



IST-214373 ArtistDesign Network of Excellence on Design for Embedded Systems

Progress Report for Year 1

### Transversal Activity: Industrial Integration

Transversal Activity Leader: Professor Alberto Sangiovanni Vincentelli, PARADES <u>http://www.eecs.berkeley.edu/~alberto/</u> <u>http://www.parades.rm.cnr.it/</u>

Policy Objective (abstract)

Each of the ArtistDesign Thematic Clusters (WP3-WP6) is important *per se* for advancing the state-of-the-art in embedded system design. However, if we wish to have a strong impact on industry and society at large, the results of the thematic clusters have to be harmonized in an overall design flow that can sustain the industrial embedded design chain from conception of the product to its implementation. This transversal activity is intended to define design flows and methodologies for two or three industrial segments leveraging the research carried out in the Thematic Clusters. This deliverable summarizes the achievements of the activity during Y1 of ArtistDesign.



### Versions

| number | comment                                  | date                           |  |
|--------|------------------------------------------|--------------------------------|--|
| 1.0    | First version delivered to the reviewers | December 19 <sup>th</sup> 2008 |  |

### **Table of Contents**

| 1. Ove   | rview                                                                  | 3  |
|----------|------------------------------------------------------------------------|----|
| 1.1      | High-Level Objectives                                                  | 3  |
| 1.2      | Industrial Sectors                                                     | 5  |
| 1.3      | Main Research Trends                                                   | 5  |
| 2. Stat  | e of the Integration in Europe                                         | 7  |
| 2.1      | Brief State of the Art                                                 | 7  |
| 2.2      | Main Aims for Integration and Building Excellence through ArtistDesign | 7  |
| 2.3      | Other Research Teams                                                   | 8  |
| 2.4      | Interaction and Building Excellence between Partners                   | 8  |
| 2.5      | Interaction of the Transversal Activity with Other Communities         | 9  |
| 3. Sum   | nmary of Activity Progress                                             | 10 |
| 3.1      | Technical Achievements                                                 | 10 |
| 3.1.1    | 1 Foundations                                                          | 10 |
| 3.1.2    | 2 Automotive Applications                                              | 12 |
| 3.1.3    | 3 Wireless Sensor Networks and Intelligent Buildings                   | 18 |
| 3.1.4    | 4 Storage Devices, Health Care and Other Applications                  | 20 |
| 3.2      | Individual Publications Resulting from these Achievements              | 23 |
| 3.3      | Joint Publications Resulting from these Achievements                   | 26 |
| 3.4      | Keynotes, Workshops, Tutorials                                         | 28 |
| 4. Ove   | rall Assessment and Vision                                             |    |
| 4.1      | Assessment for Year 1                                                  | 36 |
| 4.2      | Overall Assesment since the start of the ArtistDesign NoE              |    |
| 4.3      | Indicators for Integration                                             | 36 |
| 4.4      | Long-Term Vision                                                       | 37 |
| 5. Trar  | nsversal Activity Participants                                         |    |
| 5.1      | Core Partners                                                          |    |
| 6. Inter | rnal Reviewers for this Deliverable                                    | 51 |



### 1. Overview

#### 1.1 High-Level Objectives

Each of the ArtistDesign Thematic Clusters (WP3-WP6) is important *per se* for advancing the state-of-the-art in embedded system design. However, if we wish to have a strong impact on industry and society at large, the results of the thematic clusters have to be harmonized in an overall design flow that can sustain the industrial embedded design chain from conception of the product to its implementation.

The chains vary in length and players according to the industrial segment addressed: for example, the design chain in automotive electronics starts with the car maker (e.g., BMW, Daimler Chrysler, Peugeot, Fiat), goes through the Tier 1 suppliers (e.g., Contiteves, Bosch, Magneti Marelli) and connects to the Tier 2 suppliers (e.g., FreeScale, ST, Infineon, Hitachi). It often includes IP providers such as programmable cores, RTOS and software development tool providers and design service companies. In the mobile communication domain, the chain starts with the application developers (e.g., gaming and video content), includes the telecommunication operators (e.g., Telecom Italia and Telefonica), the device makers (e.g., Nokia and Ericsson), the silicon makers (e.g., TI, Qualcomm and ST) and outsourcing manufacturing companies (e.g., Flextronics).

Today, there is stress in the chain as the technology advances may create opportunities to redefine the roles of the various players. In addition, the system integrators are often faced with an almost impossible task of composing their design out of parts supplied by companies whose design methods and standards are widely different and about which they have limited or no information. There is a need for an all-encompassing approach to system design that can make an entire industrial segment work as a virtual vertically integrated company. The benefits of these flows and methods are obvious as they provide shorter time to market and better quality designs but require a will of the industrial segment to work together towards this goal. In the automotive domain, Autosar is an excellent step in that direction. Other industrial segments are less cohesive in searching for a unified approach to design. In addition, society concerns such as energy, health and environment conservation, are offering new business opportunities for emerging technologies such as wireless sensor networks. The difficulty in these new opportunities resides in lack of standards and of experience with new communication concepts and, last but not least, in security.

We believe that all the thematic clusters bring something important to all industrial segments, but we need to pay attention to the way the results obtained by the clusters are formulated. Integration is a matter of modelling and providing interfaces that guarantee that the properties of the components are maintained after integration. Integration takes two forms: an horizontal one where different IPs coming from different companies or from different design groups in the same company have to be assembled; a vertical one, where the requirements are clearly and possibly formally communicated from a higher level player to a lower level one and where the information about the capabilities and limitations of the IPs are unambiguously communicated from the lower level to the higher level. The ultimate goal of this activity is to provide the "meta rules" according to which the design transformations are carried out and interfaces are built and hence to provide strong guidance to the clusters to make their results more relevant and applicable. Understanding the roles and dynamics of an existing, well-established, vertical industrial segment is a complex task. We could only imagine the complexity of industrial segments that are coming together in these years. While we do target some industrial domain to be the driver for this activity, we understand that our research is going to be more relevant and better quality if we can distil some common traits of these domains and work with those to choose at a later date which particular chains to address.



The transversal activity hence has two prongs:

- to dive into particular vertical industrial segments and package design methods out of the thematic cluster results for the segments;
- to identify some important common features among verticals and work towards developing methods to address these topics.

We note that the two concerns objects of the Transversal JPRAs (**predictability** and **adaptability**) are common to almost all industrial concerns: For this reason, they provide a framework to start the work on integration driven by industrial applications. Predictability has been a goal since the beginning of the modern industry: predicting the capabilities of existing components allows to come to market faster with new products and prevents taking dead ends, predicting the effort needed to develop parts of the design and to integrate it correctly prevents early recalls and associated costs. The faster is the dynamics of the industry, the more important is to have predictability in design.

Adaptability is the property of a design to be adapted to changing environments and working conditions. Reconfigurability, programmability, dynamic restructuring are all facets of adaptability. Novel approaches to communication could benefit greatly from adaptability. In fact, much research is being carried out to design devices that could sense available bandwidth and adapt the communication protocol to the most convenient band at the time.

We believe that it will be eventually easier to compose the vertical design industrial flows once these two sub-flows have been examined and results obtained. In addition, being generic concerns they do not require effort from the academic partners to understand the *modus operandi* of entire industrial segments and offer a shorter time to results.

The vertical industrial segment motivated prong will begin by bringing up-to-speed the largest possible number of participants to the logic of the design chain by organizing workshops for discussion with the participants to the chain.

We proposed at the onset of the activity to target Automotive, Nomadic and Health Applications as potential vertical segments where we have a range of maturity from well-established (automotive) to emerging (health). At the recent meeting in Rome of the Artist Design partners, the three vertical markets of interest were identified as:

- 1. Automotive/avionics since we noted a strong similarity in the overarching issues faced by these two industrial segments that are driven by safety concerns and have to consider distributed implementations;
- 2. Health applications with particular emphasis on equipment design and manufacturing;
- 3. Energy efficient buildings, a novel field of great interest to the European Community as well as to the rest of the world as 30% of energy consumption is considered to be in commercial buildings.

These applications address an established area of excellence of European Industry where international competition is fierce, an area of growth where again European Industry has a strong position but where the dynamics are fast and new applications are envisioned in strategic areas such as elderly care, and a new area with great potential where energy conservation concerns are going to place a great political emphasis.

Given the nature of this work, the main participants in the cluster are the groups that have industrial vocation such as PARADES, ESI, OFFIS, and IMEC.



#### 1.2 Industrial Sectors

This transversal activity is intended to funnel the results of the thematic clusters and of the other two transversal activities towards industry, thus maximizing the impact of DesignArtist findings. We expect the impact to be above and beyond the industrial segments identified above (automotive/avionics, health care and energy efficient buildings). In particular, we expect that the nomadic and consumer sectors be also impacted albeit some of the issues typical of these two vertical domains are substantially different from the others.

#### 1.3 Main Research Trends

The advancement of the embedded system research activities in Academia and research institutions has been gaining momentum over the past few years. Some industrial segments, typically avionics and automotive, have been also progressing in the use of tools and methodologies that have improved productivity and design quality albeit the advancements have not been uniform across companies and divisions inside the same company.

In particular, *model-driven design* is becoming a standard. In this methodology, the design is captured and analyzed at the functional level with simulation tools and in some limited cases, with formal analysis techniques. The most used flow especially in the avionics/automotive domain is the Simulink Mathworks flow that uses Real Time Workshop (or dSpace, TargetLink) to generate implementation code on the most used single-processor platforms. Other industrial approaches are based on UML and the associated tools provided by IBM (Telelogic and Rational). There has been strong interest in defining UML profiles that are dedicated to real time embedded systems: in particular, SysML is gaining a broad attention. However, in both cases (but more visibly in the UML design flow), the semantics of the design has not been captured well enough to allow for formal analysis. The SPEEDS IP aims at improving substantially the quality of the embedded system design process by providing formal contractbased models that capture not only the functional aspects of the design but also the non functional ones such as power and timing with the Hierarchical Rich Component modelling approach. In this approach, the model can be mapped into the format accepted by advanced academic tools such as BIP so that formal analysis and simulation of the design can be carried out in a rigorous way. Since non functional aspects of the design are well-captured, novel timing analysis tools that are commercially available and that have been originally developed by Artist Design Partners such as SymTA (Rolf Ernst) and Absint (Rheinhard Wilhelm), can be used.

We believe that the main issue is not one of modelling and tool usage but one of adopting and enforcing an appropriate methodology that could embrace advanced modelling and could use new generation tools. The aim of the transversal activity is indeed to study and propose to our industrial partners this approach. We do not expect to have an immediate success in having industry adapt the design flows since the tools and approaches are fairly sophisticated and require a quantum leap in the technical background of the designers.

The research trends in this domain is then to identify common layers of abstraction that favor the communication along the supply chain across company boundaries and the design chain inside each company. In addition, industry is pushing towards a better design capture methodology and formal model to allow for stronger verification and validation. In the case of the transportation and military industry, there is increased activity in design for certification. Certification is about design processes and not about the behavior of the artifact. We believe there will be a trend towards making the actual behavior of the artifact be certified which will in turn force companies to adopt rigorous methodologies for modeling and analysis.

Another important research trend to consider is how to accommodate the increased attention to energy efficiency. On October 21st, the US National Science and Technology Council



(NSTC) released a report describing R&D activities that could decrease use of natural resources and improve indoor environments while reducing greenhouse gas emissions and other harmful pollutants from the building sector. The report, *Federal R&D Agenda for Net-Zero Energy, High-Performance Green Buildings*, was produced by the NSTC's Buildings Technology Research and Development Subcommittee under the auspices of the Office of Science and Technology Policy (OSTP) in the Executive Office of the President. Commercial and residential buildings consume about one-third of the world's energy. In particular, U.S. buildings account for more than 40 percent of total U.S. energy consumption, including 72 percent of electricity generation. If current trends continue, by 2025, buildings worldwide will be the largest consumer of global energy, consuming as much energy as the transportation and industry sectors combined.

Building systems are characterized by uncertain process dynamics; time-varying behavior; multiple objectives (cost functions) that change over time (water usage for evaporative cooling, peak electrical power); and environmental effects (disturbances) such as ambient temperature and humidity, solar radiation, and user behavior. The challenges posed to the research community are large. The actual situation in bulding management is worrisome. The level of sophistication of building managers, of commissioning personnel and of building management companies is very low. Simple minded control laws are implemented on information systems that are under dimensioned with respect to the needs of a comprehensive design approach. The research agenda here is to tie together the various aspects of building management, e;g., Heating, Ventilation and Air Conditions (HVAC), lighting and safety (fire and intrusion alarms, egress systems) into an integrated monitoring and control system. This action must include research on hierarchical multi-objective control, distributed system design, sensor and actuator selection and positioning. The systems must be adaptive, predictable and fault tolerant. The research agenda in the design and operation of energy efficient buildings is fully consistent with the thematic clusters and with the transversal integration activities. The role of industry here is very relevant as the important aspects to take into consideration when developing algorithms and methodology cut across multiple domains and company boundaries. The industrial landscape is moving at an interesting pace: players are repositioning to take advantage of the concerns dictated by the political climate on energy issues. For example, equipment companies are now setting up new system divisions to address the integration problems. This situation offers this transversal activity a unique opportunity to influence the way industry is looking at the problem. There is a new term being used in the research community interested in this area: systems of systems, meaning that the level of integration needed here is one or more levels above what has been done today in other industrial sectors such as automotive.



### 2. State of the Integration in Europe

#### 2.1 Brief State of the Art

As in the other transversal activities, it is almost impossible to provide a BRIEF state of the art of integration in Europe since this activity involves many different aspects in many different industrial segments. This transversal activity not only feeds from the thematic clusters but also from the other two transversal activities. Hence, the state of the art in each of the thematic clusters and transversal activities are propedeutic to this section and will not be repeated here.

In general, research activities tend to focus on specific problems and to develop techniques that are aimed at solving well defined aspects of these problems. This transversal activity is about integration at the industrial segment level transcending companies' boundaries and actually helping to integrate better the activities across the supply chain. In addition, the activity aims at providing inputs to the Artist Design community on how to interface methods and tools so that an overall methodology can be assembled. Today, integration at this level is vigorously pursued in Europe in some industrial segments (most notably the automotive domain) but it still needs years to come up with an agreed upon solution. In the energy efficient building domain achieving integration even inside single company boundaries is a difficult proposition. The potential impact of a research aimed at developing this overarching vision cannot be overemphasized. The objective is ambitious and it needs attention at the community level: a single research group does not have the breadth or the muscles to develop this vision.

