In article <dfi582$4js$1$8302bc10@news.demon.co.uk>, Paul E. Bennett
<peb@amleth.demon.co.uk> writes
>Chris Hills wrote:
>
>> In article <dfejk6$ggo$1$830fa17d@news.demon.co.uk>, Paul E. Bennett
>> <peb@amleth.demon.co.uk> writes
>>>Chris Hills wrote:
>>>
>>>>>This is a phased testing approach
>>>>>and is, in my opinion, quite a valid consideration. I would not expect
>>>>>the testing to be carried out under the emulator alone. I would hope,
>>>>>however, that you would rather shy away from using such a complex and
>>>>>difficult processors for a safety critical system.
>>>>
>>>> All processor are complex these days. Also safety critical systems are
>>>> getting more complex.
>>>
>>>There are still, fortunately, some processors around that are reasonably
>>>simple in their architecture which would be more suitable for a High
>>>Integrity application.
>>>
>>
>> Such as?
>
>Many of RISC chips would be simpler than the CISC processors that many here
>seem to use. The RISC devices that I think are worth looking at are:-
>
> Patriot's PTSC1000
> Ultra Technology's F21
> Harris RTX2000 (if you are doing a space job for NASA)
Many thanks
>
>There are probably more around and I think it is always worth looking at
>the architecture of a processor (the way ALU's and registers are used
>within the processor) when making an evaluation. I haven't looked at the
>structure of the ARM but I would expect many of the DSP processors to also
>be quite simple architectures also.
>
>Sorry, by the way, for the delay getting back on this one but it has been
>rather hectic the past few days.
Likewise.
--
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\/\/\/\/\ Chris Hills Staffs England /\/\/\/\/
/\/\/ chris@phaedsys.org www.phaedsys.org \/\/\
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
Reply by Chris Hills●September 5, 20052005-09-05
In article <431c0c51$0$17486$ed2e19e4@ptn-nntp-reader04.plus.net>, Tom
<tlucasremoveall@thisextragubbinstoreplyautoflame.co.uk> writes
>>>> What are the collective's opinions regarding the use of in-circuit
>>>> emulators for proving safety critical embedded software?
>>>
>>>Emulators (like simulators) only serve a purpose in testing and
>>>debugging, but since actual "proving" cannot ever be done by testing,
>>>they are obviously useless for proving.
>>>
>>
>> This is completely wrong. There are several SW tools that use full ICE
>> for non-intrusive hard real time unit and system testing.
>>
>
>Can they be truly non-intrusive or will Heisenberg stick his oar in?
There are quite a few ICE that are truly non-intrusive.
It is true they have an effect on the circuit but it is so minimal that
is it does have an effect on the system the circuit will not work in
production (or even development) due to chip and other component
tolerances.
The problem is working out which ICE are almost invisible and which are
not. The problem is some of the lesser ones claim near perfection so it
is sometimes difficult to tell.
--
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\/\/\/\/\ Chris Hills Staffs England /\/\/\/\/
/\/\/ chris@phaedsys.org www.phaedsys.org \/\/\
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
Reply by Paul E. Bennett●September 5, 20052005-09-05
Chris Hills wrote:
> In article <dfejk6$ggo$1$830fa17d@news.demon.co.uk>, Paul E. Bennett
> <peb@amleth.demon.co.uk> writes
>>Chris Hills wrote:
>>
>>>>This is a phased testing approach
>>>>and is, in my opinion, quite a valid consideration. I would not expect
>>>>the testing to be carried out under the emulator alone. I would hope,
>>>>however, that you would rather shy away from using such a complex and
>>>>difficult processors for a safety critical system.
>>>
>>> All processor are complex these days. Also safety critical systems are
>>> getting more complex.
>>
>>There are still, fortunately, some processors around that are reasonably
>>simple in their architecture which would be more suitable for a High
>>Integrity application.
>>
>
> Such as?
Many of RISC chips would be simpler than the CISC processors that many here
seem to use. The RISC devices that I think are worth looking at are:-
Patriot's PTSC1000
Ultra Technology's F21
Harris RTX2000 (if you are doing a space job for NASA)
There are probably more around and I think it is always worth looking at
the architecture of a processor (the way ALU's and registers are used
within the processor) when making an evaluation. I haven't looked at the
structure of the ARM but I would expect many of the DSP processors to also
be quite simple architectures also.
