Interview with Dave Hughes

CEO of HCC Embedded

HCC:

DESIGNING RELIABLE SOFTWARE FOR

EMBEDDED

SYSTEMS

Microchips New PIC MCUs

Obsolesence
Management System

CONTENTS

4
8
16

TECH ARTICLE

ADVANTAGES OF AN EXECUTABLE
OBSOLESCENCE MANAGEMENT SYSTEM

TECH ARTICLE

MICROCHIPS LATEST FAMILY OF MCUS

IS THE SECRET INGREDIENT IN EMBEDDED DESIGNS

COVER INTERVIEW

DAVE HUGHES, CEO OF HCC EMBEDDED

HCC:

SMFS uses a structured

database to reduce complexity
EMBEDDED SYSTEMS
of the application which can
improve the performance in
almost every way; speed, power
consumption, and flash life.
DESIGNING RELIABLE SOFTWARE FOR

SMART METER

Interview with Dave Hughes CEO of HCC Embedded

Your Guide to
Embedded MCUs and
Development Tools.

22

HCC has been developing embedded software

components for Flash, File Systems, and
Communications for over a decade. Founded by current
CEO David Hughes, the company sought to provide
robust support for the ever-changing embedded
systems industry. With a wide variety of fail-safe file
systems and verifiable software, HCC has become one
of the most trusted names in the market today.

FILE SYSTEM
FEATURED ARTICLE
We spoke with David Hughes about what it takes to
develop a truly fail-safe system, the unique challenges
in dealing with flash memory, and his vision for the
industry over the next few years.

RELIABLE SOFTWARE CAN

MAKE THE INTERNET OF THINGS
SMARTER, CHEAPER AND MORE SECURE

Modern smart-meters must meet significant

technical challenges in order to lower
manufacturing cost, power consumption and
achieve high reliability. HCC has developed an
advanced Smart-meter File System (SMFSTM),
custom designed for the needs of smartenergy and smart-meter applications. This can
result in lower cost of manufacturing, shorter
development time, reduced field maintenance
and longer guaranteed life of operation.
Key Features
Fail-safe data storage, system will always
recover.
Persistent data storage: preserved for 15
years or more.
Minimum number of flash operations to
preserve both the flash and the battery.
Deterministic behavior in the event of
unexpected reset.
16 and 32-bit MCU support

Instead of using a traditional file based

system HCC has taken the radical approach of
defining a system built around the needs of
smart-meters. Metering applications usually
have well defined record structures and
HCC has used its extensive flash experience
to take advantage of this characteristic.
By taking a data focused, and not a filefocused approach, it is possible to reduce the
required number of write/erase cycles by an
order of magnitude. Traditional file systems
do not have built-in cyclic buffer logic for
storing records and this can add complexity,
significantly increasing the number of
times flash must be accessed. SMFS uses a
structured database to reduce complexity
of the application which can improve the
performance in almost every way; speed,
power consumption, and flash life.

Reduced Power Consumption

Order of magnitude reduction in required
number of write/erase cycles required can
dramatically reduce the system power
consumption in some systems.
High Quality Development
The software is developed using high quality
development methodology and is rigorously
compliant with MISRA C:2004.

Small Footprint
The Smart-meter File SystemTM (SMFS)
requires less than 15kB program memory and
1.5kB of RAM on 32-bit MCUs.
Reduced Development Time
The simplicity of SMFS means that engineers
can easily configure and implement a system
which will be fail-safe, provides wear-leveling
and has ECC error correction and encryption
options, significantly shortening time to market.

Everything youre looking for in one place.

w w w. e m b e d d e d d e v e l o p e r. c o m

TECH ARTICLE

Advantages of an
Executable Obsolesence
Management System

veryday countless Product Change

Notifications (PCNs) and End-of-Life
Notifications (EOL/ PDN) are received by
companies worldwide. But have you ever thought
about all the consequences of these notes? How can
you appraise all of the risks involved in a false
or tardy reaction in handling obsolescence?

By Stefanie Koelbl
Obsolescence Management for TQ-Systems

The impacts of obsolete components are mostly

pricey for the userespecially when a redesign is
necessary and costs are incurred for engineering
services, operating capital or test equipment.

n todays world, obsolescence is almost

unpreventable because of rapid
technological revolutions and evolutions,
but also because of the changing market
demand day-by-day.

The impacts of obsolete components are

mostly pricey for the userespecially when a
redesign is necessary and costs are incurred
for engineering services, operating capital or
test equipment.

Brownfield sites*, for example, are the direct

result of the actions of the consumer sector
the products are non-durable because
the end-user hungers for new, modern and
making-life-easier commodities.

Often there are still some of the obsolete

components available on the market but
those are often sold by high-cost brokerage
companies and product authenticity cant
always be confirmed.

Another cause of obsolescence is

environmental policies and restrictions of
special substances like RoHS, RoHS2 and
REACH which confront producers with
further costs.

This is compounded by globalization

resulting in counterfeits or fakes from
all over the world being imported and
unsuspectedly used in, for example, airplanes
or pacemakers.

