Professional Documents
Culture Documents
SoCs in Automotive
ASV (Advanced Safety Vehicle)
Safe
Smartness
Comfort
Smart
Dashboard
(Nav, Audio)
Blackbox
Airbag
Seat Control
Engine Control
Steering
Transmission
Control
TPMS
(Tire Pressure
Monitoring System)
Smart door
Window
Reduce Injuries
PAS1)
Driving-Central
Standardized Software
Simple SW
Complex SW
High-Performance APs
2000
1) PAS:Parking Assist System
2) LDWS: Lane Departure Warning System
3) LKAS : Lane Keeping Assist System
2010
2020
4) V2V: Vehicle-to-Vehicle
5) V2I: Vehicle to Infrastructure
6) ITS: Intelligent Transportation System
Smart Driving
IVI
Voice Recognition
(In-Vehicle Infotainment)
Route/Parking
Guidance
Vehicle AP
Safe Driving
Gesture Recognition
V2V/ITS
Lane Detection
Pedestrian Detection
Multi-Radar/ACC
Night Vision
Brake-by-Wire =
Control by SW-SoC
Fault Tolerant
Automotive SW-SoC
Automotive App.
on Linux
Vehicle AP
Malfunction of Linux-AP
ADAS(Advanced Driver Assistance)+Steering
requests High-Quality Fault-Tolerant SW-CPU
Drive
monitoring
Brake-by-Wire
Noise
Cosmic ray
Error Modeling
Voltage/Current
fluctuation
ECU
MCU/CPU/AP
Temperature
variation
SET
(Single Event Transient)
SEU
(Single Event Upset)
66
Automotive
Linux
Systematic
Faults
Avoidance of
Faults in the process
HW random
faults
Avoidance of
Bugs in SW
Requirements tracking,
conf. mgmt.
Analysis
Safety
Mechanisms
HW random
faults
Systematic
Faults
Safety
Mechanisms
Analysis
HW diagnostic
Mechanisms
(e.g ECC, DCLS, etc.)
Qualitative
Analysis
Dependent failures
(CCF) analysis
Quantitative
Analysis
SW diagnostic
mechanisms
(e.g. SW tests)
Measures for
CCF avoidance
HW metrics analysis
(SPFM, LFM, PMHF)
DCLS=Dual-Core Lockstep
Automotive Linux Summit Fall 2013
HW metrics verification
(fault injection)
10
ASIL Definition
Severity
Class
Desc.
S0
No
injuries
S1
Controllability
Class
C0
C1
C2
C3
Desc.
Controllable
in general
Simply
Controllable
Normally
Controllable
Difficult to
control or
uncontrollable
S2
Light and
moderate
injuries
S3
Severe and
lifeLifethreatening threatening
(probably
(survival?)
survive)
S1
S2
S3
E1
E2
E3
E4
E1
E2
E3
E4
E1
E2
E3
E4
C1
QM
QM
QM
QM
QM
QM
QM
A
QM
QM
A
B
C2
QM
QM
QM
A
QM
QM
A
B
QM
A
B
C
C3
QM
QM
A
B
QM
A
B
C
A
B
C
D
Exposure
Class
E0
E1
E2
E3
E4
Desc.
Incredible
Very low
probability
Low
probability
Medium
Probability
High
Probability
11
SEooC
8.3.1 ... Microcontrollers are an integral component of modern automotive
systems. They can be developed as a safety element out of context(SEooC).
9.1...An SEooC is a safety-related element which is not developed for a
specific item. This means it is not developed in the context of a particular
vehicle.
Position of
SEooC
Assumptions on
system-level,
safety requirements,
system-level design
Hardware(MCU)
development
Work products
(report of safety goal)
12
Mem1
Mem2
Mem3
Redundancy
Thread
1-1
Thread
1-2
Thread
1-3
Original Data
+
ECC
Core1
Core2
Core1
Perturbed
Redundancy
Thread
1
Thread
2
Thread
3
Core2
1313
Cause
Effects
Lifetime
EOS
Hot spots
> 1ms
ESD
Electro-Static
Discharge
Upto 1A discharge
current
100ps to 1us
Cosmic
Radiation
External environment
(>1MeV)
~100fC charge
localized in a few
um
< 100ps
Intrinsic
Radiation
Hole-electron pair
generation in a few
um
< 100ps
1414
DCLS (1)
Primary
Core
Compare
Checker
Core
15
DCLS (2)
DEC
XOR
Physical separation
XOR
XOR
DEC
AntiCore
16
DCLS in Action
ECC
Safety
Guardian
Flash
2 clock
delay
Logic
BIST
SPF
V850
E2M
MPU
(mem)
INT
PBUS
IF
Flash
IF
Flash
IF
ECC
CPU
Master
2 clock
delay
Compare
Unit
CPU
Checker
SPF
MPU
(mem)
DMA
DMA
RAM IF ECC
ECC RAM IF
Logic
BIST
ECC
V850
E2M
INT
PBUS
IF
2 clock
delay
ECC
RAM
WDT
BIST
Clock
Clock
monitor
Clock
monitor
monitor
Peripherals
Logic
BIST
ECC
BIST
RAM
Clock Gen
Ring
OSC
Clock input
Automotive Linux Summit Fall 2013
17
DCLS in Actions
Thread 1a
Thread 2
Thread 1b
18
19
Overall
Architecture
Design
Synthesis
Function
Verification
Fault
injection &
analysis
P&R
Reliability
Analysis
Fault
Tolerance
Mechanism
Fab.
