Periodic Reporting for period 2 - SELENE (SELENE: Self-monitored Dependable platform for High-Performance Safety-Critical Systems)
Okres sprawozdawczy: 2021-06-01 do 2022-11-30
Extensive usage of specific proprietary components in the existing hardware/software (HW/SW) platforms for safety-critical systems limits the performance, flexibility and testability of such systems, jeopardizing their wide deployment across domains. Despite some research attempts have been made to overcome these limitataions, they had very limited success in the industry due to missing flexibility and extensibility, as many industries need technologies on which they can rely over the course of decades (e.g. avionics, space, automotive).
A number of high-performance computing (HPC) commercial off-the-shelf (COTS) platforms offer the computation capabilities, including multicores, graphics processing units (GPUs) and other hardware accelerators, needed by autonomous systems in diverse application domains, such as automotive, space, avionics, robotics and factory automation. Unfortunately, the utilization of HPC platforms has been traditionally considered out of the reach of the safety-critical systems industry due to the difficulties or roadblocks these platforms bring to the certification process.
The objective of the SELENE is to cover this gap in the design of safety-critical HW/SW systems, by proposing a new family of high-performance safety-critical computing platforms that build upon open-source components such as RISC-V cores and GNU/Linux. The SELENE platform implements several mechanisms for flexible diverse redundancy, supports compute intensive applications using specific accelerators for artificial intelligence and cryptography, and includes partitioning and monitoring capabilities that ease the integration of applications of different criticalities.
A number of high-performance computing (HPC) commercial off-the-shelf (COTS) platforms offer the computation capabilities, including multicores, graphics processing units (GPUs) and other hardware accelerators, needed by autonomous systems in diverse application domains, such as automotive, space, avionics, robotics and factory automation. Unfortunately, the utilization of HPC platforms has been traditionally considered out of the reach of the safety-critical systems industry due to the difficulties or roadblocks these platforms bring to the certification process.
The objective of the SELENE is to cover this gap in the design of safety-critical HW/SW systems, by proposing a new family of high-performance safety-critical computing platforms that build upon open-source components such as RISC-V cores and GNU/Linux. The SELENE platform implements several mechanisms for flexible diverse redundancy, supports compute intensive applications using specific accelerators for artificial intelligence and cryptography, and includes partitioning and monitoring capabilities that ease the integration of applications of different criticalities.
The first half of the project has been devoted to the implementation of the SELENE computing platform. On the Hardware side, a baseline SELENE RISC-V based system-on-chip (SoC) has been designed. This SoC currently supports six NOEL-V 64-bit RISC-V cores, an AXI4 interconnect, a performance monitoring unit (PMU), several AI accelerators, and common peripherals such as UART, JTAG, and Ethernet. NOEL-V cores have been enhanced to support virtualization and compressed instructions extensions. Initial hardware support for safety has focused on the monitoring of multicore contention, the support for diverse redundant exectution, and the adaptation of a fault-injection verification methodology to the SELENE SoC.
The SELENE software architecture resembled the SIL2LinuxMP project software architecture as a starting point for safety argumentation. This baseline architecture has been extended with the Jailhouse hypervisor to enable a mixed-criticality system architecture on a commodity multi-core that includes RTOS cells. To enable the deployment of applications using neural networks, the SELENE software architecture incorporates a complete SW stack that includes a runtime to offload computations from cores to the accelerators and a machine learning library that supports the SELENE SoC as computing target.
Four use-cases have been employed to validate the SELENE platform. A satellite use-case has been employed to validate the mixed-criticality capabilities of SELENE. A railway and a space use-cases have been used to test the performance of the artificial intelligence hardware accelerators of the safety critical SELENE platform. Finally, an autonomous robot was used to test the fail-operational capabilities of the SELENE SoC.
A complete open-source platform integrating the different hardware and software components is available at https://gitlab.com/selene-riscv-platform. Several tutorials have been held showing how to use the platform. Several respective tutorial videos are available at https://www.youtube.com/@selenerisc-vplatform6171 .
A total of 47 dissemination activities have been performed, including the publication of 23 scientific papers. On the exploitation side, we have distinguished two different exploitation paths. In the research path, academic partners like BSC, UPV, Ikerlan and VIF have already incorporated the SELENE platform as a research vehicle for current and future research projects related to safety critical systems. On the industrial side, each of the technology providers has developed their own exploitation plans. We have identified a total of seven items that can be industrially exploited. For the platform as a whole CG (Cobham Gaisler) has already publicly announced that their new GR7xV product will reuse some of the SELENE platform developments.
