Friday, December 19, 2008

Embedded System Compilers generate dangerous code

Volatiles Are Miscompiled, and What to Do about It by Eric Eide and John Regehr raises some troubling concerns about the tools that form the cornerstone of many Embedded Systems that we depend on daily. They ask the question Why are compilers so buggy? then follow up with several reasons. Mostly due to the badly generated code that involves the C keyword 'volatile'. Code is presented to test and in some cases correct this hidden software danger.

1 comment:

  1. When I supported the GNU compilers at Wind River, D'Anne Thompson made it clear that all global variables (both those visible to the linker and those visible throughout a source file) are volatile by *default*.

    This is because all the code in VxWorks (before version 6) is in the same address space. Every thread, driver, interrupt handler, etc. This means that between the time a function loads up a global variable and the time it trefers to it again, another thread (running code in another module or other code in the same module) may have changed it.

    This situation is exactly why the keyword 'volatile' was invented.

    It requires a lot of discipline to minimize or eliminate global or non-static variables from your code,
    and it's worth it.