ESI Research Agenda V7 11

8/3/2019 ESI Research Agenda V7 11

1/59

ESI Research Agenda

onEmbedded Systems Engineering


2/59

Research AgendaVersion: 7.11- 2005-10712March 1, 2006

Released Page 2 / 59

2006, Embedded Systems Institutes


3/59




TABLE OF CONTENTS

1 MANAGEMENT SUMMARY.............................................................................. 52 STATE-OF-THE-ART, TRENDS AND CHALLENGES...................................... 7

2.1Underlying technological trends .......................................................................................... 72.2High-tech systems.............................................................................................................. 82.3The challenge of Embedded Systems Engineering..............................................................92.4 Industrial trends................................................................................................................112.5European context ............................................................................................................. 12

3 STRATEGY OF ESI......................................................................................... 153.1Structure of the field ......................................................................................................... 15

3.1.1Application domain categories........................................................................................................... 163.1.2System objectives .............................................................................................................................. 173.1.3

Methodology .......................................................................................................................................17

3.1.4Integrated perspective........................................................................................................................18

3.2Research organization......................................................................................................183.2.1Industry as laboratory......................................................................................................................... 193.2.2Preparatory research and technology transfer.................................................................................. 20

4 ESI RESEARCH APPLICATION DOMAINS AND GENERALISATION........... 234.1 Introduction......................................................................................................................234.2Professional systems........................................................................................................ 23

4.2.1Industrial sector .................................................................................................................................. 234.2.2Relation to system objectives ............................................................................................................ 24

4.3High-volume products....................................................................................................... 254.3.1Industrial sector .................................................................................................................................. 254.3.2Relation to system objectives ............................................................................................................ 264.4High-integrity, safety-critical embedded systems ............................................................... 284.4.1Industrial sector .................................................................................................................................. 284.4.2Relation to system objectives ............................................................................................................ 29

4.5Domain generalization: Embedded System engineering .................................................... 295 SYSTEM OBJECTIVES................................................................................... 33

5.1 Introduction......................................................................................................................335.2Performance .................................................................................................................... 33

5.2.1Introduction......................................................................................................................................... 335.2.2Problem statement .............................................................................................................................345.2.3Existing solutions................................................................................................................................ 355.2.4ESI research on performance............................................................................................................ 365.2.5Expected results and timeline ............................................................................................................ 395.2.6References ......................................................................................................................................... 40

5.3Reliability ......................................................................................................................... 425.3.1Introduction......................................................................................................................................... 425.3.2Problem statement .............................................................................................................................435.3.3Existing solutions................................................................................................................................ 445.3.4ESI research on reliability .................................................................................................................. 455.3.5Expected results and timeline ............................................................................................................ 465.3.6References ......................................................................................................................................... 48

5.4Evolvability.......................................................................................................................495.4.1Introduction......................................................................................................................................... 495.4.2Problem statement .............................................................................................................................495.4.3

Existing solutions................................................................................................................................ 51


4/59




5.4.4ESI research on evolvability...............................................................................................................515.4.5Expected results and timeline ............................................................................................................ 535.4.6References ......................................................................................................................................... 54

6 STATUS AND FURTHER DEVELOPMENT .................................................... 55A. PROJECT MASTERPLANNING...................................................................... 57B. COVERAGE PLANNED RESULTS BY PLANNED PROJECTS..................... 59


5/59




1 MANAGEMENT SUMMARY

Research challenge: The overall mission of the Embedded Systems Institute (ESI) is toadvance industrial innovation and academic excellence in embedded systems engineering for

high-tech systems. Within this general mission the research challenge of ESI is formulated as

the challenge to raise embedded system design from a craft to a scientifically based engineeringdiscipline. The proposed research agenda fits ideally with the scope of existing European

platforms and programs in embedded systems research.

Structure of the field: To provide the necessary focus and emphasis ESI research considersthree application domain categories, viz. those ofprofessional systems , high-volume products,

and high-integrity, safety-critical embedded systems. In this structured context the researchconcentrates on models and methods for the analysis and design of high-tech embeddedsystems, with a particular emphasis onperformance, reliabilityand evolvabilityaspects.

Instruments: ESI intends to develop a unique collaborative research ecosystem betweenindustry and academia in which industry as laboratory projects play a central role. To enable

such projects and secure the role of prospective, longer term research, they are complementedby preparatory research projects.

Research agenda: For each of the application domain categories the relevant aspects of theperformance, reliability, and evolvability system objectives are identified. Subsequently, theexpected outputs in terms of milestones for modeling and analysis and embedded systems

synthesis related to each of the system objectives are listed for the next four years, together withsome indications for the period beyond that.

Resources: The majority of proposed research activities can be funded from available research

grants, and almost all proposed research activities for the next 4 years can be funded fromresearch grants that are expected to become available within the next half year. The human

resources that are required for the activities of the coming 4 years fall within the projected growth

path for ESI of 12 Research Fellows by the end of 2006. In particular, the start of threepreparatory research projects is anticipated in the coming year. If corresponding funding is

granted, as currently expected, their commencement is scheduled for July 1, 2006.

Status: This document constitutes the first edition of the ESI research agenda. As such it forms

the basis for the current portfolio of ESI research projects. It also provides the starting point for afurther development of ESI research planning in interaction with ESI partners in academia andindustry, in particular with the founding partners of ESI. A first revision of the agenda resulting

from such consultations is expected by July 1, 2006. Further revisions will be carried out on (atleast) a yearly basis.


6/59





7/59




2 STATE-OF-THE-ART, TRENDS AND CHALLENGES

2.1 Underlying technological trends

Twenty-five years ago approximately 50,000 computers existed in the whole world; today thereare an estimated 140 million and that does not count the embedded processors inside cars,

printers, cell-phones, or medical systems (these processors alone represented an 18 billion dollarbusiness in 2005)1. No matter what metric you choose - mips per processor chip, bits per memorychip, cost per mip, cost per byte of memory, or transistors per chip - performance has increased

by a factor of 100 every 10 years for the past three decades (Moores Law) - see Figure 1.1.

The effects of these developments in the semi-conductor industry have caused a massive

penetration of Information and Communication Technology (ICT) into consumer, communication,automotive, and professional markets. The ever-increasing power and miniaturization ofhardware has made it possible to embed intelligence in the form of software into all sorts ofexisting and new products and services, with a potentially unlimited range of applications from

transportation to health care, and from general broadcasting to electronic banking.

Figure 2-1: IC transistor count as a measure of system complexity

Example: Television

Only a couple of years ago, a television was a device that accepted an analog broadcastformat (e.g. PAL or NTCS) that was displayed on an analog screen. Nowadays, a televisionis rapidly growing into a system accepting many digital formats as input and providing users

with a variety of applications for a richer viewing experience. Input is received via a rangeof broadcast formats or via personal devices such as cameras, PDAs or audio equipment.

1 http://www.electronics.ca/PressCenter/articles/98/1/Worldwide-Embedded-Controller%7B47%7DProcessor-Market-

Growing-6%25-In-2005-To-$18-Billion


8/59




The display has become digital and the television has been connected to the Internet. This

enables a range of new applications such as video on demand, web browsing, and interactiveTV. The result is new applications that may themselves collaborate and converge for a

richer user experience.

