### METHODS AND TOOLS FOR THE DESIGN OF ELECTRONIC SYSTEMS

#### Alberto Sangiovanni-Vincentelli

The Edgar L. and Harold H. Buttner Chair of EECS University of California at Berkeley

Co-Founder and Member of the Board Cadence Design Systems

#### Outline

- Introduction and Motivation using Automotive as Test Case
- The V design process and Platform Based Design
- The Role of Autosar
- Semiconductor Design Economics
- Extensions and Open Issues

THANKS TO BMW, Cadence, GM, Intel, Magneti Marelli, ST and UTC

# The IT Platform of Today: Mobiles at the Edge of the Cloud



#### Mobile data growth





Mobile traffic grew 2.6x in 2010 (nearly tripling for 3<sup>rd</sup> year) Driven by Tablets

#### The Emerging IT Scene: The Swarm at the Edge of the Cloud



© Alberto Sangiovanni-Vincentelli All rights reserved

# 1995 Question: What happens if sensors become tiny, wireless, and self-contained?



#### Wireless Sensor Networks

[Courtesy: K. Pister, UC Berkeley]

# 2010 Outcome: The Unfullfilled Promise of Wireless Sensor Nets



What slowed them down?
(Source: On World)
Cost savings not yet disruptive
Reliability

- Reliability
- Energy (battery life)
- Ease of use

## Wireless Sensor Nets What REALLY slows them down: NO Economy of Scale

Stovepipes, Fragmentation, Non-interoperability, Lack of Virtualization

> Industrial automation, smart buildings, renewable energy, data centers, ...

TinyOS, eCOS, LiteOS, Contiki, Arch Rock 802.11x (WiFi), 802.15.4x (Zigbee), 802.15.1 (Bluetooth (LE)), 802.15.6 (WPANs), NFC, ...

#### **Predictions**



#### Wireless is everywhere; ignore it at your peril

<u>Bolaji Ojo</u> (01/07/2008 9:00 AM EST) URL: <u>http://www.eetimes.com/showArticle.jhtml?articleID=205208620</u>

The search is over for the next killer app. It is wireless, it is all around you, and it will leave no sector of the global economy untouched.

- 5 Billion people to be connected by 2015 (Source: NSN)
- The emergence of Web2.0
  - The "always connected" community network
- 7 trillion wireless devices serving 7 billion people in 2017 (Source: WirelessWorldResearchForum (WWRF)
  - 1000 wireless devices per person? (Courtesy: Niko Kiukkonen, Nokia)

#### Vision 2025

- Integrated components will be approaching molecular limits and/ or may cover complete walls
- Every object will have a wireless connection, hence leading trillions of connected devices,
- Collaborating to present unifying experiences or to fulfill common goals

What will it Enable? The Birth of the Swarm

### CyberPhysical Systems Linking the Cyber and Physical Words



[H. Gill, NSF 2008]

Aka: The Internet of Things, Societal IT Systems, ....

### CyberBiological Systems (BioCyber) Linking the Cyber and Biological Worlds



Examples: Telesurgery, Body-area networks, health diagnostics, drug delivery, brainmachine interfaces, ...

#### **Towards Integrated Wireless Implanted Interfaces**



#### What does it mean to become Smarter?

#### Measuring, Monitoring, Modeling and Managing



- Data collection
- Data Integration
- Comparison of historical data, with newly collected data
- Data modeling and analytics to create insights from data to feed decision support and actions

Source: IBM Corporate Strategy

#### Outline

- Introduction and Motivation using Automotive as Test Case
- The V design process and Platform Based Design
- The Role of Autosar
- Semiconductor Design Economics
- Extensions and Open Issues

THANKS TO BMW, Cadence, GM, Intel, Magneti Marelli, ST and UTC

#### Design Chain Integration Automotive Industry





#### **Challenges in Automotive Electronics Development**





- Increasing functionality:
  - Safety (active/passive)
  - Fuel efficiency (hybrid)
  - Reduced emissions (less CO2)
  - Comfort
- Increasing quality:
  - 2000: ~1000 10ppm (per ECU)
  - 2010: ~1 0ppm (per ECU)

© Alberto Sangiovanni-Vincentelli. All rights reserved.

