Best practices are meant to be fundamental, essential practices that every firmware application should follow. Programming defensively has always been an important software skill. Below are a few best practices for programming defensively in C that firmware developers should keep in mind:
- Check inputs and outputs of functions
- Check the return value of functions (they are ignored so often!)
- Monitor buffers to prevent overflow
- Verify pointers are not NULL especially function pointers
- Use assert macro to detect bugs NOT error conditions
- 2 – 3 % of code base should be assertions
- assert should NOT modify the state of the system
- Expose only data and functions that are need to know by larger program (encapsulate)
- Perform static analysis as part of the build process
- Monitor the stack for overflows
- FILL unused ROM with known pattern, ISR Vector, or stop instruction
- Watchdog system should be integrated and not blindly pet the watchdog
Following these simple best practices can help ensure improved firmware quality and a first step towards developing secure firmware.