CAST Provides a Functional Safety RISC-V Processor IP for Microchip FPGAs

Build safety-critical automotive, aeronautic, space and other systems with the Functional Safety RISC-V Processor IP core from CAST and PolarFire^® FPGAs.

By Evan Price, Sales Engineer at CAST

Building Safety-Critical RISC-V Systems with Microchip’s Mi-V Ecosystem

Microchip’s Mi-V Ecosystem provides a rich set of vetted tools and IP, enabling designers to develop RISC-V-based systems for implementation with our Field Programmable Gate Array (FPGA) devices.

Electronic product architects and engineers  increasingly choose RISC-V and our FPGAs through the Mi-V Ecosystem to develop systems for high-availability, safety-critical applications. Examples of these applications—where system errors or failures can have catastrophic consequences—include self-driving cars, medical devices, airplanes, military applications and spacecraft.

Building Functional Safety (FuSa) into such safety-critical systems requires:

• a development process where safety is the top priority
• hardware/software design characteristics able to detect failures and/or maintain correct operation in the presence of failures

Various standards exist for certifying FuSa in different application areas, including ISO 26262 for Automotive, DO-254 for Aerospace, ISO 14971 for Medical Devices, IEC 61513 for Nuclear and IEC 60092-504 for Maritime. Levels within these standards define criteria for different degrees of safety. For example, ISO 26262 defines Automotive Safety Integrity Levels (ASIL) from the least critical ASIL A through to the most safety-critical level of ASIL D.

At CAST, we have developed a variety of safety-enhanced IP cores, several of which are ISO 26262 or DO-254 certified. These include key interconnects—CAN, LIN, an HDLC and SDLC protocol controller, Ethernet MACs and the EMSA5-FS RISC-V Functional Safety Processor. All are available in RTL source code or as netlists optimized for our FPGAs.

The First Functional Safety RISC-V Processor

The EMSA5-FS 32-bit Embedded RISC-V Functional Safety Processor IP core offers system developers working with RISC-V a FuSa-ready processor with versions designed to provide safety levels ranging from ASIL-B to ASIL-D. As of this writing, the EMSA5-FS is the only processor in the Mi-V Ecosystem with formal certification of its functional safety readiness.

Released in 2021, the EMSA5-FS was the first RISC-V processor to be certified as ISO 26262 ASIL-D Ready. This certification by SGS-TÜV Saar means that the IP core is suitable for projects that require compliance with the most stringent ISO 26262 specification for safety integrity.

In 2022, the significance of the EMSA5-FS for FuSa design was validated by Elektronik Magazine, which at Embedded World awarded it the 2022 Product of the Year in the Automotive category. Now the EMSA5-FS is available in the Mi-V Ecosystem.

EMSA5-FS: A Closer Look

EMSA5-FS is the functional-safety version of the EMSA5 processor. The EMSA5 is a Harvard architecture processor implementing a single-issue, in-order, 5-stage pipeline. The processor uses two tightly coupled memory (TCM) interfaces (one for data and one for instructions) and, optionally, a four-way set associative cache of configurable size attached to an AHB-Lite interface.

EMSA5 supports the RISC-V 32-bit base integer instruction set (RV32I) or the 32-bit base embedded instructions set (RV32E). It offers both User and Machine Privilege modes. It optionally supports the following RISC‐V extensions: standard Multiply(M), Atomic Instructions (A), Compressed (C), Control and Status Register (Zicsr), Instruction-Fence (Zifencei) and a subset of the vector (V), single-precision (F) and double-precision (D) floating point.

The EMSA5-FS implements the following design features to achieve ASIL-D readiness:

• Double or Triple Modular Redundancy (DMR or TMR) — EMSA5-FS uses two or three parallel instances of the EMSA5 processor. With DMR, the outputs of the two parallel CPUs—optionally in a lockstep arrangement—are constantly compared. This enables the detection of any single fault, such as a bit-flip. With TMR, a majority of voters monitor the outputs of three parallel EMSA5 instances to not only detect single faults but also to enable correct continuing operation in the presence of errors.
• Memory Protection Unit — The MPU partitions memory into 16 or fewer regions and prevents their corruption or overwriting by limiting access to authorized components such as memory-mapped peripherals.
• Error-Correcting Code — ECC protects memories and buses and reveals errors using mechanisms to detect and correct data corruption.
• Reset and Safety Managers — These initiate a system reset to clear errors, provide logical and timing supervision, and can be customized to meet the requirements of the end application. 

Maximizing Reliability with the EMSA5-FS and PolarFire FPGAs

Developers of high-availability, safety-critical systems can achieve unparalleled product results by integrating the fault-tolerant and FuSa-certified EMSA5-FS Processor core in systems on error-resilient PolarFire FPGAs.

Our Polarchip FPGAs use a unique, non-volatile technology that offers significant advantages over traditional Static RAM-based devices. PolarFire FPGAs can require as little as half the power typically needed by conventional FPGAs, and they incorporate advanced features that enable a high degree of security. They are also inherently reliable and largely immune to single-event upsets (SEUs). The rad-hard members of the family are even suitable for use in space and other environments where exposure to radiation and contaminants is likely. Visit our FPGA’s Reliability Page for more information.

Evaluation runs and growing customer experience show that the EMSA5-FS achieves extremely competitive performance, area and efficiency results on PolarFire devices. CAST is happy to provide sample implementation results for any EMSA5-FS configuration and PolarFire devices you might be considering (contact the author).

Development and Verification with the EMSA5-FS

Supporting the RISC-V ISA, the EMSA5-FS works well with any standard RISC-V development and verification tools. However, using a toolchain that is part of a certified FuSa development process will offer the smoothest path to end-product safety certification. For example, the development tools of fellow Mi-V Ecosystem partner IAR Systems are among the best such toolchains available, offering a build chain certified by TÜV SÜD and validated against ISO 26262 and other safety standards.

For rapid prototyping and evaluation, CAST offers a basic microcontroller platform reference design. This is mapped on our PolarFire Video and Imaging Kit (MPF300-VIDEO-KIT-NS) and is portable to any other Microchip FPGA board with sufficient logic and memory resources. The design integrates the EMSA5-FS processor core in either the DMR or TMR versions, SRAM and SDRAM controllers and the following: Timers, Watchdog Timer, GPIO, UART, MSSP (I2C, SPI Master/Slave), QSPI and PLIC.

Building on the EMSA5-FS, system developers can further reduce risk and shorten time to market through CAST’s custom IP integration services. CAST’s engineers can pre-integrate and verify subsystems or entire systems to your specifications, drawing from the company’s wide range of bus infrastructure cores, typical microcontroller peripherals, memory controllers and interconnect IP.

Why a FuSa RISC-V Processor From CAST?

The EMSA5-FS offers FuSa and embedded processor features and performance that make it a very competitive choice for any 32-bit suitable safety-critical RISC-V system.

CAST has been offering microcontroller and processor cores since 1996, and our experienced team is one of the best in the industry in helping you choose the right IP for your specific system. Our class-leading customer support services then act quickly to ensure you succeed with integrating and using the EMSA5-FS and other IP from CAST.

CAST also offers peripheral, compression, interface and networking IP cores unavailable from any other RISC-V processor vendor. This product breadth and experience provide a distinct strategic advantage for CAST customers who seek to minimize risk and development time with standard preconfigured IP packages or custom packages for specific applications.

Learn more about the EMSA5-FS and the complete line of IP available from CAST, then contact the author to discuss your needs.