Compilers for Embedded Systems
-
Upload
rohit-saxena -
Category
Documents
-
view
223 -
download
0
Transcript of Compilers for Embedded Systems
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 1/130
Compilers for Embedded
Systems
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 2/130
CompilersTranslates high level language programto machine instructions of target
processorsCompilers need to exploit characteristicsof the target processor
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 3/130
CompilationCompilation strategy (Wirth):
compilation = translation + optimization
Compiler determines quality of code:
use of CPU resources;
memory access scheduling;
code size.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 4/130
Basic compilation phases
HLL
parsing, semantic analysis, symbol table
machine-independent
optimizations
machine-dependent
optimizations
m/c code
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 5/130
Why Compilers an issue?Processor architecture for embedded systemsexhibit special features
High levels of optimisation important thanhigh compilation speed
Compilers potentially help to meet and provereal-time constraints
Optimisation of instruction sets of processorusing retargetable compilers
Design space exploration
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 6/130
Energy Aware CompilationEnergy saving is essential for batterypowered devices
Compiler optimisation of the machinecode can reduce energy consumption
Power models form essential ingredient
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 7/130
Optimization for low-energy the
same asoptimization for high performance?
High-performance if available memorybandwidth fully used;
Low-energy consumption if memories
are at stand-by modeReduced energy if more values are keptin registers
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 8/130
Power Models An example:
Provides base costs and inter-instruction costs
Base costs of an instruction correspond to energyconsumed per instruction execution if an infinitesequence of that instruction is executed
Inter instruction costs model the additional energy
consumed by the processor if instruction changes Additional cost of switching functional units on and off
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 9/130
Another Energy Model
Data
Memory
Instruction
MemoryInstr
IAddr
Data
VDD
ALU
Multi-plier
Barrel
Shifter
Register File
Instr. Decoder & Control Logic
I n s t rImm
Reg
Value
Reg#
Opcode
ARM7
DAddr
Etotal = Ecpu_instr + Ecpu_data + Emem_instr + Emem_data
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 10/130
Instruction dependent CostsCost of a sequence of m instructions
Ecpu_instr = MinCostCPU(Opcode i ) +1 * w(Imm i,j ) + ß1 * h(Imm i-1,j , Imm i,j ) +2 * w(Reg i,k ) + ß2 * h(Reg i-1,k , Reg i,k ) +
3 * w(RegVal i,k ) + ß3 * h(RegVal i-1,k , RegVal i,k ) +
4 * w(IAddr i ) + ß4 * h(IAddr i-1 , IAddr i ) +
FUCost(Instr i-1 ,Instr i )
w : number of ones;h: Hamming distance;
FU Cost: cost of switching functional units
, ß: determined through experiments
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 11/130
Other costsEcpu_data =
5 * w(DAddr i ) + ß5 * h(DAddr i-1 , DAddr i ) +6 * w(Data i ) + ß6 * h(Data i-1 , Data i )
Emem_instr = MinCostMem(InstrMem,Word_width i ) +7 * w(IAddr i ) + ß7 * h(IAddr i -1 , IAddr i ) +8 * w(IData i ) + ß8 * h(IData i -1 , IData i )
Emem_data = MinCostMem (DataMem, Direction , Word_w idth i ) +9 * w(DAddr i ) + ß9 * h(DAddr i -1 , DAdd r i ) +10 * w(Data i ) + ß10 * h(Data i -1 , Data i )
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 12/130
Energy Aware Optimisations Energy-aware scheduling
Order of instructions can be changed such thatthe number of transitions on the instruction bus is
minimised
Energy-aware instruction selection Instead of number of cycles
Operator strength reduction: e.g. replace *by + and <<
Standard compiler optimizations with energyas a cost function
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 13/130
ExampleStandard Compiler optimisation with consideration
for energy
for i:= 0 to 10 doC:= 2 * a[i] + a[i-1];
R2:=a[0];
for i:= 1 to 10 do
begin
R1:= a[i];C:= 2 * R1 + R2;
R2 := R1;
end;
Converted to
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 14/130
Exploiting Memory HierarchySmaller memories provide faster accessand consume less energy per access
Substantial saving is possible if compilers can exploit existence of scratch pad memories
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 15/130
Using scratch pad memories (SPM)
Scratch pad memories are highspeed on-chip memory
Part of address space
scratch pad memory
0
FFF..
main
SPM
processor
Hierarchy
no tag
memory
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 16/130
Exploitation of
SPM
Which segment
(array, loop, etc.) tobe stored in SPM?
