#### Development of Dependable Network-on-Chip Platform (4)

#### Tomohiro Yoneda National Institute of Informatics

Masashi Imai Hirosaki Univ. Takahiro Hanyu Tohoku Univ. Hiroshi Saito Univ. of Aizu Kenji Kise Tokyo Tech.





#### Goal

- Platform for performing many and various tasks dependably, efficiently and adaptively
- Demonstration in automotive control system area



# Backgrounds

Recent cars are equipped with many ECUs
 Centralized ECU approach





## Outcome

- Hardware platform
  - Multi-Chip NoC
    - Fully asynchronous on-chip network
    - Dependable, adaptive, deadlock-free routing
    - Efficient inter-chip communication technology
- Dependable task execution
  - Modified Pair & Swap
- Task allocation
  - Redundant allocation, redundant scheduling
- Demonstration of the proposed approach
  Practical automotive application

National Institute of Informatics 国立情報学研究所

#### Outcome

- Hardware platform
  - Multi-Chip NoC
    - Fully asynchronous on-
    - Dependable, adaptive, o
    - Efficient inter-chip comm
- Dependable task exec
  - Modified Pair & Swap
- Task allocation
  - Redundant allocation,
- Routers Routers V850E CPU cores
- Demonstration of the proposed approach

Practical automotive application

National Institute of Informatics 国立情報学研究所

## Outcome

- Hardware platform
  - Multi-Chip NoC
    - Fully asynchronous on-chip network
    - Dependable, adaptive, deadlock-free routing
    - Efficient inter-chip communication technology
- Dependable task execution
  - Modified Pair & Swap
- Task allocation
  - Redundant allocation, redundant scheduling
- Demonstration of the proposed approach
  Practical automotive application

National Institute of Informatics 国立情報学研究所



## Modified Pair & Swap

 Duplicated execution, comparison, and pairreconfiguration



Idea is simple!



2013/6/30 IFIP WG 10.4

## Implementation is not so simple!

- Issues to be considered
  - Copies of tasks should be loaded in several cores, considering possible faulty patterns
  - Third core should always know every information of the task execution for TMR configuration
  - For each faulty patterns, every task execution should be done within the control cycle
  - Programmers do not want to think about duplicated or triplicated task execution

#### Static / Redundant Task Allocation

#### Task graph







#### Static / Redundant Task Allocation

#### Task graph







#### Static / Redundant Task Allocation

#### Task graph







Alert should be indicated

# **Temporary TMR configuration**

- Active tasks are also re-executed
  - Transient errors can be masked
- Only "TMR command" is given
  - Quick execution is possible
  - IO core does not have to keep data



## Modified Pair & Swap

 Duplicated execution, comparison, and pairreconfiguration



# **Temporary TMR configuration**

- Active tasks
  - should roll back their state variables
- Stand-by task
  - should have correct input variables and state variables



# **Temporary TMR configuration**

- To prepare for TMR configuration, standby task usually
  - Receives all input data given to active tasks
  - Receives the state variables updated by active tasks





#### Example of task execution



2013/6/30 IFIP WG 10.4

国立情報学研究所

#### Example of task execution



## Implementation is not so simple!

- Issues to be considered
  - Copies of tasks should be loaded in several cores, considering possible faulty patterns
  - Third core should always know every information of the task execution for sudden TMR configuration
  - For each faulty patterns, every task execution should be done within the control cycle
  - Programmers do not want to think about duplicated or triplicated task execution

# **Tool support**

- Given by users
  - Simplex simulink program
  - Task declaration (by specifying atomic subsystems)
  - # of task copies allocated
  - # of processer cores available
- Front-end GUI tool supports
  - Allocation of multiple task copies to redundant processor cores with timing and memory constraints
- Back-end tool supports (ongoing work)
  - C code generation for simulink codes
  - Wrapper code templates for receiving and sending data as well as handling TMR configuration

# IO core duplication (ongoing work)

- IO core plays simple but important roles
  - Implemented by hardware or a small processor
  - Simple crash fault assumed
    - Fixed duplex configuration



# Summary

- For our dependable NoC based platform
  - Implementation of dependable task execution (i.e., modified Pair & Swap)
  - Task allocation for modified Pair & Swap
    - Front-end tool
- Ongoing work
  - Back-end tool
  - Implementation of duplicated IO core