But how can we ensure that the industry

sectors needs will also be satisfied in the
long run? The railway supply and aviation
industries, for example, have a constant
demand for the same, unchanged
components over a period of 30 to 40 years!
This means that Obsolescence Management
should be a mechanism to deal with the
correlation between durable systems and
obsolete components.

What follows is that the costs of products

containing the obsolete components will rise
and often inefficiency appears.
A missing or careless Obsolescence
Management system doesnt just affect
direct costs, it can also impact the suppliers
or OEMs business image, market share, and
indirectly, lower turnover. As a result of the
inability to continue fabricating products
containing obsolete components, corporate
clients are more likely to switch over to
competitors with more innovative or
cheaper alternatives.

* A brownfield site (or simply a brownfield) is land previously used for industrial purposes or some
commercial uses. The land may be contaminated by low concentrations of hazardous waste or pollution,
and has the potential to be reused once it is cleaned up.

TECH ARTICLE
Using guidelines to
analyzing components

If Obsolescence Management strategies are followed

for each product, the result will be an overview and control
over the product lifecycle costs, result in maximum
component safety.

It is very important when analyzing

components to not just refer to information
from databases, but also from the
manufacturer and supplierthis will give
you a valid and accurate report of the
expected lifespan.

Shown at right, the ARM9-based

TQ module TQMa28
To prevent these risks of obsolescence
the following three strategies should be
established:
Proactive Obsolescence Management
Premature analysis of the bill of material
(BOM) to get the information about the
actual lifecycle status and estimate the risk
of components becoming obsolete.
Strategic Obsolescence Management
Long term strategy to avoid the use of
endangered components.
Reactive Obsolescence Management
Instruction to deal with obsolescent
components after receipt of EOL notice.
The combination of these three
Obsolescence Management strategies will
mainly lead to longevity of systems, but will
also offer other advantages.
Important points are the early determining
of endangered components and the
maximization of the current horizon to find
efficient alternatives.
Also, the reduction of the use of pricey
broker commodities and the avoidance of
redesigns and requalifications are essential
for a working Obsolescence Management
system.

If Obsolescence Management strategies

are followed for each product, the result
will be an overview and control over the
product lifecycle costs, result in maximum
component safety.
All these aspects are included in the
Obsolescence Management Plan made by
TQ-Systems, an EMS service provider and
supplier of embedded modules and systems
near Munich in Germany.
As an example of a health check with
regard to obsolescence, the ARM9-based
TQ module TQMa28 has to be available
for a minimum lifespan of 15 years.
After analyzing the original components it
was proven that none of them would fulfill
TQs demand of a durable product
as evidenced in the following table:
Processor ARM9TM

3 years

Plug

10 years

Flash memory

1 year (NAND uprated)

Main memory SDRAM

1 year (DDR2)

Logic element

8 years

Operating system

1-15 years

By using this combined forecasting method,

the original components could be replaced
with long-lasting ones: like the ARM9TM
Freescale processor i.MX28 or the flash
memory EMMC-Blackbox of Micron/Toshiba/
Sandisk (which can substitute each other).
The same can also be said for the logic
element of Texas Instruments/Maxim/
Linear-Technology who all offer special
obsolescence programs for their clients.
Long-life programs such as the ones offered
by Micron are preferred: these programs
provide further security, and for this reason
TQ always uses Microns main memory
MT47H64M16HR-25EIT:H. in its application.

Products and Proactive

Obsolescence Management
TQ modules offer guaranteed availability
for a fixed period of time with minimal price
increases, and are therefore optimized
against obsolescence issues compared to
the original modules where the selling price
rises constantly.
High interest in SMD components and the
low costs of DRAMs are another plus for the
competitiveness of the module. TQ-Systems
modules, including the current TQMa28
are validated by proactive Obsolescence
Management.

TQ offers Obsolescence Management services

to its corporate clients but also
to external businesses.
Their spectrum extends to analysis of bills
of materials and products, monitoring
endangered components, redesigns, audits
and workshops about obsolescence issues and
long-term storage in nitrogen.
TQ System excels at offering flexible terms,
on-time delivery, high quality standards and
a history of offering superior client-specific
solutions. As a member of the Component
Obsolescence Group, TQ can offer their
clients up-to-date information about the latest
progression in obsolescence management
and relating issues which enables a high ROI on
their mature products.
One of the leading solution providers
of innovative technologies for 20 years,
TQ-Systems GmbH has their corporate
headquarters in Seefeld, Germany, and
employs over 1,200 staff and has production
facilities in Germany, Switzerland and China.

A global leader in electronic technology

TQ-USA is the brand for a module product line
represented in North America by Convergence
Promotions LLC for TQ-Systems GmbH.
From their sales distribution and technical
support net- work in North America,
Convergence Promotions can guarantee
customers quick response times with sales and
technical support.

For More Information:

In North America:
www.ConvergencePromotions.com/TQ-USA
In EMEA: www.TQ-Systems.de

TQ modules offer guaranteed availability for a fixed period of time with minimal
price increases, and are therefore optimized against obsolescence issues
compared to the original modules where the selling price rises constantly.