Processor
SPMcapacity K
board
Main
memory
(On-board)
?
For i .{ }
for j ..{ }
while ...
Repeat
call ...
Array ...
Int ...
Array
Example:
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 17/130
Using SPMEach basic block and each variable canbe modeled as a memory segment I
For each segment there is acorresponding size Si
We can compute gain Gi of moving
segment i to scratch pad memoryThe problem can considered as anoptimisation problem
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 18/130
More Formal Representation
Migrating only functionSymbols:
S(F i ) = size of function i
ni = number of instruction executions in function i
ei = energy saved per instruction execution, if F i is migrated ( independent of i )
E(F i ) = energy saved if function F i is migrated (= ei ni )
K = size of the scratch pad
m(F i ) = decision variable, 1 if function i is migrated to SPM, else0; I = set of functions
Integer programming formulation:Maximize G=i I m(F i ) E(F i ) Subject to the constrainti I S (F i ) m(F i ) K
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 19/130
Allocation of basic blocksFine-grained
granularity
smoothensdependency on the
size of the scratch
pad.
Requires additional jump instructions to
return to "main"
memory.
Main
memoryBB1
BB2
Jump1
Jump2
Jump4
Jump3
For consecutive
basic blocks
Statically 2 jumps,
but only one is taken
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 20/130
Dynamic replacement within
scratch pad Address assignment
within SPM required
(paging orsegmentation-like)
Effectively results in akind of compiler-controlledsegmentation/paging for SPM
Reference: Verma, Marwedel: Dynamic Overlay of Scratchpad Memory for Energy Minimization, ISSS 2004
CPU
Memory
Memory
SPM
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 21/130
Architecture Specific
AdaptationCompiler to take advantage of thearchitectural features of the processor
Compiler support generally available for generalpurpose micro-controllers and DSP
ASIP’s (Application Specific Instruction Set
Processor) & Parameterizable processors normally
does not have support of good compilersMachine/Assembly code prevents re-usability
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 22/130
Issues Architectural Retargetability
Compilation tool to adopt to different processor
architectureCode Quality
Compiled solution to exploit all the architecturalfeatures of DSP or ASIP architecture
Low cycle count – execution speedLow instruction count – memory requirement
Compilers try to optimize both
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 23/130
Configurable & Re-configurableProcessors
Configurable:
CPU architectural features are selected atdesign time.
Reconfigurable:
Hardware can be reconfigured in the field.
May be dynamically reconfigured duringexecution.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 24/130
Tensilica configurable processorsConfigurability:
Processor parameters (cache size, etc.)
Instructions.
Result:
HDL model for processor.
Software development environment.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 25/130
Application-specific instruction
processors An ASIP is a stored-memory CPU whosearchitecture is tailored for a particular set of
applications.Programmability allows changes toimplementation, use in several differentproducts, high datapath utilization.