Increasing value: Electronic Share (value): 2004: 20% -> 2015: 40% Software Share (value): 2000: 4.5% -> 2010: 13% Reduce time to market: 2000: ~ 20 - 26 months 2010: < 18-20 month

### **Convergence Towards Active Safety**



#### From federated to integrated architectures

#### Today: Federated Architectures



Each time a new function is required, the OEM starts a request to suppliers for a new ECU (an integrated HW/SW device realizing the function) to be integrated on the existing networks

The device is developed by the supplier with its own choice of HW, RTOS, device drivers and communication layers (with some standardization)

The result is

- Proliferation of ECUs (reaching 100)
- Complex distributed architectures with the need of high bandwidth and therefore multiple networks and gateways
- Complex functional and not-functional (timing) dependencies across the network, which OEMs struggle to control
- Missing opportunities for common set of libraries and (sub) functions
- Limited standardization, flexibility and extensibility
- Limited control on the execution platform by OEMs

### The Distributed System Problem: Typical Car Electrical Architecture



#### Fighting Obsolescence: How to harmonize fast evolving electronics with products whose lifetime is >10 years

- Decouple Function and Architecture
- Bring back to OEM design control
- Flexibility and Extensibility of Architectures
- Manage a Complex Supply and Design Chain
- Place your bets so that you leverage maximally your core competence while leveraging as much as possible qualified PARTNERS

#### From federated to integrated architectures

#### Tomorrow?: Integrated Architectures

The execution architecture is completely selected and planned by the OEM. OEMs are free to standardize HW, drivers, RTOS and communication layers, leveraging competition among suppliers

Each time a new function is required, the OEM starts a request to suppliers for new functional content (SW) to be integrated on the existing platform

• Define models that allow to predict the result of the composition (functional and not-functional)

#### **The Larger Picture**

PAGE 14 - SUNDAY, FEBRUARY 6, 2005 - THE NEW YORK TIMES (by Tim Me

#### What's Bugging the High-Tech Ca

On a hot summer trip to Cape Cod, the Mills family minivan did a peculiar thing. After an hour on the road, it began to bake the children. Mom and Dad were cool and comfortable up front, but heat was blasting into the rear of the van and it could not be turned off.

Fortunately for the Mills children, their father – W. Nathaniel Mills III, an expert on computer networking at 1 B M. – is persistent. When three dealership visits, days of waiting and the cumbersome replacement of mechanical parts failed to fix the problem, he took fhe van out and drove it until the oven fired up again. Then he rushed to the mechanica to look for a software error. Additionally, the study found that althe errors cannot be removed, more than took two minutes for them to hook up diagnostic tool and find the fault, "said Mills, senior technical staff member at LB M 's T.J. Watson Research Center Hawthome, N.Y., "I can almost see th software code, a sensor was bad."

Indeed, the high-tech comfort system confusi the 200



#### **Toyota Problems** The Washington Post, March 7

Attention has been focused on mechanical and electronic issues with Toyotas, but another possible cause of the runaway acceleration maybe a software glitch. Each vehicle contains layers of computer code that may be added from one model year to next" that control nearly every system, from acceleration to braking to stability. This software is rigorously tested, but t is well-known in our community that there is no scientific, firm way of actually completely verifying and validating software.



#### NHTSA To Probe Reports Of Sudden Engine Stalls In Prius Hybrids

The National Highway Traffic Safety Administration said yesterday it is investigating reports that a software problem can cause the engine of Toyota's Prius hybrid to stall without warning at highway speeds. No accidents have been reported thus far.

NHTSA has received 33 reports of stalling in Prius cars from model years 2004 and 2005, according to the agency's initial report. More than 85 percent of the cars that stalled did so at speeds between 35 and 65 miles per hour.



23 © Alberto Sangiovanni-Vincentelli. All rights reserved.

#### It's Not Over Yet!

#### THE WALL STREET JOURNAL.

WSJ.com

BUSINESS | NOVEMBER 25, 2010

# Boeing 787 Is Set Back as Blaze Forces Fix



24 © Alberto Sangiovanni-Vincentelli. All rights reserved.



#### **CMOS mmWave Circuits and SoC: 60GHz Today**

- Multiple 60GHz standards complete
- WirelessHD products available
  - SiBeam (BWRC startup)
  - Wall-powered
  - Dissipate <2W</li>
- A \$10 Radar is a possibility!
- 60GHz link in mobile applications?
  - Energy-efficiency is key: <~250mW transceiver</li>
  - Solution must scale to 10+ Gb/s
  - Low cost = Single chip RF+phased array+BB+BIST





#### Integration Challenges: Plug and Play?



### **Plug and Pray!**

27 © Alberto Sangiovanni-Vincentelli. All rights reserved.

