EE249 Embedded System Design: Models, Validation and...

EECS249Fall08

EE249 Embedded System Design:

Models, Validation and Synthesis

Alberto Sangiovanni Vincentelli

1

EE249Fall082

Carly Fiorina, CEO, Hewlett Packard Corporation

I believe we are now entering the Renaissance phase of the Information Age, where creativity and ideas are the new currency, and invention is a primary virtue, where technology truly has the power to transform

lives, not just businesses, where technology can help us solve fundamental problems.

EE249Fall083

Client

Server

eMerging Societal-Scale Systems

New System ArchitecturesNew Enabled ApplicationsDiverse, Connected, Physical,

Virtual, Fluid

Embedded Systems

Clusters

Massive Cluster

Gigabit Ethernet

MEMSBioMonitoring

Scalable, Reliable,Secure Services

InformationAppliances

PresenterPresentation NotesWhat is common to all of these efforts is the notion of a Societal-Scale Information System. These are systems with architectures that must span a very wide range of needs, from thousands of sensors in a home, in a business, or on a freeway, to global-scale information utilities, moving pedabytes of data per second throughout the world. These new architectures must have common notions of security, reliability, privacy and robustness across this entire spectrum. They must connect diverse, unreliable, and dynamic sources and consumers of information, in a virtual, almost fluid way.

EE249Fall084

Embedded Systems

Computational but not first-and-foremost a computer

Integral with physical processes sensors, actuators

Reactive at the speed of the environment

Heterogeneous hardware/software, mixed

architectures Networked

shared, adaptive

Source: Edward A. Lee

EE249Fall085

Observations

We are on the middle of a revolution in the way electronics products are designed

System design is the key (also for IC design!)

Start with the highest possible level of abstraction (e.g. control algorithms)

Establish properties at the right level

Use formal models

Leverage multiple scientific disciplines

EE249Fall086

Course overview

Managing Complexity

Orthogonalizing Concerns

Behavior Vs. Architecture

Computation Vs. Communication

EE249Fall087

Behavior Vs. Architecture

SystemBehavior

SystemArchitecture

Mapping

Flow To Implementation

Refinement

1

3

4

2Models of

Computation

Comm. and comp. resources

Assign functionality to arch elements

HW/SW partitioning,Scheduling

Synthesis: HW and

SW

Quantity estimation

Polis (1990-1996)VCC (1996-2003)Metropolis (2003-present)

EE249Fall08

ETROPOLIS

8

Behavior Vs. Communication

Clear separation between functionality and interaction model

Maximize reuse in different environments, change only interaction model

EE249Fall089

Administration

Office hours: Alberto : Tu-Th 12:30pm-2pm or (better) by appointment (2-4882)

Teaching Assistant:

Kelvin Lwin, [email protected]

EE249Fall0810

Grading

Grading will be assigned on:

Homework (~30%)

Project (~50%)

Reading assignments (~10%)

Labs (10%)

Bi-weekly homework.

HW #n is due the same day HW #n+1 is handed out

EE249Fall0811

Schedule

Labs (Th. 4-6):

Presentation of tools followed by hands-on tutorial and assignments (to turn in after 2 weeks, we might have to skip some labs.)

Discussion Session (Tu. 5-6)

Each student (possibly in groups of 2 people) will have to make one or more oral presentations during the class

Last two weeks of class dedicated only to projects (usually due the 1st or 2nd week of Dec.)

Auditors are OK but please register as P-NP (resources are assigned according to students)

HW #1handout

HW #1due HW #3

handout

Lab #1

Lab #1due

1 week

Lab #2

Lab #2due

Lab #3 Lab #4HW #2

due

Schedule is tightDont fall behind!!!

EE249Fall0812

Links

Class website

http://inst.eecs.berkeley.edu/~ee249

http://inst.eecs.berkeley.edu/~ee249

EE249Fall0813

Outline of the course

Part 1: Introduction Design complexity, Example of embedded systems, traditional design flow, Platform-Based Design

Part 2: Functional modeling,

analysis and simulation

Introduction to models of computation. Finite State Machines and Co-Design Finite State Machines, Kahn Process Networks, Data Flow, Petri Nets, Hybrid Systems. Unified frameworks: the Tagged Signal Model, Agent Algebra

Part 3: Architecture and

performance abstraction

Definition of architecture, examples. Distributed architecture, coordination, communication. Real time operating systems, scheduling of computation and communication.

Part 4: Mapping Definition of mapping and synthesis. Software synthesis, quasi static scheduling. Behavioral synthesis. Communication Synthesis and communication-based design

Part 5: Verification Validation vs Simulation. Verification of hybrid system. Interface automata and assume guarantee reasoning.