Sorry, by the way, for the delay getting back on this one but it has been
rather hectic the past few days.
--
********************************************************************
Paul E. Bennett ....................<email://peb@amleth.demon.co.uk>
Forth based HIDECS Consultancy .....<http://www.amleth.demon.co.uk/>
Mob: +44 (0)7811-639972
Tel: +44 (0)1235-811095
Going Forth Safely ....EBA. http://www.electric-boat-association.org.uk/
********************************************************************
Reply by Hans-Bernhard Broeker●September 5, 20052005-09-05
Chris Hills <chris@phaedsys.org> wrote:
> In article <3nqjg0F2s52gU1@news.dfncis.de>, Hans-Bernhard Broeker
> <broeker@physik.rwth-aachen.de> writes
> >Emulators (like simulators) only serve a purpose in testing and
> >debugging, but since actual "proving" cannot ever be done by testing,
> >they are obviously useless for proving.
> This is completely wrong. There are several SW tools that use full ICE
> for non-intrusive hard real time unit and system testing.
Interesting. First you say I'm completely wrong, then you go on throwing
around arguments about something completely different.
I said: ICEs are for testing and debugging, but *not* for proving. Care
telling what made that "completely wrong"?
--
Hans-Bernhard Broeker (broeker@physik.rwth-aachen.de)
Even if all the snow were burnt, ashes would remain.
Reply by Tom●September 5, 20052005-09-05
>>> What are the collective's opinions regarding the use of in-circuit
>>> emulators for proving safety critical embedded software?
>>
>>Emulators (like simulators) only serve a purpose in testing and
>>debugging, but since actual "proving" cannot ever be done by testing,
>>they are obviously useless for proving.
>>
>
> This is completely wrong. There are several SW tools that use full ICE
> for non-intrusive hard real time unit and system testing.
>
Can they be truly non-intrusive or will Heisenberg stick his oar in?
Reply by Chris Hills●September 4, 20052005-09-04
In article <dfejk6$ggo$1$830fa17d@news.demon.co.uk>, Paul E. Bennett
<peb@amleth.demon.co.uk> writes
>Chris Hills wrote:
>
>>>This is a phased testing approach
>>>and is, in my opinion, quite a valid consideration. I would not expect the
>>>testing to be carried out under the emulator alone. I would hope, however,
>>>that you would rather shy away from using such a complex and difficult
>>>processors for a safety critical system.
>>
>> All processor are complex these days. Also safety critical systems are
>> getting more complex.
>
>There are still, fortunately, some processors around that are reasonably
>simple in their architecture which would be more suitable for a High
>Integrity application.
>
Such as?
--
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\/\/\/\/\ Chris Hills Staffs England /\/\/\/\/
/\/\/ chris@phaedsys.org www.phaedsys.org \/\/\
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
Reply by Paul E. Bennett●September 4, 20052005-09-04
Chris Hills wrote:
>>This is a phased testing approach
>>and is, in my opinion, quite a valid consideration. I would not expect the
>>testing to be carried out under the emulator alone. I would hope, however,
>>that you would rather shy away from using such a complex and difficult
>>processors for a safety critical system.
>
> All processor are complex these days. Also safety critical systems are
> getting more complex.
There are still, fortunately, some processors around that are reasonably
simple in their architecture which would be more suitable for a High
Integrity application.
--
********************************************************************
Paul E. Bennett ....................<email://peb@amleth.demon.co.uk>
Forth based HIDECS Consultancy .....<http://www.amleth.demon.co.uk/>
Mob: +44 (0)7811-639972
Tel: +44 (0)1235-811095
Going Forth Safely ....EBA. http://www.electric-boat-association.org.uk/
********************************************************************
Reply by Chris Hills●September 4, 20052005-09-04
In article <dfae8q$in4$1$8302bc10@news.demon.co.uk>, Paul E. Bennett
<peb@amleth.demon.co.uk> writes
>Tom wrote:
>
>> What are the collective's opinions regarding the use of in-circuit
>> emulators for proving safety critical embedded software?
>>
>> I've heard from some people that they can't imagine how it could be done
>> without whereas others have never used an emulator and consider them
>> entirely unnecessary. Has JTAG rendered emulators obscelete?
