Unit

THE EMBEDDED SYSTEM DEVELOPMENT ENVIRONMENT

7.1 THE INTEGRATED DEVELOPMENT ENVIRONMENT (IDE)

In embedded system development context, Integrated Development Environment (IDE)
stands for an integrated environment for developing and debugging the target processor specific
embedded firmware. IDE is a software package which bundles a ‘Text Editor (Source Code Editor)’,
‘Cross-compiler (for cross platform development and compiler for same platform development)’,
‘Linker’ and Debugger’. Some IDEs may provide interface to target board emulators, Target
processor’s /controller’s Flash memory programmer, etc. and incorporate other software development
utilities like ‘Version Control Tool’, ‘Help File for the Development Language’, etc. IDEs can be
either command line based or GUI based. Command line based IDEs may include little or less GUI
support. The old version of TURBO CIDE for developing applications in C/C++ for x86 processor on
Windows platform is an example for a generic IDE with command line interface. GUI based IDEs
provide a Visual Development Environment with mouse click support for each action. Such IDEs are
generally known as Visual IDEs. Visual IDEs are very helpful in firmware development. A typical
example for a Visual IDE is Microsoft® Visual Studio for developing Visual C++ and Visual Basic
programs. Other examples are Net Beans and Eclipse.

IDEs used in embedded firmware development are slightly different from the
generic IDEs used for high level language based development for desktop applications. In embedded
applications, the IDE is either supplied by the target processor/controller manufacturer or by third
party vendors or as open source. MPLAB is an IDE tool supplied by microchip for developing
embedded firmware using their PIC family of microcontrollers. Keil µVision3 (spelt as micro vision
three) from Keil software is an example for a third party IDE, which is used for developing embedded
firmware for 8051 family microcontrollers. Code Warrior by Metrowerks is an example of IDE for
ARM family of processors. It should be noted that in embedded firmware development applications
each IDE is designed for a specific family of controllers/processors and it may not be possible to
develop firmware for all family of controllers/processors using a single IDE (as of now there is no
known IDE with support for all family of processors/controllers). However there is a rapid move
happening towards the open source IDE, Eclipse for embedded development. Most of the
processor/control manufacturers and third party IDE providers are trying to build the IDE around the
popular Eclipse open source IDE. This may lead to a single IDE based on Eclipse for embedded
system development in the near future. Since this book is primarily focusing on 8051 based
embedded firmware development, the IDE chosen for demonstration is Keil µ Vision3. A demo
version of the tool for Microsoft Windows OS based development is available for free download from
the Keil Software website. Please install the same on your machine before proceeding to the next
sections.
7.1.1 THE KEIL µ VISION3 IDE FOR 8051

Keil µ Vision3 is a licensed IDE tool from Keil Software (www.keil.com), an ARM
company, for 8051 family microcontroller based embedded firmware development. To start with the
IDE (after installing the demo tool) execute the program Uv3.exe (ir the short cut ‘Keil µ Vision3’
from desktop or ‘All programs’ tab from ‘Start Menu’ – For Host machine with Microsoft® Window
Operating System). The IDE view is shown in Fig. 7.1.2.

The IDE looks very similar to the Microsoft® Visual Studio IDE and it contains
various menu options, a project window showing files, Register view, Books and Function Tab and
an output window. To start a new project, go to the ‘Project’ tab on the menu, select ‘New Project’
Pop-up dialog Box (Let it be ‘sample’). Choose the directory to save the project from the pop-up
dialog. The default extension of a project workspace file is .uv2. On clicking the ‘Save’ button of the
‘Create New Project’ pop-up dialog, a device selection dialog as shown in Fig. 7.1.3 appears on the
screen.

This Dialog Box lists out all the vendors (manufacturers) for 8051 family
microcontroller, supported by IDE. Choose the manufacturer of the chip for your design (Let it be
‘Atmel’ for our design). Atmel itself manufacturers a variety of 8051 flavours. Choose the exact part
number of the device used as the
Fig 7.1.2 Keil µ Vision3 Integrated Development Environment (IDE)

Fig 7.1.3 Target CPU Vendor selectionfor Keil µ Vision3 IDE

target processor for the design, by expanding the vendor mode. It will list out all supported CPUs by
the selected vendor under the vendor node. On selecting the target processor’s exact part number, the
vendor name, device name and tool set supported for the device is displayed on the appropriate fields
of the dialog box along with a small description of the target processor under the Description column
on the right side of the pop-up dialog as shown below. Press ‘OK’ to proceed after selecting the target
CPU (Let it be ‘AT89C51’ for ut design).

