trunk/c_hgr0/c_hgr0.tex

%$Header$

\chapter{The Holy Grail}

\label{chgr0}

\beginchapterquote{``It seems that mathematical ideas are arranged somehow in strata, 
                   the ideas in each stratum being linked by a complex of 
                                   relations both among themselves and with those above and below.  
                                   The lower the stratum, the deeper (and in general the more difficult)
                                   the idea.  Thus the idea of an `irrational' is deeper than that 
                                   of an integer \ldots{}  Let us concentrate our attention on 
                                   the relations between the integers, or some other group of 
                                   objects lying in some particular stratum.  
                                   Then it may happen that one of these relations can be 
                                   comprehended completely, that we can recognize and prove, 
                                   for example, some property of the integers, without any 
                                   knowledge of the contents of lower strata 
                                   \ldots{}  But there are also many theorems about integers 
                                   which we cannot appreciate properly, and still less prove, 
                                   without digging deeper and considering what happens 
                                   below.''}{G. H. Hardy, A Mathematician's Apology, 
                                   pp. 110-111\index{Hardy, G. H.}}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Introduction}
%Section tag:  INT0
\label{chgr0:sint0}

Engineers in general and software engineers in particular are often
contentious and arrogant.  It is common for
embedded software developers to derogate each other's work.  The enabling
element for this type of contention is that there is \emph{no single right way}
to construct an embedded software system, and few clear unequivocal metrics
of goodness.  Without an unambiguous way of comparing different
software solutions and deciding which is better (and why), differences of
opinion and and rivalries are unavoidable.

In this chapter, we concentrate on the holy grail\footnote{In this context
we define \emph{holy grail} as an unattainable set of goals.}
of embedded software development.  We seek a set of unattainable
goals to clarify our thought processes.  We seek to identify what we are
trying to achieve in embedded software systems and in embedded software development.

There are several attributes of software in general and embedded
software in particular that make it difficult to devise unequivocal
metrics of goodness.

First, software has more degrees of freedom in its construction
than other engineering endeavors.
In \cite[p. 6]{bibref:b:boochoodwithapps}, Booch \index{Booch, Grady} writes:

\begin{quote}
\emph{``A home-building
company generally does not operate its own tree farm from which to harvest trees
for lumber; it is highly unusual for a construction firm to build an
on-site steel mill to forge custom girders for a new building.  Yet in the
software industry such practice is common.  Software offers the ultimate
flexibility, so it is possible for a developer to express almost any kind
of abstraction.  This flexibility turns out to be an incredibly seductive
property, however, because it also forces the developer to craft virtually
all the primitive building blocks upon which these higher level abstrctions
stand.  While the construction industry has uniform building codes and 
standards for the quality of raw materials, few such standards exist in the
software industry.  As a result, software development remains a labor-intensive
business.''}
\end{quote}

Additionally,  Booch writes \cite[p. 51]{bibref:b:boochoodwithapps}:

\begin{quote}
\emph{``Modules serve as the physical containers in which we declare the classes and
objects of our logical design.  This is no different than the situation faced
by the electrical engineer designing a board-level computer.  NAND, NOR, and 
NOT gates might be used to construct the necessary logic, but these gates
must be physically packaged in standard integrated circuits, such as a 7400,
7402, or 7404.  Lacking any such standard software parts, the software engineer
has considerably more degrees of freedom---as if the electrical engineer had
a silicon foundry at his or her disposal.''}
\end{quote}

Electronic hardware designers have less freedom in hardware designs than software
designers do in software designs.  Available hardware components are
naturally limited by physical phenomena, such the number of pins
that can be placed on an integrated circuit package, that tend to
limit the complexity of the connectivity between hardware components.
It is much harder
to create a truly bad hardware design than a truly bad software design.

Second, metrics of goodness are more obvious and easier to agree
on in other engineering disciplines than in software engineering.
For example, in the design of electronic hardware, serious disagreements 
among hardware
designers are rare because it is easier to reach agreement about the
measures of goodness of a hardware design.  Given two [competing] hardware
designs, it is almost always clear which is better, based on simple
critera such as cost, circuit board area, power consumption, etc.
Measures of software design goodness are less clear and obvious.

