Embedded systems handbook

The book covers extensively the design and validation of real-time embedded systems, design andverification languages, operating systems and scheduling, timing and performance analysis,

H A N D B O O K

EMBEDDED SYSTEMS

Published Books

Industrial Communication Technology Handbook

Edited by Richard Zurawski

Embedded Systems Handbook

Edited by Richard Zurawski

Forthcoming Books

Electronic Design Automation for Integrated Circuits Handbook

Luciano Lavagno, Grant Martin, and Lou Scheffer

Series Editor

RICHARD ZURAWSKI

H A N D B O O K

E d i t e d b y

R I C H A R D Z U R A W S K I

EMBEDDED SYSTEMS

A CRC title, part of the Taylor & Francis imprint, a member of the Taylor & Francis Group, the academic division of T&F Informa plc.

Boca Raton London New York

Alberto Sangiovanni-Vincentelli, University of California, Berkeley, U.S (Chair)

Giovanni De Micheli, Stanford University, U.S

Stephen A Edwards, Columbia University, U.S

Aarti Gupta, NEC Laboratories, Princeton, U.S

Rajesh Gupta, University of California, San Diego, U.S

Axel Jantsch, Royal Institute of Technology, Sweden

Wido Kruijtzer, Philips Research, The Netherlands

Luciano Lavagno, Cadence Berkeley Laboratories, Berkeley, U.S., and Politecnico di Torino, ItalyRobert de Simone, INRIA, France

Grant Martin, Tensilica, U.S

Pierre G Paulin, ST Microelectronics, Canada

Antal Rajnák, Volcano AG, Switzerland

Françoise Simonot-Lion, LORIA, France

Thomas Weigert, Motorola, U.S

Reinhard Wilhelm, University of Saarland, Germany

Lothar Thiele, Swiss Federal Institute of Technology, Switzerland

The purpose of the Embedded Systems Handbook is to provide a reference useful to a broad range of

professionals and researchers from industry and academia involved in the evolution of concepts andtechnologies, as well as development and use of embedded systems and related technologies

The book provides a comprehensive overview of the field of embedded systems and applications Theemphasis is on advanced material to cover recent significant research results and technology evolution anddevelopments It is primarily aimed at experienced professionals from industry and academia, but willalso be useful to novices with some university background in embedded systems and related areas Some

of the topics presented in the book have received limited coverage in other publications either owing tothe fast evolution of the technologies involved, or material confidentiality, or limited circulation in thecase of industry-driven developments

The book covers extensively the design and validation of real-time embedded systems, design andverification languages, operating systems and scheduling, timing and performance analysis, power awarecomputing, security in embedded systems, the design of application-specific instruction-set processors(ASIPs), system-on-chip (SoC) and network-on-chip (NoC), testing of core-based ICs, network embeddedsystems and sensor networks, and embedded applications to include in-car embedded electronic systems,intelligent sensors, and embedded web servers for industrial automation

The book contains 46 contributions, written by leading experts from industry and academia directlyinvolved in the creation and evolution of the ideas and technologies treated in the book

Many of the contributions are from industry and industrial research establishments at the forefront ofthe developments shaping the field of embedded systems: Cadence Systems and Cadence Berkeley Labs(USA), CoWare (USA), Microsoft (USA), Motorola (USA), NEC Laboratories (USA), Philips Research(The Netherlands), ST Microelectronics (Canada), Tensilica (USA), Volcano (Switzerland), etc

The contributions from academia and governmental research organizations are represented by some

of the most renowned institutions such as Columbia University, Duke University, Georgia Institute ofTechnology, Princeton University, Stanford University, University of California at Berkeley/Riverside/San Diego/Santa Barbara, University of Texas at Austin/Dallas, Virginia Tech, Washington University —from the United States; Delft University of Technology (Netherlands), IMAG (France), INRIA/IRISA(France), LORIA-INPL (France), Malardalen University (Sweden), Politecnico di Torino (Italy), RoyalInstitute of Technology — KTH (Sweden), Swiss Federal Institute of Technology — ETHZ (Switzerland),Technical University of Berlin (Germany), Twente University (The Netherlands), Universidad Politecnica

de Madrid (Spain), University of Bologna (Italy), University of Nice Sophia Antipolis (France), University

of Oslo (Norway), University of Pavia (Italy), University of Saarbrucken (Germany), University of Toronto(Canada), and many others

The material presented is in the form of tutorials, surveys, and technology overviews The contributionsare grouped into sections for cohesive and comprehensive presentation of the treated areas The reports

on recent technology developments, deployments, and trends frequently cover material released to theprofession for the first time

The book can be used as a reference (or prescribed text) for university (post)graduate courses:Section I(Embedded Systems) provides “core” material on embedded systems Selected illustrations of actualapplications are presented inSection VI(Embedded Applications).Sections IIandIII(System-on-ChipDesign, and Testing of Embedded Core-Based Integrated Circuits) offer material on recent advances insystem-on-chip design and testing of core-based ICs Sections IV and V (Networked Embedded Systems,and Sensor Networks) are suitable for a course on sensor networks

The handbook is designed to cover a wide range of topics that comprise the field of embedded tems and applications The material covered in this volume will be of interest to a wide spectrum ofprofessionals and researchers from industry and academia, as well as graduate students, from the fields ofelectrical and computer engineering, computer science and software engineering, as well as mechatronicengineering.

sys-It is an indispensable companion for those who seek to learn more about embedded systems andapplications, and those who want to stay up to date with recent technical developments in the field It isalso a comprehensive reference for university or professional development courses on embedded systems

Organization

Embedded systems is a vast field encompassing numerous disciplines Not every topic, however important,can be covered in a book of reasonable volume without superficial treatment Choices need to be madewith respect to the topics covered, balance between research material and reports on novel industrialdevelopments and technologies, balance between so-called “core” topics and new trends, and other aspects.The “time-to-market” is another important factor in making those decisions, along with the availability

of qualified authors to cover the topics

One of the main objectives of any handbook is to give a well-structured and cohesive description of

fundamentals of the area under treatment It is hoped that the section Embedded Systems has achieved this

objective Every effort was made to make sure that each contribution in this section contains introductorymaterial to assist beginners with the navigation through more advanced issues This section does notstrive to replicate or replace university level material, but, rather, tries to address more advanced issues,and recent research and technology developments

To make this book timely and relevant to a broad range of professionals and researchers, the bookincludes material reflecting state-of-the-art trends to cover topics such as design of ASIPs, SoC com-munication architectures including NoC, design of heterogeneous SoC, as well as testing of core-basedintegrated circuits This material reports on new approaches, methods, technologies, and actual sys-tems The contributions come from the industry driving those developments, industry-affiliated researchinstitutions, and academic establishments participating in major research initiatives

Application domains have had a considerable impact on the evolution of embedded systems, in terms

of required methodologies and supporting tools, and resulting technologies A good example is the erated evolution of the SoC design to meet demands for computing power posed by DSP, network andmultimedia processors SoCs are slowly making inroads into the area of industrial automation to imple-ment complex field-area intelligent devices which integrate the intelligent sensor/actuator functionality byproviding on-chip signal conversion, data and signal processing, and communication functions There is

accel-a growing tendency to network field-accel-areaccel-a intelligent devices accel-around industriaccel-al communicaccel-ation networks.Similar trends appear in the automotive electronic systems where the Electronic Control Units (ECUs)are networked by means of safety-critical communication protocols such as FlexRay, for instance, forthe purpose of controlling vehicle functions such as electronic engine control, anti-locking break system,active suspension, etc The design of this kind of networked embedded system (this also includes hardreal-time industrial control systems) is a challenge in itself due to the distributed nature of processingelements, sharing a common communication medium and safety-critical requirements With the auto-motive industry increasingly keen on adopting mechatronic solutions, it was felt that exploring, in detail,the design of in-vehicle electronic embedded systems would be of interest to the readers of this book.The applications part of the book also touches the area of industrial automation (networked controlsystems) where the issues are similar In this case, the focus is on the design of web servers embedded inthe intelligent field-area devices, and the security issues arising from internetworking

Sensor networks are another example of networked embedded systems, although, the “embedding”factor is not so evident as in other applications; particularly for wireless and self-organizing networks wherethe nodes may be embedded in the ecosystem, battlefield, or a chemical plant, for instance The area of

wireless sensor networks has now evolved into a relative maturity Owing to novelty, and growing ance, it has been included in the book to give a comprehensive overview of the area, and present newresearch results which are likely to have a tangible impact on further developments and technology.The specifics of the design automation of integrated circuits have been deliberately omitted in this book

import-to keep the volume at a reasonable size and in view of the publication of another handbook which covers

these aspect in a comprehensive way: The Electronic Design Automation for Integrated Circuits Handbook,

CRC Press, FL, 2005, Editors: Luciano Lavagno, Grant Martin, and Lou Scheffer

The aim of the Organization section is to provide highlights of the contents of the individual chapters

to assist readers with identifying material of interest, and to put topics discussed in a broader context.Where appropriate, a brief explanation of the topic under treatment is provided, particularly for chaptersdescribing novel trends, and with novices in mind The book is organized into six sections: Embed-ded Systems, System-on-Chip Design, Testing of Embedded Core-Based Integrated Circuits, NetworkedEmbedded Systems, Sensor Networks, and Embedded Applications

I Embedded Systems

This section provides a broad introduction to embedded systems The presented material offers a bination of fundamental and advanced topics, as well as novel results and approaches, to cover the areafairly comprehensively The presented topics include issues in real-time and embedded systems, designand validation, design and verification languages, operating systems, timing and performance analysis,power aware computing, and security

com-Real-Time and Embedded Systems

This subsection provides a context for the material covered in the book It gives an overview of real-timeand embedded systems and their networking to include issues, methods, trends, applications, etc

The focus of the chapter Embedded Systems: Toward Networking of Embedded Systems is on

network-ing of embedded systems It briefly discusses the rationale for the emergence of these kinds of systems,their benefits, types of systems, diversity of application domains and requirements arising from that, aswell as security issues Subsequently, the chapter discusses the design methods for networked embeddedsystems, which fall into the general category of system-level design The methods overviewed focus ontwo separate aspects, namely the network architecture design and the system-on-chip design The designissues and practices are illustrated by examples from the automotive application domain After that, thechapter introduces selected application domains for networked embedded systems, namely: industrialand building automation control, and automotive control applications The focus of the discussion is onthe networking aspects The chapter gives an overview of the networks used in industrial applications,including the industrial Ethernet and its standardization process; building automation control; and net-works for automotive control and other applications from the automotive domain — but the emphasis

is on networks for safety critical solutions Finally, general aspects of wireless sensor/actuator networksare presented, and illustrated by an actual industrial implementation of the concept At the end of thechapter, a few paragraphs are dedicated to the security issues for networked embedded systems

An authoritative introduction to real-time systems is provided in Real-Time in Embedded Systems The

chapter covers extensively the areas of design and analysis, with some examples of analysis, as well astools; operating systems (an in-depth discussion of real-time embedded operating systems is presented in

the chapter Real-Time Embedded Operating Systems Standards and Perspectives); scheduling (the chapter

Real-Time Embedded Operating Systems: The Scheduling and Resource Management Aspects presents an

authoritative description and analysis of real-time scheduling); communications to include descriptions ofselected fieldbus technologies and Ethernet for real-time communications; and component based design,

as well as testing and debugging This is essential reading for anyone interested in the area of real-timesystems