#### **The Design Integration Nightmare**

### Specification: Implementation:



P. Picasso, Blue Period

P. Picasso "Femme se coiffant" 1940

#### To Enable Success...

#### We need an integration platform

- To deal with heterogeneity:
  - Where we can deal with Hardware and Software
  - Where we can mix digital and analog, cyber and physical
  - Where we can assemble internal and external IPs with different physical domains
  - Where we can work at different levels of abstraction
- To handle the design chain
- To support integration
  - Tool integration
  - IP integration

# The integration platform must subsume the traditional design flow, rather than displacing it

#### Outline

- Introduction and Motivation using Automotive as Test Case
- The V design process and Platform Based Design
- The Role of Autosar
- Semiconductor Design Economics
- Extensions and Open Issues

#### Automotive V-Models: a 'Linear' Development Process



### **Vertical Design Chain and Design Error Costs**



#### **OEM Design Challenges**

- Distribution:
  - Functions are distributed over several subsystems/ components (M/E/E)
  - Exploration of solutions involve several subsystems
  - Integration is very expensive
  - Tool support is critical

#### • Packaging:

- space for electronics in the car is reducing
- Functional integration might be different from functional one



# Enabling OEM and Tier1 Co-Design Space Exploration and Co-Verification



#### **Derivative design**

#### The derivative design approach:

- Every two-three years a new generation of products is designed
  - Product generations are conceived to accommodate the specification of all customers for the next years
- For each commitment, the electronic control unit is obtained by derivation from the current generation
- In the derivative design approach, reuse is extensively employed to minimize cost and development time
  - for each class of applications, products are variants of a same originating design



### **Platform Models for Model Based Development**



# **Platform Based Design**

- A "meet-in-middle" design method
  - Platform: an abstraction layer that hides the details of several possible implementation refinements of the underlying layers
- Function model: •
  - abstraction of what the system is supposed to do
- Architecture model: •
  - lower level of abstraction describing how the system realizes the function
- Mapping:
  - Process by which function and architecture meet
  - Propagates constraints from above to meet performance estimations from below
  - Phases: Allocation, binding, scheduling





Export

# **Separation of Concerns**



# **Platform-Based Design**



Platform: library of resources defining an abstraction layer with interfaces that identify legal connections

- Resources do contain virtual components i.e., placeholders that will be customized in the implementation phase to meet constraints
- Very important resources are interconnections and communication protocols

# **Fractal Nature of Design**



# **Design Methodology**

**Platform Constraints Propagation** 



**Requirement Propagation and Platform Selection** 

# Design Space vs. Time-to-Market in Platform Based Design

- Platform limits the design choices
- Designer only needs to analyze alternatives that are implemented by the platform



# **AUTOSAR** initiative

- Each ECU may include functionalities developed by different suppliers and as well as the OEM
- Started as a partnership between leading European OEMs and Suppliers for
  - establishment of an open standard for automotive E/E architecture
  - a basic infrastructure for the management of functions within both future applications and standard software modules
- Objectives
  - standardization of basic system functions and functional interfaces
    - modularity and scalability
  - the ability to integrate and transfer functions
    - transferability and re-usability
  - substantially improve software updates and upgrades over the vehicle lifetime
- The AUTOSAR scope includes all vehicle domains





## **AUTOSAR Architecture**

A fundamental concept of AUTOSAR is the separation between:

- (functional) application and
- infrastructure



# **AUTOSAR Architecture and Methodology**



### AUTOSAR Methodology



AUT OSAR

- 21

# **Control synthesis - algorithm development**

## Characteristics of the overall electronic control system

- Multi-rate control system composed of nested control loops that interact with other embedded controllers
  - frequency and phase drifts between sampling frequencies
  - event driven actions
  - asynchronous communication on the network
- Implements both continuous and discrete functionalities
  - more discrete than continuous
  - control algorithms may have many operation modes
    - nominal operation modes
    - safety, protection and recovery modes
  - computations performed at transition time are very important
    - switching conditions
    - controller initializations

A large part of algorithms devoted to diagnosis, fault tolerance and safety
 Complexity: more than 150 I/O and 200 algorithms in engine control units

# **Control synthesis - algorithm development**

## Electronic control units do not implement control and estimation algorithms only

## • Fault tolerance

- recovery algorithms that guarantee minimal operability under fault conditions

## Diagnosis

- Diagnosis specs, enforced by OBDII (On Board Diagnosis II USA) and EOBD (European On Board Diagnosis EU), require that
  - every fault, malfunction or simple component degradation that lead to the production of pollutant emissions over given thresholds should be diagnosed and notified to the driver