Final
Design
Tape-out
Intermediate
Review
Reliability
Test
Packaging
(AEC-Q100)
Review &
Final
Document
2020
RTL Model
Simulate
Synthesize
Gate-level
Model
ASIC or FPGA
Test Bench
Timing
Model
Simulate
Simulate
21
ACCDEP in V Model
Hazard and
Risk Analysis
ASIL safety goal
Item integration,
Safety Validation &
Assessment
Safety
requirements
from Customer
Safety requirements
(generic, architecture,
assumption)
Safety Report
(FMEA, Metrics)
Inputs for Part 5,6
Specification of
Safety Integrity Measures
(SoC+SW)
Safety Analysis
and Validation
ACCDep
2222
Cooperation with
external institutes
For safety assessment
Automotive AP/MCU
Design Technologies
SW-SoC Technology
Core development
DCLS, Assertion, Voting, ECC, ..
FMEA Methodology Setup
Fault injection & Simulation
2323
Systematic Error
Random Error
Fault
Abnormal condition
causing failure
Failure
Termination of
The ability
Bugs in SW
Simulation, Testing,
Static analysis
Bugs in HW design
Simulation, Testing,
Formal verification
Stress test
(AEC-Q100)
Transient Error
Fault-Tolerance
Techniques
2424
(300Kgates, 99.8mW@65nm/core)
AP for Embedded
Systems
x2 1.6GOPS@800MHz
32-bit Dual-Core
MMU(TLB, Cache)
Aldebaran-V
Fault-Tolerant
Vehicle AP
x4 4GOPS@1GHz
Fault-Tolerant CPU as
SEooC in ISO 26262
Aldebaran-C
Multi-Channel
Video Codec AP
x2 1.6GOPS@800MHz
HEVC (4K/8K video codec)
SPMD Array Processor
(35Kgates, 3mW@130nm/core)
MOSAIC
EMP-D
EMP-S
Dual-Core
Multi-Port SPM
160 inst.
500MOPS@130nm
Single-Core DSP
160 instructions
180MOPS@130nm
Touch
Media SoC Sensor
2006
2008
Video
Core
MOSAIC
Multi-Core
Video SoC
Sound
Effect
SoC
Audio
SoC
2010
DSP
Core
Touch
Sensor2
2012
2014
2016
25
Positioning
Power
(mW)
Cortex-A9, x2,
4000DMIPS,500mW,1GHz@40nm
600
300
Cortex-A8, x1,
1200DMIPS,300mW,600MHz@40nm
2000
4000
Aldebaran
x8, 18400DMIPS,150mW@45nm
6000
8000
Performance
(DMIPS)
26
27
Aldebaran-S2 (Dual-Core)
DDR2
(pdd, 76)
SCLKNET
(p_osc,4)
SJTAG
(pjt,5)
INTC
DMAC
TIMER
/WDT
PMU
(pjumper,8)
PWM
(pwm,4)
ALDEBARAN
_CORE
ID 0
FMC
(pfm,15)
ALDEBRAN
_CORE
ID 1
IROM
I2C
(pic,8)
NIC
GPIO
(pio,10)
UART
(pua,4)
IRAM
AC97
(pac,5)
SMC
(psm,37)
USBHS
(pus,6)
SDR
(psd,58)
SDIO
(psi,12)
VIDEO
(plcd,29)
28
Aldebaran Architecture
coreb_clk
USBOTG
SNAKE_CORE
ID 1
DMA
p_osc_clki
VC
(VIDEO,
LCD)
SNAKE_CORE
ID 0
Ethernet
(802.3)
CAM
core_clk
coreb_clk
core_clk
SATA
p_osc_clk48m
bl_clk
SCLK4NET
sdr_clk
video_clk
pjt_tck_in
br_clk
video_clk
USBHS
(USB Host)
SJTAG
SDIO0
M3
M4
M5
usb_clk
bl_clk
M0
M1
M2
M3
BL
aldebaran_nic_7m8s
LM0
RM0
RS0
LS0
S0
S1
br_clk
BR
S2
S3
S4
S5
S7
SMC
(SRAM I/F)
USB_Slave
SDIO1
S6
AXI
sdr_clk
pdd_sys_clk_p
pdd_sys_clk_p
pdd_clk_ref_p
pdd_clk_ref_n