Part 6: Applications Automotive: CAN,Flexray, Auotosar Architecture, GM car architecture, scheduling and timing analysis Building automation: BanNet, LonWorks, ZigBee with applications to monitoring and security

EE249Fall0814

Outline for the Introduction

Examples of Embedded Systems

Their Impact on Society

Design Challenges

Embedded Software and Control

EE249Fall0815

Electronics and the Car

More than 30% of the cost of a car is now in Electronics90% of all innovations will be based on electronic systems

EE249Fall0816

Automotive IndustryThree Levels of Players

Source: Public financials, Gartner 2005

2005 revenue $17.4B CAGR 10% (2004-2010)

IC Vendors~15% of revenue from automotive

2004 Revenue ~$200B CAGR 5.4% (2004-2010)

Tier 1 Suppliers90%+ of revenue from automotive

Automakers 2005 Revenue: $1.1T CAGR 2.8% (2004-2010)

PresenterPresentation NotesThe global auto industry is a $1T USD marketplace, led by companies like GM, Toyota and DaimlerChrysler

They produced 64M cars last year, but only have 2.8% CAGR through 2010. And the growth would be even lower if it werent for emerging markets like China and Eastern Europe

All the major automakers derive the majority of their revenue from car vehicle sales. Some get revenue by financing but the vast majority come from car sales

http://www.st.com/stonline/index.htmhttp://www.delphi.com/http://www.toyota.co.jp/en/index.htmlhttp://www.vw.com/index.htmlhttp://www.gm.com/http://www.ford.com/en/company/about/brands/ford.htm

EE249Fall08

ABS: Antilock Brake SystemACC: Adaptive Cruise ControlBCM: Body Control Module

DoD: Displacement On DemandECS: Electronics, Controls, and Software

EGR: Exhaust Gas Recirculation.GDI: Gas Direct Injection

OBD: Onboard DiagnosticsTCC: Torque Converter Clutch

PT: PowertrainForefront of Innovation

Vehicle Integration

System Connection

Subsystem Controls & Features

Valu

e fr

om E

lect

roni

cs &

Sof

twar

e

-More functions & features-Less hardware

-Faster Potential inflection point. Now!

1970s 1980s 2000s 2010s 2020s

Source: Matt Tsien, GM

1990s

BCM

ABS

TCC

EGR

Electric Fan

Electric Ignition

Fuel Cell

Wheel Motor

Hybrid PT

Electric Brake

DoD

GDI

ACC

Rear Vision

Passive Entry

Side Airbags

Head Airbags

OnStar

OBD II

HI Spd Data

Rear aud/vid

CDs

Challenge: Electronics, Controls and Software Shifting the Basis of Competition in Vehicles

$118

2 (+

196%

)

50 E

CU

s (+

150%

)

100M

Lin

es o

f Cod

e (+

9900

%)

$400

20 E

CU

s

1M L

ines

AVG. AVG.

Mechanical $55%

Software $13%

Other $8%

Electronics $24%

Software $2%Other $

9% Electronics $13%

Mechanical $76%

PresenterPresentation NotesPP comments: how was the ECS % established? (base or fully loaded or avg?) LDW, RW might ask how this compares to the numbers given by Toyota which talk about 50%+ on average across their fleet (Toyota inside article which was translated for LDW and RW)- what is the difference between / definition of system connection and vehicle integration? Japanese and European OEMs label the period of 201x as vehicle cooperation , I.e. v2v, v2i, etc. -----------------------------------------Sequence of presentations: Introduction to the technology trend. Features. The customers perspective of ECS growth. (One click) The potential inflection point and the forefront of innovation. (One click) The percentage cost perspective of ECS growth. Two average cars. One in 2000, the other in 2010. (One click) The electronics and software content perspective of ECS growth. Per average car.

EE249Fall0818

GM SAC Vehicular Electronics, Controls and Software Study

Software content in automobiles could increase by 100 X over the next 5-6 years. Challenges will include:

Software system architecture

Partitioning for modularity & system reliability

Reuse

Standardization of interfaces

EE249Fall0819

EE249Fall0820

EE249Fall0821

OTIS Elevators

1. EN: GeN2-Cx 2. ANSI:Gen2/GEM

3. JIS: GeN2-JIS

EE249Fall0822

Segments

Attribute Type 1 Type 2 Type 3

Stops/Rise < 20 stopsOpportunity: < 6 stops (20m)

< 64 stops < 128 stops

Group Size Simplex 1 8 cars 1 8 cars

Speed< 4m/s

EE249Fall0823

EE249Fall0824

Consumer segmentsCommon technology elements

Gaming

Auto electronics

Internet

e-commerce

Locality

Broadcasting

Systems within systems

PresenterPresentation NotesIf you look at the growing consumer markets, you can see a lot of common characteristics.Most of these applications combine audio, video, and voice along with wireless or wireline connectivity.