FEATURED ARTICLE

MICROCHIPS

Latest Family of MCUs

is the Secret Ingredient in

Embedded Designs

mbedded designers are currently facing the challenge of delivering feature-rich

products with fewer and fewer resources, which is why Microchip is committed
to delivering total solutions aimed at streamlining the development process. At
the recent EE Live! and Embedded Systems Conference in San Jose, EEWeb met with
Greg Robinson, marketing director of Microchips MCU8 Division, as he announced
their latest family of 8-bit PIC microcontrollers. The PIC16(L)F170X and PIC16(L)
F171X family combines Intelligent Analog with Core Independent Peripherals, offering
embedded systems developers the secret ingredients needed to start cooking up an
expansive menu of sophisticated designs.

FEATURED ARTICLE
What makes these products
unique is the integration we
have done from an analog
perspective...

Introducing the PIC16(L)F170X/171X

8-bit MCU family
Embedded developers are increasingly faced with
the demand to include more functionality in evershrinking devices. These pressures, combined with
the need to lower costs and complexity by utilizing
fewer MCUs, is driving the engineering community to
rethink incumbent technologies. Microchips PIC16(L)
F170X/171X 8-bit MCU family addresses those needs.
These MCUs are cost-effective solutions enriched
with Intelligent Analog, a set of Core Independent
Peripherals, and eXtreme Low Power (XLP) technology
with 35nA Sleep Current and 30A/MHz Active
Current, which helps extend battery life and reduce
standby current consumption. Combined with a
software configuration tool called the MPLAB Code
Configurator, Microchips latest family of MCUs takes
8-bit PIC MCU performance to a new level.

What makes these products unique is the

integration we have done from an analog
perspective, Robinson said. We put two
operational amplifiers on chip, some high
speed comparators, a 5- and 8-bit DAC.
We put on a new module for Zero Cross
Detection as well, and a lot of analog
detection coupled with what we call our
Core Independent Peripherals on the
digital side.

Make the Most of Your Pins

with Peripheral Pin Select
In most microcontrollers, the functional
inputs and outputs of a peripheral are
typically multiplexed on fixed pins and
often conflict with each other. This
creates a situation where, by selecting
one peripheral, you lose the ability to
use another. The PIC16(L)F170X/171X
8-bit MCU family is the first line of PIC16
MCUs with Peripheral Pin Select, a pin
mapping feature that gives designers
the flexibility to designate the pinout of many peripheral functions. This
multiplexing makes it possible for
designers to make the most of the pins
on a device. As Robinson explained, The
peripheral pin select module enables
engineers to reconfigure digital signals

to different pins. As a part comes up in a

default mode, if the user has a EUSART
and a PWM, and they are both assigned to
that same pin, the module allows them
to re-map those pins to different pins.
This is very important as we put more and
more peripherals, and more and more
functionality, into smaller pin counts.
With the flexibility to change pin
mappings, Peripheral Pin Select addresses
the issue of how to access the peripheral
needed with as few pins as possible; it
also allows for easy board work-arounds.
For example, if a PCB error occurs where
the signal was not routed to the intended
pin, the problem can be solved in firmware
without scrapping or re-doing the PCB.
Additionally, Peripheral Pin Select
resolves the issue of signal degradation
that can result when components are
placed in close proximity on the board. If
a designer is designing an application that
has an analog input that may be sitting
next to a PWM output or a communication
output where it can degrade the analog
signal, they can simply move that digital
signal to the other side of the chip and
hold the integrity of the analog input,
Robinson added.

The PIC16(L)F170X/171X 8-bit MCU family is the first

line of PIC16 MCUs with Peripheral Pin Select, a pin
mapping feature that gives designers the flexibility to
designate the pin-out of many peripheral functions.

10

11

FEATURED ARTICLE

Together, these self-sustaining

peripherals streamline the
implementation of complex control
systems and provide designers
the flexibility to innovate.

Eliminate Code and CPU Supervision

Kickstarting Your Next Design

The PIC16(L)F170X/171X 8-bit MCU family

features a set of Core of Independent
Peripherals that can handle tasks with no
code or CPU supervision. Together, these
self-sustaining peripherals streamline
the implementation of complex control
systems and provide designers the
flexibility to innovate.

For those hungry to innovate, Microchip

has done the work up front to get
developers started on a wide variety
of applications. The flexibility and
efficiency of the PIC16(L)F170X/171X
8-bit MCU make it well suited for a
broad range of advanced applications,
including environmental quality sensors,
portable medical equipment (such as
glucose meters, portable ECGs, pulse
oximeters, blood pressure meters),
industrial equipment (such as gas
sensors, handheld multimeters, lab
instrumentation, e-meters, sensor
arrays), power conversion, efficient motor
control, lighting, power measurement and
monitoring, energy harvesting equipment,
and solar inverters.

