Safety critical Vulkan standard for graphics and computing

Technology News | March 1, 2022

By Nick Flaherty

Automotive GPU medical

The Khronos group has released a standard for safety critical GPU graphics and computing.

The royalty-free Vulkan Safety-Critical (SC) 1.0 API Specification is designed to support safety-critical industries using the latest graphics and AI processors. The group has also developed an open source Conformance Test Suite, and multiple vendors have shown conformant Vulkan SC 1.0 implementations.

While the APi is aimed at automotive developers, it is also suitable for safety critical medical and industrial applications. Where a compute or display system failure would pose a significant safety risk it is critical that systems meet safety-critical standards such as RTCA DO-178C Level A / EASA ED-12C Level A (avionics), ISO 26262 ASIL D (automotive), IEC 61508 (industrial), and IEC 62304 (Medical).

Working group reconciles safety, high performance computing

To streamline system-level safety-critical certifications, system components such as acceleration APIs should be streamlined as far as possible to reduce documentation and testing surface area, have deterministic behaviour and predictable execution times to simplify design and testing and implement robust and unambiguous fault handling. The Vulkan SC 1.0 specification uses the Vulkan 1.2 API to meet these requirements while delivering state-of-the-art graphics and compute acceleration. Vulkan SC also decouples software and hardware development for easier integration of new hardware components and software reusability across platforms and system generations.

“Vulkan 1.2’s modern design for explicit control over GPU resources was the ideal foundation for building this next-generation safety-critical GPU API that provides significantly increased performance and control over graphics and compute dataflows than was possible with OpenGL SC 2.0,” said Steve Viggers, of CoreAVI and Vulkan SC working group chair. “Vulkan SC 1.0 enables detailed design and control of device scheduling, synchronization, and resource management, making it the ideal API for developing the next generation of safety-critical graphics and compute applications targeting modern GPUs.”

Vulkan SC removes functionality from Vulkan that is not needed for safety-critical markets, increases the robustness of the specification by eliminating ignored parameters and undefined behaviours, and enables enhanced detection, reporting, and correction of run-time faults. Vulkan SC 1.0 is also aligned with the MISRA C software development guidelines for embedded code safety, security, portability, and reliability.

Vulkan SC increases determinism and reduces application size by shifting preparation of the run-time application environment either offline, or into application setup, as much as possible. This includes offline compilation of graphics pipelines that define how the GPU processes data, together with static memory allocation, that together enable detailed GPU control that can be rigorously specified and tested.

All Vulkan SC pipelines are compiled offline and can be statically analyzed to understand the dataflow and the amount of memory used by the pipeline processing. The memory needed for pipeline execution can then be reserved at device creation time as fixed size pools to minimize memory usage and avoid the need for runtime memory allocation. Similarly, Vulkan SC enables the application to statically preallocate the upper bound of application memory requirements, avoiding the need for runtime dynamic memory management.

Suppliers

Various GPU IP and chip providers are supporting the standard, including ARM and Imagination Technologies in the UK and Nvidia in the US.

“Functional safety is paramount for any autonomous system deployed in vehicles, robots, factories and beyond,” said Tom Conway, senior director of product management, Automotive and IoT Line of Business at ARM. “Through our partnership with CoreAVI and The Khronos Group, we’re addressing the complex requirements of autonomous use cases using ARM’s first high-performance, safety-capable GPU, Mali-G78AE, and ISO26262-certified Vulkan SC drivers, Mali-G78AE VKCore. The release of Vulkan SC 1.0 marks an important milestone in enabling developers to leverage the full capabilities of safety-capable Mali GPUs and create robust code for safety-critical use cases.

“As a long-standing advocate of Khronos safety APIs we were proud to be one of the first supporters of OpenGL SC 2.0. We are committed to delivering best-in-class safety drivers, working closely with Khronos on the definition of Vulkan SC for next-generation safety-critical use cases in automotive and beyond,” said said Janos Lakatos, Director of Software Engineering – DDK safety-critical at Imagination Technologies.

“Vulkan SC will broaden the adoption of GPU acceleration in safety-critical systems and real-time applications. Vulkan SC 1.0 is a significant milestone and Nvidia is proud to have participated in its design at Khronos,” said Kevin Flory, vice president of automotive software at Nvidia. “We have conformant Vulkan SC 1.0 running today on our DRIVE and Jetson platforms, which was critical to proving the API’s architecture, and we will be rolling out drivers to our developers during 2022.”

Vulkan SC Conformance Test Suite

The Vulkan SC Conformance Test Suite (CTS), built upon the robust Vulkan CTS, is an important tool for API implementers to exercise the completeness of their implementations. The rigorous CTS also assists system integrators to confirm specification compatibility while maximizing software portability and reuse across systems. Conformant Implementations are running today on CoreAVI’s VkCore SC graphics and compute drivers, and Nvidia DRIVE and Jetson Platforms.

www.kronos.org

Industry feedback on the specification is welcome at the Vulkan SC specification GitHub repository.