Mentor Graphics’ CEO digs into how the automotive industry and IoT security will change semiconductor design.
Wally Rhines, chairman and CEO of Mentor Graphics, sat down with Semiconductor Engineering to talk about changes in automotive electronics, IoT security issues, and how this affects semiconductor design. What follows are excerpts of that conversation.
SE: In automotive, one of the big changes is that we are no longer dealing with two-year lifecycles. As more SoCs are added into autonomous and semi-autonomous vehicles, they will have to last 10 to 15 years. That’s a different verification problem, isn’t it?
Rhines: The problem with automotive electronics and the fact that you don’t buy a new car every year or two has been around a while now. There’s a fundamental dynamic going on in the automotive industry to solve several problems. One is the proliferation of electronics and software. Hundreds of electronic control units are spread throughout the car. There is 100 million or more lines of software code, as well as security issues, infotainment, driver assistance, and self-driving. This is a lot of change at once. One of the things that becomes obvious to all the car manufacturers is, for security reasons, they have to isolate safety subsystems effectively. Some would say you can’t even allow electrical connections. That changes the architecture of the car. No matter how good you are at embedded software, you aren’t going to write 100 million lines of code without bugs and doors for hackers and other things. The answer is you have to be able to update easily. Tesla has set a model for the industry of how to do that—updating a whole fleet in 24 hours. It’s going to be a long time before the legacy part of the market gets it, but it will be a necessary requirement.
SE: As you know from updating your PC, as the years go by it becomes slower and slower. We’ve never gotten to the point in the car industry where we’ve had years of updates and incompatibilities and things we haven’t pondered before.
Rhines: They would be delighted if you were forced to buy a new car every three years because the electronics have become unwieldy. People are probably not going to do that, so there will be ways to retrofit. It will be a different world. As an example, we deal with one on the maintenance side, unrelated to the embedded software that goes into a car—the wire harness. Today, about one in every three to five cars has a custom wire harness. If you don’t take the (optional) little wipers on the headlights, they don’t run a wire there because they are expensive and connections are expensive. Your wire harness is different from every other car because it is unique. So when you pull it in to get it repaired, you have the problem of, ‘Is the yellow wire connected to the orange wire? And where does that one go?’ You have to be able to enter a vehicle identification number by car and download the wiring diagram for that particular car so you can work on it and identify the problem. That has to be supported through the whole infrastructure. It’s still a long way from being fanned out to all the companies and all the service locations.
SE: But the goal is that these things don’t break down as fast, right? So chipmakers are suddenly in a liability loop for self-driving cars.
Rhines: This is a testy area. Most of our industry, EDA and the semiconductor industry, is reluctant to accept liability for recalls, accidents, and such for the small price of what they sell into a vehicle. The new entrants into the automotive space understand that. Some of the long-term suppliers still believe they rule the world and can force that liability down. There will be evolution over time. If you are going to have innovation in the auto industry, you are going to have to protect your supply chain and limit the liability going forward—especially in self-driving cars. Even the car manufacturers are testing the waters. Tesla has the, ‘You touched the turn signal so it was you who caused it to change lanes, not the car.’
SE: You’ve been dealing with the automotive industry for quite a while. How have the relationships and demands of the Tier-1 suppliers and automakers changed for EDA companies and chipmakers?
Rhines: We introduced our first wire harness product in 1992. If you are impatient, this is not industry to work in because adoption takes a lot of time, especially for enterprise products that have to be supported by all parts of manufacturing and design. It’s very laborious and I doubt we’d do it again if we hadn’t spent the last 25 years building the relationships. The thing that is changing is the hierarchy of the automotive OEM, Tier-1 semiconductor supplier. The automotive OEMs are very sensitive to the fact that their supply chain, their ability to react and move quickly, is limited by the embedded software that’s wrapped around chips and ECUs that are supplied by their Tier-1’s or semiconductor companies that are wrapping more embedded software around their chips. They would like to minimize that impact. One of the first things that happened was about 12 to 14 years ago AUTOSAR as a standard started really taking hold and was something we got into very early. AUTOSAR is a way for them to have standard interfaces and move execution from processor to processor. Another thing that happened was that OEMs starting driving the system architecture through the embedded software for systems, particularly infotainment and now ADAS, and surprisingly they used independent companies to do it. We go in and do the embedded software, and then we’ll help the chip suppliers to demonstrate their chips with our software. The elimination occurs eventually. The OEM chooses a Tier 1, a semiconductor supplier, and then we work together with all of them to get the embedded software working together. It’s a whole different model. We had a lot of trouble in the embedded software business 10 years ago selling directly to the OEMs. Now we are virtually in every competition.
