Part 2: Concerns grow about ethical choices and liability in AI-based safety-critical systems, and who will be responsible for making those decisions.
Semiconductor Engineering sat down with Wally Rhines, president and CEO of Mentor, a Siemens Business; Simon Segars, CEO of Arm; Grant Pierce, CEO of Sonics; and Dean Drako, CEO of IC Manage. What follows are excerpts of that conversation. To view part one, click here.
L-R: Dean Drako, Grant Pierce, Wally Rhines, Simon Segars. Photo: Paul Cohen/ESD Alliance
SE: AI, deep learning and machine learning are the hot growth markets today, but these systems are unique. They are extremely high performance and low power, and they are changing all the time. What does that mean for EDA and design?
Segars: The biggest purchasers of wafers in China are people doing AI chips. That’s not to say they’re really small or low power. Most of things are sitting in a liquid cooling system.
Drako: I thought the largest purchases are for cryptocurrency mining.
Segars: Nonetheless, these are huge chips crunching data and running these algorithms. The question is how much parallelism can you throw at a program.
SE: Particularly on the training side, right? When you started getting into the inferencing, that changes significantly.
Segars: Yes. We see a world where there’s inference happening in small microcontrollers. How much acceleration you have for that is going to vary, so there will be some low-power things in there. If you put in some dedicated processing to speed up doing vector math, that’s going to help lower the power relative to doing everything on a general-purpose processor. That is not very different from the kind of chips that people have been designing for a long time. There’s lots of heterogeneous compute engines around that. There’s a lot of development going on around the algorithms, and then mapping those algorithms down to efficient hardware. But in the end it’s going to drive real big chips and and everything in between.
Rhines: Every time we get into one of these waves, there’s enormous competition of everyone coming up with the architectures, new special-purpose chips, accelerators and so on. It’s terrific for EDA.
Drako: It’s kind of like what happened with RISC.
Rhines: Yes, there were a bunch of competitors before that sorted itself out, and there will be again. That’s good for EDA because all competitors need to buy complete tool sets. Look at the rise that occurred when everyone was coming out with different wireless implementations of 2G, 3G, et cetera. And then the number of cell phone manufacturers collapsed from 350 down to a tenth of that. The EDA industry took a little bit of a dip and then moved right on. The semiconductor industry is quite volatile and could go up a factor of 20% to 30%. That doesn’t happen in EDA.
Segars: What’s different here, when you look broadly at AI, is the number of different end applications to which that technology can be applied is huge. It’s not like I’m building a 2G technology and it’s going into this handset. I believe we’re in the first innings of the AI algorithms, but there is a long way to go. We’re far away from standardized designs, and we have many, many years of innovation ahead of us before that’s near to mature.
SE: And yet we’re relying on that technology for many more critical things than we were in the past.
Rhines: We plan to rely on it.
SE: There are cars on the road today using AI, right?
Pierce: Yes, but usually they come with fine print that says, ‘Do not run without monitoring this.’ There is a lot of excitement over the fact that we can do all these things with neural networks. But there is also the terror that comes with it when you actually have to stand behind what you created and give someone the assurance that it will operate as it was designed to operate, because it’s very tough to verify and very tough to acquire enough data to actually do the training. So we have a lack of sufficient data that we’ve used for the early training, and that’s being used to alter the architecture through optimization. Figuring out what I am going to put into this machine to make the right decisions is a lot like raising a child. Who defines what the right decision is? That’s a huge question. Are we going to be able to maintain the providence of how I developed the machine in order to take a look at the decision it made? And can you understand what it is that I might need to change in order to improve that decision? That’s a huge, huge challenge.
SE: One scenario that keeps popping up across the industry, at various conferences, is a question of ethics. If you’re driving down the road and you have an autonomous vehicle and it has to choose between which person it’s going to hit, does it kill the driver or hit the person in front of you?