Design and Validation of Embedded Systems

The subsection Design and Validation of Embedded Systems contains material presenting design

methodo-logy for embedded systems and supporting tools, as well as selected software and hardware implementationaspects Models of Computation (MoC) — which are essentially abstract representations of computingsystems — are used throughout to facilitate design and validation stages of systems development andapproaches to validation as well as available methods and tools The verification methods, together

with an overview of verification languages, are presented in subsection Design and Verification

Lan-guages In addition, the subsection presents novel research material including a framework used to

introduce different models of computation particularly suited to the design of heterogeneous processor SoC, and a mathematical model of embedded systems based on the theory of agents andinteractions

multi-A comprehensive introduction to the design methodology for embedded systems is presented in the

chapter Design of Embedded Systems It gives an overview of the design issues and stages Then, the

chapter presents, in quite some detail, the functional design, function/architecture and hardware/softwarecodesign, and hardware/software coverification and hardware simulation Subsequently, the chapter dis-cusses selected software and hardware implementation issues While discussing different design stages andapproaches, the chapter also introduces and evaluates supporting tools

An excellent introduction to the topic of models of computation, particularly for embedded systems, is

presented in the chapter Models of Embedded Computation The chapter introduces the origin of MoC, and

the evolution from models of sequential and parallel computation to attempts to model heterogeneousarchitectures In the process, the chapter discusses, in relative detail, selected nonfunctional propertiessuch as power consumption, component interaction in heterogeneous systems, and time It also presents anew framework used to introduce four different models of computation, and shows how different timeabstractions can serve different purposes and needs The framework is subsequently used to study thecoexistence of different computational models; specifically the interfaces between two different MoCs andthe refinement of one MoC into another This part of the chapter is particularly relevant to the material

on the design of heterogeneous multiprocessor SoC presented in the section System-on-Chip Design.

A comprehensive survey of selected models of computation is presented in the chapter Modeling

Formalisms for Embedded System Design The surveyed formalisms include Finite State Machines (FSM),

Finite State Machines with Datapath (FSMD), Moore machine, Mealy machine, Codesign Finite StateMachines (CFSM), Program State Machines (PSM), Specification and Description Language (SDL),Message Sequence Charts (MSC), Statecharts, Petri nets, synchronous/reactive models, discrete eventsystem, Dataflow Models, etc The presentation of individual models is augmented by numerousexamples

The chapter System Validation briefly discusses approaches to requirements capture, analysis and

validation, and surveys available methods and tools to include: descriptive formal methods such asVDM, Z, B, RAISE (Rigorous Approach to Industrial Software Engineering), CASL (Common AlgebraicSpecification Language), SCR (Software Cost Reduction), and EVES; deductive verifiers: HOL, Isabelle,PVS, Larch, Nqthm, and Nuprl; state exploration tools: SMV (Symbolic Model Verifier), Spin, COSPAN(COordination SPecification Analysis), MEIJE, CADP, and Murphi It also presents a mathematical model

of embedded systems based on the theory of agents and interactions To underline a novelty of this alism, classical theories of concurrency are surveyed to include process algebras, temporal logic, timedautomata, (Gurevich’s) ASM (Abstract State Machine), and rewriting logic As an illustration, the chapterpresents a specification of a simple scheduler

form-Design and Verification Languages

This section gives a comprehensive overview of languages used to specify, model, verify, and programembedded systems Some of those languages embody different models of computation discussed inthe previous section A brief overview of Architecture Description Languages (ADL) is presented in

Embedded Applications (Automotive Networks); the use of this class of languages, in the context of

describing in-car embedded electronic systems, is illustrated through the EAST-ADL language

An authoritative introduction to a broad range of languages used in embedded systems is

presen-ted in the chapter Languages for Embedded Systems The chapter surveys some of the most representative

and widely used languages Software languages: assembly languages for complex instruction set computers(CISC), reduced instruction set computers (RISC), digital signal processors (DSPs) and very-long instruc-tion word processors (VLIWs), and for small (4- and 8-bit) microcontrollers; the C and C++ Languages;Java; and real-time operating systems Hardware languages: Verilog and VHDL Dataflow languages: KahnProcess Networks and Synchronous Dataflow (SDF) Hybrid languages: Esterel, SDL, and SystemC Eachgroup of languages is characterized for their specific application domains and illustrated with ample codeexamples

An in-depth introduction to synchronous languages is presented in The Synchronous Hypothesis and

Synchronous Languages Before introducing the synchronous languages, the chapter discusses the concept

of synchronous hypothesis: the basic notion, mathematical models, and implementation issues sequently, it overviews the structural languages used for modeling and programming synchronousapplications Imperative languages, Esterel and SyncCharts, provide constructs to deal with control-dominated programs Declarative languages, Lustre and Signal, are particularly suited for applicationsbased on intensive data computation and dataflow organization Future trends are also covered

Sub-The chapter Introduction to UML and the Modeling of Embedded Systems gives an overview of the

use of UML (Unified Modeling Language) for modeling embedded systems The chapter presents abrief overview of UML and discusses UML features suited to represent the characteristics of embeddedsystems The UML constructs, the language use, and other issues are introduced through an example

of an automatic teller machine The chapter also briefly discusses a standardized UML profile (a cification language instantiated from the UML language family) suitable for modeling of embeddedsystems

spe-A comprehensive survey and overview of verification languages is presented in the chapter Verification

Languages It describes languages for verification of hardware, software, and embedded systems The focus

is on the support that a verification language provides for dynamic verification based on simulation,

as well as static verification based on formal techniques Before discussing the languages, the chapterprovides some background on verification methods This part introduces basics of simulation-basedverification, formal verification, and assertion-based verification It also discusses selected logics thatform the basis of languages described in the chapter: propositional logic, first-order predicate logic,temporal logics, and regular andω-regular languages The hardware verification languages (HVLs) covered

include: e, OpenVera, Sugar/PSL, and ForSpec The languages for software verification overviewed includeprogramming languages: C/C++, and Java; and modeling languages: UML, SDL, and Alloy Languagesfor SoCs and embedded systems verification include system-level modeling languages: SystemC, SpecC,and SystemVerilog The chapter also surveys domain-specific verification efforts, such as those based onEsterel and hybrid systems

Operating Systems and Quasi-Static Scheduling

This subsection offers a comprehensive introduction to real-time and embedded operating systems to coverfundamentals and selected advanced issues To complement this material with new developments, it gives

an overview of the operating system interfaces specified by the POSIX 1003.1 international standard andrelated to real-time programming and introduces a class of operating systems based on virtual machines.The subsection also includes research material on quasi-static scheduling

The chapter Real-Time Embedded Operating Systems: Standards and Perspectives provides a

compre-hensive introduction to the main features of real-time embedded operating systems It overviews some

of the main design and architectural issues of operating systems: system architectures, process andthread model, processor scheduling, interprocess synchronization and communication, and network sup-port The chapter presents a comprehensive overview of the operating system interfaces specified by

the POSIX 1003.1 international standard and related real-time programming It also gives a shortdescription of selected open-source real-time operating systems to include eCos,µClinux, RT-Linux and

RTAI, and RTEMS The chapter also presents a fairly comprehensive introduction to a class of operatingsystems based on virtual machines

Task scheduling algorithms and resource management policies, put in the context of real-time

systems, are the main focus of the chapter Real-Time Embedded Operating Systems: The

Schedul-ing and Resource Management Aspects The chapter discusses in detail periodic task handlSchedul-ing to

include Timeline Scheduling (TS), Rate-Monotonic (RM) scheduling, Earliest Deadline First (EDF)algorithm, and approaches to handle tasks with deadlines less than periods scheme; and aperi-odic task handling Protocols for accessing shared resources discussed include Priority Inherit-ance Protocol (PIP) and Priority Ceiling Protocol (PCP) Novel approaches, which provide effi-cient support for real-time multimedia systems, for handling transient overloads and executionoverruns in soft real-time systems working in dynamic environments are also mentioned in thechapter

The chapter Quasi-Static Scheduling of Concurrent Specifications presents methods aimed at efficient

synthesis of uniprocessor software with an aim to improve speed of the scheduled design The proposedapproach starts from a specification represented in terms of concurrent communicating processes, derives

an intermediate representation based on Petri nets or Boolean Dataflow Graphs, and finally attempts

to obtain a sequential schedule to be implemented on a processor The potential benefits result fromreplacement of explicit communication among processes by data assignment and reduced amount ofcontext switches due to a reduction of the number of processes

Timing and Performance Analysis

Many embedded systems, particularly hard real-time systems, impose strict restrictions on the executiontime of tasks which are required to be completed within certain time bounds For this class of systems,schedulability analysis requires the upper bounds for the execution times of all tasks to be known in

order to verify whether the system meets its timing requirements The chapter Determining Bounds on

Execution Times presents architecture of the aiT timing-analysis tool and an approach to timing analysis

implemented in the tool In the process, the chapter discusses cache-behavior prediction, pipeline analysis,path analysis using integer linear programming, and other issues The use of this approach is put in thecontext of upper bounds determination In addition, the chapter gives a brief overview of other approaches

to timing analysis

The validation of nonfunctional requirements of selected implementation aspects such as deadlines,throughputs, buffer space, power consumption, etc., comes under performance analysis The chapter

Performance Analysis of Distributed Embedded Systems discusses issues behind performance analysis and its

role in the design process It also surveys a few selected approaches to performance analysis for distributedembedded systems to include simulation-based methods, holistic scheduling analysis, and compositionalmethods Subsequently, the chapter introduces the performance network approach, as stated by authors,influenced by the worst-case analysis of communication networks The presented approach allows one toobtain upper and lower bounds on quantities such as end-to-end delay and buffer space; it also coversall possible corner cases independent of their probability

Power Aware Computing

Embedded nodes, or devices, are frequently battery powered The growing power dissipation, withthe increase in density of integrated circuits and clock frequency, has a direct impact on the cost ofpackaging and cooling, as well as reliability and lifetime These and other factors make the design

for low power consumption a high priority for embedded systems The chapter Power Aware

Embed-ded Computing presents a survey of design techniques and methodologies aimed at reducing static and

dynamic power dissipation The chapter discusses energy and power modeling to include instruction

level and function level power models, micro-architectural power models, memory and bus models, andbattery models Subsequently, the chapter discusses system/application level optimizations which exploredifferent task implementations exhibiting different power/energy versus quality-of-service characterist-ics Energy efficient processing subsystems: voltage and frequency scaling, dynamic resource scaling, andprocessor core selection, are also overviewed in the chapter Finally, the chapter discusses energy efficientmemory subsystems: cache hierarchy tuning, novel horizontal and vertical cache partitioning schemes,dynamic scaling of memory elements, software controlled memories, scratch-pad memories, improvingaccess patterns to on-chip memory, special purpose memory subsystems for media streaming, and codecompression, and interconnect optimizations.

