Abstract
RISC-V Instruction Set Architecture (ISA) is gaining significant popularity in Europe as the main driver for developing open source hardware. Commercial products and academic prototypes based on RISC-V become increasingly available, including cores, components and full systems-on-chip (SoCs). While those RISC-V IPs are suitable for many markets, those with safety requirements (e.g., automotive, space, avionics, health, railway) need specific support rarely available in RISC-V developments. Such support relates to observability and controllability features to ease verification, validation and the implementation of safety measures. Among those requirements, SoCs targeting the most stringent safety levels must provide some form of diverse redundancy to avoid the so-called Common Cause Failures (CCFs).
This work presents and compares some technologies providing diverse redundancy for cores that lack appropriate native support (e.g., dual-core lockstep – DCLS). In particular, we introduce the SafeDX group of components, which include two components enforcing diverse redundancy across cores, either by hardware means (SafeDE) or software-only means (SafeSoftDR), as well as one component measuring the diversity across two cores executing redundant tasks (SafeDM). We show the different tradeoffs in terms of software constraints, hardware intrusiveness, and compatibility with existing SoCs that make each of the three SafeDX components best suited for alternative deployment scenarios.
This work has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement no. 871467. This work has also been partially supported by the Spanish Ministry of Science and Innovation under grant PID2019-107255GB-C21 funded by MCIN/AEI/10.13039/501100011033.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
ASIL stands for Automotive Safety Integrity Level. There are 4 ASIL levels being ASIL-A, the lowest integrity – yet safety-related – category, and ASIL-D, the highest. Non-safety-related items are allocated QM (Quality Managed) level.
References
Alcaide, S., Kosmidis, L., Hernandez, C., Abella, J.: Software-only based diverse redundancy for ASIL-D automotive applications on embedded HPC platforms. In: 2020 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT), pp. 1–4 (2020). https://doi.org/10.1109/DFT50435.2020.9250750
Bas, F., et al.: SafeDE: a flexible diversity enforcement hardware module for light-lockstepping. In: IEEE International Symposium on On-Line Testing and Robust System Design (IOLTS), pp. 1–7 (2021). https://doi.org/10.1109/IOLTS52814.2021.9486715
Bas, F., Benedicte, P., Alcaide, S., Cabo, G., Mazzocchetti, F., Abella, J.: SafeDM: a hardware diversity monitor for redundant execution on non-lockstepped cores. In: IEEE Design, Automation and Test in Europe Conference (DATE), pp. 1–6 (2022)
Cabo, G., et al.: SafeSU-2: safe statistics unit for space MPSoCs. In: IEEE Design, Automation and Test in Europe Conference (DATE) (2022)
Cabo, G., et al.: SafeSU: an extended statistics unit for multicore timing interference. In: IEEE European Test Symposium (ETS) (2021)
CAES Gaisler: GRLIB IP Library. https://gaisler.com/index.php/products/ipcores/soclibrary
CAES Gaisler: NOEL-V Processor. https://gaisler.com/index.php/products/processors/noel-v
EN50129 - railway applications. communication, signalling and processing systems. Safety related electronic systems for signalling (2003)
EN50128 - railway applications: Communication, signalling and processing systems - software for railway control and protection systems (2011)
EN50126 - railway applications: The specification and demonstration of dependability, reliability, availability, maintainability and safety (rams). Generic RAMs process (2017)
FRACTAL Consortium: FRACTAL website (2021). https://www.fractal-project.eu/. Accessed May 2022
Hernàndez, C., et al.: Selene: self-monitored dependable platform for high-performance safety-critical systems. In: 2020 23rd Euromicro Conference on Digital System Design (DSD), pp. 370–377 (2020). https://doi.org/10.1109/DSD51259.2020.00066
Infineon: AURIX Multicore 32-bit microcontroller family to meet safety and powertrain requirements of upcoming vehicle generations. http://www.infineon.com/cms/en/about-infineon/press/press-releases/2012/INFATV201205-040.html
International Standards Organization: ISO/DIS 26262. Road Vehicles - Functional Safety (2009)
Lojo, A., et al.: The ECSEL fractal project: a cognitive fractal and secure edge based on a unique open-safe-reliable-low power hardware platform. In: 2020 23rd Euromicro Conference on Digital System Design (DSD), pp. 393–400 (2020). https://doi.org/10.1109/DSD51259.2020.00069
Mazzocchetti, F., et al.: SafeSoftDR: a library to enable software-based diverse redundancy for safety-critical tasks. In: FORECAST: Functional Properties and Dependability in Cyber-Physical Systems Workshop (held with HiPEAC conference) (2022)
NSI-TEXE: NS31A : RISC-V 32bit CPU which supports ISO26262 ASIL D. https://www.nsitexe.com/en/ip-solutions/ns-series/ns31a/
RISC-V International: RISC-V International website. https://riscv.org/
RTCA and EUROCAE: DO-178B/ED-12B, Software Considerations in Airborne Systems and Equipment Certification (1992)
RTCA and EUROCAE: DO-254/ED-80, Design Assurance Guidance for Airborne Electronic Hardware (2000)
Sala, O., et al.: SafeTI: a hardware traffic injector for MPSOC functional and timing validation. In: IEEE International Symposium on On-Line Testing and Robust System Design (IOLTS), pp. 1–7 (2021). https://doi.org/10.1109/IOLTS52814.2021.9486689
SELENE Consortium: SELENE website (2021). https://www.selene-project.eu/. Accessed May 2022
ISO/PAS 21448 road vehicles - safety of the intended functionality (2019)
STMicroelectronics: 32-bit Power Architecture microcontroller for automotive SIL3/ASILD chassis and safety applications (2014)
Wessman, N.J., et al.: De-RISC: the first RISC-V space-grade platform for safety-critical systems. In: 2021 IEEE Space Computing Conference (SCC), pp. 17–26 (2021). https://doi.org/10.1109/SCC49971.2021.00010
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Canal, R. et al. (2022). SafeDX: Standalone Modules Providing Diverse Redundancy for Safety-Critical Applications. In: Orailoglu, A., Reichenbach, M., Jung, M. (eds) Embedded Computer Systems: Architectures, Modeling, and Simulation. SAMOS 2022. Lecture Notes in Computer Science, vol 13511. Springer, Cham. https://doi.org/10.1007/978-3-031-15074-6_24
Download citation
DOI: https://doi.org/10.1007/978-3-031-15074-6_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-15073-9
Online ISBN: 978-3-031-15074-6
eBook Packages: Computer ScienceComputer Science (R0)