Periodic Reporting for period 2 - SELENE (SELENE: Self-monitored Dependable platform for High-Performance Safety-Critical Systems)
Reporting period: 2021-06-01 to 2022-11-30
A number of high-performance computing (HPC) commercial off-the-shelf (COTS) platforms offer the computation capabilities, including multicores, graphics processing units (GPUs) and other hardware accelerators, needed by autonomous systems in diverse application domains, such as automotive, space, avionics, robotics and factory automation. Unfortunately, the utilization of HPC platforms has been traditionally considered out of the reach of the safety-critical systems industry due to the difficulties or roadblocks these platforms bring to the certification process.
The objective of the SELENE is to cover this gap in the design of safety-critical HW/SW systems, by proposing a new family of high-performance safety-critical computing platforms that build upon open-source components such as RISC-V cores and GNU/Linux. The SELENE platform implements several mechanisms for flexible diverse redundancy, supports compute intensive applications using specific accelerators for artificial intelligence and cryptography, and includes partitioning and monitoring capabilities that ease the integration of applications of different criticalities.
The SELENE software architecture resembled the SIL2LinuxMP project software architecture as a starting point for safety argumentation. This baseline architecture has been extended with the Jailhouse hypervisor to enable a mixed-criticality system architecture on a commodity multi-core that includes RTOS cells. To enable the deployment of applications using neural networks, the SELENE software architecture incorporates a complete SW stack that includes a runtime to offload computations from cores to the accelerators and a machine learning library that supports the SELENE SoC as computing target.
Four use-cases have been employed to validate the SELENE platform. A satellite use-case has been employed to validate the mixed-criticality capabilities of SELENE. A railway and a space use-cases have been used to test the performance of the artificial intelligence hardware accelerators of the safety critical SELENE platform. Finally, an autonomous robot was used to test the fail-operational capabilities of the SELENE SoC.
A complete open-source platform integrating the different hardware and software components is available at https://gitlab.com/selene-riscv-platform. Several tutorials have been held showing how to use the platform. Several respective tutorial videos are available at https://www.youtube.com/@selenerisc-vplatform6171 .
A total of 47 dissemination activities have been performed, including the publication of 23 scientific papers. On the exploitation side, we have distinguished two different exploitation paths. In the research path, academic partners like BSC, UPV, Ikerlan and VIF have already incorporated the SELENE platform as a research vehicle for current and future research projects related to safety critical systems. On the industrial side, each of the technology providers has developed their own exploitation plans. We have identified a total of seven items that can be industrially exploited. For the platform as a whole CG (Cobham Gaisler) has already publicly announced that their new GR7xV product will reuse some of the SELENE platform developments.
In the context of computing platforms in constrained environments like space or aerospace, SELENE provides a multi-core execution platform with the support of mixed criticality, thus enabling secured SW centralisation and independent validation of the various applications. This enables for some missions the regrouping of platform and payload processing on a single-board computer, which is a strong competitive advantage for lowering the cost of on-board processing in new developments.
For autonomous vehicles, SELENE offers a novel hardware platform allowing the parallel execution of different vehicle functions while preventing any interference between these functions at the same time. These new possibilities allow merging several functions in one hardware device without the need of changing existing software. At the same time, this vastly simplifies the development of new software, because no interference considerations and no additional monitoring functions are necessary. In the context of railway, SELENE platform will offer more accessible and flexible solutions aligned with social sustainability and mobility concerns. If train vehicles gain autonomy, system development costs are reduced (install and maintenance costs), operation flexibility is gained and they will allow higher safety levels and transport capacity.