Embedded System Lecture Notes and Presentations

Prof. Phil Koopman, Carnegie Mellon University

This is a unified listing my lecture materials on a variety of topics from my Carnege Mellon University courses, keynote lectures, and other talks I've given. Please see the copyright notice at the end of this page before e-mailing about use.

Selected keynote talks and webinars

18-642: Embedded Software Engineering

Code quality, safety, security. (Last update Fall 2017.)

  Slides YouTube
1 Course Introduction Safety+Security Overview Challenges of embedded code; it only takes one line of bad code; problems with large scale production; your products live or die by their software; considering the worst case; designing for safety; security matters; industrial controls as targets; designing for security; testing isn't enough
Fiat Chrysler jeep hack; Ford Mytouch update; Toyota UA code quality; Heartbleed; Nest thermostats; Honda UA recall; Samsung keyboard bug; hospital infusion pumps; LIFX smart lightbulbs; German steel mill hack; Ukraine power hack; SCADA attack data; Shodan; traffic light control vulnerability; hydroelectric plant vulnerability; zero-day shopping list
2 Software Development Processes   Waterfall; swiss cheese model; lessons learned in software; V model; design vs. code; agile methods; agile for embedded
3 Global Variables Globals Global vs. static variables; avoiding and removing globals
4 Spaghetti Code Spaghetti McCabe Cyclomatic Complexity (MCC); SCC; Spaghetti Factor (SF)
5 Unit Testing   Black box testing; white box testing; unit testing strategies; MCDC coverage; unit testing frameworks (cunit)
6 Modal Code/Statecharts   Statechart elements; statechart example; statechart implementation
7 Peer Reviews Peer Reviews Effective code quality practices, peer review efficiency and effectiveness; Fagan inspections; rules for peer review; review report; perspective-based reviews; review checklist; case study; economics of peer review. Peer Review Checklist
8 Code Style/Humans Style Making code easy to read; good code hygiene; avoiding premature optimization; coding style
9 Code Style/Language Language Use Pitfalls and problems with C; language use guidelines and analysis tools; using language wisely (strong typing); Mars Climate Orbiter; deviations & legacy code
10 Testing Quality   Smoke testing, exploratory testing; methodical test coverage; types of testing; testing philosophy; coverage; testing resources
11 Requirements   Ariane 5 flight 501; rules for good requirements; problematic requirements; extra-functional requirements; requirements approaches; ambiguity
12 System-Level Test   First bug story; effective test plans; testing won't find all bugs; F-22 Raptor date line bug; bug farms; risks of bad software
13 SW Architecture & HLD   High Level Design (HLD); boxes and arrows; sequence diagrams (SD); statechart to SD relationship; 2011 Health Plan chart
14 Integration Testing   Integration test approaches; tracing integration tests to SDs; network message testing; using SDs to generate unit tests
15 SQA isn't testing   SQA elements; audits; SQA as coaching staff; cost of defect fixes over project cycle
16 Traceability   Traceability across the V; examples; best practices
17 Lifecycle CM   A400M crash; version control; configuration management; long lifecycles
18 Maintenance   Bug fix cycle; bug prioritization; maintenance as a large cost driver; technical debt
19 Process Key Metrics Key Metrics Tester to developer ratio; code productivity; peer review effectiveness
20 Date Time Management   Keeping time; time terminology; clock synchronization; time zones; DST; local time; sunrise/sunset; mobility and time; date line; GMT/UTC; leap years; leap seconds; time rollovers; Zune leap year bug; internationalization.
21 Floating Point Pitfalls   Floating point formats; special values; NaN and robots; roundoff errors; Patriot Missile mishap
22 Dependability Dependability Dependability; availability; Windows 2000 server crash; reliability; serial and parallel reliability; example reliability calculation; other aspects of dependability
23 Stack Overflow Stack Overflow Stack overflow mechanics; memory corruption; stack sentinels; static analysis; memory protection; avoid recursion
24 Critical Systems Critical Systems Safety critical vs. mission critical; worst case and safety; HVAC malfunction hazard; Safety Integrity Levels (SIL); Bhopal; IEC 61508; fleet exposure
25 Single Points of Failure Single Points of Failure Fault containment regions (FCR); Toyota UA single point failure; multi-channel pattern; monitor pattern; safety gate pattern; correlated & accumulated faults
26 Safety Plan Safety Plan Safety plan elements; functional safety approaches; hazards & risks; safety goals & safety requirements; FMEA; FTA; safety case (GSN)
27 Race Conditions   Therac 25; race condition example; disabling interrupts; mutex; blocking time; priority inversion; priority inheritance; Mars Pathfinder
28 Safety Requirements Safety Requirements Identifying safety-related requirements; safety envelope; Doer/Checker pattern
29 SIL Isolation SIL Isolation Isolating different SILs, mixed-SIL interference sources; mitigating cross-SIL interference; isolation and security; CarShark hack
30 Redundancy Management Redundancy Management Bellingham WA gasoline pipeline mishap; redundancy for availability; redundancy for fault detection; Ariane 5 Flight 501; fail operational; triplex modular redundancy (TMR) 2-of-3 pattern; dual 2-of-2 pattern; high-SIL Doer/Checker pattern; diagnostic effectiveness and proof tests
31 Safety Architecture Patterns Safety Architecture Patterns Supplemental lecture with more detail on patterns: low SIL; self-diagnosis; partitioning; fail operational; voting; fail silent; dual 2-of-2; Ariane 5 Flight 501; fail silent patterns (low, high, mixed SIL); high availability mixed SIL pattern
32 Data Integrity   Sources of faults; soft errors; Hamming distance; parity; mirroring; SECDED; checksum; CRC
33 Security Plan Security Plan Security plan elements; Target Attack; security requirements; threats; vulnerabilities; mitigation; validation
34 Security Threats   Stuxnet; attack motivation; attacker threat levels; DirectTV piracy; operational environment; porous firewalls; Davis Besse incident; BlueSniper rifle; integrity; authentication; secrecy; privacy; LG Smart TV privacy; DoS/DDos; feature activation; St. Jude pacemaker recall
35 Cryptography   Confusion & diffusion; Caesar cipher; frequency analysis; Enigma; Lorenz & Colossus; DES; AES; public key cryptography; secure hashing; digital signatures; certificates; PKI; encrypting vs. signing for firmware update
36 Security Vulnerabilities   Exploit vs. attack; Kettle spambot; weak passwords; master passwords; crypto key length; Mirai botnet attack; crypto mistakes; LIFX revisited; CarShark revisited; chip peels; hidden functionality; counterfeit systems; cloud connected devices; embedded-specific attacks
37 Security Mitigation Validation   Password strength; storing passwords & salt/pepper/key stretching; Adobe password hack; least privilege; Jeep firewall hack; secure update; secure boot; encryption vs. signing revisited; penetration testing; code analysis; other security approaches; rubber hose attack
38 Security Pitfalls Security Pitfalls Konami code; security via obscurity; hotel lock USB hack; Kerckhoff's principle; hospital WPA setup hack; DECSS; Lodz tram attack; proper use of cryptography; zero day exploits; security snake oil; realities of in-system firewalls; aircraft infotainment and firewalls; zombie road sign hack


