For developers using RISC-V-based platforms, the architecture offers unique features that can help achieve functional safety and security objectives. From its open architecture to a rich tools ecosystem, safety-critical software teams see benefits in meeting the guidelines of DO-178C and ISO 26262, for example, and opportunities to reduce compliance effort.
Understanding how to map RISC-V’s modularity, simplicity, and extensibility to industry standards can be difficult. This article explains seven ways developers can take advantage of RISC-V to achieve compliance for certified safety-critical systems.
Reduced system complexity
RISC-V’s open standard instruction set architecture (ISA) offers several certification advantages over proprietary architectures. For example, its clean-slate design eliminates the legacy compatibility constraints of traditional architectures, which often complicate safety certification. ISA’s small base integer set allows processor designers to implement only the needed features without introducing unnecessary complexity and overhead.
This simplicity also reduces the challenges of building and verifying deterministic systems and their potential attack surfaces, which are key considerations for certification authorities.
Under its royalty-free license, developers don’t incur additional costs when modifying RISC-V implementations for specific use cases. The platform also contains no sensitive IP, limiting a manufacturer’s potential liability for its design.
Hardware-software interface specifications
ISO 26262 requires precise documentation of hardware-software interfaces (HSI). RISC-V’s modular design supports this requirement by clearly separating ISA’s base functionality from its extensions. When implementing custom extensions for safety features, teams can document these additions separately while maintaining standard interface documentation for the base architecture. This separation supports certification requirements for interface specification and verification and makes it easier to capture requirements traceability.
Deterministic execution
DO-178C establishes a need for the analysis of worst-case execution timing (WCET), discussing it in §6.3 (Software Reviews and Analyses), §6.3.4 (Reviews and Analyses of Source Code), and §11.20 (Software Accomplishment Summary). Guidance for proving that execution times never exceed their allotted window is provided by EASA AMC 20-193 and FAA AC 20-193.
RISC-V’s strategy for managing cache memory offers advantages in fulfilling these requirements by enabling deterministic execution at runtime. The capability to implement level 2 cache memory mapping as RAM gives developers increased control over system latencies and assists in worst-case execution time (WCET) analysis needed for certification.
Implementing dissimilar redundancy
RISC-V’s open architecture helps developers implement dissimilar redundancy mechanisms for systems requiring DO-178C Design Assurance Level A (DAL-A). They can employ different processor configurations within the same system or select diverse RISC-V vendor solutions while maintaining architectural consistency. They can also choose to use completely different architectures for mixed-criticality systems with varying safety requirements and certification levels.
These approaches simplify the certification evidence needed for common-mode failure protection.
Support from a growing ecosystem
A growing ecosystem of hardware and software suppliers recognizes the value of RISC-V. In 2023, Nvidia, Qualcomm, Andes, Google, and other companies launched the RISC-V Software Ecosystem (RISE) project to accelerate RISC-V adoption in consumer electronics, data centers, and automotive products.
The maturity of RISC-V development tools and verification environments supports certification activities across the development lifecycle. Newer tools, such as LDRA’s target license package (TLP) for RISC-V architectures, provide capabilities essential for safety certification, including:
- Requirements traceability to architectural features
- Multi-core code coverage analysis
- WCET measurement for AMC 20-193 compliance
- Unit- and system-level testing on both simulated and physical RISC-V processors
Industry support from vendors simplifies the qualification process with a high-assurance workflow that reduces overall verification and documentation effort.
Safety-certified IP cores and components
The availability of pre-certified RISC-V IP cores from vendors such as Microchip, SiFive, and CAST reduces certification effort. These components often include integrated safety features such as error detection and correction, watchdog timers, and memory protection units. When implementing these pre-certified cores, development teams can leverage existing documentation, reducing the scope of required certification evidence.
Vendors like Frontgrade Gaisler provide radiation-hardened RISC-V hardware for specialized applications like space systems. This broadens RISC-V’s use cases, allowing teams to deliver precisely what’s needed while maintaining certification rigor.
Reduced supply chain risks
Safety certification processes require comprehensive documentation of supply chain integrity. RISC-V’s open model addresses this requirement by enabling multiple sourcing strategies. Development teams can implement identical processor configurations from different vendors, facilitating both supply chain diversity and safety case documentation.
This architectural independence becomes valuable for long-lifecycle aerospace and automotive applications when documenting continued airworthiness or automotive safety integrity level (ASIL) compliance. Switching suppliers without architectural changes simplifies the recertification process when components become obsolete.
Combining architectural benefits, expanding tool support, and pre-certified components makes RISC-V more appealing for safety-critical applications. By thoughtfully addressing certification requirements during implementation, embedded development teams can use RISC-V’s features to simplify the certification process while ensuring system safety and reliability.
About the Author
Jay Thomas, technical development manager for LDRA, has worked on embedded controls simulation, processor simulation, mission- and safety-critical flight software, and communications applications in the aerospace industry. His focus on embedded verification implementation ensures that LDRA clients in aerospace, medical, and industrial sectors are well grounded in safety-, mission-, and security-critical processes. For more information about LDRA, visit http://www.ldra.com