## Safety

- relevant to vehicle longitudinal and stability control, and next-generation X-by-wire systems
  - e.g. brake-by-wire and steer-by-wire

# **Specification for hw/sw implementation**

## The description of the hw/sw specification have to

- include all the details for a correct implementation of the algorithms
  - complete functional description
  - computation accuracy bounds
    - value domain: computation precision (fixed-point arithmetic), threshold detection, ...
    - time domain: latency, jitter, delay in event detection, ...
  - execution order, synchronization and communication
  - priorities in case of shared resource (cpu, communication,etc)
  - data storage requirements
- be model-based
- be suitable for automatic code generation
- be compliant to AUTOSAR middle-ware RTE layer specification

# **Specification for hw/sw implementation**

- Description of the implementation specification (hybrid formalisms)
- Methodologies and tools for the definition and validation of implementation constraints
  - modeling of the degradation due to the implementation of algorithms on bounded resource platforms
  - definition of acceptance criteria for the hw/sw implementation
  - exploration of hw/sw implementation requirements and constraints
  - validation of candidate implementation platforms described in abstract form
- Tools supporting the specification for hw/sw implementation have to
  - allow the description of the implementation constraints and acceptance criteria
  - be efficiently integrated with software development tools
  - either provide automatic code generation or be linked to auto-coding tools





# **Design Flow**



# MBD: CODE GENERATION

## e.g. Mathworks RTW, dSpace TargetLink

# High level input models

(Simulink, Modelica, ...)



## **Direct code generation**

- No significant restructuring
- Low level optimization
- Manual partition





# LEARNING FROM LOGIC SYNTHESIS

## High level function model

#### - Separation of func and arch ⊐))>-- Common language for func and arch $\exists$ netlists (Boolean logic, NAND2 gate) t<sub>1</sub>t<sub>3</sub>+fgh - Automatic mapping at<sub>2</sub>+c $inv(1) \_ nand2(2)$ d+e b+h \_nor(2) Technology Mapping nand3 (3) (covering) restructuring aoi21 (3) restructuring oai22 (4) xor (5 ď e' Т nand3(3 g and2(3) d Gate library in **Function model** nor3 (3) $b^{TT}h^{i}$ oai21(3) netlist in netlist а oai21 (3) nand2(2) С inv(1)Mapped design

Gate library (platform)

# OUR SOFTWARE SYNTHESIS FLOW

## **Function Model**



**Architecture Platform** 

# CHALLENGES IN THE FLOW

- Stage 1: Common modeling domain selection
  - Various models of computation exist in system level.
  - Trade-off between expressiveness and ease of manipulation when selecting the <u>common</u> <u>semantics</u>.
  - Trade-off between granularity and optimality when selecting the <u>primitives</u>.
- Stage 2: Automatic mapping
  - Various constraints and objectives.
  - Domain-specific algorithms may be used albeit not necessary.
- Stage 3: Code generation
  - Communication interface synthesis maybe needed to guarantee correct semantics.

# Modeling domain

- Semantic domain *Q* the language
  - Formally defined as trace-based agent algebra [1].
  - *Q.D*: domain of agents "building blocks".
  - Q.A: master alphabet "set of all signals between blocks".
  - Q.α : Q.D -> 2<sup>Q.A</sup>, each agent has an alphabet "each block has a set of signals"
  - Operators: renaming, projection and parallel composition "rules to initialize and compose blocks"

 $\subset$ 

- Primitives *P* abstraction level
  - Primitives are a set of agents in a semantic domain, P Q.D.
  - No agent in *P* can be constructed from other agents in *P*.
- Modeling domain C<sub>Q</sub>(P): all agents constructed from primitives P by applying operators in semantic domain Q.

[1] R. Passerone, Semantic Foundations for Heterogeneous Systems. PhD thesis, University of California, Berkeley, 2004.

# COMMON MODELING DOMAIN (CMD)

- A model is an agent in the modeling domain.
- Function model f  $\overline{F}$  architecture model a A.
- B(s) denotes the behavior of model s.
- Modeling domain ME is a commo modeling domain between f and a if there exists f' M and  $a'_{Beh}M_{or}s_{ot}t_{origh}(f') = B(f)$  and B(a') = B(a).

architecture model a in A Behavior of original function model *f* in *F* model a' in CMD Behavior of function model f' in CMD 0

Illustration of mapping space in CMD

Behavior of architecture

• **f** and **a** may have different semantics or abstraction level – hard to explore **o**.

