Men conquer the world, women conquer the world by conquering men; hardware dominates the world, software controls the world by controlling the hardware. In today's world, looking at the rivers and lakes, where there are electronics, there are embedded software, and where there are electronic failures, there are also the shadows of embedded software design defects. Today, we will list all the mistakes and avoidance methods that the software can easily make, and give the countermeasures.
The biggest feature of embedded software is control-oriented, more software and hardware combinations, more functional operations, more calls between modules, complex external working environment, easy to be interfered or interfered with other devices, and execution errors The consequences of this are not only data errors, but may lead to immeasurable disasters, so to sum up, there are four aspects of the embedded software reliability design that need to be paid attention to:
Let me first talk about the areas that are prone to problems in the software interface and the mistakes that programmers are likely to make.
Software interface calls generally involve data assignment, and the data type of the assigned variable may have forced data conversion; it needs to be checked. If you want to prevent problems, you can add checks on the data range and data type.
The number of assignment data is wrong. If there is more or less, it is not good. Unexpected assignment results will occur. Fortunately, this error is better to check.
In software programming, there will be multiplexing of a certain function operation code, such as data inspection and control of a certain port, which will only happen twice in the entire program. In order to save trouble, you may directly insert the code directly In the actual program module, in this way, in the source program code, there are two pieces of code that are exactly the same, complete the same function, but only serve different modules. Logically speaking, there is no problem with this design, yes. , You are right, but your behavior will make others make mistakes unintentionally. Just like young men and women getting along, girls purely want to fully enjoy the warm atmosphere and mood with boys, and don’t want to go deeper into what will happen, but girls invite boys to her home, where they change into home pajamas. The window is closed tightly, and ambiguous music is still playing, and then infinitely complaining, "I didn't expect the result to be like this", who is the blame? In terms of code, your approach is no different from a girl who seems to lure a boy to the bait. Someone will say, why is it tempting to write code like this? The reason is that the program may be upgraded, and your few lines of code cannot be guaranteed to be perfect in the actual application process. After you find the imperfections, you will definitely modify it. If you can remember it, you may not miss it. If you modify it This code belongs to someone else, who has changed one place, but hasn't changed another place. Are there any hidden dangers? How to do it? The method is not difficult. You can make this function into a module separately. The reading and control assignment of this port are all completed by this independent module. If the correctness of the data is greatly affected, the correctness of the port data needs to be carried out. Check and judge. The four purposes of the embedded software reliability programming method are error prevention, error judgment, error correction, and error tolerance. The judgment of the port data belongs to the content of the error judgment. If the data is wrong, the error correction and fault tolerance design methods should not be explained in depth by me, right?
2. Software and hardware connectionHardware is like a man, and external execution depends on it. Once there is a problem, the consequences after execution will be uncontrollable. Premier Zhou said that "diplomacy is no small matter." But how to pay attention?
The authenticity of the data read in the hardware interface must be judged;
The execution effect of the output data should be tested;
The possible consequences of the output data should be designed preventively. The process of data output should be analyzed from the design. The analysis idea is generally easy to be limited to the steady-state process and ignore the transition process. For example, if we control the power supply of a branch, from software control, we can directly give a start signal to the relay and close the contact in the open state. It is not "off" or "on", which is the controlled relay. Two steady-state states, but in fact, in the process from open to closed, the voltage supplied by the branch is not a simple 0V-24V (24V is an example) transition state, but a jitter, with an impact signal In this case, the hardware protection is indispensable, but the software can’t be ignored and suspended.
In addition, logically, it is advisable to control the control actions that are easily interfered and easily generated from the time sequence and separate them. For example, the process of controlling a relay is prone to produce jitter spikes and interfere with the data bus and the control signal bus. At this time, from the control point of view, it is not advisable to implement data sending and receiving at the same time, and it is not advisable to make other control actions, which can't cause us to hide. Affordable, it's always okay to avoid this disturbance, right?
3. Software codeThe reliability of software is gradually increasing over time, which is different from electronic reliability and mechanical reliability. Electronic reliability obeys an exponential distribution. During the entire life cycle, its failure rate is constant; mechanical reliability due to wear, corrosion, movement and other factors, the reliability will decline over time. Therefore, there is a specific law and precautions for software reliability design.
Since time has to pass, through continuous improvement, the reliability of the software has been improved. Then the maintainability of the software is a big problem. This is why software engineering management pays special attention to software documentation and notes. But the people who make these requests are just like everyone else, and they don't understand the real motivation for doing so. As for how to do comments, how to name variables, and how to operate software configuration management, there are not only very conventional methods, but also some of our common but wrong practices. Here are a few noteworthy details for reference.
