|(Image source: Arm)|
There's irony hidden in the premise of autonomous cars, according to Lakshmi Mandyam, VP of the Automotive Embedded & Automotive Line of Business at Arm. On one hand, self-driving cars are supposed to significantly reduce, or perhaps even altogether eliminate, crashes and auto accidents due to driver error. But on the flip side, the SoCs and software systems behind self-driving vehicles may not themselves be safe enough to handle autonomy on real roads—particularly at Level 5, where vehicles require no steering wheel or driver intervention.
Arm's proposed solution to this is the new Cortex-A76AE processor, an autonomous-class processor with integrated features targeted at ensuring that the systems inside autonomous vehicles perform safely and efficiently. For example, it includes systematic flows and development in support of the ISO 26262 and IEC 61508 standards.
“We believe that the challenge that the entire automotive ecosystem faces in terms of security needs to be addressed,” Mandyam said on a media call discussing Arm's strategy around the A76AE (the AE stands for “Automotive Enhanced”). “And so we're doing this to prioritize and simplify safety without compromising security performance and power efficiency—both for general purpose automotive applications and autonomous cars processing.”
Deployable systems for autonomous vehicles are going to require high-performance computing that is power efficient and easily scalable. “You need power reduction [by a factor of ten],” Mandyam said. “If you look at a lot of the prototype [cars] today in the industry, their trunks are stuffed full of equipment that wasn't designed for automotive applications. And the power consumption of these things is pretty scary and certainly not something that can be deployed in real world road applications.”
Mandyam added that there needs to be a factor of ten cost reduction for these systems. “There have been industry estimates that talk about the price of autonomy being anywhere from a hundred thousand dollars to millions of dollars per car,” she said. “Obviously, this has to come down significantly to have any chance of a broader deployment. And more importantly, when you think about some of the barriers to adoption of autonomy, it's really going to come down to that human factor—that feeling of trust around being able to rely on an autonomous driver. This is where innovative and flexible safety options down to the hardware level will be a real important confidence giver and differentiator for any autonomous solution.”
Splitting Performance and Safety
The key to the A76AE's performance, according to Arm, is the integration of Split-Lock technology, which allows the processor to be booted into either a twin performance mode or a dual-redundant mode. Split-Lock itself is not new; Arm included the technology in its Cortex R5 processor released back in 2011. But Mandyam explained that this is the first time Split-Lock has appeared in an application processor.
“We have developed a product that allows you to dynamically decide if you're deploying cores that are locked or split for performance at boot up,” she said. “...We like to think of [Split-Lock] as being split for performance and locked for safety. And again, this could be on a single SoC.”
She explained that in vehicle infotainment systems, for example, there is a need for many processor cores running many different applications with many different operating systems—all having to do so at a high-performance level. “For these kinds of applications, ASIL-B capability is typically enough. But when you look at more safety critical applications, like an autonomous vehicle controller as an example, you need to have processors that are locked together to be able to achieve higher levels of safety,” Mandyam said.
The Split-Lock feature enables that sort of flexibility for engineers. When in locked mode, two cores can be running the same instructions and each operation is checked, resulting in a high level of safety without additional software complexity. “So this is important not just for automotive, but for industrial, robotics, aerospace—any application where safety is paramount and you need to be sure of how the machine is going to behave for safety conditions,” Mandyam added.
“The other game changer is our split for availability or failover operational mode,” she added. “Let's say you have processors that are locked for safety and you detect an error on one of them. You can split it for availability and just execute the code on one core to gracefully execute the situation that you're in—maybe by driving a little slower or making it to the side of the road. Your code will execute, but just at a lower resiliency level.”
According to Arm, all of this goes into addressing frustrations that OEMs have with today's typical redundancy implementations. In a typical setup, two cores run the same code and the result is sent to another CPU, which acts as a checker to determine if an error has occurred. It's a fixed configuration that can be very inefficient when thinking about the very time-critical sort of decisions that autonomous vehicles will have to make on the road.