- **f**' and **a**' in CMD mapping space  $\Lambda$  can be formally explored.
- $\Lambda \subseteq o$  mapped behavior is legal.

# CMD SELECTION

- Ancestor-child relation between modeling domains.
  - Define  $\Phi(M) = \{B(s) \mid s \in C_Q(P)\} \subseteq \text{set of all agent behavior.}$
  - $M_1 = C_{Q_1}(P_1)$  is the ancestor of  $M_2 = C_{Q_2}(P_2)$  iff  $\Phi(M_2) = \Phi(M_1)$ .
- Search CMDs on modeling domain relation graph (directed edges representing ancestor-child relation).



# CMD SELECTION CONTD.

- Two design aspects when selecting CMD  $C = C_Q(P)$ 
  - Semantics decided by semantic domain Q
    - Expressiveness vs. analyzability, e.g. dataflow vs. static dataflow.
    - May first choose semantic domain for common ancestor domain D, then refine it in C.
  - Abstraction level depends on primitives P
    - $\circ$  Explore different abstraction level by choosing different primitives.
    - $\circ$  Carried out when selecting *C* as child domain of *D*.
  - For both, it is a trade-off between the size of mapping space and complexity.

# COVERING PROBLEM AFTER CMD SELECTION

• Symbols:

| Function primitive instances :                                                                                                                                                                                                                                                                  |  | $F = (f_1, f_2,, f_n)$                                                                                                                                                                                             |  |  |  |
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|--|
| <ul> <li>Architecture primitive instances :</li> </ul>                                                                                                                                                                                                                                          |  | $A = (a_1, a_2,, a_m)$                                                                                                                                                                                             |  |  |  |
| <ul> <li>Mapping decision variables :</li> </ul>                                                                                                                                                                                                                                                |  | $d_{f_i,a_j}$                                                                                                                                                                                                      |  |  |  |
| <ul> <li>Architecture selection variables:</li> </ul>                                                                                                                                                                                                                                           |  | S <sub>a</sub> ;                                                                                                                                                                                                   |  |  |  |
| <ul> <li>Quantities (power, area, bandwidth):</li> </ul>                                                                                                                                                                                                                                        |  | $\overset{a_j}{\mathcal{Q}_{f_i,a_j,t}}  \mathcal{Q}_{a_j,t}$                                                                                                                                                      |  |  |  |
| <ul> <li>General covering formulation</li> <li><i>L</i><sub>j<sub>i</sub></sub>, <i>a<sub>j</sub></i>, <i>i</i></li> <li><i>L</i><sub>a<sub>j</sub></sub>, <i>i</i></li> </ul>                                                                                                                  |  |                                                                                                                                                                                                                    |  |  |  |
| Function covering constraints<br>$\forall f_i \in \mathcal{F},  \sum_{a_j \in \mathcal{A}_{f_i}} d_{f_i, a_j} = 1$<br>$\forall f_i \in \mathcal{F}, a_j \notin \mathcal{A}_{f_i},  d_{f_i, a_j} = 0$<br>$\forall a_j \in \mathcal{A},  \sum_{j \in \mathcal{A}_{f_i}} d_{f_i, a_j} \ge s_{a_j}$ |  |                                                                                                                                                                                                                    |  |  |  |
| Architecture selection constraints $f_i \in \mathcal{F}$                                                                                                                                                                                                                                        |  |                                                                                                                                                                                                                    |  |  |  |
| <i>Domain specific.<br/>Determines<br/>complexity!</i>                                                                                                                                                                                                                                          |  | $ \forall f_i \in \mathcal{F}, a_j \in \mathcal{A},  d_{f_i, a_j} \leq s_{a_j} \\ \{Q_{f_i, a_j, t}\}, \{s_{a_j}\}, \{Q_{a_j, t}\}\} \leq 0 \\ d_{f_i, a_j}\}, \{Q_{f_i, a_j, t}\}, \{s_{a_j}\}, \{Q_{a_j, t}\}) $ |  |  |  |

# CASE STUDY: ACTIVE SAFETY VEHICLE

- Functional correctness and cost-efficiency are both important for active safety applications.
- Function and architecture mismatch.

## **Function model**

- synchronous model.
- no message loss or duplication.