The automotive industrial segment with the Autosar initiative has an important message about the integration of the design chain and advocates the adoption of standards in interfaces and operating systems. We actually believe that much more work needs to be done at the semantics level and at the non functional aspects of design. The work carried out in SPEEDS is an example of how to address these problems not only in the automotive domain but also in the avionics domain albeit limited to higher levels of abstraction. The CESAR Artemis project is about taking the work of SPEEDS to a new level of sophistication and to extend its reach to implementation issues. The large participation of industrial concerns in CESAR and SPEEDS that involve OEMs, Tier 1 suppliers and tool providers bodes well for the activity of this transversal activity.

In September 2008, the new KTH Centre in Embedded systems - ICES, joining forces from several research groups at KTH and industry (ABB, Enea, Ericsson, Scania, Stoneridge and ÅF) was founded. Key goals of the centre include acting as a catalyst for improved interactions between academia and industry, and between the member companies. The centre has a focus on embedded systems engineering and science, emphasizing system design, architecture and methodology. For this reason, KTH has been added to the core team for the Transversal Activity. We expect major contributions from this team.

#### 2.2 Main Aims for Integration and Building Excellence through ArtistDesign

This transversal activity is intrinsically about integration. Integration is across the various partners who are active in it as well as across the different thematic clusters and other transversal activities. Since our aim is about integration of other groups in Artist Design we are depending on the delivery of their findings to build an effective approach to the design integration across industrial segments. We also aim at integrating our work with the work in other industrial and academic communities. The interaction with US companies and research organizations is documented in the activity report about the workshop on CyberPhysical Systems where industry, academia, and government agencies came together to discuss how to approach the new generation challenges posed by the closer interaction between the



physical world and computing. Also the topical event in Rome saw the participation of companies that are not (yet) in the Artist Design community as well as US companies who are interested in exchanging notes and results with our community. The special automotive day at DATE was also an important step in integrating communities involved in IC design, Tier 1, tool providers and OEMs in Europe and US.

The industrial integration activity is intented to last beyond the period in which ArtistDesign will be funded. It does have important links with large European projects (SPEEDS and CESAR) and with industry independently. Partners OFFIS, ESI, IMEC and PARADES are directly connected with industry in deep ways. They will provide the backbone of the activity of industrial integration during the years.

#### 2.3 Other Research Teams

The main teams in Europe who are active in industrial flows are all included in ArtistDesign. Of course, the teams do not cover all industrial domains with the same intensity as automotive. The historical Artist group had had their main focus placed on embedded software. In ArtistDesign the periphery has been augmented to include some teams that have architecture, SoC and control expertise that are a necessary complement to the core strength to address the industrial integration issues. Connections to the HYCON NoE (<u>http://www.ist-hycon.org/</u>) are present via PARADES who coordinates the industrial integration of this NoE. However, people involved in industrial integration activities based on control such ETH's Morari and Lygeros are not present in ArtistDesign. We do have strong relations with Manfred Morari and John Lygeros of ETH who are instrumental in defining the next generation distributed architecture for control applications including wireless sensor networks and we have leveraged this contact when including Danfoss, which collaborates with Manfred Morari, in the Rome event.

The communication field is a main focus of parallel groups in the US especially in the area of military applications sponsored by DARPA (e.g., UCLA (Estrin), Berkeley (Culler, Pister, Rabaey), Washington (Borriello)). In Europe, research in wireless sensor networks and their applications is carried out in several academic and industrial research groups. In particular, University of L'Aquila, Politecnico di Torino and TU Berlin

Research groups in the US that work on the issue of industrial integration among others are CHESS (Berkeley), GSRC (multi-university program sponsored by the Semiconductor Industry Association and DARPA), and ISIS (Vanderbilt). Teams at CMU have strong industrial program that culminated with the victory of the DARPA Urban Challenge of the GM-CMU team. The double appointment of Alberto Sangiovanni Vincentelli with Berkeley offers an opportunity to link tightly with these groups. In addition, the COMBEST project whose partners are for the large part participating to ArtistDesign has an international collaboration also at the industrial level (for example, UTC, GM, and Cadence) so that proficuous interactions are guaranteed.

#### 2.4 Interaction and Building Excellence between Partners

The core groups are internationally renowned in their area of industrial interest. All have multiple industrial segment contacts (transportation, IC, printing, health care, entertainment, consumer, nomadic, security, buildings). They act as agents of change and of spread of excellence in the ArtistDesign community with respect to relation with industry. The interactions with the other clusters and transversal activities are at their inception. Since we selected the final focus area recently, we expect to engage the cluster partners with additional impetus.



#### 2.5 Interaction of the Transversal Activity with Other Communities

The partners for this activity are the majority of the partners in ArtistDesign. Their interactions with the communities are massive. Most of these interactions have been documented in the reports for the other sections. However, we would like to stress here the connection with HYCON that has not been reported elsewhere. The research communities that are connected with this activity include artificial intelligence, high-performance computing, wireless sensor networks, building optimization, IC design, and mechanical engineering. We are connected UC Berkeley, CMU, UCLA, Vanderbilt, University of Pennsylvania, Columbia University, Cadence, General Motors, Xilinx, Qualcomm, UTC and Stevens Institute in the US. In Asia, we are connected with Kyushu University, Hitachi, Toshiba, Panasonic, Samsung and Centre for Embedded Software Technology (CEST).



### 3. Summary of Activity Progress

#### 3.1 Technical Achievements

#### 3.1.1 Foundations

#### Case Study of Formal Performance Modeling and Analysis of a Multiprocessor System On Chip (TU Braunschweig, STMicroelectronics, École Polytechnique de Montréal)

TU Braunschweig has continued its collaboration with STMicroelectronics that was started towards the end of ARTIST2 NoE. The focus was to benchmark the state of the formal compositional analysis methods for the industrial partners, for which we have investigated an elaborate case study. A realistic application was provided by the École Polytechnique de Montréal, STMicroelectronics supplied the hardware models, and TU Braunschweig conducted (and extended) the formal analysis. The results have been made published in [SNN+08], and are used internally at STMicroelectronics.

#### Component-based service model (DTU, B&O ICEpower)

DTU has together with B&O ICEpower developed a component-based service model which allows for early exploration and performance estimation of MPSoC based systems. A service execution model is a behavioural implementation of the services offered by a component. Depending on the level of abstraction used to describe the service execution model, a service can represent anything from the execution of a task or a function to arithmetic operations or actual instructions. The service execution model defines which services are provided, how their behaviour is implemented and their latency.

The service execution models uses a simulation based approach, that enables designers to extract detailed quantitative information regarding the runtime properties of the components being modelled e.g. execution profiles, resources utilization, memory usage, communication channel utilization, stalls and their causes, etc., and, thus, directs the designer to the best suited configuration of a given system [THMJ08,THM08].

#### Compilation tools for embedded processors (TU Dortmund)

TU Dortmund is cooperating with its spin-off ICD (see <u>www.icd.de</u>) in the area of compilation for embedded processors. Customers are typically semiconductor providers. The underlying development environment is also used at TU Eindhoven. There is also cooperation with AbsInt in the area of worst-case execution time aware compilation, an area linking compilers and timing analysis. The cooperation uses the aiT commercial timing analysis tool. The group and its spin-off also cooperate with IMEC in the MNEMEE project, where Thales and Intracom are industrial partners.

#### Apollo Technology Aware Architecture (IMEC, Samsung)

IMEC has continued the Apollo research project in cooperation with Samsung. IMEC aims to design processor architectures for wireless communication that take into account the characteristics of sub-45nm CMOS technology. The resulting processors should also be extremely power-efficient, and allow a high level of parallel computing. In 2008, IMEC worked on the next generation of its ADRES (architecture for dynamically reconfigurable embedded system) processor template. The goal is to enable compiled concurrent multithreading and reduce power consumption. A second focus is on developing a new low-power ASIP (application specific integrated processor) for flexible forward error correcting codes.



#### Apollo Multiprocessor system-on-chip (MPSoC) design (IMEC, Samsung)

IMEC has continued the Apollo research project in cooperation with Samsung. IMEC's ambition is to design wireless and multimedia heterogeneous multiprocessor platforms with runtime management solutions needed to operate such platforms for the nomadic and consumer electronics domains. IMEC is currently developing methods for parallelizing application code and for mapping it on a homogeneous multiprocessor platform. In 2008, IMEC perfected its source code parallelization (MPA) and memory hierarchy (MH) tool for use on a multiple processors. This tool analyzes source code and automatically schedules the data transfers between the main memory and local scratch pad memory. And through cleaning the source code (CleanC), a first hurdle was taken towards using this memory hierarchy tool in multiprocessor systems.

#### Apollo Technology Aware Design (TAD) (IMEC, Qualcomm)

IMEC has continued the Apollo research project in cooperation with Qualcomm. Designing reliable platforms with variable and unreliable components is the target of the technology-aware design (TAD) program. IMEC tackles the TAD issue on 2 levels. First, it is developing a framework— variability-aware modeling (VAM)—to percolate information on variability and reliability from the devices of the platform all the way up to the architectural level. Second, runtime solutions are explored that will kick in and take countermeasures when variability and reliability issues arise during operation. In 2008, IMEC has successfully continued the deployement of VAM for percolating information on variability from the devices up to the system level. This information can be used for predictive assessment of architecture design options, and for identifying parametric yield problems before manufacturing.

#### Multi-processor design technology (IMEC, Toshiba)

IMEC has started a new research project in cooperation with Toshiba. The research agreement concerns IMEC's ADRES reconfigurable processor template, the DRESC compiler, and the MPSoC (multi-processor system-on-chip) suite of design tools. Toshiba will also cooperate with IMEC to develop processors and tools that enable gigabit/s demodulation. The MPSoC tools are a suite of tools to help build and map applications for multiprocessor platforms. The suite's first toolset, called CleanC, allows designers to write sequential, high-level code that is optimized for parallelization. The second toolset then enables mapping the sequential C code on a multiprocessor platform. MPSoC relieves the designers of having to code synchronization, data communication between threads, and memory organization. Thanks to the parallelization tools, for instance, several multithreaded versions of the same application can be explored in a short time. This greatly reduces the application complexity and design time, enabling designers to bring multiprocessor based embedded-system platforms faster to the market.

#### Communication-based Design (PARADES, Columbia, UCSD, UC Berkeley, UTC)

One of the high points of our research for the past year has been the communication-based design work which has continued to be a landmark in collaboration: Berkeley supported by Columbia delivered the first release of COSI (Communication Synthesis Infrastructure), a software framework for interconnect infrastructure synthesis integrated with Metro II and PARADES Desyre.

The framework allows developing specialized flows and tools for communication synthesis as exemplified by the release of COSI-NOC (Communication Synthesis Infrastructure for Network-on-Chips), a software toolkit for the automatic synthesis of synchronous networks-on-chip based on the platform-based design paradigm, and by COSI-BAD, for building automation



design. UCSD in collaboration with Berkeley, Columbia has developed a new generation of interconnect models to be used in the synthesis framework. The models have been calibrated to the 16nm node. The Team also developed ORION2.0, an extensive enhancement to the original ORION power-performance model for interconnection networks. http://embedded.eecs.berkeley.edu/cosi/Home.html

#### **Composing Hybrid Systems (PARADES)**

Hybrid systems are useful abstractions of embedded controllers. However, they are notoriously very difficult to verify as computation complexity grows quickly with the size of the hybrid system. We address the problem of building in a systematic way a compact representation of a hybrid system obtained by composing hybrid subsystems. This technique can be used as a front-end to any hybrid formal verification tool thus freeing the designer from the cumbersome and error-prone manual calculation of the composition and of its reduction. Critical to the efficiency of the method are:

- hiding the internal signals and synchronization events between components;
- eliminating locations that result in empty invariant conditions as well as non reachable locations;
- using the notion of equivalent locations for a labeled transition system associated to the hybrid system to compute an equivalent minimal realization of the composed hybrid system.

#### Contract-Based Design for Hybrid Systems (PARADES)

Contract-based design is an approach where the design process is seen as a successive assembly of components where a component is represented in terms of assumptions about its environment and guarantees about its behavior. In the composition, if assumptions of each component are contained in guarantees offered by the others, then the composition is well formed. We focus on contract-based design and the use of Heterogeneous Rich Component models for embedded controllers where the plant, sensors and actuators are described by hybrid systems. We assume that the components are assembled in a feedback configuration. The problem is to show that this composition satisfies requirements using the assumptions-guarantees of the plant, sensors, actuators and controller. To do so, we give rules on how to compose assumptions and promises for components in cascade and feedback configurations.We apply these rules to expose the actual calculation involved on a test case, a water-level control problem. We also show how to check that the requirements on the closed-loop configuration are satisfied, i.e., that they are contained in the promises of this configuration using a formal verification tool (Ariadne) for hybrid systems.

#### 3.1.2 Automotive Applications

#### Physical Architectures of Automotive Systems (PARADES, GM, Scuola di Sant'Anna)

The increase of electronic content in a car is a continuing trend that creates opportunities and challenges. The need of reducing energy consumption and pollution has created pressure for car makers to devise better control algorithms for engine and in general power train control. Alongside the appetite for consumer electronics and communication devices that the car buyers are demonstrating, there is also a growing concern about the number of lives that are lost in our roads due to accidents. Both in US and Europe, regulatory pressures on safety are evident. Safety is becoming a major driving force for the auto makers. Safety at a societal goal level aims at zero accident cars, albeit it is clear that this is an ideal situation that is likely never to be reached. Nevertheless it is certainly possible to increase safety of cars by orders of



magnitude. These advances can only be achieved with a tight integration of the control function of the car. Control for safety will demand that timing constraints on messages between subsystems to be met, failure to be communicated to the driver but also handled automatically by the car itself to take the driver to a safe location always and environmental conditions be detected and handled in realtime. These requirements need that OEMs, Tier 1 suppliers and semiconductor makers cooperate to define software, subsystems and IC components that can be corralled towards the overall safety goals. This research deals with the hardware architecture and component side of the equation. From hardware architecture point of view, there is a trend towards a move from federated architectures where one subsystem corresponds to a function, to an integrated one where functions are distributed across different ECUs. In this move, the interconnect infrastructure in use today that is fundamentally event driven does not offer the guarantees that are needed. Hence, there is a definite trend to move towards a time-triggered dominated architecture where timing guarantees and a degree of fault tolerance can be assured at the subsystem level. The FlexRay bus architecture and protocol will become a pervasive solution in the car of the future.

