Monday, October 10, 2011

Embedded Systems Week day 1

ESWeek consists of three conferences (CASES, EMSOFT and CODES+ISSS) which run in parallel followed by two days with multiple workshops including the Workshop on Embedded Systems Security. Each of the conference days starts with a common keynote followed by the separate conference sessions. From today's keynote I'd like to highlight on small example which demonstrates some problems of VLSI development quite well: the Hamlet circuit:
ToBe := ToBe or (not ToBe); --unclocked
(i.e. In a purely logic world, this will stabilise at ToBe = 1 no matter what the initial value of ToBe is. But in the real world, wire delays exist and - for certain wire delays - the circuit will not stabilise . This is a nice example of the problems faced by place & route tools as well as by verification and certification methods.

One of the most interesting talks I've heard today was the first talk of the CODES+ISSS Session 1B on "An Energy-Efficient Patchable Accelerator for Post-Silicon Engineering Changes" by H. Yoshida and M. Fujita. The authors propose an ASIC architecture for HW accelerators that is to some degree patchable to handle errors in the chip design. A HW accelerator (e.g. for a block cipher) is a specialized chip consisting of one or more functional units (e.g. one round of the block cipher), registers, an interconnect network and a finite state machine that controls what happens in the chip. Thus, the chip can perform the function (e.g. encryptions and decryptions) with a very high throughput and a relatively low energy consumption. But if an error in the chip design is detected after the chip has been manufactured, the manufactured chips are useless and a very costly respin of the production masks is required to produce error free chips. Programmable chips such as FPGAs, microprocessors or CPUs on the other hand incur a significantly lower throughput and a relatively high energy consumption.

The patchable architecture proposed by the authors creates a new category of chips situated between fixed function ASICs and programmable chips to offer a throughput almost as high as that of a pure ASIC at an only moderately increased energy consumption. They modify only the finite state machine of the ASIC so that, still at the manufacturer but after production, a set of additional rules can be added to the finite state machine. The example shown in the talk fixes an erroneous transition in the finite state machine itself and, depending on the functional units available and the type of error, errors in a functional unit should be fixable as well although this comes with a higher reduction of the throughput. From a security point of view, the added flexibility makes it harder to verify and certify a chip e.g. for highest security levels but it is still a lot easier than verification and certification of programmable chips.

I do expect that there will be further proposals of possible architectures filling up the gap between fixed function ASICs and programmable chips; if the market trends (respins becoming more often with each technology step while the costs of a respin is growing exponentially) that were shown in the talks continue, the economic value of patchable architectures is bound to grow accordingly.

No comments:

Post a Comment