Embedded System Lecture Notes and Presentations

Prof. Phil Koopman, Carnegie Mellon University

This is a unified listing my lecture materials on a variety of topics from my Carnege Mellon University courses, keynote lectures, and other talks I've given. Please see the copyright notice at the end of this page before e-mailing about use.

Also see my other content distribution sites:


Selected talks and webinars


Podcasts and Interviews


18-642: Embedded Software Engineering

Code quality, safety, security. (Last update Fall 2021.)
Alternate sources: Archive.org 18642

Embedded software quality, safety, security

  Slides YouTube
Video

Full Lecture
YouTube Play List
(To access single slides)
Topics
1 Course Overview Embedded Software
Code Quality,
Safety, Security

(44 min)
Embedded Software
Code Quality,
Safety, Security

(44 min)
Challenges of embedded code; it only takes one line of bad code; problems with large scale production; your products live or die by their software; considering the worst case; designing for safety; security matters; industrial controls as targets; designing for security; testing isn't enough
Fiat Chrysler jeep hack; Ford Mytouch update; Toyota UA code quality; Heartbleed; Nest thermostats; Honda UA recall; Samsung keyboard bug; hospital infusion pumps; LIFX smart lightbulbs; German steel mill hack; Ukraine power hack; SCADA attack data; Shodan; traffic light control vulnerability; hydroelectric plant vulnerability; zero-day shopping list
2 Course administration    No video  
3 Software Development Processes SW Process
(49 min)
SW Process
(49 min)
Waterfall; swiss cheese model; lessons learned in software; V model; design vs. code; agile methods; agile for embedded
4 Code Style for Humans Code Style for Humans
(15 min)
Code Style for Humans
(15 min)
Making code easy to read; good code hygiene; avoiding premature optimization; coding style
5 Code Style for Compilers Code Style for Compilers
(21 min)
Code Style for Compilers
(21 min)
Pitfalls and problems with C; language use guidelines and analysis tools; using language wisely (strong typing); Mars Climate Orbiter; deviations & legacy code
6 Peer Reviews Peer Reviews
(33 min)
Peer Reviews
(33 min)
Effective code quality practices, peer review efficiency and effectiveness; Fagan inspections; rules for peer review; review report; perspective-based reviews; review checklist; case study; economics of peer review. Peer Review Checklist
7 Requirements Requirements
(24 min)
Requirements
(24 min)
Ariane 5 flight 501; rules for good requirements; problematic requirements; extra-functional requirements; requirements approaches; ambiguity
8 Global Variables Globals
(13 min)
Globals
(13 min)
Global vs. static variables; avoiding and removing globals
9 Spaghetti Code Spaghetti Code
(18 min)
Spaghetti Code
(18 min)
McCabe Cyclomatic Complexity (MCC); SCC; Spaghetti Factor (SF)
10 Toyota UA Case Study Toyota UA
(60 min)
Toyota UA
(60 min)
Case study of Toyota UA
11 Stack Overflow Stack Overflow
(8 min)
Stack Overflow
(8 min)
Stack overflow mechanics; memory corruption; stack sentinels; static analysis; memory protection; avoid recursion
12 SW Architecture & HLD Software Architecture and HLD
(15 min)
Software Architecture and HLD
(15 min)
High Level Design (HLD); boxes and arrows; sequence diagrams (SD); statechart to SD relationship; 2011 Health Plan chart
13 Statecharts Statecharts
(19 min)
Statecharts
(19 min)
Statechart elements; statechart example; statechart implementation
14 Traceability Traceability
(11 min)
Traceability
(11 min)
Traceability across the V; examples; best practices
15 Software Testing Overview Testing Overview
(20 min)
Software Testing Overview
(20 min)
Smoke testing, exploratory testing; methodical test coverage; types of testing; testing philosophy; coverage; testing resources
16 Unit Testing Unit Testing
(18 min)
Unit Testing
(18 min)
Black box testing; white box testing; unit testing strategies; MCDC coverage; unit testing frameworks (cunit)
17 Integration Testing Integration Testing
(15 min)
Integration Testing
(11 min)
Integration test approaches; tracing integration tests to SDs; network message testing; using SDs to generate unit tests
18 System-Level Test System Level Test
(18 min)
System Level Test
(18 min)
First bug story; effective test plans; testing won't find all bugs; F-22 Raptor date line bug; bug farms; risks of bad software
19 Concurrency & Race Conditions Concurrency & Race Conditions
(21 min)
Concurrency & Race Conditions
(21 min)
Therac 25; race condition example; disabling interrupts; mutex; blocking time; priority inversion; priority inheritance; Mars Pathfinder
20 SQA isn't testing SQA Isn't Testing
(13 min)
SQA Isn't Testing
(13 min)
SQA elements; audits; SQA as coaching staff; cost of defect fixes over project cycle
21 Lifecycle CM Lifecycle CM
(19 min)
Lifecycle CM
(19 min)
A400M crash; version control; configuration management; long lifecycles
22 Maintenance Software Maintenance
