









# SentryCore: A RISC-V Co-Processor System for Safe, Real-Time Control Applications

Michael Rogenmoser<sup>1</sup>, Alessandro Ottaviano<sup>1</sup>, Thomas Benz<sup>1</sup>, Robert Balas<sup>1</sup>, Matteo Perotti<sup>1</sup>, Angelo Garofalo<sup>1,2</sup>, Luca Benini<sup>1,2</sup>

<sup>1</sup>Integrated Systems Laboratory, ETH Zurich; <sup>2</sup>Department of Electrical, Electronic, and Information Engineering, University of Bologna

# **Real-time**

#### **CLIC:**

Core-Local Interrupt Controller

> Provides advanced interrupt handling



#### fastIRQ Extension

Provides low interrupt latency and fast context switch



Automotive SoCs are growing in complexity towards mixed-criticality systems (MCS) but still require reliable, real-time control.

We present a dependable 32-bit RISC-V-based mega-IP for safety-critical, real-time MCS subsystems.



# Reliability

### TCLS:

**Triple-Core Lockstep** 

Majority-voted cores with state recovery for reliable execution



#### **ECC-protected memory**

Reliable data storage with Hsiao code single error correction, double error detection.

Efficient sub-word storage and scrubber to correct latent errors.



## The Carfield Mixed-Criticality System





#### **SentryCore Configuration**

- CV32RT, FPU (32bit), CLIC
- TCLS, ECC Memory
- 64 bit AXI interface, no DMA
- 128 KiB ECC-protected Memory

## Physically separated TCLS Cores

- 20 µm margins
- Avoids multi-bit error from a particle

# Implementation Results

500 MHz **Clock Frequency** Try it out on pulp-platform github! 0.42 mm<sup>2</sup> Area



**Dedicated support for multiple real-time Operating Systems** 







**RTIC** Real-Time Interrupt-driven Concurrency