Application-specific architecture providessmaller silicon area, higher speed.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 26/130
ASIP enhancementsPerformance/cost enhancements:
special-purpose registers and busses to
provide the required computations withoutunnecessary generality;
special-purpose function units to performlong operations in fewer cycles;
special-purpose control for instructions toexecute common combinations in fewercycles.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 27/130
ASIP co-synthesisGiven: a set of characteristic applications;
required execution profiling. Automatically generate:
Micro-architecture for ASIP core;
Optimizing compiler targeted to the synthesized
ASIP.Implement application using core +compiler.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 28/130
ASIP design problems Processor synthesis
choose an instruction set
optimize the datapath
extract the instruction set from the register-transfer design
Compiler designdrive compilation from a parametric description of the datapathand instruction set
bind values to registers
select instructions for code matched to parameterized
architectureschedule instructions
Key Technology: Retargetable Compilers
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 29/130
Retargetable Compiler
Based upon Architectural ModelGenerates code for the class of processorarchitectures that fit its model
Classification Parameters for processor
architecture Arithmetic Specialization
Data type
Code type
Data Stationary
Every instruction controls a set of operation that have tobe executed on a data item as it traverses the datapipeline
Time Stationary
Every instruction controls a complete set of operationthat have to be executed in a single machine cycle
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 30/130
More Classification Parameters
Memory Structure Von Neumann or Harvard
Operand LocationRegister-Register, Memory-memory, Memory-register
Register StructureHomogenous, Heterogenous
Addressing Mode
Control flowStandard
Zero-overhead loop: no separate cycles for loop control
Residually controlled: operation depends upon bit values in acontrol register
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 31/130
Re-targetable compilation
microarchitectural
model
for (i=0; i<N; i++)c[i] = xy(a[i],b[i]);
application
code
front end
code
generation
object code
from ASIP core synthesis
instruction
set definition
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 32/130
Processor Specification
LanguagesNetlist-Based Languages
Processor as a netlist of hardware building
blocks including data path, memories,instruction decoder, controller.
High Level Languages
Describe processors in terms of structuralskeleton, data types, storage elementsand description of actual instruction set
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 33/130
Processor Models for
CompilationTemplate Pattern Bases:
essentially enumerates different partial
instructions available in the instruction set;often expressed using a grammar
Graph ModelRepresent structural information
Connection-operation graph – net-listPlace-time graph – legal data moves
Instruction set Graph
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 34/130
Instruction selection by
template matching
+
1 -
a b
expression instruction
templates
+
op1 op2
plus
-
op1 op2
minus*
op1 op2
product
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 35/130
minus
plus
Tree covering
+
1 -
a b
step 1
minus
+
1 -
a b
step 2
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 36/130
Use of Retargetable CompilersRetargetable compilers help in the designspace exploration phase of application designprocess, while tuning an initial architecturetowards a given application
Retargetable compiler (in combination withassembler, simulator) provides feedback tothe designer about architecture efficiencyw.r.t. given application
Retargetable compiler may serve as astarting point for a production compiler, oncethe architecture is fixed
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 37/130
SummaryWe have looked at some compilerrelated issues
Efficient compilation forms the basis foruseful design
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 38/130
Developing Embedded
Systems
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 39/130
More on Compilers for EmbeddedSystems
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 40/130
Compilation for DSP’sSpecial Instructions
Address generation schemes
Auto-increment/auto-decrement operations
Support for Loop
Compilers should exploit these special
features
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 41/130
Example
Example: Data path ADSP210x
Application: y[j] = i=0
x[j-i]*a[i]
i: 0i n: yi[j] = yi-1[j] + x[j-i]*a[i]
Architecture:
n
- Parallelism
- Dedicated
registers
- No matchingcompiler
inefficient
code MR
MF
MX MY
*+,-
AR
AF
AX AY
+,-,..
DP
Yi-1[j]
x[j-i]
x[j-i]*a[i]
a[i]
Address
generation
unit (AGU)
Address-
registers
A0, A1, A2
..