Fig 7.1.4 Target CPU selection for Keil µ Vision3 IDE

Once the target processor is selected, the IDE automatically adds the required startup code for
the firmware and it prompts you whether the standard startup code needs to be added to the project
(Fig. 7.1.5). Press ‘Yes’ to proceed. The startup code contains the required default initialization like
stack pointer setting and initialization, memory clearing, etc, On cross-compiling, the code generated
for the startup file is placed on top of the code generated for the function main(). Hence the reset
vector
Fig 7.1.5 Startup file addition to the project

(0000H) always starts with the execution of startup code before the main code. For more details in the
contents and code of startup file please go through the µ Vision help files which is listed under the
‘Books’ section of the project workspace window.
A ‘Target’ group with the name ‘Target 1’ is automatically generated under the ‘Files’
section of the project Window. ‘Target 1’ contains a ‘Source Group’ with the name ‘Source Group 1’
and the startup file (STARTUP.A51) is kept under this group (Fig.7.1.6). All these groups are
generated automatically. If you want you can rename these groups by clicking the respective group
names.

Fig 7.1.6 Startup file added to the project

You can see that similar to the Visual Studio IDE’s ‘Project Window’ for VC++ development, Keil
IDE’s ‘Project Window’ also contains multiple tabs. They are the ‘Files’ tab, which gives the file
details for the current project, ‘Regs’ tab, giving the Register details while debugging the source code,
‘Books’ tab showing all the available help and documentation files supplied by the IDE, ‘Functions’
tab lists out the functions present in a ‘C’ source file and finally a ‘Templates’ tab which generate
automatic code framework (function body) for if, if else, switch case etc and code documentation
template (Header). These steps create a project workspace. To start with the firmware development
we need to create a source file and then add that source file to the ‘Source Group’ of the ‘Target’.
Click on the ‘File’ tab on the menu tool of the IDE and select the option ‘ New’. A blank text editor
will be visible on the IDE to the right of the ‘Project Window’. Start writing the code on the text
editor as per your design (Refer to the Keil help file for using Keil supported specific Embedded C
instructions for 8051 family). You can write the program in ANSI C and 8051 specific codes (like
Port Access, bit manipulation instruction etc) using Keil specific Embedded C codes. For using the
keil specific Embedded code, you need to add the specific header file to the text editor using the
#include compiler directive. For example, #include <reg51.h> is the header file including all the
target processor specific declarations for 8051 family processors for Keil C51 Compiler. Standard ‘C’
programs (Desktop applications) calls the library routines for accessing the I/O and they are defined
in the stdio.h file, whereas these library files cannot be used as such for embedded application
development since the I/O medium is not a graphic console as in the C language based development
on DOS Operating system and they are re-defined for the target processor I/Os for the cross compilers
by the cross compiler developer. If you open the stdio.h files by ANSI C and Keil for its IDE, you can
find that the implementation of I/O related functions (e.g.print()) are entirely different.

The difference in the implementation is explained with typical stdio.h function-

printf() (e.g. printf(“Hello World n”)). With ANSI C & DOS the function outputs the string Hello
World to the DOS console whereas with the C51 cross-compiler, the same function outputs the string
Hello world to the serial port of the device with the default settings. Coming back to the firmware
development, let’s follow the universal unwritten law of first ‘C’ program- The “Hello World’
program. Write a simple ‘C’, code to print the string Hello world.
Fig 7.1.7 Writing the first Embedded C code

The code is written in the text editor which appears within the IDE on selecting the
‘New’ tab from the ‘File’ Menu. Write the code in C language syntax (Fig. 7.1.7). Add the necessary
header files. You can make use of the standard template files available under the ‘Templates’ tab of
the ‘Project Window’ for adding functions, loops, conditional instructions, etc. for writing the code.
Once you are done with the code, save it with extension c in a desired folder (Preferably in the current
project directory). Let the name of the file be ‘sample.c’. At the moment you save the program with
extension .c, all the keywords (like #include, int, void, etc.) appear in a different colour and the title
bar of the IDE displays the name of the current .c file along with its path. By now we have created a
‘c’ source file. Next step is adding the created source file to the project. For this, right click on the
‘Source Group’ from the ‘Project Window’ and select the option ‘Add Files to Group ‘Source
Group”. Choose the file ‘sample.c’ from the file selection Dialog Box and press ‘Add’ button and exit
the file selection dialog by pressing ‘Close’ button. Now the file is added to the target project (Fig.
7.1.8). You can see the file in the ‘Project Window’ under ‘Files’ tab beneath the ‘Source Group’.