Live course site http://www.ece.cmu.edu/~ece642/ might have some more recent lectures. Please see the copyright notice

18-348: Embedded System Engineering

Microcontroller hardware, software, I/O, coding techniques, with coverage of 9S12 microcontroller. (Last taught Spring 2016.)

  1. Course Intro Background
  2. Embedded Hardware
  3. Microcontroller Instruction Set - Part 1
  4. Microcontroller Instruction Set - Part 2
  5. Engineering Process Design Techniques
  6. Embedded Language Use
  7. Coding Tricks; Multiprecision Math; Reviews
  8. Memory and Memory Bus
  9. Economics, Code Optimization, and Fixed Point
  10. Debug Test
  11. Serial Ports
  12. Time; Timer/Counters; Watchdog Timers
  13. Interrupts
  14. Interrupt Cyclic Task Response Timing
  15. Preemptive Context Switching
  16. Concurrency
  17. Scheduling
  18. Digital to Analog, PWM
  19. Analog Inputs
  20. Other I/O
  21. Control
  22. RTOS Selection; Why Software Quality Matters
  23. System Resets, Robustness Power Management
  24. Checksums and CRCs
  25. Bluetooth CAN

18-649: Distributed Embedded Systems

Software process, distributed systems, embedded networks, critical systems. (Last taught Fall 2015.)

  1. Course Overview Introduction
  2. Elevators as a distributed embedded application
  3. Requirements and Methodical Engineering
  4. UML-Based Design Process
  5. End-to-end design example
  6. Distributed + Embedded Systems; Event Triggered vs. Time Triggered
  7. Reviews Software Process
  8. Embedded Software Testing
  9. Verification, Validation Certification
  10. Embedded System Engineering Economics
  11. Embedded Communication Protocols
  12. CAN Protocol
  13. CAN Performance
  14. End-To-End System Scheduling
  15. Embedded Internet Embedded Security
  16. Distributed Timekeeping
  17. Dependability/Reliability
  18. Critical Systems Software Safety
  19. Critical Systems Engineering
  20. Humans as a System Component
  21. FlexRay Protocol
  22. Ethics Societal Impact
  23. Time Triggered Protocol (TTP)

Additional reading list. (Note that "local" links are probably non-functional.)

18-548: Memory Hierarchy

Memory hiearchy from cache out to virtual memory. (Last taught Fall 1998.)

  1. Introduction & Overview
  2. Key Concepts
  3. Physical Memory Architecture
  4. Cache Organization & Access
  5. Virtual Memory Architecture
  6. Cache Data Organization
  7. Associativity
  8. Data Management Policies
  9. Memory Devices & Chip Area
  10. Multilevel Strategies
  11. System-Level Effects on Performance
  12. Tuning Software for Speed
  13. Main Memory Architecture
  14. Main Memory Performance
  15. Storage Systems
  16. Vector Architecture
  17. Vector Performance
  18. Buses
  19. Multiprocessor Coherence
  20. Fault Tolerance in the Memory Hierarchy

Copyright notice: These materials are copyrighted by Philip Koopman in the year indicated on the materials. Downloading and viewing materials for personal use is acceptable with no further permission. Use in academic settings, informal lunch-and-learn study groups, and so on is acceptable with no further permission provided attribution is made to me as author of the material. For-profit training use (i.e., someone is getting paid to deliver the training) requires permission and a fee, except for small snippets (e.g., no more than one slide from a lecture) that fall under Fair Use copyright doctrine. Posting on public web sites, including slide sharing services, video services, and course note sites is strictly prohibited unless I, the author, personally do the upload myself. These are historical lecture slides and might not represent my current opinions on various topics due to newly available research and experience. Due to lack of time and resources I do not attempt to keep the technical content of historical lectures up to date, but pointing out any substantive errors for future correction on a time-available basis is appreciated. If you plan to make substantive use of this material in your teaching I'd be happy to hear about it, but non-profit teaching, including use in university courses, use does not require additional permission. In general I don't have time to respond to queries already handled by this copyright notice. This information is provided as-is, and proper use is your responsibility. For other queries please contact: koopman@cmu.edu