i+1, j-i+1
a x
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 42/130
Memory AddressingLets have variables a,b,c,d stored inconsecutive locations accessed in a sequenceb,d,a,c,d,c using register indirect addressing
A number of address calculation operations arerequired assuming a single address register A
Auto-increment or decrement can not take care of access requirements
If layout changes to b,d,c,aOperations will be A++, A+=2,A--,A--,A++
Most operations executed in parallel with someoperation in data path
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 43/130
Variables in a basic block: Access sequence:
V = {a, b, c, d} S = (b, d, a, c, d, c)
Load AR,1 ;b
AR += 2 ;d
AR -= 3 ;a
AR += 2 ;c
AR ++ ;d AR -- ;c
a
b
c
d
0
1
2
3
cost: 4
Example
cost: 2
Load AR,0 ;b AR ++ ;d
AR +=2 ;a
AR -- ;c
AR -- ;d AR ++ ;c
b
d
c
a
0
1
2
3
Ref: Marwedel: Embedded System Design
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 44/130
Generation of LayoutConsider variable access graph
a
c
b
d
1
2
111
a
c
b
d
1
2
1
Maximum linear pathLinks for adjacent accesses
Weight = no. of accesses
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 45/130
Scheme Variables connected by links of high weightshould be allocated to adjacent memory
locationsNumber of address calculations saved isproportional to weight of corresponding weight
Goal is to find a linear path of maximum
weight so that linear ordering of variables inmemory maximizes use of auto-increment/auto-decrement operations
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 46/130
Compilation for MultimediaProcessors
In order to support packed data type
compilers must be able to automaticallyconvert operations in loops tooperations on packed data types
Combination with zero overhead loopcan provide significant speed-up
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 47/130
VLIWRequires special optimizations
Allocation of tasks to functional units,
register pathsPartitioning of computation into multiple pathsof execution
Branch delay penalty
Pedicated execution to efficiently implementsmall if statements
Inlining is also very useful for VLIW processors
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 48/130
Interpreters and JIT compilersInterpreter: translates and executesprogram statements on-the-fly.
JIT compiler: compiles small sections of code into instructions during programexecution.
Eliminates some translation overhead.Often requires more memory.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 49/130
Design & Product Validation
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 50/130
Introduction Validation is the process of checkingwhether or not a certain (possibly
partial) design is appropriate for itspurpose, meets all constraints and willperform as expected.
Validation with mathematical rigor iscalled (formal) verification.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 51/130
ScenarioFormally verified tools transformingspecifications into implementations
correctness by constructionIn practice: Non-verified tools and manualdesign steps
Validation of each and every design required
Unfortunately has to be done at intermediatesteps and not just for the final design
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 52/130
SimulationsSimulations try to imitate the behavior of thereal system on a (typically digital) computer.
Simulation of the functional behavior requiresexecutable models.
Simulations can be performed at variouslevels.
Some non-functional properties (e.g.temperatures, EMC) can also be simulated.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 53/130
Simulations: A critiqueTypically slower than the actual design.
Violations of timing constraints likely if simulator isconnected to the actual environment
Simulations in the real environment may be
dangerousThere may be huge amounts of data and it may beimpossible to simulate enough data in the availabletime.
Most actual systems are too complex to allowsimulating all possible cases (inputs).
Simulations can help us to find errors in our designs,but they cannot guarantee the absence of errors.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 54/130
Rapid PrototypingPrototype: Embedded system that canbe generated quickly and behaves very
similar to the final product.May be larger, more power consumingand have other properties that can beaccepted in the validation phase
Typical use: auto-industry
Can be built, for example, using FPGAs
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 55/130
TestingTest patterns are applied to the real, alreadymanufactured systems
Manufacturing test: purpose is to identify systems
that have not been correctly manufacturedField test: to identify systems that fail later
Testing involves:Test pattern generation
Test pattern application
Response observation
Result comparison
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 56/130
Test pattern generationTest pattern generation typicallyconsiders certain fault models
Generates patterns that enable adistinction between the faulty and thefault-free case.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 57/130
Hardware Fault modelsThe stuck-at fault model (each and every netcan be permanently connected to ground or
Vdd)
Stuck-open faults: for CMOS devices, opentransistors can behave like memories(combinatorial circuits become sequentialcircuits)
Delay faults: there may be cases in which thecircuit is functionally correct, but the delay isnot.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 58/130
Fault coverage A certain set of test patterns will notalways detect all faults that are possible
within a fault modelCoverage = No. of detectable faults fora given test pattern set/ No. of faults
possible due to fault model
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 59/130
Software TestingMostly Functional testing
Performance testing is harder.
What tests are required to adequatelytest the program?
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 60/130
Basic testing procedureProvide the program with inputs.
