- | Home |
- Company |
- Contact |
- News |
- S/ware Eng |
- Standards |
- Academic Support |
- Documents |
- | Requirements |
- Validation |
- RTOS |
- Analysis |
- Software |
- Resources |
- Products |
 |
Embedded Systems Engineering
|
 |
I have to give the usual disclaimer that that these are my own personal views and not those of the ESE Editor and publisher. or those of my employer at the time..... I now work for Phaedrus Systems Ltd!
There is a 75% cut down version for print in ESE. The full one is on my web site at www.phaedsys.com Which you are now reading.
It has been a busy month. Microsoft are pushing for a new "secure C library" (See http://std.dkuug.dk/jtc1/sc22/wg14/www/docs/n1007.pdf and
http://std.dkuug.dk/jtc1/sc22/wg14/www/docs/n1031.pdf) for all the library functions, apparently all 2000 of them. I did not think there were 2000 functions in the ISO-C library but MS have included all the MS C/C++ libraries as well in this proposal, which is of no use to the vast majority in the embedded world.
The problem for me is that the resultant libraries would be full of MS specific extensions. The trust of the proposal is that there are many holes and leaks in the original libraries that permit buffer over runs, error reporting and parameter validation. Security is the important thing here they stress. One of my BSI panel said that voting against security is like "voting against Motherhood and Apple Pie". However, there is quite some unease on the UK panel re this proposal.
The other complaint MS have in their proposal is that the library was designed when computers were "Much simpler and more constrained". This is a common comment from PC programmers who will tell you 16 bit systems died out a while ago and there has not been an 8-bit system since Sinclair or the BBC home computers.
MS are also complaining that the C library has it's roots in and is biased to Unix…. My question is "as opposed to what?" Unix in its various forms usually complies with POSIX. POSIX is the Portable OS Interface… That is "Portable" and it is an International standard. Linux is also moving to POSIX and many other embedded OS are POSIX complient. MS seem to want to take it away from an International Standard (POSIX) to their proprietary standard. Fortunately the proposal is only for a Technical Report, which means that it won't actually become part of the standard but would still lend authority to the MS library.
Is this another attempt by MS to take over the world or do they really think that 99% of the world is windows based? I don't mind vendors pushing standards, such as IBM is doing with its decimal FP maths proposals (see http://www2.hursley.ibm.com/mfcsumm.html ), but I am less happy where individual companies push things to suit their proprietary system or products. IBM is proposing a new maths model in hardware and has asked ISO how it should hook into the ISO languages, principally C & C++. It is not inventing its own extensions to C & C++ or trying to replace a current library with a proprietary one.
Before I move on, http://std.dkuug.dk/jtc1/sc22/wg14/ the home of the ISO C working group has some other useful documents including the changes between C90 and C99 and the C99 Rational.
Looking at MISRA-C again we (the working group) have decided that this time we are going to draw a line in the sand now we have the re-worked MISRA-C2 with the comments from the US SAE and the Japanese SAE. We are going to publish the second edition as it is. The problem is that we could go in fixing and amending and just cleaning up one more part from now until the middle of the next decade. This is what happens with many ISO standards. So with any luck the end of May will see the guillotine come down.
The Official launch of MISRA-C2 will be at the Embedded Systems Show 13/14th October at the NEC. (See http://www.embedded.co.uk ) This will be in the FREE part of the conference in the forum on the exhibition floor. The following week will be the MISRA Forum run by MIRA. This will be held in Coventry as usual. More details later.
For a first look at MISRA-C2 come to ESS. A note to all of you who are chasing drafts of MISRA-C2 can forget it. There is little point in having a document that is incorrect, especially as we are still moving the odd rule around (changing numbers so that the rules are grouped more sensibly) and changing some wording. The other problem is that the tool vendors will not be able to start working on MISRA-C2 tools until we lock down the document and then it is going to be about 6 months before they get their tools to market. SO using a MISRA-C2 draft now will mean you are neither MISRA-C1 or MISRA-C2 complient.
