2 CROSS-SECTIONAL TECHNOLOGIES

Sustainability is a major goal of the European ECS industry; as described in Chapter 0, there are two sustainability goals:

On the one hand, we need to produce sustainable ECS, i.e. products that contribute to sustainability by being highly energy efficient, by producing less or even no emissions; products, which have a long lifetime and which are built from materials that can be recycled or used in other contexts afterwards (second life).

On the other hand, we need to produce ECS in a sustainable way, i.e., by using less energy for design, validation and production, and by increasing the useful lifetime of systems and/or their components.

Together, these actions contribute to eight of the seventeen sustainability goals of the United Nations and the EU, namely SDG 3 Good Health and Wellbeing, SDG 6 Clean Water (and sanitation), SDG 7 Affordable and clean Energy, SDG 8 Decent work and economic growth, SDG 9 Industry, Innovation, and Infrastructure, SDG 11 Sustainable Cities and communities, SDG 12 Responsible consumption and production, and SDG 13 Climate Action.

This Major Challenge groups the most prominent Key Focus Areas contributing to these goals. It should be noted, however, that these two goals have been a driving factor for many of the advancements done in ECS Design and Validation during the last decades. Building engines that are better – stronger, more reliable, etc. – while using less fuel or other resources, heavily contributing to the Smart Grid, usage of new materials and many other activities during recent years aim to achieve sustainable ECS based products as well as a sustainable way of designing and testing them. Thus, one kind find sustainability goals behind many of the focus areas described in Major Challenges 1, 3 and 4, although there sustainability might not be the main driver, but a highly advantageous second goal of that topic area.

There is a strong technology push combined with a need raised by the increased functionality of ECS based products to switch to lifecycle aware design processes and continuous development of ECS-based products, including data collection from systems under production and from operation, as described Major Challenge 1. This switch perfectly matches the Lifecycle aware Design Optimizations described in the following section. Together, these will enable the design of ECS based products that are produced using less and less energy and other resources, which are more easily repairable and which are recyclable or reusable at the end of their initial lifetime. Continuous Design Flows also drive the need for Updates and updatable systems, which perfectly matches the fact that Updates are also a need to extend useful lifetime of a product, thus increasing its sustainability. The two focus areas of 'Energy and resource efficient test procedures and equipment’ and ‘Low power design’ directly contribute to the sustainability of the design and test process as well as the energy consumption of the system.

Lifecycle aware Design Optimizations

Lifecycle aware design optimizations is a collective term for procedures and methods that aim at designing sustainable ECS. It comprises

• ‘Design for producability’ aiming at designing ECS that can be produced resource efficiently (i.e. with low consumption of energy and other resources’), Notice, that this topic comprises a lot more than only thinking about production materials and changing them in a sustainable way. For example, in the Electric-/Electronic Architecture of cars, the recent change from using point to point communication lines between different computational units to installing more and more communication busses (i.e. common communication lines used by many computational units) resulted not only in using less copper wires, but also in a fundamental shift in communication patterns and protocols that influenced the complete design of the application software.

• ‘Design for recycling/reuse’, which is mostly concerned with the materials, and

• ‘Design for reparability’, which comprises both, architectural methods that enable or ease reparability of a system as well as design and management of spare parts.

All of them essentially face the same challenges, namely

• Specification techniques for the corresponding requirements (of producibility, recycling/reuse and reparability)

• Requirement capturing

• Implementation techniques for these requirements

• Validation/Test methods for these requirements

• Conflict resolution techniques for requirement (i.e., how to handle a situation in which e.g., a safety requirement conflicts with a producibility requirement).

Especially for requirement capturing and validation methods, these techniques profit from data collection during production and operation, as described in Major Challenge 1 under “Lifecycle aware holistic design flows”, which enables a continuous design flow also for these aspects of the system.

