Software Engineering for Embedded Systems: Methods, Practical Techniques, and Applications

front-matter
Front Matter
Contributors_2019_Software-Engineering-for-Embedded-Systems
Contributors
Acknowledgments_2019_Software-Engineering-for-Embedded-Systems
Acknowledgments
C01
Software Engineering for Embedded and Real-Time Systems
Software Engineering
Embedded Systems
Embedded Systems Are Reactive Systems
Real-Time Systems
Types of Real-Time Systems—Soft and Hard
Differences Between Real-Time and Time-Shared Systems
Example of a Hard Real-Time System
Based on Signal Sample, Time to Perform Actions Before Next Sample Arrives
Hard Real-Time Systems
Real-Time Event Characteristics
Real-Time Event Categories
Efficient Execution and the Execution Environment
Efficiency Overview
Resource Management
Challenges in Real-Time System Design
Response Time
Recovering From Failures
The Embedded System’s Software Build Process
Distributed and Multiprocessor Architectures
Software for Embedded Systems
Super Loop Architecture
Power-Saving Super Loop
Window Lift Embedded Design
Hardware Abstraction Layers for Embedded Systems
C02
Software Development Process
Getting Started
Project Planning
Risk Management
Kicking Off the Project
Requirements
User Requirements
System Requirements
Architecture
Safety-Critical Elements
Operating Performance
Security
Reliability and Availability
Design
Object-Oriented Programming
System Context
Class Identification
Design Modeling
Real-Time Design
Implementation
Testing
Validation and Verification
Integration Testing
Release Testing
Performance Testing
Rolling It Together: Agile Development
Scaling for Complexity/Organization
Roles
Keep Your Plans!
Meetings for Planning
Quarterly Release Planning
Sprint Planning
Plan for Your Unplanned
Documentation
Requirements vs. Acceptance Criteria
Go With the Flow
Agile Ceremonies Promote and Increase Flow
Feature Writing, Decomposition, and Grooming
Detailed Documents and Meetings
Sprint Backlog Grooming
Daily Scrum
Sprint Demo
Release Demo
Sprint Retro
Agile Flow Exists Within and Between Sprints
Within Sprints
Work Item Fields and States
User Story Cycle
How Do We Write User Stories and How Granular Should They Be?
Vertical Slices
Between Sprints
Product vs. Project Teams Have Different Flows
Supporting the Team’s Flow
ART Flow
Advanced Topics
Metrics and Transparency
Metrics: Some is Better Than None
Getting Comfortable With Data
The Export vs. Live Data Paradigm
Inspecting and Adapting With Metrics
Tooling
Tooling and Metrics
Agile and Alignments
Conclusion
Exercises
References
Further Reading
C03
Embedded and Multicore System Architecture—Design and Optimization
Introduction
The Right Way and the Wrong Way
Understanding Requirements
Mapping the Application
Performance Calculations to Map the Application to Hardware
How Many Channels Can the Core Handle?
Are the I/O and Memory Capable of This Many Channels?
How the Estimation Results Drive Options
Helping the Compiler and Build Tools
Choosing Algorithmic Components to Work With Compilers and Architectures
Power Optimization
C04
Basic Programming Techniques
Introduction
Reference Platform Overview
Understanding Hardware
SDK Installation
Download and Installation
Building a Project
Debugging the Project
Target System Configuration and Initialization
System Reset
Clock Configuration
I/O Pin Configuration
I/O Pin Initialization
SDK I/O Helper Routines
Programming Examples
General Purpose I/O—Blinking LED
Basic Serial I/O—Polled UART Send/Receive
Overview of Interrupt Handlers
Basic Timer Operation—Low-Power Timer (LPTMR)
Summary
Questions and Answers
C05
Programming and Implementation Guidelines
Introduction
Principles of High-Quality Programming
Readability
Maintainability
Testability
What Sets Embedded Apart From General Programming
Starting the Embedded Software Project
Hardware Platform Input
Project Files/Organization
Source Files Written Locally
Source Files From Company Libraries
Libraries From Third Parties
Libraries From Compiler/Linker Toolsets
Team Programming Guidelines
Syntax Standard
Code WhiteSpace
Tabs in Source Files
Alignment Within Source
Safety Requirements in Source Code
Variable Structure
Variable Declarations
Global Variables
File-Scope Variables
Local Variables
Data Types
Definitions