Execute the program.
Compare the outputs to expectedresults.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 61/130
Types of software testingBlack-box: tests are generated withoutknowledge of program internals.
Clear-box (white-box): tests aregenerated from the program structure.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 62/130
Clear-box testingGenerate tests based on the structureof the program.
Is a given block of code executed when wethink it should be executed?
Does a variable receive the value we think it should get?
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 63/130
Path-based testingClear-box testing generally testsselected program paths:
control program to exercise a path;observe program to determine if path wasproperly executed.
May look at whether location on pathwas reached (control), whether variableon path was set (data).
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 64/130
Example: choosing pathsTwo possible criteria for selecting a setof paths:
Execute every statement at least once.Execute every direction of a branch at leastonce.
Equivalent for structured programs, butnot for programs with gotos.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 65/130
Path example
Covers all
statements
+/+ Covers all branches
Ref: Wolfe: Computer as Components
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 66/130
Branch testing strategyExercise the elements of a conditional,not just one true and one false case.
Devise a test for every simple conditionin a Boolean expression.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 67/130
Example: branch testingTarget statement:if (a || (b >= c)) { printf(“OK\n”); }
Actual statement:if (a && (b >= c)) { printf(“OK\n”); }
Branch testing strategy:
One test is a=F, (b >= c) = T: a=0, b=3,c=2.
Produces different answers.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 68/130
Another branch testing
exampleTarget:
if ((x == var_pointer) && (x->field1 == 3))... Actual:
if ((x = var_pointer) && (x->field1 == 3))...
Branch testing strategy:
If we use only field1 value to exercise branch, wemay miss pointer problem.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 69/130
Domain testingConcentrates on linear inequalities.
Example: j <= i + 1.
Test two cases on boundary, oneoutside boundary.
correct incorrect
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 70/130
Data flow testingDef-use analysis: match variabledefinitions (assignments) and uses.
Example:x = 5;
…
if (x > 0) ...
Does assignment get to the use?
def
p-use
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 71/130
Loop testingCommon, specialized structure---specialized tests can help.
Useful test cases:skip loop entirely;
one iteration;
two iterations;
mid-range of iterations;
n-1, n, n+1 iterations.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 72/130
Black-box testingBlack-box tests are made from thespecifications, not the code.
Black-box testing complements clear-box.
May test unusual cases better.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 73/130
Types of black-box testsSpecified inputs/outputs:
select inputs from specifications, determinerequired outputs.
Random:Generate random tests, determineappropriate output.
Regression:Tests used in previous versions of system.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 74/130
Evaluating testsHow good are your tests?
Keep track of bugs found, compare to
historical trends.Error injection:
Add bugs to copy of code, run tests on
modified code.Modify data
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 75/130
Fault InjectionIf real systems are available, faults can beinjected to check behaviour of the system
Two types of fault injection:local faults within the system, and
faults in the environment (behaviors which do notcorrespond to the specification).
For example, we can check how the system behaves if itis operated outside the specified temperature orradiation ranges.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 76/130
Physical fault injectionHardware fault injection requires majoreffort, but generates preciseinformation about the behavior of thereal system.
Includes:Signal manipulation at the pin,
Nuclear radiation Application of Electro-magnetic field
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 77/130
Software fault injectionErrors are injected into the memories.
Advantages:
Predictability: it is possible to reproduceevery injected fault in time and space.