Security in Embedded Systems

There is a growing trend for networking of embedded systems Representative examples of such systems can

be found in automotive, train, and industrial automation domains Many of those systems are required

to be connected to other networks to include LAN, WAN, and the Internet For instance, there is agrowing demand for remote access to process data at the factory floor This, however, exposes systems

to potential security attacks, which may compromise their integrity and cause damage The limitedresources of embedded systems pose considerable challenge for the implementation of effective securitypolicies which, in general, are resource demanding An excellent introduction to the security issues in

embedded systems is presented in the chapter Design Issues in Secure Embedded Systems The chapter

outlines security requirements in computing systems, classifies abilities of attackers, and discusses securityimplementation levels Security constraints in the embedded systems designs discussed include energyconsiderations, processing power limitations, flexibility and availability requirements, and cost of imple-mentation Subsequently, the chapter presents the main issues in the design of secure embedded systems

It also covers, in detail, attacks and countermeasures of cryptographic algorithm implementations inembedded systems

II System-on-Chip Design

Multi-Processor Systems-on-Chip (MPSoC), which combine the advantages of parallel processing withthe high integration levels of SoCs, emerged as a viable solution to meet the demand for computationalpower required by applications such as network and media processors The design of MPSoCs typicallyinvolves integration of heterogeneous hardware and software IP components However, the support forreuse of hardware and software IP components is limited, thus potentially making the design processlabor-intensive, error-prone, and expensive Selected component-based design methodologies for theintegration of heterogeneous hardware and software IP components are presented in this section togetherwith other issues such as design of ASIPs, communication architectures to include NoC, and platformbased design, to mention some Those topics are presented in eight chapters introducing the SoC conceptand design issues; design of ASIPs; SoC communication architectures; principles and guidelines forthe NoC design; platform-based design principles; converter synthesis for incompatible protocols; acomponent-based design automation approach for multiprocessor SoC platforms; an interface-centricapproach to the design and programming of embedded multiprocessors; and an STMicroelectronicsdeveloped exploration multiprocessor SoC platform

A comprehensive introduction to the SoC concept, in general, and design issues is provided in the

chapter System-on-Chip and Network-on-Chip Design The chapter discusses basics of SoC; IP cores and

virtual components; introduces the concept of architectural platforms and surveys selected industryofferings; and provides a comprehensive overview of the SoC design process

A retargetable framework for ASIP design is presented in A Novel Methodology for the Design of

Application-Specific Instruction-Set Processors The framework, which is based on machine descriptions

in the LISA language, allows for automatic generation of software development tools including HLLC-compiler, assembler, linker, simulator, and graphical debugger frontend In addition, synthesizable

hardware description language code can be derived for architecture implementation The chapter alsogives an overview of various machine description languages in the context of their suitability for thedesign of ASIP; discusses the ASIPs design flow, and the LISA language.

On-chip communication architectures are presented in the chapter State-of-the-Art SoC

Communica-tion Architectures The chapter offers an in-depth descripCommunica-tion and analysis of three most relevant, from

industrial and research viewpoints, architectures to include ARM developed AMBA (Advanced Controller Bus Architecture) and new interconnect schemes, namely Multi-Layer AHB and AMBA AXI;IBM developed CoreConect; and STMicroelectronics developed STBus In addition, the chapter surveysother architectures such as Wishbone, Sonics SiliconBackplane Micronetwork, Peripheral InterconnectBus (PI-Bus), Avalon, and CoreFrame The chapter also offers analysis of selected architectures and extendsthe discussion of on-chip interconnects to NoC

Micro-Basic principles and guidelines for the NoC design are introduced in Network-on-Chip Design for

Gigascale Systems-on-Chip It discusses a rationale for the design paradigm shift of SoC communication

architectures from shared busses to NoCs; and briefly surveys related work Subsequently, the chapterpresents details of NoC building blocks to include switch, network interface, and switch-to-switch links

In discussing the design guidelines, the chapter uses a case study of a real NoC architecture (Xpipes) whichemploys some of the most advanced concepts in NoC design It also discusses the issue of heterogeneousNoC design, and the effects of mapping the communication requirements of an application onto adomain-specific NoC

An authoritative discussion of the platform-based design (PBD) concept is provided in the chapter

Platform-Based Design for Embedded Systems The chapter introduces PBD principles and outlines the

interplay between micro-architecture platforms and Application Program Interface (API), or programmermodel, which is a unique abstract representation of the architecture platform via the software layer Thechapter also introduces three applications of PBD: network platforms for communication protocol design,fault-tolerant platforms for the design of safety-critical applications, and analog platforms for mixed-signalintegrated circuit design

An approach to synthesis of interface converters for incompatible protocols in a

component-based design automation is presented in Interface Specification and Converter Synthesis The chapter

surveys several approaches for synthesizing converters illustrated by simple examples It also duces more advanced frameworks based on abstract algebraic solutions that guarantee convertercorrectness

intro-The chapter Hardware/Software Interface Design for SoC presents a component-based design

automa-tion approach for MPSoC platforms It briefly surveys basic concepts of MPSoC design and discussessome related platform and component-based approaches It provides a comprehensive overview ofhardware/software IP integration issues to include bus-based and core-based approaches, integrating soft-

ware IP, communication synthesis (the concept is presented in detail in Interface Specification and Converter

Synthesis), and IP derivation The focal point of the chapter is a new component-based design methodology

and the design environment for the integration of heterogeneous hardware and software IP components.The presented methodology, which adopts the automatic communication synthesis approach and uses ahigh-level API, generates both hardware and software wrappers, as well as a dedicated operating system forprogrammable components The IP integration capabilities of the approach and accompanying softwaretools are illustrated by redesigning a part of a VDSL modem

The chapter Design and Programming of Embedded Multiprocessors: An Interface-Centric Approach

presents a design methodology for implementing media processing applications as MPSoCs centeredaround the Task Transaction Level (TTL) interface The TTL interface can be used to buildexecutable specifications; it also provides a platform interface for implementing applications ascommunicating hardware and software tasks on a platform infrastructure The chapter introducesthe TTL interface in the context of the requirements, and discusses mapping technology whichsupports structured design and programming of embedded multiprocessor systems The chapter alsopresents two case studies of implementations of TTL interface on different architectures: a multi-DSP

architecture, using an MP3 decoder application to evaluate this implementation; and a smart-imagingmultiprocessor.

The STMicroelectronics developed StepNPTMflexible MPSoC platform and its key architectural

com-ponents are described in A MultiProcessor SoC Platform and Tools for Communications Applications The

platform was developed with an aim to explore tool and architectural issues in a range of high-speedcommunications applications, particularly packet processing applications used in network infrastructureSoCs Subsequently, the chapter reviews the MultiFlex modeling and analysis tools developed to supportthe StepNP platform The MultiFlex environment supports two parallel programming models: a distrib-uted system object component (DSOC) message passing model and a symmetrical multiprocessing (SMP)model using shared memory It maps these models onto the StepNP MPSoC platform The use of the plat-form and supporting environment are illustrated by two examples mapping IPv4 packet forwarding andtraffic management applications onto the StepNP platform Detailed results are presented and discussedfor a range of architectural parameters

III Testing of Embedded Core-Based Integrated Circuits

The ever-increasing circuit densities and operating frequencies, as well as the use of the SoC designs, haveresulted in enormous test data volume for today’s embedded core-based integrated circuits According

to the Semiconductor Industry Association, in the International Technology Roadmap for Semiconductors

(ITRS), 2001 Edition, the density of ICs can reach 2 billion transistors per square cm, and 16 billion

transistors per chip are likely by 2014 Based on that, according to some estimates (A Khoche and J

Rivoir, “I/O bandwidth bottleneck for test: is it real?” Test Resource Partitioning Workshop, 2002), the test

data volume for ICs in 2014 is likely to increase 150 times in reference to 1999 Some other problemsinclude the growing disparity between performance of the design and the automatic test equipment whichmakes at-speed testing, particularly of high-speed circuits, a challenge and results in increasing yield loss;high cost of manually developed functional tests; and growing cost of high-speed and high-pincounttesters This section contains two chapters introducing new techniques addressing some of the issuesindicated above

The chapter Modular Testing and Built-In Self-Test of Embedded Cores in System-on-Chip Integrated

Circuits presents a survey of techniques that have been proposed in the literature for reducing test time

and test data volume The techniques surveyed rely on modular testing of embedded cores and built-inself test (BIST) The material on modular testing of embedded cores in a system-on-a-chip describeswrapper design and optimization, test access mechanism (TAM) design and optimization, test scheduling,integrated TAM optimization and test scheduling, and modular testing of mixed-signal SOCs In addition,the chapter reviews a recent deterministic BIST approach in which a reconfigurable interconnectionnetwork (RIN) is placed between the outputs of the linear-feedback shift register (LFSR) and the inputs

of the scan chains in circuit under test The RIN, which consists only of multiplexer switches, replaces thephase shifter that is typically used in pseudo-random BIST to reduce correlation between the test data bitsthat are fed into the scan chains The proposed approach does not require any circuit redesign and it hasminimal impact on circuit performance

Hardware-based self-testing techniques (BIST) have limitations due to performance, area, and designtime overhead, as well as problems caused by the application of nonfunctional patterns (which may result inhigher power consumption during testing, over-testing, yield loss problems, etc.) The embedded software-based self-testing technique has a potential to alleviate the problems caused by using external testers, as well

as structural BIST problems The embedded software-based self-testing utilizes on-chip programmableresources (such as embedded microprocessors and DSPs) for on-chip test generation, test delivery, signal

acquisition, response analysis, and even diagnosis The chapter Embedded Software-Based Self-Testing for

SoC Design discusses processor self-test methods targeting stuck-at faults and delay faults; presents a brief

description of a processor self-diagnosis method; presents methods for self-testing of buses and global

interconnects as well as other nonprogrammable IP cores on SoC; describes instruction-level testability (Df T) methods based on insertion of test instructions to increase the fault coverage and reducethe test application time and test program size; and outlines DSP-based self-test for analog/mixed-signalcomponents.

design-for-IV Networked Embedded Systems

Networked embedded systems (NES) are essentially spatially distributed embedded nodes (implemented

on a board, or a single chip in future) interconnected by means of wireline or/and wireless communicationinfrastructure and protocols, interacting with the environment (via sensor/actuator elements) and eachother, and, possibly, a master node performing some control and coordination functions to coordinatecomputing and communication in order to achieve certain goal(s) An example of a network embeddedsystem may be an in-vehicle embedded network comprising a collection of ECUs networked by means ofsafety-critical communication protocols, such as FlexRay or TTP/C, for the purpose of controlling vehiclefunctions, such as electronic engine control, anti-locking brake system, active suspension, etc (for details

of automotive applications see the last section in the book)

An excellent introduction to NES is presented in the chapter Design Issues in Networked Embedded

Sys-tems This chapter outlines some of the most representative characteristics of NES, and surveys potential

applications It also explains design issues for large-scale distributed NES such as environment tion, life expectancy of nodes, communication protocol, reconfigurability, security, energy constraints,operating systems, etc Design methodologies and tools are discussed as well

interac-The topic of middleware for NES is addressed in Middleware Design and Implementation for Networked

Embedded Systems This chapter discusses the role of middleware in NES and the challenges in design and

implementation, such as remote communication, location independence, reuse of the existing ture, providing real-time assurances, providing a robust DOC middleware, reducing middleware footprint,and support for simulation environments The focal points of the chapter are the sections describing thedesign and implementation of nORB (a small footprint real-time object request broker tailored to spe-cific embedded sensor/actuator applications), and the rationale behind the adopted approach, namely toaddress the NES design and implementation challenges

infrastruc-V Sensor Networks

The distributed (wireless) sensor networks are a relatively new and exciting proposition for collectingsensory data in a variety of environments The design of this kind of network poses a particular challengedue to limited computational power and memory size, bandwidth restrictions, power consumptionrestriction if battery powered, communication requirements, and unattended mode of operation incase of inaccessible and/or hostile environments, to mention some It provides a fairly comprehensivediscussion of the design issues related to, in particular, self-organizing wireless networks It introducesfundamental concepts behind sensor networks, discusses architectures, energy-efficient Medium AccessControl (MAC), time synchronization, distributed localization, routing, distributed signal processing,security, and it surveys selected software solutions

A general introduction to the area of wireless sensor networks is provided in Introduction to Wireless

Sensor Networks A comprehensive overview of the topic is provided in Issues and Solutions in Wireless Sensor Networks, which introduces fundamental concepts, selected application areas, design challenges,

and other relevant issues

The chapter Architectures for Wireless Sensor Networks provides an excellent introduction to various

aspects of the architecture of wireless sensor networks It includes the description of a sensor nodearchitecture and its elements: sensor platform, processing unit, communication interface, and powersource In addition, it presents a mathematical model of power consumption by a node, to account forenergy consumption by radio, processor, and sensor elements The chapter also discusses architectures

of wireless sensor networks developed on the protocol stack approach and EYES project approach In thecontext of the EYES project approach, which consists of only two key system abstraction layers, namely thesensor and networking layer and the distributed services layer, the chapter discusses distributed servicesthat are required to support applications for wireless sensor networks and approaches adopted by variousprojects.