Updates

Updates resp. the property to be ‘updateable’ has the potential of significantly increasing the lifetime of a product and thus increase its sustainability. An ‘Update’ of an ECS is a change in the functionality and/or in the realization (implementation) of some functionality of an ECS. Updates can be done by exchanging components or modules of a (sub-)system and by exchanging (parts) of the software running on it. The former requires physical access to the product, which can be done during regular or additional maintenance services, the later can also be done ‘over the air’ only. There are three reasons for updates: The first is error correction, i.e., when an hitherto unknown functional error or a security hazard is detected, it can be corrected via an update. The second is performance or usability optimization and variation. If a function in an ECS can be implemented in different ways – for example engine control in a car can be done ‘smooth’ or ‘sportive’ or in many other ways – then a change in the implementation can be realized by updates. Updates initiated by one of these two reasons already have a highly positive impact on sustainability. However, the main benefit for sustainability stems from the third reason for updates, which is adding functionality to an ECS already in use, thus avoiding replacement of the product in favour of ‘newer, better versions’. The main challenges for updates are first, ensuring quality of the updated system. Taking safety as the major quality of an ECS again, it is difficult to analyse and guarantee all the existing safety properties of a system for the new, updated system, seeing that the updated system is already in operation and thus not available for physical tests anymore. The second challenge lies in the fact that there are typically many – sometimes even thousands – of variants of a product in operation, and the update has to fit all of them and quality has to be assured for all of them. The third challenges mostly concerns over-the-air software updates, for which safe and secure deployment has to be guaranteed.

Energy and resource efficient test procedures and equipment

Testing and validation of ECS used to be a very energy consuming task, with hundreds and thousands of physical tests taking place not only with the final product (or a prototype thereof), but also with all subsystems, components and modules of the system. The setup, maintenance and operation of the various test environments were also highly resource intensive. With the shift to virtual engineering including the use of digital twins and virtual testing (c.f. Major Challenge 1), many physical tests can be avoided. However, first, the number of physical tests needed is still fairly large, and reducing their energy and resource consumption is still an important topic. In addition, virtual engineering itself requires energy for all the computers, servers, and simulation suites that are needed for it. Any technique that lowers power consumption for computers, servers, and clouds is therefore also beneficial here, as are methods that reduce the number of test cases needed for showing quality attributes.

Ultra-low power design methods

The potential application area for ultra-low power electronic systems is very high due to the rapidly advancing miniaturisation of electronics and semiconductors, as well as the ever-increasing connectivity enabled by it. This ranges from biological implants, home automation, the condition-monitoring of materials to location-tracking of food, goods or technical devices and machines. Digital products such as radio frequency/radio frequency identification (RF/RFID) chips, nanowires, high-frequency (HF) architectures, SW architectures or ultra-low power computers with extremely low power consumption support these trends very well (see also appendix A on RISC-V). Such systems must be functional for extended periods of time with a limited amount of energy.

The ultra-low-power design methods comprise the areas of efficiency modelling and low-power optimisation with given performance profiles, as well as the design of energy-optimised computer architectures, energy-optimised software structures or special low-temperature electronics (c.f. chapters 1.1, 1.2 and 1.3). Helpful here are system-level automatic DSE (design space exploration) approaches able to fully consider energy/power issues (e.g. dark silicon, energy/power/performance trade-offs) and techniques. The design must consider the application-specific requirements, such as the functional requirements, power demand, necessary safety level, existing communication channels, desired fault tolerance, targeted quality level and the given energy demand and energy supply profiles, energy harvesting gains and, last but not least, the system’s lifetime.

Exact modelling of the system behaviour of ultra-low power systems and components enables simulations to compare and analyse energy consumption with the application-specific requirements so that a global optimisation of the overall system is possible. Energy harvesting and the occurrence of parasitic effects, must also be taken into account.

The new system capabilities (intelligence, autonomy, evolvability), as well as the required system properties (safety, security, reliability, trustworthiness), each considerably increase complexity (c.f. Part 3 and Sub-section 2.3.1 above). Increasingly complex environments in which these systems are expected to operate, and the increasingly complex tasks (functionalities) that these systems need to perform in this environment, are further sources of soaring system complexity. Rising complexity leads to a dramatic upsurge in the effort of designing and testing, especially for safety-critical applications where certification is usually required. Therefore, an increased time to market and increased costs are expected, and competitiveness in engineering ECS is endangered. New and improved methods and tools are needed to handle this new complexity, to enable the development and design of complex systems to fulfil all functional and non-functional requirements, and to obtain cost-effective solutions from high productivity. Three complexity-related action areas will help to master this change:

• methods to enable efficient Safety Assurance Cases

• methods and tools to increase design efficiency.

• complexity reduction methods and tools for V&V and testing.

• methods and tools for advanced architectures.