Reachability: possible to reach storage
locations within chips instead of just pins.Less effort than physical fault injection: nomodified hardware.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 78/130
Software Fault InjectionSoftware fault injection with bit-flips inthe data is comparable to hardware
fault injection Application software error detection ishigher for software-implemented fault
injection. Most hardware-injected faultsdo not propagate to the applicationlevel.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 79/130
Formal Verification
Formal verification is concerned with formallyproving a system correct using mathematicaltechniques
A formal model is required to make formal
verification applicableManual effort
With the model certain properties can be proved
Different types of logic used:Propositional logic
First order logic
Higher order logic
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 80/130
SummaryWe have looked at features of architecture specific compilers
Studied other system developmentphases
Validation
Testing Verification
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 81/130
Building Dependable
Embedded Systems
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 82/130
Dependability
Dependability is that property of an
embedded system such that reliance can justifiably be placed on the service it delivers.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 83/130
Facets of dependability
Reliability continuity of correct service
Availability readiness for usage
Safety no catastrophic consequences
Security prevent unauthorized access
Integrity, Confidentiality
Maintainability repair and modification
Customers must identify the dependabilityrequirements of their system and developersmust design so as to achieve them
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 84/130
ReliabilityReliability means that the level andfrequency of failure is acceptable
We are not requiring no failures at allMerely an acceptable level
Failure is measured pragmatically
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 85/130
Difference: Failures & Faults
A failure corresponds to unexpected run-timebehavior observed by a user
A fault (or defect) is a static characteristic
which causes a failure to occurFaults need not necessarily cause failures.Only if the faulty part is used
If a user does not notice a failure, is it a
failure?Remember most users don’t know thespecification
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 86/130
Correctness and ReliabilityCorrect but unreliableCan result from an incorrect specification
Reliable but incorrectCan result from a program that does notexactly meet its specification, but whichworks well enough.
Reliability is main concernCorrectness is a means to this end
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 87/130
Reliability and efficiency As reliability increases system efficiencytends to decrease, because…
To make a system more reliable,redundant code must be included to carryout run-time checks, etc.
This tends to slow it down
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 88/130
Reliability and efficiencyReliability is usually more important thanefficiency
No need to utilize hardware to fullest extent as
processors are cheap and fastUnreliable software should not be used
Hard to improve unreliable systems
Software failure costs often far exceed systemcosts
Costs of data loss are very high
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 89/130
Failure consequencesReliability measurements do NOT take theconsequences of failure into account
Transient faults may have no realconsequences but other faults may causedata loss or corruption and loss of systemservice
Necessary to identify different failure classesand use different measurements for each of these
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 90/130
Requirements for ReliabilityIf a failure has high cost, then reliabilitybecomes important.
How important depends on the costMost software is typically not veryreliable
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 91/130
ReliabilityCannot be always defined objectively
Requires operational profile for its definitionThe operational profile defines the expectedpattern of software/hardware usage
Must consider fault consequences
Not all faults are equally serious. System isperceived as more unreliable if there are moreserious faults
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 92/130
Reliability metricsProbability of failure on demand
This is a measure of the likelihood that the systemwill fail when a service request is made
POFOD = 0.001 means 1 out of 1000 service
requests result in failureRelevant for safety-critical or non-stop systems
Rate of fault occurrence (ROCOF)Frequency of occurrence of unexpected behavior
ROCOF of 0.02 means 2 failures are likely in each100 operational time units
Relevant for operating systems, transactionprocessing systems
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 93/130
Reliability measurementMeasure the number of system failuresfor a given number of system inputs
Used to compute POFOD
Measure the time (or number of transactions) between system failures
Used to compute ROCOF and MTTF
Measure the time to restart after failureUsed to compute AVAIL
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 94/130
Time unitsTime units in reliability measurement must becarefully selected. Not the same for allsystems
Raw execution time (for non-stop systems)Calendar time (for systems which have aregular usage pattern e.g. systems which arealways run once per day)
Number of transactions (for systems whichare used on demand)
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 95/130
ReliabilityRel(t ) = Probability that the system will
operate correctly in a specifiedoperating environment up untiltime t
Mean Time To FailureMTTF = Expected Value[Rel(t )]
•
Note that t is important•If a system only needs to operate for ten hours at a
time, then that is the reliability target
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 96/130
RecoverabilityRec(t ) = Probability that the system will
operate correctly at time t after
failure
Mean Time To Repair:
MTTR = Expected Value[Rec(t )]
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 97/130
Availability A(t ) = Probability that the system will
be operational at time t
E[A(t)] = MTTF / (MTTF + MTTR)
•Literally, readiness for service
–
Only applies when you ask for a service• Admits the possibility of brief outages
•Fundamentally different concept than Reliability
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 98/130
Reliability vs. AvailabilityThey are not the same.....
