SentryCore: A RISC-V Co-Processor System for Safe, Real-Time Control Applications
Michael Rogenmoser, Alessandro Ottaviano, Thomas Benz, Robert Balas, Matteo Perotti, Angelo Garofalo, Luca Benini
TL;DR
The paper tackles the need for dependable real-time safety-critical control within heterogeneous mixed-criticality systems by providing a vendor-neutral, open-source RISC-V co-processor platform. It introduces SentryCore, a 32-bit mega-IP built around three CV32RT cores in lockstep with ECC memory, fast interrupt handling via a fastirq extension, and a real-time iDMA, all designed for AXI4 integration. Key contributions include ultra-low interrupt latency ($6$ cycles), context-switch time under $110$ cycles, software-based fault recovery within $600$ cycles, and a radiation-conscious floorplan in Intel $16$ nm, achieving $500$ MHz operation and around $50$–$70$ mW. This open platform enables license-free exploration of safe, real-time control for automotive, robotics, avionics, and space domains and lays groundwork for extending reliability to the interconnect in future work.
Abstract
In the last decade, we have witnessed exponential growth in the complexity of control systems for safety-critical applications (automotive, robots, industrial automation) and their transition to heterogeneous mixed-criticality systems (MCSs). The growth of the RISC-V ecosystem is creating a major opportunity to develop open-source, vendor-neutral reference platforms for safety-critical computing. We present SentryCore, a reliable, real-time, self-contained, open-source mega-IP for advanced control functions that can be seamlessly integrated into Systems-on-Chip, e.g., for automotive applications, through industry-standard Advanced eXtensible Interface 4 (AXI4). SentryCore features three embedded RISC-V processor cores in lockstep with error-correcting code (ECC) protected data memory for reliable execution of any safety-critical application. Context switching is accelerated to under 110 clock cycles via a RISC-V core-local interrupt controller (CLIC) and dedicated hardware extensions, while a timer-based direct memory access (DMA) engine streamlines sensor data readout during periodic control loops. SentryCore was implemented in Intel's 16nm process node and tested with FreeRTOS, ThreadX, and RTIC software support.