Fig 7.1.8 Adding Files to the project

If you are following the modular programming technique, you may have different
source files for performing an intended operation. Add all those files to the project as described
above. It should be noted that function main() is the only entry point and only one ‘.c’ file among the
files added to the project is allowed to contain the function main(). If more than one file contains a
function with the name main(), compilation will end up in error. The next step is configuring the
target. To configure the target, go to ‘Project’ tab on the Menu and select ‘Options for Target’. The
configuration widow as shown in Fig. 7.1.9 is displayed.
Fig 7.1.9 Target Configuration

The target configuration window is a tabbed dialog box. The device is already
configured at the time of creating a new project by selecting the target device (e.g. Atmel AT89C51).
If you want to check it, select the ‘Device’ tab and verify the same. Select ‘Target’ tab and configure
the following. Give the clock frequency for which the system is designed. E.g. 6MHz, 11.0592MHz,
12MHz, 24MHz, etc. This has nothing to do with the firmware creation but it is very essential while
debugging the firmware to note the execution time since execution time is dependent on the clock
frequency. If the system is designed to make use of the processor resident code memory, select the
option Use On-chip ROM (For AT89C51 On-chip ROM is 4K only; 0x0000 to 0x0FFF). If external
code memory is used, enter the start address and size of the code memory at the Off-chip code
memory column (e.g. Eprom start: 0x0000 and size 0x0FFF). The working memory (data memory or
RAM) can also be either internal or external to the processor. If it is external, enter the memory map
starting address of the external memory along with the size of external memory in the Off-chip X data
memory section (e.g. Ram start: 0x8000 and size 0x1000). Select the memory model for the target.
Memory model refers to the data memory. Keil supports three types of data memory model; internal
data memory (Small), external data memory in paged mode (Compact) and external data memory in
non-paged mode (Large). Now select the Code memory size. Code memory model is also classified
into three; namely, small (code less than 2K bytes), Compact (2K bytes functions and 64K bytes code
memory) and Large (Plain 64K bytes memory). Choose the type depending on your target application
and target hardware design. If your design is for an RTOS based system, select the supported RTOS
by the IDE. Keil supports two 8 bit RTOS namely, RTX51 Tiny and RTX51 Full. Choose none for a
non RTOS based design.

Move to the next Tab, ‘Output’. The output tab holds the setting for output file generation
from the source code (Fig. 7.1.10). the source file can either be converted into an executable machine
code or a library file.

Fig 7.1.10 Output File creation settings

 You can select one of the output settings (viz. executable binary file (hex) or library
file (lib)). For executable file, tick the ‘Crate Hex File’ option and select the target processor specific
hex file format. Depending on the target processor architecture the hex file format may vary, e.g. Intel
Hex file and Motorola hex file. For 8051, only one choice is available and it is Intel hex File HEX-80.
The list files section coming under the tab ‘Listing’ tells what all listing files should be created during
cross-compilation process (Fig. 7.1.11).

Fig 7.1.11 List File generation settings

‘C51’ tab settings are used for cross compiler directives and settings like/Pre-
processor symbols, code optimization settings, type of optimization (viz. code optimized for
execution speed and code optimized for size), include file’s path settings, etc. The ‘A51’ tab settings
are used for assembler directives and settings like conditional assembly control symbols, include
file’s path settings etc. Another important option is ‘Debug’. The ‘Debug’ tab is used for configuring
the firmware debugging. ‘Debug’ supports both simulation type firmware debugging and debugging
the application while it is running on the target hardware (Fig. 7.1.12).

