Embedded System Lecture Notes and Presentations

Prof. Phil Koopman, Carnegie Mellon University

This is a unified listing my lecture materials on a variety of topics from my Carnege Mellon University courses, keynote lectures, and other talks I've given. Please see the copyright notice at the end of this page before e-mailing about use.

Also see my other content distribution sites:


Selected talks and webinars


Podcasts and Interviews


18-642: Embedded Software Engineering

Code quality, safety, security. (Last update Fall 2020.)
Alternate sources: https://cmu.box.com/v/18-642-EmbeddedSystemEng | Archive.org 18642

  Slides YouTube
Video
Topics
1 Course Overview Embedded Software
Code Quality,
Safety, Security

(44 min)
Challenges of embedded code; it only takes one line of bad code; problems with large scale production; your products live or die by their software; considering the worst case; designing for safety; security matters; industrial controls as targets; designing for security; testing isn't enough
Fiat Chrysler jeep hack; Ford Mytouch update; Toyota UA code quality; Heartbleed; Nest thermostats; Honda UA recall; Samsung keyboard bug; hospital infusion pumps; LIFX smart lightbulbs; German steel mill hack; Ukraine power hack; SCADA attack data; Shodan; traffic light control vulnerability; hydroelectric plant vulnerability; zero-day shopping list
2 Course administration  No video  
3 Software Development Processes SW Process
(49 min)
Waterfall; swiss cheese model; lessons learned in software; V model; design vs. code; agile methods; agile for embedded
4 Code Style for Humans Code Style for Humans
(15 min)
Making code easy to read; good code hygiene; avoiding premature optimization; coding style
5 Code Style for Compilers Code Style for Compilers
(21 min)
Pitfalls and problems with C; language use guidelines and analysis tools; using language wisely (strong typing); Mars Climate Orbiter; deviations & legacy code
6 Peer Reviews Peer Reviews
(33 min)
Effective code quality practices, peer review efficiency and effectiveness; Fagan inspections; rules for peer review; review report; perspective-based reviews; review checklist; case study; economics of peer review. Peer Review Checklist
7 Requirements Requirements
(24 min)
Ariane 5 flight 501; rules for good requirements; problematic requirements; extra-functional requirements; requirements approaches; ambiguity
8 Global Variables Globals
(13 min)
Global vs. static variables; avoiding and removing globals
9 Spaghetti Code Spaghetti
(18 min)
McCabe Cyclomatic Complexity (MCC); SCC; Spaghetti Factor (SF)
10 Toyota UA Case Study Toyota UA
(60 min)
Case study of Toyota UA
11 Stack Overflow Stack Overflow
(8 min)
Stack overflow mechanics; memory corruption; stack sentinels; static analysis; memory protection; avoid recursion
12 SW Architecture & HLD Software Architecture and HLD
(15 min)
High Level Design (HLD); boxes and arrows; sequence diagrams (SD); statechart to SD relationship; 2011 Health Plan chart
13 Statecharts Statecharts
(19 min)
Statechart elements; statechart example; statechart implementation
14 Traceability Traceability
(11 min)
Traceability across the V; examples; best practices
15 Software Testing Overview Software Testing Overview
(20 min)
Smoke testing, exploratory testing; methodical test coverage; types of testing; testing philosophy; coverage; testing resources
16 Unit Testing Unit Testing
(18 min)
Black box testing; white box testing; unit testing strategies; MCDC coverage; unit testing frameworks (cunit)
17 Integration Testing Integration Testing
(11 min)
Integration test approaches; tracing integration tests to SDs; network message testing; using SDs to generate unit tests
18 System-Level Test System Level Test
(18 min)
First bug story; effective test plans; testing won't find all bugs; F-22 Raptor date line bug; bug farms; risks of bad software
19 Race Conditions Race Conditions
(21 min)
Therac 25; race condition example; disabling interrupts; mutex; blocking time; priority inversion; priority inheritance; Mars Pathfinder
20 SQA isn't testing SQA Isn't Testing
(13 min)
SQA elements; audits; SQA as coaching staff; cost of defect fixes over project cycle
21 Lifecycle CM Lifecycle CM
(19 min)
A400M crash; version control; configuration management; long lifecycles
22 --- --- Self Driving Car Safety Topic (not publicly available)
23 Maintenance Maintenance
(15 min)
Bug fix cycle; bug prioritization; maintenance as a large cost driver; technical debt
24 Key Metrics Key Metrics
(13 min)