SE: The automakers have a reputation for squeezing every last penny out of the design chain. Is that still true or are they more willing to invest a bit more than in the past?
Rhines: Purchasing is a core competence of the automotive industry. They are very effective at it. The good news is they are used to paying for expensive subsystems and other things, so we are a drop in the bucket compared to the money spent on developing a new vehicle. Like everyone else, they have limited resources and they beat down the costs of everything they can, but they can’t get too far down the Pareto. One benefit is that we are replacing a lot of expensive stuff with alternative solutions that cost less—software for hardware, for example.
SE: There’s been a lot of talk that people coming into the semiconductor industry understand software, but they don’t necessarily understand hardware. The number of software engineers being hired by chip companies is probably in the range of 2 to 3 to 1 for software versus hardware. As that trend grows and software engineers become more part of the design process, does the software now define the hardware?
Rhines: More and more differentiation of the vehicle comes from its software. It used to be that the mechanical is what defined the vehicle. Today, it’s more and more the electronics. And then, over time, it’s the software with the electronics. This applies to almost all of IoT, as well. When more of the value is coming from the software, the semiconductor suppliers either differentiate through their own embedded software or applications or cooperation with people who are creating it. Or they have a lot of trouble generating the value. The automotive semiconductor purchases grow about 6% a year, which is not that bad in today’s industry compared to the overall semi industry. For the amount of effort that is going into automotive electronics, the semiconductor companies are hoping to get an even bigger piece of the pie, and that means more and more software development that goes around the chips they provide.
SE: How do you see the IoT unfolding?
Rhines: No one really knows what the killer apps are going to be, but they suspect that they are going to come from the application expertise side rather than the semiconductor expertise side. The great thing about IoT is that it involves millions or billions of parts. The bad news is they have to be very low price and low power. Semiconductor content as part of the total solution is probably a smaller part. In our own case, as this became more and more evident, we discovered almost by accident that people who are creating these innovative applications aren’t used to doing things with complex integrated circuits. The chip is just part of the solution they provide. All of sudden they wanted to do chip design but didn’t have the infrastructure to do it. Tanner, for example, had all sorts of people doing weird things—MEMS, entry-level IC design—and it was coming from all sorts of weird places. It’s now my new compass of what the world of IoT is evolving to. People are doing all sorts of stuff. Like every transition, we can’t predict who will be the winners and losers, so you have to be out there with a big funnel capturing as much that you can of the opportunities because someone will end up being the driver of the volume.
SE: The initial perception is that you would be interfacing much more with your refrigerator and washing machine. The newer perception is that lots of devices will be connected but necessarily to each other or other markets, even though that is part of some long-range plans. How do you fit into all these different stages from design through verification process?
Rhines: Like every industry, it’s not a universal enterprise solution that comes out of the sky and everyone adopts. It’s piece by piece. You have expertise in a certain area and you now have the benefits of the data in the cloud, so you have access to all sources of data that way. Then you build your application. The question is what is the expertise the EDA industry brings. We bring design expertise for chips, modules, complex packaging, as well as at the other end, big data processing, networking, servers and all the gateways in between that seem to be proliferating at a rapid rate. There’s lot of growth opportunities. The other part is that EDA companies, more and more, are providing embedded software and other types of app expertise and building their own niches. Embedded software is starting to be a significant percentage of our revenue as that is where the opportunities are.
SE: One of the big gating factors on the IoT is security. Where’s your play from a design and embedded software standpoint?
Rhines: We have a great deal of activity in security. There are lots of levels that it becomes important for. First, how do you get hack-proof systems? There are a variety of techniques, including standard approaches, open source approaches, and proprietary ones. There’s a lot of software development. Second, there are issues associated with the integrity of the semiconductor supply chain, where we have to do something to get counterfeit chips or reused chips off the market. This means you need an identification capability built into the chips, which is another design opportunity for the EDA industry. Last, how do you detect and protect from embedded Trojans? When you look at all the IP that is designed into chips and the amount of it that has pulled things from open-source communities and websites, this is a very leaky supply chain for the designer of a chip. You are going to need techniques built into chips to not only detect Trojans and other unwanted sources, but also to have defenses against them.
SE: Can we use current and expanded tools for the design and say this is now a secure system?