irom
SDR
DDR2
AHB
iram
APB
NFC
(NAND Flash)
PCIe
HDMI
MFC
PMU
Timer
Video
WDT
FMC
RTC
NOR
PWM
INTC
UART0,1
DMA
AC97
DDR2
I2C0,1
SMC
SJTAG
usb_clk
pac_bit_clk
_pad_i
USBHS
CAN0,1
29
Features of Aldebaran
Core
Clocks in Aldebaran
Clock Net
Frequency
Description
osc_clki (ref_clk)
50MHz
PLL reference
clock
SCLKNET/core_clk
500MHz~1GHz
Core block
SCLKNET/bl_clk
core_clk/2,
250MHz~500MHz
BL bus
SCLKNET/br_clk
200MHz
BR bus
SCLKNET/sdr_clk
166MHz
SDR clock
SCLKNET/video_clk
80MHz
VC clock
osc_clk48m (usb_clk)
USBHS clock
pdd_sys,
pdd_ref(ddr2 4 clks)
200MHz
SNAKEM_DDR2
psd_clk_in
166MHz
SDR feedback
pjt_tck_in
10MHz
SJTAG clock
pac_bit_clk_pad_i
12.8MHz
SNAKEM_AC97
~50MHz
(gated from br_clk)
30
Features of Aldebaran
NoC-Left
NoC-Right
SMC : SRAM I/F controller
Configurable SRAM Interface
Interface for LAN9220
INTC : 32-source PIC
Timer/WDT:
Periodic/One-shot/Watchdog, 4 sets
CAN:
2-wire CAN for OBD-II, 2 sets
PWM: Pulse-Width-Modulation
Configurable waves
LCD backlight, Dimming
UART: UART 16550
38400/115200 baud rate
AC97: Audio
AC97 codec interface
Volume management
I2C: Inter-IC Control
7-bit/10-bit address
I2C master/slave composite
LCD Touch Interface
SJTAG : JTAG Interface
PC-Core Communication
Core debugging, Program Download
On-Chip flash burning
31
Core Architecture
IU0
D0U
D1U
IU2
VA
BTB
BP
FS
IQ
EQ
EP
EE
FPU
D0D
D1D
LS
SB
TLB
13 pipeline stages
RF
I$
iTLB
dTLB
D$
MMUC
Legend
VA : Virtual Address
BTB : Branch Target Buffer
BP : Branch Predictor
FS : Fetch Scheduler
IQ : Instruction Queue
DU : Upper Decode
DD : Down Decode
S
SB
EQ
RF
IU
LS
EP/EE
: Scheduler
: Scoreboard
: Execution Queue
: Register File
: Integer Unit
: Load/Store Unit
: Execute Prolog/Epilog
32
Core Internals
SNAKE_CORE
SNAKE_RESET
I cache
SNAKE_C
Decoder
Scheduler
TLB
D cache
AXIF
e0
Trap
e1-e3
FQUEUE
REGFILE
EQ & EP
BTB & BP
FS
33
Aldebaran Instructions
Load-Store
LDSB
LDSH
LDUB
LDUH
LD
LDD
LDF
LDDF
LDFSR
LDC
LDDC
LDCSR
STB
STH
ST
STD
STF
STFSR
STDFQ
STC
STDC
STCSR
STDCQ
LDSTUB
SWAP
SETHI
NOP
LDSBA
LDSHA
LDUBA
LDUHA
LDA
LDDA
STBA
STHA
STA
STDA
STDF
Arithmetic
Sync
Floating-point
AND
ANDcc
SAVE
CAS
FiTO(s,d,q)
ANDN
ANDNcc
RESTORE
CASA
F(s,d,q)Toi
OR
ORcc
Bicc
STBAR
FsTOd
ORN
ORNcc
FBfcc
UNIMP
FsTOq
XOR
XORcc
CBccc
FLUSH
FdTOs
XORN
XORNcc
CALL
FdTOq
SLL
JMPL
FqTOs
SRL
RETT
SRA
Ticc
Vector
FqTOd
VLD
FMOVs
ADD
ADDcc
VST
FNEGs
ADDX
ADDXcc
VADD
FABSs
TADDcc
TADDccTV
VSUB
FSQRT(s,d,q)
SUB
SUBcc
RDASR
VMUL
FADD(s,d,q)
SUBX
SUBXcc
RDY
VSUM
FSUB(s,d,q)
TSUBcc
TSUBccTV
RDPSR
VABS
FMUL(s,d,q)
RDWIM
VAND
FDIV(s,d,q)
MULScc
LDSTUBA
SWAPA
Flow
Register move
UMUL
UMULcc
RDTBR
VOR
FsMULd
SMUL
SMULcc
WRASR
VSHF
FdMULq
UDIV
UDIVcc
WRY
