View
222
Download
0
Category
Tags:
Preview:
Citation preview
Embedded Software Programming and Implementation Guidelines
Software Engineering for Embedded SystemCh.7
Robert Oshana and Mark Kraeling
Presented by Kraingkrai Bumroungruksa
Overview
• Principles of high-quality programming• Starting the embedded software project• Variable structure
Principles of High-Quality Programming
• Readability• Maintainability• Testability
Readability
• Clean code helps in reviewing and maintaining the software
Readability
• Poor readability code
Readability
• Better readability code
Maintainability
• Potential problems– Incorrect interpretation– Existing code breaks – Adding another “if” condition
Maintainability
• Solution– Descriptive comments
• Bad comment– “Set timer to 10 seconds”
• Good comment– “Reset timer because if we are here we have received
a properly formatted, CRC-checked, ping request message”
Testability
• Writing software with testability in mind– Unit testing– Code debugging
Testability
• Poor testability
• Good testability
Embedded Software Programmer
• Things to keep in mind– Resources– Hardware features– Performance
Starting the Embedded Software Project
• Hardware platform input• Project files/organization • Team programming guidelines • Syntax standard • Safety requirements in source code
Hardware Platform Input
• Make the connection with the hardware developers early– Hardware interrupt request lines– Memory size– On-chip & off-chip resources– Hardware I/O interfaces– Debugging interface
Project Files Organization
• Separate the following items– Source files written locally – Source files from company libraries – Libraries from third parties – Libraries from compiler/linker toolset
Team Programming Guidelines
• Software Guidelines Checklist – Conformance to syntax standard– Number of source lines per function / per file – Run through code formatter – No compiler warnings – Comment and design document understandability
Syntax Standard
• Code white space
Syntax Standard
• Tabs in source files – Tab characters should not be used • Tab character could be interpreted differently by
source editing tools
– Source code editors provide a way to substitute spaces with the tab character
Syntax Standard
• Alignment within source
int incubator = RED_MAX; /* Setup for Red Zone */char marker = ‘\0’; /* Marker code for zone */
–Improved versionint incubator = RED_MAX; /* Setup for Red Zone */char marker = ‘\0’; /* Marker code for zone */
Safety Requirements in Source Code
• Need to have fail-safe operations • Safety sections clearly marked to standard • Checks are in place to make sure safety-critical
code is executed on-time • Periodic flash and RAM checks are done to
check hardware correctness • Safety-critical data is protected by regular CRC
or data integrity checks
Variable Structure
• Variable declarations • Data types • Definitions
Variable Declarations
• Global variables– Declare the variable in a header file • ip.h
Variable Declarations
• Global variables– Always prefix the name with the “owner” of the
variable itself – Example• Input Processing IP
Variable Declarations
• Global variables– Only modify that variable by its source file– Other source files only have “read” access to the
variable
Variable Declarations
• File scope variables– Share data between multiple functions in a single
source file – Should make the variables “static”• To make it local and not being used by other files
Variable Declarations
• Local variables– No need to use prefix in the name– Use all lower case– Capitalize the first character for “static” variable
Data Types
• Keep an embedded system portable to other processors
• Add a suffix of “_t” to show it is a type definition
Definitions
• Conditional compilation – Allowing a compiler to dictate which code is
compiled and which code is skipped
Definitions
• Conditional compilation – Example: 2 processors (PROCA and PROCB)
Definitions
• #define – Allowing programmers to use a particular naming
convention for values
Ensuring the Integrityof Embedded Software
with Static Code Analysis
B. Chelf, C. Ebert.
Presented by Kraingkrai Bumroungruksa
Key Contribution of the Paper
• A technique to detect defects early
Problem
• Any software system always might have defects
• Software defect in an embedded device can have dramatic consequences
Proposed Solution
• Use static code analysis tool to detect defects
Static Code Analysis Tool
• Typical defect types – Overflows, unassigned variables
• Hard-to-find race conditions • Deadlocks in multithreaded applications
Six Defect Classes
• Division by Zero • Memory Leak • Null Pointer Dereference • Uninitialized Variable • Buffer overflow or Underflow • Inappropriate Cast
Division by Zero
• Runtime error
void divide_by_zero(int x, int y) { int z = x - y; // If x==y, z will be zero y = y / z; // Possible divide by zero error}
Memory Leak • Program should de-allocate the memory once it
has finished using it
int leak_example(int c) { void *p = malloc(10); if (c) return -1; // DEFECT: “p” is leaked /* ... */ free(p); return 0; }
Null Pointer Dereference • A pointer to the memory address 0
void bad_malloc() { // malloc returns NULL on error struct some_struct *x = (struct some_struct*) malloc(sizeof(*x)); // ERROR: memset dereferences possibly NULL pointer x memset(x, 0, sizeof(*x));}
• Function malloc can return NULL when it’s impossible to satisfy the memory allocation request
Uninitialized Variable • A variable is used without first setting it to a
defined value, thus creating unexpected results
int uninit_example(int c) {int x;
if(c)return c;
elsereturn x; // defect: “x” is not initialized
}
Buffer Overflow or Underflow • An attempt to write data into the buffer in a memory location
beyond that buffer’s scope
void overrun() {struct some_struct vmax_mtd[2]; // vmax_mtd has 2 elements, index 0 and 1if (!vmax_mtd[1] && !vmax_mtd[2]) {
// incorrectly accessing vmax_mtd[2]return;
}}
void overrun_pointer() {int buf[10]; // buff has 10 elements, index 0 to 9int *x = &buff[1]; // x now points to buff[1]x[9] = 0; // x[9] is equivalent to buff[10], which is out of bounds
}
Inappropriate Cast
• Inappropriate cast can alter the variable’s value in unexpected ways
int char_io() {char c;c = getchar(); // Returns an int value to c, which is a char
return c;}
Analysing and Improvingthe Performance of Software Code for Real Time Embedded Systems
P. Joshi, K. S. Gurumurthy
Presented by Kraingkrai Bumroungruksa
Key Contribution of the Paper
• Techniques to enhance the performance of the software in ARM processor
Problem
• Poor code design leads to low performance embedded system
Proposed Solution
• Loop transformation – Loop reversal – Loop fusion– Loop unswitching
Loop Reversal
• Reversing the order in which values are assigned to the index variable
• Counting down to zero with the decrement operator is faster than counting up to a number of iterations with the increment operator
• 30% increase in the speed of execution• 20% increase in the code density
Loop Fusion
• Replacing multiple loops with a single one
• 60% increase in the speed of execution• 65% increase in the code density
Loop Unswitching
• Moving the conditional statement outside the loop
• 60% increase in the code execution speed
• 66% decrease in the code density
Recommended