# Meding CSF Moding CSR CSF Moding CSR CSR Inetial Sensor VST SVSCOM SCOMI VST SVSCOM SCOMI VST SVSCOM SCOMI VST SCOMI SCOMI <

## Architecture platform

- clock drift between distributed ECUs, asynchronous communication.
- data loss and duplication exist.



# STAGE 1: CMD SELECTION - COMMON SEMANTICS



1. Process Networks (PN): expressive but high modeling complexity. Need transformation of both func and arch models.

2. Loosely time triggered architecture (LTTA): transformation of func model to support <u>asynchronous</u> communication.

**Chosen in this case study** 3. Synchronous reactive (SR):

transformation of the arch to support <u>synchronous</u> communication, by applying following protocols.

- Clock synchronization.
- Constraints on task periods.

Original Architecture Modeling Domain

# STAGE 2: COVERING PROBLEM



# STAGE 2: COVERING PROBLEM CONTD.

- Worst case analysis for CAN systems with periodic tasks and messages.
- A complete formulation with all design variables does not scale for industrial size problems.
- We start with tackling following sub-problems.

| Problems  | Period<br>Synthesis [1]    | Allocation & Priority<br>Synthesis [2]  | Extensibility<br>Optimization [3, 4] |
|-----------|----------------------------|-----------------------------------------|--------------------------------------|
| Variables | Period                     | Allocation<br>Priority                  | Allocation<br>Priority               |
| Objective | Latency                    | Latency                                 | Extensibility                        |
| Approach  | Geometric programming (GP) | Mixed integer linear programming (MILP) | Multi-step Heuristic                 |

[1] "Period Optimization for Hard Real-time Distributed Automotive Systems", 44th DAC, 2007.

[2] "Definition of Task Allocation and Priority Assignment in Hard Real-Time Distributed Systems", 28th RTSS, 2007.

[3] "Optimizing Extensibility in Hard Real-time Distributed Systems", 15th RTAS, 2009.

[4] "Optimizing the Software Architecture for Extensibility in Hard Real-Time Distributed Systems", TII, 2010.

# ALLOCATION & PRIORITY SYNTHESIS (MILP BASED)



# Allocation & priority synthesis results







## Architecture platform

- 9 ECUs
- single bus

# EXTENSIBILITY OPTIMIZATION (MILP AND HEURISTIC)



# EXTENSIBILITY OPTIMIZATION RESULTS

- Same active safety vehicle as in allocation and priority synthesis.
- Single-bus and dual-bus options.
- Parameter *K* to trade off between extensibility and latency.
- Compared with a simulated annealing algorithm: maximum extensibility within 0.3%, runtime 0.5 hour vs. 12 hours.



# CASE STUDIES IN OTHER DOMAINS

- Building automation domain [1]
  - Similar semantics as in automotive synchronous function model and LTTA architecture platform.
  - Also choose SR as the common semantics, however <u>additional timing constraints</u> are added to the architecture <u>for preserving synchronism</u>, as we consider the physical interaction with environment.
  - Mapping leverages COSI for <u>communication network synthesis</u>.
- Multimedia domain [2]
  - JPEG encoder application. Intel MXP architecture platform.
  - Semantics for both function and architecture are dataflow.
  - Challenge is to choose the proper <u>abstraction level</u>. Different levels are explored and compared through choices of primitives.

[1] "A Design Flow for Building Automation and Control Systems", 31<sup>st</sup> RTSS, 2010.

[2] "JPEG Encoding on the Intel MXP5800: A Platform-Based Design Case Study", ESTIMedia'05, 2005.

# MATHEMATICAL PROGRAMMING APPROACHES



## CONCLUDING REMARKS

- Software (and hardware) synthesis based on a formal mapping procedure
  - Formally determines the <u>semantics and abstraction level</u> of the design by choosing a <u>common modeling domain</u>.
  - Automatic and optimal mapping algorithms.
  - Generality applied to various domains with different models of computation as well as different implementation platforms. Domain-specific mapping algorithms may be leveraged in the framework.
  - Optimality trade-off between complexity and mapping space through the selection of CMD.
  - Reusability common semantic selection requires designers' expertise. However proper selection is typically general for particular domains.