In order to deliver these capabilities, you see a growing trend towards multimedia processors, connectivity, mixed-signal, analog, and RF content in design. Essentially, companies are delivering what used to be disparate technologies in single devices making what you design a problem of developing systems within systems.

EE249Fall0825

Common Situation in Industry

Different hardware devices and architectures

Increased complexity

Non-standard tools and design processes

Redundant development efforts

Increased R&D and sustaining costs

Lack of standardization results in greater quality risks

Customer confusion

EE249Fall0826



The Future of Embedded Systems and Their Impact on Society

Design Challenges


EE249Fall08

27

Concurrency and Heterogeneity

IntelMontecito

Source: Bosch

InformationSystems

Tele

mat

ics

Fau

lt

Tole

ran

t

Body Electronics B

ody

Fun

ctio

ns

Fail

Safe

Fau

ltFu

nct

ion

al

Body Electronics

Dri

vin

g an

d V

ehic

leD

ynam

ic F

un

ctio

ns

Mobile Communications Navigation

FireWall

Access to WWWDAB

GateWay

GateWay

Theft warning

Door Module Light Module

AirConditioning

Shift by

Wire

EngineManage-

ment

ABS

Steer by

Wire

Brake by

Wire

MOSTFirewire

CANLin

CANTTCAN

FlexRay

Today, more than 80Microprocessors and

millions of lines of code

EE249Fall08

28

Ubiquitous Sensor Networks

Challenge: The Physical Internet

Year

Log

(peo

ple

per c

ompu

ter)

Number CrunchingData Storage

ProductivityInteractive

Mainframe

Minicomputer

Workstation

PC

Laptop

PDA

Cellular phone Streaming information to and from physical world

28

PresenterPresentation NotesSo if we look at the computing spectrum today, each of the classes exist simultaneously. In a room we can put 100s of teraflops and many petabytes of computing.

Our productivity, document preparation, and personal information management fits in our pocket and a new class is emerging that will provide a means of streaming information to and from the physical world like we have never seen before.

EE249Fall08

Exponentials Bound to Continue

5 Billion people to be connected by 2015 (Source: NSN)

The emergence of Web2.0

The always connected community network

7 trillion wireless devices serving 7 billion people in 2017(Source: WirelessWorldResearchForum (WWRF))

1000 wireless devices per person?

[Courtesy: Niko Kiukkonen, Nokia]

EE Times,January 07, 2008

EE249Fall08

Infrastructuralcore

Sensory swarm

Mobileaccess

The Emerging IT Scene

EE249Fall08

The Technology Gradient: Computation

Driven by Moores Law

Driven by More Than Moore andBeyond Moore

EE249Fall08

The Technology Gradient: Communication

Mostly wired

Almost uniquely wireless

EE249Fall08

Challenge: Power

33

EE249Fall08

Scaling enabled integration of complex systems with hundreds of millions of devices on a single die

Intel KEROM dual coreISSCC 07, 290M trans.

SUN Niagara-2ISSCC 07, 500M trans.

IBM/Sony Cell ISSCC 05, 235M trans.

Challenge: Parallel Architectures

34

EE249Fall0835

Smart DustLaser diodeIII-V process

Passive CCR comm.MEMS/polysilicon

Active beam steering laser comm.MEMS/optical quality polysilicon

SensorMEMS/bulk, surface, ...

Analog I/O, DSP, ControlCOTS CMOS

Solar cellCMOS or III-V

Thick film batterySol/gel V2O5

Power capacitorMulti-layer ceramic

1-2 mm

Source: K. Pister, Berkeley

PresenterPresentation NotesThe majority of the volume of the mote will consist of power supply elements. The rechargeable thick film battery will store 1 J/mm^3, with low output resistance for sub-milliAmp current. The multi-layer ceramic power capacitor (COTS) will store only 1 microJoule, but will provide high current when needed (e.g. for laser pulses). In full sun, solar cells provide roughly 1 J/day per square millimeter. Different versions of dust may have only battery, only solar cell, or some combination.The sensor will be research off the shelf. The only design changes will be to optimize performance at low power. Sensors options include temperature, pressure, humidity, vibration, sound (requires several cubic millimeters), and magnetic anomaly detection.Communication will be optical, line of sight. The corner cube is used to modulate light from an external interogating laser. We have demonstrated 150 meter communication using corner cubes. 1km range in full sun should be possible. Using the on-board laser and beam steering, active optical communication should be possible over distances of tens of kilometers at least.