Looking forward, we see technology shifting from the era of microelectronics, wheresemiconductor devices are measured in microns (1 millionth of a meter), to the new era of

nanoelectronics where they will shrink to dimensions measured in nanometers (1 billionth of ameter). This will make electronics applications even more pervasive than today, and allow moreintelligence and greater interactivity to be built into many more everyday items, bringing

embedded technology to virtually every aspect of our lives. Two main underlying trends can bedistinguished, often referred to as More Moore and More than Moore. The first one representsthe drive to continue fulfilling Moores Law and extrapolate the current trend of Figure 1.1 into the

future, where it will have to resolve challenges that derive from operating close to the molecularscale and the problem of heat dissipation. The More than Moore trend is aiming at theintegration in silicon of processors, sensors, actuators, and communication functions, yielding

completely integrated systems at unprecedented dimensions of miniaturization.

2.2 High-tech systems

The stated overall mission of ESI is:

To advance industrial innovation and academic excellence in embedded systems engineering

for high-tech systems.

Accordingly, ESI research efforts are concentrated on issues related to the design and

implementation of high-tech systems. These systems are characterized by the large scale andtightly coupled integration of heterogeneous (and often intelligent) components and enablingtechnologies. Examples of high-tech components are ICs, intelligent sensors, controllers and

mechatronic components. Enabling technologies include the methods to design or processes tomanufacture ICs or other technology components, as well as tools, methods, and techniques forprogramming and design. It is important to observe that high-tech systems may not operate in

isolation, but are often used in combination with other systems to realize an overarching functionor business process. Such larger systems are also referred to as systems of systems. Exampleswould be a digital television that is integrated into the digital home, or a medical diagnostic device

that is embedded into the hospital workflow environment or ecosystem.

While the designs of advanced components and associated enabling technologies are importantand have a major influence on the design and engineering of high-tech systems, these are not

the primary focus of ESI research. Instead, ESI is concentrating its research on design andengineering of high-tech systems characterized by the closely coupled interaction of complex,heterogeneous, and often intelligent components. Examples of such high-tech systems are

lithography scanners, medical scanning systems, printers, televisions, mobile phones, defensesystems and automobiles.


9/59




Figure 2-2: High-Tech Systems as ESI domain

There is a significant need for know-how in incorporating the multi-disciplinary aspects of high-tech systems, addressing integrated system views, and making the interdependencies betweenthe various disciplines and technologies explicit and manageable. ESI research will deliver this

know-how within the domain of embedded systems engineering. This scientific area is extremelydiverse, has industrial competitive implications, has a need for greater academic and theoreticalunderpinnings, and is insufficiently covered by existing research institutes or academic groups.

2.3 The challenge of Embedded Systems Engineering

Effective and reliable exploitation of the tremendous potential of trends described above requiresnew ways to deal with the ever widening system design gap, i.e. the fact that the available

models and methods for designing high-tech systems and for leveraging and applying newcomponent level technologies in these systems are not able to keep up with the exponentialgrowth of real capabilities at the component level and potential capabilities at all levels above. We

cite Lynn Conway in her Foreword to Wayne Wolfs textbook on embedded systems2:

Digital system design has entered a new era. At a time when the design of microprocessorshas shifted into a classical optimization exercise, the design of embedded computing systems

in which microprocessors are merely components has become a wide-open frontier.

Wireless systems, wearable systems, networked systems, smart appliances, industrialprocess systems, advanced automotive systems, and biologically interfaced systems provide

a few examples from across this new frontier.

Driven by advances in sensors, transducers, microelectronics, processor performance,operating systems, communications technology, user interfaces, and packaging technology

on the one hand, and by a deeper understanding of human needs and market possibilities on

2 Wayne Wolf, Computers as Components Principles of Embedded Computing System Design, Morgan Kaufmann

Publishers, 2001.

System-of-Systems

(Intelligent)Components

Enabling

Technologies

High-tech Systems


10/59




the other, a vast new range of systems and applications is opening up. It is now up to the

architects and designers of embedded systems to make these possibilities a reality.

However, embedded system design is practiced as a craft at the present time. Althoughknowledge about the component hardware and software subsystems is clear, there are no

system design methodologies in common use for orchestrating the overall design process,and embedded system design is still run in an ad hoc manner in most projects.

The research challenge of ESI is in harmony with the idea articulated in the last paragraph: to

raise embedded system design from a craft to a scientifically based engineering discipline.

To analyze the nature of this challenge we must consider the structure of embedded systemsmore closely. Embedded systems can be thought as being made up of the following parts3:

Embedded software.

Computing devices (processors, memories, busses, etc) that execute the software. Interface devices (sensors, actuators, etc) with which the software communicates, and

that connect to the physical world.

The components above can, of course, again be decomposed into a number of parts orsubcomponents. The embedded software, for example, could be decomposed into lower levelapplication software on the one hand and integrating software on the other, i.e. software that is

used to link and control the different parts and components.

The focus of the research at the ESI is on embedded systems design and engineering: How can

a system (or, actually, its specification, constraints, concerns, etc) be decomposed intosubsystems, and subsequently -- how can subsystems be integrated into a complete system in

the larger context of business and technology applications.

Software in embedded systems is different from, for example, desktop application software due totwo major reasons:

Embedded systems are multi-technology. They contain software components, electronic

components, mechanical components, and antennas for example.

Embedded systems interact with physical environments that pose all sorts of constraintson them, and that are subject to all sorts of uncertainties, changes, and failures.

The first item is often phrased as heterogeneity: embedded systems operate in a heterogeneous

environment and they are realized by the integration of many different disciplines. Each of thesedisciplines may use a different language, may have a different mindset, may address different

concerns and system objectives. Also, the different implementation and realization characteristics- hardware, software, mechanics, sensors, communication, control type and data flow type ofspecifications, ... - impose difficulties on the whole design process - different models, different

tolerances, calibration issues, interfaces, .... How to combine models and methods from thesedifferent domains or disciplines is an unsolved problem. Consequently, any sort of simulation,prediction of properties and design (like partitioning the functionality) is difficult because

3

S. Heath, Embedded Systems Design, Newness, 1997.


11/59




modularity and principles of abstraction as known within the individual domains are no longer

applicable across these disciplines.

The second item points to the fact that much of the complexity in embedded software is causedby the interaction with physical phenomena. This results, for example, in concerns about differentqualities, such as real-time constraints, other temporal concerns, memory usage, power

dissipation, size, weight, fault tolerance and maintainability. Such qualities have to be distributedover the subsystems and their interfaces in a reliable and robust way. Due to uncertainties about

the environments in which the systems have to operate, it is often impossible to specify theintended behaviours of the systems precisely.

The need for multi-disciplinary approaches in design of systems is widely recognized. For

instance, in control technology it is recognized that:

It will be important to create larger, multi-disciplinary centers that join control, computer

science, and communications and to train engineers and researchers who are knowledgeablein these areas. Industry involvement will be critical for the eventual success of this integrated

effort, and universities should begin to seek partnership with relevant companies 4.