Conditional Compilation
#Define
Content Learning Exercises
C06
Operating Systems
Foreground/Background Systems
Real-Time Kernels
RTOS (Real-Time Operating System)
Critical Sections
Task Management
Assigning Task Priorities
Determining the Size of a Stack
The Idle Task
Priority Levels
The Ready List
Preemptive Scheduling
Scheduling Points
Round-Robin Scheduling
Context Switching
Interrupt Management
Handling CPU Interrupts
NonKernel-Aware Interrupt Service Routine (ISR)
Processors with Multiple Interrupt Priorities
All Interrupts Vector to a Common Location
Every Interrupt Vectors to a Unique Location
The Clock Tick (or System Tick)
Wait Lists
Time Management
Resource Management
Resource Management—Disable/Enable Interrupts
Resource Management—Semaphores
Resource Management—Notes on Semaphores
Resource Management—Priority Inversions
Resource Management—Mutual Exclusion Semaphores (Mutex)
Resource Management—Deadlocks (or Deadly Embrace)
Synchronization
Synchronization—Semaphores
Synchronization—Credit Tracking
Bilateral Rendez-vous
Message Passing
Messages
Message Queues
Flow Control
Clients and Servers
Memory Management
Summary
C07
Open-Source Software
Linux
History of Linux
Reason for the Exponential Acceptance of Linux
Linux and Embedded Systems
How Embedded Linux is Different From Linux?
Major Features of Linux
Portability
Supported CPU Architectures
POSIX Compliance
Support of a Wide Variety of Peripheral Devices
Complete Network Stack Solution
Variety of Task Schedulers
Security
User Space Drivers
Endianness
Debuggability
Benefits of Using Linux
Free of Cost
Time to Market
No “Vendor Lock-in”
Highly Stable Operating System
Low Maintenance
Supporting Software Releases After Shipping the Product
Keeping Your Own Drivers up to Date With the Latest Kernel
Linux Architecture
Linux Kernel Components
Device Driver Framework
Schedulers
Interrupt
Memory Management
Communication Protocol Stack
User Interface (UI)
Build Environment
Kernel Compilation
Root Filesystem
Yocto
Customizing Linux
Low Memory Footprint
Boot Performance
High Throughput Performance
Core Affinity
Interrupt Coalescing
User Space Mapping of Buffers
User Space Drivers
Latencies
Linux Development and its Open-Source Ecosystem
Linux Versions
Long-Term Support (LTS) Linux Version
Related Open-Source Communities
Linux Foundation
Linaro
Linux-Based Distributions
Android
Ubuntu
Coding Guidelines
Code Review in the Upstream Community
License
U-Boot
U-Boot and its Applicability to Several Types of Devices
Major Features of U-Boot
Multiple Boot Source Support
Shell (User Interface)
Environment Variables
Scripts
Stand-Alone Applications
Operating System Boot Commands
Autoboot
Sandbox U-Boot
U-Boot Directory Organization
U-Boot Architecture and Memory Footprint
Single-Stage Boot Loader
Two-Stage Boot Loader
Fast Boot Approach
Secure Boot
Supported Architectures and Operating Systems
Open-Source Community and New Upcoming Features
Licensing Information—Commercial Aspects
FreeRTOS
About FreeRTOS
Licensing
Commercial Aspects
Supported Architectures
FreeRTOS Architecture
Portability
Features
Scheduling
Low Power
Debugging
IPC and Synchronizations
Memory Management
FreeRTOS+ Ecosystem
Debugging
Support
Questions
References
C08
Software and Compiler Optimization for Microcontrollers, Embedded Processors, and DSP s
Introduction
Development Tools Overview
Compilers, Linkers, Loaders, and Assemblers
Basic Compiler Configuration
Enabling Optimizations
Peripheral Applications for Performance
Understanding the Embedded Target Architecture
Basic Optimization Goals and Practices
Data Types
Intrinsics for Leveraging Embedded Processor Features
Calling Conventions and Application Binary Interfaces
Memory Alignment
Pointers and Aliasing
Loops
Advanced Tips and Tricks
General Loop Transformations
Loop Unrolling
Multisampling
Partial Summation
Software Pipelining
Advanced Topics
Code Size Optimization
Compiler Flags and Flag Mining
Target ISA for Size and Performance Trade-Offs
Caveat Emptor: Compiler Optimization Orthogonal to Code Size
Data Structures
Arrays of Data Structures
Data Structures of Arrays
SIMD-Based Optimization and Memory Alignment
Selecting Appropriate Data Types
C09
Embedded Software Quality, Integration, and Testing Techniques
What Is Software Test?