EE249Fall0836

Wireless Sensor Networks

Berkeley Dust Mote1

1From Pister et al., Berkeley Smart Dust Project

The use of wireless networks of embedded computers could well dwarf previous milestones in the information revolution - National Research Council Report: Embedded, Everywhere, 2001.

Berkeley Mote1

EE249Fall0837

Creating a Whole New World of Applications

From Monitoring To Automation

PresenterPresentation NotesLight, temp, humidity, pressure, presense of birds, some sensors in burrows, some outside(SHOW DEVICE)First deployment 6 months ending Nov 2002, Second deployment June 2003

EE249Fall0838

Energy Management and ConservationCal ISO Daily Peak Loads

January 1, 2000 - December 31, 2000

20

25

30

35

40

45

50

GW

Peak Day August 16 -43.5 GW

Commercial AC

Residential AC

Advanced thermostats operate on required level of comfort, energy cost, weather forecast and distributed measurements to offload peak times Appliances are energy and cost aware

Demand response:Make energy pricesdependent upon time-of-use

EE249Fall0839

EE249Fall0840

Tire to Vehicle

Body computer

Stability ControlSystem

Smart antenna

Smart antenna

Energy Scavenging

Power Management

SensingDevice RF Link Computing

Rx/Tx Antenna

SW&

EE249Fall0841

Industrial Plants

Monitoring:Vibrations, Temperature, Humidity, Position, Logistics

Control and Actuation:Robot movements, Temperature, Storage

Current solution:Wired Infrastructure

Future solution:WIRELESS

Wireless advantages:Reduce cablingEnhance flexibilityEasy to deploy Higher safety Decreased maintenance costs

Alvise Bonivento

EE249Fall0842

Temperature Tracking

No or little real-time data on assets, environment, or activity

Inventory/supply management

Pharmaceutical

Foods

Automated meter reading?

Source: Xbow

EE249Fall0843

Weyerhaeuser 20 Million Seed Management Task:

Manage 20 million fast growing seeds annually

Issue: Seed dormancy depends on a complex

combination of water, light, temperature, gasses, mechanical restrictions, seed coats, and hormone structures

Southeastern US growing regions

Source: Xbow

EE249Fall0844

Tree Growth Rate Variability

Old Method

Trust nature

Monitor local atmospheric conditions

Sensor Network Way:

Monitor soil temperature and moisture at various locations

Adjust irrigation schedule accordingly

EE249Fall0845

Preventative Maintenance Program on Oil Tankers The task:

Engine monitoring is critical for both keeping the ship operational and complying with insurance policy.

Old Methods Manually record

vibration profile with data loggers.

Post process data for engine health and diagnostics.

Source: Xbow

EE249Fall0846

Personal Themes

Data driven, remote feedback control

Government or industry mandates

Personal computing themes

Ubiquitous computing

Safety

Convenience

Health and performance

Entertainment

Source: Xbow

EE249Fall0847

Silicon-Processed Micro-needles

Lin and Pisano, IEEE/ASME J. of MEMS, Vol. 8, pp 78-84, 1999

Neural probe with fluidchannel for bio-medical appl.

Two micro-needles penetratingporterhouse (New-York) steak

EE249Fall0848

Applications

Disaster Mitigation (natural and otherwise) Monitor buildings, bridges, lifeline systems to assess damage after

disaster

Provide efficient, personalized responses

Must function at maximum performance under very difficult circumstances

EE249Fall0849

What is Disaster Response?

Sensors installed near critical structural points

Sensor measure motion, distinguish normal deterioration and serious damage

Sensors report location, kinematics of damage during and after an extreme event Guide emergency personnel

Assess structural safety without deconstructing building

EE249Fall0850

Discussion

What are the most challenging aspects of these applications (and how does a company make money) ?

Interaction mechanisms: sensors, actuators, wireless networks

Reliability and survivability

Infrastructure

Services

Legislation

EE249Fall0851

PresenterPresentation NotesOur critical infrastructures are illustrated here. As you can see, these infrastructures play a crucial role in our society and daily lives. As such, the destruction or degradation of one or more of these infrastructures could cause serious harm to our economic and national security. The President has recognized this potential threat and has ordered that steps be taken to protect our infrastructures from an attack.

In the past, threats to our nations infrastructures were mainly physical in nature. We used to be concerned primarily about threats from terrorist groups and hostile nations. Now, criminal groups, terrorists, and hostile nations can interrupt critical infrastructures through cyber attacks on crucial automation systems.