The Embedded Systems Institute focuses its research on multi-disciplinary system design. As

such, the ESI is one of the main contributors to the emerging research field called EmbeddedSystems Engineering, an academically rigorous research area that lifts embedded system designfrom an ad-hoc craft to a genuine scientific discipline.

2.4 Industrial trends

According to its mission ESI must carry out research that advances industrial innovation inembedded systems engineering for high-tech systems. To do this we must consider the main

systems engineering challenges that beset the high-tech industry. These challenges are inaddition to the more generic requirements of a mature discipline for embedded systemsengineering, such as notations, methods, techniques and tools for specification, design,

implementation, analysis and validation that can deal with the heterogeneity and complexity ofembedded systems.

Some specific and selected challenges are related to the following trends:

Feature integration: new systems are developed by adding new features to the existing

feature baseline. Such additions may cause unwanted and unpredictable emergent

system properties resulting from undesirable feature interaction. This may in turnthreaten the integral system reliabilityand affect itsperformance characteristics.

System openness: high-tech systems are increasingly becoming integrated into their

application environment, creating systems of systems. This trend calls for increasing

system openness. For example, medical imaging equipment is being integrated into thelarger context of hospital patient handling and patient information processes. A high-techsystem can no longer be seen as a stand-alone entity. This creates significant challenges

4Richard M. Murray, Karl J. Astrom, Stephen P. Boyd, Roger W. Brockett, Gunter Stein. Future directions in control in

an information-rich world. IEEE Control Systems Magazine, 2003, p. 20-33.


12/59




since the larger business context or business workflow environment is more susceptible

to unforeseen behavior and external stimuli. This may in turn compromise the (future)reliability and performance of the high-tech system.

Need for reuse: the combination of usually very complicated designs of high-tech

systems with the needs for shorter time to market and flexible diversification of productsto meet the changing needs of markets and individual customers can only be addressedby design methods that support the re-use of assets at all levels of abstraction: code,

components, designs and interfaces, and engineering paradigms. The correspondingquality that must be nurtured is the evolvabilityof a design or product (family).

2.5 European context

The research agenda of ESI has been developed with keeping in mind the available embedded

system roadmaps and the activities for shaping the European Research in the context of the FP7calls for proposals. In particular, references should be made to the PROGRESS (PROGram for

Research on Embedded Systems & Software) Roadmap 2002, to the ARTIST Roadmap forResearch and Development in Embedded Systems Design, the dependability roadmap for theinformation society AMSD (Appendix A: Trends in Dependable Embedded Systems), the

European technology platform ARTEMIS (Advanced Research & Technology for EmbeddedIntelligence in Systems) for shaping FP7 in Embedded Systems, as well as the TechnologyRoadmaps of the ITEA and MEDEA+ EUREKA programs.

To guide the R&D efforts in the European context, application domains have been identified in theabove programs and roadmaps that are both technologically challenging and meet broad societal

needs. They all require the engineering of high-technology systems that integrate intelligentembedded components to realize their required behavior. For example, the ARTEMIS technologyplatform identifies the following Industrial Research Priorities:

Reference designs and architectures, addressingcomposability, dependability and

security and high-performance embedded computing.

Seamless connectivity and middleware, addressing middleware architectures,

ubiquitous networks and interconnectivity of embedded systems, self-configuration and

self-organization.

Methods and tools, addressing design tools, management of the design process, tool

and procedure interoperability, systematic traceability, verification & validation and

product line development.

In addition to these the second ITEA Roadmap also identifies, amongst others, the followingsystem and software engineering challenges: evolutionary systems, system architecture trade-off

analysis, HW/SW co-design, cross-cutting concerns, software architecture re-use, model-baseddevelopment and self-organizing software systems.

The research agenda of ESI concentrates on models and methods for analysis and design of

high-tech embedded systems with a particular emphasis on performance, reliability andevolvability aspects. Based on the needs of industry, a particular emphasis is taken on the multi-disciplinary nature of application domains such as mechatronics, medical systems and consumer


13/59




electronics. Therefore, the ESI research takes a specific angle in the European research

landscape and, at the same time, fits ideally to the scope of existing European platforms andresearch programs.


14/59





15/59




3 STRATEGY OF ESI

The ESI strategy is to conduct research at the intersection of academic/scientific rigor andindustrial relevance/applicability. Within this overarching goal, the more specific domain of high-tech systems provides the necessary focus and emphasis for the Institute. An intent of ESI is to

develop a collaborative ecosystem with industrial sponsors and academic collaborators whereorganizational boundaries are blurred and problems in the form of researchable statements andinquiry transfer naturally from the industrial domain to the academic and research domain. While

research results in the form of methods, practices, and heuristics flow back to the industrialsetting with the intent of developing superior products and systems. This intent is captured in thenotion of industry as laboratory concept discussed later in this chapter, and this is also what

makes ESI unique within the discipline of embedded systems engineering.

3.1 Structure of the field

The ESI focus on high-tech systems includes a bewildering variety of embedded technology

domains. Figure 3.1 below demonstrates the differences that exist between various domains interms of the product characteristics given in Table 3.2. The entries are only indicative of thedomains and open to debate for particular products.

Figure 3.1. Variety of embedded product domains.

Figure 3.1 provides an overview of different product domains and exemplifies the need for

tailoring the research to suit their unique needs and requirements. It is likely that the designmethods and practices relevant for products with a (very) short trade life and development leadtime (e.g. mobile phones) may be different from those most suited to products with a (very) long

trade life and development lead time (e.g. military systems). Differences may also beinduced byvariations in other product and system aspects, such as safety and criticality, security,performance, etc.

Trade Life

Lead Time

Volume

Costs

Digital

Television

Lithography

System

Medical

Systems

Mobile

Phones

Automotive

Systems

Digital

Printers

Long Very ShortMedium

Short

Very Long LongVery Long

Short Medium Very Short Long Medium

Low Very HighVery High

Very Low

Very High MediumLow

High High Very Low Medium Medium

Feature

Extension Medium HighGrowing Growing LowHigh

Military

Systems

Long

Long

Low

High

Growing

Trade Life

Lead Time

Volume

Costs

Digital

Television

Lithography

System

Medical

Systems

Mobile

Phones

Automotive

Systems

Digital

Printers


Short




Very Low

Very High MediumLow


Feature


Military

Systems

Long

Long

Low

High

Growing

Trade Life

Lead Time

Volume

Costs

Digital

Television

Lithography

System

Medical

Systems

Mobile

Phones

Automotive

Systems

Digital

Printers


Short




Very Low

Very High MediumLow


Feature


Military

Systems

Long

Long

Low

High

Growing


16/59




Characteristic Explanation

Trade Life For what period does a released product remain in the market?

Lead Time What is the characteristic of the product development lead time and thepressure on the release date?

Volume What is the product shipment volume?

Costs What is the pressure on the product cost?

Feature Extension How many product features are or will be available?

Table 3.2. Product classification categories.

3.1.1 Application domain categories

The diversity of the embedded systems and products domains requires that these domains beanalyzed for patterns and common characteristics with the intent of formulating a small numberof representative categories. These categories simultaneously display the necessary coherence

to serve as subjects for the research in embedded systems engineering.

The three broad and representative domain categories, together with their characteristics andillustrative examples, guiding the ESI research agenda are identified in Table 3.3.