The connection of electronics systems and the fact that these systems change in functionality over their lifetime continuously drives complexity. In the design phase of new connected highly autonomous and evolvable ECS, this complexity must be handled and analysed automatically to support engineers in generating best-in-class designs with respect to design productivity, efficiency and cost reduction. New methods and tools are needed to handle this new complexity during the design, manufacturing and operations phases. These methods and tools, handling also safety related non functional requirements, should work either automatically or be recommender-based for engineers to have the complexity under control (see also the corresponding challenges in chapter 1.3. Embedded Software and Beyond).

Complexity increases the effort required, especially in the field of V&V of connected autonomous electronics systems, which depend on each other and alter over their lifetime (cf. chapter 3.1). The innumerable combinations and variety of ECS must be handled and validated. To that end, new tools and methods are required to help test engineers in creating test cases automatically, analysing testability and test coverage on the fly while optimising the complete test flow regarding test efficiency and cost. This should be achieved by identifying the smallest possible set of test cases sufficient to test all possible system behaviours. It is important to increase design efficiency and implement methods that speed up the design process of ECS. Methods and tools for X-in-the-loop simulation and testing must be developed, where X represents hardware, software, models, systems, or a combination of these. A key result of this major challenge will be the inclusion of complexity-reduction methods for future ECS-based systems into the design flows derived in Major Challenge 1, including seamless tool support, as well as modular architectures that support advanced computation methods (AI, advanced control), system improvements (updates), replacement and recycling by 2026. Building on these, modular and evolvable/extendable reference architectures and (hierarchical, open source-based) chips (i.e., RISC-V, see appendix A), modules, components, systems and platforms that support continuous system improvement, self- awareness, health and environment monitoring, and safe and secure deployment of updates, will be realised by 2029.

Assurance Cases

Safety Assurance Cases are a commonly and successfully used method to show that a certain product possesses certain qualities, e.g., safety. Corresponding arguments for other qualities (like security, dependability, etc.) are being used as well.

Safety Assurance cases consist of a set of Safety Cases or Safety Arguments. ISO 26262 states that “the purpose of a safety case is to provide a clear, comprehensive and defensible argument, supported by evidence, that an item is free from unreasonable risk when operated in an intended context’. According to the CAE principle, Safety Arguments comprise Claims, i.e. that the system fulfills a certain safety related requirement, and Arguments, i.e., an explanation – or proof -- why a claim (or sub claim) is valid. Arguments, in turn, comprise sub-claims – for which in turn an Argument is needed -- or evidence, i.e., an analysis or test results or other findings from the implemented system that support the (sub-claim).

Safety Assurance cases are still a valid means for showing Safety (or other qualities) of an ECS-based product. However, the following non-trivial extensions to the method are needed in order to be able to handle modern and future ECS-based products:

• ODD, behavior competencies: To construct safety cases, both the operational context as well as the functionality of the system needs to be specified. While there has been considerable advancement in describing operational context by ODDs (Operational Design Domains), including first standardization activities, there still is a lot of room for further improvement. Behavior Competencies, which are used to formally describe the systems functionality, are still further behind. Together these two concepts need to be extended by means to describe reduced functional behavior and minimal risk maneuvers.

• Handling of unknowns: Both the definition of the operational context as well as the functionality of the system will contain uncertainties and unknowns (c.f. Handling of Uncertainties in Major Challenge 1). To include these in the safety argument, statistical reasoning and/or three-valued logics need to be used.

• Quality metrics and Guarantees: For highly automated (up to autonomous) systems, which may have part of their functionality implemented by Artificial Intelligence, it is sometimes infeasible to collect the evidence needed to support a certain (sub-)claim. For example, in the automotive sector for autonomous driving, test driving the number of miles required is infeasible. Sometimes, on the other hand, we do not even know what quality to measure or what guaranteed performance would be evidence to support a certain (sub-)claim. Again as an example, for AI-based object detection, we cannot interfere how much training and how many tests are required to guarantee this property. The challenge here is to find quality Metrics and Guarantees that (a) are sufficiently strong to support the safety argument and (b) can be measured or analyzed with the needed efficiency.