The Configurable Logic Cell (CLC) allows

for programmable combinational and
sequential logic, and also enables the
on-chip interconnection of peripherals
and I/O; thereby reducing external
components, saving code space and
adding functionality.
The Complementary Output
Generator(COG) is a powerful
waveform generator used to generate
complementary waveforms with fine
control of key parameters, such as phase,
dead-band, blanking, emergency shutdown states and error-recovery strategies.
The Numerically Controlled Oscillator
(NCO) is a programmable linear
frequency generator that both enhances
performance and simplifies the design
of applications such as lighting control,
radio-tuning circuitry, and fluorescent
ballasts.

12

The PIC16(L)F170X/171X family is

supported by Microchips standard suite of
cutting edge development tools, including
the PICkitTM 3, MPLAB ICD3, PICkit 3
Low Pin Count Demo Board, PICDEMTM
Lab Development Kit, and PICDEM Plus.
The MPLAB Code Configurator is a free
tool that generates seamless, easy-tounderstand C code that is inserted into
your project.
Additionally, Microchip provides
developers several online resource
centers for working with the Core
Independent Peripherals and Intelligent
Analog integrated on these 8-bit
MCUs. Design centers to assist with the
creation of Intelligent Lighting and Home
Appliance applications are also available.

13

EMBEDDED WORKBENCH
Intel Atom Processor Development Kit
The Intel Atom processor N270 and Mobile Intel 945GSE Express chipset
development kit provides robust performanceper-watt, power-efficient graphics
and rich I/O capabilities for cost-effective embedded solutions.
The chipset features an integrated 32-bit 3D graphics engine based on Intel Graphics
Media Accelerator 950 (Intel GMA 950) architecture, a 533 MHz front-side bus (FSB),
single-channel 400/533 MHz DDR2 system memory (SODIMM and/or memory down), Intel
Matrix Storage Technology and Intel High Definition Audio1 interface. The chipset delivers
outstanding system performance and flexibility through high-bandwidth interfaces such as PCI
Express,* PCI, Serial ATA, and Hi-Speed USB 2.0 connectivity.
This platform offers an excellent solution for embedded market segments such as digital signage,
interactive clients (kiosks, point-of-sale terminals), thin clients, digital security, residential gateways,
print imaging, and commercial and industrial control. It is part of Intels comprehensive validation process,
enabling fast deployment of next-generation platforms to help developers maximize competitive advantage while
minimizing development risks.

Infineon XMC4500 Basic Kit

Join Today

This evaluation board lets you get up-and-running quickly with Iinfineons CortexM4 XMC4000 microcontroller. This evaluation board offers many features that ease
your learning curve and speed up your program development.
The CPU_45A-V2 board houses the XMC4500 Microcontroller and three satellite
connectors (HMI, COM, ACT) for application expansion. The board along with satellite cards
(e.g. HMI_OLED-V1, COM_ETH-V1, AUT_ISOV1 boards) demonstrates the capabilities of
XMC4500. The main use for this board is to demonstrate the generic features of XMC4500
device including the toolchain. The focus is safe operation under evaluation conditions. The
board is not cost optimized and is not reference design.

REva Starter Kit for STM8S MCUs

The REva starter kits are Raisonances complete, cost-effective solutions for starting
application development and evaluating STM8x, ST7LITEx, ST7Fox, ST7232x, ST7234x,
ST7236x and ST7263B microcontrollers.
Kits contain all the hardware and software required to develop applications for microcontrollers, including the REva evaluation board, target STM8 and ST7 microcontrollers,
embedded RLink for in-circuit debugging and incircuit programming and the raisonance
integrated development environment (Ride7) with application builder.

eeweb.com/register
14

15

COVER INTERVIEW

HCC:

DESIGNING RELIABLE SOFTWARE FOR

EMBEDDED SYSTEMS
Interview with Dave Hughes CEO of HCC Embedded

HCC has been developing embedded software

components for Flash, File Systems, and
Communications for over a decade. Founded by current
CEO David Hughes, the company sought to provide
robust support for the ever-changing embedded
systems industry. With a wide variety of fail-safe file
systems and verifiable software, HCC has become one
of the most trusted names in the market today.
We spoke with David Hughes about what it takes to
develop a truly fail-safe system, the unique challenges
in dealing with flash memory, and his vision for the
industry over the next few years.

16

17

COVER INTERVIEW

How did you get started in

the embedded industry?
Ive had a long history working in the
embedded industry since I graduated
University in 1985, developing various types
of software for deeply embedded systems,
initially all in assembler and then progressing
to C as the core language. Back in 2000, I
finally decided to start my own company based
on my experiences in the industry. Our initial
aim at HCC was to provide flash management
software for embedded systems, an area that
lacked robust support and which was, and still
is, changing very rapidly.
In the last 14 years, what are the most
significant milestones you have achieved?

If you require high

quality and high
reliability, then we
believe it is worth
investing in that high
quality software.
Thats the focus of our
current milestones.

even Moores law struggles to keep up. NOR

flash is also changing though perhaps not at
such a fast pace.