When defining a variable, the variable name of the variable type should be reflected in it; such as AD_result_int, Cal_result_float, etc. This is a good check to prevent data type errors during forced conversion or forced assignment of data types;
Comments should be sufficient;
The layout style of the code should be unified, easy to read and find;
Uncontrolled default processes are not allowed. All values ​​and variables, whether assigned when calling a function, read in by the read interface, or calculated by intermediate variables, should be judged on the validity of the data before application, and All possible results of the judgment are handled in a controlled manner.
Articles and materials on software maintainability programming methods are overwhelming on the Internet, so I won’t repeat them, and just use them comprehensively. Many articles recommend software maintainability programming specifications as enterprise embedded software reliability design specifications. It is a bit general and biased. In the words of the entertainment industry, "Love is an important part of life." , But it’s not all of life", so does the software maintainability programming method.
The next problem that is prone to software code execution is runaway, the program pointer is disturbed, jumps to an uncontrolled position, and executes code that should not be executed. If you execute the code that should not be executed, if you add enough variable judgment, read value judgment, status detection judgment, etc. to the program, it is okay, the consequences will not be too serious, and you may even run back by yourself. . But there is a kind of runaway that is more terrible. Generally, the program object code we store in the ROM is a 1-3 byte instruction, that is, the object code of up to 3 fields constitutes the execution action. If the program pointer runs away to a certain When the second byte of the 3-byte instruction is executed, what are the consequences of execution, but nobody really knows. Even if sufficient data error judgments and logic jump preventive measures are taken in the program, the result is still It won't be good. Moreover, it is generally impossible for the ROM to be completely filled with program code. There is always surplus space. What is the default content in the surplus space? Will these default bytes also cause some operations? The default space in the microcontroller is 0FFH. I haven't checked the DSP. Everyone is interested in checking it. If you jump to these fields, it is easy to cause trouble.
Okay, no more wordy, just give the solution directly, that is, every section of the program code or control area, artificially place a few NOP instructions, and place a long jump ERR handler after the NOP instruction. Note that there are at least 3 NOPs, so any runaway can only take up 2 NOPs. The third NOP can still pull the program code back, and execute the ERR processing program after it is pulled back.
If you encounter a program that requires a relatively high level of safety and reliability, the recommended processing method can be a hot backup processing method, that is, two pieces of code are used to execute the same function at the same time, the results of the execution are compared, and if they are consistent, they are passed. If the results are inconsistent, it is up to you to deal with it. But... the Chinese have a way. In order to save trouble, don't your leaders ask me to make a hot backup program? Well, I will copy the original code and reinsert it somewhere. You and the eunuch Feng Bao of the Ming Dynasty (Or Yan Song and Zhang Juzheng? I’m not sure. Everyone is interested in reading "Those Things in the Ming Dynasty".) It’s nothing different. I write memorials and approve memorials by myself. Since it is a backup to prevent one person from having problems, the best way is to compile this paragraph by different people. If the principle calculation method is different, and the data collection channel is also different, then bring a wife with a wife during the New Year. Finished adding.
There are a lot of safety and reliability programming details. It is hard to see the whole thing at a glance. You guys have worked hard together.
4. Data and variablesThe definition of variables is to avoid all kinds of confusion, the confusion of data and data in the same program, the ambiguity in the understanding of variables when different people read the program, the errors that are prone to visual effects (the letter "o" and the number "0", letter "l" and number "1"). Here is to follow a basic rule of "either the same or different". This rule is applied in many fields. The most used one is Zhu Yuanzhang. To treat corrupt officials, you must either ignore you, and consciously accept that you are almost greedy. Hand it, if you don’t let it go, just kill it after you do it. In the Ming Dynasty, Zhu Yuanzhang was the emperor who killed the most people. The same was true for the design of the structure’s fool-proof design and the selection of connectors. If there is a milky white and a light gray connector of the same kind, the best choice is to have a very intuitive visual difference or structural difference, or simply the same, the same must be based on a premise, and the interchangeability is better.
Use conspicuous symbols to name variables and statement labels. The name of the identifier has a clear meaning and is a complete word or an easy-to-understand abbreviation. Short words are abbreviated by removing "vowels"; long words are abbreviated by taking the first few letters; some words have accepted abbreviations. Such as:
Temp — tmp;
Flag — flg;
StaTIsTIc — stat;
Increment — inc;
Message — msg.