We presented a detailed discussion of the standard and of the design problems to be faced when using FlexRay. The fault tolerance requirements will have to be also addressed at a lower level of abstraction. The pressure from car makers and Tier 1 suppliers on semiconductor makers to provide zero defect parts is mounting. With decrease in feature size, the difficulty of reducing faulty parts is increasing, hence posing fundamental design issues at the chip architecture level. A discussion of novel safety driven standards, of the trends and challenges in designing future chips and chip sets was offered.

#### The Tire as an Intelligent Sensor (PARADES, Accent, Pirelli, ST, UC Berkeley, UMC)

Active safety systems are based upon the accurate and fast estimation of the value of important dynamical variables such as forces, load transfer, actual tire-road friction (kinetic friction), and maximum tire-road friction available (potential friction). Measuring these parameters directly from tires offers the potential for improving significantly the performance of active safety systems. We presented a distributed architecture for a data acquisition system that is based on a number of complex intelligent sensors inside the tire that form a wireless sensor network with coordination nodes placed on the body of the car. The design of this system has been extremely challenging due to the very limited available energy combined with strict application requirements for data rate, delay, size, weight and reliability in a highly dynamical environment. Moreover, it required expertise in multiple engineering disciplines including control system design, signal processing, integrated circuit design, communications, real-time software design, antenna design, energy scavenging and system assembly. The design process followed here had to integrate several international players in the design chain including a semiconductor foundry (UMC), semiconductor design houses (Accent), an IC company (ST), a tire company (Pirelli), a MEMS start-up company (ENCREA), and academics. The harsh operating conditions required aggressive design space exploration, not only for each individual component, but also for the system as a whole. The design methodology we adopted is platform-based-design. First, we separated the required functionality of the system from the available energy resources.





Figure 1. Layers of Abstraction used in PBD for the Intelligent Tire System

Note that although energy resources and the signal processing algorithms were decoupled, decisions made on the energy platform still impact which implementations are feasible for the application. Thus, an order is needed for design space exploration. Specifically, we first narrowed down the energy resources that suit our application to provide us with an energy budget. This result was then used as a constraint as we map the system functionality to hardware architecture. The next step in exploration was to map the application onto a set of algorithms, which directly constrain the type of signal acquisition and communication networks needed for the system. We should also note here that even though the communication and data acquisition functionalities of the system can be represented at the same level of abstraction using, for example, a dataflow model, we still orthogonalized the problem to reduce complexity at lower levels of exploration. The intricacies of the wireless communication problem required more levels of abstraction for efficient design space exploration, such as the MAC and the PHY layers of the OSI model, whereas the data acquisition network can be mapped directly to the circuit platform for physical implementation. At each level of abstraction shown in Figure 1, we mapped the propagated constraints onto a set of components that represent performance abstractions of lower level implementations.

# Software Components for Reliable Automotive Systems (PARADES, BMW, OFFIS, TU Vienna, Scuola di Sant'Anna)

Today's automotive electronics systems are often developed by car makers by assembling components that have been designed and developed completely or in part by suppliers. The value chain is traditionally targeted at simple, black-box integrated subsystems, where the requirements capture and the specifications issued to the OEMs consist of the message interface with their periods and general performance requirements, often without a detailed definition of the timing and synchronization properties and requirements of the communication protocols. When considering the increasing complexity of automotive architectures, the increased distribution of active-safety and future safety-critical functions, including by-wire systems, and the interdependency of these functions, the burden on the integrators is rapidly becoming unbearable. The OEMs are generally struggling to understand and control the emerging behavior of the complex distributed functions, resulting from the integration of subsystems. The source of these problems is clearly the increased complexity but also the difficulty of the OEMs in managing the integration and maintenance process with subsystems that come from different suppliers who use different design methods, different software architecture, different hardware platforms, different (and sometimes proprietary) Real-Time Operating Systems and middleware layers. Furthermore, there is limited understanding of how



to control the para-functional behavior of interacting modules, including the timing and reliability properties emerging from the composition. Therefore, there is a need for standards in the software and hardware domains that may allow plug-and-play of subsystems. The ability to integrate subsystems will then become a commodity item, available to all OEMs. The competitive advantage of an OEM will increasingly reside on novel and compelling functionalities. The possibility of defining components (subsystems) at higher levels of abstraction and with well-defined interfaces allows separation of concerns and improves modularity and reusability. Furthermore, the availability of verification tools gives the possibility of a design-time verification of the system properties. Possibly, components could be defined in such a way that their fundamental properties are preserved after composition, or the properties of the aggregate can easily be derived from abstract properties of its components. In this way, systems could be built so that they are correct-by-construction. The essential technical problem to solve for this vision is the establishment of standards for interoperability among IPs, both software and hardware, and tools. AUTOSAR, a world-wide development partnership including almost all players in the automotive domain electronics supply chain, has been created with the purpose of developing an open industry standard for automotive software architectures. To achieve the technical goals of modularity, scalability, transferability and re-usability of functions, AUTOSAR provides a common software infrastructure based on standardized interfaces for the different layers. The AUTOSAR project has been focused on the concepts of location independence, standardization of interfaces and portability of code. While these goals are undoubtedly of extreme importance, their achievement will not necessarily be a sufficient condition for improving the quality of software systems. As for most other embedded system, car electronics are characterized by functional as well as non functional properties, assumptions and constraints. In complex systems, component-based design may provide encapsulation and separation of concerns, and therefore improve reuse. Clearly, there are technical and business challenges to overcome. In particular, from the technical point of view, while sharing algorithms and functional designs seems feasible at this time, the sharing of safety-critical and hard real-time software requires substantial improvements in design methods and technology.

In the future scenario, in which application tasks from multiple Tier-1 suppliers are integrated into the same ECU, leveraging the standardization of interfaces allowed by AUTOSAR, protecting the tasks of each IP from the functional and timing errors of other IPs is of fundamental importance. Timing isolation is therefore required to provide for additional separation of concerns and protection. We provided additional details on the major challenges that the development of component-based methodologies and standards must face today. We provided a reasoned overview of the fundamental concepts and the main challenges in the development of the AUTOSAR standard. We highlighted the main principles of a component-based methodology that not only allows the static checking of interfaces, but also verification of behavioral properties and timing constraints. The approach is an extension of the AUTOSAR component model and includes a contract-based approach to interface specification that allows the use of timing analysis tools for the verification of end-to-end latencies. Finally, we defined the needs of a component-based methodology for the realization of integrated architectures. Focus is on the concepts of encapsulation, fault isolation and error containment, both at the functional and temporal level.

#### Linking SPEEDS with AUTOSAR (OFFIS, PARADES)

The integrated project SPEEDS has developed a layered meta-model of heterogeneous rich components (HRC) and standardized approaches for the integration of commercial industry standard modeling tools to assemble system-level design models with rich interface specifications by combining models expressed in any authoring tool compliant to the integration standard. A SPEEDS Automotive Day was organized to discuss with the automotive industry how the AUTOSAR methodology can be supported by SPEEDS technologies striving



to reconcile the advantage of early system-level analysis with the overall AUTOSAR objective of decoupling function design from its implementation. These results have been presented in several highly visible events, including the DATE 2008 Automotive Day, and a keynote presentation at the Annual Mathworks Automotive Conference 2008 in Stuttgart. More in depth technical discussion on the relation between Speeds HRC model and Autosar were conducted at meetings with BMW, Bosch, and Daimler.

OFFIS has become a development member of Autosar. This move was proposed to OFFIS by BMW, following in depth technical discussion on the link between the SPEEDS HRC metamodel and the Autosar meta-model regarding timing and safety aspects

# A Study on Monetary Cost Evaluation for the Design of Electrical Architectures for Automotive Product Lines (PARADES, GM, UC Berkeley)

An automotive product line is a group of products, i.e. vehicle configurations, sharing a common, managed set of features that satisfy specific needs of a selected market segment. Product line architecture encompasses a set of architecture instances, each of which represents a specific architecture that supports a particular vehicle configuration in the product line. One of the key challenges in the design of product line architecture is to provide a cost estimate related to architectural design decisions. An initial, but meaningful, cost model has been discussed for a specific architecture instance. This cost model is used to evaluate system cost drivers in response to various architectural decisions such as choosing a communication bus topology or mapping a function to hardware. The primary cost driver categories explored in the initial cost modeling effort are design and development, part fabrication and assembly costs. Extending this cost model to support the analysis of product line architecture is the focus of this paper. This extension handles a critical problem: quantifying and evaluating the cost of reuse. One of the biggest imperatives for automotive electrical architecture design is the need to maximize the degree of reuse of architectural elements across the entire product line which covers all the possible vehicle configurations. In order to achieve this, it may be tempting to use the standard rule of thumb of designing "one size fits all" type architecture, but this may not be cost optimal. At the other extreme, having a unique architecture (which does not share components or interconnections with architectures of any other vehicle configuration) for every vehicle configuration is unattractive as well. This work presents a cost model that analyzes monetary cost for product line architecture and facilitates the architect to move between the two extreme strategies in order to optimize the product line architecture relative to monetary cost. The paper illustrates the usefulness of such a methodology in a case study based upon the design exploration of product line architecture for an active safety subsystem.

# Safety Analysis of Real-Time Vehicle Networks (TU Braunschweig, Symtavision, Toyota ITC)

TU Braunschweig has initated a research project in cooperation with Toyota and Symtavision to explore the effects of errors on vehicle networks with real-time requirements. The project aims at developing effective formal analysis methods to verify safety properties of different network architectures. For this purpose Toyota has provided safety related design standards from different domains on which the research for well-suited methods is based, namely the domains automotive, rail, aerospace, and factory automation. The first phase of this cooperation focuses on existing approaches to characterize the degree of safety in real-time systems in general. For the future it is planned to adapt appropriate approaches to real-life network protocols like CAN or FlexRay.



# Fault-Tolerant Distributed Deployment of Embedded Control Software (PARADES, GM, UC Berkeley)

Safety-critical feedback-control applications may suffer faults in the controlled plant as well as in the execution platform, i.e. the controller. Control theorists design the control laws to be robust with respect to the former kind of faults while assuming an idealized scenario for the latter. The execution platforms supporting modern real-time embedded systems, however, are distributed architectures made of heterogeneous components that may incur transient or permanent faults. Making the platform fault-tolerant involves the introduction of design redundancy with obvious impact on the final cost. We developed a design flow that enables the efficient exploration of redundancy/cost trade-offs. After providing a system-level specification of the target platform and the fault-model, designers can rely on the synthesis of the low-level fault-tolerance mechanisms. This is performed automatically as part of the embedded software deployment through the combination of three steps: replication, mapping, and scheduling. Our approach has a sound foundation in Fault Tolerant Data Flows, a novel model of computation that simplifies the integration of formal validation techniques. We reported on the application of our design flow to two case studies from the automotive industry: a steer-by-wire system from General Motors and a drive-by-wire system from BMW.

#### Methods, Tools and Standards for the Analysis, Evaluation and Design of Modern Automotive Architectures (PARADES, VaST Systems, Saarland University, TU Braunschweig, Scuola di Sant'Anna)

The complexity of car electronic systems is rapidly growing, and the overall size of the embedded software in cars has now reached millions of lines of embedded code. Furthermore, the fundamental paradigm of system development in car electronics is changing. Vehicle architectures are still traditionally component or sub-system focused, where each function is deployed to an autonomous Electronic Control Unit (ECU), but the proliferation in the number of ECUs, subsystems and buses, and the increasing interdependency of functions makes these systems difficult to test and validate. A shift from the single ECU approach toward an increased networking of control modules within application domains (e.g. Powertrain) as well as across domains (e.g., Powertrain and Chassis) is now taking place. Furthermore, complex automotive functions, including active safety and safety critical systems, are characterized by non-functional requirements, including timing and performance, requirements for safety, and cost, together with reusability, flexibility, scalability and extensibility of the architecture artifacts. Model-based development allows the description at design time of the fundamental properties (functional and non functional) of the system in a user-friendly high-level modelling language, based on a mathematical formalism. The model is amenable to analysis by verification or simulation methods in order to detect and fix errors and performance issues at design time. When the model includes the architecture platform on which the functions are executed, the term virtual prototyping is also used. Later, the automatic derivation of implementation code from a high-level algorithmic representation of the function is typically performed, reducing substantially the time required for the coding and testing stages.

Most of the software functions developed today and possibly even more in the future, considering the upcoming X-by-wire systems are sensitive to time performance and possibly even time-critical. Real-time constraints require a model capable of expressing timing constraints and tools for the analysis of the average case as well as of worst-case behavior. System-level analysis and new modeling and analysis methods and tools are not only needed for predictability and composability when partitioning end-to-end functions at design time and later at system integration time, but also for providing guidance and support to the designer in the evaluation and selection of the electronics and software architectures. Architecture evaluation and selection is a vital stage with tremendous impact on the cost, performance and



quality of a vehicle architecture, typically performed years in advance of subsystem development and integration, in which model of the functions and of the possible solutions for the physical architecture need to be defined and matched to evaluate the quality and select the best possible hardware platform with respect to the performance, reliability and cost metrics and constraints.

In face of the development of larger and more complex applications, which are deployed with a significant amount of parallelism on each ECU and consist of a densely connected graph of distributed computations, and of new safety-critical functions, that require tight deadlines and guaranteed absence of timing faults, a new rigorous science needs to be established.

One of the major down-sides of priority-based scheduling of resources is that faulty, highpriority computation or communication flows can easily obtain the control of the ECU or the bus, subtracting time from lower priority tasks or messages. In the future scenario, in which application tasks from multiple Tier-1 suppliers are integrated into the same ECU, leveraging the standardization of interfaces allowed by AUTOSAR, protecting the tasks of each IP from the timing errors of other IPs is of fundamental importance. Timing isolation is therefore required to provide for additional separation of concerns and protection. Moving from an eventtriggered system scheduled by priority to a time-triggered system in which resources are allocated by time slots (or time windows) requires a much better a-priori understanding of the timing properties (worst-case computation time) of the software and of the communication messages to allocate communication slots and define the scheduling tables. Development processes must be updated to include design-time specification and early verification of timing properties, including determination of the worst case computation time of tasks.

