Archive for December, 2007

Firmware Wall of Shame: Oceanic Versa Pro 2A Dive Computer

Monday, December 31st, 2007 Michael Barr

Here’s an example of a bug in an embedded system (a dive computer for use in Scuba) that might have killed

Oceanic Versa Pro 2A Digital Dive Computer

The design of bridges and roads and the engineers who work on them are regulated by states and the federal government. The modern equivalent of bridges and roads are often embedded computers, but there is little regulation outside of medical devices (FDA) and avionics (FAA). Sooner or later, this unregulated posture may get us into big trouble as a society.

Compiler Quality and C’s volatile Keyword

Thursday, December 6th, 2007 Michael Barr

At at a meeting with a client yesterday, I was reminded of a conversation we’d had about eighteen months ago at an Embedded Systems Conference. At that time the client, I’ll call him John, was having a problem with C’s volatile keyword on a PIC microcontroller.

John had written a few lines of C code to swap the contents of two peripheral registers, perhaps something along these lines:

uint8_t temp;

temp = *pRegisterA;
*pRegisterA = *pRegisterB;
*pRegisterB = temp;

where pRegisterA and pRegisterB were pointers to memory-mapped I/O locations.

Since the data pointed to by pRegisterA and pRegisterB wasn’t being used anywhere else in the code, the compiler’s optimizer was completely ignoring the above code; outputting zero opcodes of machine code for that sequence.

As John and I discussed then, redeclaring the pointers as pointer to volatile integers (e.g., uint8_t volatile * pRegisterA = /* address */;), should have instructed the compiler to treat those lines of code as sacred and output corresponding machine instructions. Having tried this already, though, his compiler continued to output nothing.

Wow! John didn’t realize it at the time but he had just found a bug in his compiler.

I advised John to try another compiler, rather than the free compiler he was using. You generally do get what you pay for with C cross compilers. And, indeed, his problem went away with the new compiler.

Although it is common for embedded programmers to believe their compiler’s optimizer is broken when the flaw is really their failure to declare certain variables volatile, this was a genuine case of an internal compiler bug.