Application domain category Characteristics High-tech product examples

Professional systems low-volume,high-performance,high cost,physical/mechanical

interaction with environment,medium safety, reliability,security

Medical Systems,Office printers & copiers,Electron microscopes,Automated material handling

systems,

High-volume products high-volume,low-cost,economic criticality

Digital TV,Cell-phones,Automotive infotainment.

High-integrity, safety-critical

embedded systemsvery long life-time,safety-critical,adverse environmental

conditions

Avionics & aerospacesystems,Automotive control systems,

Military systems

Table 3.3. Primary application domain categories for ESI research.

Examples of application domain categories that are currently nota primary focus of ESI, but are

of interest because they intersect with the above categories and thus form a basis forcollaboration with other research partners, are the technological aspects of systems-on-chip

(Holst Centre) and communication infrastructures (Telematica Institute).


17/59




3.1.2 System objectives

Given the clear articulation of the relevant and representative application/product categories(Table 3.3) guiding the ESI research agenda, it is also necessary to identify the principal systemproperties of interest. This will continue to sharpen the research agenda and associated

deliverables. In this regard, ESI focuses on the technical aspects of products and systems, asopposed to process, organization, or other soft factors that may also play a major role inpractical systems design. Consistent with the concentration on integral system design ESI

concentrates on the following three cross-cutting system properties:

1. Performance

Theory and methods to predict, analyze, realize and improve the performance

characteristics of embedded high-tech systems. In this context, the notion of performanceincludes the consideration of constraints regarding hard and soft real-time behavior, use ofresources, optimization of cost functions, etc.

2. Reliability

Theory and methods to predict, analyze, realize and improve the reliable operation of ahigh-tech system. Here, reliability is used in a holistic sense and includes finer aspects

such as conformance to specification (or correctness), robustness (against variations inenvironment behavior), and dependability (fault and exception tolerance).

3. Evolvability

Theory and methods for the creation of designs that can be easily modified or extendedthrough the re-use of available design assets within an environment of evolvingtechnologies, market dynamics, and customer expectation. In this context, design assets

includes the notion of product families, generic system components, common productplatforms, etc.

3.1.3 Methodology

To provide a scientific basis for an engineering discipline embedded systems engineering (achallenge formulated in the previous chapter), it is required to introduce scientifically informedmethods for modeling, analysis, and synthesis of high-tech embedded systems. This then, along

with the application domain categories and system objectives, becomes the third dimensionwithin an integrated research agenda. This methodological dimension is represented by thefollowing categories:

1. Modeling & analysis methods

Theory, notations, methods, and tools for the conception, representation, and elaboration ofdesigns at different levels of abstraction including support for analysis, refinement and

validation on the basis of such design models.

2. Embedded system synthesis methods

Theory, methods, and tools will be assessed and developed for the design of new systems

together with updated systems as modifications or extensions of legacy products andsystems. This approach constitutes a paradigm shift from a purely component-orientedview of system synthesis, where a system might be developed by coupling together

existing and similar components. In this context, synthesis includes a diversity of


18/59




components and subsystems that are modified from existing assets or newly developed

and integrated into a larger system. The components or subsystems referred to herecould be complex systems in their own right, and given the huge potential for interaction,

the possibility of undesirable emergent behavior is real and must be addressed.Accordingly, system behavior must be analyzed during design, while also considering it inthe run time environment.

3.1.4 Integrated perspective

Figure 3.4 then represents the integrated space bounded by the three dimensions discussed inthe previous three sections. These dimensions provide the contextual setting for the research atESI. Accordingly, each of these aspects is not addressed in isolation but rather the interplay

between these three dimensions provides the necessary richness to the research agenda.

Relevant and interesting intersections are explored further in various research projects.

Figure 3.4. ESI embedded systems engineering research space.

In terms of Figure 3.4 ESI research can be globally characterized as the identification of

technically and industrially coherent regions in this three dimensional space, the development ofsound embedded system engineering techniques based upon this identification, and thedetermination of the scopes of effectiveness of the developed techniques.

3.2 Research organization

The research challenge of the Embedded Systems Institute is to raise embedded systemsengineering from a craft to a scientifically based engineering discipline. For the research in

embedded systems engineering to have industrial relevance, it must address and account for the

System objectives

Methodology

Application domain categoryperformance

reliability

evolvability

High-integrity safety-critical systems

High-volume systems

Professional systems

Modeling &

analysis

Embedded

systems

synthesis


19/59




realistic constraints regarding resources and scalability within an industrial context. This is

facilitated by the concept of Industry as laboratory embraced by ESI.

3.2.1 Industry as laboratory

The central research instrument to achieve our objectives is inspired by the approach of Colin

Potts in software-engineering research, who introduced the concept of Industry-as-Laboratory.

We quote 5:

And as we celebrate 25 years of software engineering, it is healthy to ask why most of

the research done so far is failing to influence industrial practice and the quality of the

resulting software. []. The problem stems from treating research and the involvement of

industry in applying the research as separate, sequential activities. This phased

approach to software-engineering research, which I call research-then-transfer, leads to

laboratory research that often fails to address significant problems []. Recognizing

these problems, some significant voices are being raised in favor of a complementary

research approach, which I call industry-as-laboratory. In this approach, researchers

identify problems through close involvement with industrial projects, and create and

evaluate solutions in an almost indivisible research activity. []. In the industry-as

laboratory approach, a case study a real system-development project that exhibits the

problems of interest becomes a way to obtain knowledge and appreciate its

significance. It doesnt just demonstrate research results; it produces them.

The Industry-as-Laboratory research is a powerful and differentiating research concept andinstrument that sets ESI apart from other institutes in the area of embedded systems engineering.

It is carried out via collaborative research projects in which industrial and academic partnerscollaborate as partners with a notion of shared success. In this manner, the implicit industrialknow-how and daily practices are coupled to the academic fundamental know-how and the

academic freedom to explore.

The ESI research projects deploy real industrial cases. Industry is a direct beneficiary of theembedded systems engineering methods developed in the context of such cases. This isparticularly true since the research projects at ESI aim to develop proof of conceptfor the

methods and practices. At the same time such projects can access new scientific know-howdeveloped by academia. Moreover, by exercising actual industrial cases, the academic partners

obtain valuable insights into significant problems of industrial relevance that can be the subject ofacademic research with the objective of developing innovative solutions. This in turn leads to theenhancement of the body of knowledge relating to embedded systems engineering.

The underlying cycles of industrial and academic innovation in embedded systems engineeringare depicted in Figure 3.5. It should be noted that the cycles are not fully synchronous: a typicalindustrial innovation cycle would take one or two years, whilst an academic cycle could take four

years or more.

5 Colin Potts, Software-Engineering Research Revisited, IEEE Software, Vol.19, No. 9, September 1993, pp. 19-28.


20/59




Figure 3.5 Industrial and academic knowledge cycles

3.2.2 Preparatory research and technology transfer

Experience shows that there can be a considerable gap between relevant academic research andthe potential use of this research in an industry-as-laboratory setting. To determine theapplicability and scalability of new approaches under industrial constraints, the methods and

techniques involved must have some minimal maturity in terms of proven potential for

applicability, accessibility, tooling, documentation, etc. This calls for smaller, preparatory researchprojects that translate the more fundamental research results into methods and techniques that

can be used in later industry-as-laboratory projects. To some extent such projects already exist inthe Dutch and European research landscape as STW, Progress, and IST projects. On topics ofstrategic importance, however, ESI cannot be dependent on the spontaneous dynamics of the

Dutch and European research landscape, and must carry out such research under its ownresponsibility.