Example: A system that fails, on average, once per
hour but which restarts automatically inten milliseconds is not very reliable but ishighly available
Availability = 0.9999972
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 99/130
Design Tradeoffs
How to make availability approach 100%?
MTTF Availability= --------------------
MTTF + MTTR
MTTF infinity (high reliability)MTTR zero (fast recovery)
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 100/130
Maintainability Ability to undergo repairs andmodifications
MaintenanceEvolution
Composition
Manageability
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 101/130
Reliability specificationReliability requirements are only rarelyexpressed in a quantitative, verifiable way.
To verify reliability metrics, an operationalprofile must be specified as part of the testplan.
Reliability is dynamic -reliability specifications
related to the source code are meaningless.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 102/130
Failure classificationFail ure class Des cripti on
Transient Occurs only with certain inputs
Permanent Occurs with all inputsRecoverable System can recover without operator intervention
Unrecoverable Operator intervention needed to recover from failure
Non-corrupting Failure does not corrupt system state or data
Corrupt ing Failure corrupts system st at e or data
Steps to a reliability
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 103/130
Steps to a reliability
specificationFor each sub-system, analyze theconsequences of possible system failures.
From the system failure analysis, partitionfailures into appropriate classes.
For each failure class identified, set out thereliability using an appropriate metric.
Different metrics may be used for differentreliability requirements.
Example: Bank auto teller
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 104/130
Example: Bank auto-teller
systemEach machine in a network is used 300times a day
Bank has 1000 machinesLifetime of software release is 2 years
Each machine handles about 200, 000transactions
About 300, 000 database transactionsin total per day
E l f li bilit
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 105/130
Examples of a reliability
specificationFailure class Example Rel iabi li ty metric
Permanent,non-corrupting.
The system fails to operate withany card which is input. Software
must be rest arted to correct failure.
ROCOF1 occurrence/1000 days
Transient, non-corrupting
The magnet ic stripe data cannot beread on an undamaged card whichis input.
POFOD1 in 1000 transactions
Transient,corrupting
A pat t ern of t ransactions acrossthenetwork causes database
corruption.
Unquant ifiable! Shouldnever happen in t he
lifetime of the system
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 106/130
Approaches for Reliability
Use reliable tools
Program carefullyTest thoroughly
Reliability improvement in
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 107/130
Reliability improvement in
SoftwareReliability is improved when software faultswhich occur in the most frequently used partsof the software are removed
Removing X% of software faults will notnecessarily lead to an X% reliabilityimprovement
In a study, removing 60% of software defects
actually led to a 3% reliability improvementRemoving faults with serious consequences isthe most important objective
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 108/130
Statistical testingTesting software for reliability rather thanfault detection
Test data selection should follow the
predicted usage profile for the softwareMeasuring the number of errors allows thereliability of the software to be predicted
An acceptable level of reliability should bespecified and the software tested andamended until that level of reliability isreached
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 109/130
Statistical testing procedureDetermine operational profile of the software
Generate a set of test data corresponding tothis profile
Apply tests, measuring amount of executiontime between each failure
After a statistically valid number of tests have
been executed, reliability can be measured
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 110/130
Safety Absence of:
Catastrophic consequences on the users or
the environment
•Are commercial aircraft “safe”?
•They crash very occasionally. How many crashes
are too many?•Are cars “safe”? They crash quite a lot.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 111/130
Risk Risk is the expected loss per unit time
Risk =S pr(accidenti) x cost(accidenti)
•Safety is expressed as an acceptable level of loss
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 112/130
Reliability vs. Availability vs. SafetyThey are not the same.....
Example:
A system that is turned off is not very reliable,is not very available,but is probably very safe
In practice, safety often involvesspecific intervention
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 113/130
Safety Critical System A system is said to be safety critical if afailure can cause loss of life or severeinjury
Nuclear power plant control
Breaking systems in cars
Avionics (military and commercial)
Train signal systemsDam control systems Embedded Applications
Risk- and dependability
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 114/130
Risk and dependability
analysisRisk of damages can not be reduced tozero.