Equally, the application developer has to

understand what they want from a file
system such that they can guarantee it
will be consistent and manageable. In our
view it cannot be called a fail-safe system
if the rules for each layer, including power
management are not completely defined and
mutually consistent.

A programmer typically just wants to reference

an object by name (e.g. a stream of bytes) and
manipulate it, but flash is not organized in
such a friendly way. With its page/block/erase
architecture, write limitations and need for wear
management, logic must be provided to handle
this - and this logic is complex if you want to
handle it in a fail-safe, deterministic way.

What are some of the unique challenges

in dealing with flash memory and why is it
becoming more complex on the system side?

So we provide complex software that performs

the mapping between the user requirement
and the flash, combined with the ever
changing physical specifications for the media
that this is being recorded on. Additionally
different products have very different
requirements and constraints (e.g. 24 bit error
correction is not something to be undertaken
lightly). A system level approach is required
if the full possibilities of flash storage are to
be realized in a reliable way. Consequently
HCC have a range of file systems and flash
translation layers, combined with decades of
experience to bring to flash based solutions in
deeply embedded systems.

Could you elaborate on what fail-safety is?

Of course, survival is the first milestone for any

company, and those that can survive the first
few years of their development have achieved
something significant. However in recent
years we have grown quickly and we continue
to expand as we develop new products and
markets. Our first major achievement was to
provide truly fail-safe file systems that provide
reliable flash storage by design. In recent years
we are proud to have developed embedded
software with verifiable quality and specialized
software such as our Smart-meter File System
that address fundamental needs in that industry.

Fail safety is a complex concept, but in its

simplest form, it describes a system that has
deterministic behavior even if it is reset or
stopped inadvertently. For example if power
is lost unexpectedly the system may still
be in the process of committing a write to a
disk. For a classic FAT file system to complete
any operation it must write to three or more
areas of the disk to complete a consistent
operation. Its physically impossible to
perform these operations simultaneously, so
precautions are required to make the system
consistent when it recovers, regardless of
which point it was stopped.

In general embedded systems are becoming

more complex, microcontrollers are more
complex, and flash has become more complex.
If you require high quality and high reliability,
then we believe it is worth investing in high
quality software. Thats the focus of our
current milestones.

But you cant deal with fail safety quite

as simply as thisit is important to take a
system-wide approach to any fail safety
concept. For instance, there is no point in
having a fail-safe flash management system if
the file system above is not equally designed
to be fail-safe. A fail-safe system can never be

18

fail-safe without specifying precisely what it

requires at all levels from the physical to the
application layer.

Looking back to when HCC was founded, 32MB

NAND was probably the largest flash device
available. The level of error correction required
was 1-bit per 512 bytes to guarantee 100K
erase/write cycles. Today NAND is available at
sizes up to 64GB, requiring maybe 24 bit error
correction or more to guarantee 3000 erase/
write cycles. Flash is a technology area where

A fail-safe system
can never be fail-safe
without specifying
precisely what it
requires at all levels
from the physical to
the application layer.

HCC also develops highly specialized systems

such as Smart Meters and Verifiable SSL
Network Security?
The availability of low cost RTOS and driver
software has changed the software market.
Not only are most of these RTOSes very similar,
but they are generally provided with basic
communications and file system functionality.
HCC develops all software using our Advanced
Embedded Framework (AEF), which means it is

19

all completely independent of compiler, RTOS,

MCU, development board, endianess etc. It can
be used on any target with any RTOS allowing
us to invest heavily in quality and efficiency
since it is completely re-useable.
This is important since it is possible in a system
like a smart-meter to develop software which
has verifiable quality and deals with industry
specific problems such as guaranteed flash
life, fail-safety, quality and low power. An
important differentiator is a product life time
simulator where the behavior of the system
over its intended life can be modelled and
checked for flash usage and wear. None of
these issues can be dealt with as effectively
using general-purpose, off-the-shelf software.
The ability to invest in quality of software is
one of our core values.
This is also true of secure networking, a key
feature in many metering systems. Recently
the impact of having no strong process or
verifiable quality has resulted in major security
issues such as the well-publicized Heartbleeds
SSL problems. HCCs SSL/TLS implementation
is developed using a rigorous process and
source code control and this means we can
have much higher confidence in the security of
the solution.
What do foresee happening in the industry
over the course of the next 10 years?
The market is changing very swiftly although
we dont fundamentally consider the Internet
of Things a new idea, there are just new
opportunities thanks to low cost, high capacity
bandwidth. MCUs are becoming cheaper and,
at the same time, more complex. Increasing

flash memory density and lower cost of

processing power will drive the requirement
for more rigorous software development.
Software and security will become much more
valuable to the perceived quality and value
of a companys brand. Increasingly, generalpurpose software has little value and software
that is both verifiable and specialized must
be developed to minimize system cost and
optimize performance.
How will software impact the cost of Internet
of Things devices?
One of the reasons smart-metering systems
are so important to HCC is because it is an
application that really captures the value we
add to the Internet of Things. We designed our
file system specifically for that application
scenario because our customers not only
have requirements for the reliability of
the application and the data, but they also
have very low power requirements. In some
countries, smart-meter power consumption
must be minimized so that power companies
dont have to build new power stations just
to measure electricity consumption. They
must also be connected to the Internet and
demonstrably secure.
By building high quality dedicated software
applications, we are able to reduce the
cost to manufacture, enhance security and
significantly reduce power consumption. If
you step back and consider that application,
it really encompasses all the things that HCC
is trying to achieve software now makes a
crucial difference.

