Please downloadPlease download images to give correct formatting OR Click here for on-line graphical version
Phaedsys Banner
Cost effective Safety Critical and High Reliability Embedded Systems Tools
 |  Happy Developers | Tracealyzer  | Killer Car Wash |
 | Claude Shannon | Free money and Free coding standard | more Security | 
| Value of Software | crowdsource bug hunting | Autumn Events
Visit us online
It is Halloween but I will try to avoid creeping you out too much. Before we get to the worrying stuff, we have a major announcement of our own.
 
Phaedrus Systems has launched a compiler validation service for C compilers, and has started publishing a series of guides to compiler validation. read more below.
PhaedruS SystemS
Compiler validation
With our colleague, Olwen Morgan we are launching a compiler validation service. Olwen's over 40 years of software engineering includes compiler validation since the 1980s. Compiler validation is essentially the highly controlled, repeatable and reproducible testing of a compiler using a validation suite - a recognised set of test programs, to provide a reliable indication of how well a compiler complies with the standard for the language that it implements. Commercial validation suites are available and Phaedrus Systems distributes what it regards as the leader in the field, SuperTest from Solid Sands. However, validation is complex and, like much in software, benefits from previous experience, which is why Phaedrus Systems has developed a compiler validation service.
 
Since the pros and cons of compiler validation are not simple, we have prepared a series of briefing documents on the process. They include
 
   • C Compiler Validation for Embedded Targets
   • Repeatability and Reproducibility in C Compiler Testing
   • On-Target Stress Testing of C Cross Compilers
   • C Compiler Validation: Choosing a Validation Suite
 
More information and download links for the white paper is available at
 
Verifying Systems
Rod ChapmanRod Chapman, along with Neil White and Stuart Matthews of Altran contributed a paper Formal verification: will the seedling ever flower? to a Royal Society discussion meeting Verified trustworthy software systems. The proceedings of the meeting are published in Royal Society Transactions, Series A but if you visit Rod's site
 
you can ask for a pdf of the paper
The Internet of Things: The challenge for health and safety professionals
Software guru Martyn Thomas was asked by the UK Health and Safety Executive (HSE) to give the first of what is intended to be an annual series of lectures on safety topics by independent lecturers. His topic was the Internet of Things, with particular reference to cybersecurity and to driverless car. The slides and a full transcript of the lecture are at
 
Syringe infusion pumps under cyberattack
Just to confirm the concerns in Martyn's paper was the report in Med-Tech Innovation ( https://www.med-technews.com/news/wireless-syringe-infusion-pumps-smiths-medical-cyberattack/ ) that Wireless syringe infusion pumps are vulnerable to cyber-attacks. Syringe infusion pumps deliver medications in acute settings. Increasingly medical devices are being equipped with wireless connectivity, allowing them to access IT systems in hospitals and surgeries.
 
The US Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued an advisory that Smiths Medical's Medfusion 4000 wireless syringe infusion pump has eight cybersecurity vulnerabilities.ICS-CERT says these would require an attacker with 'high skill' to exploit but it is still worrying that the vulnerabilities were not considered by the developer.
Arming security
Arm has published a document on security.   http://pages.arm.com/iot-security-manifesto.html Exploring new Human-centred approaches to security is based on the idea that securing tomorrow means rethinking how we design intelligent devices by embracing concepts from outside the digital realm and taking advantage of advanced new technologies. In announcing this, Simon Segers, CEO of ARM said, "Cybersecurity is a mess and the bad news is unless we do something it's going to get worse. 
KRACK
There has been a great deal of comment, much of it seeming less than well informed about the KRACK vulnerability for Wi-Fi. This explanation seems to be fairly accurate and informative. https://www.youtube.com/watch?v=q7KYoyNw7Ss.
Coding is only part of the answer
With the current craze for making everyone "learn how to code" it is refreshing when a major non-technical publication publishes a discussion of some of the major issues in software development. In The Coming Software Apocalypse:A small group of programmers wants to change how we code—before catastrophe strikes US publication The Atlantic 
https://www.theatlantic.com/technology/archive/2017/09/saving-the-world-from-code/540393/ ) does just that, looking at the way in which complex software is outrunning conventional techniques. Two quick quotes give some of the flavour of the piece.
 
For Leslie Lamport, a Turing Award–winning computer scientist at Microsoft Research, a major reason today's software is so full of bugs is that programmers jump straight into writing code. "Architects draw detailed plans before a brick is laid or a nail is hammered," he wrote in an article. "But few programmers write even a rough sketch of what their programs will do before they start coding." Eric Bantégnie is the founder of Esterel Technologie (now part of ANSYS) which is a leader in model-based software, In his view "Typically the main problem with software coding—and I'm a coder myself - is not the skills of the coders. The people know how to code. The problem: is what to code?  
 
