Debut for safety-critical ARMv8 core
ARM has launched the first of its Cortex-R series of processors to be based on the v8R architecture, providing greater protection for software tasks from each other and speedups for interrupts and context switches over its predecessor.
Ian Smythe, director of marketing programs at ARM, said: “The Cortex-R52 is a ground-up design for safety and performance for markets like automotive, industrial and healthcare. They are becoming incredibly complex systems. The aim is to allow systems integrators to design and verify safe software more quickly.”
Smythe said a typical use-case for the R52 would be in multicore ADAS implementations where the R-series processor would perform decisions based on data processed by a network of Cortex-A cores. The Cortex-R52 implements memory and I/O separation for software using virtualization so that worker tasks running on the core itself do not overwrite or interfere with the tasks that need certification to high ASIL criteria.
Phil Burr, product marketing manager at ARM, added: “What we are ending up with is multiple pieces of software with multiple criticality needs running on the same processor. The safety software all needs to be validated and certified, but the Cortex-R52 reduces the overall software complexity. By guaranteeing the independence of tasks, if a change is made to a low criticality routine the safety-critical parts don’t need to be certified and validated.
Separation is vital for reducing the amount of certification.”
The core change made to enforce separation is an additional privilege layer compared to previous Cortex-R devices to support a hypervisor running above the guest operating systems. This is combined with a second-level memory protection unit (MPU) to isolate the different guest operating systems from each other.
Burr said, measured on the EEMBC automotive benchmarks, the R52 is around 35 per cent faster than the the R5. Interrupt handling is two times faster with context switching receiving a further boost of hundreds of cycles thanks to changes in the way that the MPU is reconfigured during a switch, according to James Scobie, senior product manager for Cortex-R at ARM
Scobie said hardware I/O accesses made by tasks will trap into software routines controlled by the hypervisor – these do not receive hardware acceleration. “Switching between the hypervisor and user task can happen directly,” he added, to avoid having to perform multiple, time-wasting context switches to handle I/O transactions.
The R52 has been designed for lock-step operation, Scobie added, which should mean customers do not have to perform the integration changes that are inevitable for a processor that has not been designed with this type of operation in mind. “We know that it will work because we have done trial implementations,” he said.
ARM expects typical designs using the R52 to target the 28nm family of processes, with a 1GHz clock being a comfortable target.