Tester to developer ratio; code productivity; peer review effectiveness
25 Date/Time Date/Time
(26 min)
Keeping time; time terminology; clock synchronization; time zones; DST; local time; sunrise/sunset; mobility and time; date line; GMT/UTC; leap years; leap seconds; time rollovers; Zune leap year bug; internationalization.
26 Floating Point Pitfalls Floating Point Pitfalls
(17 min)
Floating point formats; special values; NaN and robots; roundoff errors; Patriot Missile mishap
27 Safety Overview Software Safety Overview
(16 min)
Defense in depth; safety principles; safety culture; Challenger mishap; Therac 25
28 Dependability Dependability
(20 min)
Dependability; availability; Windows 2000 server crash; reliability; serial and parallel reliability; example reliability calculation; other aspects of dependability
29 Critical Systems Critical Systems
(21 min)
Safety critical vs. mission critical; worst case and safety; HVAC malfunction hazard; Safety Integrity Levels (SIL); Bhopal; IEC 61508; fleet exposure
30 Safety Plan Safety Plan
(26 min)
Safety plan elements; functional safety approaches; hazards & risks; safety goals & safety requirements; FMEA; FTA; safety case (GSN)
31 Single Points of Failure Single Points of Failure
(17 min)
Fault containment regions (FCR); Toyota UA single point failure; multi-channel pattern; monitor pattern; safety gate pattern; correlated & accumulated faults
32 Safety Requirements Safety Requirements
(17 min)
Identifying safety-related requirements; safety envelope; Doer/Checker pattern
33 Critical System Isolation Critical System Isolation
(17 min)
Isolating different SILs, mixed-SIL interference sources; mitigating cross-SIL interference; isolation and security; CarShark hack
34 Redundancy Management Redundancy Management
(20 min)
Bellingham WA gasoline pipeline mishap; redundancy for availability; redundancy for fault detection; Ariane 5 Flight 501; fail operational; triplex modular redundancy (TMR) 2-of-3 pattern; dual 2-of-2 pattern; high-SIL Doer/Checker pattern; diagnostic effectiveness and proof tests
35 Safety Architecture Patterns Safety Architecture Patterns
(42 min)
Supplemental lecture with more detail on patterns: low SIL; self-diagnosis; partitioning; fail operational; voting; fail silent; dual 2-of-2; Ariane 5 Flight 501; fail silent patterns (low, high, mixed SIL); high availability mixed SIL pattern
36 Data Integrity Data Integrity
(29 min)
Sources of faults; soft errors; Hamming distance; parity; mirroring; SECDED; checksum; CRC
37 Cryptography Cryptography
(33 min)
Confusion & diffusion; Caesar cipher; frequency analysis; Enigma; Lorenz & Colossus; DES; AES; public key cryptography; secure hashing; digital signatures; certificates; PKI; encrypting vs. signing for firmware update
38 Security Plans Security Plan
(29 min)
Security plan elements; Target Attack; security requirements; threats; vulnerabilities; mitigation; validation
39 Security Threats Security Threats
(24 min)
Stuxnet; attack motivation; attacker threat levels; DirectTV piracy; operational environment; porous firewalls; Davis Besse incident; BlueSniper rifle; integrity; authentication; secrecy; privacy; LG Smart TV privacy; DoS/DDos; feature activation; St. Jude pacemaker recall
40 Security Vulnerabilities Security Vulnerabilities
(29 min)
Exploit vs. attack; Kettle spambot; weak passwords; master passwords; crypto key length; Mirai botnet attack; crypto mistakes; LIFX revisited; CarShark revisited; chip peels; hidden functionality; counterfeit systems; cloud connected devices; embedded-specific attacks
41 Security Mitigation Validation Security Mitigation Validation
(34 min)
Password strength; storing passwords & salt/pepper/key stretching; Adobe password hack; least privilege; Jeep firewall hack; secure update; secure boot; encryption vs. signing revisited; penetration testing; code analysis; other security approaches; rubber hose attack
42 Security Pitfalls Security Pitfalls
(24 min)
Konami code; security via obscurity; hotel lock USB hack; Kerckhoff's principle; hospital WPA setup hack; DECSS; Lodz tram attack; proper use of cryptography; zero day exploits; security snake oil; realities of in-system firewalls; aircraft infotainment and firewalls; zombie road sign hack

NOTES:

Live course site http://www.ece.cmu.edu/~ece642/ might have some more recent lectures. Please see the copyright notice


18-348: Embedded System Engineering

Microcontroller hardware, software, I/O, coding techniques, with coverage of 9S12 microcontroller. (Last taught Spring 2016.)