Third, software---especially small embedded software---often allows
tradeoffs between management of complexity and other desirable
attributes, such as minimum ROM consumption or the best real-time
characteristics.  In many cases, it is easy to modify software
to use less ROM or RAM or to perform better in a real-time sense,
but at the expense of a clear and consistent design (i.e. management of
complexity).
Many disagreements between software developers
arise because developers can't agree which tradeoffs should be
made between
clear structure of the software (i.e. effective management of complexity)
and other desirable attributes.


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Overview Of Desirable Attributes}
%Section tag:  ODA0
\label{chgr0:soda0}

This section briefly enumerates what we consider to be the desirable
attributes of small embedded software and the product development
process and infrastructure.  Each attribute is discussed in more
detail later in the chapter.  Each desirable attribute below is 
numbered with a ``\desirablepropertyprefix'' number so that it
can be cross-referenced.

\begin{enumerate}

\item \textbf{Desirable Properties of Embedded Software}

\begin{enumerate}

\item \textbf{Minimum Program Memory Consumption   
      \desirablepropertyemit\label{dp:chgr0:soda0:minpm}.} 
          An embedded software load
      should use as little ROM or other program memory as possible.
          Microcontrollers containing more ROM are more costly, and so
          a primary goal is to minimize ROM consumption so that the
          least expensive microcontrollers can be used.

\item \textbf{Minimum RAM Consumption 
      \desirablepropertyemit\label{dp:chgr0:soda0:minram}.}
          Minimization of RAM
      consumption is a primary goal so that the least 
          expensive microcontrollers can be used.

\item \textbf{Minimum EEPROM Consumption 
      \desirablepropertyemit\label{dp:chgr0:soda0:mineeprom}.}  
          Minimization of 
      EEPROM consumption is a primary goal so that the least
          expensive microcontrollers can be used.

\item \textbf{Optimal CPU Cycle Utilization
      \desirablepropertyemit\label{dp:chgr0:soda0:bestcpucycle}.}  
          We seek to design
      systems that, for a given set of requirements, can 
      meet the requirements most efficiently with respect
      to CPU demands.  Such systems enable the use of slower [less costly]
      microcontrollers, are less likely to conceal behavior, 
          and are easier to modify.

\item \textbf{Minimal Possibility Of Concealed Behavior
      \desirablepropertyemit\label{dp:chgr0:soda0:minpconcealedbeh}.}  
          We seek to build
      software systems that are not likely to
      conceal behavior during product testing.  Systems that have a large
      ability to conceal behavior may pass product testing but
      still exhibit defects for customers.  The inability to conceal behavior
      is closely related to other desirable characteristics:

\begin{enumerate}

\item \textbf{Minimization Of State Space 
      \desirablepropertyemit\label{dp:chgr0:soda0:minss}.}  
          Many software defects are tied to
      software that holds more state than necessary.  We seek to correctly
      identify the minimum necessary state space of the software and to
          construct software that is minimally stateful.

\item \textbf{Minimization Of Scheduling Freedom
      \desirablepropertyemit\label{dp:chgr0:soda0:minschedfreedom}.}  
          We seek to minimize the way in which
      external events can affect the way software components are scheduled for
      execution.  Simpler \emph{is} better.

\item \textbf{Minimization Of Non-Linear Behavior
      \desirablepropertyemit\label{dp:chgr0:soda0:minnonlin}.}  
          Systems with 
      strongly non-linear or chaotic tendencies are undesirable.

\end{enumerate}

\item \textbf{Robustness.
      \desirablepropertyemit\label{dp:chgr0:soda0:robustness}}  
          We seek to build systems that are robust with
      respect to state upset of the controller, intermittent failure of
          sensors and actuators, modeling errors, component aging, and variable
      real-time loading of the software.

\item \textbf{Maximum Re-Usability Of Code
      \desirablepropertyemit\label{dp:chgr0:soda0:maxreusecode}.}  
          We seek to be able to re-use
      software components, and we seek to be able to develop 
          new products with a minimum of new software component development.  
          This goal related to both economy and to software quality.
      Repeatedly reinventing the wheel is expensive, and it also introduces quality
      concerns---it is more reliable to reuse software components
      that have had prolonged exposure in existing products.

\item \textbf{Testability and Instrumentability
      \desirablepropertyemit\label{dp:chgr0:soda0:testability}.}
          We desire to construct software systems that are testable and
          instrumentable.  This desirable attribute includes the detection of
          internal errors, the measurement of timing margins, and other requirements
          and best practices.