Energy efficiency is one of the main issues in developing MAC protocols for wirelesss sensor networks.This is largely due to unattended operation and battery-based power supply, and a need for collabora-

tion as a result of limited capabilities of individual nodes Energy-Efficient Medium Access Control offers

a comprehensive overview of the issues involved in the design of MAC protocols It contains a sion of MAC requirements for wireless sensor networks such as hardware characteristics of the node,communication patterns, and others It surveys 20 medium access protocols specially designed for sensornetworks and optimized for energy efficiency It also discusses qualitative merits of different organizations;contention-based, slotted, and TDMA-based protocols In addition, the chapter provides a simulation-based comparison of the performance and energy efficiency of four MAC protocols: Low Power Listening,S-MAC, T-MAC, and L-MAC

discus-The knowledge of time at a sensor node may be essential for the correct operation of the system TimeDivision Multiple Access (TDMA) scheme (adopted in TTP/C and FlexRay protocols, for instance — seesection on automotive applications) requires the nodes to be synchronized The time synchronization

issues in sensor networks are discussed in Overview of Time Synchronization Issues in Sensor Networks.

The chapter introduces basics of time synchronization for sensor networks It also describes designchallenges and requirements in developing time synchronization protocols such as the need to be robust,energy aware, able to operate correctly in absence of time servers (server-less), be light-weight, and

to offer a tunable service The chapter also overviews factors influencing time synchronization such astemperature, phase noise, frequency noise, asymmetric delays, and clock glitches Subsequently, differenttypes of timing techniques are discussed: Network Time Protocol (NTP), Timing-sync Protocol for SensorNetworks (TPSN), Reference-Broadcast Synchronization (RBS), and Time-Diffusion SynchronizationProtocol (TDP)

The knowledge of the location of nodes is essential for the base station to process information fromsensors, and to arrive at valid and meaningful results The localization issues in ad hoc wireless sensor

networks are discussed in Distributed Localization Algorithms The focus of this presentation is on three

distributed localization algorithms for large-scale ad hoc sensor networks which meet the basic ments for self-organization, robustness, and energy efficiency: ad hoc positioning by Niculescu and Nath,N-hop multilateration by Savvides et al., and robust positioning by Savarese et al The selected algorithmsare evaluated by simulation

require-In order to forward information from a sensor node to the base station or another node for processing,

the node requires routing information The chapter Routing in Sensor Networks provides a comprehensive

survey of routing protocols used in sensor networks The presentation is divided into flat routing protocols:Sequential Assignment Routing (SAR), direct diffusion, minimum cost forwarding approach, IntegerLinear Program (ILP) based routing approach, Sensor Protocols for Information via Negotiation (SPIN),geographic routing protocols, parametric probabilistic routing protocol, and Min-MinMax; and cluster-based routing protocols: Low Energy Adaptive Clustering Hierarchy (LEACH), Threshold sensitive EnergyEfficient sensor Network protocol (TEEN), and two-level clustering algorithm

Due to their limited resources, sensor nodes frequently provide incomplete information on the objects oftheir observation Thus the complete information has to be reconstructed from data obtained from manynodes, frequently providing redundant data The distributed data fusion is one of the major challenges

in sensor networks The chapter Distributed Signal Processing in Sensor Networks introduces a novel

mathematical model for distributed information fusion, which focuses on solving a benchmark signalprocessing problem (spectrum estimation) using sensor networks

With deployment of sensor networks in areas such as battlefield or factory floor, security becomes

of paramount importance, and a challenge The existing solutions are impractical due to limited abilities (processing power, available memory, and available energy) of sensor nodes The chapter

cap-Sensor Network Security gives an introduction to selected specific security challenges in wireless sensor

networks: denial of service and routing security, energy efficient confidentiality and integrity, ated broadcast, alternative approaches to key management, and secure data aggregation Subsequently,

authentic-it discusses in detail some of the proposed approaches and solutions: SNEP andµTESLA protocols

for confidentiality and integrity of data, the LEAP protocol, and probabilistic key management for keymanagement, to mention some

The chapter Software Development for Large-Scale Wireless Sensor Networks presents basic concepts

related to software development for wireless sensor networks, as well as selected software solutions.The solutions include: TinyOS, a component-based operating system, and related software packages;MATÉ, a byte-code interpreter; and TinyDB, a query processing system for extracting information from

a network of TinyOS sensor nodes SensorWare, a software framework for wireless sensor networks,provides querying, dissemination, and fusion of sensor data, as well as coordination of actuators MiLAN(Middleware Linking Applications and Networks), a middleware concept, aims to exploit informationredundancy provided by sensor nodes EnviroTrack, a TinyOS-based application, provides a convenientway to program sensor network applications that track activities in their physical environment SeNeTs, amiddleware architecture for wireless sensor networks, is designed to support the pre-deployment phase.The chapter also discusses software solutions for simulation, emulation, and test of large-scale sensornetworks: TinyOS SIMulator (TOSSIM), a simulator based on the TinyOS framework; EmStar, a softwareenvironment for developing and deploying applications for sensor networks consisting of 32-bit embeddedMicroserver platforms; and SeNeTs, a test and validation environment

VI Embedded Applications

The last section in the book, Embedded Applications, focuses on selected applications of embedded systems.

It covers automotive field, industrial automation, and intelligent sensors The aim of this section is tointroduce examples of the actual embedded applications in fast-evolving areas which, for various reasons,have not received proper coverage in other publications, particularly in the automotive area

Automotive Networks

The automotive industry is aggressively adopting mechatronic solutions to replace or duplicate existingmechanical/hydraulic systems The embedded electronic systems together with dedicated communicationnetworks and protocols play pivotal roles in this transition This subsection contains three chapters thatoffer a comprehensive overview of the area by presenting topics, such as networks and protocols, operatingsystems and other middleware, scheduling, safety and fault tolerance, and actual development tools, used

by the automotive industry

This section begins with a contribution entitled Design and Validation Process of In-Vehicle Embedded

Electronic Systems that provides a comprehensive introduction to the use of embedded systems in

auto-mobiles, their design and validation methods, and tools The chapter identifies and describes a number

of specific application domains for in-vehicle embedded systems, such as power train, chassis, body,and telematics and HMI It then outlines some of the main standards used in the automotive industry

to ensure interoperability between components developed by different vendors; this includes networksand protocols, as well as operating systems The surveyed networks and protocols include (for details

of networks and protocols see The Industrial Communication Technology Handbook, CRC Press, 2005,

Richard Zurawski, editor) Controller Area Network (CAN), Vehicle Area Network (VAN), J1850, TTP/C(Time-Triggered Protocol), FlexRay, Local Interconnect Network (LIN), Media Oriented System Transport(MOST), and IDB-1394 This material is followed by a brief introduction of OSEK/VDX (Offene Systemeund deren schnittstellen für die Elektronik im Kraft-fahrzeug), a multitasking operating system thathas become a standard for automotive applications in Europe The chapter introduces a new language,EAST-ADL, which offers support for an unambiguous description of in-vehicle embedded electronic

systems at each level of their development The discussion of the design and validation process and relatedissues is facilitated by a comprehensive case study drawn from actual PSA Peugeot-Citroën application.This case study is essential reading for those interested in the development of this kind of embeddedsystem.

The planned adoption of X-by-wire technologies in automotive applications pushed the automotiveindustry into the realm of safety critical systems There is a substantial body of literature on safety criticalissues and fault tolerance, particularly when applied to components and systems Less has been published

on safety-relevant communication services and fault-tolerant communication systems as mandated inX-by-wire technologies in automotive applications This is largely due to the novelty of fast-evolvingconcepts and solutions, which is pursued mostly by industrial consortia Those two topics are presented

in detail in Fault-Tolerant Services for Safe In-Car Embedded Systems The material on safety-relevant

communication services discusses some of the main services and functionalities that the communicationsystem should provide to facilitate the design of fault-tolerant automotive applications This includes ser-vices supporting reliable communication, such as robustness against electromagnetic interference (EMI),time-triggered transmission, global time, atomic broadcast, and avoiding “babbling-idiots.” Also discussedare higher-level services that provide fault-tolerant mechanisms that belong conceptually to layers aboveMAC in the OSI reference model, namely group membership service, management of nodes’ redundancy,support for functioning mode, etc The chapter also discusses fault tolerant communication protocols toinclude TTP/C, FlexRay, and variants of CAN (TTCAN, RedCAN, and CANcentrate)

The Volcano concept for design and implementation of in-vehicle networks using the standardized CAN

and LIN communication protocols is presented in the chapter Volcano — Enabling Correctness by Design.