Methods and tools to increase design and V&V efficiency

Design efficiency is a key factor for keeping and strengthening engineering competitiveness. Design and engineering in the virtual world using simulation techniques require increasingly efficient modelling methods of complex systems and components. Virtual design methodology will be boosted by the research topics:

• XIL-testing (X-in-the-loop, with X=model, system, software, hardware,.. incl. mixed-modes

• XIL simulation techniques and tools, speed up of simulation, accuracy of simulation, multi-domain co-simulation

• Efficient modelling, test and analysis for reliable, complex systems on different abstraction levels

• Evaluation of architecture and design of the ECS SW/HW with real tests

Complexity reduction methods and tools for V&V and testing

A second way to manage complexity is the complexity-related reduction of effort during the engineering process. Complexity generates most effort in test, and V&V, ensuring compatibility and proper behaviour in networking ECS. Consistent hierarchical design and architectures, and tool-based methods to design those architectures automatically, are needed. Advanced test methods with intelligent algorithms for test termination, as well as automated metrics for testability and diagnosis (including diagnosis during run-time), must be developed and installed. This includes the following research topics:

• Recommender-based guidance in V&V process for complex ECS systems

• Automated generation of testcases from models/digital twins of ECS systems

• Test coverage calculation by means of models and testcases (coverage-driven V&V)

• Minimizing effort for V&V based on models, AI techniques

• Advanced test methods, intelligent concepts for test termination, automated metrics/tools for testability, diagnosis, and extraction of diagnostic information

• Methods and tools for consistent, hierarchical design, V&V and test

• Energy and resource efficient test procedures and equipment

Methods and tools for advanced architectures

Complexity, and also future complexity, is mainly influenced by the Architecture. Future architectures must support complex, highly connected ECS that use advanced computational methods and AI, as well as machine learning, which lead to a change of ECS over lifetime. Especially for AI (cf. chapter 2.1), this includes support for V&V of the AI method, for shielding mechanisms and other forms of fault/uncertainty detention resp. for prevention of fault propagations, and for advanced monitoring concepts, that allow deep introspection of components and modules as well as hierarchical ‘flagging’, merging and handling of monitoring results and detected anomalies. For this, reference architectures and platform architectures are required on all levels of the design hierarchy (for the system and SOS levels, see also the challenges “Open SoS architecture and infrastructure”, “SoS interoperability” and related challenges in chapter 1.4 on System of Systems).

An additional focus of Architecture exploration and optimisation must be architectures that ease the necessary efforts for analysis, test, V&V and certification of applications. Hierarchical, modular architectures that support a divide-and-conquer approach for the design and integration of constituent modules with respect to subsystems have the potential to reduce the demand for analysis and V&V (“correct by design” approach). As integration platforms, they have to ensure interoperability of constituent ECS. For the Architecture exploration and optimisation itself, AI-based methods are needed to achieve a global optimum. Overall, holistic design approaches and tools for architectures of multi-level/multi-domain systems are the goal.

Apart from the benefits that reference architectures and platforms have at a technological level, they are also important economically. As integration platforms for solutions of different vendors, they serve as a focal point for value chain-based ecosystems. Once these ecosystems reach a certain size and market impact, the platforms can serve as the basis for corresponding “platform economies” (cf. Major Challenge “Open SoS architecture and infrastructure” in chapter 1.4). Thus, the following research topics turn out:

• Architecture exploration and optimization, including multi-aspect optimization (e.g. safety, security, comfort, functionality,…) and AI based optimization methods

• Architectures supporting advanced computation methods (AI, advanced control,…)

• Architectures and tools for non von-Neumann and neuromorphic computing

• Architectures supporting self-awareness, health and environment monitoring on all levels of the design hierarchy

• Platform and middleware architectures, also for extremely distributed, multi-layered SoS and IoT applications

• Reference architectures for continuous system improvement, i.e. across evolving system generations 

• Architectures for V&V and certification, including automatic evaluation of computation and deployment decisions (i.e. on chip, edge, fog, cloud).

• Modular and evolvable/extendable architectures (supporting traceability of evolution, also supporting modular updates, replacement and recycling for a circular economy

• (SW-HW) architecture mapping (incl. resource mapping and tracing (communication, scheduling, …), incl. requirement matching and tracing

All of the above topics need to be examined and developed in conjunction with corresponding changes in design and validation tools (‘Design for Target Architectures’, ‘Design for platforms’) in order to leverage on the complexity reduction that they bring.

