Automotive Design Automation Chung-Wei Lin cwlin@csie.ntu.edu.tw - - PowerPoint PPT Presentation

automotive design automation
SMART_READER_LITE
LIVE PREVIEW

Automotive Design Automation Chung-Wei Lin cwlin@csie.ntu.edu.tw - - PowerPoint PPT Presentation

Sep 27, 2022 292 likes •620 views

From Electronic Design Automation to Automotive Design Automation Chung-Wei Lin cwlin@csie.ntu.edu.tw Assistant Professor CSIE Department National Taiwan University April 2019 Connected and Autonomous Vehicles A good application may need

slide-1
SLIDE 1

From Electronic Design Automation to Automotive Design Automation

Chung-Wei Lin

cwlin@csie.ntu.edu.tw Assistant Professor CSIE Department National Taiwan University April 2019

slide-2
SLIDE 2

Video (20170822-2)

Connected and Autonomous Vehicles

❑ A good application may need both of "connectivity" and "autonomy"

➢ What if the intersection management does not have connectivity? ➢ What if the intersection management does not have autonomy?

2 Intersection Management

slide-3
SLIDE 3

Connected Applications

❑ Connectivity realizes more applications, together with

➢ ADAS ➢ Autonomous functions

3

!

Intersection Management Emergency Vehicle Warning Side Road Merging Sharp Curve Assistant Spoofing Jamming Cooperative Adaptive Cruise Control

slide-4
SLIDE 4

Software Design Complexity

❑ Various applications including Advanced Driver Assistance Systems (ADAS) and autonomous functions ❑ Various software programs for sensing, signal processing, control, decision making, etc.

➢ Embedded software value to vehicle's total value

  • 2% → 13% from 2000 to 2010

➢ Number of lines of code

  • 1 → 10+ → 100 million from 2000 → 2010 → now

❑ Due to the safety-critical nature, correctness and quality of software are extremely important

4

http://www.toyota.com/safety-sense/ Pre-Collision System (PCS) Lane Departure Alert (LDA) Automatic High Beams (AHB) Pre-Collision System with Pedestrian Detection Function (PCS w/PD) Dynamic Radar Cruise Control (DRCC)

slide-5
SLIDE 5

Hardware Design Complexity

❑ Number of Electronic Control Units (ECUs)

➢ 20 → 50+ in the past decade

❑ Integrated architecture

➢ One function can be distributed over multiple ECUs, and multiple functions can be supported by one ECU

  • More sharing and contention among software functions
  • Traditional federated architecture: each function is deployed to one ECU and

provided as a black-box by its supplier

❑ New computational components

➢ Field Programmable Gate Array (FPGA) ➢ Graphical Processing Unit (GPU)

❑ Next-generation communication protocols

➢ Ethernet-based protocols

5

https://en.wikipedia.org/wiki/Ethernet

slide-6
SLIDE 6

"Design Automation"

❑ Consider different design metrics

➢ Safety, reliability, robustness, performance, etc.

❑ Assist system designers for early design decisions

6

https://en.wikipedia.org/wiki/V-Model_(software_development)

System Verification and Validation Integration, Test, and Verification Operation and Maintenance Requirements and Architecture Detailed Design Concept of Operations Verification & Validation Project Test and Integration Project Definition Implementation Use Case Requirements Specification

slide-7
SLIDE 7

EDA vs. Automotive Design Automation

7

Modeling Design Analysis

A current path from A to VCC3A A VCC3A H B GND G C E F D VCC A current path from VCC to B intensity induced by aperture q intensity induced by aperture p (xp,yp) (xq,yq) (x,y)

Electronic Design Automation (EDA)

Pi periodic activation INT Pj input

  • utput

periodic activation

Automotive Design

functional model τ3 σ1 μ1 μ2 τ2 τ1 τ6 τ5 τ4 τ8 τ7 σ2 σ3 σ4 σ5 σ6 ε2 ε1 μ4 μ5 ε3 architecture platform μ3 μ6 schedule μ3 μ6 μ5 μ1 μ4 μ2 μ3 μ6 μ5 μ1 μ4 μ2 cycle cycle μ5 μ5

slide-8
SLIDE 8

EDA: Wire Routing and Wire Sizing

8

slide-9
SLIDE 9

Similar Problem in Automotive Design

❑ The wiring weight of a system can be up to 30kg

➢ The third heaviest and costliest component in an automotive system (after the chassis and the engine) ➢ Netlist

  • A set of "parts" to be

connected

➢ Splice

  • Used for connecting

more than two wires

  • Steiner vertex!