We provided insight on the major challenges in the development of methods and tools for performance and worst case timing analysis. We presented a software technology that allows exploring a number of architectural alternatives in automotive subsystems by virtual prototyping. We also provided an overview of the problem of computing the worst-case computation time of tasks starting from a code implementation. Finally we described the use of timing analysis tools for the verification of end-to-end latencies in complex distributed systems and the evaluation of architecture solutions.

#### 3.1.3 Wireless Sensor Networks and Intelligent Buildings

#### 3D Integration research for wireless (IMEC, Qualcomm)

IMEC has started a new research project on 3D integration in cooperation with Qualcomm. IMEC's 3D integration program explores three dimensional technology and design for application in various domains. The technology research program focuses on 3D wafer-level packaging and 3D stacked-ICs to find innovative solutions for the cost-effective use of 3D interconnects at different levels of the wiring hierarchy. The 3D system-on-chip design research program will also include the development and demonstration of the IP and tools necessary for designing in three dimensions. Three-dimensional design will allow Qualcomm to offer superior features and performance for their wireless products.

#### Future wireless communications (IMEC, Panasonic)

IMEC has started a new research project in cooperation with Panasonic. IMEC will conduct R&D on network technology such as dynamically reconfigurable software-defined radio, ultralow power consumption wireless communication technology for healthcare and lifestyle monitoring and biomedical technology such as next generation biosensors.



# Breath: a Self-Adapting Efficient Protocol for Wireless Sensor Networks for Timely and Reliable Data Transmission (PARADES, KTH, Pirelli-Telecom Berkeley Labs, UC Berkeley)

Energy efficient, reliable and timely data transmission is essential for wireless sensor networks (WSNs) employed in scenarios where source information must be available for real-time actions, as, for instance, in control and actuation applications. The novel cross-layer protocol Breath for WSNs is proposed to ensure a desired end-to-end packet delivery and delay probabilities while minimizing the energy consumption of the network. The system model includes a set of source nodes transmitting packets to a sink via multi-hop routing. The Breath protocol is based on randomized routing, medium access control and duty-cycling jointly optimized for energy efficiency. A constrained optimization problem, for which the objective function is the network energy consumption and the constraints are the packet latency and reliability, is posed, modelled, and solved. The optimal working point of the network is achieved by a simple algorithm, which adapts to traffic variations and channel conditions with negligible overhead. The protocol was completely implemented and experimentally evaluated on a testbed with off-the-shelf wireless sensor nodes. It is compared with a standard IEEE 802.15.4 solution. Experimental and analytical results show that Breath meets the latency and reliability requirements, that it is highly scalable, and that it exhibits a good distribution of the working load, thus ensuring a long lifetime of the network. Therefore, Breath is an ideal candidate for efficient real-time and reliable data gathering.

# Synthesis of Embedded Networks for Building Automation and Control (PARADES, UC Berkeley, UTC)

A building automation system is the interconnection of a large number of sensors, actuators and controllers distributed on thousands of square feet. Communication among these components takes place over a network, whose design is subject to several constraints. The control algorithm for applications such as fire detection systems, temperature control, and distributed control of air flow in buildings imposes end-to-end communication constraints from the sensors to the controllers, and from these to the actuators. The constraints imposed by the application include latency, bandwidth and packet error rate. The building geometry imposes constraints on the possible location of nodes, on the wires' layout and on the wireless communication between nodes. The cost of the communication network constitutes a large portion of the overall cost of a building automation system. Therefore, it is desirable to tailor the network architecture to both the control algorithm and the building geometry, avoiding to waste costly communication resources. A variety of network components is available on the market to achieve this goal. In recent years, many wired and wireless protocol standards for building automation have emerged, as well as a number of companies providing components that are compliant with these protocol specifications. This is an opportunity for engineers to design networks that are application-specific. However, the difficulty resides in the ability to match the application and physical constraints to the performance offered by network components, while minimizing the total network cost. In fact, to avoid long verification cycles, engineers tend to use architectures that have been already tested in previous designs. Moreover, the network is purposely over-designed to make the communication delay negligible compared to the timescale of the control algorithms. The result is a network that is far from being cost-effective. Therefore, an automatic synthesis flow that is able to find an optimal network implementation starting from the constraints and the available communication components would provide invaluable help to build cost-effective and correct-by-construction building automation networks. We propose a methodology and a companion software framework that facilitates the design exploration of control networks. The application is captured by a set of point-to-point communication constraints between nodes that have a fixed position in the building. The implementation space (i.e., the set of possible network implementations) is implicitly captured



by a library of components characterized by cost and performance models. The building geometry is also taken into account by capturing the position of the walls, restrictions on the positions of nodes, and wiring constraints. This methodology has been used in the context of wired networks for building automation systems; we refer the reader to [PCS08] for the details.

In this research, we focused on wireless networks. We formulated an optimization problem to find an optimal wireless network implementation that satisfies all the constraints. The implementation is optimal in the sense that it minimizes a cost function that consists of actual dollar cost for components and installation. We derived an Integer Linear Programming (ILP) formulation of the optimization problem and we solve it using CPLEX, leaving the development of efficient heuristics to minimize computation time and increase the size of the problems that can be tackled by our approach for future work. We applied the methodology to an essential step in any distributed control algorithm: the distributed estimation of physical control variables such as temperature and airflow.

#### 3.1.4 Storage Devices, Health Care and Other Applications

# Combo Drive: Optimizing Cost, Performance, and Power in a Heterogeneous Storage Device (Salzburg, Hitachi Global Storage Technologies)

The goal of this project is to demonstrate how to integrate new non-volatile memory technologies such as Flash memory into the storage hierarchy in cost-effective, performance-improving and power-saving ways. We have proposed a new type of heterogeneous storage device called Combo Drive, which comprises of a smaller-capacity low-latency solid-state disk drive (SSD) concatenated with a larger-capacity high-throughput hard disk drive (HDD). The overall cost of a Combo Drive, similar to a Hybrid Drive, is still dominated by the more capacious HDD.

With Combo Drive, the performance advantages of both the SSD and the HDD are readily utilized by assigning the lower portion of the address space, which is already considered by many file systems as faster than the higher portion, to the SSD. Performance can be optimized further on file system level on the host side. In contrast, existing Hybrid Drives utilize non-volatile memory hierarchically as a cache transparent to the environment requiring complex cache coherence algorithms. We have built a Combo Drive prototype and proposed multiple heuristic optimization algorithms implemented in file-system-level optimizers. Performance measurements on the host side show that the prototype achieves system start up time and application launch time similar to an SSD alone while offering large capacity and low cost of an HDD.

We have not yet obtained experimental results on power consumption but believe that Combo Drive also has potential in that regard since many file systems already utilize host-side memory for caching, which may be exploited to minimize actual HDD accesses and, as a result, to spin down the power-dominating HDD for longer periods of time.

#### **Reference architecture views (ESI)**

With the Darwin project at Philips Healthcare, ESI and its partners have the objective to develop architectures, methods and tools for optimizing system evolvability. i.e. the ability of a system to evolve easily in the face of changing requirements. This will result in a faster time to market for product iterations whilst maximizing technology reuse.





Figure Evolvability challenge in the Darwin project

In the Darwin project a diversity of initial views, ranging from software, hardware to mechanical insights, were defined for the architecture of medical devices. An example of such a view is developed with a dynamic analysis approach. By mapping system execution information (log data and process activities) to tasks that operators will conduct with the system it was possible to understand particular system parts and model the system. Philips architects and developers appreciated this for the provision of what was actually happening in their systems by presenting them previously unknown but already existing system information.

#### Modeling for analysis (ESI)

Modeling complex systems for reasons of e.g., performance analysis is a key issue in ESI's projects. During several projects ESI came up with new concepts and approaches for modelling embedded systems for the purpose of conducting analysis. This was done in a.o. Trader project that is about User Perceived Reliability in TV Software at NXP Semiconductors and the Octopus project about Adaptability in Copier Systems at Océ Technologies. An example is the awareness framework that was developed during the Trader project. It is an approach in which an application and a model of its desired behaviour can be inserted.



Figure Approach for Run Time Awareness



An experiment with awareness concept was done during which a model of System Under Observation (SUO) was compared with the specifications of this system. This was done for an MP3 application in a new TV platform. The analysis showed that Improved user-perceived reliability could be achieved through built-in awareness & correction of errors, masking failures for users. The advantages for requirements engineers that are using simulation are: Early detection of incomplete, ambiguous, and inconsistent requirements as well as a quick feedback on new functionality and feature interaction. The add-on for system test engineers was the opportunity for automatic testing the implementation with a model of user-perceived behavior.

Another approach that was developed in the Trader project is the implementation of stress testing in TV systems. Code for a cycle eater implemented in released version of new TV software. A real-time CPU usage monitor was added. Both approaches provided improved user-perceived reliability of consumer electronics products in the Trader project at NXP Semiconductors.

#### Reduced problem report analysis time (ESI)

In the Trader project a.o. spectrum based fault localization tools were matured to work with NXP Semiconductor's software tools. In this approach system components are ranked according to likelihood of causing the detected errors. A number of tests are conducted and test results are interpreted.



Based on these test results a similarity coefficient is calculated that provide guideline which components might be the faulty candidates.

The tool is tested on various problem report (PR) databases. The tool can be useful for a number of problem reports. It has been shown that a large class problem reports are now pinpointed in 15 to 30 minutes total time, compared to hours or days without the tooling.



#### 3.2 Individual Publications Resulting from these Achievements

#### PARADES

[PCSV08] C. Pinello, Luca P. Carloni and Alberto Sangiovanni-Vincentelli, *Fault-Tolerant Distributed Deployment of Embedded Control Software*, IEEE Transactions on CAD, Vol. 27, N. 5, pp. 906-919, May 2008.

[SV08] A. Sangiovanni-Vincentelli, Is a Unified Methodology for System-Level Design Possible?, *IEEE Design and Test of Computers,* Special Issue on Design in the Late and Post-Silicon Eras, Vol. 25, N. 4, pp. 346-358, July-August 2008.

[GKU+08] Arkadeb Ghosal, Sri Kanajan, Randall Urbance and Alberto Sangiovanni-Vincentelli, A Study on Monetary Cost Evaluation for the Design of Electrical Architectures for Automotive Product Lines, *Society of Automotive Engineers Congress, April, 2008. Also in SAE 2008 Transactions Journal of Passenger Cars: Electronic and Electrical Systems.* 

[BFMSV08] L. Benvenuti, A. Ferrari, E. Mazzi and A. Sangiovanni-Vincentelli, Contract Based Design for Computation and Verification of a Closed-loop Hybrid System, in *Proceedings of Hybrid Systems: Computation and Control (HSCC'08)*, April, 2008.

[BFMSV08] L. Benvenuti, A. Ferrari, E.Mazzi and A. Sangiovanni-Vincentelli, Composing Hybrid Systems, *the 47th IEEE Conference on Decision and Control*, Dec. 2008.

#### TU Braunschweig

[SNN+08] Simon Schliecker and Mircea Negrean and Gabriela Nicolescu and Pierre Paulin and Rolf Ernst. "Reliable Performance Analysis of a Multicore Multithreaded System-On-Chip." In *Proc. 6th International Conference on Hardware Software Codesign and System Synthesis* (CODES-ISSS), Atlanta, GA, October 2008.

#### IMEC

M. Palkovic, H. Corporaal, F. Catthoor: *Dealing with data dependent conditions to enable general source code transformations*, International Journal of Embedded Systems, 2008

P. Kjeldsberg, F. Catthoor, S. Verdoolaege, M. Palkovic, A. Vandecappelle, Q. Hu, E. Aas: *Guidance of loop ordering for reduced memory usage in signal processing Applications*, Journal of VLSI Signal Processing Systems, 2008

Nollet, V.; Avasare, P.; Eeckhaut, H.; Verkest, D. and Corporaal, H., 'Run-time management of a MPSoC containing FPGA tiles', Journal IEEE Trans. Very Large Scale Integration Systems (TVLSI), 2008

Couvreur, C.; Nollet, V.; Catthoor, F. and Corporaal, H., 'Fast multi-dimension multi-choice Knapsack heuristic for MP-SoC run-time manangement', Journal ACM Transactions on Embedded Computing Systems (TECS), 2008

Nollet, V.; Verkest, D. and Corporaal, H., 'A Safari Through the MPSoC Run-Time Management Jungle', Journal of Signal Processing Systems, 2008

F. Balasa, P. Kjeldsberg, A. Vandecappelle, M. Palkovic, Q. Hu, H. Zhu, F. Catthoor: *Storage estimation and design space exploration methodologies for the memory management of signal processing applications*, Journal of VLSI Signal Processing Systems, 2008



I. Issenin, E. Brockmeyer, B. Durinck, N. Dutt: *Data-reuse driven energy-aware cosynthesis of scratch pad memory and hierarchical bus-based communication architecture for multiprocessor streaming applications*, IEEE Trans. Computer-Aided Design of Integrated Circuits and Systems, 2008

R. Baert, E. De Greef, E. Brockmeyer, G. Vanmeerbeeck, P. Avasare, J. Mignolet, M. Cupak: *An automatic scratch pad memory management tool and MPEG-4 encoder case study*, 45th Design Automation Conference (DAC), 2008

#### Salzburg

[PSBK09] H. Payer, M.A.A. Sanvido, Z.Z. Bandic, and C.M. Kirsch. Combo Drive: Optimizing Cost and Performance in a Heterogeneous Storage Device. Submitted to the First Workshop on Integrating Solid-state Memory into the Storage Hierarchy (WISH), 2009.

