The Cortex-R52 is not ARMs first automotive product, but is the first one specifically designed to handle safety-critical aspects of automated driving – the aspects where ISO26262 rules the design process and later the way the computer is operating. Safety relevance, though, is not restricted to driving a vehicle. Machinery in the production industry and even medical applications can be as safety-critical as driving a car. In these cases, another safety standard applies, IEC 61508. The new ARM processor has the architectonic features to handle both – in the case of IEC 61508 to the second-highest safety level SIL 3 and in the case of ISO26262 up to the ASIL D level which represents the highest one.
Within the automated driving data chain from sensing to perceiving, deciding and actuating, the Cortex-R52 aims at the decision-making instance. This is not necessarily the one that has the highest requirements as to the computing power (in this context, perceiving is a more demanding) but it is the one where wrong results lead to the most serious consequences. Therefore, a microprocessor used for decision-making needs to be architected accordingly – with features such as lockstep computing (two independent processor cores, working independently of each other, but comparing the results. This is a feature all competing architectures from chip vendors like Infineon and NXP have in common.
But ARM goes one step farther, with features like hardware-enforced separation of software tasks to isolate these tasks from each other and effectively creating hardware-based sandboxes – if one task is misbehaving or crashing, it cannot affect others. The microprocessor also allows particularly quick task switching, claims ARM. Plus, it is possible to completely virtualize the execution environment, enabling users to consolidate hitherto separated ECU software on a single platform. And the deterministic microarchitecture enables highly time-critical tasks such as motor control or chassis control on the processor. The vendor also went to great lengths to speed interrupt execution and context switching.