As our society becomes more global and utilizes technology to increase the efficiency of our enterprises, our nations critical infrastructures are becoming increasingly interdependent within an enterprise, across several enterprises, even across industries. For example, the financial services industry depends on the availability and reliability of the telecommunications infrastructure, which in turn relies on electric power.

Hence, future attacks against one infrastructure could have cascading effects in the operations of others. within one enterprise, across several enterprises, or industries, and potentially all over the world.

EE249Fall0852

Secure Network Embedded SystEms (SENSE)

Networked embedded systems and distributed control creates a new generation of future applications: new infrastructures

We need to think about how to prevent the introduction of vulnerabilities via this exciting technology

Security, Networking, Embedded Systems

EE249Fall0853




Design Challenges


EE249Fall0854

Opportunity: Electronic Systems Design Chain

Interfaces

Fabrics

Manufacturing

Implementation

System Design

IP

Design Science

EE249Fall0855

Disaggregation:Complex Design Chain Management

Supply Chain Movement of tangible goods from

sources to end market Supply Chain Management is $3.8B

market projected to be $20B in 2005

Design Chain Movement of technology

(IP and knowledge) from sources to end market

Design Chain Management is an untapped market

SemiconductorCompanies

SystemCompanies

Foundries System Test Equipment

Contract Manufacturing

Design Services

Embedded Software

Software Development Tools

EDA

Processor & Hardware IP

Process & Yield Services

Fabrication Equipment

IC Packaging & Test

Mechanical CAD

SubsystemCompanies

EE249Fall0856

Supply Chain: Design Roles-> Methodology->Tools

Methodology

Design Roles

Tools

EE249Fall0857

Product Specification & Architecture Definition(e.g., determination of Protocols and Communication standards)System Partitioning and Subsystem SpecificationCritical Software DevelopmentSystem Integration

Automotive Supply Chain:Car Manufacturers

EE249Fall0858

1 Transmission ECU2 Actuation group3 Engine ECU4 DBW5 Active shift display6/7 Up/Down buttons 8 City mode button9 Up/Down lever10 Accelerator pedal

position sensor11 Brake switch

Subsystem Partitioning Subsystem IntegrationSoftware Design: Control Algorithms, Data ProcessingPhysical Implementation and Production

Automotive Supply Chain:Tier 1 Subsystem Providers

EE249Fall0859

HW layer

SW Platform layer(> 60% of total SW)

Application Platform layer( 10% of total SW)

Controllers Library

OSEKRTOS

OSEKCOMI/O drivers & handlers

(> 20 configurable modules)

Application Programming Interface

Boot LoaderSys. Config.

TransportKWP 2000

CCP

ApplicationSpecificSoftware

Speedometer

Tachometer

Water tem

p.

Speedometer

Tachometer

Odom

eter---------------

ApplicationLibraries

Nec78k HC12HC08 H8S26 MB90

CustomerLibraries

Automotive Supply Chain:Subsystem Providers

Platform Integration: firmware and glue softwareSoftware Design: Application

EE249Fall0860

HW layer

SW Platform layer(> 60% of total SW)

Application Platform layer( 10% of total SW)

Controllers Library

OSEKRTOS

OSEKCOMI/O drivers & handlers

(> 20 configurable modules)

Application Programming Interface

Boot LoaderSys. Config.

TransportKWP 2000

CCP

ApplicationSpecificSoftware

Speedometer

Tachometer

Water tem

p.

Speedometer

Tachometer

Odom

eter---------------

ApplicationLibraries

Nec78k HC12HC08 H8S26 MB90

CustomerLibraries

Automotive Supply Chain:Platform & IP Providers

Software platform: RTOS and communication layerHardware platform: Hardware and IO drivers

EE249Fall0861




Design Challenges


EE249Fall0862

How Safe is Our Real-Time Software?

EE249Fall0863

Computing for Embedded Systems

Imag

e b

orro

wed

fro

m a

n Io

meg

a ad

vert

isem

ent

for

Y2K

soft

ware

and

dis

k dr

ives

, Sci

enti

fic

Amer

ican

, Sep

tem

ber

1999

.