Why Should We Test Software?
How Much Testing Is Enough?
When Should Testing Take Place?
Who Makes the Decisions?
Available Techniques
Static and Dynamic Analysis
Code Review
Theorem Proving
Prediction of Dynamic Behavior Through Static Analysis
Structural Coverage Analysis
Unit, Module, and Integration Testing
Requirements Traceability
Static Analysis—Adherence to a Coding Standard
Essential Knots and Essential Cyclomatic Complexity—Case Study
Basic Blocks and Control Flow Branches
Control, Static, and Dynamic Flow Graphs
Calculating a Knots Value
Calculating a Cyclomatic Complexity Value
Identifying Structured Programming Templates—Structured Analysis
Essential Knots and Essential Cyclomatic Complexity
Understanding Dynamic Analysis
The Legacy From High-Integrity Systems
Defining Unit, Module, and Integration Test
Defining Structural Coverage Analysis
Achieving Code Coverage With Unit Test and System Test in Tandem
Unit Test and System Test in Tandem—Case Study
Using Regression Testing to Ensure Unchanged Functionality
Unit Test and Test-Driven Development
Automatically Generating Test Cases
A Word of Caution
Setting the Standard
The Terminology of Standards
The Evolution of a Recognized Process Standard
ISO 26262 Recognized Process Standard—Case Study
ISO 26262 Process Objectives
Verification Tasks
SAE J3061 and ISO 26262
Beyond Functional Safety
Freedom to Choose Adequate Standards
Establishing an Internal Process Standard
Establishing a Common Foundation for an Internal Coding Rule Set
Dealing With an Existing Code Base
Deriving an Internal Coding Standard for Custom Software Development—Case Study
Establishing a Common Foundation
Building Upon a Common Foundation
Dealing With the Unusual
Working With Autogenerated Code
Working With Legacy Code
The Dangers of Software of Unknown Pedigree
Static and Dynamic Analysis of Software of Unknown Pedigree
Improving the Level of Understanding
Enforcing New Standards
Ensuring Adequate Code Coverage
Dealing With Compromised Modularity
Ensuring Correct Functionality
Tracing Requirements Through to Object Code Verification (OCV)
Industry Standards and Software Certification
Object Code Verification (OCV)
Object Code Control Flow vs Source Code Control Flow
Extending Source Code Coverage to Object Code Verification
Automated Object Code Verification
Object Code Verification at the Unit Level
Justifying the Expense
Implementing a Test Solution Environment
Pragmatic Considerations
Considering the Alternatives
When Is Unit Test Justifiable?—Case Study
When Are Unit Test Tools Justifiable?
Summary and Conclusions
Questions and Answers
Further Reading
C10
Embedded Multicore Software Development
Symmetric and Asymmetric Multiprocessing
Symmetric Multiprocessing
Asymmetric Multiprocessing
Parallelism Saves Power
Look for Parallelism Opportunities
Multicore Processing Granularity
Multicore Application Locality
Load Imbalance
Data Parallelism
Task Parallelism
Multicore Programming Models
Performance and Optimization of Multicore Systems
Select the Right “Core” for Your Multicore
Improve Serial Performance Before Migrating to Multicore (Especially Instruction-Level Parallelism)
Achieve Proper Load Balancing ( SMP Linux) and Scheduling
Improve Data Locality
Reduce or Eliminate False Sharing
Use Affinity Scheduling When Necessary
Apply the Proper Lock Granularity and Frequency
Remove Sync Barriers Where Possible
Minimize Communication Latencies
Use Thread Pools
Manage Thread Count
Stay Out of the Kernel If at All Possible
Use Concurrency Abstractions (Pthreads, OpenMP, etc.)
Language Extensions Example—OpenMP
Pulling It All Together
Image-Processing Example
Data Parallel; First Attempt
Data Parallel; Second Attempt
Task Parallel; Third Attempt
Exploration Results
Tuning
Data Parallel; Fourth Attempt
Data Parallel; Fourth Attempt Results
Data Parallel; Fifth Attempt
Data Parallel; Work Queues
Going too Far?