Ugly words
Jack Ganssle's newsletter is always interesting reading and in the 2nd October issue ( http://www.ganssle.com/tem/tem336.html ) he has a rant.
 
"What's the ugliest word in the English language? Well, there are a lot of them, but when it comes to software, "programmer" may get the nod. Or worse, today "coder" seems to be the rage.
 
"Programmer" denotes someone who writes code; "coder" suggests some kid hunched over a computer in his bedroom, typing furiously, maybe eventually getting something to work. More or less.
 
When creating firmware, we're software engineers. We build software-intensive systems using a variety of techniques. Buying components. Porting OSS code. We're designing a system, creating or managing requirements. Producing documentation. And, yes, there's generally a non-trivial amount of coding involved.
 
The average person is understandably confused about this profession, and we've contributed to that confusion. Some of us are EEs who create firmware full- or part-time. Others have computer science degrees and have business cards with that name. Yet non-researchers practice very little science. Computer engineer is probably a pretty good description, one that many schools have a program for. And computer engineer more fully describes what many embedded people do when they're involved in both hardware and software design. I've always disliked the moniker "electrical engineer" as that doesn't encompass our work. Do we design power plants and motors? "Electronic engineer" is better but hardly rolls of the tongue.
 
But "programmer" and (worse) "coder" diminish our roles. We're engineers. We use the teachings of science, and of sometimes bitter experience, to create products that are new to the world"
 
While I agree with the spirit of the article there are times when people developing software for embedded systems seem to be no more than coders.
Dangerous rules!
Michael Barr is another software expert who is always worth reading. In a blog post a couple of years ago ( https://embeddedgurus.com/barr-code/2011/08/dont-follow-these-5-dangerous-coding-standard-rules/ ) he advises Don't Follow These 5 Dangerous Coding Standard Rules. They are from a set of ten for embedded C put forward by a firmware developer he calls "BadAdvice"
 
He concludes "There are two scary things about these and a few of the other rules on BadAdvice's blog. First, is that they are out there on the Internet to be found with a search for embedded C coding rules. Second, is that BadAdvice's bio says he works on medical device design. I'm not sure which is worse. But I do hope the above reasoning and proposed better rules gets you thinking about how to develop more reliable embedded software with fewer bugs."
 
This triggered a fairly lively debate and, as we mentioned in our last newsletter Michael has since made freely available his own coding standards at  https://barrgroup.com/Embedded-Systems/Books/Embedded-C-Coding-Standard .
Dangerous advice?
Still on the subject of coding standards, a recent blog from a major software tools company said "MISRA C:2012 and MISRA C:2004 are the right choices for certification matters while CERT C and CWE are recommended for any application to guarantee code quality."

A technical expert comments "Technically this is bockolls. You always want the strongest standard in order to give yourself a decent shot at being able to use program-proving tools. My guess is that this is part marketing and part cover-your arse."   In any case MISRA-C2012 with its amendments covers both CERT-C and CWE. With MISRA-C:2012's Deviation protocol it makes it the most suitable coding guidelines for safety or security applications.
Percepio previews Tracealyzer 4.0
Percepio will be unveiling V4.0 of Tracealyzer any day now, but at the ArmTechCon, they were providing previews.
 
One person who was given a demo was Bill Lamie, CEO of Express Logic, makers of the ThreadX RTOS. He said "I saw the Tz4 preview at ArmTechCon yesterday, and was really impressed. Tz4 for ThreadX is seriously high end visualization and I think it will benefit all our ThreadX users."
 
 
Tz is also available for many other RTOS including FreeRTOS, embOS, Micrium OS2/3 etc
How Not to Land an Orbital Rocket Booster
Elon Musk has released a short video "How Not to Land an Orbital Rocket Booster." Probably the most expensive blooper compilation ever seen you can watch it at
http://electronics360.globalspec.com/article/9833/video-watch-elon-musk-s-very-expensive-spacex-blooper-reel
 
and remember it only needs one incorrect requirement, design tweak or line of code for you to feature in the next bloopers reel, if you are lucky. None of these involve the public or anyone who is likely to sue you.   
Well that's it for another bumper issue. We are out an about between now and December so look for us at
Advanced Engineering 2017
IOT Security Foundation Conference,
Techworks Awards,
embeddedworldSadly in the UK, despite the best efforts of a few in the UK, there is no UK equivalent of embedded world. A 4 day event attracting 30,000 visitors to over 1200 exhibitors and a huge conference. It is the biggest event of its type in the world and probably as easy to get to as some UK events
Forward this email
Forward
 
Tel: 0808 1800 358Email usVisit us online
PhaedruS SystemS Ltd, 96 Brambling, Tamworth, Staffs, B77 5PG, UK
Registered in England with Company Number 04120771
learn more about  newzapp email marketing This message was sent to chrisg5@phaedsys.com by PhaedruS SystemS Ltd using newzapp email marketing. Follow this link to .