SafeSoftDR: A Library to Enable Software-based Diverse Redundancy for Safety-Critical Tasks

Abstract

Microcontrollers often lack native hardware support for lockstepped execution, crucial for achieving the highest safety integrity levels and mitigating common cause failures. SafeSoftDR is a new library designed to enable software-based diverse redundancy, providing a standard interface for deploying lockstepped execution across non-natively supported multicore processors. The library automates complex requirements like redundant process creation, I/O data management, and result comparison, offering a convenient environment for safety-critical applications.

Report

SafeSoftDR: A Library to Enable Software-based Diverse Redundancy for Safety-Critical Tasks

Key Highlights

• Software-Defined Safety: SafeSoftDR provides a software-based solution for implementing lockstepped execution (Diverse Redundancy - DR) on standard multicore architectures that lack native hardware support for safety measures.
• Mitigation of Common Cause Failures: The primary goal is to prevent common cause failures—faults that affect multiple redundant components simultaneously—by enforcing diversity through software monitoring.
• User Burden Reduction: The library abstracts away the complexity of managing redundancy, including creating parallel processes, copying input/output data between redundant components, and performing result comparison and voting.
• Platform Readiness: The solution has been tested successfully on x86-based Linux and is actively being integrated into an open-source RISC-V platform.

Technical Details

• Core Mechanism: The approach relies on a software monitor to enforce synchronization and lockstepped behavior between cores.
• Focus Area: The library specifically targets applications requiring the highest safety integrity levels that traditionally necessitate specialized, costly hardware.
• Library Functionality: SafeSoftDR provides a standard API interface, allowing end-users to deploy the software redundancy without handling low-level inter-process communication or synchronization primitives.
• Development Status: Currently confirmed operational on x86 Linux environments.

Implications

• Democratization of Functional Safety: By providing software-based lockstepping, SafeSoftDR lowers the barrier to entry for developers needing high levels of safety integrity (e.g., meeting requirements similar to ISO 26262 or IEC 61508) without requiring custom hardware IP or certified processors.
• RISC-V Ecosystem Expansion: Its integration into an open-source RISC-V platform is highly significant. It enables RISC-V, which is highly customizable but often lacks proprietary certified safety features, to be reliably utilized in deeply embedded and edge safety-critical domains (like automotive, avionics, and industrial control).
• Flexibility and Portability: Since the safety mechanism is implemented in software via a library, it offers greater flexibility, configurability, and potential portability across various non-natively safe multicore microcontrollers.