Although industry-as-laboratory projects are in some sense closer to industry than to academia,

their results in terms of proofs-of-concept in themselves do not guarantee the successful transferof these concepts and related ideas and technology to industry. This requires, as follow-up, morespecific and focused technology transfer projects. The implementation of such projects is not

really concerned with research itself, and may include such diverse activities as courses, processredesign, instrumentation, transfer of people as knowledge carriers, etc. As such they are not partof the research agenda itself, but may be sources of feedback for future research. Figure 3.6

gives an overview of the various activities and their interrelation, in which the arrows denote thedirections of the flows of scientific knowledge and feedback information.

Industrial

Problem

Industrial

Problem

PROJECT

Industry as Laboratory

PROJECT


New ESE

Research

New ESE

ResearchExpert

Know-how

Expert

Know-how

New practical

ESE Methods

New practical

ESE Methods

IndustryIndustry

AcademiaAcademia

Industrial

Problem

Industrial

Problem

PROJECT


PROJECT


New ESE

Research

New ESE

ResearchExpert

Know-how

Expert

Know-how

New practical

ESE Methods

New practical

ESE Methods

IndustryIndustry

AcademiaAcademia


21/59




Figure 3.6 ESI knowledge production and transfer instruments.

Both preparatory research projects and industry-as-laboratory projects are collaborationinstruments in which academic and industrial partners, as well as other knowledge institutes canparticipate. Substantial industrial involvement is a requirement for industry-as-laboratory type

activities, whereas the industrial role in preparatory research projects can be smaller, but shouldnevertheless be there to improve chances of later applicability. As preparatory research typicallywill affect industrial practice through industry-as-lab and subsequent transfer type projects, they

are naturally suited for medium and long-term prospective research themes.

academia industry

preparatory

research

preparatory

research

preparatory

research

preparatory

research

industry

as

laboratory

industry

as

laboratory

industry

as

laboratory

transfer

transfer

transfer

feedback

academia industry

preparatory

research

preparatory

research

preparatory

research

preparatory

research

industry

as

laboratory

industry

as

laboratory

industry

as

laboratory

industry

as

laboratory

industry

as

laboratory

industry

as

laboratory

transfer

transfer

transfer

feedback


22/59





23/59




4 ESI RESEARCH APPLICATION DOMAINS AND GENERALISATION

4.1 Introduction

Within the domain of high-tech systems, the research efforts of ESI are geared towards the studyof the following three application domains that together represent the first dimension of the ESI

research agenda:

Professional systems

High-volume products

High-integrity, safety-critical embedded systems

Within these three application domain categories, many challenging and multi-disciplinary designquestions exist for the three system objectives:performance, reliability, and evolvability. These

three system objectives together represent the second dimension of the ESI research agenda.The third and final dimension being that of methodologies, and ESI will address methodologiesfor the synthesis and analysis of embedded system designs at various levels of abstraction.

While these three dimensions provide the necessary focus to the research efforts within ESI, theresearch results are expected to have a wider applicability. Research conducted within thepreferred domains with an emphasis on a selected set of critical system objectives will be

leveraged to distill concepts, methods, frameworks, and heuristics that have broader applicability.In so doing, ESI intends to realize its objective of making a significant contribution towards theestablishment of embedded systems engineering as an academic discipline.

The following sections provide further discussion and clarification of the three primary applicationdomain categories, and then describe ESIs efforts to generalize results and create a frameworkfor the field of Embedded Systems Engineering.

4.2 Professional systems

4.2.1 Industrial sector

The category of professional systems comprises products such as medical systems (e.g. MRI, CT

and X-Ray imaging equipment), wafer scanners, electron microscopes, PCB populationmachines, and high-speed digital printing equipment. Typical companies operating in this sectorare Assembleon, ASML, FEI, Philips Medical Systems, and Oc. Their products and markets

share some common characteristics from the point of view of ESI research:

Low-volume: Only small to medium size series are sold of every generation of a product.This makes the development effort and customer support a significant part of thebusiness equation. Furthermore, prudent re-use of technology and know-how overproduct generations is essential for efficiencies relating to development cost and time

High-performance: Customers of professional systems select products almost entirely onperformance or price/performance ratio. Hence these systems need to be highlyoptimised with regard to performance to be successful in the market.


24/59




High cost: The combination of low-volume and high-performance characteristics impliesa generally high cost of purchase and ownership. Accordingly, these products tend to becapital intensive.

Long life-time: High acquisition costs are justified on the basis of long operationallifetimes for these products. This may imply a need for product upgrades in the fieldduring their operational life to keep up with the changes in the environment within whichthey operate and interact (e.g. hospital information system for an X-ray imaging system).

Significant physical/mechanical interaction with environment: Professional systemscreate their system functions and added value through a range of sensors (imaging,tactile, force, etc.) and actuators (robots/motion control of patient tables/ PCBs).Achieving accurate, predictable, and reliable operation in a varying environment is a keychallenge for these systems.

Medium safety, reliability, security requirements: Generally speaking, professionalsystems need to satisfy medium levels of safety, reliability and security requirements, i.e.as such a system freeze or shutdown is sufficient for safety, and reliability expresses

itself through high system uptime.

Organizations manufacturing professional systems rely increasingly on a wealth of domainknowledge and experience built up over many years in many different disciplines (e.g.

mechanics, electronics, software engineering, IC design, sensor design, and control theory) andtheir proper integration. This knowledge is a key technical asset of organizations thatmanufacture professional systems. However, in its full scope, only a few, very experienced, key

technical persons (i.e. the system architects) have achieved a thorough overview andunderstanding of technologies and their inter-relations in such professional systems in the contextof the appropriate domain. These few people have the ability to moderate and make appropriate

design trade-offs between various disciplines.

Market trends in the professional systems domain show increasing complexity, reducing time-to-market, and a move towards system-openness. Professional systems are becoming highly

dependent on software modules. This may reflect an increasing level of intelligence andcomplexity associated with such systems, and this in turn results in a continuous increase in thedevelopment effort and maintenance/upgrading effort of professional systems. The domain of

professional systems can use significant improvements in development methodologies,processes, and supporting tools to manage and respond to these trends.

4.2.2 Relation to system objectives

PerformancePerformance is a key differentiating factor for professional systems. Increasingly performancedemands a multi-disciplinary design and multi-objective trade-offs (e.g. power, cost, accuracy,

speed) to create highly optimised products that are successful in the market.

State-of-practise is that these trade-offs are decided based on implicit, internalized experience ofsystem architects. With increasing complexity, multi-disciplinary performance analysis and design

methods represent an important breakthrough for such systems to achieve the necessary levelsof cost and time efficiencies. This will require a collaborative endeavour that combines thedomain and intrinsic knowledge of the architects with the latest developments in modelling and

simulation techniques. The optimized design of such systems is an open question, and ESI with


25/59




its industrial and academic collaborators is uniquely positioned to contribute to this problem that

has significant industrial relevance, whilst requiring a committed academic response.