Segars: There isn’t an answer right now. There is a lot of research on this. There is a team up at MIT developing a website called Moral Machine, where it shows these scenarios of a car going down the road. Does it run over of a bunch of guys running out of a bank with loot bags or a pregnant lady? You can play around with it. They’re gathering all this information about what humans actually think about these scenarios. We can’t define it. But do you really want to trust some coder?
SE: What does this mean for chip design? We’ve been going along on the assumption that we’re going to develop a chip that’s faster, smaller, lower power, but now we have to start building a lot of other things into designs that we didn’t think about the past. Are we equipped as an industry to do this?
Drako: This is an interesting point, particularly in the automotive world where safety comes into it. We’ve dealt with that a little bit in the semiconductor industry, particularly for medical applications. But a huge portion of what we sell is marked, ‘Do not use this in life-threatening situations.’ For the auto industry, that’s kind of the way it is. And so as an industry, we’re learning a little bit about those places and ideas, and those concepts and reliability things, which are a little bit new for us.
Segars: Some of these things have been around for a long time. The semiconductor industry knows how to build safety-critical things, but it’s been a niche activity. In the next decade, there will be much more emphasis on where did that component come from, who designed it, show me all the sign-offs of everything that they’ve checked and that it was correct. How many cycles did you run in the cloud? Verification of all of that is going to become a much bigger deal, and it is going to increase the cost of design. But given that the downsides are so much greater, it’s something that we’re going to have to learn how to deal with.
SE: So you’re talking about extending liability further down the supply chain?
Segars: More people are going to be sending chips into a supply chain where liability matters. It’s not the same as when you make a chip for a phone and test it, because you’re going to throw it away in two years time, anyway.
Drako: Yes. ‘Sorry, there’s a bug. Here’s a software patch.’
SE: Related to that, if we build chips that are better than what people can do, is that good enough? What becomes the basis of what is good enough in design?
Rhines: EDA companies in general don’t build the chips. Their customers do. They make that decision based upon what their customers will accept, what regulatory restrictions they have, and how concerned they are about legal liability. And they do lots of tradeoffs that are probably different for different customers. And so what we try to do is give them the tools to make those assessments.
Drako: Yes, and there’s a whole layer of software on there that is actually making the majority of the decisions, not the hardware.
Pierce: It’s very different for people who develop IP because you have the same block that’s being used in very different contexts. That’s very scary. So you have to become far more expert at the system level for how the IP is interacting with the other IP on the chip. You have to understand ISO 26262. You have to be a in a position of understanding, for the faults that you might incur, what is the rest of the system capable of mitigating? And in finding that fault, does it correct for it or go into different modes to adjust for it? This extends the reach of the expertise that you must be able to bring to the IP that you sell. We sell configurable IP, so for every design we go into, the actual hardware that gets created for our product is different. That compounds the problem a bit. So what do we have to do? We have to provide our customers the means by which they can understand our context for how we’ve created the IP, and then make sure that they know the complimentary work that must be done around it. So we have to actually give them not only our IP, but the methodology for determining how to make it safe.
Segars: All of this is about the supply chain of components that go into something that has some safety criticality to it. You go t through the limitations in which configurable IP can be used. In any of these safety critical systems, you’re signing off how something was done against the standard. We rely on the fact that the SPICE model in the EDA tool actually does accurately represent the process. ‘Show me that you approve this does accurately model the process.’ But you only need one error, because you’re no longer just designing a chip in isolation.
SE: It’s part of a much bigger system. You’re splitting off the edge from the cloud and you’re doing computing in multiple different places. You’re putting multiple different processors in a design. How does that affect what you’re doing here in terms of design?
Segars: It’s another form of complexity that’s going to have to get managed through the design process.
Pierce: You have to know what was the intent. You have to capture it, you have to communicate it. It has to dovetail into the rest of the design.
Segars: Generally, complexity is the friend of the EDA industry. But this is a new form of complexity, and it’s going to require computer software to solve it. And it doesn’t exist right now.
Leave a Reply