You can either select the Simulator based firmware debugging or a target firmware
level debugging from the ‘Debug’ option. If the Simulator is selected, the firmware need not be
downloaded into the target machine. The IDE provides an application firmware debugging
environment by simulating the target hardware in a software environment. It is most suitable for
offline analysis and rapid code developments. If target level debugging is selected, the binary file
created by the cross-compilation process needs to be downloaded into the target hardware and the
debugging is done by single stepping the firmware. A physical link should be established between the
target hardware and PC on which the IDE is running for target level debugging. Target level hardware
debugging is achieved using the Keil supported monitor programs or through an emulator interface.
Select the same from the Drop-down list. Normally the link between target hardware and IDE is
established through a Serial interface. Select the ‘Comm Port’ to which the target device is connected
and the baudrate for communication (Fig. 7.1.13).

If the Debug mode is configured to use the target level debugging using any one of
the monitor program or the emulator interface supported by the Keil IDE, the created binary file is
downloaded into

Fig 7.1.12 Firmware debugging options

Fig 7.1.13 Target hardware debug serial link configuration

the target board using the configured serial connection and the firmware execution occurs in real
time. The firmware is single stepped (Executing instruction-by-instruction) within the target
processor and the monitor program running on the target device reflects the various register and
memory contents in the IDE using the serial interface.

The ‘Utilities’ tab is used for configuring the flash memory programming of the
target processor/controllers from the Keil IDE (Fig. 7.1.14). You can use either Keil IDE supported
programming drivers or a third party tool for programming the target system’s FLASH memory. For
making use of Keil IDE provided flash memory programming drivers, select the option ‘Use Target
Driver for Flash Programming’ and choose a driver from the drop-down list. To use third party
programming tools, select the option ‘Use External Tool for Flash Programming’ and specify the
third party tool to be used by giving the path in the ‘Command’ column and specify the arguments (if
any) in the ‘Arguments’ tab to invoke the third party application.

Fig 7.1.14 Target Flash Memory Programming configuration

With this we are done with the writing of our first simple Embedded C program and
configuring the target controller for running it. The next step is the conversion of the firmware written
in Embedded C to machine language corresponding to the target processor/controller. This step is
called cross-compilation. Go to ‘Project’ tab in the menu and select ‘Rebuild all target files’. This
cross-compiles all the files within the target group (for modular programs there may be multiple
source files) and link the object codes created by each file to generate the final binary. The output of
cross-compilation for the ‘Hello World’ application is giving in Fig. 7.1.15.
Fig 7.1.15 Conversion of the Embedded C program to 8051 Machine code

You can see the cross-compilation step & linking in the o/p window along with
cross-compilation error history. Now perform a ‘Build Target’ operation. This links all the object files
created (in a multi-file system where each source files are cross-compiled separately) (Fig. 7.1.16).

Fig 7.1.16 Linking of all object Files

In a multi source file project (source group containing multiple .c files) each file can
be separately cross-compiled by selecting the ‘Translate current file’ option. This is known as
Selective Compilation. Remember this generates the object file for the current file only and it needs to
be combined with object files generated for other files, by using ‘Build Target’ option for creating the
final executable (Fig. 7.1.17). selective compilation is very helpful in a multi file project where a
modified file only needs to be re-compiled and it saves the time in re-compiling all the files present in
the target group.
7.2 TYPES OF FILES GENERATED ON CROSS-COMPILATION
Cross-Compilation is the process of converting a source code written in high level language
(like ‘Embedded C’) to a target process or controller understandable machine code (ex: ARM
processor or 8051 microcontroller specific machine code). The conversion of the code is done by
software running on a processor / controller (ex: x86 processor based pc) which is different from the
target processor. The software performing this operation is referred as the ‘Cross-compiler’. Cross
assembling is similar to Cross-compiling; the only difference is that the code written in a target
processor / controller specific Assembly code is converted into its corresponding machine code. The
application converting Assembling instruction to target processor / controller specific machine code is
known as Cross-assembler. Cross-compilation / Cross-Assembling is carried out in different steps and
the process generated various types of intermediate files. Various files generated during the cross-
compilation / cross-assembling process are:
List File (.lst), Hex File(.hex), pre-processor out put file, Map file (File extension linker dependent),
Object file (.obj).

List File (.lst file):

Listing file is generated during the cross-compilation process and is contains an
abundance of information about the cross compilation process, like cross compiler details, formatted
source text (‘C’ code), assembly code generated from the source file, symbol tables, errors and
warnings detected during the cross-compilation process. The type of information contained in the list
file is cross-compiler specific.