In the ECS context, diversity is everywhere – between polarities such as analogue and digital, continuous and discrete, and virtual and physical. With the growing diversity of today’s heterogeneous systems, the integration of analogue-mixed signals, sensors, micro-electromechanical systems (MEMS), chiplets, actuators and power devices, transducers and storage devices is essential. Additionally, domains of physics such as mechanical, photonic and fluidic aspects have to be considered at the system level, and for embedded and distributed software. The resulting design diversity is enormous. It requires multi-objective optimisation of systems (and SoS), components and products based on heterogeneous modelling and simulation tools, which in turn drives the growing need for heterogeneous model management and analytics. Last, but not least, a multi-layered connection between the digital and physical world is needed (for real-time as well as scenario investigations). Thus, the ability to handle this diversity on any level of the design hierarchy, and anywhere it occurs, is paramount, and a wide range of applications has to be supported.

The management of diversity has been one of Europe’s strengths for many years. This is not only due to European expertise in driving More-than-Moore issues, but also because of the diversity of Europe’s industrial base. Managing diversity is therefore a key competence. Research, development and innovation (R&D&I) activities in this area aim at the development of design technologies to enable the development of complex, smart and, especially, diverse systems and services. All these have to incorporate the growing heterogeneity of devices and functions, including its V&V across mixed disciplines (electrical, mechanical, thermal, magnetic, chemical and/ or optical, etc). New methods and tools are needed to handle this growing diversity during the phases of design, manufacturing and operation in an automated way. As in complexity, it is important to increase design efficiency on diversity issues in the design process of ECS. A major consequence of this challenge will be the inclusion of methods to cope with all diversity issues in future ECS-based systems, which have been introduced into the design flows derived in Major Challenge 1, including seamless tool support for engineers.

The main R&D&I activities for this fourth major challenge are grouped into the following key focus areas.

Multi-objective design and optimisation of components and systems

The area of multi-objective optimisation of components, systems and software running on SoS comprises integrated development processes for application-wide product engineering along the value chain (cf. Part 1 and appendix A on RISC-V). It also concerns modelling, constraint management, multi-criteria, cross-domain optimisation and standardised interfaces. This includes the following research topics

• Consistent & complete Co-Design & integrated simulation of IC, package and board in the application context

• Methods and Tools to support multi-domain designs (i.e., electronic/electric and hydraulic, …) and multi paradigm designs (different vendors, modelling languages, …) and HW/SW co-design

• Advanced Design Space Exploration and iterative Design techniques, inl. Multi-aspect optimization (Performance vs. cost vs. space vs. power vs. reliability)

• Modular design of 2.5 and 3D integrated systems and chiplets and flexible substrates

Modelling, analysis, design and test methods for heterogeneous systems considering properties, physical effects and constraints

The area of modelling, analysis, design, integration and testing for heterogeneous systems considering properties, physical effects and constraints comprises the following methods and tools which all need to consider chiplet technology aspects: .

• Methods and tools for design, modelling and integration of heterogeneous systems (incl. chiplet technology)

• Hierarchical methods for hardware/software co-simulation and co-development of heterogeneous systems (multi-scale, multi-rate modelling and simulation)

• Modelling methods to take account of operating conditions, statistical scattering and system changes

• Hierarchical modelling and early assessment of critical physical effects and properties from SoC up to system level

• Analysis techniques for new circuit concepts and special operating conditions (voltage domain check, especially for start-up, floating node analysis ...)

Automation of analogue and integration of analogue and digital design methods

The area of automation of analogue and integration of analogue and digital design methods comprises the following research topics:

Connecting the virtual and physical world of mixed domains in real environments

The area of connecting the virtual and physical worlds of mixed domains in real environments is about the following research topics:

• Metrics for analogue/mixed signal (AMS) testability and diagnostic efficiency (including V&V & test)

• Harmonisation of methods and tooling environments for analogue, RF and digital design

• Automation of analogue and RF design – i.e. high-level description, synthesis acceleration and physical design, modularisation and the use of standardised components

  • Advanced analysis considering the bi-directional connectivity of the virtual and physical world of ECS and its environment (including environmental modelling, multimodal simulation, simulation of (digital) functional and physical effects, emulation and coupling with real, potentially heterogenous, hardware, and integration of all of these into a continuous design and validation flow for heterogeneous systems, cf. Major Challenge 1 and 2 above).

  • Novel more-than-Moore design methods and tools,

  • Models and model libraries for chemical and biological systems