Take the wheel, Arm tells its notebook-grade Cortex-A76 CPU: Now you're a robo-ride brain

Safety critical feature plugged into high-end processor design

Robot drives a car. Conceptual illustration from Shutterstock

Japanese chip designer Arm really doesn't want to be overtaken in the world of autonomous cars by the likes of Intel, Nvidia, and other rivals.

The Softbank-owned semiconductor architects have thus injected a safety feature normally reserved for real-time CPUs into their highest-end application processor core, in a bid to lure system-on-chip designers and automakers to use the technology to literally steer future self-driving cars.

Specifically, Arm will today announce it has added its Split-Lock feature, found in its Cortex-R 32-bit cores used in real-time and safety-critical systems, to the 64-bit Cortex-A76. The result is the Cortex-A76AE. The AE stands for "automotive enhanced," indicating it's aimed at running code controlling self-driving road vehicles.

Split-lock comes in two modes, split and lock. In split mode, the cores in a processor cluster run independently.

In lock mode, two cores pair up and run in lockstep: they fetch, decode, execute, and retire exactly the same instructions from memory. Since they are identical, they should, therefore, operate exactly the same at any given time. If they deviate in operation, though, that will raise an alarm inside the chip to signal something has gone wrong.

The idea is that if a random hardware error occurs – caused by cosmic radiation or one of life's unhappy coincidences flipping a transistor gate or on-die memory cell – then the affected CPU core will fall out of step with its twin, alerting the system-on-a-chip electronics. It's just assumed both cores won't suffer the same error at the same time.

If the alarm is raised, the cores can be interrupted, recovered to a good state, and allowed to continue, preventing the random error from causing the system to perhaps spiral into a crash – which would be bad news when powering a computer-controlled car. Keeping this protection mechanism in the system-on-chip avoids having to use an external watchdog just for this job.

Arm Cortex-A76

Arm emits Cortex-A76 – its first 64-bit-only CPU core (in kernel mode)

READ MORE

This lockstep approach is common in safety-critical microcontroller-grade processors, where twin or more cores keep each other in check to make sure random errors do not cause software to make any bad decisions that lead to serious harm to whoever is in or near the machinery or vehicle under the hardware's control. You don't want a flipped bit to fractions of a second later cause a car to suddenly brake and get rear-ended.

What Arm's done here is plug that lockstep safety feature into its Cortex-A76, a CPU core normally destined for top-end smartphones and lightweight battery-friendly touchscreen notebooks. Thus if you design a processor using licensed Cortex-A76AE cores, you can pair them up, and run them in lockstep to ensure they are operating as expected, and thus any crucial decisions made aren't poisoned by random hardware glitches.

Why? Because it wants system-on-chip designers to pick its safety-enhanced Cortex-A cores for power-efficient, performant-enough processors that vehicle manufacturers will use in the brains of self-driving cars and trucks.

That means automakers not picking rival components from Intel, Nvidia, and others developing chipsets for computer-driven jalopies.

Other features

A 7nm 16-core Cortex-A76AE cluster is said to draw less than 15W. Two further AE-class CPU cores are also planned: Helios-AE and Hercules-AE. The A76AE, according to Arm, meets ISO 26262 ASIL D and B safety standards, can sport up to 64 cores per chip, provides Armv8.2's RAS (reliability, availability, and serviceability) features [PDF], supports virtualization, and can use memory protection to wall-off machine-learning acceleration hardware.

That means, according to the documentation, if the system-on-chip includes AI math acceleration components – which are rather useful for autonomous driving – the cores can handle this tech, and set up safeguards to stop neural net code affecting safety critical firmware.

Essentially, you could have four cores in a cluster running in split mode with a hypervisor, operating systems, and general applications and ASIL B-grade code in operation – then four cores in lockstep mode, running a realtime operating system and ASIL D-grade safety-critical vehicle control software on top.

Quoting from a May 2018 UBS study [PDF], Arm executives reckon we won't see truly driverless autonomous rides arriving on our streets before 2027, though. Still, no harm in getting the ball rolling now. The first A76AE cores are "expected" to appear in vehicles from 2020, we're told – presumably in some kind of super-cruise-control system. ®




Biting the hand that feeds IT © 1998–2018