\end{enumerate}

\item \textbf{Desirable Properties of a Product Development Process}

\begin{enumerate}

\item \textbf{Minimum Development Time
      \desirablepropertyemit\label{dp:chgr0:soda0:mindevtime}.}  
          We seek to minimize the time to bring 
      product to market.

\item \textbf{Feedback Path From Defects And Near Defects To Process, Training,
      And Tools
          \desirablepropertyemit\label{dp:chgr0:soda0:feedbackpath}.}  
          We seek to be able to record defects (that make it into
      production) and near defects (that nearly make it into production),
      and feed these back into the product development process 
          (in the event that any process step could have prevented
      the defect or near defect), into the training for software developers, and into
      the tool set (if the defect or near defect is automatically detectable).

\end{enumerate}

\item \textbf{Desirable Properties of Human Environment}

\begin{enumerate}

\item \textbf{Self-Actualizing Experience for Employees
      \desirablepropertyemit\label{dp:chgr0:soda0:saexperience}.}  
          We seek to provide a self-actualizing
      experience for employees.  Any employee should leave 
          a company with far more skills
      than they had on their arrival.

\item \textbf{Best Experiences for the Top 20\% of Employees
      \desirablepropertyemit\label{dp:chgr0:soda0:betop20}.}  
          It is common knowledge that the most
      capable 20\% of software developers make 80\% of the competitive contribution.
      It is also common knowledge that this 20\% is the most sensitive to working conditions
      which impair productivity.
      We seek to make it easier for this 20\% to be the most productive.\footnote{Note that this
      notion of protecting the most productive employees is built into the work environment
      so that we don't often think of this goal.  For example, in a dentist's office, the
      dentist certainly \emph{could} schedule appointments and follow up with insurance
      claims, but economically it is more feasible to have an administrative staff do
      this.  Similarly, when obtaining technical support for a software product, one rarely reaches  
      the actual software developers.  We also do not claim that we need to identify the
      20\%, simply that we need to remove institutional productivity barriers.}

\end{enumerate}

\item \textbf{Desirable Properties of Administrative System}

\begin{enumerate}

\item \textbf{A Place For Everything, And Everything In Its Place
      \desirablepropertyemit\label{dp:chgr0:soda0:placeforeverything}.}  
          We seek administrative
      neatness and consistency.

\item \textbf{Elimination Of Redundant Information
      \desirablepropertyemit\label{dp:chgr0:soda0:lackredinfo}.}  
          Redundant information in product
      development is harmful in two ways.  First, it is tedious and costly to [manually] maintain
      the same information in different places.  Second, such an arrangement is a change
      risk, because the information may be updated in one place but not another.

\end{enumerate}

\end{enumerate}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Detailed Description Of Desirable Attributes}
%Section tag:  DDA0
\label{chgr0:sdda0}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\subsection[Minimum ROM, RAM, And EEPROM Consumption]
           {Minimum ROM, RAM, And EEPROM Consumption 
           (\desirablepropertycite{dp:chgr0:soda0:minpm},
                   \desirablepropertycite{dp:chgr0:soda0:minram},
                   and 
                   \desirablepropertycite{dp:chgr0:soda0:mineeprom})}
%Subsection tag:  MRE0
\label{chgr0:sdda0:mre0}

Typical inexpensive microcontrollers come in families of parts with
the same CPU core but different amounts of ROM, RAM, and EEPROM; with different
numbers of I/O pins; and often with different I/O peripherals.  
Almost invariably, members of a 
family are priced so that the parts with more capability are more expensive.

Because of the cost differential, there is often substantial pressure
on microcontroller software developers to create software which
uese as little ROM, RAM, and EEPROM as possible; so that the least
expensive parts can be used.  Additionally, it often happens that
a software load consumes nearly all the resources of the
largest available part in a family, so that no options are available
if the software cannot be made to fit.

Thus, strategies to minimize the consumption of ROM, RAM, and EEPROM
are of great interest in embedded software development.

