#47 Assertions and Design by Contract, Part-1

Congratulations on your new job, and best of luck! I'm glad to hear that this course was helpful :-) --MMS

The next episode ("Assertions and DBC, Part-2") will be coming up much sooner than my usual 3-month release cycle. Stay tuned! --MMS

Yes, assertions (especially the precondition assertions) are *especially* valuable in library code! This is because every non-trivial library can be used incorrectly, and assertions formally specify and automatically enforce the "contracts" between the library and the client code. In my experience with the QP/C and QP/C++ frameworks, the assertions are there primarily to catch problems in the *client code*. I will talk about the impact of assertions in Part-2 on the subject. Stay tuned! --MMS

The purpose of assertions is to provide self-checks in the code. The purpose of software tracing is simply to report what is going on, without checking for correctness. But I can see how these two concepts can be conflated and confused because standard assertions print a message, so in a sense, they produce a "trace". In the next lesson, you will see embedded assertions that don't necessarily print anything, yet they are still valuable to perform "damage control" and eventually reset the system. I hope this will help you see the difference. Stay tuned! --MMS

I'm glad to hear that you like the content. Regarding the IAR EWAR, I was still able to download and install it (EWARM 9.32). It is also still possible to register the free size-limited (but time-unlimited) license. But IAR has been used only up to lesson #18. After that, lessons #19-20 used the Ecliplse-based Code Composer Studio (with GNU-ARM). And finally, starting from lesson #21 (released over 5 years ago), this course has been using the ARM-KEIL MDK (uVision IDE). --MMS

I don't work in automotive, so I can't lecture about AUTOSAR. But I am planning to talk about a specific type of real-time kernel that is virtually unknown outside the automotive sector (OSEK/VDX kernel, CC2 compliance class). Such a preemptive kernel is ideal for executing state machines (active objects). --MMS

@@StateMachineCOM can you recommend us sources for learn AUTOSAR. Tbh, I find it difficult to learn.

@@albertoramirezdiaz8323 As I said, luckily I don't work in automotive. But AUTOSAR seems overblown, like many other heavyweight methodologies. One cynical opinion about AUTOSAR that I remember is still available on Reddit: www.reddit.com/r/embedded/comments/leq366/comment/gmiq6d0

If you think that this video lesson is just about the assert() macro, you probably missed the point. Assertions are simple to implement, but it is a mistake to think that the *use* of assertions is simple. If this was the case, you'd see many more assertions in the embedded codebase. Instead, you still see a lot of "defensive programming", which is an anti-pattern. This lesson attempts to educate the viewers about assertions by showing the correct mental models of assertions (e.g., Design by Contract, assertions as fuses, etc.) and the proper ways of applying assertions (to avert errors and NOT to handle exceptional conditions). The next lesson will be more specific to embedded programming. Stay tuned! --MMS

@@StateMachineCOM you could have mentionned BUG() in the linux kernel. I'm well aware of what you're saying, the theory that you describe is mere "intellectual masturbation" to me, if you may.