Embedded Software Programming and Implementation Guidelines

Software Engineering for Embedded SystemCh.7

Robert Oshana and Mark Kraeling

Presented by Kraingkrai Bumroungruksa

Overview

• Principles of high-quality programming• Starting the embedded software project• Variable structure

Principles of High-Quality Programming

• Readability• Maintainability• Testability

Readability

• Clean code helps in reviewing and maintaining the software

Readability

• Poor readability code

Readability

• Better readability code

Maintainability

• Potential problems– Incorrect interpretation– Existing code breaks – Adding another “if” condition

Maintainability

• Solution– Descriptive comments

• Bad comment– “Set timer to 10 seconds”

• Good comment– “Reset timer because if we are here we have received

a properly formatted, CRC-checked, ping request message”

Testability

• Writing software with testability in mind– Unit testing– Code debugging

Testability

• Poor testability

• Good testability

Embedded Software Programmer

• Things to keep in mind– Resources– Hardware features– Performance

Starting the Embedded Software Project

• Hardware platform input• Project files/organization • Team programming guidelines • Syntax standard • Safety requirements in source code

Hardware Platform Input

• Make the connection with the hardware developers early– Hardware interrupt request lines– Memory size– On-chip & off-chip resources– Hardware I/O interfaces– Debugging interface

Project Files Organization

• Separate the following items– Source files written locally – Source files from company libraries – Libraries from third parties – Libraries from compiler/linker toolset

Team Programming Guidelines

• Software Guidelines Checklist – Conformance to syntax standard– Number of source lines per function / per file – Run through code formatter – No compiler warnings – Comment and design document understandability

Syntax Standard

• Code white space

Syntax Standard

• Tabs in source files – Tab characters should not be used • Tab character could be interpreted differently by

source editing tools

– Source code editors provide a way to substitute spaces with the tab character

Syntax Standard

• Alignment within source

int incubator = RED_MAX; /* Setup for Red Zone */char marker = ‘\0’; /* Marker code for zone */

–Improved versionint incubator = RED_MAX; /* Setup for Red Zone */char marker = ‘\0’; /* Marker code for zone */

Safety Requirements in Source Code

• Need to have fail-safe operations • Safety sections clearly marked to standard • Checks are in place to make sure safety-critical

code is executed on-time • Periodic flash and RAM checks are done to

check hardware correctness • Safety-critical data is protected by regular CRC

or data integrity checks

Variable Structure

• Variable declarations • Data types • Definitions

Variable Declarations

• Global variables– Declare the variable in a header file • ip.h

Variable Declarations

• Global variables– Always prefix the name with the “owner” of the

variable itself – Example• Input Processing IP

Variable Declarations

• Global variables– Only modify that variable by its source file– Other source files only have “read” access to the

variable

Variable Declarations

• File scope variables– Share data between multiple functions in a single

source file – Should make the variables “static”• To make it local and not being used by other files

Variable Declarations

• Local variables– No need to use prefix in the name– Use all lower case– Capitalize the first character for “static” variable

Data Types

• Keep an embedded system portable to other processors

• Add a suffix of “_t” to show it is a type definition

Definitions

• Conditional compilation – Allowing a compiler to dictate which code is

compiled and which code is skipped

Definitions

• Conditional compilation – Example: 2 processors (PROCA and PROCB)

Definitions

• #define – Allowing programmers to use a particular naming

convention for values

Ensuring the Integrityof Embedded Software

with Static Code Analysis

B. Chelf, C. Ebert.

Presented by Kraingkrai Bumroungruksa

Key Contribution of the Paper

• A technique to detect defects early

Problem

• Any software system always might have defects

• Software defect in an embedded device can have dramatic consequences

Proposed Solution

• Use static code analysis tool to detect defects

Static Code Analysis Tool

• Typical defect types – Overflows, unassigned variables

• Hard-to-find race conditions • Deadlocks in multithreaded applications

Six Defect Classes

• Division by Zero • Memory Leak • Null Pointer Dereference • Uninitialized Variable • Buffer overflow or Underflow • Inappropriate Cast

Division by Zero

• Runtime error

void divide_by_zero(int x, int y) { int z = x - y; // If x==y, z will be zero y = y / z; // Possible divide by zero error}

Memory Leak • Program should de-allocate the memory once it

has finished using it

int leak_example(int c) { void *p = malloc(10); if (c) return -1; // DEFECT: “p” is leaked /* ... */ free(p); return 0; }

Null Pointer Dereference • A pointer to the memory address 0

void bad_malloc() { // malloc returns NULL on error struct some_struct *x = (struct some_struct*) malloc(sizeof(*x)); // ERROR: memset dereferences possibly NULL pointer x memset(x, 0, sizeof(*x));}

• Function malloc can return NULL when it’s impossible to satisfy the memory allocation request

Uninitialized Variable • A variable is used without first setting it to a

defined value, thus creating unexpected results

int uninit_example(int c) {int x;

if(c)return c;

elsereturn x; // defect: “x” is not initialized

}

Buffer Overflow or Underflow • An attempt to write data into the buffer in a memory location

beyond that buffer’s scope

void overrun() {struct some_struct vmax_mtd[2]; // vmax_mtd has 2 elements, index 0 and 1if (!vmax_mtd[1] && !vmax_mtd[2]) {

// incorrectly accessing vmax_mtd[2]return;

}}

void overrun_pointer() {int buf[10]; // buff has 10 elements, index 0 to 9int *x = &buff[1]; // x now points to buff[1]x[9] = 0; // x[9] is equivalent to buff[10], which is out of bounds

}

Inappropriate Cast

• Inappropriate cast can alter the variable’s value in unexpected ways

int char_io() {char c;c = getchar(); // Returns an int value to c, which is a char

return c;}

Analysing and Improvingthe Performance of Software Code for Real Time Embedded Systems

P. Joshi, K. S. Gurumurthy

Presented by Kraingkrai Bumroungruksa

Key Contribution of the Paper

• Techniques to enhance the performance of the software in ARM processor

Problem

• Poor code design leads to low performance embedded system

Proposed Solution

• Loop transformation – Loop reversal – Loop fusion– Loop unswitching

Loop Reversal

• Reversing the order in which values are assigned to the index variable

• Counting down to zero with the decrement operator is faster than counting up to a number of iterations with the increment operator

• 30% increase in the speed of execution• 20% increase in the code density

Loop Fusion

• Replacing multiple loops with a single one

• 60% increase in the speed of execution• 65% increase in the code density

Loop Unswitching

• Moving the conditional statement outside the loop

• 60% increase in the code execution speed

• 66% decrease in the code density