This chapter provides an in-depth description of the Volcano approach and a suite of software tools,developed by Volcano Communications Technologies AG, which supports requirements capture, model-based design, automatic code generation, and system-level validation capabilities This is an example of

an actual development environment widely used by the automotive industry

Industrial Automation

The current trend for flexible and distributed control and automation has accelerated the migration ofintelligence and control functions to the field devices; particularly sensors and actuators The increasedprocessing capabilities of those devices were instrumental in the emergence of a trend for networking offield devices around industrial data networks, thus making access to any device from any place in theplant, or even globally, technically feasible The benefits are numerous, including increased flexibility,improved system performance, and ease of system installation, upgrade, and maintenance Embed-ded web servers are increasingly used in industrial automation to provide Human–Machine Interface(HMI), which allows for web-based configuration, control and monitoring of devices and industrialprocesses

An introduction to the design of embedded web servers is presented in the chapter Embedded Web Servers

in Distributed Control Systems The focus of this chapter is on Field Device Web Servers (FDWS) The

chapter provides a comprehensive overview of the context in which the embedded web servers are usuallyimplemented, as well as the structure of an FDWS application with the presentation of its componentpackages and the mutual relationship between the content of the packages and the architecture of a typicalembedded site All this is discussed in the context of an actual FDWS implementation and applicationdeployed at one of the Alstom (France) sites

Remote access to field devices may lead to many security challenges The embedded web servers aretypically run on processors with limited memory and processing power These restrictions necessitate

a deployment of lightweight security mechanisms Vendor tailored versions of standard security protocolsuites such as Secure Sockets Layer (SSL) and IP Security Protocol (IPSec) may still not be suitable due

to excessive demand for resources In applications restricted to the Hypertext Transfer Protocol (HTTP),Digest Access Authentication (DAA), which is a security extension to HTTP, offers an alternative and

viable solution Those issues are discussed in the chapter HTTP Digest Authentication for Embedded Web

Servers This chapter overviews mechanisms and services, as well as potential applications of HTTP Digest

Authentication It also surveys selected embedded web server implementations for their support for DAA.This includes Apache 2.0.42, Allegro RomPager 4.05, and GoAhead 2.1.2

Intelligent Sensors

The advances in the design of embedded systems, availability of tools, and falling fabrication costs allowedfor cost-effective migration of the intelligence and control functions to the field devices, particularlysensors and actuators Intelligent sensors combine computing, communication, and sensing functions.The trend for increased functional complexity of those devices necessitates the use of formal descriptive

techniques and supporting tools throughout the design and implementation process The chapter

Intelli-gent Sensors: Analysis and Design tackles some of those issues It reviews some of the main characteristics

of the generic intelligent sensor formal model; subsequently, it discusses an implementation of the modelusing the CAP language, which was developed specifically for the design of intelligent sensors A briefintroduction to the language is also provided The whole development process is illustrated by using anexample of a simple distance measuring system comprising an ultrasonic transmitter and two receivers

Locating Topics

To assist readers with locating material, a complete table of contents is presented at the front of the book.Each chapter begins with its own table of contents Two indexes are provided at the end of the book: theindex of authors contributing to the book, together with the titles of their contributions, and a detailedsubject index

Richard Zurawski

My gratitude goes to Luciano Lavagno, Grant Martin, and Alberto Sangiovanni-Vincentelli who haveprovided advice and support while preparing this book This book would never have had a chance totake off without their assistance Andreas Willig helped with identifying some authors for the section onSensor Networks Also, I would like to thank the members of the International Advisory Board for theirhelp with the organization of the book and selection of authors I have received tremendous cooperationfrom all contributing authors I would like to thank all of them for that I would like to express gratitude

to my publisher Nora Konopka, and other Taylor and Francis staff involved in the book production,particularly Jessica Vakili, Elizabeth Spangenberger, and Gail Renard My love goes to my wife whotolerated the countless hours I spent on preparing this book

Dr Richard Zurawski is president of ISA Group, San Francisco and Santa Clara, CA, involved in providingsolutions to Fortune 1000 companies Prior to that, he held various executive positions with San FranciscoBay area based companies Dr Zurawski is a cofounder of the Institute for Societal Automation, SantaClara, a research and consulting organization.

Dr Zurawski has close to thirty years of academic and industrial experience, including a regularprofessorial appointment at the Institute of Industrial Sciences, University of Tokyo, and a full-timeR&D advisor position with Kawasaki Electric Corp., Tokyo He provided consulting services to KawasakiElectric, Ricoh, and Toshiba Corporations, Japan, and participated in 1990s in a number of JapaneseIntelligent Manufacturing Systems programs

Dr Zurawski has served as editor at large for IEEE Transactions on Industrial Informatics, and associate editor for IEEE Transactions on Industrial Electronics; he also served as associate editor for Real-Time

Systems: The International Journal of Time-Critical Computing Systems, Kluwer Academic Publishers He

was a guest editor of four special sections in IEEE Transactions on Industrial Electronics and a guest editor

of a special issue of the Proceedings of the IEEE dedicated to industrial communication systems In 1998,

he was invited by IEEE Spectrum to contribute material on Java technology to “Technology 1999: Analysis and Forecast Issues.” Dr Zurawski is series editor for The Industrial Information Technology Series, Taylor

and Francis Group, Boca Raton, FL

Dr Zurawski has served as a vice president of the Institute of Electrical and Electronics Engineers

(IEEE) Industrial Electronics Society (IES), and was on the steering committee of the ASME/IEEE Journal

of Microelectromechanical Systems In 1996, he received the Anthony J Hornfeck Service Award from the

IEEE Industrial Electronics Society

Dr Zurawski has served as a general, program, and track chair for a number of IEEE conferences andworkshops, and has published extensively on various aspects of formal methods in the design of real-time,embedded, and industrial systems, MEMS, parallel and distributed programming and systems, as well as

control and robotics He is the editor of The Industrial Information Technology Handbook (2004), and The

Industrial Communication Technology Handbook (2005), both published by Taylor and Francis Group.

Dr Richard Zurawski received his M.Sc in informatics and automation, University of Mining andMetallurgy, Krakow, Poland, and his Ph.D in computer science, La Trobe University, Melbourne, Australia

João Paulo Barros

Universidade Nova de Lisboa

Ivan Cibrario Bertolotti

IEIIT — National Research

Council

Turin, Italy

Davide Bertozzi

Dipartimento ElettronicaInformatica SistemisticaUniversity of BolognaBologna, Italy

Jan Blumenthal

Institute of AppliedMicroelectronics andComputer ScienceDept of ElectricalEngineering andInformationTechnologyUniversity of RostockRostock, Germany

Luca P Carloni

EECS DepartmentUniversity of California atBerkeley

Berkeley, California

Wander O Cesário

SLS GroupTIMA LaboratoryGrenoble, France

Krishnendu Chakrabarty

Department of Electrical andComputer EngineeringDuke University

Durham, North Carolina

S Chatterjea

Faculty of Electrical Engineering,Mathematics, and ComputerScience

University of TwenteEnschede

The Netherlands

Kwang-Ting (Tim) Cheng

Department of Electrical andComputer EngineeringUniversity of CaliforniaSanta Barbara, California

Anikó Costa

Universidade Nova de Lisboa,Faculdade de Ciências eTecnologia

Dep Eng ElectrotécnicaCaparica, Portugal

Mario Crevatin

Corporate ResearchABB Switzerland LtdBaden-Dattwil, Switzerland

Fernando De Bernardinis

EECS DepartmentUniversity of California atBerkeley

Berkeley, California

Faculty of Electrical Engineering,

Mathematics, and Computer

Rostock, Germany

Luís Gomes

Universidade Nova de LisboaFaculdade de Ciências eTecnologia

Dep Eng ElectrotécnicaCaparica, Portugal

San Diego, California

Rostock, Germany

Gertjan Halkes

Faculty of Electrical Engineering,Mathematics, and ComputerScience

Delft University of TechnologyDelft, The Netherlands

Matthias Handy

Institute of AppliedMicroelectronics andComputer ScienceDept of Electrical Engineeringand Information

TechnologyUniversity of RostockRostock, Germany

Hans Hansson

Department of Computer Scienceand Engineering

Mälardalen UniversityVästerås, Sweden

P Havinga

Faculty of Electrical Engineering,Mathematics, and ComputerScience

University of TwenteEnschede

The Netherlands

Øystein Haugen

Department of InformaticsUniversity of OsloOslo, Norway

Tomas Henriksson

Philips ResearchEindhoven, The Netherlands

University of TwenteEnschede

The Netherlands

J Hurink

Faculty of Electrical Engineering,Mathematics, and ComputerScience

University of TwenteEnschede

The Netherlands

Margarida F Jacome

Department of Electrical andComputer EngineeringUniversity of Texas at AustinAustin, Texas

Omid S Jahromi

Bioscrypt Inc

Markham, Ontario, Canada

Axel Jantsch

Department for Microelectronics

and Information Technology

Royal Institute of Technology

Glushkov Institute of Cybernetics

National Academy of Science of

Faculty of Electrical Engineering,

Mathematics, and Computer

Science

Delft University of Technology

Delft, The Netherlands

Cadence Berkeley Laboratories

Berkeley, California; and

Dipartimento di Elettronica

Politecnico di Torino, Italy

A A Letichevsky

Glushkov Institute of Cybernetics

National Academy of Science

Gabriela Nicolescu

Ecole Polytechnique

de MontrealMontreal, QuebecCanada

Thomas Nolte

Department of Computer Scienceand Engineering

Mälardalen UniversityVästerås, Sweden

Claudio Passerone

Dipartimento di ElettronicaPolitecnico di TorinoTurin, Italy

Roberto Passerone

Cadence Design Systems, Inc.Berkeley Cadence LabsBerkeley, California

Hiren D Patel

Electrical and ComputerEngineering

Virginia TechBlacksburg, Virginia

Berkeley, California

Dumitru Potop-Butucaru

IRISARennes, France

Antal Rajnák

Advanced Engineering LabsVolcano CommunicationsTechnologies AGTagerwilen, Switzerland

Anand Ramachandran

Department of Electrical andComputer EngineeringUniversity of Texas at AustinAustin, Texas

Niels Reijers

Faculty of Electrical Engineering,Mathematics, and ComputerScience

Delft University of TechnologyDelft, The Netherlands

Georgia Institute of TechnologyAtlanta, Georgia

Jean-Pierre Talpin

IRISARennes, France

Lothar Thiele

Department InformationTechnology and ElectricalEngineering

Computer Engineering andNetworks LaboratorySwiss Federal Institute ofTechnology

Zurich, Switzerland

Pieter van der Wolf

Philips ResearchEindhoven, The Netherlands

V A Volkov

Glushkov Institute ofCyberneticsNational Academy of Science

of UkraineKiev, Ukraine

Thomas P von Hoff

ABB Switzerland LtdCorporate ResearchBaden-Dattwil, Switzerland

A G Voyiatzis

Department of Electrical andComputer EngineeringUniversity of PatrasPatras, Greece

