The unprecedented advances in software and AI that are defining software-defined vehicles (SDVs) require new levels of performance, efficiency, safety and security. This is a challenge that we set out to meet through a brand-new suite of leading-edge processors that expands the portfolio of Arm Automotive Enhanced (AE) IP. However, our functional safety strategy goes beyond the hardware alone, with a comprehensive package of support covering software test libraries (STLs), tools and compilers. This enables our automotive partners to seamless integrate Arm-based safety solutions into their designs.  

Arm’s heritage in compute safety

Arm has been trusted as a leader in safety-enabled compute by the automotive industry for more than 30 years. The latest Arm AE IP continue this heritage with a full suite of safety capable products. Built on the Armv9-A architecture, the IP bring a comprehensive range of functional safety features across a broad range of automotive applications. From autonomous driving and advanced driver-assistance systems (ADAS) to digital cockpit, in-vehicle Infotainment (IVI) and zonal controllers.

The new Arm AE IP are all underpinned by a consistent application of systematic functional safety capabilities of up to ASIL D integrity level and out of the box ASIL B Diagnostic coverage with STLs for the core IP portfolio. The functional safety strategy of Arm looks at ways to provide our partners with better flexibility in terms of the features and functions that they can deploy. It also enables our partners to build highly safe, dependable and reliable automotive computing systems.

The range of Arm Automotive Enhanced IP products

Functional safety through new CPU cluster configurations

Our latest generation of Cortex-A class AE CPUs – the Arm Cortex-A720AE and Cortex-A520AE – enable key functional safety features like hybrid mode, transient fault protection (TFP), interface protection, memory protection and support for our STLs. A key benefit of the new CPU designs is the ability to configure the functional safety features of the IP based on the specific safety workload requirements from our partners. The new product lines build on existing functional safety capabilities to provide split / lock and hybrid mode. These are available as build or boot-time configurations through our latest DSU-120AE DynamIQ Shared Unit. TFP is an optional feature that provides the capability to detect transient faults in the hardware based on system safety analysis on the intended safety use case.

Split/ lock allows our automotive partners to flexibility execute safety workloads up to ASIL D integrity level. In a hybrid configuration that is coupled with our TFP and STLs, this provides a hardware platform to execute safety workloads up to ASIL B integrity level.

Hybrid mode enables a cluster configuration in which the DSU is in lockstep, while the cores themselves are in a split configuration. With STLs deployed on the Arm AE IP cores, this provides the better availability of compute subsystems for automotive ASIL B use cases that are traditionally achieved by logic built in self-test (LBIST).

Flexible hybrid compute for performance and safety

Functional safety across the rest of the Arm AE IP portfolio

In the automotive computing system, these CPU cluster configurations can be combined with the following:

• Our performance-class Arm Neoverse V3AE CPU; 
• The CoreLink CMN-S3AE, CoreLink MMU S3, CoreLink GIC-720AE and CoreLink NI-710AE interconnects;
• Our latest ISP Arm Mali-C720AE; and
• Arm Cortex-R82AE for real-time computing.

Neoverse V3AE

Alongside delivering server-class performance, Neoverse V3AE has been developed with ASIL D level systematic capabilities. This means partners can leverage our reference designs with safety concepts RD-1AE for improved safety across the overall automotive computing system (more on this later in the blog).

Cortex-R82AE

Cortex-R82AE represents the workhorse of automotive real-time systems. The latest R-class processor delivers real-time capability for deployment in heterogeneous compute solutions in single and safety island designs or for real-time capable microcontrollers (MCUs). In fact, the safety island architecture in RD-1AE utilizes Cortex-R82AE. This enables our partners to build highly dependable automotive computing systems with functional safety features that balance the availability and security development lifecycle.

Alongside a 50 percent performance improvement over the previous generation, Cortex-R82AE provides ASIL D systematic safety levels and the diagnostic capability of the ASIL D in Lock and ASIL B in hybrid mode. Additionally, the processor can utilize optional TFP providing coverage on transient faults. Cortex-R82AE also supports our purpose-built STLs, which deliver ASIL B level capabilities.

Mali-C720AE

Building on our hugely popular range of Mali ISPs, the Mali-C720AE ISP provides best-in-class image processing capabilities for autonomy and ADAS applications. These require high performance and are “latency critical”, so have been developed with systematic safety capabilities of up to ASIL D and hardware diagnostic capabilities of up to ASIL B level.

Interconnect and system IP

The latest generation of processor cores are coupled with our new coherent mesh interconnect, CMN-S3AE. This is a safety capable interconnect that supports heterogeneous processing capabilities. Meanwhile, the non-coherent NI-710AE provides a versatile interconnect platform to enable safety island, Zonal and ADAS functions with a highly configurable topology to build system-on-chip (SoC) designs. The interconnect also supports the latest AMBA protocols with built-in interface protection that deliver systematic ASIL D and diagnostic lock step capabilities up to ASIL D level. GIC-720AE is a safety enabled Generic Interrupt Controller (GIC) and MMU S3 is a Memory Management Unit (MMU) that handle interrupts and memory management to enable the cohesive high-performance system IP for automotive use cases.

Arm safety solutions with RD-1 AE

Arm’s continued investment in functional safety underpins the solutions that the industry and ecosystem deliver on autonomous driving, ADAS and IVI specific products and applications. To enable a shift left strategy on deploying these solutions to the market, Arm has developed reference design RD-1 AE with virtual platforms, a technical architectural overview, and safety manuals. As an example, this could enable our automotive partners to deploy autonomous driving solutions based on the high-performance primary compute of Neoverse V3AE, safety island compute based on Cortex-R82AE and a runtime security engine to deliver an integrated automotive solution. The RD-1 AE also provides further functional safety capabilities. These include a multi-cluster lock step based ASIL D diagnostic capable safety island and monitoring capabilities using software-based Critical Application monitoring (CAM).

Systematic and Diagnostic safety levels

The below list provides the latest generation of our product portfolio with the different safety capabilities subject to third-party assessments.

Comprehensive functional safety capabilities

All of Arm’s computing solutions are developed with a “safety first” mindset. The new Arm AE IP portfolio delivers a wide range of functional safety capabilities for the next generation of SDVs. This enables our automotive partners to deliver customizable and highly scalable computing systems built around their own functional safety needs and requirements.

Alongside our extensively safety-certified IP, Arm provides supporting STLs, tools and compilers to aid the seamless integration of safety solutions into our automotive partners’ designs. All of this delivers a comprehensive package of functional safety capabilities fit for the ongoing transformation of the automotive industry.

Visit the Arm Safety Ready page for more information.