhance functional safety within a system.

Figure 2: The features and processes within the Cortex-R52 that enhance functional safety within a system.

Systematic errors are typically the result of software or design errors. Protection against these is provided by appropriate processes and procedures at the design stage. Cortex-R52 has been developed from the ground up and a comprehensive safety documentation package simplifies and reduces the effort needed by SoC partners in certifying the end system.

There are a number of different standards and guidelines related to functional safety, such as ISO 26262. (For more information about functional safety, there is The Functional Safety Imperative in Automotive Design white paper.)

There are many, different applications where functional safety and fast, deterministic execution is necessary. In many real-time control systems, the application can be managed either with a single Cortex-R52 processor or across multiple homogeneous processors. This might be typical in a conventional control system, like an automotive engine management system or industrial controller.

Autonomous behavior

Functions in an autonomous system can be divided into four stages: sense, perceive, decide, actuate. In the first, a range of sensors gathers raw information. In the perceive stage, data from the sensors is used, with complex algorithms, such as machine learning, to interpret the environment in which the system operates. At the decide stage, outputs from the various systems are gathered ready for the fourth stage, where the decision is carried out or communicated.

ARM enables all aspects of these autonomous systems with processors from across the Cortex-A, Cortex-R and Cortex-M families being used according to the need of each stage (Figure 3). The decide and actuate stages must be functionally safe. For example, in an automotive system, the decision stage can take inputs from the navigation system, speed sensors and the vision and radar systems, and decide when to change lanes or to get ready to exit the highway.

Figure 3: The four stages in an autonomous system, in a Cortex-R52-based system.

Figure 3: The four stages in an autonomous system, in a Cortex-R52-based system.

These autonomous systems need to apply another level of judgement by interpreting more about the environment in which they are operating. These tasks can be confidence based and require high levels of throughput to process large amounts of data. Such operations are well suited to the Cortex-A class of processors.

The systems need to be functionally safe with deterministic execution. When combined together in a heterogeneous processor, the Cortex-R52 can provide a safety island to protect the operation of the system.

In the case of an Advanced Driver Assistance System (ADAS), inputs can be gathered from sensors such as cameras, radar and lidar. This data is processed and combined by the Cortex-A processors to identify and classify targets. The information can be passed to the Cortex-R52 to decide what action to take and perform the necessary checks to ensure safe operation.

Software challenges

Systems are also integrating more software from multiple sources, and with multiple safety criticality needs. This is a complex integration challenge. Safety critical software needs to be validated and certified. The interaction between the software means that the entire software stack would typically be safety certified, even if only a small proportion is safety critical. The more complex the system, the harder this becomes.

If the independence of safety critical code could be guaranteed, development and integration of functional safety software would be simplified, with clear separation between levels of software criticality. Safety code, critical safety code and non-safety code can each be validated and certified to the required level. Changes to one module do not require re-certification of all of the software.

ARMv8-R architecture

For many of these systems, this separation must be achieved whilst still maintaining deterministic execution.

Cortex-R52 provides the hardware to support both isolation and real-time execution, through the addition of a new exception level and two-stage MPU, introduced in the ARMv8-R architecture. Monitor or hypervisor software can manage access to resources and create sandboxes to protect each task. The design of the Cortex-R52 allows for fast switching between protected applications and maintains deterministic execution.

As well as protecting software, it simplifies the integration of code into a single processor. Using a hypervisor, multiple operating systems can be supported to consolidate applications.

Many systems require deterministic operation, with the appropriate action being controlled, and also performed at the right time, without significant delay, regardless of what else is happening in the system.

The Cortex-R family offers real-time processors and Cortex-R52 is the first processor in the ARMv8-R architecture and further extends the capabilities of the Cortex-R5, both in terms of functional safety and increased performance.

Cortex-R52 delivers up to 35% higher single core performance over Cortex-R5, when running standard benchmarks. (EEMBC certified Automotive Industrial benchmark, using the Green Hills Compiler 2017.)

This performance increase is enhanced by additional real time performance gains. Interrupt latency has been reduced to half that of the Cortex-R5 with fast access and integration of the interrupt controller within the cluster. The improved Memory Protection Unit, with finer granularity and faster reconfiguration, significantly reduces context switching time, to 14 times faster than the Cortex-R5. System performance is also increased as twice as many Cortex-R52s than Cortex-R5s can be integrated within a cluster.

Cortex-R52 supports an adaptable memory architecture with integrated deterministic Tightly Coupled Memories. These enable assured memory latencies and can be allocated to instruction or data and configured in a range of sizes. The processor supports a rich set of interface ports around which the system can be built, for example a low latency peripheral port, AXI interfaces and a dedicated wide Flash memory interface to provide access to resources with managed arbitration.

Ecosystem support

Ecosystem partners provide software packages, drivers, stacks, operating systems and tools to simplifying development. Adopters can leverage the common architecture to reduce costs as multiple suppliers address requirements. They can also can develop on a single platform and implement heterogeneous systems and port solutions between different platforms faster and with more reliable results. For more information visit software development tools for ARM Cortex-R.

One ecosystem partner is Synopsys, which has announced tool support for the Cortex-R52.

For an extended version of this piece, please visit the ARM Connected Community

Share and Enjoy:
  • Digg
  • Sphinn
  • Facebook
  • Mixx
  • Google

Tags: ,