I read an interesting paper from a company who does a "MISRA-C Compliant" code generation tool (more on "compliant" later). This paper has problems with Rule 1, All code shall be ISO C 9899:1990 compliant. They state, incorrectly that rule 1 is there to promote portability. This is not correct. The rule commentary states that it "may be necessary to raise deviations to permit certain language extensions, for example to support hardware specific features". The Technical Corrigendum from July 2000 goes on to state that it is expected that virtually all embedded users will deviate this rule. The purpose of the rule is to highlight any non-standard behaviour and ensure it is documented. Not to ban it or promote portability. Portability has not usually been an over riding concern in the industry despite what the CASE and auto code generation tool companies would have you believe. The Technical Corrigendum is available from the MISRA web site. (http://www.misra.org.uk )
MISRA-C Compliant? Well what does that mean? Unfortunately very little: It means that in the view of the authors of the tool etc they think the tool is compliant…. Usually this is done in good faith. However, several years ago one company, I forget which it was now, suggested at a technical meeting that their tool "…tested 100% of the MISRA-C rules…." In discussion it came out: "that is 100% of the rules that we think are enforceable by our tool, which is the best. So that must be 100% of the testable rules" In fact it was about 75% of the Required rules where other tools claimed around 80% coverage! So their "certification" was not worth the paper was written on! Conversely I know of a tool that did not want to claim MISRA-C compliance as they felt that as they only tested 80% of the rules they could not claim compliance!
To alleviate this problem I have it on reliable authority (Gavin and Les) that when we lock down the second edition we will plough straight into a MISRA-C2 test suite… Actually we are going to plough into a large beer first! Even this has caused problems, the test suite not the beer! It will probably start life as an "Example Code Set". This is because over the last 6 years of MISRA C as there has been no test suite, validation suite, certification of tools etc everyone had done their own, usually honest, interpretation. The interpretations and implementations may vary but except in cases like the one mentioned above that are plain wrong, are all equally valid interpretations. The fear is that a test suite may favour or disadvantage various tools that are out there with a large user-base. Therefore the test/validation/example/illustrative suite we come up with will be for MISRA-C2 not the MISRA-C1 and it be GPL so the general public can get copies and run their own tests.
There will not, as far as I know be any test house or validation centre for tools. MIRA have always shied away from this on the grounds of simple commercial cost and resources. Not to mention liability. I don't know if this will change but as far as I know there are no plans at the moment.
I am still working on getting the newsgroup comp.lang.c.misra formed. Why? Because we need a central and independent place to discuss MISRA-C. Web forums are slow and you have to go to them and they are directly controlled by the web site owner who is also liable for the content. Also the webmaster can sensor and remove posts. You also have to find some one who can set it up and run it. The only people with that amount of interest also have a very strong commercial interest. This includes MIRA who are now a commercial Limited Company. Therefore you would get (have got) every company with an interest in MISRA-C doing their own web forum.
On the other hand News groups, once formed, are independent of any organisation and run themselves. It also means people can ask questions that a tool vendor may not like to have on their web forum. It is also a central point for everyone regardless of which tool they use or which company they work for. The challenge the users of the NG will have is working out which yahoo and hotmail contributors work for which tool vendor J
I will need a LOT of "yes" votes for this. There is a large minimum number of yes votes required and there must be a large majority of Yes to no votes. It only takes a small number of no votes to stop a news group creation. Some of the ISO C people seem very anti MISRA-C. I am not sure why. So can you all find out if you have newsreaders? Even Outlook, IE and Netscape have newsreaders in them. The request for vote will go on to several news groups including comp.arch.embedded. I will let people know when the request for vote will happen next month. It is likely to be in the month after and there is only a small window of 21 days so please sort out your newsreaders now.