➢ Where to put splices?

  • Steiner tree problem

9

slide-10
SLIDE 10

❑ FPGA routing ❑ Bio-chip routing

EDA: FPGA and Bio-Chip Routing

10

  • Chang et al., "FPGA global routing based on a new congestion metric," ICCAD 1995.
  • Lin and Chang, "Cross-contamination aware design methodology for pin-constrained digital microfluidic biochips," DAC 2010.
slide-11
SLIDE 11

Video (20170822-2) Video (20170822-2) Video (20170822-1)

Similar Problem in Automotive Design

11 No Traffic Light + No Communication Traffic Light 5s Traffic Light 10s No Traffic Light + Communication Extension to Multiple Lanes

slide-12
SLIDE 12

Outline

12

#1 Placement #2 Verification #3 Software Integrity #4 Security-Aware Design and Analysis

slide-13
SLIDE 13

One Example Formulation

❑ Software (functional model): task graph ❑ Hardware (architectural platform): distributed Electronic Control Units (ECUs) connected by a network

13

Functional Model Architectural Platform Network σ1 τ1 τ4 τ7 τ9 σ4 σ6 τ2 τ5 τ8 σ2 σ5 τ3 τ6 σ3 ε1 μ1 μ3 μ4 μ5 ε2 ε3 μ2 ECU Task Signal Mapping Message

slide-14
SLIDE 14

One Example Solution

❑ Decide task allocation and assign priorities to tasks on ECUs and messages on the network ❑ Satisfy timing constraints for tasks, signals, and paths

14

Functional Model Architectural Platform Network σ1 τ1 τ4 τ7 τ9 σ4 σ6 τ2 τ5 τ8 σ2 σ5 τ3 τ6 σ3 ε1 μ1 μ3 μ4 μ5 ε2 ε3 μ2 ECU Task Signal Mapping Message

slide-15
SLIDE 15

Edge Computing (1/2)

15

From Automotive Edge Computing Consortium

Cloud Data Data Data V2C2V

Intelligent Driving

High Definition Map

too much traffic too much data processing

slide-16
SLIDE 16

Edge Computing (2/2)

16

From Automotive Edge Computing Consortium

Cloud

Data Data Data Local Data Local Data Local Data Local Data V2C2V Intelligent Driving High Definition Map V2C2V Intelligent Driving High Definition Map

Edges

slide-17
SLIDE 17

Outline

17

#1 Placement #2 Verification #3 Software Integrity #4 Security-Aware Design and Analysis

slide-18
SLIDE 18

❑ The traditional system development process is the V-model

➢ An OEM defines the specifications of components ➢ Suppliers implement those components

❑ Formal verification can be applied to design models and implementations

➢ However, its scalability limits its applicability to systems of high complexity

❑ Runtime monitoring becomes a practical alternative

➢ Detect and notify when there is any specification or requirement violation during runtime

Requirements System Design Component Design Implementation Unit Testing Integration Testing System Testing

Motivations

18

slide-19
SLIDE 19

Case Study

❑ Integration of two systems

➢ Cooperative Pile-up Mitigation System (CPMS) ➢ False-start Prevention System (FPS)

❑ Property specification language and automation tool

➢ Signal Temporal Logic (STL)

  • Extend Linear Temporal Logic (LTL) to specify properties over real time

➢ Breach [Donze '10]

  • Given a STL formula, synthesize an
  • nline monitor as a C++ program
  • r a MATLAB S-function which can

be realized as a Simulink block

❑ An assumption violation of CPMS is detected!