EE249Fall0864

Mars, December 3, 1999Crashed due to un-initialized variable

EE249Fall0865

$4 billion development effort40-50% system integration & validation cost

EE249Fall0866

Complexity, Quality, & Time To Market today

* C++ CODE FABIO ROMEO, Magneti-MarelliDAC, Las Vegas, June 20th, 2001

Memory

Lines Of Code

Changing Rate

Dev. Effort

Validation Time

Time To Market

INSTRUMENTCLUSTER

Productivity

Residual DefectRate @ End Of Dev

256 Kb

50.000

3 Years

40 Man-yr

5 Months

24 Months

PWT UNIT

6 Lines/Day

3000 Ppm

128 Kb

30.000

2 Years

12 Man-yr

1 Month

18 Months

BODY GATEWAY

10 Lines/Day

2500 ppm

184 Kb

45.000

1 Year

30 Man-yr

2 Months

12 Months

6 Lines/Day

2000ppm

8 Mb

300.000

< 1 Year

200 Man-yr

2 Months

< 12 Months

TELEMATICUNIT

10 Lines/Day*

1000 ppm

EE249Fall0867

Software Bugs Cost $59.5 Billion a Year

Software bugs cost $59.5 billion a year, study says

INFOWORLD, JUNE 28, 2002 BY PAUL KRILL

Software bugs cost the U.S. economy an estimated $59.5 billion per year, or 0.6 percent of the gross domestic product,

according to a newly released study by the U.S. Department of Commerce National

Institute of Standards and Technology (NIST). In a statement released on Friday, NIST said

more than half the costs are borne by software users and the remainder by

software developers and vendors.

Additionally, the study found that although errors cannot be removed, more than a third of the costs, or an estimated $22.2 billion,

could be eliminated by improved testing that enables earlier and more effective

identification and removal of defects. Currently, more than half of errors are not

found until downstream in the development process or during post-sale use of software,

according to NIST.

EE249Fall0868

Embedded Software Architecture Today

EE249Fall0869

We Live in an Imperfect World!

PresenterPresentation NotesAdd one more circle with a car related headline

EE249Fall0870

How is Embedded Software Different from Ordinary Software?

It has to work

One or more (very) limited resources

Registers

RAM

Bandwidth

Time

Source: Alex Aiken

EE249Fall0871

Devils Advocate

So whats different?

All software works with limited resources

We have compiler technology to deal with it

Various forms of program analysis

Source: Alex Aiken

EE249Fall0872

Example: Registers

All machines have only a few registers

Compiler uses the registers as best as it can

Spills the remaining values to main memory

Manages transfers to and from registers

The programmer feels she has 1 registers

Source: Alex Aiken

EE249Fall0873

The Standard Trick

This idea generalizes

For scarce resource X Manage X as best as we can

If we need more, fall back to secondary strategy

Give the programmer a nice abstractionSource: Alex Aiken

EE249Fall0874

The Standard Trick

This idea generalizes

For scarce resource X Manage X as best we can

Any correct heuristic is OK, no matter how complex

If we need more, fall back to secondary strategy

Focus on average case behavior

Give the programmer a nice abstractionSource: Alex Aiken

EE249Fall0875

Examples of the Standard Trick

Compilers

Register allocation

Dynamic memory management

OS

Virtual memory

Caches

Summary: abstract and hide complexity of resources

Source: Alex Aiken

EE249Fall0876

Whats Wrong with This?

Embedded systems have limited resources

Meaning hard limits Cannot use more time

Cannot use more registers

The compiler must either Produce code within these limits

Report failure

The standard trick is anathema to embedded systems Cant hide resources

Source: Alex Aiken

EE249Fall0877

Revisiting the Assumptions

Any correct heuristic is OK, no matter how complex

Embedded programmer must understand reasons for failure

Feedback must be relatively straightforward

Focus on average case behavior

Embedded compiler must reason about the worst case

Cannot improve average case at expense of worst case

Give the programmer a nice abstraction

Still need abstractions, but likely different ones

Source: Alex Aiken

EE249Fall08Source Ed Lee

Another Traditional Systems Science -Computation, Languages, and Semantics

States = Bits*

results + state out

sequence f : States States

Everything computable can be given by a terminating sequential program.

Functions on bit patterns Time is irrelevant Non-terminating programs are defectiveAlan Turing

EE249Fall0879

Processes and Process Calculi

incoming message

outgoing message

Infinite sequences of state transformations are called processes or threads

In prevailing software practice, processes are sequences of external interactions (total orders).

And messaging protocols are combined in ad hoc ways.

Various messaging protocols lead to various formalisms.

Source Ed Lee

EE249Fall0880

stalled for rendezvous

stalled by precedence

timing dependence

Interacting Processes Concurrency as Afterthought

Software realizing these interactions is written at a very low level (e.g., semaphores). Very hard to get it right.

Source Ed Lee

EE249Fall0881

Interacting Processes Not Compositional

An aggregation of processes is not a process (a total order of external interactions). What is it?

Many software failures are due to this ill-defined composition.