## Magneti Marelli Results



Model and Platform based design methodology successfully implemented in Magneti Marelli Powertrain leading to:

- Significant increase in application software productivity up to 4 time faster than in the traditional hand-coding cycle.
- The model compiler has been applied only to models mapped in the application software partition with a 90% coverage.
- Virtually bug-free application software 100% compliant to executable specifications. No need for unitary verification tests, already performed in a simulated environment and components already quoted in terms of CPU load with the PIL environment.
- Automatically generated software components created for GDI project have been reused by other projects (MPI, Diesel) currently in production.



### Heterogeneous models

+ separation between the functional model and the architecture model



#### Outline

- Introduction and Motivation using Automotive as Test Case
- The V design process and Platform Based Design
- The Role of Autosar
- Semiconductor Design Economics
- Extensions and Open Issues

#### The Story of EDA: The Quest for the Next Level of Abstraction



77 © Alberto Sangiovanni-Vincentelli. All rights reserved.

#### **Evolution of the EDA Industry**



#### Moore's Law



#### The Magic of Moore's Law

Silicon Process Technology Intel386™ DX Processor Intel486™ DX Processor

Pentium<sup>®</sup> Processor

Pentium<sup>®</sup> II, III Processors Pentium<sup>®</sup> 4



#### **Evolution of Digital Design Productivity**

| Year | DT Productivity<br>Impact          | Gates Per<br>Designer per<br>Year | Description                                                                                                                                                                                                                    |
|------|------------------------------------|-----------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1990 | Design<br>Technology               | 4,000                             |                                                                                                                                                                                                                                |
| 1993 | In House Place<br>and Route        | 5,550                             | Automated Block Placement and Routing                                                                                                                                                                                          |
| 1995 | Tall Thin<br>Engineer              | 9,090                             | Engineer can purse all tasks to complete a design block from RTL to GDSII                                                                                                                                                      |
| 1997 | Small (2K-<br>75K) Block<br>Reuse  | 40,000                            | Blocks from 2,500 –74,999 gates                                                                                                                                                                                                |
| 1999 | Large (75K-<br>1M) Block<br>Reuse  | 56,000                            | Blocks from 75,000-1M gates                                                                                                                                                                                                    |
| 2001 | IC<br>Implementation<br>Suite      | 91,000                            | Tightly integrated toolset that goes from RTL synthesis to GDSIII through IC palace and route                                                                                                                                  |
| 2003 | Intelligent Test<br>Bench          | 125,000                           | RTL verification tool (cockpit) that takes and ES-level description and partitions it into verifiable blocks, then<br>executes verification tools on the blocks, while tracking and reporting code coverage                    |
| 2005 | ES Level<br>Methodology            | 200,000                           | Level above RTL, including both HW and SW design. It consists of a behavioral (where the system function has not been partitioned) and an architectural level (where HW and SW are identified and handed off to design teams). |
| 2007 | Very Large<br>(>1M) Block<br>Reuse | 600,000                           | Blocks >1M gates; intellectual-property cores                                                                                                                                                                                  |

81 © Alberto Sangiovanni-Vincentelli. All rights reserved.

Source: J. Weekly, Synopsys



#### The Full Day: the Maturity of EDA



#### **Challenges and Trends**







**Process Geometry** 

Cell-Based ASICs prohibitively expensive for all but highest volume applications



#### <u>Shift to</u>

Technology (nm)

- Re-use strategy at all levels
- Higher level of abstractions
- Software !!!

84 © Alberto Sangiovanni-Vincentelli. All rights reserved.

**Engineering Months** 

#### Definitions

- ASPP: Application Specific Programmable Platform
  - Instruction set and architecture are customized to application
  - Application customers help providing specs

- PSPP: Platform Specific Programmable Product
  - ASPPs: End-user/designers will only program the part
  - PSPPs: End-user/designers will partially configure/design the hardware then program the part
  - Will there be more PSPPs than ASPPs in 2010?

#### Questions

- What applications/businesses will be building ASICs instead of PSPPs and ASPPs?
- Bleeding edge performance will be less of a factor for a larger percentage of applications moving forward: audio, video?
- Where will cost be less of a factor than super-optimized performance?
- Will an optimized PSPP be more timely, cost-friendly, and even higher in performance given that it has been optimized for speed for a particular application area/platform?
- Who can afford to design a completely non-reconfigurable, non-programmable ASIC?

