Percepio, an authorized partner and member of the ST Partner Program, just launched DevAlert® Sandbox, a new way to experiment with the company’s DevAlert solution. In a nutshell, DevAlert can remotely diagnose and debug applications running on STM32 microcontrollers thanks to exceptionally detailed logs and cloud computing. Hence, teams can detect issues early and deploy a patch over the air before dramatic consequences occur. Additionally, developers can use DevAlert’s general monitoring framework during testing and deployment to detect anomalies or even cybersecurity attacks. Percepio used ST’s B-L475E-IOT01A Discovery kit for IoT as a reference during the project’s inception.
Table of Contents
Crushing Bugs in the Age of Softwarization
How It Started and How It’s Going?
Since the first official “bug” in 1947, caused by a moth lodged into a hardware relay inside Harvard’s Mark II electromechanical computer, errors and glitches have plagued code. A 2002 study by the U.S. National Institute of Standards and Technology (NIST) established that, at the time, bugs cost the U.S. economy about 60 billion dollars annually. Corrected for inflation, this would amount today to 95 billion dollars. However, this figure is most likely far higher. Indeed, since 2002, societies have been relying a lot more on software. Mobile products, cloud services, and smart vehicles, homes, or cities testify to “softwarization.” The term, coined in 20161, designates a tendency to prioritize software solutions rather than create new hardware.
What New Challenges Developers Face Today?
Additionally, a paper published in 2016 by The Journal of Systems and Software2 showed that many bugs, especially those with more than two conditions, avoided internal testing procedures. Developers could have caught them before releasing their program but didn’t have the testing protocols to spot them. As software gets increasingly complex, testing for every single-use case and code branch is often impossible. For instance, thread switching in real-time operating systems and parallelism thanks to new multicore MCUs create unique challenges. Moreover, with the advent of machine learning at the edge, unexpected behaviors are more common, and the need to correct them is ever more critical. Therefore, a tool like Percepio DevAlert (DevAlert) represents a solution to this problem.
Smoothing the Rough Development Ride
How Can Alerts, Warnings, and Traces Help?
Developers use DevAlert by calling API functions that generate an alert when an issue is detected. The warnings include an error code, a message string, variables or register values, and the most recent trace. The system then sends this content to a probe, the cloud, or stores them locally until developers grab them with a smartphone or laptop. Programmers can then use Percepio’s Tracealyzer® to study traces and determine what went wrong through its visualization tools. Since developers can integrate alerts within their code that handles errors or exceptions, they can more rapidly bring DevAlert into their workflow. The framework is thus relatively straightforward as it doesn’t necessitate a code rewrite.
How Does DevAlert Minimize RAM Usage and Data Uploads with a Ring Buffer?
At its core, DevAlert uses a ring buffer that constantly logs details in the memory allocated by the program. As a result, using the trace buffer only requires a few kilobytes of RAM, and cloud uploads only happen after an anomaly. Hence, when an error occurs, the system already has tons of information on what was happening. Additionally, DevAlert doesn’t constantly upload to the cloud, therefore saving significant bandwidth. After ten years of work, Percepio significantly optimized its solution on STM32 to only use between four bytes to 16 bytes of RAM per event, with a majority only requiring around eight bytes. DevAlert can thus log thousands of events per second without negatively impacting performances.
Comparatively, most other competing trace recorders need between 16 bytes and 32 bytes per event. Indeed, the ring buffer enables a smaller RAM requirement as data is constantly overwritten until required. The system also transfers events to the flash to save information before a hard reboot. As a result, Percepio’s solution can fit in many systems, including those with tight memory constraints. Moreover, storing hundreds or thousands of events becomes far more manageable and primarily a function of the flash instead of the RAM. Developers can thus have a comprehensive analysis of their program and figure out how to optimize it. They can also monitor more aspects of their applications to detect a broader range of abnormal behaviors.
How DevAlert Can Help With Cybersecurity Monitoring?
One example of what developers can monitor with DevAlert is security attacks. The framework itself doesn’t provide automatic detection of cyberattacks. However, it is flexible enough to allow the detection of security-related anomalies. For instance, developers can monitor the network stack and login attempts. Numerous erroneous login attempts would often be a tell-tale sign of a brute force attack and atypical requests could point to denial-of-service attacks. Similarly, DevAlert may rapidly detect corrupt stacks, which could point to the exploitation of a remote code execution vulnerability, and ensure developers spot and quickly patch the issue. The framework also uses SecureFault exemptions after a TrustZone violation on an STM32U5 or STM32L5.
Encouraging Experimentation with a Virtual STM32 System
What Is DevAlert Sandbox?
One of the best ways to get started with DevAlert is to use DevAlert Sandbox, a pre-packaged environment in the cloud. Users can learn from the demo applications, an elevator controller running on a simulated STM32F4. It is possible to tweak code directly within the environment, which contains an Eclipse IDE, a GCC toolchain, and a QEMU simulator. Developers can thus see what warnings would look like, how the system would run, and how changes would impact the program. Percepio chose the elevator example because it’s a very common class of embedded systems and lends itself to practical visualization.
Why Start With DevAlert Sandbox?
Since all compilation operations run on the cloud server, the system works on any modern browser and operating system. However, the cloud version doesn’t preserve code edits between sessions. Hence, a virtual machine image is also available for download. It allows developers to run the demo locally and store edits more easily. Users can sign up for DevAlert Sandbox for free. Once engineers are ready, they can copy their code changes to their IDE and run it on their STM32 microcontroller. The default installation comes with built-in anomalies that developers can run as soon as they log in for the first time and a set of introduction videos.
Shortening the Time to Market
How Does DevAlert Work with ST Technologies?
After experimenting with DevAlert Sandbox, developers will want to move to their STM32 system. One way to quickly test DevAlert on a physical solution is to use the B-L475E-IOT01A Discovery kit, which supports STLINK-V3. Percepio supported STLINK-V3 as soon as it launched, thus ensuring their customers enjoyed faster speeds and new features. Additionally, the company went a step further by providing an Eclipse plugin for STM32CubeIDE, our first free IDE with STM32CubeMX integrated. The plugin makes it easier to use Tracealyzer within ST’s development environment. DevAlert also uses cloud infrastructures to help engineers keep track of bugs or specific information, opening the system to more than just error detection.
What Does the Cloud Bring?
Percepio uses the cloud to sort issues using a “Classification Engine.” Before the information reaches developers, the server processes it to highlight any new or potentially essential warnings on the DevAlert Dashboard. As a result, teams avoid “alert fatigue” when receiving messages from a large fleet and can better spot important messages. Seeing how many times an anomaly takes place can also help with prioritization. Furthermore, using a cloud facilitates information sharing between teams, even when DevAlert is only running locally in a test lab. DevAlert can also use the cloud to track sensor information to check for unforeseen conditions. For instance, programmers could detect if people accidentally press a button or find a flaw in the interface.
- Sevil Dräxler, Manuel Peuster, Holger Karl, Michael Bredel, Johannes Lessmann, Thomas Soenen, Wouter Tavernier, Sharon Mendel-Brin, George Xilouris. 2016. “SONATA: Service Programming and Orchestration for Virtualized Software Networks”. 2017. IEEE International Conference on Communications Workshops. https://doi.org/10.1109/ICCW.2017.7962785 ↩︎
- Domenico Cotroneo, Roberto Pietrantuono, Stefano Russo, Kishor Trivedi. “How do bugs surface? A comprehensive study on the characteristics of software bugs manifestation”. 2016. Journal of Systems and Software, Volume 113: 27-43. https://doi.org/10.1016/j.jss.2015.11.021. ↩︎