Flávio R Wagner

UFRGS — Instituto deInformáticaPorto Alegre, Brazil

Ernesto Wandeler

Department InformationTechnology and ElectricalEngineering

Computer Engineering andNetworks LaboratorySwiss Federal Institute ofTechnology

Richard Zurawski

ISA GroupSan Francisco, California

SECTION I Embedded Systems

Real-Time and Embedded Systems

1 Embedded Systems:Toward Networking of Embedded Systems

Luciano Lavagno and Richard Zurawski 1-1

2 Real-Time in Embedded Systems Hans Hansson, Mikael Nolin, and

Thomas Nolte 2-1 Design and Validation of Embedded Systems

3 Design of Embedded Systems Luciano Lavagno and

Claudio Passerone 3-1

4 Models of Embedded Computation Axel Jantsch 4-1

5 Modeling Formalisms for Embedded System Design Luís Gomes, João Paulo Barros, and Anikó Costa 5-1

6 System Validation J.V Kapitonova, A.A Letichevsky, V.A Volkov,

and Thomas Weigert 6-1 Design and Verification Languages

7 Languages for Embedded Systems Stephen A Edwards 7-1

8 The Synchronous Hypothesis and Synchronous Languages

Dumitru Potop-Butucaru, Robert de Simone, and Jean-Pierre Talpin 8-1

9 Introduction to UML and the Modeling of Embedded Systems

Øystein Haugen, Birger Møller-Pedersen, and Thomas Weigert 9-1

10 Verification Languages Aarti Gupta, Ali Alphan Bayazit, and

Yogesh Mahajan 10-1 Operating Systems and Quasi-Static Scheduling

11 Real-Time Embedded Operating Systems:Standards and Perspectives

Ivan Cibrario Bertolotti 11-1

12 Real-Time Operating Systems:The Scheduling and Resource

Management Aspects Giorgio C Buttazzo 12-1

13 Quasi-Static Scheduling of Concurrent Specifications

Alex Kondratyev, Luciano Lavagno, Claudio Passerone, and

Yosinori Watanabe 13-1 Timing and Performance Analysis

14 Determining Bounds on Execution Times Reinhard Wilhelm 14-1

15 Performance Analysis of Distributed Embedded Systems

Lothar Thiele and Ernesto Wandeler 15-1 Power Aware Computing

16 Power Aware Embedded Computing Margarida F Jacome and

Anand Ramachandran 16-1 Security in Embedded Systems

17 Design Issues in Secure Embedded Systems A.G Voyiatzis,

A.G Fragopoulos, and D.N Serpanos 17-1

SECTION II System-on-Chip Design

18 System-on-Chip and Network-on-Chip Design Grant Martin 18-1

19 A Novel Methodology for the Design of Application-Specific

Instruction-Set Processors Andreas Hoffmann, Achim Nohl, and

Gunnar Braun 19-1

20 State-of-the-Art SoC Communication Architectures José L Ayala,

Marisa López-Vallejo, Davide Bertozzi, and Luca Benini 20-1

21 Network-on-Chip Design for Gigascale Systems-on-Chip

Davide Bertozzi, Luca Benini, and Giovanni De Micheli 21-1

22 Platform-Based Design for Embedded Systems Luca P Carloni,

Fernando De Bernardinis, Claudio Pinello,

Alberto L Sangiovanni-Vincentelli, and Marco Sgroi 22-1

23 Interface Specification and Converter Synthesis Roberto Passerone 23-1

24 Hardware/Software Interface Design for SoC Wander O Cesário,

Flávio R Wagner, and A.A Jerraya 24-1

25 Design and Programming of Embedded Multiprocessors:An

Interface-Centric Approach Pieter van der Wolf, Erwin de Kock,

Tomas Henriksson, Wido Kruijtzer, and Gerben Essink 25-1

26 A Multiprocessor SoC Platform and Tools for Communications

Applications Pierre G Paulin, Chuck Pilkington, Michel Langevin,

Essaid Bensoudane, Damien Lyonnard, and Gabriela Nicolescu 26-1

SECTION III Testing of Embedded Core-Based Integrated Circuits

27 Modular Testing and Built-In Self-Test of Embedded Cores in

System-on-Chip Integrated Circuits Krishnendu Chakrabarty 27-1

28 Embedded Software-Based Self-Testing for SoC Design

Kwang-Ting (Tim) Cheng 28-1

SECTION IV Networked Embedded Systems

29 Design Issues for Networked Embedded Systems Sumit Gupta,

Hiren D Patel, Sandeep K Shukla, and Rajesh Gupta 29-1

30 Middleware Design and Implementation for Networked Embedded

Systems Venkita Subramonian and Christopher Gill 30-1

SECTION V Sensor Networks

31 Introduction to Wireless Sensor Networks S Dulman, S Chatterjea,

and P Havinga 31-1

32 Issues and Solutions in Wireless Sensor Networks Ravi Musunuri,

Shashidhar Gandham, and Maulin D Patel 32-1

33 Architectures for Wireless Sensor Networks S Dulman,

S Chatterjea, T Hoffmeijer, P Havinga, and J Hurink 33-1

34 Energy-Efficient Medium Access Control Koen Langendoen and

37 Routing in Sensor Networks Shashidhar Gandham, Ravi Musunuri,

and Udit Saxena 37-1

38 Distributed Signal Processing in Sensor Networks Omid S Jahromi

and Parham Aarabi 38-1

39 Sensor Network Security Guenter Schaefer 39-1

40 Software Development for Large-Scale Wireless Sensor Networks

Jan Blumenthal, Frank Golatowski, Marc Haase, and

Matthias Handy 40-1

SECTION VI Embedded Applications

Automotive Networks

41 Design and Validation Process of In-Vehicle Embedded Electronic

Systems Françoise Simonot-Lion and YeQiong Song 41-1

42 Fault-Tolerant Services for Safe In-Car Embedded Systems

Nicolas Navet and Françoise Simonot-Lion 42-1

43 Volcano — Enabling Correctness by Design Antal Rajnák 43-1 Industrial Automation

44 Embedded Web Servers in Distributed Control Systems

Jacek Szymanski 44-1

45 HTTP Digest Authentication for Embedded Web Servers

Mario Crevatin and Thomas P von Hoff 45-1 Intelligent Sensors

46 Intelligent Sensors:Analysis and Design Eric Dekneuvel 46-1

Embedded Systems

Real-Time and

Embedded Systems

1 Embedded Systems: Toward Networking of Embedded Systems

Luciano Lavagno and Richard Zurawski

2 Real-Time in Embedded Systems

Hans Hansson, Mikael Nolin, and Thomas Nolte

Embedded Systems: Toward Networking

1.1 Networking of Embedded Systems 1-1

1.2 Design Methods for Networked EmbeddedSystems 1-3

1.3 Networks Embedded Systems 1-5

Networked Embedded Systems in Industrial Automation •

Networked Embedded Systems in Building Automation •

Automotive Networked Embedded Systems • Sensor Networks1.4 Concluding Remarks 1-14 References 1-141.1 Networking of Embedded Systems

The last two decades have witnessed a remarkable evolution of embedded systems from being assembledfrom discrete components on printed circuit boards, although, they still are, to systems being assembledfrom Intellectual Property (IP) components “dropped” onto silicon of the system on a chip Systems on

a chip offer a potential for embedding complex functionalities, and to meet demanding performancerequirements of applications such as DSPs, network, and multimedia processors Another phase in thisevolution, already in progress, is the emergence of distributed embedded systems; frequently termed asnetworked embedded systems, where the word “networked” signifies the importance of the networkinginfrastructure and communication protocol A networked embedded system is a collection of spatially andfunctionally distributed embedded nodes interconnected by means of wireline or wireless communicationinfrastructure and protocols, interacting with the environment (via a sensor/actuator elements) and eachother, and, possibly, a master node performing some control and coordination functions, to coordinatecomputing and communication in order to achieve certain goal(s) The networked embedded systemsappear in a variety of application domains such as, automotive, train, aircraft, office building, andindustrial — primarily for monitoring and control, environment monitoring, and, in future, control,

as well

There have been various reasons for the emergence of networked embedded systems, influenced largely

by their application domains The benefit of using distributed systems and an evolutionary need to replacepoint-to-point wiring connections in these systems by a single bus are some of the most important ones

1-1

The advances in design of embedded systems, tools availability, and falling fabrication costs ofsemiconductor devices and systems, have allowed for infusion of intelligence into field devices such assensors and actuators The controllers used with these devices provide typically on-chip signal conversion,data processing, and communication functions The increased functionality, processing, and communic-ation capabilities of controllers have been largely instrumental in the emergence of a widespread trend fornetworking of field devices around specialized networks, frequently referred to as field area networks.The field area networks, or fieldbuses [1] (fieldbus is, in general, a digital, two-way, multi-drop commu-nication link) as commonly referred to, are, in general, networks connecting field devices such as sensorsand actuators with field controllers (for instance, Programmable Logic Controllers [PLCs] in industrialautomation, or Electronic Control Units [ECUs] in automotive applications), as well as man–machineinterfaces, for instance, dashboard displays in cars.

In general, the benefits of using those specialized networks are numerous, including increased flexibilityattained through combination of embedded hardware and software, improved system performance, andease of system installation, upgrade, and maintenance Specifically, in automotive and aircraft applications,for instance, they allow for a replacement of mechanical, hydraulic, and pneumatic systems by mechatronicsystems, where mechanical or hydraulic components are typically confined to the end-effectors; just tomention their two different application areas

Unlike Local Area Networks (LANs), due to the nature of communication requirements imposed byapplications, field area networks, by contrast, tend to have low data rates, small size of data packets, andtypically require real-time capabilities which mandate determinism of data transfer However, data ratesabove 10 Mbit/sec, typical of LANs, have already become a commonplace in field area networks.The specialized networks tend to support various communication media such as twisted pair cables,fiber optic channels, power line communication, radio frequency channels, infrared connections, etc.Based on the physical media employed by the networks, they can be, in general, divided into three maingroups, namely: wireline-based networks using media such as twisted pair cables, fiber optic channels(in hazardous environments like chemical and petrochemical plants), and power lines (in buildingautomation); wireless networks supporting radio frequency channels, and infrared connections; andhybrid networks composed of wireline and wireless networks

Although the use of wireline-based field area networks is dominant, the wireless technology offers arange of incentives in a number of application areas In industrial automation, for instance, wireless device(sensor/actuator) networks can provide a support for mobile operation required in case of mobile robots,monitoring, and control of equipment in hazardous and difficult to access environments, etc In a wirelesssensor/actuator network, stations may interact with each other on a peer-to-peer basis, and with a basestation The base station may have its transceiver attached to a cable of a (wireline) field area network,giving rise to a hybrid wireless–wireline system [2] A separate category is the wireless sensor networks,mainly envisaged to be used for monitoring purposes, which is discussed in detail in the book

The variety of application domains impose different functional and nonfunctional requirements ontothe operation of networked embedded systems Most of them are required to operate in a reactive way; forinstance, systems used for control purposes With that comes the requirement for real-time operation, inwhich systems are required to respond within a predefined period of time, mandated by the dynamics ofthe process under control A response, in general, may be periodic to control a specific physical quantity byregulating dedicated end-effector(s), or aperiodic arising from unscheduled events such as out-of-boundsstate of a physical parameter or any other kind of abnormal conditions, or sporadic with no periodbut with known minimum time between consecutive occurrences Broadly speaking, systems which cantolerate a delay in response are called soft real-time systems; in contrast, hard real-time systems requiredeterministic responses to avoid changes in the system dynamics which potentially may have negativeimpact on the process under control, and as a result may lead to economic losses or cause injury to humanoperators Representative examples of systems imposing hard real-time requirement on their operationare fly-by-wire in aircraft control, and steer-by-wire in automotive applications, to mention a few.The need to guarantee a deterministic response mandates using appropriate scheduling schemes, whichare frequently implemented in application domain specific real-time operating systems or custom designed

“bare-bone” real-time executives Most of those issues (real-time scheduling and real-time operatingsystems) are discussed in this book in a number of chapters.

