This article is now located here: https://experts.barrgroup.com/articles/firmware-forensics-best-practices-embedded-software-source-code-discovery
Tags: copyright, embedded, firmware, patents, safety, security
Barr Code
Michael Barr
Michael Barr is an expert on the design of software-powered medical devices and other embedded computer systems. (full bio)
Pages
Links
- Embedded C Coding Standard
- Embedded C Quiz
- Embedded C++ Quiz
- Embedded Software Boot Camp
- Embedded Software Training in a Box
- Embedded Systems Articles
- Embedded Systems Books
- Embedded Systems Experts
- Embedded Systems Glossary
- Expert Witness Resume
- My EETimes Column
- My LinkedIn Profile
- My Twitter Feed
-
Recent Posts
- Proposed Rule Changes for Embedded C Coding Standard
- C’s goto Keyword: Should we Use It or Lose It?
- The Rise of the Full Stack Developers
- Survey Says: The Commercial RTOS Business is Doomed
- C: The Immortal Programming Language
- Is it a Bug or an Error?
- New BlueBorne Security Flaw Affects Embedded Systems Running Linux
- C’s strcpy_s(): C11’s More Secure Version of strcpy()
- Did a Cyberattack Cause Recent Crashes of U.S. Naval Destroyers?
- Cyberspats on the Internet of Things
Recent Comments
- Nick on Proposed Rule Changes for Embedded C Coding Standard
- Michael Barr on Proposed Rule Changes for Embedded C Coding Standard
- Brian Arnberg on Proposed Rule Changes for Embedded C Coding Standard
- Michael Barr on Proposed Rule Changes for Embedded C Coding Standard
- Daniel on Proposed Rule Changes for Embedded C Coding Standard
Tags
Categories
- Coding Standards (25)
- Computer Security (5)
- Efficient C/C++ (7)
- Firmware Bugs (29)
- Intellectual Property (4)
- RTOS Multithreading (27)
- Uncategorized (37)
Archives
- June 2018 (2)
- May 2018 (1)
- February 2018 (2)
- January 2018 (1)
- October 2017 (1)
- August 2017 (2)
- April 2017 (1)
- March 2017 (1)
- March 2015 (1)
- April 2014 (1)
- March 2014 (3)
- January 2014 (1)
- October 2013 (1)
- June 2013 (1)
- February 2013 (1)
- December 2012 (1)
- November 2012 (2)
- April 2012 (1)
- March 2012 (1)
- January 2012 (1)
- September 2011 (1)
- August 2011 (1)
- June 2011 (2)
- May 2011 (2)
- April 2011 (1)
- March 2011 (4)
- February 2011 (4)
- January 2011 (1)
- December 2010 (2)
- November 2010 (6)
- October 2010 (2)
- September 2010 (2)
- August 2010 (2)
- March 2010 (5)
- February 2010 (5)
- January 2010 (5)
- December 2009 (3)
- November 2009 (4)
- October 2009 (3)
- September 2009 (4)
- August 2009 (2)
- July 2009 (1)
- June 2009 (1)
- May 2009 (1)
- April 2009 (5)
- March 2009 (9)
- February 2009 (3)
- January 2009 (4)
- June 2008 (1)
- April 2008 (3)
- March 2008 (5)
- February 2008 (5)
- January 2008 (4)
- December 2007 (2)
- November 2007 (1)
- September 2007 (2)
- August 2007 (1)
- July 2007 (2)
- June 2007 (4)
- May 2007 (2)
- November 2006 (1)
- October 2006 (2)
- September 2006 (5)
- March 2006 (1)
- January 2006 (1)
- December 2005 (1)
- December 2003 (1)
- November 2003 (1)
- September 2003 (1)
- July 2003 (1)
- June 2003 (1)
- May 2003 (1)
- April 2003 (1)
- March 2003 (1)
- February 2003 (1)
- January 2003 (1)
- December 2002 (1)
- November 2002 (1)
- October 2002 (1)
- September 2002 (1)
- August 2002 (1)
- July 2002 (1)
- June 2002 (1)
- April 2002 (1)
- March 2002 (1)
- February 2002 (1)
- January 2002 (1)
- December 2001 (1)
- November 2001 (1)
- October 2001 (1)
- September 2001 (9)
Embedded Gurus - Experts on Embedded Software
website by Accent Interactive
Good article. Coming from an avionics background this stuff sounds like common sense. Maybe the wider software community should consider some of the guidance in e.g. DO-178B? I’d not advocate a slavish adherence to it for non-aerospace code as the costs will kill you, but it offers good food for thought…
>>”NASA failed to find a firmware cause of unintended acceleration—but their review also fails to rule out firmware causes entirely”
Of course!
Tweaking a quote from Edsger W. Dijkstra,
“Code review (Program testing) can be used to show the presence of bugs, but never to show their absence”
Building the source can only prove the source is the correct source. It can not prove that it is not the correct source. We use a compiler which apparently links object together in the order they are found in the directory or something as it has been shown the using the same source and building multiple times does not produce outputs which compare the same, the modules are rearranged. To eliminate this we have had to ensure we do a clean and complete rebuild when we make release versions.
Agreed.