  1. Course Intro Background
  2. Embedded Hardware
  3. Microcontroller Instruction Set - Part 1
  4. Microcontroller Instruction Set - Part 2
  5. Engineering Process Design Techniques
  6. Embedded Language Use
  7. Coding Tricks; Multiprecision Math; Reviews
  8. Memory and Memory Bus
  9. Economics, Code Optimization, and Fixed Point
  10. Debug Test
  11. Serial Ports
  12. Time; Timer/Counters; Watchdog Timers
  13. Interrupts
  14. Interrupt Cyclic Task Response Timing
  15. Preemptive Context Switching
  16. Concurrency
  17. Scheduling
  18. Digital to Analog, PWM
  19. Analog Inputs
  20. Other I/O
  21. Control
  22. RTOS Selection; Why Software Quality Matters
  23. System Resets, Robustness Power Management
  24. Checksums and CRCs
  25. Bluetooth CAN

18-649: Distributed Embedded Systems

Software process, distributed systems, embedded networks, critical systems. (Last taught Fall 2015.)

  1. Course Overview Introduction
  2. Elevators as a distributed embedded application
  3. Requirements and Methodical Engineering
  4. UML-Based Design Process
  5. End-to-end design example
  6. Distributed + Embedded Systems; Event Triggered vs. Time Triggered
  7. Reviews Software Process
  8. Embedded Software Testing
  9. Verification, Validation Certification
  10. Embedded System Engineering Economics
  11. Embedded Communication Protocols
  12. CAN Protocol
  13. CAN Performance
  14. End-To-End System Scheduling
  15. Embedded Internet Embedded Security
  16. Distributed Timekeeping
  17. Dependability/Reliability
  18. Critical Systems Software Safety
  19. Critical Systems Engineering
  20. Humans as a System Component
  21. FlexRay Protocol
  22. Ethics Societal Impact
  23. Time Triggered Protocol (TTP)

Additional reading list. (Note that "local" links are probably non-functional.)


18-548: Memory Hierarchy

Memory hiearchy from cache out to virtual memory. (Last taught Fall 1998.)

  1. Introduction & Overview
  2. Key Concepts
  3. Physical Memory Architecture
  4. Cache Organization & Access
  5. Virtual Memory Architecture
  6. Cache Data Organization
  7. Associativity
  8. Data Management Policies
  9. Memory Devices & Chip Area
  10. Multilevel Strategies
  11. System-Level Effects on Performance
  12. Tuning Software for Speed
  13. Main Memory Architecture
  14. Main Memory Performance
  15. Storage Systems
  16. Vector Architecture
  17. Vector Performance
  18. Buses
  19. Multiprocessor Coherence
  20. Fault Tolerance in the Memory Hierarchy

Copyright notice: These materials are copyrighted by Philip Koopman in the year indicated on the materials. Downloading and viewing materials for personal use is acceptable with no further permission. Use in academic settings, informal lunch-and-learn study groups, and so on is acceptable with no further permission provided attribution is made to me as author of the material. For-profit training use (i.e., someone is getting paid specifically to deliver the training, which is a higher bar than a volunteer presenting a lunch-and-learn informally at a company) requires permission and a fee, except for small snippets (e.g., no more than one slide from a lecture) that fall under Fair Use copyright doctrine. Posting on public web sites, including slide sharing services, video services, and course note sites is strictly prohibited unless I, the author, personally do the upload myself. Linking to material I post is acceptable and does not require permission. These are historical lecture slides and might not represent my current opinions on various topics due to newly available research and experience. Due to lack of time and resources I do not attempt to keep the technical content of historical lectures up to date, but pointing out any substantive errors for future correction on a time-available basis is appreciated.

Some files may have less restrictive copyright permissions either noted on the materials themselves or in metadata in my accounts (e.g., on archive.org). So long as materials are accessed via my personal account (e.g., https://archive.org/details/@pkoopman) those less restrictive copyright permissions prevail on files accessed from those sources.

If you plan to make substantive use of this material in your teaching I'd be happy to hear about it, but non-profit teaching, including use in university courses, use does not require additional permission. In general I don't have time to respond to queries already handled by this copyright notice. This information is provided as-is, and proper use despite any potential errors or omissions is entirely your responsibility. For other queries please contact: koopman@cmu.edu