The SELENE software architecture resembled the SIL2LinuxMP project software architecture as a starting point for safety argumentation. This baseline architecture has been extended with the Jailhouse hypervisor to enable a mixed-criticality system architecture on a commodity multi-core that includes RTOS cells. To enable the deployment of applications using neural networks, the SELENE software architecture incorporates a complete SW stack that includes a runtime to offload computations from cores to the accelerators and a machine learning library that supports the SELENE SoC as computing target.
Four use-cases have been employed to validate the SELENE platform. A satellite use-case has been employed to validate the mixed-criticality capabilities of SELENE. A railway and a space use-cases have been used to test the performance of the artificial intelligence hardware accelerators of the safety critical SELENE platform. Finally, an autonomous robot was used to test the fail-operational capabilities of the SELENE SoC.
A complete open-source platform integrating the different hardware and software components is available at https://gitlab.com/selene-riscv-platform. Several tutorials have been held showing how to use the platform. Several respective tutorial videos are available at https://www.youtube.com/@selenerisc-vplatform6171 .
A total of 47 dissemination activities have been performed, including the publication of 23 scientific papers. On the exploitation side, we have distinguished two different exploitation paths. In the research path, academic partners like BSC, UPV, Ikerlan and VIF have already incorporated the SELENE platform as a research vehicle for current and future research projects related to safety critical systems. On the industrial side, each of the technology providers has developed their own exploitation plans. We have identified a total of seven items that can be industrially exploited. For the platform as a whole CG (Cobham Gaisler) has already publicly announced that their new GR7xV product will reuse some of the SELENE platform developments.
SELENE has developed a multicore platform with explicit support for timing verification and effective means to assess the maximum interference that tasks executing in the multicore can suffer, i.e. by means of developed on-line performance monitor. Additionally, the open-source nature of the SELENE processor platform allows assessing that these execution time bounds can be guaranteed by the platform. Existing multicore platforms lack such support for timing analysis and need to rely on less effective software techniques to mitigate shared resources contention. While SELENE platform provides architectural protection in the form of flexible diverse redundancy where diversity monitors and/or diversity enforcement mechanisms can be employed to mitigate the impact of common-cause faults. SELENE diverse redundancy approach mimicks the lockstep execution widely employed in the highest criticality applications in a more flexible manner allowing the utilization of the same computing platform in multiple safety-related application domains.
In the context of computing platforms in constrained environments like space or aerospace, SELENE provides a multi-core execution platform with the support of mixed criticality, thus enabling secured SW centralisation and independent validation of the various applications. This enables for some missions the regrouping of platform and payload processing on a single-board computer, which is a strong competitive advantage for lowering the cost of on-board processing in new developments.
For autonomous vehicles, SELENE offers a novel hardware platform allowing the parallel execution of different vehicle functions while preventing any interference between these functions at the same time. These new possibilities allow merging several functions in one hardware device without the need of changing existing software. At the same time, this vastly simplifies the development of new software, because no interference considerations and no additional monitoring functions are necessary. In the context of railway, SELENE platform will offer more accessible and flexible solutions aligned with social sustainability and mobility concerns. If train vehicles gain autonomy, system development costs are reduced (install and maintenance costs), operation flexibility is gained and they will allow higher safety levels and transport capacity.
In the context of computing platforms in constrained environments like space or aerospace, SELENE provides a multi-core execution platform with the support of mixed criticality, thus enabling secured SW centralisation and independent validation of the various applications. This enables for some missions the regrouping of platform and payload processing on a single-board computer, which is a strong competitive advantage for lowering the cost of on-board processing in new developments.
For autonomous vehicles, SELENE offers a novel hardware platform allowing the parallel execution of different vehicle functions while preventing any interference between these functions at the same time. These new possibilities allow merging several functions in one hardware device without the need of changing existing software. At the same time, this vastly simplifies the development of new software, because no interference considerations and no additional monitoring functions are necessary. In the context of railway, SELENE platform will offer more accessible and flexible solutions aligned with social sustainability and mobility concerns. If train vehicles gain autonomy, system development costs are reduced (install and maintenance costs), operation flexibility is gained and they will allow higher safety levels and transport capacity.