Rhines: We definitely have to build in security using the current tools because people designing integrated circuits are not going to adopt all new tool sets just to secure integrated circuits. It’s an add-on to the existing flow but it’s not a trivial add-on. If you look today there are techniques that provide a very high level of security. The military has used them for quite some time. There are PUFs (Physically unclonable functions) and other things that you can build into a design to make it very secure. The problem is that it adds to the cost of the chip. People who manufacture chips spend as much money as they need to satisfy their customer needs. If the customers don’t tell them they need security, they don’t spend the money to give them security. I expect at one point we’ll see some kind of incident that involves financial or human loss related to an embedded Trojan in a chip, or something like that. As a result, there will be a counter-reaction and the purchasers of integrated circuits will come back to their supplier and say, ‘Sign this statement that says you will guarantee there are no embedded Trojans in the chips you are selling me.’ Then the legal department will say, ‘Don’t sign that.’ Suddenly, there will be a rush to determine what can be guaranteed, and then they’ll find out best practices allow you to do quite a bit more than the average design is doing today. Security will then be another growth area for EDA. This is only a matter of time. We searched the internet for any reportable case of an embedded Trojan in a chip and we’ve only found one reported, and it was fairly minor. We go to agencies in Washington, D.C., and we ask the question, ‘So why are we worried about embedded Trojans in chips, because we can’t even really name a case where it has happened?’ Washington rolls their eyes and won’t tell you. I have to believe it is truly a problem.
SE: Part of the issue with security is that the bad guys talk to each other over the internet, but the good guys never tell what happened because they don’t want it out there.
Rhines: Nobody wants to reveal problems with their own products. The Black Hat Conference has become a major event that we send people to. They are openly exchanging techniques. The other conference DEF CON is a bit more restrictive, where they didn’t allow the good guys to attend. They have hackathons and challenges. It’s quite a lively area with lots of opportunities for innovation, and ultimately a design problem, as well.
SE: And one place you never take the USB handouts.
Rhines. That’s true. At DEF CON, you are not allowed to pay with a credit card because they know what happens to credit cards. You have to pay in cash.
SE: If you tackle security, it has to be done at a chip level, software stack, and as a system issue too. Are we starting to move more into the system approach, particularly as we move into the IoT?
Rhines: This is a fundamental issue for all of EDA. There is an evolution that occurs in the adoption of automation. I’ve watched it over my career. When I started my career, things were largely manual. SPICE was not introduced until after I was designing integrated circuits. In my early jobs as an engineering manager, we did 30 chips a year without any design verification or simulation. We did test the chips on our own emulators that we built. We’ve evolved to the point where 100% of integrated circuit design is automated with computers. If you visit systems companies, everything from planes, trains and automobiles to big systems are in the early stages of adoption of automation. Many things are still done semi-manually, but over time as complexity grows they will have to be automated. The reason the EDA industry grew at 15%-plus for 20 years was because the problems kept getting more complex and required automation. The things you did last year in a semi-manual fashion you have to do now in an automated fashion. The same thing is happening in the automotive and aerospace industry. The complexity has grown to the point where people like to use the old technique, but they just can’t anymore because the system is breaking. This creates big opportunities. The systems industry is enormous compared to the integrated circuit industry. The semiconductor industry is $350 billion per year. The electronics equipment business is trillions. It’s a big opportunity.
SE: What are we looking at in terms of design? Is it follow the signal or follow the data?
Rhines: By its very nature it is system verification, so you are following the system function down as low as you have to go. Even with automotive companies, it is not uncommon to go into one of their debug rooms where they are long tables, headlights at one end, tail lights at the other end, and all of these folks testing all the subsystems. You have to use virtual design. It is an inevitability. But it’s a question of which tools, and there is a lot of resistance to change. ‘How can you possibly model anything as complex as the electronics subsystems of a car?’ The answer is you have to model them them because no human being can handle all of those constraints and design complexities in their heads.
SE: It took until almost 40 or 65nm before people put away the spreadsheet and said we need some sort of computational tool. What’s the tipping point for the industries?
Rhines: Like EDA, ease of use is the method you are using today. Nobody changes until they absolutely have to. The tool, the flow, the methodology may be slow and poor quality, but it’s the one you know. You keep using it until it becomes non-competitive and no longer usable. That usually happens when a new project comes along and you figure out you have to change something. That’s when acceptance of technology occurs. We’re seeing it step by step in automotive and aerospace industry. They are all going down the same path and they will get an electronics problem that can’t be solved the old way. Then they start looking at the new way and that’s when the opportunity occurs.
Complete Control Through Software
Software is becoming the critical element in monitoring and controlling critical infrastructure with IoT technology.
Securing Chips During Manufacturing
Can directed electron writing change the security equation?
What’s Important For IoT—Power, Performance Or Integration?
Experts at the table, part 2: Why it’s so hard to make the IoT secure, and different approaches for reducing power.
Auto Security And Technology Questions Persist
Fallout could be slower adoption of autonomous vehicles as ecosystem proceeds with caution.
The Race To Secure The Car
Connectivity and complexity are raising concerns about safety and reliability.