#### ESI

[BT08] T.J. van Beek, T. Tomiyama, Requirements for Complex Systems Modeling, CIRP Design Conference. 2008

[BB08a] G.M. Bonnema, P.D. Borches, Design with Overview - how to survive in complex organizations, Proceedings of INCOSE. 2008

[BB08b] P.D. Borches, G.M. Bonnema, Living' Architecture Overviews - Supporting the Design of Complex Systems, CIRP Design Conference. 2008

[CAA08] T. B. Callo Arias, P. Avgeriou, P. America, Analyzing the Actual Execution of a Large Software-Intensive System for Determining Dependencies, Working Conference on Reverse Engineering (WCRE). 2008

[Mul08a] G. Muller, How reference architectures support the evolution of Product Families, CSER. 2008

[Mul08b] G. Muller, Right Sizing Reference Architectures; How to provide specific guidance with limited information, INCOSE Proceedings. 2008

[Mul08c] G. Muller, When and What to Standardize; An Architecture Perspective, INCOSE Proceedings. 2008

[Bra08] N.C.W.M. Braspenning, Model-based Integration and Testing of High-tech Multidisciplinary Systems, PhD thesis Eindhoven University of Technology. 2008

[Gul08] G. Gulesir, Evolvable Behavior Specifications Using Context-Sensitive Wildcards, PhD Thesis University of Twente. 2008

[Ham08] R. Hamberg, Tilt-tray Sorters modelled with UPPAAL, ESI Report Nr. 2008–2

[HH08] J. Hooman, T. Hendriks, Model-Based Run-Time Error Detection, LNCS Vol. 5002: 225-236. 2008

[Hen08] T. Hendriks, The Impact of Independent Model Formation on Model-based Service, 7th WSEAS Int. Conf. on ARTIFICIAL INTELLIGENCE, KNOWLEDGE ENGINEERING and DATA BASES (AIKED'08), University of Cambridge, UK, Feb 20-22. 2008

[Jon08] I.S.M. de Jong, Integration and test strategies for complex manufacturing systems, PhD thesis Eindhoven University of Technology. 2008

[MBP08] M. van Amstel, M. van den Brand, Z. Protic, T. Verhoeff, Transforming Process Algebra Models into UML State Machines: Bridging a Semantic Gap? ICMT2008 - International Conference on Model Transformation. 2008



[PVH08] T. Punter, J. Voeten, J. Huang, Quality in Model Driven Engineering, Chapter 2, in: J. Rech, C. Bunse (Eds), Model-Driven Software Development: Integrating Quality Assurance, Information Science Reference, 37-56, August. 2008.

[ST08] H. Sozer, B. Tekinerdogan, Introducing Recovery Style for Modeling and Analyzing System Recovery, 7th Working IEEE/IFIP Conference on Software Architecture (WICSA). 2008

[Tre08] J. Tretmans, Model Based Testing with Labelled Transition Systems, Formal Methods and Testing, volume 4949 of Lecture Notes in Computer Science, Springer-Verlag. pages 1-38. 2008

[AZG08] R. Abreu, P. Zoeteweij, A.J.C. van Gemund, An Observation-based Model for Fault Localization Proceedings of the 6th Workshop on Dynamic Analysis (WODA'08), colocated with the International Symposium on Software Testing and Analysis (ISSTA'08): 64-70. 2008

[AGZ08a] R. Abreu, A. González, P. Zoeteweij, and A.J.C. van Gemund, Automatic Software Fault Localization using Generic Program Invariants, Proceedings of the 23rd Annual ACM Symposium on Applied Computing (SAC'08) - Software Engineering Track, 712--717. 2008

[AGZ08b] R. Abreu, A. González, P. Zoeteweij, and A.J.C. van Gemund, On the Performance of Fault Screeners in Software Development and Deployment, Proceedings of the 3rd International Conference on Evaluation of Novel Approaches to Software Engineering (ENASE'08): 123--130. 2008

[BH08] E. Brinksma and J. Hooman, "Dependability for high-tech systems: an industry-aslaboratory approach", Proceedings Design, Automation & Test in Europe (DATE'08), European Design and Automation Association (EDAA), 1226-1231. 2008

[BM08a] C. Boogerd, L. Moonen, On the Use of Data Flow Analysis in Static Profiling, Proceedings of the 8th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM). 2008

[BM08b] C. Boogerd, L. Moonen, Assessing the Value of Coding Standards: An Empirical Study, Proceedings of the 24th IEEE International Conference on Software Maintenance (ICSM). 2008

[HH08] J. Hooman and T. Hendriks, "Model-Based Run-Time Error Detection", Models in Software Engineering, Workshops and Symposia at MoDELS 2007, Lecture Notes in Computer Science (LNCS), Vol. 5002, pp. 225-236, Springer. 2008

[ZPA08b] P. Zoeteweij, J. Pietersma, R. Abreu, A. Feldman, and A.J.C. van Gemund, Automated Fault Diagnosis in Embedded Systems, Proceedings of the 2nd IEEE International Conference on Secure Systems and Reliability Improvement (SSIRI'08). 2008

#### DTU

[THM08] Anders Tranberg-Hansen, Jan Madsen, A Service Based Component Model for Composing and Exploring MPSoC Platforms, in the proceedings of the 1<sup>st</sup> International Symposium on Applied Science in Biomedical and Communication Technologies, October 2008.

[THMJ08] Anders Tranberg-Hansen, Jan Madsen, Bjørn Sand Jensen, A Service Based Estimation Method for MPSoC Performance Modelling, to appear in the proceedings of the 3<sup>rd</sup> International Symposium on Industrial Embedded Systems, June 2008.



#### TU Dortmund

[LFM08] Paul Lokuciejewski, Heiko Falk, Peter Marwedel: *WCET-driven Cache-based Procedure Positioning Optimizations*, Proceedings of the 20th Euromicro Conference on Real-Time Systems (ECRTS), Prague, Czech Republic, July, 2008.

[LCFM09] Paul Lokuciejewski, Daniel Cordes, Heiko Falk, Peter Marwedel: A Fast and Precise Static Loop Analysis based on Abstract Interpretation, Program Slicing and Polytope Models, International Symposium on Code Generation and Optimization (CGO), 2009.

[PLM09] Sascha Plazar, Paul Lokuciejewski, Peter Marwedel: A Retargetable Framework for *Multi-objective WCET-aware High-level Compiler Optimizations*, IEEE Real-Time Systems Symposium (RTSS/WIP), 2009.

#### 3.3 Joint Publications Resulting from these Achievements

#### PARADES, Scuola Superiore di Sant'Anna

[SVDN07] A. L. Sangiovanni-Vincentelli and M. Di Natale, "Embedded system design for automotive applications (Cover Feature)," *Computer*, vol. 40, no. 10, pp. 42-51, Oct. 2007

#### PARADES, INRIA, VERIMAG, UC Berkeley, Scuola Superiore di Sant'Anna

[TCBSV+08] S. Tripakis, C. Pinello, A. Benveniste, Alberto Sangiovanni-Vincentelli, P. Caspi and M. Di Natale, Implementing Synchronous Models on Loosely Time Triggered Architecture, *IEEE Transactions on COMPUTERS*, Vol. 57, N. 10, pp. 1300-1314, October 2008.

#### PARADES, KTH, UC Berkeley

[PFB+08] P. G. Park, C. Fischione, A. Bonivento, K. H. Johansson, A. Sangiovanni-Vincentelli, Breath: a Self-Adapting Protocol for Wireless Sensor Networks in Control and Automation, *Proc. of Fifth Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON 08),* San Francisco, CA, USA, June 2008.

#### PARADES, UC Berkeley, UTC

[PDF+08] A. Pinto, M. D'Angelo, C. Fischione, E. Scholte, A. Sangiovanni-Vincentelli, Synthesis of Embedded Networks for Building Automation and Control, *Proc. of American Control Conference (ACC 08)*, Seattle, Washington, June 2008.

#### OFFIS, PARADES, Scuola di Sant'Anna, TU Vienna

[DJMNKSV+08] W Damm, B. Josko, A. Metzner, H. Kopetz, A. Sangiovanni-Vincentelli, M. Di Natale, Software Components for Reliable Automotive Systems, in *Proceedings Design, Automation and Test in Europe*, 2008. DATE '08, pages 549 – 554, 2008.

#### PARADES, VaST Systems, Saarland University, TU Braunschweig, Scuola di Sant'Anna

[EFWSD08] R. Ernst, E. Frank, R Wilhelm, A. Sangiovanni-Vincentelli, M. Di Natale, Methods, Tools and Standards for the Analysis, Evaluation and Design of Modern Automotive Architectures, *in Proceedings Design, Automation and Test in Europe,* 2008. DATE '08.

#### PARADES, GM, Pirelli, Scuola di Sant'Anna



[AFFSSD08] G. Audisio, A. Ferrari, T. Forest, M. Sabatini, A. Sangiovanni-Vincentelli, M. Di Natale, Physical Architectures of Automotive Systems, *in Proceedings Design, Automation and Test in Europe*, 2008. DATE '08,

#### ESI

[BRR08] D.A. van Beek, M.A. Reniers, J.E. Rooda, R.R.H. Schiffelers, Concrete syntax and semantics of the compositional interchange format for hybrid systems, International Federation of Automatic Control. 2008

[GWD08] B. Graaf, S. Weber and A. van Deursen, Model-Driven Migration of Supervisory Machine Control Architectures Journal of Systems and Software 81(4):517-535. 2008

[HKO08] J. Hooman, H. Kugler, I. Ober, A. Votintseva, Y. Yushtein, Supporting UML-based Development of Embedded Systems by Formal Techniques, Software and Systems Modeling, Vol. 7, Nr. 2, pp. 131-155, 2008

[IKY08] G. Igna, V. Kannan, Y. Yang, T. Basten, M. Geilen, F. Vaandrager, M. Voorhoeve, S. de Smet, and L. Somers, Formal Modeling and Scheduling of Data Paths of Digital Document Printers, FORMATS. 2008

[BBL] P. Bouyer, E. Brinksma, K.G. Larsen, Optimal infinite scheduling for multi-priced timed automata. Formal Methods in System Design 32(1), 3-23. 2008

[HKO08] J. Hooman, H. Kugler, I. Ober, A. Votintseva, and Y.Yushtein "Supporting UML-based Development of Embedded Systems by Formal Techniques", Software and Systems Modeling, 7(2): 131-155. 2008

[ZPA08a] P. Zoeteweij, J. Pietersma, R. Abreu, A. Feldman, and A.J.C. van Gemund, Automated Fault Diagnosis in Embedded Systems, Proceedings of the 2nd IEEE International Conference on Secure Systems and Reliability Improvement (SSIRI'08). 2008

#### IMEC vzw., TU/e

[GPH+09] S.V. Gheorghita, M. Palkovic, J. Hamers, A. Vandecappelle, S. Mamagkakis, T. Basten, L. Eeckhout, H. Corporaal, F. Catthoor, F. Vandeputte, K. De Bosschere: *A System Scenario based Approach to Dynamic Embedded Systems*, ACM Transactions on Design Automation of Electronic Systems, ToDAES. To appear in 2009.

#### IMEC vzw., TU/e, DUTH, TU Dortmund (at ICD)

[MLS+08] S. Mamagkakis, P. Lemmens, D. Soudris, T. Basten, P. Marwedel, D. Kritharidis, G. Guilmin: *MNEMEE: Memory management technology for adaptive and efficient design of embedded systems*, 16th IFIP/IEEE International Conference on Very Large Scale Integration - VLSI-SOC, 2008.

#### IMEC vzw., KTH, DUTH

[CJA+08] B. Candaele, A. Jantsch, T. Ashby, K. Tiensyrjä, F. Ieromnimon, B. Vanthournout, P. Di Crescenzo, D. Soudris: *MOSART: Mapping Optimisation for Scalable multi-core ARchiTecture*, 16th IFIP/IEEE International Conference on Very Large Scale Integration - VLSI-SOC, 2008.



#### 3.4 Keynotes, Workshops, Tutorials

# Workshop: Innovative Centre for Embedded Systems, ICES Kick-off, Stockholm, Sweden - Sept. 03, 2008

This workshop marked the start of KTH's new centre for Embedded Systems. At the workshop, the focus areas and activities of ICES were described, together with short descriptions of KTH research in the area. The workshop featured about 90 participants, about half of which came from industry.

A keynote was provided by Ed Brinksma, ESI (director, and ArtistDesign partner). Invited talks from industry focused on industrial challenges including presentations by Bazmi Husain, Research director, ABB, Jan Danielsson from Scania, and Kjell Gustafsson from Ericsson Mobile Platforms. A further goal of the workshop was to discuss ideas and forms for collaboration between industry and academia. Ed Brinskma/ESI conveyed experiences using the concept of "Industry as lab". At the discussion, KTH described a similar concept termed "Industry as integrator", where industrial applications/demonstrators can be used to create a focal point for integrating disparate academic disciplines, and also for aiding transfer of theory to industrial practice.

http://www.kth.se/itm/centra/ices?I=en\_UK

### Workshop: ICES Seminar, Model Based Development of Embedded Systems - Stockholm, Sweden - Sept. 29th, 2008

The topic of this ICES seminar was model-based development (MBD), with the goals to provide snapshots from the following viewpoints of model-based development: Structured information and requirements management, Architectural design, Function/behavior design and code generation, and Model exchange and UML-related standards. Speakers from Saab aerospace, ABB, Syntell and Abo Akademi (Johan Lillius, affiliated partner with ArtistDesign) contributed and the seminar was concluded with a panel debate. The seminar featured about 40 participants (approx. 20 from industry and 20 from academia with participation also from MDH - another ArtistDesign partner). It was concluded that model based embedded systems engineering still has a long way to go in order to provide standardized design flows encompassing integration of models and tools, and management facilities. Currently, "behavior" leads over "structure" in the sense that ADL approaches are still not yet widely adopted. Given the increasing complexity and current standardization efforts, this picture will change.

http://www.kth.se/itm/centra/ices?I=en\_UK

### Workshop: ICES/INCOSE seminar on SysML – Model based systems engineering: Where are we heading? Stockholm, Sweden - Nov. 11, 2008

This seminar was arranged in cooperation by INCOSE Sweden (Int. council for systems engineering) and KTH/ICES. About 50 persons, mainly from military, avionics, automotive and consultancy industry attended. The purpose was to highlight opportunities and challenges with model based systems engineering, and in particular with respect to the rather new Systems Modeling Language Language (SysML). For that purpose, two keynotes where invited to provide more insight into SysML development and experiences. The keynotes were:

• SysML – Current Challenges and Future Needs, Sanford Friedenthal, Lockheed Martin



• Simulation and Analysis using SysML Parametrics, Russell Peak, Georgia Tech

Additional invited talks were given from Saab Combitech, Syntell and KTH (Prof. Martin Törngren). In conclusion, the seminar was highly successful and provided useful insight into SysML experiences and developments.