The networked embedded systems used in safety-critical applications such as fly-by-wire and wire require a high level of dependability to ensured that a system failure does not lead to a state in whichhuman life, property, or environment are endangered The dependability issue is critical for technologydeployment; various solutions are discussed in this chapter in the context of automotive applications One

steer-by-of the main bottlenecks in the development steer-by-of safety-critical systems is the ssteer-by-oftware development process.This issue is briefly discussed in this chapter in the context of the automotive application domain

As opposed to applications mandating hard real-time operation, such as the majority of industrialautomation controls or safety-critical automotive control applications, building automation control sys-tems, for instance, seldom have a need for hard real-time communication; the timing requirements aremuch more relaxed The building automation systems tend to have a hierarchical network structure andtypically implement all seven layers of the ISO/OSI reference model [3] In the case of field area networksemployed in industrial automation, for instance, there is little need for the routing functionality andend-to-end control Therefore, typically, only the layers 1 (physical layer), 2 (data link layer, includingimplicitly the medium access control layer), and 7 (application layer, which also covers user layer) are used

in those networks

This diversity of requirements imposed by different application domains (soft/hard real-time, safetycritical, network topology, etc.) necessitated different solutions, and using different protocols based ondifferent operation principles This has resulted in plethora of networks developed for different applicationdomains Some of those networks will be overviewed in one of the subsequent sections

With the growing trend for networking of embedded system and their internetworking with LAN,Wide Area Network (WAN), and the Internet (for instance, there is a growing demand for remote access toprocess data at the factory floor), many of those systems may become exposed to potential security attacks,which may compromise their integrity and cause damage as a result The limited resources of embeddednodes pose considerable challenge for the implementation of effective security policies which, in general,are resource demanding These restrictions necessitate a deployment of lightweight security mechanisms.Vendor tailored versions of standard security protocol suites, such as Secure Sockets Layer (SSL) and

IP Security Protocol (IPSec), may still not be suitable due to excessive demand for resources Potentialsecurity solutions for this kind of systems depend heavily on the specific device or system protected,application domain, and extent of internetworking and its architecture (The details of potential securitymeasures are presented in this book in two separate chapters.)

1.2 Design Methods for Networked Embedded Systems

Design methods for networked embedded systems fall into the general category of system-level design.They include two separate aspects, which will be discussed briefly A first aspect is the network architecturedesign, in which communication protocols, interfaces, drivers, and computation nodes are selected andassembled A second aspect is the system-on-chip design, in which the best hardware/software partition

is selected, and an existing platform is customized, or a new chip is created for the implementation

of a computation or a communication node Both aspects share several similarities, but so far havegenerally been solved using ad hoc methodologies and tools, since the attempt to create a unified electronicsystem-level design methodology have so far failed

When one considers the complete networked system, including several digital and analog parts, manymore trade-offs can be played at the global level However, it also means that the interaction between thedigital portion of the design activity and the rest is much more complicated, especially in terms of tools,formats, and standards with which one must interoperate and interface

In the case of network architecture design, tools such as OpNet and NS are used to identify nication bottlenecks, investigate the effect of parameters such as channel bit error rate, and analyze thechoice of coding, medium access, and error correction mechanisms on the overall system performance

commu-For wireless networks, tools such as Matlab and Simulink are also used, in order to analyze the impact ofdetailed channel models, thanks to their ability to model both digital and analog components, as well as

physical elements, at a high level of abstraction In all cases, the analysis is essentially functional, that is, it

takes into account only in a very limited manner effects such as power consumption, computation time,and cost This is the main limitation that will need to be addressed in the future, if one wants to model anddesign in an optimal manner low power networked embedded systems, such as those that are envisionedfor wireless sensor network applications

At the system-on-chip architecture level, the first decision to be made is whether to use a platform

instance or design an Application-Specific Integrated Circuit (ASIC) from scratch The first option builds

on the availability of large libraries of IP, both in the form of processors, memories, and peripherals, frommajor silicon vendors These IP libraries are guaranteed to work together, and hence constitute what istermed as a platform A platform is a set of components, together with usage rules that ensure their correctand seamless interoperation They are used to speed up time-to-market, by ensuring rapid implementation

of complex architectures Processors (and the software executing on them) provide flexibility to adapt todifferent applications and customizations (e.g., localization and adherence to regional standards), whilehardware IPs provide efficient implementation of commonly used functions Configurable processors can

be adapted to the requirements of specific applications and via instruction extensions, offer considerableperformance and power advantages over fixed instruction set architectures

Thus, a platform is a single abstract model that hides the details of a set of different possible mentations as clusters of lower level components The platform, for example, a family of microprocessors,peripherals, and bus protocols, allows developers of application designs to operate without detailed know-ledge of the implementation (e.g., the pipelining of the processor or the internal implementation of theUART) At the same time, it allows platform implementors to share design and fabrication costs among abroad range of potential users, broader than if each design was a one-of-a-kind type

imple-Design methods that exploit the notion of platform generally start from a functional specification, which

is then mapped onto an architecture (a platform instance) in order to derive performance information and

explore the design space Full exploitation of the notion of platform results in better reuse, by decouplingindependent aspects that would otherwise tie, for example, a given functional specification to low levelimplementation details The guiding principle of separation of concerns distinguishes between:

1 Computation and communication This separation is important because refinement of tion is generally done by hand, or by compilation and scheduling, while communication makes use

a task) Nonfunctional constraint verification can be performed traditionally, by simulation andprototyping, or with static formal checks, such as schedulability analysis

Tool support for system-on-chip architectural design is, so far, mostly limited to simulation and interfacegeneration The first category includes tools such as NC-SystemC from Cadence, ConvergenSC fromCoWare, and SystemStudio from Synopsys Simulators at the system-on-chip level provide abstractionsfor the main architectural components (processors, memories, busses, and hardware blocks) and permitquick instantiation of complete platform instances from template skeletons Interface synthesis can takevarious forms, from the automated instantiation of templates offered by N2C from CoWare, to theautomated consistent file generation for software and hardware offered by Beach Solutions

A key aspect of design problems in this space is compatibility with respect to specifications, at the face level (bus and networking standards), instruction-set architecture level, and Application ProceduralInterface (API) level Assertion-based verification techniques can be used to ease the problem of verifyingcompliance with a digital protocol standard (e.g., for a bus)

inter-Let us consider an example of a design flow in the automotive domain, which can be considered as aparadigm of any networked embedded system Automotive electronic design starts, usually 5 to 10 yearsbefore the actual introduction of a product, when a car manufacturer defines the specifications for itsfuture line of vehicles.

It is now an accepted practice to use the notion of platform also in this domain, so that the electronicportion (as well as the mechanical one, which is outside the scope of this discussion) is modularized andcomponentized, enabling sharing across different models An ECU generally includes a microcontroller(8, 16, and 32 bits), memory (SRAM, DRAM, and Flash), some ASIC or FPGA for interfacing, one ormore in-vehicle network interfaces (e.g., CAN [Controller Area Network] or FlexRay), and several sensorand actuator interfaces (analog/digital and digital/analog converters, pulse-width modulators, powertransistors, display drivers, and so on)

The system-level design activity is performed by a relatively small team of architects, who know thedomain well (mechanics, electronics, and business), define the specifications for the electronic componentsuppliers, and interface with the teams that specify the mechanical portions (body and engine) Theseteams essentially use past experience to perform their job, and currently have serious problems forecastingthe state of electronics ten years in advance

Control algorithms are defined in the next design phase, when the first engine models (generallydescribed using Simulink, Matlab, and StateFlow) become available, as a specification for both the elec-tronic design and the engine design An important aspect of the overall flow is that these models are notfrozen until much later, and hence both algorithm design and (often) ECU software design must cope withtheir changes Another characteristic is that they are parametric models, sometimes reused across multipleengine generations and classes, whose exact parameter values will be determined only when prototypes

or actual products will be available Thus, control algorithms must consider both allowable ranges andcombinations of values for these parameters, and the capability to measure directly or indirectly theirvalues from the behavior of engine and vehicle Finally, algorithms are often distributed over a network

of cooperating ECUs, thus deadlines and constraints generally span a number of electronic modules.While control design progresses, ECU hardware design can start, because rough computational andmemory requirement, as well as interfacing standards, sensors, and actuators, are already known At theend of both control design and hardware design, software implementation can start As mentioned earlier,most of the software running on modern ECUs is automatically generated (model-based design).The electronic subsystem supplier in the hardware implementation phase can use both off-the-shelfcomponents (such as memories), Application Specific Standard Products (ASSPs) (such as microcontrol-lers and standard bus interfaces), and even ASICs and FPGAs (typically for sensor and actuator signalconditioning and conversion)

The final phase, called system integration, is generally performed by the car manufacturer again

It can be an extremely lengthy and an expensive phase, because it requires the use of expensive detailedmodels of the controlled system (e.g., the engine, modeled with DSP-based multiprocessors) or even

of actual car prototypes The goal of integration is to ensure smooth subsystem communication (e.g.,checking that there are no duplicate module identifiers and that there is enough bandwidth in everyin-vehicle bus) Simulation support in this domain is provided by companies such as Vast and Axys (nowpart of ARM), who sell both fast instruction-set simulators for the most commonly used processors inthe networked embedded system domain, and network simulation models exploiting either proprietarysimulation engines, for example, in the case of Virtio, or standard simulators (HDL [Hardware DescriptionLanguage] or SystemC)

1.3 Networks Embedded Systems

1.3.1 Networked Embedded Systems in Industrial Automation

Although for the origins of field area networks, one can look back as far as the end of 1960s in thenuclear instrumentation domain, CAMAC network [4], and beginning of 1970s in avionics and aerospace

applications, MIL-STD-1553 bus [5], it was the industrial automation area which brought the main thrust

of developments The need for integration of heterogeneous systems, difficult at that time due to the lack ofstandards, resulted in two major initiatives which have had a lasting impact on the integration concepts, andarchitecture of the protocol stack of field area networks These initiatives were TOP (Technical and OfficeProtocol) [6] and MAP (Manufacturing Automation Protocol) [7] projects The two projects exposedsome pitfalls of the full seven-layer stack implementations (ISO/OSI model [3]) As a result, typically, onlythe layers 1 (physical layer), 2 (data link layer, including implicitly the medium access control layer), and

7 (application layer, which also covers user layer) are used in the field area networks [8]; also prescribed

by the international fieldbus standard, IEC 61158 [9] In IEC 61158, functions of layers 3 and 4 arerecommended to be placed in either layers 2 or 7 — network and transport layers are not required in

a single segment network typical of process and industrial automation (situation is different though inbuilding automation, for instance, where the routing functionality and end-to-end control may be neededarising from a hierarchical network structure); functions of layers 5 and 6 are always covered in layer 7.The evolution of fieldbus technology which begun well over two decades ago has resulted in a multitude

of solutions reflecting the competing commercial interests of their developers and standardization bodies,both national and international: IEC [10], ISO [11], ISA[12], CENELEC [13], and CEN[14] This isalso reflected in IEC 61158 (adopted in 2000), which accommodates all national standards and userorganization championed fieldbus systems Subsequently, implementation guidelines were compiled intocommunication profiles, IEC 61784-1 [15] Those communication profiles identify seven main systems(or communication profile families) known by brand names as Foundation Fieldbus (H1, HSE, H2)used in process and factory automation; ControlNet and EtherNet/IP both used in factory automation;PROFIBUS (DP, PA) used in factory and process automation respectively; PROFInet used in factoryautomation; P-Net (RS 485, RS 232) used in factory automation and shipbuilding; WorldFIP used infactory automation; INTERBUS, INTERBUS TCP/IP, and INTERBUS Subset used in factory automation;