Reliability

Operating on the edge of what is technologically feasible, while involving the integration of the

latest advances in multiple disciplines makes professional systems, such as wafer scanners,increasingly complex.

This growth of complexity has resulted in large, often geographically dispersed, development

teams. Another development characteristic of such systems is the increasing involvement of 3rdparty content, mostly in the form of software modules. These trends may cause unwantedemergent system properties resulting from unproven technology and undesirable feature

interaction, both threatening the integral reliabilityof the system.

Whereas reliability from a hardware perspective is relatively well understood (e.g. FMEA, fault-

tree analysis), this is not the case for software and methods for integralsystem reliability analysisand prediction. There is a real need within this domain for the development of better methodsand tools for modeling, analyzing, and predicting system reliability, without hampering time-to-market.

Evolvability

Professional systems have a long in-service life-time expectation, often exceeding 10 years. Twolevels of system evolvability are essential to support long term customer use and operations,

while also allowing product innovation. These are:

System level evolvability: to support field upgrades, and system adaptations in response

to a changing operational environment, and Architecture level evolvability: to support short product innovation cycles, without

requiring complete and cost-prohibitive redesigns

A main challenge with the evolvability of professional systems is the design of key functionalcomponents that give architectural flexibility to support a diversity of products for differentapplications. Solutions to such research questions will have the added benefit of allowing theintegration of component and subsystem technology roadmaps into the product development or

upgrade process.

4.3 High-volume products


The High-Volume Electronics (HVE) market is mostly targeted at the consumer as the end-user ofthe product. It comprises products such as cell phones, televisions, DVD players and recorders,

(digital) cameras, portable gaming equipment, and mp3 players.

From the perspective of embedded technology, the origins of this market date back to theeighties, with the large-scale introduction of micro controllers in HVE products such as TVs and

VCRs. Whereas this introduction was intended to be a mere replacement of control logic


26/59




implemented in digital circuits, it caused an unprecedented and opportunistic featurization of

these devices based on the (perceived) inherent software flexibility and adaptability.

Many other (interrelated) developments, driven by Moores law and its variants, have alsoinfluenced the HVE market. These include storage and communication technology, such as the

introduction of PCs into the homes, the digitization and compression of audio, speech andimages, the introduction of the mobile phone, the advent of the Internet and the associatedservice industry, and so forth. The current landscape of HVE, from a business and technological

viewpoint is influenced by these developments. Boundaries between traditional businesses havebecome blurred. As an example, telecom providers are intervening in the broadcast market withTV over ADSL and computer suppliers are providing highly fashionable products supported by

services, such as Apple with its iPod and iTunes.

In this fast changing landscape, in which digital electronics, software, communication, contentand services have become intricately intertwined, business has become highly competitive and

dynamic, with very fast innovation cycles, and rapid intake of new technologies and advances inexisting technologies. Nevertheless, legacy qualities related to consumer devices, such asextreme fit-for-purpose, low cost, high reliability and availability have to be maintained.

Given the ESI focus on embedded systems engineering, two types of companies are of mostinterest: CE companies such as Philips CE, Nokia and Samsung CE together with platformproviders such as Philips Semiconductors, ST and Infineon. The embedded systems architecture

responsibility for many such products is often shared between the CE company and the platformproviders.

HVE products and their markets share some common (interrelated) characteristics from the point

of view of ESI research. These are: High-volume: High-volume products are mass-produced with manufacturing runs in the

millions. Due to the increasing NRE cost per silicon process technology step, chip

volumes have to increase to remain affordable.

Low-cost: The high-volume product market, and notably the consumer electronics market

is a cutthroat market, with thin product margins, and steep cost-down curves.

High feature integration: Products are not single purpose anymore, but integrate

functionality from other products where possible. A cell phone is additionally a camera,an address book, and a voice recorder. A television can play MP3 songs, display still

pictures, connect to a variety of peripherals, and obtain content from service providers.

Extremely fast innovation cycles: As the functionality increase in many HVE products is

directly related to the opportunities provided by the steep technology curves, innovation

cycles have become extremely short, often less than 1 year.


Performance

High-volume products often share selected and key performance issues. Low energy usage is ofutmost importance in mobile devices. Image quality may be a key differentiating factor in the


27/59




television products. With the extremely high level of feature integration and systems-on-chip

concepts in these products, such performance issues become multi-disciplinary design questions:

How to create algorithms and approaches to run application at varying speed to conserveenergy, yet maintain acceptable performance as perceived by a user?

How to split up image quality improvements over hardware and software components?

Such performance questions need to be addressed by holistic performance analysis andprediction methods that can analyze and predict the impact of such trade-offs. Furthermore

approaches that allow synthesis of systems with required performance characteristics have to bedeveloped.

Reliability

Reliability in HVE may be viewed from two different perspectives. First, there is the key economic

driver originating from the users appreciation or perception of product reliability and quality. Highavailability, possibly at the cost of performance, is an important aspect. Secondly, there is the

more traditional notion of reliability, in the sense of absence of faults, exhibiting predictablebehavior and so on, that is of importance in the Business-to-Business relation inherent in thesupply of platforms to system integrators.

Maintaining reliability levels of the past have become extremely difficult, due to the ever-increasing product size and complexity caused by the rapid increase in functionality and features,and the high integration levels required for cost reduction.

This challenge is complicated by the fact that the analysis concepts, techniques and tools must fitwithin the low-cost constraints of HVE. As such, options as hardware redundancy and derating

may not be feasible. Further, the notion of perceived product reliability may require us to venturein the cognitive domain to better understand the development of such perceptions on the part ofthe user.

Evolvability

High-volume products have a decreasing life-time, often less than 1 year as exemplified by thecell phone market. To sustain viable product innovation in a high-volume market with increasingcomplexity and feature integration, evolvability at the architectural and manufacturing levels is

important:

Architecture level: This supports short innovation cycles and steep cost-down curves,without requiring complete and cost-prohibitive redesigns, and

Manufacturing level: This supports a fast changeover of production of next generationproducts without requiring a lengthy retooling and redesign of manufacturing plants.

The central aspect of high-volume product evolvability relates to integration. It must allow keyfunctional components to be designed that allow architectures to be formulated to support rapidcreation of product increments, and their manufacturing lines, from one generation to the next,while maintaining relevant system properties, such as performance and reliability.

Developing solutions in response to such research questions will have the added benefit ofallowing component and subsystem technology roadmaps to be cost effectively integrated intothe product development and manufacturing process.