Source Ed Lee

EE249Fall0882

Compositionality

Non-compositional formalisms lead to very awkward architectures.

EE249Fall0883

What About Real Time?

Make it faster!

EE249Fall08

First Challenge on the Cyber Side:Real-Time and Power-aware Software

Correct execution of a program in C, C#, Java, Haskell, etc. has nothing to do with how long it takes to do anything. All our computation and networking abstractions are built on this premise.

Timing of programs is not repeatable, except at very coarse granularity.

Programmers have to step outside the programming abstractions to specify timing and power behavior.

EE249Fall08

Second Challenge on the Cyber Side:Concurrency

Threads dominate concurrent software. Threads: Sequential computation with shared memory. Interrupts: Threads started by the hardware.

Incomprehensible interactions between threads are the sources of many problems:

Deadlock Priority inversion Scheduling anomalies Nondeterminism Buffer overruns System crashes

EE249Fall08

86

Common Features

Transport Layer

Network Layer

MAC Layer

Link Layer

Dis

cret

e E

vent

Physical Layer

Application

Pre-Post

Process Networks

x Low pass

Manager Tables andParameters

User CSP

ContinuousTimem

+

c

s

Systems are assembled out of heterogeneous components

Systems are distributed

Interactions difficult to define

PresenterPresentation NotesThe motivations for this work are very simple. Embedded systems are designs, like this node in a sensor network, whose parts are often expressed efficiently only in very different formalism. Now, it is essential to understand how these formalism, which we call models of computation, interact with each other. To do so we build certain relationships between the models, relationships that can be classified as abstractions and refinements.In this talk I will present conservative approximations and compare them with other

EE249Fall08

87

The Intellectual Agenda

To create a modern computational systems science and systems design practice with

Concurrency

Composability

Time

Hierarchy

Heterogeneity

Resource constraints

Verifiability

Understandability

Lee, Berkeley 88

Chess: Center for Hybrid and Embedded Software Systems

Principal InvestigatorsThomas Henzinger (EPFL)Edward A. Lee (Berkeley)Alberto Sangiovanni-Vincentelli (Berkeley)Shankar Sastry (Berkeley)Janos Sztipanovits (Vanderbilt)Claire Tomlin (Berkeley)

Executive DirectorChristopher Brooks

Associated FacultyDavid Auslander (Berkeley, ME)Ahmad Bahai (Berkeley)Ruzena Bajcsy (Berkeley)Gautam Biswas (Vanderbilt)Ras Bodik (Berkeley, CS)Bella Bollobas (Memphis)Karl Hedrick (Berkeley, ME)Gabor Karsai (Vanderbilt)Kurt Keutzer (Berkeley)George Necula (Berkeley, CS)Koushik Sen (Berkeley, CS)Sanjit Seshia (Berkeley)Jonathan Sprinkle (Arizona)Masayoshi Tomizuka (Berkeley, ME)Pravin Varaiya (Berkeley)

This center, founded in 2002, blends systems theorists and application domain experts with software technologists and computer scientists.

Some Research ProjectsPrecision-timed (PRET) machinesDistributed real-time computingSystems of systemsTheoretical foundations of CPSHybrid systemsDesign technologiesVerificationIntelligent controlModeling and simulation

ApplicationsBuilding systemsAutomotiveSynthetic biologyMedical systemsInstrumentationFactory automationAvionics

the Berkeley directors of Chess

EE249Fall08

Uptime: 125 years

Why cant we make Software Reliable?

Source: T. Henzinger

EE249Fall08

Engineering

Theories of estimation. Theories of robustness.

Computer Science

Theories of correctness.

Why cant we make Software reliable?

R BSource: T. Henzinger

EE249Fall08

Engineering

Theories of estimation. Theories of robustness.

Goal: build reliable systems.

Computer Science

Theories of correctness.

Temptation: programs are mathematical objects; hence we want to prove them correct.

Why cant we make Software reliable?


EE249Fall08

B

Engineering Computer Science

The CHESS Premise: The pendulum has swung too far

RSource: T. Henzinger

EE249Fall08

B

Engineering Computer Science

Embedded Systems are a perfect playground to readjust the pendulum.

RPhysicality Computation

The CHESS Premise: The pendulum has swung too far


EE249Fall08

EmbeddedSystems

Execution constraintsCPU speed power failure rates

Reaction constraintsdeadlines throughput jitter

Computation algorithms protocols reuse


EE249Fall08

EmbeddedSystems




Embedded System Design is generalized hardware design (e.g. System C).


EE249Fall08

EmbeddedSystems




Embedded System Design is generalized control design (e.g. Matlab Simulink).