# Workshop: Industrial Integration: Industrial Challenges and Design Drivers Selection, PARADES, Rome, November 12 and 13, 2008

The meeting was organized by Alberto Sangiovanni-Vincentelli, PARADES, with substantial contribution by Ed Brinksma, ESI. The objectives of the meeting were:

- To review with industrial partners and affiliates the challenges to be faced in embedded system design in several vertical industrial segments;
- Based on these inputs, to select the design drivers for the integration activity;
- To plan for next year activities choosing the leaders for each vertical industrial segment.

The agenda was based on a two day event where ample time for discussions was allowed.

There were 33 participants of which 27 were representing Artist Design partners (PARADES, OFFIS, ESI, University of Trento, University of Bologna, TU Braunschweig, TU Dortmund, Universidad de Cantabria, TU Wien, IMEC, Uppsala University, TU Denmark). Others were industrial participants working in international corporations (UTC) or in Artist Design affiliated companies (Danfoss, Phillips, Thales, Carmeq, Real-Time-at-Work and IAI). The participants, the presentations and the minutes of the meeting are available on the Artist Design Web site.

After the two-day presentation, the following areas were selected as design drivers for the activity of the industrial integration transversal activity:

- 1. Transportation with emphasis on automotive and avionic. These two areas were combined since from a design flow point of view they shared enough common features to warrant a unified approach. The link to CESAR was emphasized as the Artemis project had exactly the same characteristics.OFFIS will drive and coordinate the activities in this area.
- 2. Health care with emphasis on equipments. Health care is one of the core research areas of the EU for the foreseeable future. Since we are using the applications as drivers, we decided to focus on well-developed products to demonstrate the use of Artist Design technology. ESI will drive and coordinate this activity.
- 3. Zero-energy buildings. This area is a growth domain for traditional industry such as construction, HVAC, monitoring and energy optimization. There is a strong push from the EU and the technical problems are challenging. The level of understanding of the academic partners in this domain is limited as it is a new area to most of them. PARADES will lead this effort.

We recommended having one-two yearly meetings per area at topical conferences and onetwo plenary meetings at the annual Artist Design meeting and at one of the topical conferences such as Formal Methods where it is likely that most of the partners and a substantial contingent from industry will be present.



www.artist-embedded.org/

#### 1<sup>st</sup> Workshop on Mapping Applications to MPSoCs, 2008

St. Goar, Germany – June 16-17, 2008

The goal of the ArtistDesign workshop was to identify requirements and partial solutions for the problem of mapping applications to MPSoCs. Industrial speakers presented their view on future technologies and problems. It was considered to be the starting point for more intensive cooperations in the ArtistDesign framework. Organizer: Peter Marwedel (TU Dortmund). Conclusions: The topic was partitioned into two related areas: mapping and code generation. Working groups were formed and it was agreed to have joint follow-up workshops.

http://www.artist-embedded.org/artist/Mapping-of-Applications-to-MPSoCs.html

#### Keynote: Enriching the AUTOSAR Component Model MathWorks Annual Automotive Conference 2008 (W. Damm)

Stuttgart, Germany – June 3-4, 2008

Starting from the key benefits and major challenges the AUTOSAR Design Methodology offers Prof. Damm discussed building blocks of a design methodology for distributed real-time automotive applications striving to reconcile the advantage of early system-level analysis with the overall AUTOSAR objective of decoupling function design from its implementation.

He presented an approach to conservatively extend the AUTOSAR component model towards rich component interface specification, where "richness" refers to three dimensions namely the capability to express the multitude of non-functional constraints, sufficient expressive of interface specification language, and contract-based interface specifications, allowing in particular using so-called vertical assumptions for capturing resource requirements at system-level

### Keynote: Embedded Software Design: Art or Science? (Alberto Sangiovanni-Vincentelli, PARADES)

The 13th International Conference on Reliable Software Technologies

Centro Culturale Don Orione, Venice, Italy, June 16-20, 2008-12-08

In the present technology environment and industrial structure, embedded system design has to address concerns of individual players in the industrial domain that are facing serious problems in bringing their products to market in time and with the required functionality. It also needs to be concerned about the entire industrial supply chain that span from customer-facing companies to subsystem and component suppliers, since the health of an industrial sector depends on the smooth interaction among the players of the chain as if they were part of the same company.

The ability of integrating an exponentially raising number of transistors within a chip, the everexpanding use of electronic embedded systems to control increasingly many aspects of the "real world", and the trend to interconnect more and more such systems (often from different manufacturers) into a global network, are creating a challenging scenario for embedded system designers. Complexity and scope are exploding into the inter-related but independently growing directions, while teams are even shrinking in size to further reduce costs. Given the cost and risks associated to developing hardware solutions, an increasing number of companies is selecting hardware platforms that can be customized by reconfiguration and/or by software programmability. In particular, software is taking the lion's share of the implementation budgets and cost. In cell phones, more than 1 million lines of code is standard



today, while in automobiles the estimated number of lines by 2010 is in the order of hundreds of millions. The number of lines of source code of embedded software required for avionics systems is also growing exponentially. However, as this happens, the complexity explosion of the software component causes serious concerns for the final quality of the products and the productivity of the engineering teams. In transportation, the productivity of embedded software writers using the traditional methods of software development ranges in the few tens of lines per day. The reasons for such a low productivity are in the time needed for verification of the system and long redesign cycles that come from the need of developing full system prototypes for the lack of appropriate virtual engineering methods and tools for embedded software. Embedded software is substantially different from traditional software for commercial and corporate applications: by virtue of being embedded in a surrounding system, the software must be able to continuously react to stimuli in the desired way, i.e., within bounds on timing, power consumed and cost. Verifying the correctness of the system requires that the model of the software be transformed to include information that involves physical quantities to retain only what is relevant to the task at hand. In traditional software systems, the abstraction process leaves out all the physical aspects of the systems as only the functional aspects of the code matter.

The lack of an overall understanding of the interplay of the sub-systems and of the difficulties encountered in integrating very complex parts causes system integration to become a nightmare in the system industry. For example, Jurgen Hubbert, then in charge of the Mercedes-Benz passenger car division, publicly stated: "The industry is fighting to solve problems that are coming from electronics. Companies that introduce new technologies face additional risks. We have experienced blackouts on our cockpit management and navigation command system and there have been problems with telephone connections and seat heating."

In today's environment this state is the rule rather than the exception for the leading system Original Equipment Manufacturers (OEMs) in all industrial sectors. The source of these problems is clearly the increased complexity but also the difficulty of the OEMs in managing the integration and maintenance process with subsystems that come from different suppliers who use different design methods, different software architecture, different hardware platforms, different (and often proprietary) Real-Time Operating Systems. Therefore, there is a need for standards in the software and hardware domains that will allow plug-and-play of sub-systems and their implementation. The ability to integrate subsystems will then become a commodity item, available to all OEMs. The competitive advantage of an OEM will increasingly reside on novel and compelling functionalities.

We stressed in this talk that to deal with system-level problems, the issue to address is not developing new tools, albeit they are essential to advance the state of the art in design, rather it is the understanding of the principles of system design, the necessary change to design methodologies and the dynamics of the supply chain.

Major productivity gains are needed and better verification and validation is a necessity as the safety and reliability requirements of embedded systems become more stringent and the complexity of chips is hitting an all-time high. Several approaches have emerged in the design community to improve the situation but a broad industry support for these approaches is still missing.

We argued in this talk that a new design science must be developed to address the challenges listed above where the physical is married to the abstract, where the world of analog signals is coupled with the one of digital processors, where ubiquitous sensing and actuation make our entire environment safer and more responsive to our needs.



#### http://www.ada-europe.org/conference2008.html

# *Luncheon Keynote: The I*ntelligent Car: How Embedded Electronics Is Changing the Automobile Business (Alberto Sangiovanni Vincentelli, PARADES) Custom Integrated Circuit Conference

San Jose, USA – September 22-24, 2008

The automotive electronics market has increased steadily over the past several years even at times when the automobile market per se is not growing substantially. The reason for this situation is that the per car electronics content is increasing at a fast pace. In this presentation, I argue that this may be just the tip of the iceberg as we are entering the age of the "zero-accident car" with autonomous driving based on wireless and wired networks of powerful sensors (potentially including intelligent tires) and complex control algorithms implemented on a distributed computing platform. The information system of the zero-accident car will include vehicle-to-vehicle (V2V) short range communication for real-time feedback on traffic and road conditions ahead. Albeit significant steps have been made in the technology base that sustains this concept, massive integration problems loom here. Challenges related to the design of the new generation automotive systems such as reliability, control algorithms and data coordination were presented.

http://www.ieee-cicc.org/Conference%20Events/luncheon.html

# Distinguished Lecture: Quo Vadis System Design?, Alberto Sangiovanni Vincentelli, PARADES, Columbia University,

New York, NY, November 20<sup>th</sup>, 2008

The electronics industry ecosystem is undergoing a radical change driven by an emerging three-layered architecture characterized by:

- Computing and communication infrastructure that will offer increasingly faster data transfer and manipulation via powerful data centers, compute farms and wired interconnection;
- Access devices such as PDAs, cell phones, and laptops, which allow leveraging the immense capabilities of the infrastructure to users that can be humans, or any of the intelligent physical systems below.
- A swarm of sensors, actuators and local computing capabilities "immersed in all kinds of physical systems that offer a wide variety of personal or broad-use services, e.g., a mechanical system such as an automobile, a train, a plane, an electrical system such as an electrical motor or generator, a chemical system such as a distillation plant, health-care equipment such as a pacemaker, a distributed environment monitoring and control system, or a security system for access control to protected areas".

Most refer to these swarms as *embedded systems*. Recently there has been a growing interest in *Cyber Physical Systems (CPS)* where the interaction between the computing and electronic elements with the physical systems they are immersed into is emphasized. CPS will allow developing a wide span of applications because of the availability of a new generation of sensors, actuators, and local computing that leverage novel interconnect capabilities and centralized computation.

Because of the incredible number of devices that will be available (a recent forecast by the Wireless World Research Forum talks about 7 Trillion devices serving 7 Billion people in 2017, i.e., a thousand devices per person!), novel applications will emerge to leverage the massive amount of sensing, computational, communication and actuation power. A few examples in the transportation and health sectors have been already proposed and intensively studied. A key technical challenge in this domain is to design components and communication infrastructure



so as to have 100% connectivity and working services for 100% of the time in a safe, efficient, reliable and trustworthy way.

Dealing with system-level problems requires more than simply developing new tools, although of course they are essential to advancing the state of the art in design. Rather, the focus must be on understanding the principles of system design, the necessary changes to design methodologies, and the dynamics of the supply chain. Developing this understanding is necessary to define a sound approach that meets the needs of the system and component industries as they try to serve their customers better and develop their products more quickly and with higher quality.

I presented directions, challenges, and potential solutions to the design of future systems, for which heterogeneous subsystems such as mechanical and electrical components must be designed concurrently. The possible scenarios pose fundamental questions to the engineering and scientific worlds regarding how to deal with the design and management of global systems with such huge complexity. A unified design methodology that can extend from cyber physical systems (CPS) all the way down to chips, boards, and mechanical components with general environments capable of hosting specific flows for the industry segments is the ultimate enabling technology. I presented a potential approach to such a unified design methodology, called platform-based design (PBD) methodology, and I presented some examples of its use. Finally the advent of the new generation of systems requires a fresh look towards engineering education. I presented some consideration and outline the directions that UC Berkeley and the Artist Community are taking.

#### Conference: Industrial Embedded Systems 3<sup>rd</sup> International Symposium on Industrial Embedded Systems (SIES)

Montpellier, France – 11-13 June, 2008

Anders Tranberg-Hansen from DTU gave a talk on "A Service Based Estimation Method for MPSoC Performance Modelling". The talk presented an abstract service based estimation method for MPSoC performance modeling, which allows fast, cycle accurate design space exploration of complex architectures including multi processor configurations at a very early stage in the design phase. To illustrate the method, a small MPSoC system, developed at Bang & Olufsen ICEpower was modelled and performance estimates were produced for various configurations of the systemimplementation.

#### Invited talk: Industrial Embbeded Systems 1st International Symposium on Applied Science in Biomedical and Communication Technologies (ISABEL)

Aalborg, Denmark – 25-28 October, 2008

Anders Tranberg-Hansen from DTU gave an invited talk on "A Service Based Component Model for Composing and Exploring MPSoC Platforms", in the proceedings of the 1<sup>st</sup> International Symposium on Applied Science in Biomedical and Communication Technologies,

http://isabel2008.es.aau.dk/

#### Artist Summer School in China, Shanghai, China - July, 14th, 2008.

E. Brinksma, Model-based Testing for Embedded Systems (invited lecture),

#### Artist Summer School in Europe, Autrans, France, September 8<sup>th</sup>, 2008.

E. Brinksma, Quantitative Testing Theory (invited lecture), Darwin Demo Day, presentation of results on reference architecture research to Philips Healthcare, Best, Netherlands, June, 10<sup>th</sup>, 2008.



#### Holland Innovative BV Eindhoven, Netherlands, March, 20<sup>th</sup>, 2008.

J. Hooman, Reliability of High-Volume Products, Invited talk at Software Reliability Seminar,

### IPA Spring Days on Integrating Formal Methods, Rhenen, The Netherlands, May, 8<sup>th</sup>, 2008

J. Hooman, Towards Checking Stateflow Models with mCRL2,.

#### 2<sup>nd</sup> International Joint Workshop on Embedded S/W and System Engineering Design Challenges, Center for Embedded Software Technology (CEST), Daegu, South Korea, 21 May 2008

J. Hooman, User-Perceived Reliability of High-Volume Products

### Summerschool EJCP/IRISA (Ecole Jeunes Chercheurs en Programmation), Rennes, France, 29 May - 6 June, 2008.

J. Tretmans, Software Testing (invited lecture)

### Tutorial : Formal methods in system and MpSoC performance analysis and optimization (R. Ernst, S. Charkaborty, Hans Sarnowsky, Marco Bekooj, M Jersak)

#### **DATE 2008**

Munich, Germany – March 10, 2008

The tutorial provided an introduction to formal platform performance analysis covering the main communication and resource modelling techniques and their application to embedded systems and MpSoC. It included industrial applications and experiences, use cases from automotive design which demonstrated how to acquire the necessary model data, an overview on predictable MpSoC platform sharing using service shaping concepts, as well as an introduction on how to combine state-based and functional models for MpSoC in a single analysis to improve modelling precision.