Source Code:
The Source code listing outputs the line number as well as the source code on that
line. Specific cross compiler directive can be used to include or exclude the conditional codes (code
in # if blocks) in the source code listings.
Void main ( )
{
Printf (“Hello world!\n)
}
Assembly listing:
Assembly listing contains the assembly code generated by the cross compiler for the
‘C’ source code. Assembly code generated can be excluded from the list file by using special
compiler directives.

ASSEMBLY LISTING OF GENERATED OBJECT CODE

; FUNCTION main (BEGIN)
; SOURCE LINE #5
; SOURCE LINE #6
; SOURCE LINE #7
00007 BFF MOV R3, #OFF H
0002 7A00 R MOVR2, # HIGH? SC-0
0004 7900 R MOVR1, # LOW? SC-0
; FUNTCTION main (END)

Preprocessor Output file:

The Preprocessor output file generated during Cross-compilation
contain the preprocessor output for the preprocessor instructions used in the source file. Preprocessor
output file is used for verifying the operation of macros and conditional preprocessor directives. The
preprocessor output file is a valid C source file. File extension of preprocessor output file is cross
complier dependent.

Objective File (.OBJ File):

Cross-compiling / assembling each source module (written in C /
Assembly) converts the various Embedded C / Assembly instructions and other directives present in
the module to an object (.OBJ) file. The format (internal representation) of the .OBJ file is cross
compiler dependent. OMF51 or OMF2 are the two objects file formats supported by C51 cross
compiler. The object file is a specially formatted file with data records for symbolic information,
object code, debugging information, library references, etc. The list of some of the details stored in an
object file is given below.
1) Reserved memory for global variables.
2) Public symbol (variable and function) names.
3) External symbol (variable and function) references.
 4) Library files with which to link.
5) Debugging information to help synchronies source lines with object code.

Map File (.MAP):

The cross-compiler converts each source code module into a re-locatable
object (OBJ) file. Cross-compiling each source code module generates its own list file. In a project
with multiple source files the cross-compilation of each module generates a corresponding object file.
The object files so created are re locatable codes, meaning their location in the code memory is not
fixed. It is the responsibility of a linker to link all these object files. The locater is responsible for
locating absolute address to each module in the code memory. Linking and locating of re-locatable
object files will also generate a list file called ‘linker list file’ or ‘map file’. Map file contains
information about the link / locate process and is composed of a number of sections. The different
sections listed in a map file are cross compiler dependent.

HEX File (.HEX):

Hex file is the binary executable file created from the source code. The
absolute object file created by the linker / locater is converted into processor understandable binary
code. The utility used for converting an object file to a hex file is known as object to hex file
converter. Hex files embed the machine code in particular format. The format of Hex file varies
across the family of processors / controllers. Intel Hex and Motorola HEX are the two commonly
used hex file formats in embedded applications. Intel Hex file is an ASCII text file in which the HEX
data is represented in ASCII format in lines. Each record is made up of hex a decimal numbers that
represent machine. Language code and / or constant data. Individual records are terminated with a
carriage return and a linefeed. Intel HEX file is used for transferring the programming and data to a
ROM or EPROM which is used as code memory storage.

7.3 DISASSEMBLER / DECOMPILER

Disassemble is a utility program which converts machine codes into target processor
specific Assembly codes / instructions. The process of converting machine codes into Assembly code
is known as ‘Disassembling’. In operation, disassembling is complementary to assembling / cross-
assembling. De compiler is the utility program for translating machine codes into corresponding high
level language instructions. De compiler performs the reverse operation of compiler / cross-compiler.
The dis-assemblers / de compilers for different family of processors / controllers are different.
Disassemblers / de compliers are deployed in reverse engineering. Reverse engineering is the process
of revealing the technology behind the working of a product. Reverse engineering in embedded
product development is employed to find out the secret behind the working of popular proprietary
products. Disassemblers / decompilers help the reverse engineering process by translating the
embedded firm ware into Assembly / high level language instructions.

Disassemblers / decompilers are powerful tools for analyzing the presence of

malicious codes (virus information) in an executable image. Disassemble/decompilers are available as
either free ware tools readily available for free download from internet or as commercial tools. It is
not possible for a disassembler / decompiler to generate an exact replica of the original assembly
code/high level source code in terms of the symbolic constants and comments used. However
disassemble / decompilers generates a source code which is some-what matching to the original
source code from which the binary code is generated.