VSQR
FCMP(s,d,q)
SDIV
SDIVcc
WRPSR
FCMPE(s,d,q)
WRWIM
Cpop
WRTBR
34
I Cache; VIPT
I$
VA[31:2]
tag[31:13]
Tag size=(28x19bx4)
index[12:5]
offset[4:2]
tag
tag
TLB
PA[35:12]
Block
inst inst
tag
tag
inst
PA[11:2]
4-way Blocks
Hit way
Mux
Miss
Block
select
Inst[31:0]
US , Apparatus for saving energy of a cache using scratch pad memory
JCSC 2010, Application-adaptive reconfiguration of memory address shuffler
35
D Cache; PIPT
Data[31:0]
D$
select
VA[31:12]
Tag size=(28x19bx4)
VA[11:2]
tag
tag
TLB
tag
tag
PA[35:2]
tag[35:13]
index[12:5]
Hit
inst inst
Block
inst
offset[4:2]
Data[31:0]
Miss
Write Buffer
36
GHR(Global History
Register)
GHR[9:2]
PHT
Hit ratio
256 entries
32 entries
37
cache line
inst. g0
Fast
Branch
Detection
decode_u
inst. g1
decode_d
inst. g7
38
Scheduler
e1
e2
Flow Control
e1
Hazard Resolution
int0_e0
int1_e0
ldst_e0
fp_e0
int0_e1
int1_e1
ldst_e1
fp_e1
int0_e2
e1
e2
e3
ldst_e2
ldst_e3
e0
e1
39
Flush
(partial/full)
iTLB
dTLB
entry 0
entry 0
entry 1
entry 1
VA tags
Probe
ctx
PTE
8
31
PPN
C M R ACC
ET
36-bit physical
address
c_ctx
r_ctpr
r_fsr
entry 31
entry 31
r_far
24 23
VA
r_ctpr
(12b)
L1 pPTD
Index1
18 17
Index2
12 11
Index3
Offset
L1 PTD/E
L2 PTD/E
L3 PTD/E
256 entries
64 entries
64 entries
L1 pPTD
L1 pPTD
40
Traps
Trap name
reset
data_store_error
instruction_access_error
instruction_access_exception
privileged_instruction
illegal_instruction
fp_disabled
cp_disabled
window_overflow
window_underflow
mem_address_not_aligned
fp_exception
cp_exception
data_access_error
data_access_exception
tag_overflow
division_by_zero
#tt
0x2b
0x3c
0x21
0x01
0x03
0x02
0x04
0x24
0x05
0x06
0x07
0x08
0x28
0x29
0x09
0x0a
0x2a
Trap name
trap_instructions
Trap name
interrupt_level_15
interrupt_level_14
interrupt_level_13
interrupt_level_12
interrupt_level_11
interrupt_level_09
interrupt_level_09
interrupt_level_08
interrupt_level_07
interrupt_level_06
interrupt_level_05
interrupt_level_04
interrupt_level_03
interrupt_level_02
interrupt_level_01
#tt
0x80~0xff
#tt
0x1f
0x1e
0x1d
0x1c
0x1b
0x1a
0x19
0x18
0x17
0x16
0x15
0x14
0x13
0x12
0x11
41
IDE w/ GCC
Aldebaran SW
Ecosystem
C/C++ Compiler
C/C++ Compiler+Libraries
gcc
g++
gcov gprof
crt1.o
libc
ar
as
ld
cpp
gcj
lib
pthread
libm
librt
lib
stdc++
Linux
Applications
Graphics
Library
Web
OpenGL
OpenCL
Linux Kernel
(3.3)
Media
drivers
Flash
driver
Frame
buffer
Bootloader
OCD
The small-sized server SW to
communicate with JTAG-based
OCD implemented in the chip
OCD : On-Chip Debugger
IDE
Integrated development
environment GUI with Compiler,
Assembler, Debugger
Debugger
Client software for C/C++ SourceLevel Debugging
Monitor
Emulator
Verification Apps
MMU
mgt.