#### Mini-Keynote : Load level modelling (R. Ernst) MpSoC Conference

#### St. Gerlach, The Netherlands, June 23-27, 2008.

Current ESL methods and tools for verification focus on run-time efficient simulation. Simulation requires executable code and is, therefore, not applicable to early design phases where the software code is not yet available or is still subject to changes. In such cases, load models that are known from schedulability and network analysis can be used. Load models are compatible to the activation rules of application models, such as event driven data flow graphs or time driven Simulink models. The main limitation of classical schedulability analysis is its focus on worst case design. The presentation will outline an extension to the classical load model that captures task execution time and communication variations. That model can raise platform design to a next level of abstraction, thereby supporting a design process where application development is separated from software implementation. Using this model, analysis can also highlight sensitivity to software and application modifications.



#### Tutorial: Embedded Systems with Emphasis on the Exploitation of the Memory Hierarchy (Peter Marwedel, Heiko Falk) Advanced Institute of Information Technology

Seoul, Korea – August 11-15, 2008

The goal of this course was to provide an overview over key areas in embedded system design which should be part of the curriculum. After attending the course, the attendees were expected being able to compare different approaches to embedded system design education and their advantages and limitations. The attendees should also have become familiar with the contents of a course on embedded system design which aims targets second or third year students. The course should enable attendees to design the structure of embedded system education at their universities. In the last third of the course, attendees were introduced to research topics regarding embedded system optimization. In particular, this last third was addressing the so-called memory wall problem (the problem resulting from the small performance improvements of memories). This problem is frequently seen as the key problem for further performance enhancements of future systems. This material would be appropriate for an advanced course in embedded system design. Such courses are considered essential for a competitive education.

Peter Marwedel and Heiko Falk from TU Dortmund lectured this one-week course funded by the Korean ministry of information technology.

http://ttt.aiit.or.kr

### In-Depth Presentation: Will 3D Stacking of ICs Enable to Continue Moore's Momentum in the 21st Century? (R. Lauwereins) MpSoC Conference

#### St. Gerlach, The Netherlands, June 23-27, 2008.

*3D Technology provides numerous opportunities to build better systems*, improving the systems' power/cost/performance/content. The number of functions per chip can be extended well beyond the near-term capabilities of traditional 2D scaling. 3D resolves the interconnect performance limitation. A Through Silicon Via (TSV) can replace lateral wires of tens and perhaps hundreds of microns, thereby significantly reducing the interconnect RC and related wire buffering cost. It supports the heterogeneous integration of memories, RF components, etc. By using dedicated technologies rather than a single universal technology, performance/power/cost can be significantly boosted. Besides, 3D integration of novel components such as energy scavengers, sensors and actuators increases systems' functionality. By improving the form factor 3D also paves the way for ultra-tiny and distributed devices.

http://www.mpsoc-forum.org/

# Keynote : Platform trends for software defined radio: Heterogeneity at its best FETCH 2008

#### Montobello, Canada – January 7, 2008

Software defined radios rely on intensive use of heterogeneity at various levels. The baseband section is built-up of multiple heterogeneous cores and hardware accelerators; the required low power consumption demands a precious equilibrium between hardware and software implementation of the inner and outer modem algorithms and a stringent trade-off analysis at all levels of implementation abstraction.

http://fetch2007.googlepages.com/programme



### 4. Overall Assessment and Vision

#### 4.1 Assessment for Year 1

The level of energy at the DATE, CPS and Rome meeting was excellent. In particular, a clear direction has been taken at the end of the Rome meeting to focus the activities in three main areas. With respect to what we proposed there has been a change from Nomadic to Energy Efficient Building as this theme seems to be of increased interest to the European community in response to energy conservation concerns. In this respect, a detailed plan was drafted for meetings to be held in 2009 and a modus operandi that included international interaction. The meetings were very well attended and strong positive feedback was received also from some of the companies involves. On the not so positive side, the organization of the planning meeting was not easy as agenda and travel restriction issues plaid a big role. For this reason, the actual integration activity to drive the other groups of the NoE has been delayed also because this activity depends on inputs from the clusters that are at the beginning of the activity. In addition, the funding model of a NoE does not allow substantial research work to be carried out under ArtistDesign umbrella. Most of the actual research is sponsored by other means. The meeting organization and support is indeed the only leverage we can utilize to direct researchers towards a common goal.

#### 4.2 Overall Assesment since the start of the ArtistDesign NoE

The overall assessment cannot be but a minor modification of the previous section as the NoE is indeed in its first year of operation. If we project in the future, we believe that the transversal activities can indeed play a fundamental role in ArtistDesign overall goals and as such, they should be strengthened.

#### 4.3 Indicators for Integration

The indicators of integration are related to partners meetings with industry as well as joint papers with industrial participants. In the description of work we indicated meeting and workshops within the automotive, avionics, health-care and nomadic domains and in special sessions in conferences. Both have been achieved: In chronological order

- 1. The Special Automotive Day at DATE 08 offered an occasion to get ArtistDesing Partners together with the entire chain of the automotive industrial community. The overall idea of the special day was indeed to demonstrate that an integration play in the design flow was necessary and that several innovations were available to push forward the research plan.
- 2. The CyberPhysicalSystem meeting in Saint Louis was attended by ArtistDesign Partners who also presented and participated to the final panel discussion. Among the presenters we had several industrial people most notably GM and UTC who are the international collaborators we enrolled in the program. The presence of an NSF representative and an EU one was instrumental in aligning the research priorities across the Ocean, an important goal of the Artist Design community at large.
- 3. The Rome meeting put together the representatives of the automotive, avionics, health care, printing and energy efficient building industry with the Artist Design partners. In that meeting, the desire by industry to be involved was clearly articulated thus demonstrating the need to have a strong industrial program in Artist Design. This



meeting is the first of a series of operational meetings intended to foster ideas in integration of design flows.

In addition, there have been quite a large number of joint papers with industrial partners addressing design flow issues. In particular, automotive design flows were examined by a number of different teams and compared at the DATE08 Conference.

## 4.4 Long-Term Vision

The industry-motivated transversal activity necessitates additional care as on one hand, we need to understand the concerns of companies that have been investing substantially in embedded system design such as the ones in automotive and aerospace domains; on the other hand, we need to understand the characteristics of emerging domains such as independent living and health, energy efficient buildings and nomadic. In the emerging sectors, the links among the different players are not clear as yet when we look at the promises of these markets. We believe that the activity in the more traditional segments will continue along a journey that has begun several years ago and we do not expect major surprises in corralling the industrial participants as well as the ArtistDesign partners. The emerging sectors represent significant new opportunities to impact the formation of new business models and approaches. We expect that the ArtistDesign community will have to dig deep into its accumulated expertise and into its research network to help industry find its path to profitable products and services.



## 5. Transversal Activity Participants

## 5.1 Core Partners

| Transversal Activity Leader<br>Activity Leader for "Industrial Integration" |                                                                                                                                                                                                                                                                                                                     |
|-----------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| COMUNICARE<br>IL TERRITORIO                                                 | Alberto Sangiovanni Vincentelli (PARADES)<br>http://www.parades.rm.cnr.it;<br>www.eecs.berkeley.edu/~alberto/;                                                                                                                                                                                                      |
| Technical role(s) within<br>ArtistDesign                                    | Bring in Expertise in embedded system modelling, validation, tools and methodologies and IC design.                                                                                                                                                                                                                 |
|                                                                             | Deep involvement in cooperation with the industry: tools<br>(co-founder Cadence and Synopsys), telecommunications<br>(Telecom Italia), automotive (member of the GM STAB),<br>avionics and energy efficient buildings (UTC)                                                                                         |
| Research interests                                                          | Embedded system design methodologies and tools including modelling, validation, synthesis and formal verification, semantic foundations.                                                                                                                                                                            |
| Role in leading conferences/journals/etc in the                             | Program Committee Member CODES and EMSOFT.<br>Organizer of DATE 08 Special Automotive Day                                                                                                                                                                                                                           |
| area                                                                        | Member of the ARTEMIS High-level Group, Governin<br>Board and Steering Committee                                                                                                                                                                                                                                    |
| Notable projects                                                            | SPEEDS - Speculative and Exploratory Design in Systems<br>Engineering<br>Provide a semantics based modelling methods with<br>analysing techniques to support the construction of<br>complex embedded systems by composing<br>heterogeneous subsystems together with a<br>speculative tool-supported design process. |
|                                                                             | HYCON NoE: Taming Hybrid Systems                                                                                                                                                                                                                                                                                    |
|                                                                             | Center for Hybrid and Embedded Software Systems<br>(CHESS) co-director                                                                                                                                                                                                                                              |
|                                                                             | Gigascale System Research Center, Core theme leader                                                                                                                                                                                                                                                                 |
|                                                                             | RIMACS: Industrial Automation                                                                                                                                                                                                                                                                                       |
|                                                                             | COMBEST                                                                                                                                                                                                                                                                                                             |



| IEEE Fellow, Member National Academy of Engineering,<br>Kaufmann Award for pioneering contributions to<br>EDA, IEEE Graduate Teaching Award, Gulliemin-<br>Cauer Award, Darlington Award, Aristotle Award,<br>University of California Distinguished Teaching<br>Award, IEEE/RSE Wolfson James Clerk Maxwell<br>Medal for for groundbreaking contributions that have<br>had an exceptional impact on the development of<br>electronics and electrical engineering or related<br>fields                                                               |
|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Cluster Leader<br>Activity Leader & Team Leader                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
| Ed Brinksma (Embedded Systems Institute (ESI))<br>www.esi.nl<br>http://wwwhome.cs.utwente.nl/~brinksma/                                                                                                                                                                                                                                                                                                                                                                                                                                              |
| Model-based methods for embedded system engineering; collaborative research with industry                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
| Embedded system design methodologies, formal verification, and testing.                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |
| PC member of RTSS, DATE, TACAS, FORMATS, Emsoft, FME,<br>etc.<br>Steering Committee member TACAS,<br>Editor EURASIP Journal on Embedded Systems<br>Editor Springer International Journal on Software Tools for<br>Technology Transfer                                                                                                                                                                                                                                                                                                                |
| <ul> <li>ESPRIT SEDOS, LOTOSPHERE</li> <li>FP6 AMETIST</li> <li>FP7 Quasimodo, Genesys, MULTIFORM</li> <li>BSIK Embedded Systems Project, Dutch National Programme on<br/>Embedded Systems (50 M€,), including subprogrammes as (see<br/>www.esi.nl)</li> <li>Darwin project - Evolvability in architecture at Philips<br/>Healthcare</li> <li>Trader project - User Perceived Reliability at NXP<br/>Semiconductors</li> <li>Octopus - Adaptability at Océ Technologies</li> <li>Member Royal Holland Society of Sciences and Humanities</li> </ul> |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |



|                                                            | Team Leader                                                                                                                                                                                                                                                                                                         |
|------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|                                                            | Alberto Ferrari (PARADES)<br>http://www.parades.rm.cnr.it;                                                                                                                                                                                                                                                          |
| Technical role(s) within Artist<br>Design                  | Bring in Expertise in embedded system modelling, validation, tools and methodologies and IC design.<br>Involvement in cooperation with the industry: architectures and tools                                                                                                                                        |
| Research interests                                         | Embedded system design methodologies and tools including modelling, validation, synthesis and formal verification, semantic foundations.                                                                                                                                                                            |
| Role in leading<br>conferences/journals/etc in the<br>area | PC member in DAC07, DATE07, DATE08                                                                                                                                                                                                                                                                                  |
| Notable projects                                           | SPEEDS - Speculative and Exploratory Design in Systems<br>Engineering<br>Provide a semantics based modelling methods with<br>analysing techniques to support the construction of<br>complex embedded systems by composing<br>heterogeneous subsystems together with a<br>speculative tool-supported design process. |
|                                                            | HYCON NoE: Taming Hybrid Systems                                                                                                                                                                                                                                                                                    |
|                                                            | COMBEST                                                                                                                                                                                                                                                                                                             |
|                                                            |                                                                                                                                                                                                                                                                                                                     |



| Team Leader                              |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
|------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|                                          | Prof. Dr. Werner Damm (OFFIS)<br>http://www.offis.de/                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
| Technical role(s) within<br>ArtistDesign | Bring in Expertise in embedded system modelling and validation.<br>Deep involvement in cooperation with the automotive and avionics<br>industry.                                                                                                                                                                                                                                                                                                                                                                                                                                 |
| Research interests                       | His recent research covers foundational research on mathematical models of embedded systems, specification languages, hybrid systems, formal verification methods, and real-time and safety analysis. This is complemented by applied research with industrial partners in avionics, automotive, and train system application. The focus of this research is on enhancing model-based development processes with formal method-based approaches to verification, testing, and safety and real-time analysis, as well as on enabling component-based design for embedded systems. |
| Role in leading                          | Program Committee Member CAV2008                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
| conferences/journals/etc in the area     | Member of the Editorial Board "Formal Methods in System Design"                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
|                                          | Chairman of the competence cluster SafeTRANS                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
|                                          | Chairman of the ARTEMIS Innovation Cluster on Transportation                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
| Notable projects                         | OMEGA - Correct Development of Real-time Embedded Systems                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
|                                          | Formal verification of embedded systems based on UML                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
|                                          | http://www-omega.imag.fr/                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
|                                          | AVACS - Automatic Verification and Analysis of Complex Systems                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
|                                          | This project addresses the rigorous mathematical analysis of models of complex safety critical computerized systems.                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
|                                          | http://www.avacs.org/                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
|                                          | SPEEDS - Speculative and Exploratory Design in Systems<br>Engineering                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
|                                          | Provide a semantics based modelling method with analysing techniques to support the construction of complex embedded systems by composing heterogeneous subsystems together with a speculative tool-supported design process.                                                                                                                                                                                                                                                                                                                                                    |
|                                          | http://www.speeds.eu.com/                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
|                                          | COMBEST – Component-Based Embedded Systems design<br>Techniques                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |



| COMBEST will provide a formal framework for component<br>based design of complex embedded systems: 1) formal<br>integration of heterogeneous components; 2) encapsulation of<br>components; 3) prediction of emergent key system<br>characteristics; 4) corresponding certificates. |
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| http://www.combest.eu/                                                                                                                                                                                                                                                              |