7.4 SIMULATORS, EMULATORS AND DEBUGGING

Simulators and emulators are two important tools used in embedded system
development. Both the terms sound a like and are little confusing. Simulator is a software tool used
for simulating the various conditions for checking the functionality of the application firmware. The
Integrated Development Environment (IDE) itself will be providing simulator support and they help
in debugging the firmware for checking its required functionality. In certain scenarios, simulator
refers to a soft model (GUI model) of the embedded product. For ex. It the product can be developed
in software. Soft phone is an example for such a simulator. Emulator is hardware device which
emulates the functionalities of the target device and allows real time debugging of the embedded
firmware in a hardware environment.
7.4.1 SIMULATORS
Simulators simulate the target hardware and the firmware execution can be inspected
using simulators. The features of simulator based debugging are listed below.
1) Purely software based
2) Doesn’t require a real target system
3) Very primitive (Lack of featured I/O support. Everything is simulated one).
4) Lack of real-time behavior.

Advantages of Simulator Based Debugging:

Simulator based debugging techniques are simple and
straight forward. The major advantages of simulator based firmware debugging techniques are
explained below.

1) No Need for original Target Board

Simulator based debugging technique is purely soft ware
oriented. IDE’s software support simulates the CPU of the target ward. User only needs to know
about the memory map of various devices within the target board, and the firmware should be written
on the basis of it. Since the real hardware is not required, firmware development can start well in
advance immediately after the device interface and memory maps are finalized. This saves
development time.

2) Simulate I/O Peripherals

Simulator provides the option to simulate various I/O peripherals.
Using simulator’s I/O support you can edit the values for I/O registers and can be used as the input /
output value in the firmware execution. Hence it eliminates the need for connecting I/O devices for
debugging the firmware.

3) Simulates Abnormal Conditions

With simulator’s simulation support you can input any
desired value for any parameter during debugging the firmware and can observe the control flow of
firmware. It really helps the developer in simulating abnormal operational environment for firmware
and helps the firmware developer to study the behavior of the firmware under abnormal input
conditions.

Limitations of simulator based Debugging

Though simulation based firmware debugging technique is
very helpful in embedded applications. Some of the limitations of simulator based debugging are
explained below.

 Deviation from Real Behaviour

Simulation based firmware debugging is always carried out in
a development environment where the developer may not be able to debug the firmware under all
possible combinations of input. Under certain operating conditions we may get some particular result
and it need not be the same when the firmware runs in a production environment.

 Lack of real timelines

The major limitation of simulator based debugging is that it is not real-
time in behavior. The debugging is developer driven and it is no way capable of creating a real time
behavior. Moreover in a real application the I/O condition may be varying or unpredictable.
Simulation goes for simulating those conditions for known values.

7.4.2 EMULATORS AND DEBUGGERS

Debugging process in embedded application is broadly classified into two,
namely, hardware debugging and firmware debugging. Hardware debugging deals with the
monitoring of various bus signals and checking the status lines of the target hardware. Firm ware
debugging deals with examining the firmware execution, execution flow, changes to various CPU
registers and status registers on execution of the firmware to ensure that the firmware is running as
per the design.

Firm ware debugging is preformed to figure the bug or the error in the
firmware which creates the unexpected behavior. Firmware is analogous to the human body in the
sense it is wide spread and / or modular. During the early days of embedded system development,
there were no debug tools available and only ways was “Burn the code in an EEPROM”.

The following section describes the improvements over firmware debugging

starting from the most primitive type of debugging to the most sophisticated on chip debugging
(OCD).

7.4.2.1 INCREMENTAL EEPROM BURNING TECHNIQUE

This is the most primitive type of firmware debugging technique where the
code is separated into different functional code units. Instead of burning the entire code into the
EEPROM chip at once, the code is burned in incremental order, where the code corresponding to all
functionalities are separately codes, cross compiled and burned into the chip one bye one.

If the first functionality is found working perfectly on the target board with
the corresponding code burned into the EEPROM, go for working perfectly burning the code
corresponding to the next functionality and check whether it is working. Repeat this process till all
functionalities are covered.

