Lethal Software Defects: Patriot Missile Failure

During the Gulf War, twenty-eight U.S. soldiers were killed and almost one hundred others were wounded when a nearby Patriot missile defense system failed to properly track a Scud missile launched from Iraq. The cause of the failure was later found to be a programming error in the computer embedded in the Patriot’s weapons control system. On February […]

Read More

Apple’s #gotofail SSL Security Bug was Easily Preventable

If programmers at Apple had simply followed a couple of the rules in the Embedded C Coding Standard, they could have prevented the very serious `Gotofail` SSL bug from entering the iOS and OS X operating systems. Here’s a look at the programming mistakes involved and the easy-to-follow coding standard rules that could have easily prevent the bug. In case […]

Read More

An Update on Toyota and Unintended Acceleration

In early 2011, I wrote a couple of blog posts (here and here) as well as a later article (here) describing my initial thoughts on skimming NASA’s official report on its analysis of Toyota’s electronic throttle control system. Half a year later, I was contacted and retained by attorneys for numerous parties involved in suing Toyota for personal injuries and […]

Read More

Where in the World is Michael Barr?

Dear reader, it has been over six months since my last blog post. My apologies for being absent without leave from this blog and from my Firmware Update e-newsletter. I have never been as busy, professionally, as over the past 14 months. I recognize I have been quiet for too long for many of you and note […]

Read More

Building Reliable and Secure Embedded Systems

In this era of 140 characters or less, it has been well and concisely stated that, “RELIABILITY concerns ACCIDENTAL errors causing failures, whereas SECURITY concerns INTENTIONAL errors causing failures.” In this column I expand on this statement, especially as regards the design of embedded systems and their place in our network-connected and safety-concious modern world. […]

Read More

Combining C’s volatile and const Keywords

Does it ever make sense to declare a variable in C or C++ as both volatile (i.e., “ever-changing”) and const (“read-only”)? If so, why? And how should you combine volatile and const properly? One of the most consistently popular articles on the Netrino website is about C’s volatile keyword. The volatile keyword, like const, is a type […]

Read More

Don’t Follow These 5 Dangerous Coding Standard Rules

Over the summer I happened across a brief blog post by another firmware developer in which he presented ten C coding rules for better embedded C code. I had an immediate strong negative reaction to half of his rules and later came to dislike a few more, so I’m going to describe what I don’t […]

Read More

Is “(uint16_t) -1″ Portable C Code?

Twice recently, I’ve run across third-party middleware that included a statement of the form: uint16_t variable = (uint16_t) -1; which I take as the author’s clever way of coding: 0xFFFF I’m not naturally inclined to like the obfuscation, but wondered if “(uint16_t) -1″ is even portable C code? And, supposing it is portable, is there […]

Read More

Embedded Software Training in a Box

I am beaming with pride. I think we have finally achieved the holy grail of firmware training: Embedded Software Training in a Box. Priced at just $599, the kit includes Everything-You-Need-to-Know-to-Develop-Quality-Reliable-Firmware-in-C, including software for real-time safety-critical systems such as medical devices. In many ways, this product is the culmination of about the last fifteen years of […]

Read More

What NHTSA/NASA Didn’t Consider re: Toyota’s Firmware

In a blog post yesterday (Unintended Acceleration and Other Embedded Software Bugs), I wrote extensively on the report from NASA’s technical team regarding their analysis of the embedded software in Toyota’s ETCS-i system. My overall point was that it is hard to judge the quality of their analysis (and thereby the overall conclusion that the […]

Read More