#### The Story of EDA: The Quest for the Next Level of Abstraction



#### **The Design Object**



- Assemble Components from parameterized library
- Including:

Configurable processor core Memories (RAM, ROM) Special-purpose standard blocks (ASSPs) Glue Logic

- Third-party special-purpose logic/MEMS/MEOS
- Integrate using standard approach to on-chip communication

#### **Developing a New ASIC**

#### VERY EXPENSIVE PROPOSITION

- Core IP (microprocessor) may cost more than 4 Billion (see NYTimes article on AP4, the new core by Apple)
- NRE are from 8 to 10 Million each chip
- Trend is to leverage maximally platforms: few cutomized parts
- More important to team with right IC maker and select the right architecture and design tools to support the application

#### **Cadence EDA360 Vision**



- Architecture, design, integration, and verification of complex electronic systems
- Includes hardware-software design and verification, system modeling, verification IP, and services
- Delivered via open, connected, and scalable offerings
- Design IP and Services with technologies for architectural exploration, integration, and verification of complex SoCs
- Includes memory and storage subsystems, interfaces, and chip planning capabilities
- Delivered via <u>differentiated</u>, <u>integrated</u>, and <u>proven</u> offerings
- Design, verification, and implementation of complex designs across silicon, package and board
- Includes comprehensive flows for low power, mixed signal, verification, large scale/GHz, and 3D-IC/SiP codesign
- Delivered via <u>intent</u>, <u>abstraction</u>, and <u>convergence</u> in flows



- Formal Modeling of multi-physical systems and library definitions
- Includes requirement capture
- Cyber Physical System formal verification and virutalization
- Design Space Exploration
- Architecture, design, integration, and verification of complex electronic systems
- Includes hardware-software design and verification, system modeling, verification IP, and services
- Delivered via open, connected, and scalable offerings
- Design IP and Services with technologies for architectural exploration, integration, and verification of complex SoCs
- Includes memory and storage subsystems, interfaces, and chip planning capabilities
- Delivered via differentiated, integrated, and proven offerings
- Design, verification, and implementation of complex designs across silicon, package and board
- Includes comprehensive flows for low power, mixed signal, verification, large scale/GHz, and 3D-IC/SiP co-design
- Delivered via intent, abstraction, and convergence in flows

#### **Business Challenge: Tool Landscape**



#### **Final Words of Wisdom**





93 © Alberto Sangiovanni-Vincentelli. All rights reserved.

#### The EDA Challenge: Software Architecture Today



94 © Alberto Sangiovanni-Vincentelli. All rights reserved.

# The Swarm Opportunity

#### It's A Connected World

Time to Abandon the "Component"-Oriented Vision



- The functionality is in the swarm!
- There is power in numbers
- Resources can be dynamically provided based on availability

Moore's Law morphs into Metcalfe's Law: Scaling is in number of connected devices, no longer in number of transistors/chip

[J. Rabaey, MuSyC 2009]

#### **Supporting Theory**

- Provide a semantic foundations for integrating different models of computation
  - Independent of the design language
- Maximize flexibility for using different levels of abstraction
  - For different parts of the design
  - At different stages of the design process
  - For different kinds of analysis
- Support many forms of abstraction
  - Model of computation (model of time, synchronization, etc.)
  - Scoping
  - Structure (hierarchy)

#### **Platform Based Design!**



#### **Building Operating Platform**



#### The Swarm as a Platform

#### A mediation layer



#### The Swarm as a Platform

#### Operating System (Broad Sense): Environment that

- · Presents abstracted vision of hardware to applications
- Dynamically balances application needs versus available resources under time
   and energy constraints

#### What makes SWARM-OS different (and hard)?

- Distributed
- Space/context-aware
- Heterogeneous shared (and sparse) resources
- Dynamic
  - Mobility, scope, resources, connectivity, ...



## How to Deal with Dynamics **Structured versus ad-hoc?**

#### **BOTH OF THE ABOVE!**



#### Exploiting the Edge of the Cloud (or The Fog\*)

Packs plenty of computation, communication, storage and energy resources Avoids the overhead of the Cloud

#### Not an "OS as usual" Reactive or opportunistic emergence of capabilities desirable

[F. Bonomi, Cisco, "Cloud and Fog Computing"- EON June 11]

#### The Swarm Challenge(s)



#### **The SCIENCE-Application Dilemma**



**Raffaello Sanzio, The Athens School** 

#### **Concluding Remarks**

- Challenging problems in many domains exist and are amenable to a rigorous approach to design methodologies, models and tools
- Model-based and Platform-based Design is a MUST
- Control algorithm design is critical
- Optimized Architecture selection is essential
- Holistic view of the design problem must be established
- Multidisciplinary approach needed: a challenge for education and recruiting