1// List of Common Failures
2// ------------------------------------------------------------------------
3// - mathematical overflows
4// - implement all available controller traps
5// - unexpected program states or values
6// - implement default branches
7// - make plausibility checks
8// - use greater-/smaller- instead equal-comparison
9// - invalid pointers
10// - memory failures
11// - overload
12// - make stress tests
13// - endless loops
14// - watchdog
15// - single reset inside main loop or idle task
16// - checks if all code segments were executed
17// can be made with flag-variables
18// - execution time observation
19// - stackoverflow
20// - detect by using stack-end-marker (magic-number)
21// - race condition
22// - control mutual used variables and resources
23// - dead lock
24
25
26// Basics Controller Mistakes
27// ------------------------------------------------------------------------
28// - not initialized ports
29// - read/write (TRIS), analog/digital (ANSEL)
30// - floating unused I/O pins
31// - configured as output and driven to a logic-low state
32// - ISR executes too often
33// - clear interrupt flag
34// - execution stops or ends in unexpected behavior
35// - missing endless main-loop
36// - copied code segements
37// - changed only one code position instead of both
38// - wrong function qualifiers
39// - static/extern
40// - wrong variable qualifiers
41// - static/extern, volatile, const
42// - other register values after watchdog-reset compared to power-on-reset
43
44
45// Detailed Failure Descriptions
46// ------------------------------------------------------------------------
47
48// Race Condition
49// --------------------------------------------------------------------
50// - very hard to find, because they depends on the execution oder
51// from parallel code
52// - and furthermore very hard to locate
53// - debugging changes the runtime behavior of the program
54// execution and so also the RC occurrence probability
55// - example of two parallel executions (both codes uses the same
56// counter variable)
57// code 1: code 2:
58// ... ...
59// cnt = cnt + 1; cnt++;
60// ... ...
61// - race condition (e.g. assembler directives)
62// load cnt
63// --> load cnt
64// increase cnt
65// store cnt
66// increase cnt <--
67// store cnt
68//
69// the counter will be incremented by 1, instead of 2
70//
71// - solution depends on available methods
72// - locks, mutex, critical section, semaphore,
73// disable interrupt (for uC purpose), ...
74// - transactional memory
75//
76// lock example:
77// global:
78 int var;
79 bool var_written;
80
81// main loop:
82 int var_buffer;
83
84 if (!var_written) // read value at single point
85 { // and use the buffer variable,
86 GID; // which is used only by this task
87 var_buffer = var;
88 GIE;
89 }
90
91 GID; // write buffer and set flag
92 var_buffer = x;
93 var_written = true;
94 GIE;
95
96
97// isr:
98 if (var_written) // take over value
99 {
100 var = var_buffer;
101 var_written = false;
102 }
103
104// transactional memory example:
105// - start tansaction
106// - execute transaction
107// - test if transaction was interrupted
108// - if yes redo
109// global:
110 int var;
111 bool var_valid;
112
113// main loop:
114 int var_buffer;
115
116 do // if transaction was interrupted
117 { // do it again
118 var_valid = true; // advantage: no interrupt disable necassary
119 var_buffer = var;
120 }
121 while (!var_valid);
122
123// isr:
124 var_valid = false;