19

A B C D A C D A B C D

With CPMS Without CPMS

slide-20
SLIDE 20

Outline

20

#1 Placement #2 Verification #3 Software Integrity #4 Security-Aware Design and Analysis

slide-21
SLIDE 21

ISO 26262

❑ ISO 26262 is recognized as the state-of-the-art standard for functional safety of automotive systems ❑ Examples

➢ Some software structures are NOT recommended for highest Safety Integrity Level (SIL)

  • Dynamic objects and variables
  • Multiple uses of variable names
  • Implicit type conversions
  • Unconditional jumps
  • Recursions

21

Management Development

System Level Hardware Level Software Level

Production & Operation Concept Phase Supporting Processes

slide-22
SLIDE 22

Motivations

❑ A potential conflict between certification issuers (e.g., OEM) and software suppliers (developers)

➢ A certification process represents a systematic way to inspect the source codes ➢ Some source codes of software suppliers (developers) are confidential

❑ Desired properties

➢ Authenticity

  • Only authenticated results from compilers and analysis tools (verification,

simulation, and/or testing) are considered by the certification issuers

➢ Confidentiality

  • Sensitive source codes of the software suppliers and developers are not

released to certification issuers

22

slide-23
SLIDE 23

Certification Protocol

❑ Trusted third-party

➢ Run a certification program which consists of a compiler and an analyzer ➢ Maintain a router which controls the input and the output

❑ Certification program

➢ All of the compiler, the analyzer, and the private key are updated by the OEM ➢ The updating process must be unidirectional to guarantee confidentiality

❑ Router

➢ Only the corresponding developer can be the receiver

23

Trusted 3rd-Party Certification Program (Installed or Updated by OEM) Compiler Executable Analyzer Log for Developer Log for OEM Signing Signature Router Public and Private Key Developer Censoring Public Key Supplier Signature Checking Public Key OEM Public and Private Key Signature Checking Source Codes Physically Located at the Trusted 3rd-Party's Site

slide-24
SLIDE 24

Outline

24

#1 Placement #2 Verification #3 Software Integrity #4 Security-Aware Design and Analysis

slide-25
SLIDE 25

"Design Automation"

❑ Consider different design metrics

➢ Safety, robustness, performance, security, etc.

❑ Assist system designers for early design decisions

➢ More efficient process

25

https://en.wikipedia.org/wiki/V-Model_(software_development)

System Verification and Validation Integration, Test, and Verification Operation and Maintenance Requirements and Architecture Detailed Design Concept of Operations Verification & Validation Project Test and Integration Project Definition Implementation Use Case (Connected Services) Requirements Specification (Architecture Design) Security Threat (Misuse Case) Security Requirement Security Protection With Attackers

slide-26
SLIDE 26

Security-Aware Design and Analysis

❑ Security is a rising concern, especially with connectivity ❑ One hypothetical (but very likely) scenario

➢ Design stage

  • Use the RSA algorithm (strong and famous) for encryption, decryption, and

authentication!

➢ Implementation stage

  • Computing units on vehicles cannot afford it… (security mechanisms are

usually computation-intensive)

➢ Result: redesign systems (how can we prevent this?)

26

CBS News, Aug 19, 2014 Live Free or Die Hard (Movie), 2007

slide-27
SLIDE 27

Cooperative Adaptive Cruise Control (CACC)

❑ Two CACC modes

➢ Gap control mode

  • The following vehicle (F) decides

acceleration based on the gap, speeds, and accelerations of the two vehicles

➢ Collision avoidance mode

  • The following vehicle (F) decelerates with its maximum deceleration

❑ Information sources

➢ Gap and speeds are obtained by sensors ➢ Accelerations are broadcasted with V2X messages

27 P F Gap Collision Avoidance Mode Gap Control Mode Gap is larger than gsafe Gap is smaller than gsafe gsafe: gap threshold

slide-28
SLIDE 28

Video (20161021)

CACC with Jamming or Lying

28

slide-29
SLIDE 29

Intersection Management

(With Jamming or Lying) ❑ An intersection manager receives requests from vehicles, schedule them, and sends confirmations to them

29

Video (20170203-1) Video (20170203-3) Video (20170203-2) Video (20170203-4)

slide-30
SLIDE 30

Intersection Management

(Payment-Based Solution against Lying) ❑ The payment-based approach supports prioritized intersection management where truthfulness is guaranteed ❑ An intersection becomes "more expensive" when there are more cars requesting the intersection

30

Video (20170825)

slide-31
SLIDE 31

Summary

31

#1 Placement #2 Verification #3 Software Integrity #4 Security-Aware Design and Analysis

slide-32
SLIDE 32

Q&A

Thank You!

32