All the functionalities working properly, combine the entire source for all
functionalities together, re-compile and burn the code for the total system functioning.

7.4.2.2 INLINE BREAK POINT BASED FIRMWARE DEBUGGING

Inline breakpoint based debugging is another primitive method of firmware

debugging. Within the firmware where you want to ensure that firmware execution is reaching up to a
specified point, insert an inline debug code immediately after the point.
7.4.3 MONITOR PROGRAM BASED FIRMWARE DEBUGGING

Monitor program based firmware debugging is the first adopted

invasive method for firmware debugging. In this approach a monitor program which acts as a
supervisor is developed.

The most common type of interface used b/w target board and debug
application is Rs-232c serial interface. After the successful completion of the ‘Monitor program’
development it is compiled and burned into the flash memory or ROM of the target board. The code
memory containing the monitor program is known as ‘monitor Rom’.
The monitor program contains the following set of minimal features.
 Command set interface to establish communication with the debugging application.
 Firm ware down load option to code memory.
 Examine and modify processor registers and working memory (RAM)
 Single step program execution.
 Set break point in firmware execution.
 Send debug information to debug application running on most machine.

7.4.4 IN CIRCUIT EMULATOR (ICE) BASED FIRMWARE DEBUGGING

The term ‘Simulator’ and ‘Emulator’ or little bit confusing and sounds similar.
Though their basic functionality is the same “Debug the target firmware” the way in which they
achieve this functionality is totally different. As mentioned before, ‘Simulator’ is a software
application that precisely duplicates (mimics) the target CPU and Simulates the various features and
instructions supported by the target CPU, where as on ‘Emulator’ is a self-contained hardware device
which emulates the target CPU. The emulator hardware contains necessary emulation logic and it is
hooked to the debugging application running on the development PC on one end and connects to the
target board through some interface on the other end. In summary, the simulator ‘Simulates’ the target
board CPU and the emulator ‘Emulates’ the target board CPU.
 Fig.7.3
7.4.5 EMULATION DEVICE
Emulation device is a replica of the target CPU which receives
various signals from the target board through a device adaptor connected to the target board and
performs the execution of firmware under the control of debug commands from the debug
application. The emulation device can be either a standard chip same as the target processor (ex.
AT89C51) or a programmable logic device(PLD) configured to function as the target CPU.

Emulation Memory:
It is the Random Access Memory (RAM) incorporated in the
Emulator device. It acts as a replacement to the target board’s EEPROM where the code is supposed
to be downloaded after each firmware modification. Hence the original EEPROM memory is
emulated by the RAM of emulator. This is known as ‘ROM Emulation’.

Emulator Control Logic:

Emulator control logic is the logic circuits used for
implementing complex hardware break points, trace butter trigger detection, trace buffer controller,
etc.. Emulator control logic circuits are also end for implementing logic analyzer functions in
advanced emulator devices.
Device Adaptors:
Device adaptors act as an interface between the target board and emulator
POD. Device adaptors are normally pin to pin compatible sockets which can be inserted / plugged
into the target board for routing the various singles from the pin assigned for the target processor. The
device adaptor is usually connected to the emulator POD using ribbon cables. The adaptor type
varies depending on the target processor’s chip postage. DIP, PLCC, etc. are some commonly used
adaptors.

7.4.6 ON CHIP FIRMWARE DEBUGGING(OCD)

Advances in semiconductor technology has brought out new dimensions to
target firmware debugging. Today almost all processors / controllers in corporate built in debug
modules could On Chip Debug(OCD) support. Though OCD adds silicon complexity and cost factor,
from a developer perspective it is a very good feature supporting fast and efficient firmware
debugging.
Chips with JTAG debug interface contain a built-in JTAG port for
communicating with the remote debugger application. JTAG is the acronym for Joint Test Action
Group. JTAG is the alternate name for IEEE 1149.1 standard. Like BDM, JTAG is also a serial
interface. The signal lines of JTAG protocol are explained below.

Test Data In (TDI):

It is used for sending debug commands serially from remote debugger to the
target processor.

Test Data Out (TDO):

Transmit debug response to the remote debugger from target CPU.

Test Clock (TCK):

 Synchronizes the serial data transfer.

Test Mode Select (TMS):

Sets the mode of testing.