EE249Fall08

EmbeddedSystems




Embedded System Design is generalized software design (e.g. RT Java).


EE249Fall08

EmbeddedSystems

Execution constraintsCPU speed

power

failure rates

Reaction constraintsDeadlines

throughput

jitter

Computation Algorithms

protocols

reuse


EE249Fall08

We need a new formal foundation for embedded systems, which systematically

and even-handedly re-marries

computation and physicality.

The CHESS Challenge


EE249Fall08

Integration of the Two Cultures

EngineeringComponent model: transfer function Composition: parallel Connection: data flow

Computer ScienceComponent model: subroutine Composition: sequential Connection: control flow

[Hybrid Systems; Ptolemy; Metropolis; Metamodels]

EE249Fall08

Equational ModelsStrengths:

Concurrency Quantitative constraints (time, power, QoS)

Tool support:

Best-effort design Optimization

Abstract-Machine Models

Dynamic change Complexity theory

Worst-case analysis Constraint satisfaction

Integration of the Two Cultures

Engineers must understand both complexities and trade-offs .


EE249Fall08

102

The Embedded Software SCIENCE Dilemma

Raffaello Sanzio, The Athens School

EE249Fall08103

Software Architecture Today

Poor common infrastructure. Weak specialization of functions. Poor resource management. Poor planning.

EE249Fall08104

Software Architecture Tomorrow?

EE249 Embedded System Design: Models, Validation and SynthesisAlberto Sangiovanni VincentelliSlide Number 2eMerging Societal-Scale SystemsEmbedded SystemsObservationsCourse overviewBehavior Vs. ArchitectureBehavior Vs. CommunicationAdministrationGradingScheduleLinksOutline of the courseOutline for the IntroductionElectronics and the CarAutomotive IndustryThree Levels of PlayersChallenge: Electronics, Controls and Software Shifting the Basis of Competition in VehiclesGM SAC Vehicular Electronics, Controls and Software StudySlide Number 19Slide Number 20Slide Number 21Slide Number 22Slide Number 23Consumer segmentsCommon technology elementsCommon Situation in IndustryOutline for the IntroductionConcurrency and HeterogeneityChallenge: The Physical InternetExponentials Bound to ContinueSlide Number 30Slide Number 31Slide Number 32Challenge: PowerSlide Number 34Smart DustWireless Sensor NetworksCreating a Whole New World of ApplicationsEnergy Management and ConservationSlide Number 39Tire to Vehicle Industrial PlantsTemperature TrackingWeyerhaeuser 20 Million Seed ManagementTree Growth Rate Variability Preventative Maintenance Program on Oil TankersPersonal ThemesSilicon-Processed Micro-needlesApplicationsWhat is Disaster Response?DiscussionSlide Number 51Secure Network Embedded SystEms (SENSE)Outline for the IntroductionOpportunity: Electronic Systems Design ChainDisaggregation:Complex Design Chain ManagementSupply Chain: Design Roles-> Methodology->ToolsAutomotive Supply Chain:Car ManufacturersAutomotive Supply Chain:Tier 1 Subsystem ProvidersAutomotive Supply Chain:Subsystem ProvidersAutomotive Supply Chain:Platform & IP ProvidersOutline for the IntroductionHow Safe is Our Real-Time Software?Computing for Embedded SystemsSlide Number 64Slide Number 65Complexity, Quality, & Time To Market today Software Bugs Cost $59.5 Billion a YearEmbedded Software Architecture TodayWe Live in an Imperfect World!How is Embedded Software Different from Ordinary Software?Devils AdvocateExample: RegistersThe Standard TrickThe Standard TrickExamples of the Standard TrickWhats Wrong with This?Revisiting the AssumptionsAnother Traditional Systems Science - Computation, Languages, and SemanticsProcesses and Process CalculiInteracting Processes Concurrency as AfterthoughtInteracting Processes Not CompositionalCompositionalityWhat About Real Time?First Challenge on the Cyber Side:Real-Time and Power-aware SoftwareSecond Challenge on the Cyber Side:ConcurrencyCommon FeaturesThe Intellectual AgendaChess: Center for Hybrid and Embedded Software SystemsSlide Number 89Slide Number 90Slide Number 91Slide Number 92Slide Number 93Slide Number 94Slide Number 95Slide Number 96Slide Number 97Slide Number 98The CHESS ChallengeSlide Number 100Slide Number 101The Embedded Software SCIENCE DilemmaSoftware Architecture TodaySoftware Architecture Tomorrow?

EE249 Embedded System Design: Models, Validation and...

Documents

Transcript of EE249 Embedded System Design: Models, Validation and...