42
Verification Basics
Emulator
Application
(C/C++)
Compiler
Linker
ELF
(executable)
Objcopy
Image
(.text, .data, .bss..)
IPC channel
(host machine)
shmget(), shmat()
Cycle-by-Cycle
Comparison
RTL
DirectPort
Interface
RTL Simulator
Snakemu
CoreState Buffer
Host
machine
43
Energy Management
IO Pads
PMU
core_clk
PLL
PLL
IO Power
coreb_clk
Core 0
Core 1
core0, 0.8~1.1V
core1, 0.0V, 0.75~1.1V
1/2
bl_clk
NoC-Left
PLL
br_clk
PLL
PMIC
sdr_clk
NoC-Right
PLL
PLL
Voltage
Regulation
Control
DRAM
vc_clk
VC
usb_clk
USB
ac97_bit_clk
AC97
44
I$
0.88mm2@65nm
305K gates
D$
0.88mm2@65nm
305K gates
Comparison
Aldebaran Core
0.125mW/MHz
MIPS 1074kf
0.36mW/MHz
ARM Cortex-A9
0.625mW/MHz
* Excerpted from MIPS, ARMs website
* Power efficiency depends on synthesis constraints
45
BTB
BP
FS
IQ
S
D0D
EQ
IU2
E
P
FPU
TLB
LS
mBTB
RF
dTL
iTLB
B
E
E
D1D
SB
I$
Modeling
D1U
D$
MMUC
O3
O1
Fault Simulation SW
Stimulus
vector
Module
without
Error
Module
with Error
injection
Injection
(VPI)
Fault
Rate
Extraction
mBP
O2
mFS
mDE
(VPI)
Error
Generation
P ( oi ) Pm ( m , oi ) Pm (i j ,oi )
j
(VPI)
4646
Aldebaran-V (Concept)
Micro-flushing for fault detection and recovery
detection : spatial, time, logical diversity
tolerance : 2oo3 voting
recovery : micro-flushing on failure detection
Pipeline
redundancy
VA
F0
VA
F0
F1
F2
F3
D0
D1
EQ
E0
E1
E2
F1
F2
F3
D0
D1
EQ
E0
E1
E2
E3
R.
Mem
VA
F0
F1
F2
F3
D0
D1
EQ
E0
E1
E2
E3
R.
Mem
2 cycle
delay
2 cycle
delay
E3
BTB
BP
FS
47
D1U
IQ
EQ
E
P
IU2
FPU
D0D
TLB
iTLB
E
E
D1D
LS
SB
dTLB
MMUC
RF
47
F0
F1
F2
F3
D0
D1
EQ
E0
E1
E2
E3
Register File
Update
History
(for 2
cycles)
r0
r1
r0-ecc
r1-ecc
r31
r31-ecc
Pre-Core 1
VA
F0
F1
F2
F3
D0
D1
EQ
E0
E1
E2
E3
Register File
Update
History
(for 2
cycles)
r0
r1
r0-ecc
r1-ecc
r31
r31-ecc
Core (actual)
VA
F0
F1
F2
F3
D0
D1
EQ
E0
E1
E2
E3
Register File
r0
r1
r0-ecc
r1-ecc
r31
r31-ecc
TMR
48
Timer isr
AP
Kernel
Fault Table
Thread ID
Do backup
for faulty
process
PC
Interval
Normal operation
yes
2oo3
matches?
Rewind
no
Fault detected
AP-driven
fault
history
Micro-flushing
49
Implementation
Aldebaran
Core 0
Aldebaran
Core 1
5050
Summary
51
52
Automotive V-Model
Car System
Sign-Off
Development of
Car System
Sub-Systems integration
Test, and validation
Development of
Sub-System
Sub-System Sign-Off
ECU sensors, actuators,
Mechanical parts Integration,
Calibration, and Test
Development of
Mechanical Parts
ECU Development
ECU Sign-Off
ECU SW
Development
ECU HW
Development
ECU SW
Implementation
ECU HW/SW
Integration and Test
ECU HW
Sign-Off
ECU SW
Integration and Test
53
Freescale PX
Freescale Quorriva
MPC5748G
54