>
>Emulators for difficult processor chips (those that would otherwise require
>massive efforts to set up monitoring and trigger points) can be useful at
>the pre-product-finishing stage when you need to confirm that the system
>can follow the whole of its programming. However, the final testing must be
>accomplished with the processors that will be delivered with the system,
>especially for safety critical systems.
Depending on MCU family this is the case. In other cases the part is not
always identical. However it can go a long way to help with the unit and
system testing.
>This is a phased testing approach
>and is, in my opinion, quite a valid consideration. I would not expect the
>testing to be carried out under the emulator alone. I would hope, however,
>that you would rather shy away from using such a complex and difficult
>processors for a safety critical system.
All processor are complex these days. Also safety critical systems are
getting more complex.
--
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\/\/\/\/\ Chris Hills Staffs England /\/\/\/\/
/\/\/ chris@phaedsys.org www.phaedsys.org \/\/\
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
Reply by Chris Hills●September 4, 20052005-09-04
In article <4318a5e6$1@clear.net.nz>, Jim Granville
<no.spam@designtools.co.nz> writes
>Thad Smith wrote:
><snip>
>>
>> I checked an errata sheet and found a problem with
>> the fast interrupt return feature. I then checked the compiler output
>> and saw that it was using the fast return feature. After figuring out
>> how to tell the compiler to not use this feature, the problem went away.
>> It took me 2 days to narrow this down and solve it. With an emulator
>> which has a trace buffer it would have been less, since I could trigger
>> on the symptom and look at the preceding execution. The presence of an
>> emulator would not help me detect the symptom, only fix it.
>
>... ONLY if the emulator had the SAME silicon flaw that caused the errata.
> -jg
>
Very true.... You need not only to use the same part but the same
revision. It depends on the ICE as to how you do this.
In some families of MCO you use the same part in the target and the ICE.
EG the HOOKS system used on some 8051's
--
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\/\/\/\/\ Chris Hills Staffs England /\/\/\/\/
/\/\/ chris@phaedsys.org www.phaedsys.org \/\/\
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
Reply by Chris Hills●September 4, 20052005-09-04
In article <43185f70$0$80022$892e0abb@auth.newsreader.octanews.com>,
Thad Smith <ThadSmith@acm.org> writes
>Tom wrote:
>> "Hans-Bernhard Broeker" <broeker@physik.rwth-aachen.de> wrote in message
>> news:3nqjg0F2s52gU1@news.dfncis.de...
>>
>>>Tom <tlucasremoveall@thisextragubbinstoreplyautoflame.co.uk> wrote:
>>>
>>>>What are the collective's opinions regarding the use of in-circuit
>>>>emulators for proving safety critical embedded software?
>>>
>>>Emulators (like simulators) only serve a purpose in testing and
>>>debugging, but since actual "proving" cannot ever be done by testing,
>>>they are obviously useless for proving.
>>
>> I agree that proving cannot be done by testing alone but I do think that
>> testing is the backbone when proving that a system is safe.
>
>Emulators are not needed for testing. They are helpful for debugging.
>There are some types of problems that are much more easily debugged with
>emulators. I worked on one such problem recently: I was getting
>occasional incorrect handling of a complex event. I didn't have an
>emulator available. I put debugging outputs on test points to see the
>realtime sequence of operations.
This is why ICE are essential. You "put debugging outputs on test
points" IE you changed the code..... A good ICE will execute the code
without changing it in hard read time.
What you are doing it opening the fridge door to check the temperature.
You will get a reading but by opening the door you have changed the
temperature. For more things the reading is "close enough" but it is not
accurate.
Changing the code can effect many things including the bug.
>Sometimes a statement in a switch case
>was being executed when it shouldn't have been. I added realtime trace
>output to the switch variable just before executing the switch -- the
>bug went away (Heisenbug!).
DO you mean you use the ICE trace? or is it an example I mentioned above
of the test code changing the error?
>interrupt service. I checked an errata sheet and found a problem with
Been there done that :-) Errata sheets are the bane of my life!
> It took me 2 days to narrow this down and solve it. With an emulator
>which has a trace buffer it would have been less, since I could trigger
>on the symptom and look at the preceding execution. The presence of an
>emulator would not help me detect the symptom, only fix it.
You mean would help you find it but not fix it?
--
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\/\/\/\/\ Chris Hills Staffs England /\/\/\/\/
/\/\/ chris@phaedsys.org www.phaedsys.org \/\/\
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/