Somewhat counterintuitively, the rigorous application of ROM-, RAM-, and
EEPROM-reduction strategies from the \emph{start} of a product development
may actually \emph{increase} the probability of a product development 
failure.  If these strategies are applied from the very start of a 
product development, there will be little or no ``fat'' left in software modules
that can be trimmed if ROM, RAM, or EEPROM limits are reached.
The rigorous application of ROM-, RAM-, and EEPROM-reduction strategies
must be accompanied by an increased respect for storage size limits.


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\subsection[Optimal CPU Cycle Utilization]
           {Optimal CPU Cycle Utilization 
           (\desirablepropertycite{dp:chgr0:soda0:bestcpucycle})}
%Subsection tag:  BCC0
\label{chgr0:sdda0:bcc0}

In many applications, it may be advantageous to use the least-capable
microcontroller with the slowest clock rate that will suffice for the
application.  The reasons that this may be advantageous are:

\begin{enumerate}
\item More capable microcontrollers are generally more costly.
\item It may be advantageous to operate a micrcontroller at less than
      the maximum allowable clock frequency.
   \begin{enumerate}
   \item A system with a higher clock rate usually consumes more power, and
         the relationship is often approximately linear.
   \item There may be certain frequencies at which the embedded system should
         not emit signals.  (For example, in an automotive application, the 
                 AM and FM radio bands are to be avoided.  If the clock frequency of
                 the system is chosen so that the frequency or a harmonic is in these
                 bands, the system must be shielded or otherwise made more expensive.)
   \end{enumerate}
\end{enumerate}

The general principles that apply to optimization for CPU-cycle efficiency are:

\begin{enumerate}
\item The mechanisms that pervade the system must be examined carefully and
      optimized.  Typical mechanisms that must be optimized are:

          \begin{enumerate}
          \item \textbf{Time measurement mechanisms.}
                The notion of \emph{time} typically pervades an
                        embedded system.  It is typical for many 
                        software components to contain state-machine logic
                        with transition functions that are functions of time.
                        Decisions about how to represent time and how to test
                        elapsed time can have a \emph{profound} effect on 
                        the performance of the system.
      \item \textbf{IPC mechanisms.}
                The mechanisms by which 
          \end{enumerate}
\end{enumerate}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\subsection[Minimal Possibility of Concealed Behavior]
           {Minimal Possibility of Concealed Behavior 
           (\desirablepropertycite{dp:chgr0:soda0:minpconcealedbeh})}
%Subsection tag:  mpc0
\label{chgr0:sdda0:mpc0}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\subsubsection[Minimization of State Space]
              {Minimization of State Space 
              (\desirablepropertycite{dp:chgr0:soda0:minss})}
%Subsubsection tag:  mss0
\label{chgr0:sdda0:mpc0:mss0}

Many embedded software defects are directly attributable to software which
holds more state than necessary.  It is a common observation that
novice programmers have difficulty in designing state-minimal 
embedded software components---in extreme cases, novice programmers have
even implemented purely combinational mappings as sequential machines.

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\subsubsection[Minimization of Scheduling Freedom]
              {Minimization of Scheduling Freedom 
              (\desirablepropertycite{dp:chgr0:soda0:minschedfreedom})}
%Subsubsection tag:  msf0
\label{chgr0:sdda0:mpc0:msf0}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\subsubsection[Minimization of Non-Linear Behavior]
              {Minimization of Non-Linear Behavior
              (\desirablepropertycite{dp:chgr0:soda0:minnonlin})}
%Subsubsection tag:  mnl0
\label{chgr0:sdda0:mpc0:mnl0}


\subsection{Freedom From Redundant Information}


\subsection{Robustness}
\label{chgr0:sdda0:srob0}


\subsection{Maximum Re-Usability Of Source Code}


\subsection{Minimum Development Time}


\subsection{Feedback Path From Defects To Product Development Process, Training, And Tools}


%\subsection{Self-Actualizing Experience For Employees}


%\subsection{Best Experiences For The Top 20\% Of Employees}


%\subsection{Administrative Neatness}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\noindent\begin{figure}[!b]
\noindent\rule[-0.25in]{\textwidth}{1pt}
\begin{tiny}
\begin{verbatim}
$HeadURL$
$Revision$
$Date$
$Author$
\end{verbatim}
\end{tiny}
\noindent\rule[0.25in]{\textwidth}{1pt}
\end{figure}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% 
%End of file C_HGR0.TEX
Name	Value
svn:eol-style	native
svn:keywords	Author Date Id Revision URL Header