Test Reset (TRST):

It is an optional signal line used for resetting the target CPU.
The serial data transfer rate for JTAG debugging is chip dependent. It is usually
within the range of 10 to 1000 MHz.

7.5 TARGET HARDWARE DEBUGGING

Hardware debugging involves the monitoring of various signals of the target
board (address / data lines, port pins, etc.) checking the inter connection among various components.
Circuit continuity checking etc. the various hardware debugging tools used in Embedded product
Development are explained below.

Magnifying Glass (Lens):

Magnifying glass is the primary hardware debugging tool for an
embedded hardware debugging professional. A magnifying glass is a powerful visual inspection tool.
With a magnifying glass (lens), the surface of the target board can be examined thoroughly for dry
soldering track (PCB connection) damage, short of tracks, etc.. Now a days high quality magnifying
stations are available for visual inspection. The magnifying station incorporates magnifying glasses
attached to a stand with CFL tubes for providing proper illumination for inspection. The statin usually
incorporates multiple magnifying lenses.

Multi meter:
Multi meter is used for measuring various electrical quantities like voltage (Both Ac
and DC), current (DC as well as AC) resistance, capacitance, continuity checking, transistor
checking, cathode and mode identification of diode. In embedded hardware debugging it is mainly
used for checking the circuit continuity between different points on the board measuring the supply
voltage, checking the signal value, polarity etc. the digital version is preferred over analog the one for
various reasons like readability, accuracy, etc..

Digital CRO:
CRO is a little more sophisticated tool compared to a multimeter. CRO is used for
wave from capturing and analysis, measurement of signal strength. CRO is very good tool I analyzing
interference noise in the power supply line and other signal lines. Monitoring the crystal oscillator
signal from target board is a typical example of the usage of CRO for waveform capturing and
analysis in target board is a typical example of the usage of CRO for ware form capturing and
analysis in target board debugging. CRO’s are available in both analog and digital versions. Though
digital CRO are costly and are best suited for forget board debugging applications. Modern digital
CRO’s more than one channel and it is easy to capture and analyses various signals channel and it is
easy to capture and analyze various signals from the target board using multiple channels
simultaneously.

Logic Analyzer:
A logic analyzer is the big brother of digital CRO Logic analyzer is used for
capturing digital data (logic 1 and 0) from a digital circuitry where as CRO is employed in capturing
all kinds of waves including logic signals. Another major limitation of CRO is that the total number
of logic signals / wave forms that can be captured with a CRO is a limited to the number of channels.
A logic analyzer contains special connectors and clips which can be attached to the target board for
capturing digital data. In target board debugging applications a logic analyzer captures the states of
various port pins, address bus and data bus to the target processor / controller. Most modern logic
analyzers contain provisions for storing captured data selecting a desired region of the captured ware
form, zooming selected region of the captured ware form.

Function Generator:
Function generator is not a debugging tool. It is an input signal simulator
tool. A function generator is capable of producing various periodic wave forms like sine wave, square
wave, saw tooth wave, etc., with different frequencies and amplitude. The target board may require
some kind of periodic waveform with a particular frequency as input to some part of the board. This
in a debugging environment the function generator serves the purpose of generating and supplying
required signals.

7.6 BOUNDARY SCAN

The device packages used in the PCB become miniature to reduce the total
board space occupied by them and multiple layers may be required to route the inter connections
among the chips with miniature device packages and multiple layers for the PC it will be very
difficult to debug the hardware using magnifying glass, multi meter to check the interconnection
among the various chips. Boundary scan is a technique used for testing the interconnection among the
various chips, which support JTAG interface, present in the board, chips which support boundary
scan associate a boundary scan cell with each pin of the device. A JTAG port which contains the five
signal lines namely TDI, TDO, TCK, TRST and TMS form the Test Access Port (TAP) for a JTAG
supported chip. Each device will have its own TAP. The PCB also contains a TAP for connecting the
JTAG signal lines to the external world. A boundary scan path is formed inside the board by inter
connecting the devices through JTAG signal lines. The TDI pin of the TAP of the PCB is connected
to the TDI pin of the first device. The TDO pin of the first device is connected to the TDI pin of the
2nd device. In this way all devices are interconnected and the TBO pin of the last JTAG device is
connected to the TBO pin of the TAP of the PCB.
Fig: 7.4 :JTAG based boundary scanning for hardware testing