28/59




4.4 High-integrity, safety-critical embedded systems


The category of high-integrity, safety-critical embedded systems comprises products such asmilitary systems, automotive safety and control systems (e.g. Adaptive Cruise Control, ABS,

drive-by-wire), avionics and aerospace systems (e.g. flight-control systems). Typicalcompanies operating in this sector are Airbus, Boeing, Bosch, Honeywell Aerospace, RockwellCollins, Siemens VDO, Thales, and many car manufacturers such as BMW, DC, GM, Ford,

Honda, Nissan etc. which act as systems integrators. Their products and markets share somecommon characteristics from the point of view of ESI research:

Priority on safety: For high-integrity, safety-critical embedded systems, occurrence of a

system failure could lead to injury or loss of human life. Hence these systems must be

designed for continued safe operation even when some of their components fail.Typically this is achieved by a rigorous hazard analysis, and risk mitigation through

redundancy in hardware, software, and through logic and dynamic product behaviorrelating to rollover, reconfiguration, and sometimes even development teams.

Predictable performance: Customers of high-integrity, safety-critical embedded systems,

notably military systems, write quantitatively formulated performance requirements intothe purchase contract, and have these proven by means of system acceptance tests.

Very long life-time: High-integrity, safety-critical embedded systems, notably airplanes or

military systems, typically have a very long life-time, where the total cost of ownership isdetermined in large part by the cost of operations, maintenance, and systems evolution.

Harsh environmental conditions: High-integrity, safety-critical embedded systems often

operate under stressing conditions exposed to vibrations, shocks, extreme temperaturevariations (e.g. -40 to +85 C).

The development of high-integrity, safety-critical embedded systems is often dominated by non-

functional requirements, i.e. usability, safety, reliability, time, and cost. In comparison withfunctional requirements, non-functional requirements are more difficult to understand, to estimate(impact and ramifications), and to validate (without interacting with the final and complete

system). This makes it difficult to assess different system architectural options and alternatives.

Many of high-integrity, safety-critical embedded systems are designed as a cooperation of

several (often networked) subsystems. As a consequence, modifying or enhancing system levelfunctionality may imply changes in several subsystems, requiring a broad range of skills and anappreciation for the big picture. Moreover, as equipment is produced and maintained by different,often specialized, vendors, systems integrators are faced with varying levels of product visibility,

subcontracting processes, schedules, and costs.

While these systems, particularly in the military domain, once drove the electronics industry, theyare today consumers of the technologies developed for commercial applications. The impact is

significant. While these systems have long operational lives, their constituent and commercialcomponents have short lives with obsolescence being a major concern. Technology refreshmentapproaches must be developed and implemented to address these asynchronous lifecycles.


29/59




Such approaches often require system modifications and upgrades, and then re-testing and

validation to ensure safe operations.

The drive for cost and time reduction during development makes COTS (Commercial-Off-The-Shelve) solutions very attractive. Such cost advantages during development can be quickly lost if

longer term issues relating to sustainability are not simultaneously considered.

To support this trend in high-integrity, safety-critical embedded systems, significant improvementsare needed in the methodologies that support achieving predictable performance for such

systems, and rapid assessment validation of the systems dependability in light of the rapidevolution of components and subsystems.


Performance

For High-integrity, safety-critical embedded systems, system performance should be predictable.Hence methods and techniques are needed that can analyze and predict key system

performance indicators, and design approaches that ensure the predictability or constancy ofsystem performance to ensure continued safe operation

Reliability

Traditional methods for achieving safety properties originate from hardware-dominated systems.Software-intensive embedded systems require new approaches. Here there is a definite need todevelop constructive and analytical methods for ensuring safety. Integrity concept, i.e. self-

awareness of the degree of correct functioning, system partitioning, duplication, and redundancy

concepts for safe systems all require multi-disciplinary methods to reason about the safety of thecomplete product.

Evolvability

High-integrity, safety-critical embedded systems have a very long in-service life-time expectation,often measured in decades. In this respect they are even more extreme than the professional

systems category and greater attention is needed for the following two levels of evolvability:

System level: to support field upgrades, and adaptations in response to a changingoperational environment, and

Architecture level: to support short innovation cycles in component technology, without

requiring complete and cost prohibitive redesigns.The key to evolvability for high-integrity, safety-critical systems is the design of functionalcomponents that allow architectures to be formulated to create sustainable products optimized fordifferent applications over long operational lives without compromising safety.

4.5 Domain generalization: Embedded System engineering

Systems Engineering began to evolve as a branch of engineering during the late 1950s. Duringthis time both the race to space and the race to develop missiles with nuclear warheads wereconsidered essential. Extreme pressure was placed on the military services and their


30/59




development teams to develop, test, and bring these systems in operation. Tools and techniques

were developed to support both mission success and project management.

Engineering management evolved and standardized the use of specifications, interface control,documents, design reviews, and formal change control. The advent of the computer permitted

extensive simulation and evaluation of systems, subsystems, and components; thus accuratesynthesis of system elements and design trade-offs became possible.

Many lessons were learned from project difficulties and system failures. These lessons led to

innovations in practices in all phases of high-tech product development, including all phases ofengineering, procurement, manufacturing, testing and quality control. One driving force for theseinnovations was the attainment of high system reliability.

In its present and still evolving form, Systems Engineering integrates elements of manydisciplines such as system modeling and simulation, decision analysis, project management and

control, requirements development, software engineering, operations research, risk management,etc. Systems Engineering is an overarching discipline, providing the tradeoff analyses andintegration between system elements to achieve the best overall product and/or service. It ismuch more an engineering focus than a management discipline and has a very quantitative

basis, involving tradeoff, optimization, selection and integration of the products of many otherengineering disciplines.

During the early design phase of a system the architect is confronted with many challenges.

Understand the system purpose to create an appropriate design.

Create an overview of all relevant functional and system properties.

Obtain a deep understanding of the mutual dependencies between properties that havehigh impact on system design.

Design the system structure, such that the system will exhibit the intended behavior. Thisincludes validating early that, once implemented, the actual behavior will indeed be the

intended behavior.

Understand the design limitations, and the critical system strengths and weaknesses.This will help the architect to deal with the many late changes confronted during system

realization, ranging from new or changed functional and performance requirements, tounavailability of components, sub-systems or technology.

Design studies show that in the early design phase, solution-conjectures direct the process ofproblem understanding, and thus the insight into the problem and the creation of the designevolve simultaneously. This implies that the architect faces the aforementioned challenges

simultaneously. In this phase most of the decisions made by the architect are based on intuitionbuilt over years of experience.

Only very few, if any, explicit approaches, methods and means are available to support the

architect in these early design phases. Note that it is our conviction that even with appropriateapproaches, methods and means for the systems within the ESI research scope, poor designers


31/59


32/59





33/59




5 SYSTEM OBJECTIVES

5.1 Introduction

Having analyzed the relation between the application domain categories and the systemobjectives of performance, reliability, and evolvability in the previous chapter, the more detailed

planning of the research will now be presented along the dimension of these objectives. For eachof them we will present the ESI research program in terms of expected results and a timeline,while relating them to the other two dimensions of the integrated perspective presented in

chapter 3, viz. the methodology and application domain category dimensions. Here, the expectedresults are formulated in terms of their scientific and technical contents, but they will be madeavailable through standard means of academic and industrial communication in the form of

articles in international scientific journals, conference contributions, (invited) presentations,technical reports, etc.