Are you in a MES? No, not are you in a mess but are you in the IEE Microelectronics & Embedded Systems Professional Network? What is a Professional Network? See http://www.iee.org/OnComms/PN/mes/index.cfm and you will discover that the IEE has been modernising with a vengeance. And is no longer "heavy power" biased. There are many PNs. ESE readers will probably want to look at more than one but the overall embedded on is MES. It has an Executive Committee, a Technical Advisory Panel and a manager that organise events, run a web site with information and resources. Engineers can register for this (and the other groups) and get information by email and take part in the extensive forums. There are even videos of some of the more interesting seminars and meetings (for example Max Mosley talking about technology in F1) Start here http://www.iee.tv
The useful part of this IEE network is you don't actually have to be a member of the IEE to join it. Though I can't see why any embedded Engineer would not a member of the IEE. Especially if they are under 45. The spectre of licensing is again raising its head. The Engineering Council UK sent me some information that there is an International Register of Professional Engineers (see www.engc.org.uk) that covers 7 countries: Australia, Canada, New Zealand, Singapore, South Africa, UK and USA. The PE system links with the Eur Ing that covers Europe. If you want to work as a Professional Engineer you will need to register. In some of the states of the US you need to be a PE to do almost any embedded work.
So those of you thinking of leaving the country or working abroad at some stage should be IEE members already. Contact Chris Simpson, Registrar at csimpson@engc.org.uk
ERRATA
After the column was published I got the following Email from Chris Simpson correcting a few points. I am still confused a bit about point three as the brochure I was sent implies that there is a link. I shall get some clarification on this later. In any event I hope that UK Engineers will look at the IEE and apply for membership and that Chartered Engineers will look at the International PE register. The world is getting smaller.
///////////////////////////////////////////////////////////////////////////////////
Dear Mr Hills,
RE:http://www.esemagazine.co.uk/common/viewer/archive/2004/May/5/feature5.phtm
I have received an email referring to the above article that you wrote and having read the article I wish to point out a number of factual corrections to the information you provide towards the end of the article with reference to ECUK.
1. The ECUK website is www.engc.org.uk <http://www.engc.org.uk/>
2. No multilateral international engineering agreement is signed up to by the 7 countries you mention. Singapore is not a full member of the International Register, nor of any other of the following multilateral agreements.
The Washington Accord has 8 members (Australia, Canada, Hong Kong, Ireland, New Zealand, South Africa, UK and USA);
The Sydney Accord (IEng level) has 7 members - as for the Washington Accord without USA involvement;
The Dublin Accord has 4 members (Canada, Ireland, South Africa, UK).
The Engineers Mobility Forum (which holds the International Register of Professional Engineers) has 11 full members: all 8 Washington Accord countries, plus Korea, Japan and Malaysia.
3. There is no linkage of which I am aware between the PE system and EUR ING.
4. There is no formal requirement to register as a PE in the USA to be able to work as an engineer. Where there is direct contact with the public, this is a legal requirement; as the 20% registration of working engineers as PEs shows, most engineers do not seek this licensing. As long as there is a PE to sign off, the legal requirement is satisfied.
5. The association of my name with IEE membership could be read as implying that I speak on behalf of IEE. All membership matters of an Institution are dealt with by the Institution concerned. ECUK sets the registration standards, provides advice on registration matters, registers professional engineers and technicians for the three legally protected titles that we hold (CEng, IEng and EngTech), and is signatory to the agreements set out in point 2, above. I ask, therefore, that this is clarified by amending the wording in this paragraph.
I trust that the above information is of use to you and that you will amend your article accordingly.
Yours sincerely,
Chris Simpson
Registrar
ECUK
10 Maltravers Street
London
WC2R 3ER
Direct line: +44 (0)20 7557 6468
Fax: +44 (0)20 7379 5586
For information about ECUK registration visit http://www.engc.org.uk/registration/
For information about ECUK Standards visit http://www.uk-spec.org.uk
For regular information about ECUK visit http://www.engc.org.uk/register_news/
//////////////////////////////////////////////////////////////////////////////////////////////
Author Details and contact
Eur Ing Chris Hills BSc CEng MIET MBCS MIEEE FRGS FRSA is a Technical Specialist and can be reached at This Contact
Copyright Chris A Hills 2003 -2008
The right of Chris A Hills to be identified as the author of this work has been asserted by him in accordance with the Copyright, Designs and Patents Act 1988