fundamental technology on dependable soc and sip for
TRANSCRIPT
Fundamental Technology on Dependable SoC and SiP
for Embedded Real-Time Systems
Nobuyuki Yamasaki (Keio Univ.)Kikuo Wada (NECAT)
Masayuki Inaba (Tokyo Univ.)
IntroductionTarget: High-end embedded real-time systems
Traditional researches: most researches on softwareTime quantum: 1msec
Requirements for embedded real-time systemsVery small size, various functions, low power, scalability, noise tolerance, heat tolerance, etc.
VLSI (SoC) operates only after it is mounted on a substrate.
Dependability on VLSI system→ Depends on a substrate mounting technology
SoC-SiP-Board co-design→Improvement of dependability
Software can take full advantage of hardware. RTOS-Processor-Communication co-designRTOS-Middleware co-design
Kojiro (Tokyo Univ.)
Control board
SiPSoC
Requirements for a high power motor driverReal-time processing under high speed communication
Motor temperature estimation processing for very high power motor driving such as 20 times overdrive rated at 200W
• Current control cycle: 10msec → 10μsecReliability, availability, and safety on communication and control under high-stress environment
Huge current noise, unusual situation such as cable disconnection, etc
⇒ Prevention of fatal accidentsRequirements for a large scale distributed motor driver
Microminiaturization of the controller (size: 36x46x7mm)Area constraint of the digital control part: 20mm squareReal-time communication and control under the size constraint
• Poor processing power of current MPU (H8S/2215 16MHz)• Limit of control cycle: 1msec → 10μsec• External computation servers (Xeon 3.4GHz x 2) are required.
• High communication traffic 7.2MB/sec• Limit of Inter-device synchronization cycle: 8msec (USB) →
100μsec (Responsive Link)Reliability of communication under the size limitation
• Severe noises under the logic servo systemsPower saving scheme under the large scale distributed control
Static power of a whole logic part: 80W@idle → 1W
Requirements in the Field of High-end Robots
Kojiro (Tokyo Univ.)
•Freedom 82 DOFs•Driven -muscle 109•# of controllers 60
High power leg: HRP3L-JSK (Tokyo Univ.)Continuous current 80[V],100[A],15[sec]Peak current 80[V],200[A],10[msec]
Evaluation indicatorsEvaluation itemsClassification
Dependability Evaluation Indicators
Reliability
Availability
Real-timePower
Noise tolerance
Heat radiation
Safety
Maintainability
Footprint
Plug-and-Play
Heat control
Parts replacement
Board replacement
Failure analysis
Hard/soft time constraint (T/F)Time quantum (sec)Jitter (sec)Dynamic power (W)Static power (W)S/N ratio (%)Thermal resistance (deg C/W)Integration to robots (T/F)Correct operating (T/F)Network reconfig time (sec)
Self-monitoring (T/F)
Repair and replacement (sec)
Repair and replacement (sec)
Failure analysis (sec)
Network failure
①②③④
⑤⑥⑦⑧⑨
Humanoid robot levelD-RMTP SiPs are connected via Responsive LinkAdaptive ECC for Responsive LinkNetwork reconfiguration to avoid faulty linksTask migration from faulty SiPs
SiP levelD-RMTP SoC and memory modules are integrated on a board by FFCSPThermal control using self-monitoringRedundant FFCSP links to improve yield
SoC levelProcessing cores are connected via NoCRedundant processing cores and network links
Multi-Level Dependability Support
DRMTPSiP
DRMTPSiP
DRMTPSiP DRMTP
SiP
DRMTPSiP DRMTP
SiP
ResponsiveLink
Humanoid Robot
DRMTP SoC
MemoryModules
D-RMTP II SoC
D-RMTP I SiP
Robot Level Dependability
DRMTPSiP
DRMTPSiP
DRMTPSiP DRMTP
SiP
DRMTPSiP DRMTP
SiP
ResponsiveLink
Humanoid Robot
ECC code (4Byte)
ECC code(1Byte) Line code
Reed-Solomon(48, 32)
BCH (16, 8)
BS+NRZI (9, 8)
8b10b (10, 8)
4b10b (10, 4)
Hamming(12, 8)
BS+NRZI (9, 8)
8b10b (10, 8)
4b10b (10, 4)
None8b10b (10, 8)
4b10b (10, 4)
NoneBCH
(16, 8)
BS+NRZI (9, 8)
8b10b (10, 8)
4b10b (10, 4) Received waveform w/ noise
D-RMTP SiPs are connected via Responsive LinkPermanent faults (links & boards)
Network reconfiguration to avoid faulty linksTask migration from faulty D-RMTP SiPs
Transient faults (links)Adaptive ECC & line codes for Responsive Link
(1)Permanent faults by link disconnection
(2)Transient faults by motor noise
③
⑦⑧⑤
D-RMTP SoC and DRAM modules are integrated on a board by FFCSPOverheating (DRAM & CPU)
Thermal control using self-monitoring
Permanent faults (links)Redundant vertical links to improve yield
SiP Level Dependability
20μsec
20μsec
0.80V
1.10V
Voltage transition (0.81.1V)
Voltage & thermal control (D-RMTP I)
DRAMDRMTP IIFPGA Substrate
Vertical chip stacking (D-RMTP II)Redundant vertical links
①④
③
Processing cores are connected via Network-on-ChipPermanent faults (cores)
Redundant processing cores and task migration from faulty cores
Fault analysis (cores)Instruction-level trace buffer (much like a flight recorder)
SoC Level Dependability
Redundant cores (D-RMTP II)
⑤
⑥
Trace buffer (D-RMTP I)
Redundant cores
FY20
12FY
2013
FPC D-RMTP Ⅱ DRAMOrganic Interposer
Silicon Interposer
FPC Metal FrameHeat Sink
D-RMTP III
FPC
MetalFrame
DRAMChip-on-ChipConnection
Chip-on-ChipConnection
Multistage bonding by FFCSP technology
Approx 1,100pins of Chip-to-Chip Connection through Organic Interposer
Embedded Sensors had already been completed in FY2011.