A general problem of the realization of all the different system objectives is that they are nearly

always interrelated, and their interference creates tensions and a need for trade-offs in designs.E.g., adding the necessary error recovery, diagnoses, tracing, etc. to warrant reliability androbustness may lead to large performance deviations. Similarly, adding more genericity to a

design in order to improve evolvability is often disadvantageous with respect to the performance.There exist many relevant qualities and constraints, and it is not always easy to select the mostimportant tensions. Moreover, at design time one has to deal with a large number of

uncertainties, which make it very difficult to support well-founded trade-offs.

This observed interdependence also implies that at the level of the research agenda the plannedactivities should also be seen as activities across the different system objectives, not being

exclusive to just the objective under which they are listed.

5.2 Performance

5.2.1 Introduction

Performance plays an important role in all disciplines involved in the design of high-tech systems,

such as electrical engineering, mechanical engineering and software engineering. According to astudy on quality attributes [1], typical performance concerns are latency (how long does it take to

respond to an event) and throughput (the number of events responses completed over a giventime interval). Other performance indicators concern resource utilization and buffer occupancy.Furthermore, performance of an embedded control system is evaluated with respect to accuracy

of tracking a set point, disturbance regulation, or reduction of the effects of parameter variations(page 664 in [2]). Design of high-tech products incorporates the performance requirements eitheras a constraint or an optimization criterion. Performance indicators are among the most important

ones of a high-tech product, as they are often a key selling factor.


34/59




Examples of system performance requirements:

Number of papers that can be copied per minute shall be 80.

Number of wafers that can be illuminated per hour shall be 75. An incoming image must be decoded and presented on the screen every 20 ms.

The accuracy of printing (overlay) is 1 mm.

Notice that these examples actually refer to very simple cases in which indictors are clearlymeasurable. Even though performance seems to be of a very quantitative nature, often it is not.In addition, multiple (conflicting) requirements often have to be taken care of simultaneously, as is

demonstrated with the following example:

The device must decode and present an incoming image on the screen every 20 ms withan acceptable user-perceived image quality. The device is battery-powered and may

weigh at most 100 grams.

Also requirements are not always strict. If the above mentioned device can realize a twiceas good image quality at the cost of a total weight of 105 grams, this might turn out to be

acceptable as well.

5.2.2 Problem statement

Next to heterogeneity and the interaction with other system qualities as mentioned in Section 2.3,

we mention here other key problems that make it difficult to design products with the requiredperformance.

Dynamism and adaptivity: difference between the worst- and average case is increasing

Performance estimation and implementation techniques, such as scheduling policies, are often

based on worst case computation times. Drawbacks of product design based on worst casebehavior are over-dimensioning and large costs. Especially, since the difference between worstcase and average case is increasing, e.g., because systems become more dynamic and there

are large differences between computations depending on the input. One source of dynamism isthat the openness and networking of many systems cause an increased user interaction (think ofone person copying at a copier, while another tries to print a document that is sent over a

network). An example of the variability of the input is the processing of a video stream that

depends on the pictures displayed; how many objects there exist, the amount of movement in thebackground, etc. Another source of differences between average and worst case can be found in

hardware optimizations, such as pipelining and caching that cause differences in execution times(jitter) and decrease predictability. Moreover, miniaturization in hardware leads to productvariability and inherent unpredictability.

The increasing dynamic character of high-tech systems urges increasing application of adaptiveon-line scheduling techniques and dynamic load balancing, at the cost of considerable overheadand complexity. Although aimed at performance improvement on one hand, both the overhead

and complexity may endanger the system performance on the other.


35/59




Prediction and realization: it is difficult to anticipate performance during the design

process

The issues mentioned so far cause problems for the realization of appropriate performance.

Design techniques aiding in achieving the required performance are therefore indispensable. Inaddition, some of the issues make it extremely difficult topredictthe system performance during

the design process, in order to make proper design decisions. This is especially profound in the

early stages of the development. Inadequate design choices might lead to a valueless productdue to a poor performance/cost ratio. Observe that, since many system details are unknown oruncertain during design, we cannot expect exact quantification of these qualities.

As a consequence, it is important to look for techniques that allow reasonable performanceprediction early in the design process. Obtaining such techniques is a challenging but importanttask, since they provide a suitable basis for making good design choices that will not be regretted

later. The techniques, however, should be light-weight, in the sense that they satisfy the industrial

constraints of quick and easy application by industrial engineers to a number of possible designs.Appropriate design methods and tools aiming at system realization while taking performance

requirements into account, become important later in the design process.

5.2.3 Existing solutions

In summary, realization of desired performance in high-tech systems must consider the following

challenges:

Heterogeneity

Interactions with other system qualities

Dynamism and adaptivity

Performance prediction and realization

Each particular challenge is already addressed in a specific scientific area. For instance, hybrid

systems theory [3] deals with heterogeneity by combining continuous physical behavior withdiscrete-event control algorithms. Heterogeneity is also found in the domain of streaming, wheredataflow models are combined with discrete-even control models [4]. Interaction among different

system qualities is addressed in [5]. Adaptive resource and quality of service (QoS) managementtechniques are developed to tackle dynamism in the streaming applications [6]. Modularperformance analysis (MPA) is used for predicting the performance of concurrent tasks mapped

onto heterogeneous hardware platforms [7]. For prediction of worst-case motion controlperformance, control algorithms are developed based on dynamical models of the motionsystems and models of uncertainties (parasitic dynamics and disturbances) affecting these

systems [8]. Finally, time triggered architecture is a technique to design and realize real-timedistributed application [9]. Most of the existing techniques target only particular challenges fromthe list above, rather than several of them together. Therefore, achievement of the desired

performance in a high-tech product incorporates the use of many techniques that are often onlyweakly related to each other due to domain specific formalisms. Some of these techniques areeven not suited for the problems of industrial complexity. Diversity, limitations and complexity in

use of the existing techniques impede their wider acceptance in industry.


36/59




5.2.4 ESI research on performance

To facilitate achievement of performance requirements in high-tech systems, ESI is developingmethodologies for performance prediction and realization design that cover the abovementionedchallenges in an integral and unified way. The focus will be on model-based approaches, both for

analysis and design using industrial case studies to calibrate the methodologies for practicalapplicability.

Modeling & analysis

The development of system engineering approaches to identify the most importanttensions and conflicts between the various performance indicators and other system

qualities. Modelling and analysis should focus on these important issues and support thedecision making in the design. A starting point for ESI is the approach outlined in [5].

Exploration of different existingformalisms for performance modeling and analysis and

their tool support. In particular those that match the selected design and synthesisapproaches (see next paragraph). Investigate advantages and disadvantages.

o In the context of performance evaluation for digital control architectures the

evaluation will start with studying the state-of-the-practice ranging from back-of-the-envelope estimates to Rate Monotonic Analysis [23]. From an academic pointof view Modular Performance Analysis [7], POOSL [19, 20], UPPAAL [21l], will

form starting points.

o For streaming applications the integration of event-driven models and data flow

models will be investigated to capture and understand the effects of sporadicevents (e.g. additional user requests) interfering with ongoing dataflowcomputations. The approaches in [4, 10] present initial strategies. Moreover,formalisms will be developed to reason about both worst-case and stochastic

behaviour and to predict the impact on end-to-end performance metrics. Startingpoints are given in [11, 12]. Development of feedback control mechanisms [2, 8]for o

Documents

ESI Research Agenda V7 11