(15 min)
Maintenance
(15 min)
Bug fix cycle; bug prioritization; maintenance as a large cost driver; technical debt
23 Key Metrics Key Metrics
(13 min)
Key Metrics
(13 min)
Tester to developer ratio; code productivity; peer review effectiveness
24 Date/Time Date Time
(26 min)
Date/Time
(26 min)
Keeping time; time terminology; clock synchronization; time zones; DST; local time; sunrise/sunset; mobility and time; date line; GMT/UTC; leap years; leap seconds; time rollovers; Zune leap year bug; internationalization.
25 Floating Point Pitfalls Floating Point Pitfalls
(17 min)
Floating Point Pitfalls
(17 min)
Floating point formats; special values; NaN and robots; roundoff errors; Patriot Missile mishap
26 Safety Overview Software Safety Overview
(16 min)
Software Safety Overview
(16 min)
Defense in depth; safety principles; safety culture; Challenger mishap; Therac 25
27 Dependability Dependability
(19 min)
Dependability
(20 min)
Dependability; availability; Windows 2000 server crash; reliability; serial and parallel reliability; example reliability calculation; other aspects of dependability
28 Critical Systems Critical Systems
(21 min)
Critical Systems
(21 min)
Safety critical vs. mission critical; worst case and safety; HVAC malfunction hazard; Safety Integrity Levels (SIL); Bhopal; IEC 61508; fleet exposure
29 Safety Plan Safety Plan
(26 min)
Safety Plan
(26 min)
Safety plan elements; functional safety approaches; hazards & risks; safety goals & safety requirements; FMEA; FTA; safety case (GSN)
30 Single Points of Failure Single Points of Failure
(17 min)
Single Points of Failure
(17 min)
Fault containment regions (FCR); Toyota UA single point failure; multi-channel pattern; monitor pattern; safety gate pattern; correlated & accumulated faults
31 Safety Requirements Safety Requirements
(17 min)
Safety Requirements
(17 min)
Identifying safety-related requirements; safety envelope; Doer/Checker pattern
32 Critical System Isolation Critical System Isolation
(17 min)
Critical System Isolation
(17 min)
Isolating different SILs, mixed-SIL interference sources; mitigating cross-SIL interference; isolation and security; CarShark hack
33 Redundancy Management Redundancy Management
(20 min)
Redundancy Management
(20 min)
Bellingham WA gasoline pipeline mishap; redundancy for availability; redundancy for fault detection; Ariane 5 Flight 501; fail operational; triplex modular redundancy (TMR) 2-of-3 pattern; dual 2-of-2 pattern; high-SIL Doer/Checker pattern; diagnostic effectiveness and proof tests
34 Safety Architecture Patterns Safety Architecture Patterns
(42 min)
Safety Architecture Patterns
(42 min)
Supplemental lecture with more detail on patterns: low SIL; self-diagnosis; partitioning; fail operational; voting; fail silent; dual 2-of-2; Ariane 5 Flight 501; fail silent patterns (low, high, mixed SIL); high availability mixed SIL pattern
35 Data Integrity Data Integrity
(29 min)
Data Integrity
(29 min)
Sources of faults; soft errors; Hamming distance; parity; mirroring; SECDED; checksum; CRC
36 Cryptography Cryptography
(33 min)
Cryptography
(33 min)
Confusion & diffusion; Caesar cipher; frequency analysis; Enigma; Lorenz & Colossus; DES; AES; public key cryptography; secure hashing; digital signatures; certificates; PKI; encrypting vs. signing for firmware update
37 Security Plans Security Plan
(29 min)
Security Plan
(29 min)
Security plan elements; Target Attack; security requirements; threats; vulnerabilities; mitigation; validation
38 Security Threats Security Threats
(24 min)
Security Threats
(24 min)
Stuxnet; attack motivation; attacker threat levels; DirectTV piracy; operational environment; porous firewalls; Davis Besse incident; BlueSniper rifle; integrity; authentication; secrecy; privacy; LG Smart TV privacy; DoS/DDos; feature activation; St. Jude pacemaker recall
39 Security Vulnerabilities Security Vulnerabilities
(29 min)
Security Vulnerabilities
(29 min)
Exploit vs. attack; Kettle spambot; weak passwords; master passwords; crypto key length; Mirai botnet attack; crypto mistakes; LIFX revisited; CarShark revisited; chip peels; hidden functionality; counterfeit systems; cloud connected devices; embedded-specific attacks
40 Security Mitigation Validation Security Mitigation Validation
(34 min)
Security Mitigation Validation
(34 min)
Password strength; storing passwords & salt/pepper/key stretching; Adobe password hack; least privilege; Jeep firewall hack; secure update; secure boot; encryption vs. signing revisited; penetration testing; code analysis; other security approaches; rubber hose attack
41 Security Pitfalls Security Pitfalls
(24 min)
Security Pitfalls
(24 min)
Konami code; security via obscurity; hotel lock USB hack; Kerckhoff's principle; hospital WPA setup hack; DECSS; Lodz tram attack; proper use of cryptography; zero day exploits; security snake oil; realities of in-system firewalls; aircraft infotainment and firewalls; zombie road sign hack