C11
Safety-Critical Development
Introduction
Which Safety Requirements?
Certification Killers
Project-Planning Strategies
Strategy 1: Determine the Project Certification Scope Early
Strategy 2: Determine the Feasibility of Certification
Strategy 3: Select an Independent Assessor (if Used)
Strategy 4: Understand Your Assessor’s Role (if Used)
Strategy 5: Assessment Communication is Key
Strategy 6: Establish a Basis of Certification
Strategy 7: Establish a “Fit and Purpose” for Your Product
Strategy 8: Establish a Certification Block Diagram
Strategy 9: Establish Communication Integrity Objectives
Strategy 10: Identify All Interfaces Along the Certification Boundary
Strategy 11: Identify the Key Safety-Defensive Strategies
Strategy 12: Define Built-in-Test (BIT) Capability
Strategy 13: Define Fault Annunciation Coverage
Strategy 14: Define Reliance and Expectation of the Operator/User
Strategy 15: Define Plan for Developing Software to Appropriate Integrity Level
Strategy 16: Define Artifacts to be Used as Evidence of Compliance
Strategy 17: Plan for Labor-Intensive Analyses
Strategy 18: Create User-Level Documentation
Strategy 19: Plan on Residual Activity
Strategy 20: Publish a Well-Defined Certification Plan
Faults, Failures, Hazards, and Risk Analysis
Faults, Errors, and Failures
Availability and Reliability
Fault Handling
Hazard Analysis
Risk Analysis
Safety-Critical Architectures
“Do-Er”/“Check-Er”
Two Processors
“Voter”
Software Implementation Strategies
Strategy 1: Have a Well-Defined, Repeatable Peer Review Process
Strategy 2: Consider Using Existing Safety Coding Standards
Strategy 3: Handle All Combinations of Input Data
Strategy 4: Specific Variable Value Checking
Strategy 5: Mark Safety-Critical Code Sections
Strategy 6: Timing Execution Checking
Strategy 7: Stale Data
Strategy 8: Outputs Comparison
Strategy 9: Initialize data to least permissive state
Strategy 10: Order of Execution
Strategy 11: Volatile Data Checking
Strategy 12: Nonvolatile Data Checking
Strategy 13: Make Sure Entire System Can Run
Strategy 14: Remove “Dead” Code
Strategy 15: Fill Unused Memory
Strategy 16: Static Code Analysis
Exercises
C12
Networking Software
Introduction
Embedded Linux Networking
Network Stack
Embedded Network Devices
Network Configuration and Analysis Utilities
Moving From the Linux Kernel to User Space
Analyzing the Expected Packet Rates
Direct Access to the Hardware
Virtual I/O Layer (VFIO/UIO) and HugePages
Receiving Packets Through Device Polling or Events From Device
ODP—Open Data Plane
DPDK—Data Path Development Kit
BPF—Berkley Packet Filter
Life of a Packet in a Native Linux Network Stack
Networking Performance Optimization Techniques
Architecture Overview of Network Packet Processing
Network Packet Processing Implementation
Considerations for Optimized Network Packet Processing
Application-Specific Fast-Path (ASF) for Linux
eXpress Data Path (XDP) for Linux
General Techniques for a Better Performance Using Efficient Resource Utilization
Case Studies: Covering Microcontrollers to Network Processors
IoT Subsystem
Choosing the Right Device
Exercises
Further Reading
C13
Internet of Things
Introduction
Definition
Examples
History and Device Progression
History of Internet of Things and Cloud
Industrial Revolutions and Industry of Things
Connected Devices
Applications
Factory Automation
Use Cases
Overhead Crane in a Factory
Aluminum Coils in a Plant
Important Factors
Rail Transportation
Use Cases
Rules-Based Decision Making
Smart Sensor Recalibration
Important Factors
Enabling Technologies
Processing
Wireless Communications
Wired Communications
Power Storage
Internet of Things Architecture
Cloud-Computing Nodes
Fog/Edge-Computing Nodes
Device-Computing Nodes
Communications Used in Internet of Things
Device-to-Device Communications
Device-to-Device Communications With Cellular Network
Device-to-Cloud Communications
Device-to-Gateway (Fog) Computing Communications
Back End Data-Sharing Model
Data Analytics
IoT and Analytics/Big Data
Analytical Systems for Internet of Things
Internet of Things Development Challenges
Cloud-Computing Development
Embedded Device Development
Integration of Development Silos
Exercises
C14
Security and Cryptography
What Is Security?