Swiftnet transport, Swiftnet full stack used by aircraft manufacturers The listed application areas are the

dominant ones

Ethernet, the backbone technology for office networks, is increasingly being adopted for communication

in factories and plants at the fieldbus level The random and native CSMA/CD arbitration mechanism isbeing replaced by other solutions allowing for deterministic behavior required in real-time communica-tion to support soft and hard real-time deadlines, time synchronization of activities required to controldrives, for instance, and for exchange of small data records characteristic of monitoring and controlactions The emerging Real-Time Ethernet (RTE), Ethernet augmented with real-time extensions, understandardization by IEC/SC65C committee, is a fieldbus technology which incorporates Ethernet for thelower two layers in the OSI model There are already a number of implementations, which use one ofthe three different approaches to meet real-time requirements First approach is based on retaining theTCP/UDP/IP protocols suite unchanged (subject to nondeterministic delays); all real-time modificationsare enforced in the top layer Implementations in this category include Modbus/TPC [16] (defined bySchneider Electric and supported by Modbus-IDA [17]), EtherNet/IP [18] (defined by Rockwell andsupported by the Open DeviceNet Vendor Association (ODVA) [19] and ControlNet International [20]),P-Net (on IP) [21] (proposed by the Danish P-Net national committee), and Vnet/IP [22] (developed

by Yokogawa, Japan) In the second approach, the TCP/UDP/IP protocols suite is bypassed, the Ethernetfunctionality is accessed directly — in this case, RTE protocols use their own protocol stack in addition tothe standard IP protocol stack The implementations in this category include Ethernet Powerlink (EPL)[23] (defined by Bernecker+ Rainer [B&R],and now supported by the Ethernet Powerlink StandardisationGroup [24]), TCnet (a Time-critical Control Network) [25] (a proposal from Toshiba), EPA (Ethernetfor Plant Automation) [26] (a Chinese proposal), and PROFIBUS CBA (Component-Based Automation)[27] (defined by several manufacturers including Siemens, and supported by PROFIBUS International[28]) Finally, in the third approach, the Ethernet mechanism and infrastructure are modified Theimplementations include SERCOS III [29] (under development by SERCOS), EtherCAT [30] (defined byBeckhoff and supported by the EtherCat Technology Group [31]), and PROFINET IO [32] (defined byseveral manufacturers including Siemens, and supported by PROFIBUS International)

The use of standard components such as protocol stacks, Ethernet controllers, bridges, etc., allows tomitigate the ownership and maintenance cost The direct support for the Internet technologies allowsfor vertical integration of various levels of industrial enterprise hierarchy to include seamless integrationbetween automation and business logistic levels to exchange jobs and production (process) data; transpar-ent data interfaces for all stages of the plant life cycle; the Internet- and web-enabled remote diagnosticsand maintenance, as well as electronic orders and transactions In the case of industrial automation, theadvent and use of networking has allowed for horizontal and vertical integration of industrial enterprises.

1.3.2 Networked Embedded Systems in Building Automation

Another fast growing application area for networked embedded systems is building automation [33].Building automation systems aim at the control of the internal environment, as well as the immediateexternal environment of a building, or a building complex At present, the focus of research and technologydevelopment is on commercial type of buildings (office building, exhibition center, shopping complex,etc.) In future, this will also include industrial type of buildings, which pose substantial challenges tothe development of effective monitoring and control solutions Some of the main services to be offered

by the building automation systems typically include: climate control to include heating, ventilation, airconditioning; visual comfort to cover artificial lighting, control of day light; safety services such as firealarm, and emergency sound system; security protection; control of utilities such as power, gas, watersupply, etc.; internal transportation systems to mention lifts, escalators, etc

In terms of the quality of the service requirements imposed on the field area networks, buildingautomation systems differ considerably from their counterparts in industrial automation, for instance.There is seldom a need for hard real-time communication; the timing requirements are much morerelaxed Traffic volume in normal operation is low Typical traffic is event driven, and mostly uses peer-to-peer communication paradigm Fault tolerance and network management are important aspects As withindustrial fieldbus systems, there are a number of bodies involved in the standardization of technologiesfor building automation, including the field area networks

The communication architecture supporting automation systems embedded in the buildings has ically three levels: field, control, and management levels The field level, involves operation of elementssuch as switches, motors, lighting cells, dry cells, etc The peer-to-peer communication is perhaps mostevident at that level; toggling a switch should activate a lighting cell(s), for instance The automationlevel is typically used to evaluate new control strategies for the lower level in response to the changes inthe environment; reduction in the day light intensity, external temperature change, etc LonWorks [34],BACnet [35], and EIB/KNX [36–39] are open system networks, which can be used at more than onelevel of the communication architecture A round up of LonWorks will be provided in the following, as arepresentative example of specialized field area networks used in building automation

typ-LonWorks (EIA-709), a trademark of Echelon Corp [40], employs LonTalk protocol which implementsall seven layers of the ISO/OSI reference model The LonTalk protocol was published as a formal standard[41], and revised in 2002 [42]

In EIA-709, layer 2 supports various communication media such as twisted pair cables (78 Kbit/sec[EIA-709.3] or 1.25 Mbit/sec), power line communication (4 Kbit/sec, EIA-709.2), radio frequency chan-nel, infrared connections, fiber optic channels (1.25 Mbit/sec), as well as IP connections based on theEIA-852 protocol standard [43] in order to tunnel EIA-709 data packets through IP (Intranet, Inter-net) networks A p-persistent CSMA bus arbitration scheme is used on twisted pair cables For othercommunication media, the EIA-709 protocol stack uses the arbitration scheme defined for the very media.The EIA-709 layer 3 supports a variety of different addressing schemes and advanced routing capa-bilities The entire routable address space of a LonTalk network is referred to as the domain (Figure 1.1)

A domain is restricted to 255 subnets; a subnet allows for up to 127 nodes The total number of addressablenodes in a domain can reach 32385; up to 248domains can be addressed Domain gateways can be builtbetween logical domains in order to allow for a communication across domain boundaries Groups can

be formed in order to send a single data packet to a group of nodes using a multicast addressed message

Node x

Node x

Node 3 Node x Group # 1

Node 1 Node 1 Node 2

Router

S/N

S/N S/N

S/N

S/N S/N

Domain gateway

FIGURE 1.1 Addressing elements in EIA-709 networks (From D Loy, Fundamentals of LonWorks/EIA — 709

networks: ANSI/EIA — 709 protocol standard (LonTalk) In The Industrial Communication Technology Handbook,

Zurawski, R (Ed.), CRC Press, Boca Raton, FL, 2005 With permission.)

Routing is performed between different subnets only An EIA-709 node can send a unicast addressed

message to exactly one node using either unique 48-bit node identification (Node ID) address or the

logical subnet/node address A multicast addressed message can be sent to either a group of nodes (groupaddress), or all nodes in the subnet, or all nodes in the entire domain (broadcast address)

The EIA-709 layer 4 supports four types of services The unacknowledged service transmits the datapacket from the sender to the receiver The unacknowledged repeated service transmits the same datapacket a number of times The number of retries is programmable The acknowledged service transmitsthe data packet and waits for an acknowledgment from the receiver If not received by the transmitter, thesame data packet is sent again The number of retries is programmable The request response service sends

a request message to the receiver; the receiver must respond with a response message, for instance, withstatistics information There is a provision for authentication of acknowledged transmissions, althoughnot very efficient

Network nodes (which, typically, include Neuron chip, RAM/Flash, power source, clock, networktransceiver, and input/output interface connecting to sensor and actuator) can be based on the Echelon’sNeuron chip series manufactured by Motorola, Toshiba, and Cypress; recently also based on other platformindependent implementations such as LoyTec LC3020 controller The Neuron chips-based controllers areprogrammed with the Echelon’s Neuron C language, which is a derivative of ANSI C Other controllerssuch as LC3020 are programmed with standard ANSI C The basic element of Neuron C is the NetworkVariable (NV) which can be propagated over the network For instance, SNVT_temp variable repres-ents temperature in degree Celsius; SNVT stands for Standard Network Variable Type Network nodescommunicate with each other by exchanging NVs Another way to communicate between nodes is byusing explicit messages The Neuron C programs are used to schedule application events and to react toincoming data packets (receiving NVs) from the network interface Depending on the network media andthe network transceivers, a variety of network topologies are possible with LonWorks nodes, to includebus, ring, star, and free topology

As the interoperability on all seven OSI layers does not guarantee interworkable products, the LonMarkorganization [44] has published interoperability guidelines for nodes that use the LonTalk protocol.

A number of task groups within LonMark define functional profiles (subset of all the possible protocolfeatures) for analog input, analog output, temperature sensor, etc The task groups focus on various types

of applications such as home/utility, HVAC, lighting, etc

LonBuilder and NodeBuilder are development and integration tools offered by Echelon Both toolsallow writing Neuron C programs, to compile and link them and download the final application intothe target node hardware NodeBuilder supports debugging of one node at the time LonBuilder, whichsupports simultaneous debugging of multiple nodes, has a built in protocol analyzer and a network binder

to create communication relationships between network nodes The Echelon’s LNS (network operatingsystem) provides tools that allow one to install, monitor, control, manage, and maintain control devices,and to transparently perform these services over any IP-based network, including the Internet

1.3.3 Automotive Networked Embedded Systems

Similar trends appear in the automotive electronic systems where the ECUs are networked by means ofone of automotive specific communication protocols for the purpose of controlling one of the vehiclefunctions; for instance, electronic engine control, antilocking break system, active suspension, telematics,

to mention a few In Reference 45, a number of functional domains have been identified for the deployment

of automotive networked embedded systems They include the powertrain domain, involving, in general,control of engine and transmission; the chassis domain involving control of suspension, steering andbraking, etc.; the body domain involving control of wipers, lights, doors, windows, seats, mirrors, etc.;the telematics domain involving, mostly, the integration of wireless communications, vehicle monitoringsystems, and vehicle location systems; and the multimedia and Human Machine Interface (HMI) domains.The different domains impose varying constraints on the networked embedded systems in terms ofperformance, safety requirements, and Quality of Services (QoSs) For instance, the powertrain and chassisdomains will mandate real-time control; typically, bounded delay is required, as well as fault-tolerantservices

There are a number of reasons for the interest of the automotive industry in adopting mechatronicsolutions, known by their generic name as x-by-wire, aiming to replace mechanical, hydraulic, and pneu-matic systems by electrical/electronic systems The main factors seem to be economic in nature, improvedreliability of components, and increased functionality to be achieved with a combination of embed-ded hardware and software Steer-by-wire, brake-by-wire, or throttle-by-wire systems are representativeexamples of those systems But, it seems that certain safety-critical systems such as steer-by-wire andbrake-by-wire will be complemented with traditional mechanical/hydraulic backups, for safety reasons.The dependability of x-by-wire systems is one of the main requirements, as well as constraints on theadoption of this kind of systems In this context, a safety-critical x-by-wire system has to ensure that asystem failure does not lead to a state in which human life, property, or environment are endangered; and

a single failure of one component does not lead to a failure of the whole x-by-wire system [46] Whenusing Safety Integrity Level (SIL) scale, it is required for x-by-wire systems that the probability of a failure

of a safety-critical system does not exceed the figure of 10−9per hour/system This figure corresponds to

the SIL4 level Another equally important requirement for the x-by-wire systems is to observe hard time constraints imposed by the system dynamics; the end-to-end response times must be bounded forsafety-critical systems A violation of this requirement may lead to performance degradation of the controlsystem, and other consequences as a result Not all automotive electronic systems are safety critical Forinstance, system(s) to control seats, door locks, internal lights, etc., are not Different performance, safety,and QoS requirements dictated by various in-car application domains necessitate adoption of differentsolutions, which, in turn, gave rise to a significant number of communication protocols for automotiveapplications Time-triggered protocols based on TDMA (Time Division Multiple Access) medium accesscontrol technology are particularly well suited for the safety-critical solutions, as they provide deterministicaccess to the medium In this category, there are two protocols, which, in principle, meet the requirements