AV Safety

  Slides YouTube
Video

Full Lecture
YouTube Play List
(To access single slides)
Topics
100 Look Who's Driving AV: Look Who's Driving
(54 min) (PBS Nova)
  PBS Nova episode featuring experts on autonomous vehicle development: how AVs work; how close are we to large-scale deployment; will we ever be able to trust AI with our lives? (Released: Oct 23, 2019)
101 AV: Software Safety for Vehicle Automation -- Intro AV: Software Safety for Vehicle Automation -- Intro
(10 min)
AV: Software Safety for Vehicle Automation -- Intro
(10 min)
Automated Driving System needs; AVs sold on safety; sensors to control; machien learning; race to autonomy; integration and validation issues; true winner must be safe; overall challenges
102 AV: Validating Machine Learning-Based Systems AV: Validating Machine Learning-Based Systems
(30 min)
AV: Validating Machine Learning-Based Systems
(30 min)
Human driver test comparison; machine learning challenges; machine learning meets the Vee model; public road testing; brute force testing; closed course testing; simulation; scenarios; simulation components; simulation validity; passing a test
103 AV: SOTIF and Edge Cases AV: SOTIF and Edge Cases
(31 min)
AV: SOTIF and Edge Cases
(31 min)
SOTIF concept; six sigma isn't enough; it's all about the edge cases; why edge cases matter; heavy tail distribution; driver assistance vs. automation; unusual situations; mistaken stop sign; human intuition isn't enough
104 AV: Implications of Removing the Human Driver AV: Implications of Removing the Human Driver
(32 min)
AV: Implications of Removing the Human Driver
(32 min)
Examples of blaming drivers; can humans supervise autonomy; 94% human error narrative; humans mitigate faults; automotive software defect trends; example software defects; ADS fault handling; controllability without a humand driver; no human to blame; vehicle automation modes; human interactions; lifecycle issues
105 AV: Safety Architectures AV: Safety Architectures
(28 min)
AV: Safety Architectures
(28 min)
Safety envelopes; doer/checker; shuttle incidents; physics-based rule checking; uncertainty in world model; validating an AV pipeline; importance of behavior prediction; fail silent to fail operational; example architecture; redundancy & decomposition; move to centralized architecture
106 AV: How Safe Is Safe Enough? AV: How Safe Is Safe Enough?
(21 min)
AV: How Safe Is Safe Enough?
(21 min)
AV trust issues; is a supervised "autopilot" actually safer; safety expectations; regulatory strategy; how safe is safe enough; which driver are we better than; ODD affects safe enough value; approaches to measuring safe; standards-based approach
107 AV: Building Trust AV: Building Trust
(14 min)
AV: Building Trust
(14 min)
Stakeholder trust; hypothetical validation campaign; how much do you trust validation; engineering rigor; field engineering feedback; safety culture; positive trust balance
108 AV: Getting to Deployed + Safe AV: Getting to Deployed + Safe
(14 min)
AV: Getting to Deployed + Safe
(14 min)
System engineering; computer-based system safety engineering; staffing profile; technical safety challenges; organizational safety challenges.
109 AV: UL 4600 AV: UL 4600
(20 min)
AV: UL 4600
(20 min)
ANSI/UL 4600 summary
120 AV: Overview of Automated Vehicle Terminology and J3016 Levels AV: Overview of Automated Vehicle Terminology and J3016 Levels AV: Overview of Automated Vehicle Terminology and J3016 Levels J3016 terminology, SAE J3016 Levels, Vehicle Automation Modes, Myths

Supplemental materials:

  • 2021: ADAS vs. AV Safety and Automation Modes (L121) (20 minutes) | Playlist | Slides | Archive.org
  • 2021: Automated Vehicle Safety update for 2021 (L122) (28 minutes) | Playlist | Slides | Archive.org
  • NOTES:

    Live course site http://www.ece.cmu.edu/~ece642/ might have some more recent lectures. Please see the copyright notice


    18-348: Embedded System Engineering

    Microcontroller hardware, software, I/O, coding techniques, with coverage of 9S12 microcontroller. (Last taught Spring 2016.)