For every damage there is a severityand a probability.
Several techniques for analyzing risks.
F lt T A l i (FTA)
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 115/130
Fault Tree Analysis (FTA)
FTA is a top-down method of analyzing risks. Analysis starts with possible damage, tries tocome up with possible scenarios that lead tothat damage.
FTA typically uses a graphical representation of possible damages, including symbols for AND-and OR-gates.
OR-gates are used if a single event could result
in a hazard. AND-gates are used when several events orconditions are required for that hazard to exist.
Example
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 116/130
Example
Ref: Marwedel: Embedded System Design
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 117/130
LimitationsThe simple AND- and OR-gates cannotmodel all situations.
Can not model if shared resources of somelimited amount (like energy or storagelocations) exist.
Markov models have been used to dealwith such cases.
Failure mode and effectanalysis (FMEA)
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 118/130
analysis (FMEA)
FMEA starts at the components and tries toestimate their reliability. The first step is tocreate a table containing components,possible faults, probability of faults and
consequences on the system behavior.Using this information, the reliability of thesystem is computed from the reliability of its
parts(corresponding to a bottom-up analysis).
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 119/130
Confidentiality Absence of:
Absence of unauthorized disclosure of
information
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 120/130
Integrity Absence of:
Absence of improper system state
alterations
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 121/130
SecuritySecurity is a combination of attributes:Integrity
Confidentiality
AvailabilityUnder different circumstances, theseattributes are more or less important:
Denial of service is an availability issue
Exposure of information is a confidentiality issue
Security Requirements
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 122/130
User Identification
Secure Network AccessService access if authorized
Secure CommunicationConfidentiality and integrity of communicated data
Secure StorageConfidentiality and integrity of sensitiveinformation stored in the system
Content Security
Usage restrictions of digital content stored
AvailabilityCan perform its intended function and servicelegitimate users at all times
Example: Security
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 123/130
Example: Security
Requirements for a Cell Phone
Ref: S. Ravi et al. Security in Embedded Systems, ACM Trans. On Embedded Systems, 2004
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 124/130
Design ChallengesProcessing GapComputational demands of security processing aresubstantial
Battery GapEnergy consumption overheads for supportingsecurity is very high
Flexibility
Support for multiple and diverse security protocolsTamper resistance
Protection against attacks of malicious software
Security Processing
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 125/130
Security Processing
ArchitectureFirst GenerationExecuting security software on embeddedprocessors
Poor efficiencyHigh Flexibility
Fast turn-around time
Second GenerationOffload crypto-function to crypto-hardware
High Efficiency
Poor Flexibility
High Design Complexity
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 126/130
Security ArchitectureThird Generation
Protocol level offload to programmableengines
High Efficiency
High Flexibility
Fast turn-around time
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 127/130
FeaturesMoving cryptographic processes out of firmware and into FPGA
Harder to probe than ROM devices
Increased performance (more efficient)
Using secure cryptographic coprocessorSelf-contained, hardware tamper response,authentication, general-purpose processor
Ex.: Philips VMS747, IBM 4758
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 128/130
Fault ToleranceEssential for reliable and highly availableEmbedded Systems
Software fault tolerance is the ability forsoftware to detect and recover from a faultthat is happening or has already happened ineither the software or hardware in the system
in which the software is running in order toprovide service in accordance with thespecification.
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 129/130
Techniques for Fault ToleranceDesign DiversityRecovery Block
operates with an adjudicator which confirms the
results of various implementations of the samealgorithm
N-version Methodvoting
Self-checking Software
Self-checking software are the extra checks, oftenincluding some amount check-pointing and rollback recovery methods added into fault-tolerant or safetycritical systems
7/28/2019 Compilers for Embedded Systems
http://slidepdf.com/reader/full/compilers-for-embedded-systems 130/130
SummaryWe had an introduction to differentaspects of dependable design
Dependability is a critical issue fordeployment of embedded systems