NOTE: there is an update here:
https://users.ece.cmu.edu/~koopman/lectures/index.html#642
which includes newer course notes and quite a few YouTube videos of these lectures.
You should use that URL instead of this blog post, but I've left this post as-is for Fall 2017.
18-642 Embedded System Software Engineering
Prof. Philip Koopman, Carnegie Mellon University, Fall 2017
Slides | Topics | |
1 | Course Introduction | Software is eating the world; embedded applications and markets; bad code is a problem; coding is 0% of software; truths and management misconceptions |
2 | Software Development Processes | Waterfall; swiss cheese model; lessons learned in software; V model; design vs. code; agile methods; agile for embedded |
3 | Global Variables | Global vs. static variables; avoiding and removing globals |
4 | Spaghetti Code | McCabe Cyclomatic Complexity (MCC); SCC; Spaghetti Factor (SF) |
5 | Unit Testing | Black box testing; white box testing; unit testing strategies; MCDC coverage; unit testing frameworks (cunit) |
6 | Modal Code/Statecharts | Statechart elements; statechart example; statechart implementation |
7 | Peer Reviews | Effective code quality practices, peer review efficiency and effectiveness; Fagan inspections; rules for peer review; review report; perspective-based reviews; review checklist; case study; economics of peer review |
8 | Code Style/Humans | Making code easy to read; good code hygiene; avoiding premature optimization; coding style |
9 | Code Style/Language | Pitfalls and problems with C; language use guidelines and analysis tools; using language wisely (strong typing); Mars Climate Orbiter; deviations & legacy code |
10 | Testing Quality | Smoke testing, exploratory testing; methodical test coverage; types of testing; testing philosophy; coverage; testing resources |
11 | Requirements | Ariane 5 flight 501; rules for good requirements; problematic requirements; extra-functional requirements; requirements approaches; ambiguity |
12 | System-Level Test | First bug story; effective test plans; testing won't find all bugs; F-22 Raptor date line bug; bug farms; risks of bad software |
13 | SW Architecture | High Level Design (HLD); boxes and arrows; sequence diagrams (SD); statechart to SD relationship; 2011 Health Plan chart |
14 | Integration Testing | Integration test approaches; tracing integration tests to SDs; network message testing; using SDs to generate unit tests |
15 | Traceability | Traceability across the V; examples; best practices |
16 | SQA isn't testing | SQA elements; audits; SQA as coaching staff; cost of defect fixes over project cycle |
17 | Lifecycle CM | A400M crash; version control; configuration management; long lifecycles |
18 | Maintenance | Bug fix cycle; bug prioritization; maintenance as a large cost driver; technical debt |
19 | Process Key Metrics | Tester to developer ratio; code productivity; peer review effectiveness |
33 | Date Time Management | Keeping time; time terminology; clock synchronization; time zones; DST; local time; sunrise/sunset; mobility and time; date line; GMT/UTC; leap years; leap seconds; time rollovers; Zune leap year bug; internationalization. |
21 | Floating Point Pitfalls | Floating point formats; special values; NaN and robots; roundoff errors; Patriot Missile mishap |
23 | Stack Overflow | Stack overflow mechanics; memory corruption; stack sentinels; static analysis; memory protection; avoid recursion |
25 | Race Conditions | Therac 25; race condition example; disabling interrupts; mutex; blocking time; priority inversion; priority inheritance; Mars Pathfinder |
27 | Data Integrity | Sources of faults; soft errors; Hamming distance; parity; mirroring; SECDED; checksum; CRC |
20 | Safety+Security Overview | Challenges of embedded code; it only takes one line of bad code; problems with large scale production; your products live or die by their software; considering the worst case; designing for safety; security matters; industrial controls as targets; designing for security; testing isn't enough Fiat Chrysler jeep hack; Ford Mytouch update; Toyota UA code quality; Heartbleed; Nest thermostats; Honda UA recall; Samsung keyboard bug; hospital infusion pumps; LIFX smart lightbulbs; German steel mill hack; Ukraine power hack; SCADA attack data; Shodan; traffic light control vulnerability; hydroelectric plant vulnerability; zero-day shopping list |
22 | Dependability | Dependability; availability; Windows 2000 server crash; reliability; serial and parallel reliability; example reliability calculation; other aspects of dependability |
24 | Critical Systems | Safety critical vs. mission critical; worst case and safety; HVAC malfunction hazard; Safety Integrity Levels (SIL); Bhopal; IEC 61508; fleet exposure |
26 | Safety Plan | Safety plan elements; functional safety approaches; hazards & risks; safety goals & safety requirements; FMEA; FTA; safety case (GSN) |
28 | Safety Requirements | Identifying safety-related requirements; safety envelope; Doer/Checker pattern |
29 | Single Points of Failure | Fault containment regions (FCR); Toyota UA single point failure; multi-channel pattern; monitor pattern; safety gate pattern; correlated & accumulated faults |
30 | SIL Isolation | Isolating different SILs, mixed-SIL interference sources; mitigating cross-SIL interference; isolation and security; CarShark hack |
31 | Redundancy Management | Bellingham WA gasoline pipeline mishap; redundancy for availability; redundancy for fault detection; Ariane 5 Flight 501; fail operational; triplex modular redundancy (TMR) 2-of-3 pattern; dual 2-of-2 pattern; high-SIL Doer/Checker pattern; diagnostic effectiveness and proof tests |
32 | Safety Architecture Patterns | Supplemental lecture with more detail on patterns: low SIL; self-diagnosis; partitioning; fail operational; voting; fail silent; dual 2-of-2; Ariane 5 Flight 501; fail silent patterns (low, high, mixed SIL); high availability mixed SIL pattern |
34 | Security Plan | Security plan elements; Target Attack; security requirements; threats; vulnerabilities; mitigation; validation |
35 | Cryptography | Confusion & diffusion; Caesar cipher; frequency analysis; Enigma; Lorenz & Colossus; DES; AES; public key cryptography; secure hashing; digital signatures; certificates; PKI; encrypting vs. signing for firmware update |
36 | Security Threats | Stuxnet; attack motivation; attacker threat levels; DirectTV piracy; operational environment; porous firewalls; Davis Besse incident; BlueSniper rifle; integrity; authentication; secrecy; privacy; LG Smart TV privacy; DoS/DDos; feature activation; St. Jude pacemaker recall |
37 | Security Vulnerabilities | Exploit vs. attack; Kettle spambot; weak passwords; master passwords; crypto key length; Mirai botnet attack; crypto mistakes; LIFX revisited; CarShark revisited; chip peels; hidden functionality; counterfeit systems; cloud connected devices; embedded-specific attacks |
38 | Security Mitigation Validation | Password strength; storing passwords & salt/pepper/key stretching; Adobe password hack; least privilege; Jeep firewall hack; secure update; secure boot; encryption vs. signing revisited; penetration testing; code analysis; other security approaches; rubber hose attack |
39 | Security Pitfalls | Konami code; security via obscurity; hotel lock USB hack; Kerckhoff's principle; hospital WPA setup hack; DECSS; Lodz tram attack; proper use of cryptography; zero day exploits; security snake oil; realities of in-system firewalls; aircraft infotainment and firewalls; zombie road sign hack |
Note that in Spring 2018 these are likely to be updated, so if want to see the latest also check the main course page: https://www.ece.cmu.edu/~ece642/ For other lectures and copyright notes, please see my general lecture notes & video page: https://users.ece.cmu.edu/~koopman/lectures/index.html