In this post, you will get an overview of embedded devices and embedded systems development.
At Secure Code Warrior, we are always looking to expand our training coverage. To empower embedded developers and security managers to build secure embedded systems, we are tapping into the world of embedded systems security. In this post, we will share the key things developers and architects should know about building secure embedded systems.
An embedded device is an independent computing unit, with its own microprocessor-based hardware and software. They are typically used to perform dedicated functions, either independently, or as parts of larger systems.
Embedded devices are purpose-built computing systems with minimalistic hardware and software, programmed to perform specific functions. Depending on their purpose, the complexity of embedded devices can vary.
If an embedded system has to perform complicated, resource-intensive operations, its hardware may comprise multiple processors, with various interconnected peripherals. If, however, it’s designed to do a simple task, it may just contain a single microcontroller.
Some embedded systems are black-boxes with no user interface, while others can have detailed, graphical user interfaces.
Embedded devices find applications across multiple industries; from aerospace to computing, and from home appliances to healthcare. Here are a few examples:
Short answer: No. Long answer:
By definition, an embedded device encapsulates all the software and hardware it needs to perform its functions. A laptop indeed wraps up various hardware components in a metal body, and encompasses all the software it needs to deliver its feature set.
However, unlike typical embedded systems, which have a pre-defined, minimal feature set, a laptop is more general purpose and can be used to do a wide array of activities.
Embedded systems are at the heart of IoT. Your smart fridge can be controlled via your mobile device, because of an embedded device. It’s an embedded device in your security system that lets you view CCTV footage from a thousand miles away. And when you push a button to put your car on auto-pilot, behind-the-scenes, it’s an embedded device that does all the magic.
The following steps are involved in the typical software development life cycle of an embedded device:
An embedded device has a distinct and precise feature set. This is why it’s very important to explicitly state its purpose and requirements before starting the development. Creating a detailed design document for the system is recommended. Answer questions like:
Once we have identified the unique system requirements, we are ready to design the system architecture. Answer questions like:
The choice of operating system often dictates the efficacy of your embedded applications, so choose wisely. Windows for IoT may score high in graphics, but lacks hardware support. Embedded Linux and Android are free, whereas VxWorks and Windows for IoT have licensing costs.
With open-source systems like Linux and Android, your developers have more control over the kernel; however, with proprietary systems, the default feature set of the kernel is all that you can work with.
It’s also important to consider the security implications while choosing an operating system. Do security patches get released quickly, in case any vulnerabilities are discovered? Is there any built-in protection against the most common cybersecurity attacks?
Different programming languages and frameworks have various pros and cons. Depending on your feature, speed, and reliability requirements, you may choose one language/framework over the other.
If your application is web-based, and you want high performance, go with Java.
However, if you want the fastest throughput, go with C/C++. If you want the best third-party library support, go with Python.
Once you have decided on the development platform, you are ready to start coding. Remember that embedded systems are sensitive devices with limited hardware and software resources. It’s thus of pivotal importance to keep in mind the best practices regarding application security and performance.
Code reviews help in optimizing code and identifying any potential bugs. You also need to test as rigorously as possible. Ensure that you compile an exhaustive list of all the test-cases that the device may encounter when used in production.
Just like any other application/device, the life cycle doesn’t end when the embedded device has been shipped and installed. As the device gets used in production, new use-cases are identified, which require new features to be added. Any reported bugs may also require new firmware updates to be released.
There are many reputable organizations, like IEEE and TIOBE, that rank programming languages by popularity and use. However, regardless of whether you check the TIOBE index, or the IEEE Spectrum, you will notice a common theme.
The top 3 languages are always C, Python, and Java. The TIOBE index for July 2021 ranks C at #1, Java at #2, and Python at #3. According to IEEE Spectrum’s ranking for embedded programming languages, the order is: Python, Java, and then C.
Different languages manage memory, interactions with the OS, and runtime, in different ways. E.g. Java applications execute in a specialized runtime environment known as Java Virtual Machine, or JVM.
Memory management within C/C++ is manual, however, in Java or Python, you don’t have to worry about managing memory yourself; the language does it for you. What’s more is that in C, you have to collect your garbage yourself; i.e. if you dynamically allocate a piece of memory, you have to explicitly free it yourself. If you don’t, it will lead to a memory leak. In Java or Python, garbage collection is done automatically. However, C is intrinsically much faster than Java or Python.
One thing that C and Java (but especially C) lack in comparison to Python is the availability of third-party libraries. Python has a richer database of libraries, which makes it much easier for developers to add certain features.
Overall, choose C if:
Go with Python if:
Go with Java if:
High-level languages make it easier to code by abstracting away the complexities that simply can’t be avoided in C. However, for decades, despite the release of fancier languages and frameworks, C has remained a top choice in embedded development.
This is because the speed, performance, and reliability it offers, are still unparalleled. The fact that Python and large parts of the Java ecosystem (including the runtime, language, and compiler) are written in C, speaks volumes about the language’s efficiency and durability.
With that said, C is undeniably harder to learn for new developers, who prefer the simplicity of languages like Python. This is creating a noticeable decline in the size of the C developer community. The rise in development of AI and ML applications is also driving people to choose Python over C, simply because it offers greater library support.
It’s important to remember that Python has only recently become part of the top embedded programming language debate. Yes, its adoption may continue to rise in the years to come, but we don’t expect C to ever stop being a top choice for embedded development.
A lot can go wrong while writing code in C/C++. Accessing a memory address that no longer points to valid data, or incorrectly sharing data between threads, can cause your entire application to crash.
For embedded devices, these implications are far more significant, as a crash inside them can cause a much larger machine to stop functioning. E.g. if the auto-pilot module in a car shuts down, the car will no longer be able to avoid obstacles.
Here are more reasons why secure coding of C/C++ applications is so important:
It’s absolutely critical that developers are trained in secure coding for C/C++ applications. Secure Code Warrior provides a personalized learning platform with interactive challenges, courses, and assessments that can enable developers to write secure C/C++ code. Here, we are talking about language:framework-specific content, not just a tweak on general conceptual training.
Check out how we help automotive and transportation industries. Or try an embed-focus coding challenge today to experience how we empower developers to write secure embedded applications!