Special conventions or abbreviations must be noted. At the beginning of the source file, comment on the abbreviations or conventions used. Your own unique naming style should be consistent from beginning to end. For variable naming, it is forbidden to take a single character (such as i, j, k...); meaning + variable type, data type, etc., i, j, and k are allowed as local loop variables, but letters that are easy to be confused should be used with caution. For example, int Liv_Width, L represents local variables (Local) (g global variable Global), i represents data type (Interger), v represents variable (c constant Const), and Width represents the meaning of variables. This naming method can prevent Local variables and global variables have the same name.
Disable confusing identifiers (R1 and Rl, DO and D0, etc.) to represent different variables, file names, and statement labels.
Except for special applications such as compilation switches/header files, avoid using definitions that start and end with underscores such as _EXAMPLE_TEST_.
Global variables are strategic resources. It determines the degree of coupling between modules and modules. It needs to be raised to a high enough height in the project. Use global variables with caution. When you have to use them, you must write independent for each global variable. When operating a module or function, when modifying a global variable, check whether another function is calling it and the value needs to be stable.
When a variable represents a specific meaning, try not to just use bits to represent something. For example, use the zeroth bit of a variable to represent a certain state (0000 0001, where only 1 represents a certain content, so 01H, 03H, 05H … There are many combinations that can represent this state); bits are easily modified by interference, and the probability of information errors is much greater.
Do not use 00H, FFH and other data to represent, just like when we interview a group of people, the first interviewee and the last interviewee are easy to remember, so are 00H and FFH, when the system default status is 00 and FF More, they are easy to be reset or set to such values. It is recommended to use an intermediate value of a four-digit binary code as a state variable, such as 1001.
Variable data should be judged on the data type and value range before application;
Data storage is also prone to problems. Similar cases have been encountered in EEPROM, RAM, etc. Data errors cannot be avoided. The solution is to learn from American financial companies such as Citibank. The reason why they can quickly resume business after 9.11 and there is basically no data loss. What is the reason? Because they have a remote disaster recovery data backup system, they know that there are two keywords in it, remote and backup. Our information is also the same. First choose to store in different media, or the same media but in very different storage environments and locations. When the outcome of double backup is inconsistent on both sides, the data is suspected and refused to be reflected and executed, but there are many embedded software At that time, it is necessary to rely on data to promote the implementation of the agency. Even if the data is found to be problematic, administrative inaction is not allowed. In this case, it is difficult for us to handle the two different data. It is better to eliminate the obvious problems. How can we judge within a limited range? At this time, there is no choice but to make three backups, and the only option is for the minority to obey the majority. The rock-paper-scissors method is not easy to use, and Ge You’s different terminals are not applicable, so I had to choose the most primitive and effective method. The only thing to note is that the data should be stored in three different backup environments. If you don’t become your brothers, you will take advantage of the voting.
The above only divides the concerns about embedded software reliability into several categories, and provides a basic description. In practical applications, there are still many points that need to be paid attention to. If you are planning to develop your own design specifications, the above ideas should be the same. Can give some enlightenment.
Medium Voltage Unarmored Cable
Medium voltage unarmored cable is a type of Power Cable used for transmitting electrical energy at voltages ranging from 8.7kV to 15kV. It is designed for use in various applications such as industrial, commercial, and residential buildings, as well as in outdoor environments.
Medium voltage unarmored cable is made up of a copper or aluminum conductor, an insulating layer, and an outer sheath. The conductor is usually stranded to allow for flexibility and to reduce the risk of breakage. The insulating layer is made of a material such as XLPE or EPR which provides excellent electrical insulation and resistance to heat and moisture.
The outer sheath is made of PVC or PE which provides protection against mechanical damage, moisture, and chemicals. Unarmored cables do not have any metallic armor or shielding, which makes them lighter and more flexible than armored cables.
Medium voltage unarmored cables are suitable for a wide range of applications including underground and overhead power transmission, distribution, and substation connections. They are also used in renewable energy systems such as wind and solar power plants.
In summary, medium voltage unarmored cables are a reliable and cost-effective solution for transmitting electrical energy over medium distances. They are designed to meet the highest standards of safety, quality, and performance, and are widely used in various industries and applications.
Medium Voltage Unarmored Cable,Copper Power Cable,Copper Heat Resistant Flexible Wire,Oxygen-free Copper Cable
Ruitian Cable CO.,LTD. , https://www.rtlinecable.com