UltraSoC scales processor to check safety-critical systems
The hardware-based, scalable Lockstep Monitor significantly helps functional safety by checking that the cores at the heart of a critical system are operating reliably, safely and securely, says UltraSoC. The Lockstep Monitor’s flexible IP supports all common lockstep/redundancy architectures, including full dual-redundant lockstep, split/lock, master/checker and voting with any number of cores or sub-systems.
Lockstep operation is needed for safety standards such as ISO26262 for automotive, IEC 61508, EN50126/8/9 and CE 402/2013.
The UltraSoC Lockstep Monitor can support any processor architecture or other sub-system, including custom logic or accelerators.
The Lockstep Monitor consists of a set of configurable semiconductor IP (SIP) blocks that are protocol aware and can be used to cross-check outputs, bus transactions, code execution and even register states, between two or more redundant systems. It can be used with any processor architecture, even those which lack native support for lockstep configurations, including – such as the emerging RISC-V architecture. In addition to traditional processor cores, it can also check other sub-systems or accelerators.
RISC-V is gaining increasing traction in safety-critical applications, particularly in the automotive industry. However, the RISC-V ecosystem as a whole currently lacks support for the functional safety and security principles – such as lockstep operation – mandated by global standards such as ISO26262 for functional safety, J3061 for cybersecurity, IEC 61508, EN50126/8/9 and CE 402/2013. UltraSoC’s Lockstep Monitor allows any RISC-V system, whether using open source or commercial cores, to incorporate sophisticated safety capabilities.
As it is implemented in hardware, it responds at wire speed and imposes no execution overhead on the host system, points out UltraSoC.
Unlike traditional approaches, the UltraSoC Lockstep Monitor includes flexible, run-time configurable embedded intelligence, allowing the SoC designer to tailor the monitoring and response system precisely to the application. Monitoring can be implemented at a variety of levels of granularity. These can be at the subsystem level (comparing the outputs of the two processors), at the transaction level (for example comparing bus traffic), at the instruction level, using UltraSoC’s instruction trace capability and at the most fundamental hardware-level, checking processor internal states or register contents.
By embedding intelligence in the system, UltraSoC claims it allows more sophisticated comparisons between the operation of the lockstep processors than can be achieved with traditional solutions. For example, if the lockstep processors share a memory space, they cannot operate in perfect, cycle-by-cycle synchronisation. UltraSoC’s on-chip analytics can be used to correlate activity within the redundant processors, and to tailor the response of the system depending on the nature of any detected anomalies.