Year 1 D16-(7.3)-Y1



|                                     | Prof. Dr. Bernhard Josko (OFFIS)<br>http://www.offis.de/                                                                                                                                                                                                                                                         |
|-------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Technical role(s) within<br>ARTIST2 | Participating in several activities bringing in the expertise on real-<br>time UML verification                                                                                                                                                                                                                  |
| Research interests                  | Modelling and analysis of embedded systems, formal verification, real-time UML, SysML                                                                                                                                                                                                                            |
| Notable projects                    | OMEGA - Correct Development of Real-time Embedded Systems<br>Formal verification of embedded systems based on UML<br>http://www-omega.imag.fr/                                                                                                                                                                   |
|                                     | EASIS – Electronic Architecture and System Engineering for<br>Integrated Safety Systems<br>Within WP System Dependability provide formal verification<br>guidelines<br><u>http://www.easis.org</u>                                                                                                               |
|                                     | SPEEDS - Speculative and Exploratory Design in Systems<br>Engineering<br>Provide a semantics based modelling methods with analysing<br>techniques to support the construction of complex embedded<br>systems by composing heterogeneous subsystems together<br>with a speculative tool-supported design process. |



| Core Teamleader                                            |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
|------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|                                                            | Prof. DrIng. Rolf Ernst (TU Braunschweig) <a href="http://www.ida.ing.tu-bs.de/en/home/faculty_and_staff/ernst/">http://www.ida.ing.tu-bs.de/en/home/faculty_and_staff/ernst/</a>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
|                                                            |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
| Technical role(s) within<br>ArtistDesign                   | Core Teamleader in Platform and MpSoC Design, Platform and MpSoC Analysis, Design for Adaptivity, Integration Driven by Industrial Applications.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
|                                                            | Affiliated Teamleader in Design for Predictability and Performance                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
| Research interests                                         | Research interests include embedded architectures, hardware-<br>/software co-design, design automation, real-time systems, and<br>embedded systems engineering.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
| Role in leading<br>conferences/journals/etc<br>in the area | Rolf Ernst chaired major international events, such as the<br>International Conference on Computer Aided Design of VLSI<br>(ICCAD), or the Design Automation and Test in Europe (DATE)<br>Conference and Exhibition, and was Chair of the European Design<br>Automation Association (EDAA). He is a founding member of the<br>ACM Special Interest Group on Embedded System Design<br>(SIGBED), and was a member of the first board of directors. He is<br>an elected member (Fachkollegiat) and Deputy Spokesperson of the<br>"Computer Science" review board of the German DFG (corresponds<br>to NSF). He is an advisor to the German Ministry of Economics and<br>Technology for the high-tech entrepreneurship program EXIST<br>(www.exist.org). |
| Awards / Decorations                                       | In 1995 he received the Jorck's Foundation Research Award for his research in hardware/software codesign                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |

Year 1 D16-(7.3)-Y1



| Team Leader                                                |                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
|------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|                                                            | Dr. Stylianos Mamagkakis                                                                                                                                                                                                                                                                                                                                                                                                                                    |
|                                                            | IMEC vzw.                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
|                                                            | http://www.imec.be                                                                                                                                                                                                                                                                                                                                                                                                                                          |
| Technical role(s) within                                   | Representing IMEC Nomadic Embedded Systems (NES) division in:                                                                                                                                                                                                                                                                                                                                                                                               |
| ArtistDesign                                               | -Cluster: SW Synthesis, Code Generation and Timing Analysis                                                                                                                                                                                                                                                                                                                                                                                                 |
|                                                            | -Cluster: Operating Systems and Networks<br>-Cluster: Hardware Platforms and MPSoC Design                                                                                                                                                                                                                                                                                                                                                                   |
|                                                            | -Intercluster activity: Design for Adaptivity                                                                                                                                                                                                                                                                                                                                                                                                               |
|                                                            | -Intercluster activity: Design for Predictability and Performance                                                                                                                                                                                                                                                                                                                                                                                           |
|                                                            | -Intercluster activity: Integration Driven by Industrial Applications                                                                                                                                                                                                                                                                                                                                                                                       |
| Research interests                                         | Stylianos Mamagkakis received his Master and Ph.D. degree in<br>Electrical and Computer Engineering from the Democritus Uni.<br>Thrace (Greece) in 2004 and 2007, respectively. Since 2006, he<br>coordinates a team of PhD students within the NES division at IMEC,<br>Leuven, Belgium. His research activities mainly belong to the field of<br>system-level exploration, with emphasis on MPSoC run-time<br>resource management and system integration. |
| Role in leading<br>conferences/journals/etc in<br>the area | Stylianos Mamagkakis has published more than 35 papers in<br>International Journals and Conferences. He was investigator in 9<br>research projects in the embedded systems domain funded from the<br>EC as well as national governments and industry.                                                                                                                                                                                                       |
| Notable past projects                                      | Project leader of MNEMEE IST project www.mnemee.org                                                                                                                                                                                                                                                                                                                                                                                                         |
|                                                            | Project leader of OptiMMA IWT project <a href="http://www.imec.be/OptiMMA">www.imec.be/OptiMMA</a>                                                                                                                                                                                                                                                                                                                                                          |
|                                                            | Participation in: 1 international IMEC project (M4), 3 European IST projects (AMDREL, EASY, ARTIST2), 2 Greek projects (PRENED, DIAS)                                                                                                                                                                                                                                                                                                                       |
| Awards                                                     | 1st prize in 'Technogenesis' Competition for Business Innovation, Greece, June'06                                                                                                                                                                                                                                                                                                                                                                           |
|                                                            | 3rd prize in 'Otenet Innovation 2006' Competition for Business Innovation, Greece, November'06                                                                                                                                                                                                                                                                                                                                                              |
| Further Information                                        | http://www2.imec.be/imec_com/nomadic-embedded-systems.php                                                                                                                                                                                                                                                                                                                                                                                                   |



| Team Leader                                                                                        |                                                                                                                                                                                                                                                                                                               |
|----------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|                                                                                                    | Prof. Dr. Hermann Kopetz<br>Real-Time Systems Group<br>Institute of Computer Engineering Vienna University of Technology<br><u>http://www.vmars.tuwien.ac.at</u>                                                                                                                                              |
| Technical role(s) within<br>ARTIST2                                                                | Team Leader TU Vienna                                                                                                                                                                                                                                                                                         |
| Research interests                                                                                 | expertise in fault-tolerant systems architecture and inventor of the TTA concept                                                                                                                                                                                                                              |
| Role in leading<br>conferences/journals/etc in<br>the area of fault-tolerant real-<br>time systems | Chairman of the IFIP WG 10.4 on Dependable Computing and Fault-<br>Tolerance<br>DSN steering committee member                                                                                                                                                                                                 |
| Notable past projects                                                                              | DECOS - Dependable Embedded Components and Systems<br>Develop the basic enabling technology to move from a federated<br>distributed architecture to an integrated distributed architecture.<br><u>http://www.decos.at</u>                                                                                     |
|                                                                                                    | TTEthernet – Time-Triggered Ethernet<br>Establishing of a time-triggered (TT) Ethernet with predictable<br>temporal performance and strong fault-isolation for safety-critical<br>real-time control systems and multimedia systems.                                                                           |
|                                                                                                    | NEXT TTA<br>Enhance the structure, functionality and dependability of the time-<br>triggered architecture (TTA) to meet the cost structure of the<br>automotive industry, while satisfying the rigourous safety<br>requirements of the aerospace industry.<br>http://www.vmars.tuwien.ac.at/projects/nexttta/ |
|                                                                                                    | DSoS - Dependable Systems of Systems<br>Develop significantly improved means for composing a dependable<br>"system of systems" (SoS) from a set of largely autonomous<br>component computer systems.<br><u>http://research.cs.ncl.ac.uk/cabernet/www.laas.research.ec.org/dsos/</u>                           |
| Awards / Decorations                                                                               | Fellow of the IEEE                                                                                                                                                                                                                                                                                            |

Year 1 D16-(7.3)-Y1



| Cluster Leader                                             |                                                                                                                                                                                                                                                                                                                                   |
|------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Activity Leader & Team Leader                              |                                                                                                                                                                                                                                                                                                                                   |
|                                                            | Jan Madsen (Technical University of Denmark)                                                                                                                                                                                                                                                                                      |
| Technical role(s) within<br>ArtistDesign                   | Member of the Strategic Management Board<br>Leads Hardware Platforms and MPSoC Design<br>Participates in Intercluster activity: Design for Adaptivity<br>Leader of the JPRA Activity: "Platform and MPSoC Analysis"                                                                                                               |
| Research interests                                         | Research interests include high-level synthesis, hardware/software codesign, System-on-Chip design methods, and system level modeling, integration and synthesis for embedded computer systems.                                                                                                                                   |
| Role in leading<br>conferences/journals/etc<br>in the area | Program Chair and Vice-Chair of Design Automation and Test in Europe Conference.                                                                                                                                                                                                                                                  |
|                                                            | Tutorial Chair and Special Sessions Chair of Design Automation and Test in Europe Conference.                                                                                                                                                                                                                                     |
|                                                            | General Chair, Program Chair and Workshop Chair of<br>CODES+ISSS Conference                                                                                                                                                                                                                                                       |
|                                                            | Member of the editorial board of the journal "IEE Proceedings – Computers and Digital Techniques"                                                                                                                                                                                                                                 |
|                                                            | Member of the technical program committee and organizing<br>committee of several technical conferences, including the Design<br>Automation and Test in Europe Conference, the Real-Time Systems<br>Symposium, the Symposium on Hardware-Software Codesign, and<br>the International Workshop on Applied Reconfigurable Computing. |
|                                                            | Danish delegate in the Governing Board of ARTEMIS JU                                                                                                                                                                                                                                                                              |
| Awards / Decorations                                       | In 1995 he received the Jorck's Foundation Research Award for his research in hardware/software codesign                                                                                                                                                                                                                          |



| Cluster and Team Leader                  |                                                                                                      |
|------------------------------------------|------------------------------------------------------------------------------------------------------|
|                                          | Prof. Dr. Dr. h. c. Reinhard Wilhelm (Saarland University)<br>http://rw4.cs.uni-sb.de/people/wilhelm |
| Technical role(s) within<br>ArtistDesign | Timing Analysis                                                                                      |
| Research interests                       | Compilers, Static Analysis, Timing Analysis                                                          |
| Role in leading                          | PC member of SCOPES, LCTES, MEMOCODE, RTSS etc.                                                      |
| conferences/journals/et<br>c in the area | Steering committee member of EMSOFT, member at large of the steering committee of LCTES              |
|                                          | Member of the ACM SIGBED Executive Committee                                                         |
| Notable past projects                    | DAEDALUS                                                                                             |
| Awards / Decorations                     | Prix Gay-Lussac-Humboldt in 2007                                                                     |
|                                          | Honorary doctorates of RWTH Aachen and Tartu University in 2008                                      |
| Further Information                      | Co-founder of AbsInt Angewandte Informatik GmbH                                                      |
|                                          | Scientific Director of the Leibniz Center for Informatics Schloss<br>Dagstuhl                        |



| Team Leader                              |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
|------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|                                          | Prof. Dr. Peter Marwedel (TU Dortmund)<br>http://ls12-www.cs.tu-dortmund.de/~marwedel/                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
| Technical role(s) within                 | Cluster leader SW Synthesis, Code Generation and Timing Analysis                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
| ArtistDesign                             | Improved code quality for embedded applications is the main goal of<br>the work at Dortmund University. Due to the widening gap between<br>processor and memory speeds, emphasis has been on improving<br>the efficiency of memory accesses, in terms of average and worst<br>case execution time and in terms of the energy consumption.                                                                                                                                                                                                                                                                                                                             |
| Research interests                       | Peter Marwedel's Embedded Systems Group focuses on embedded<br>software. Particular emphasis is on compilers for embedded<br>processors. One of the very first publications in this area, the book<br>"Compilers for Embedded Processors", edited by Peter Marwedel<br>and Gert Goossens, was the result of the CHIPS project, funded by<br>the European Commission. The group's current focus is on<br>advanced optimizations for embedded processors (e.g. by using bit-<br>level data flow analysis) and energy-aware compilation techniques.<br>Current research also includes high-level transformations of<br>algorithms as well as WCET-aware code generation. |
| Role in leading conferences/journals/etc | Member of the EDAA (European Design and Automation Association) Main Board.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |
| in the area                              | Editorial Board Member of the Journal of Embedded Computing.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
|                                          | Editorial Board Member of the Microelectronics Journal.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
|                                          | Co-Founder and Steering Board Chair of the SCOPES Workshop (Software and Compilers for Embedded Systems) Series.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
|                                          | >14 years of service for the DATE conference and its predecessors<br>(program chair: 3 times, chairman of the steering committee,<br>European representative to ASPDAC)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
|                                          | DAC: Topic chair and reviewer                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
|                                          | Various other conferences                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
| Notable past projects                    | MAMS:<br>Multi-Access modular-services framework, national project<br>funded by the German Federal Ministry of Education and<br>Research (BMBF)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
|                                          | MORE:<br>Network-centric Middleware for group communications and<br>resource sharing across heterogeneous embedded systems,                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |



|                      | supported by the European Commission <a href="http://www.ist-more.org/">http://www.ist-more.org/</a>               |
|----------------------|--------------------------------------------------------------------------------------------------------------------|
|                      | HiPEAC:<br>European NoE on High-Performance Embedded Architecture<br>and Compilation; <u>http://www.hipeac.net</u> |
|                      | Others: Various earlier projects supported by the EC, DFG etc.                                                     |
| Awards / Decorations | Teaching award, TU Dortmund, 2003                                                                                  |
|                      | DATE fellow, 2008                                                                                                  |
| Further Information  | CEO of the Informatik Centrum Dortmund (ICD), a technology transfer centre founded in 1989.                        |



## 6. Internal Reviewers for this Deliverable

Jan Madsen, Technical University of Denmark Karl-Erik Arzen, Lund Martin Thorngren, KTH