Network-on-Chip (NoC) is extended to 3-D NoC that interconnects chips in a package to improve performance and dependability.
Same chips are bonded on both side of the Interposer
Sensor
Approx 100pins of Chip-to-Chip Connection through FPC
Approx 10,000pins of Chip-to-Chip Connection through Silicon
InterposerApprox 100pins of
Chip-to-Chip Connection through
FPC
①
SiP Design Plan for Dependablity
①
②
③
③
④
④
SiPStructure
Chip-to-Chip Connection
Pin Count : Approx 100 pinsLength : 16mm
Pin Count : Approx 500 pinsLength : 0.4mm
Chip-to-Chip Interface
I/O Buffer (SSTL, LVDS, etc.)Driving Power:1.5V/15mA(SSTL15)
LSI Internal Logic LevelDriving Power:1.0V/several μA
Network-on-Chip (NoC) is extended for 3-D NoC that interconnects chips in a package to improve performance and dependability.
D-RMTP IIDRAM
Organic Interposer
Same chips are bonded on both side of the Interposer
FPC
Sensor
Embedded Sensors had been already completed in FY2011.
Low Power ConsumptionHigh Power Consumption
Low Band Width, More Cross Talk High Band Width, Less Cross Talk
NoC
信号
NoC
信号
150μm pitch Vertical Connection
SiP Design for Dependability
Organic Interposer Silicon Interposer
Structure
NoCConnection
Approx 1,100 Connections/sq. 5mm
Approx 10,000 Connections/sq. 5mm
Stress of Chips
More(CTE of Interposer is larger than Chips)
Less(CTE of Interposer is equal to Chips)
D-RMTP II DRAM
OrganicInterposer
D-RMTP II DRAM
SiliconInterposer
150um
NoC
信号
NoC
信号
50um
NoC
信号
NoC
信号
NoC
信号
NoC
信号
150um PitchNoC Connection
Laser Via Through Silicon Via
9 TimesDenser
50um PitchNoC Connection
Dependability is Further Improved by using Silicon Interposer
Additional Idea for Further Dependability
Dependability Verification for RoboticsRobot technology for social practical use
High-power humanoids for home assistive robotsMulti-DOFs human-like robots for friendship and familiarity
1)Under high-power environmentFast/low latency real-time communicationReliability of communication and control(Noise/heat tolerance)Computing power for fast control tasks
2)Under multi-DOFs distributed environmentReal-time communicationAchievement of VLSI tecnology for small motor driverReliability under complicated communication pathLow power based on RT-DVFS control
Extension High-power leg platform (HRP3-JSK-leg)
Multi-Dofs musculoskeletal humanoid (Kojiro)
Basic Experiments of High-power Actuation
Testing environment for high-power dependability verification
D-RMTPI SoC/SiP(30mm^2)
Control board with D-RMTPI SoC/SiP
Water cooling motor driver module with D-RMTPI SoC/SiP(85x60x34mm)
Water cooling box
Motor driver
Motor with low gear ratio
Light/high stiffness link
Tactile sensing by using rotary encoder
Collision object
FPGA
Experiment of motor control on RMTPReal-time control thread: 1msecTransmitter/Receiver communication thread: 100msec
Experiment of communication between multi-RMTPDriver board with RMPT - PCI testing board with RMTPResponsive Link (RL) communication
One axis testing environmentDemonstration of avoiding collision object
Motor
RL receiver thread
Serial transmitter thread
Motor control thread
Serial receiver thread
RMTPSerial receiver thread
RL receiver thread
Serial transmitter thread
Motor command
Monitoring
M-RMTP
High-power Leg Experiment: Push Recovery
Push recovery control against sudden big impact to trunk bodyLarge computing power to search more stable foot steps
Calculation time on Intel E8600 4.0GHz: 1msecHigh power joint performance to achieve calculated joint trajectory
Max instant current 100A for achievement of step width 250mm and step time 250msec
External force while push recovery demonstration
0 0.5 1 1.5 2 2. 5 3-600
-500
-400
-300
-200
-100
0
100
time[s]
force [N]
xyz
Push recovery demonstration
Searching more stable foot steps
Peak force: 590[N]
Pulse width: 140[msec]
Robotics Functional SafetyDifficulty to define explicit functional safety standard
Robotics applications are on developing immature stagecf. Automobile area is enough mature : ISO26262
Toward international standard criterion for roboticsRobot safety center by life support robot commercialization project
Testing functional safety for home assistive robots→Proposal of international safety standard ISO 13482 for service robots
Test environment for collision safety
Test environment for static safety
Testing safety of service robots under various situations
Robot Technology Middleware with SIL3 Capable of IEC 61528
“RTM Safety” by SECCommercially available, May 2012Middleware for service robots
RTM Safety consists of two packagesRTM Safety Package
Framework for development of RT componentsSafety Library Package
Functions for development of safety software
Watchdog APL Components with functional safety standards
Functional safety library
Component framework
OS abstraction layer N/W abstraction layer
Trouble detection function
Internal CLK
(Peripheral circuit)
Power supply/Reset
Function Data reference Data setting ClockPackage framework of RTM Safety
System diagram of RTM Safety
Wheel chair robot with RTM Safety