    1. Course Intro Background
    2. Embedded Hardware
    3. Microcontroller Instruction Set - Part 1
    4. Microcontroller Instruction Set - Part 2
    5. Engineering Process Design Techniques
    6. Embedded Language Use
    7. Coding Tricks; Multiprecision Math; Reviews
    8. Memory and Memory Bus
    9. Economics, Code Optimization, and Fixed Point
    10. Debug Test
    11. Serial Ports
    12. Time; Timer/Counters; Watchdog Timers
    13. Interrupts
    14. Interrupt Cyclic Task Response Timing
    15. Preemptive Context Switching
    16. Concurrency
    17. Scheduling
    18. Digital to Analog, PWM
    19. Analog Inputs
    20. Other I/O
    21. Control
    22. RTOS Selection; Why Software Quality Matters
    23. System Resets, Robustness Power Management
    24. Checksums and CRCs
    25. Bluetooth CAN

    18-649: Distributed Embedded Systems

    Software process, distributed systems, embedded networks, critical systems. (Last taught Fall 2015.)

    1. Course Overview Introduction
    2. Elevators as a distributed embedded application
    3. Requirements and Methodical Engineering
    4. UML-Based Design Process
    5. End-to-end design example
    6. Distributed + Embedded Systems; Event Triggered vs. Time Triggered
    7. Reviews Software Process
    8. Embedded Software Testing
    9. Verification, Validation Certification
    10. Embedded System Engineering Economics
    11. Embedded Communication Protocols
    12. CAN Protocol
    13. CAN Performance
    14. End-To-End System Scheduling
    15. Embedded Internet Embedded Security
    16. Distributed Timekeeping
    17. Dependability/Reliability
    18. Critical Systems Software Safety
    19. Critical Systems Engineering
    20. Humans as a System Component
    21. FlexRay Protocol
    22. Ethics Societal Impact
    23. Time Triggered Protocol (TTP)

    Additional reading list. (Note that "local" links are probably non-functional.)


    18-548: Memory Hierarchy

    Memory hiearchy from cache out to virtual memory. (Last taught Fall 1998.)

    1. Introduction & Overview
    2. Key Concepts
    3. Physical Memory Architecture
    4. Cache Organization & Access
    5. Virtual Memory Architecture
    6. Cache Data Organization
    7. Associativity
    8. Data Management Policies
    9. Memory Devices & Chip Area
    10. Multilevel Strategies
    11. System-Level Effects on Performance
    12. Tuning Software for Speed
    13. Main Memory Architecture
    14. Main Memory Performance
    15. Storage Systems
    16. Vector Architecture
    17. Vector Performance
    18. Buses
    19. Multiprocessor Coherence
    20. Fault Tolerance in the Memory Hierarchy

    Copyright notice: These materials are copyrighted by Philip Koopman in the year indicated on the materials. Downloading and viewing materials for personal use is acceptable with no further permission. Use in academic settings, informal lunch-and-learn study groups, and so on is acceptable with no further permission provided attribution is made to me as author of the material. For-profit training use (i.e., someone is getting paid specifically to deliver the training, which is a higher bar than a volunteer presenting a lunch-and-learn informally at a company) requires permission and a fee, except for small snippets (e.g., no more than one slide from a lecture) that fall under Fair Use copyright doctrine. Posting on public web sites, including slide sharing services, video services, and course note sites is strictly prohibited unless I, the author, personally do the upload myself. Linking to material I post, including embedded display of a link to my material, is acceptable and does not require permission. These are historical lecture slides and might not represent my current opinions on various topics due to newly available research and experience. Due to lack of time and resources I do not attempt to keep the technical content of historical lectures up to date, but pointing out any substantive errors for future correction on a time-available basis is appreciated.

    Some files may have less restrictive copyright permissions either noted on the materials themselves or in metadata in my accounts (e.g., on archive.org). So long as materials are accessed via my personal account (e.g., https://archive.org/details/@pkoopman) those less restrictive copyright permissions prevail on files accessed from those sources.

    If you plan to make substantive use of this material in your teaching I'd be happy to hear about it, but non-profit teaching, including use in university courses, use does not require additional permission. In general I don't have time to respond to queries already handled by this copyright notice. This information is provided as-is, and proper use, safety, and other outcomes despite any potential errors or omissions are entirely your responsibility. For other queries please contact: koopman@cmu.edu