Embedded
Flash Made Easy
HCC File Systems & FTL provide
truly fail-safe solutions to integrate MCUs
with NAND or NOR flash devices.

Dynamic & Static Wear-levelling

ECC & Read Disturb
Bad Block Management
Supports any RTOS, Compiler or MCU

Available with an extensive range of media drivers

for external ash devices. For further information
or a free 30 day evaluation, contact HCC at

Phone: +1 212 734 1345 E-mail: info@hcc-embedded.com

Web: www.hcc-embedded.com

20

21

FEATURED ARTICLE

RELIABLE SOFTWARE
can make the Internet of Things

SMARTER, CHEAPER,

AND MORE SECURE

E

mbedded software is under closer scrutiny than ever before.

Twenty years ago the C language was just starting to become
widely used as a serious programming language for deeply
embedded applications. Historically, embedded applications
have been small, standalone systems with limited data storage,
sometimes connected to closed networks. As low-cost processing,
flash memory, and networking have become ubiquitous, the issues
of data storage and network security have become critical. Is
embedded software able to adequately meet the challenges of
the emerging wave of MCU-based applications using large flash
devices for data storage and providing secure network access?

22

23

FEATURED ARTICLE

One interesting aspect of the emergence

of the new generation of low-cost 32-bit
processors is the complexity of developing a
base application layer and peripheral drivers.
Many developers use third party software to
fulfill this function. In these cases externally
developed software is one of the main factors
that define a products quality and a companys
reputation. This raises important questions
for all application developers using third party
storage and communications software:
Can the file system and its driver software
guarantee the integrity of data stored in
flash memory?
Is the system designed to always recover
from unexpected events such as power loss?
Will the quality of the security and
networking software affect the ability
of the system to guarantee secure
communications?

Recent high profile

security issues such as
Heartbleed and Apples
SSL bug are examples of
coding errors that could
have been avoided by
using a formal design
methodology.

24

Faced with these fundamental questions, it

is notable that so much free, open source,
and commercial software is incorporated into
embedded applications without evidence they
have been developed in a way that guarantees
these basic requirements. Recent high profile
security issues such as Heartbleed and Apples
SSL bug are examples of coding errors that
could have been avoided by using a formal
design methodology. A simple code then test
approach is insufficient to guarantee the design
goal of secure communications. For this some
full life-cycle model for managing software is
required this should include requirements
specification, design, test and traceability.
To address the problems of freestyle coding
used in many commercial and open source
TLS/SSL products, HCC has designed both
a network stack and a TLS/SSL security
implementation that provides design evidence

HCC has a
number of failsafe file systems
that can guarantee
correct fail-safe
performance.

for developers. For example, the TLS/SSL

module can be provided with a full static
analysis report as well as a UML-based design
model. The system requirements have been
developed to ensure a correct implementation
and test, based on the principle that the
process and the life cycle model are as
important to secure communications as the
code itself.
It is fundamental to assess the possible risk
and cost of software failure for any application.
HCC has always taken a system level approach
to design for fail-safety and guaranteed data
integrity. HCC has a number of fail-safe file
systems that can guarantee correct fail-safe
performance. This only works if the system
designer follows the rules to ensure that there
are adequate services provided for each layer
in the design, from application layer through to
hardware design.

A smart-meter is a good example of a system

with a low tolerance for flash-based data
storage failures. Some smart meters are
required to maintain data and file system
integrity for 15 years or more. HCC has
created a dedicated fail-safe file system for
metering, complete with a full static analysis
report, and has created high level design
requirements to ensure the system can be
correctly implemented and tested. A complete
system simulation is also provided to model
the lifetime use of the system. It can be used
with eTaskSync, a small scheduler created with
100% statement and object coverage testing,
full MC-DC analysis, and full MISRA C:2004
compliance to build a system with a high
degree of verifiable integrity.
Thanks to very public embedded software issues
with products from Toyota, Apple, OpenSSL
and others, it is clear that embedded software
development methods must evolve quickly
to maintain confidence in the devices that will
make the Internet of Things successful.

25

PRODUCT HIGHLIGHT

OVERVIEW OF HCCS EMBEDDED SOFTWARE COMPONENTS:

SSL/TLS SOFTWARE
WITH VERIFIABLE QUALITY
HCCs TLS/SSL is a highly optimized software
module designed to provide secure network
communications for embedded devices.
The software is developed using a rigorous
adherence to MISRA C:2004 and is available
with a full MISRA compliance report as well
as a full UML description. The importance
of using a strong development process and
source code control has been emphasized by
a number of high-profile security problems
caused by source code errors. Network security
requires a high degree of quality and traditional
methods of freestyle coding and test do not
provide sufficient guarantees of correctness.