Embedded Security
What Is an Embedded System?
What Is Embedded Security?
Embedded Security Trends
Embedded Systems Complexity
Security Policy
CIA Triad and Isolation Execution
Policies for Information Flow Between Isolation Execution
Physical Security Policies
Cryptology
What Is Cryptography?
How to Solve This Problem?
What Is a Brute-Force Attack?
Kerckhoffs’s Principle
Cryptographic Algorithms
Symmetric Cryptography
Stream Ciphers
Block Ciphers
Data Encryption Scheme (DES)
Advanced Encryption Scheme (AES)
Asymmetric Cryptography
Hash Functions
Random Number Generator (RNG)
Implementation of Cryptographic Algorithms in Embedded Systems
Life Cycle of a Secure Embedded System
Security During the Software Development Life Cycle
Design
Development
Secure Coding Guidelines
Static Analysis
Peer Reviews
Secure Testing and Verification
Threat Analysis
Steps to Complete a Threat Analysis
Modeling Threat Analysis
Common Threat/Attack Vectors in Embedded Systems
Physical Tampering
Side-Channel Attacks
Timing Attacks
Fault Injection Attacks
Case Study: Meltdown and Spectre Attacks
Meltdown Attack (CVE-2017-5754)
Specter Variant 1—Bound Check Bypass (CVE-2017-5753)
Specter Variant 2—Branch Target Injection (CVE-2017-5715)
Components of Secure Embedded Systems
Building a Trusted Execution Environment
TPM
Secure Element
ARM TrustZone
Hardware Root of Trust
Operating System Security Considerations
Application Level Security
Access Control
Application Sandboxing
Application Authenticity
Case Study: Chain of Trust Along With Application Authenticity Using IMA EVM on Layerscape Trust Architecture–Ba ...
Application Execution
Data Security
Security of Data at Rest—Secure Storage
Full Disk Encryption or Authentication
Directory/File Level Encryption/Authentication
Protecting the Key Used for Encryption
Security of Data in Motion—Secure Communication
IPSec
SSL/TLS
Questions
References
Further Reading
C15
Machine Learning at the Edge
Introduction
Coding Examples
The Machine Learning Revolution
What Is Artificial Intelligence
What Is Machine Learning?
Bias vs. Variance Trade-off
Feeding Your Brain—Data
Data Are Crucial
Data Preprocessing, Grooming, and Preparation
Training/Test and Validation Data Split
Semantic Gap
Data Augmentation
Introducing an Image Classification Problem
Feature Extraction
A Baseline
Support Vector Machine
k -NN (Nearest Neighbor) Algorithm
Decision Trees
Ensemble Learning
Bagging
Random Forest
Boosting
Neural Nets
Motivation
What Is a Neural Network?
How Training Works
Backpropagation—Key Algorithm for Learning
Stochastic Gradient Descent
Learning Rate
Neural Networks vs. Deep Neural Networks
Convolutional Neural Networks
What is a Convolution?
A Convolution Layer
Feature Extraction in Neural Networks
Convolutional Neural Network Classifier Example
Transfer Learning
Recurrent Neural Networks
Deep-Learning Frameworks
What Is Necessary to Bring ML to the Edge?
Quantization
Pruning
Postprocessing vs. Dynamic Optimization
Low-Rank Factorization
Architecture Design
Edge Learning/Training
References
Further Reading
Apendix
Performance Analysis Using NXP’s i.MX RT1050 Crossover Processor and the Zephyr™ Real-Time Operating System
Introduction
Configuration Information
Summary of Configuration #1: i.MX RT1050 Configuration—Hardware and Software
Summary of Configuration # 2: i.MX 6UL Configuration
Scope of Analysis
Microbenchmark #1: Dynamic Memory (Heap) Allocation and Deallocation Benchmark
Microbenchmark #2: Thread Creation and Joining Benchmark
Microbenchmark #3: Mutex Lock and Unlock Benchmark
Microbenchmark #4: Context Switching Benchmark
Analysis Results
Summary and Conclusions
index
Index
A
B
C
D
E
F
G
H
I
K
L
M
N
O
P
R
S
T
U
V
W
X
Z
Copyright_2019_Software-Engineering-for-Embedded-Systems
Copyright