Key Features
SSL3.0, TLS1.0/1.1/1.2
Full certificate management
All mandatory cipher suites supported
including AES, DES, DSS, EDH, MD5,
RSA, SHA

26

"All algorithms
are implemented
as a individual
libraries and, where
possible, use crypto
hardware support
provided on specific
microcontrollers."

Low Footprint, High Performance

HCCs SSL/TLS implementation can be used
as Client or Host and is designed especially
for microcontrollers, ensuring a low memory
footprint, typically around 20kB ROM / 8kB
RAM. Typically it uses a standard sockets
interface and will bring ease of integration to
many embedded applications. HTTP or FTP
Server support is provided for HTTPS and FTPS
implementations or connection to any other
secure client or server application.

All algorithms are implemented as

individual libraries and, where possible,

use crypto hardware support provided on

specific microcontrollers.

Specification and Design

The software is fully specified using
IBM DOORS. For protocol elements the
requirements are mapped directly to their
section in the relevant RFCs to create
traceability. The UML software design has
been derived directly from this specification
and consists of Collaboration diagrams, Object
Model Diagrams, Sequence Diagrams and
Activity diagrams drilling all the way down to
the C code level.

27

PRODUCT HIGHLIGHT

eTaskSync
SMALL, LOW-COST

VERIFIABLE SCHEDULER
eTaskSync is a no compromise, verifiable
scheduler used for running tasks in an
embedded system. It can be used as
a standalone scheduler or as a way to
synchronize and integrate middleware with
existing legacy software. eTaskSync is designed
to provide a subset of the typical functions of
a standard kernel; tasks, events and mutexes.
This approach not only makes it very small
and efficient, but also makes verification and
certification much easier.
eTaskSync is a source code product, delivered
with detailed MISRA compliance reports, MC/
DC and 100% object and statement code
coverage tests. eTaskSync is low cost and can
be used in any general purpose embedded
design, but it is especially suitable for those
that require a high level of integrity and
verification such as industrial, medical and
transportation applications.
Key Features
Fully compliant with MISRA-C:2004
100% MC/DC coverage

28

100% statement coverage tests

100% object coverage tests
Suitable for use in products requiring
high availability or certification
Small footprint <2kB code;
100bytes RAM
Priority-based, cooperative
task scheduling
Mutexes
Events
Free kernel aware debug plug-ins for
popular toolchains
MISRA Compliance
HCC eTaskSync is fully compliant with
MISRA-C:2004. First introduced by the
automotive industry, MISRA has become a
best-practice coding standard widely used in
the medical, industrial, telecom and aerospace
industries. HCC has developed its own rigorous
coding standard to create a concise, strongly
typed subset of the C language for use in
embedded systems. The result is clean, clear
and robust code without ambiguities.

t0

T1
P0
T2
P1
T3
P2

t1

t2

t3

t4

t5

t6

RUN
READY
WAIT
RUN
READY
WAIT
RUN
READY
WAIT

Software Verification
eTaskSync includes a test suite that performs a
range of tests to verify the design and correct
operation of the software on the target system.
It is provided free of charge with eTaskSync and
provides the following coverage;
100% Statement Coverage every line
of source code is executed at least
once.
100% Object Coverage every
assembler instruction in the object
created by compiling eTaskSync is
executed at least once.

100% MC/DC Modified Condition/

Decision Coverage each decision
tries every possible outcome; each
condition in a decision takes on every
possible outcome; each entry and exit
point is invoked and each condition in
a decision is shown to independently
affect the outcome of the decision.
Free Download
A full source code based version of the
software, documentation and tests can be
downloaded free of charge for evaluation from
the Download Center on HCCs website.

29

PRODUCT HIGHLIGHT

TRULY FAIL-SAFE

FILE SYSTEMS
HCC has invested a great deal of research,
test and development effort over more than
a decade to design truly fail-safe file systems
for NAND/NOR/SSD flash that will always
recover from unexpected system events such
as power loss or reset. Most standard file
systems are not fail-safe and therefore risk
corruption and errors. For product designers
who value the data stored in their embedded
devices or in an embedded application where
a corrupt file system could be catastrophic,
HCC have a solution.
Journal based file systems generally
guarantee only the integrity of the metadata
and are not always deterministic. A transaction
based file system provides integrity for both
file data and metadata, though the commit
points are normally system wide. HCC
employs a hybrid approach for its fail-safe

30

"HCC employs a
hybrid approach
for its fail-safe file
systems and all
implementations
are transactionbased on a file-byfile basis."

file systems and all implementations are

transaction based on a file-by-file basis. This
has the advantage that a single file operation
can be executed without reference to the
state of other files or operations, meaning
each application using the file system can
operate safely and independently.
Any file system claiming fail-safety must
define what is required of the low-level media
driver to guarantee fail-safety. With all HCC
fail-safe file systems, the requirements of
the low-level driver are clearly defined. This
enables designers to create systems that will

survive unexpected reset or power failure.

It is important to note that in most systems
involving flash storage, careful management
of the power to the target media is critical.
HCCs experienced team can offer insight into
the design of reliable file system solutions.
HCC now provide 6 different file systems and 2
different Flash Translation Layers to deal with
the complex array of different media types and
application requirements. An application note
which explains the role of each and provides
design tips for developers can be downloaded
from HCCs website.

31

PRODUCT HIGHLIGHT

SMART METER

FILE SYSTEM
Modern smart-meters must meet significant
technical challenges in order to lower
manufacturing cost, power consumption and
achieve high reliability. HCC has developed an
advanced Smart-meter File System (SMFSTM),
custom designed for the needs of smartenergy and smart-meter applications. This can
result in lower cost of manufacturing, shorter
development time, reduced field maintenance
and longer guaranteed life of operation.
Key Features
Fail-safe data storage, system will always
recover.
Persistent data storage: preserved for 15
years or more.
Minimum number of flash operations to
preserve both the flash and the battery.
Deterministic behavior in the event of
unexpected reset.
16 and 32-bit MCU support

32

Instead of using a traditional file based

system HCC has taken the radical approach of
defining a system built around the needs of
smart-meters. Metering applications usually
have well defined record structures and
HCC has used its extensive flash experience
to take advantage of this characteristic.
By taking a data focused, and not a filefocused approach, it is possible to reduce the
required number of write/erase cycles by an
order of magnitude. Traditional file systems
do not have built-in cyclic buffer logic for
storing records and this can add complexity,
significantly increasing the number of
times flash must be accessed. SMFS uses a
structured database to reduce complexity
of the application which can improve the
performance in almost every way; speed,
power consumption, and flash life.

SMFS uses a structured

database to reduce complexity
of the application which can
improve the performance in
almost every way; speed, power
consumption, and flash life.

Reduced Power Consumption

Order of magnitude reduction in required
number of write/erase cycles required can
dramatically reduce the system power
consumption in some systems.
High Quality Development
The software is developed using high quality
development methodology and is rigorously
compliant with MISRA C:2004.
Small Footprint
The Smart-meter File SystemTM (SMFS)
requires less than 15kB program memory and
1.5kB of RAM on 32-bit MCUs.
Reduced Development Time
The simplicity of SMFS means that engineers
can easily configure and implement a system
which will be fail-safe, provides wear-leveling
and has ECC error correction and encryption
options, significantly shortening time to market.

33

PRODUCT HIGHLIGHT
Overview of the

LAPIS
Development Board
The LAPIS development board from Lapis
Semiconductor features two of their latest
low-power MCUs, the ML610Q111 and Q112.
These MCUs are based on Lapis proven
U8 RISC CPU, an 8-bit core executing
one instruction per clock cycle, yielding
performance on par or better than typical
16-bit cores executing one instruction for
every three clock cycles. The board allows
engineers an easy starting point on their
circuit designs.

34

35

PRODUCT HIGHLIGHT

Specifications

Included Hardware
Raspberry Pi
Integration

ML610Q112
Micro
ML610Q111
Micro

I/O Pins from

Q112 Micro

I/O Pins
from Q111 Micro
Prototyping
Area

In addition to communication protocols, ADCs, memory, and other

common MCU features, the Q111 and Q112 integrate the logic power
supply regulator, low- and high-speed oscillators that can be used
in place of an external oscillator, and 6 channels of 16-bit PWM. One
of the target applications for these MCUs is LED lighting control, so
having multiple PWM channels integrated enables control of both
brightness and color while reducing the design footprint.
The board itself has the Q111 and Q112 MCUs. For development,
there is a breadboard-style prototyping area and each MCU has
a Raspberry Pi compatible header so you can use Raspberry Pi
expansion boards with this dev board. There is also a header for
Lapis debuggers and a micro USB port for connecting to the PC
app for testing and development.

Watch Video
To watch a video overview and demonstration of the
LAPIS Development Board, click the image below:

USB Port
for GUI

Debug Port

Reset

36

37

M o v i n g To w a r d s
a

David Elien
VP of Marketing & Business
Development, Cree, Inc.

Clean Energy

Let There Be

LIGHT

FUTURE

How Cree reinvented

the light bulb

Hugo van Nispen, COO of DNV KEMA

Cutting Edge

SPICE

Modeling

MCU Wars
32-bit MCU Comparison

Cutting Edge
Flatscreen
Technologies

New LED
Filament
Tower

View more
EEWeb
magazines
Click Here

Power
Developer
O ct o b er

201 3

From Concept
to

Reality

Sierra
Circuits:

Designing for

Durability

A Complete PCB
Resource

Wolfgang Heinz-Fischer
Head of Marketing & PR,
TQ-Group

TQ-Groups Comprehensive
Design Process

Freescale and
TI Embedded
Modules

Ken Bahl
CEO of Sierra Circuits

PLUS: The
Ground Myth
in Printed
Circuits

PCB Resin Reactor

ARM
Cortex
Programming

Low-Power Design Techniques