1<html> 2<head> 3<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII"> 4<title>Safety Critical Embedded Controller</title> 5<link rel="stylesheet" href="boostbook.css" type="text/css"> 6<meta name="generator" content="DocBook XSL Stylesheets V1.79.1"> 7<link rel="home" href="index.html" title="Safe Numerics"> 8<link rel="up" href="case_studies.html" title="Case Studies"> 9<link rel="prev" href="composition_with_other_libraries.html" title="Composition with Other Libraries"> 10<link rel="next" href="notes.html" title="Background"> 11</head> 12<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"> 13<table cellpadding="2" width="100%"><tr> 14<td valign="top"><img href="index.html" height="164px" src="pre-boost.jpg" alt="Library Documentation Index"></td> 15<td><h2>Safe Numerics</h2></td> 16</tr></table> 17<div class="spirit-nav"> 18<a accesskey="p" href="composition_with_other_libraries.html"><img src="images/prev.png" alt="Prev"></a><a accesskey="u" href="case_studies.html"><img src="images/up.png" alt="Up"></a><a accesskey="h" href="index.html"><img src="images/home.png" alt="Home"></a><a accesskey="n" href="notes.html"><img src="images/next.png" alt="Next"></a> 19</div> 20<div class="section"> 21<div class="titlepage"><div><div><h3 class="title"> 22<a name="safe_numerics.safety_critical_embedded_controller"></a>Safety Critical Embedded Controller</h3></div></div></div> 23<div class="toc"><dl class="toc"> 24<dt><span class="section"><a href="safety_critical_embedded_controller.html#idm130205797504">How a Stepper Motor Works</a></span></dt> 25<dt><span class="section"><a href="safety_critical_embedded_controller.html#idm130205785344">Updating the Code</a></span></dt> 26<dt><span class="section"><a href="safety_critical_embedded_controller.html#idm130205769072">Refactor for Testing</a></span></dt> 27<dt><span class="section"><a href="safety_critical_embedded_controller.html#idm130205760352">Compiling on the Desktop</a></span></dt> 28<dt><span class="section"><a href="safety_critical_embedded_controller.html#idm130205230160">Trapping Errors at Compile Time</a></span></dt> 29<dt><span class="section"><a href="safety_critical_embedded_controller.html#idm130204123024">Summary</a></span></dt> 30</dl></div> 31<p>Suppose we are given the task of creating stepper motor driver 32 software to drive a robotic hand to be used in robotic micro surgery. The 33 processor that has been selected by the engineers is the <a href="http://www.microchip.com/wwwproducts/en/PIC18F2520" target="_top">PIC18F2520</a> 34 manufactured by <a href="http://www.microchip.com" target="_top">Microchip 35 Corporation</a>. This processor has 32KB of program memory. On a 36 processor this small, it's common to use a mixture of 8, 16, and 32 bit data 37 types in order to minimize memory footprint and program run time. The type 38 <code class="computeroutput">int</code> has 16 bits. It's programmed in C. Since this program is 39 going to be running life critical function, it must be demonstrably correct. 40 This implies that it needs to be verifiable and testable. Since the target 41 micro processor is inconvenient for accomplishing these goals, we will build 42 and test the code on the desktop.</p> 43<div class="section"> 44<div class="titlepage"><div><div><h4 class="title"> 45<a name="idm130205797504"></a>How a Stepper Motor Works</h4></div></div></div> 46<div class="figure"> 47<a name="idm130205796864"></a><p class="title"><b>Figure 1. Stepper Motor</b></p> 48<div class="figure-contents"><div class="mediaobject" align="left"><table border="0" summary="manufactured viewport for HTML img" style="cellpadding: 0; cellspacing: 0;" width="50%"><tr><td align="left"><img src="StepperMotor.gif" align="left" width="216" alt="Stepper Motor"></td></tr></table></div></div> 49</div> 50<br class="figure-break"><p>A stepper motor controller emits a pulse which causes the motor to 51 move one step. It seems simple, but in practice it turns out to be quite 52 intricate to get right as one has to time the pulses individually to 53 smoothly accelerate the rotation of the motor from a standing start until 54 it reaches the some maximum velocity. Failure to do this will either limit 55 the stepper motor to very low speed or result in skipped steps when the 56 motor is under load. Similarly, a loaded motor must be slowly decelerated 57 down to a stop.</p> 58<div class="figure"> 59<a name="idm130205792544"></a><p class="title"><b>Figure 2. Motion Profile</b></p> 60<div class="figure-contents"><div class="mediaobject"><table border="0" summary="manufactured viewport for HTML img" style="cellpadding: 0; cellspacing: 0;" width="100%"><tr><td><img src="stepper_profile.png" width="100%" alt="Motion Profile"></td></tr></table></div></div> 61</div> 62<p><br class="figure-break"></p> 63<p>This implies the the width of the pulses must decrease as the motor 64 accelerates. That is the pulse with has to be computed while the motor is 65 in motion. This is illustrated in the above drawing. A program to 66 accomplish this might look something like the following:</p> 67<div class="literallayout"><p>setup registers and step to zero position<br> 68<br> 69specify target position<br> 70set initial time to interrupt<br> 71enable interrupts<br> 72<br> 73On interrupt<br> 74    if at target position<br> 75        disable interrupts and return<br> 76    calculate width of next step<br> 77    change current winding according to motor direction<br> 78    set delay time to next interrupt to width of next step</p></div> 79<p>Already, this is turning it to a much more complex project than it 80 first seemed. Searching around the net, we find a popular <a href="../../example/stepper-motor.pdf" target="_top">article</a> on the operation of 81 stepper motors using simple micro controllers. The algorithm is very well 82 explained and it includes complete <a href="../../example/motor.c" target="_top">code 83 we can test</a>. The engineers are still debugging the prototype 84 boards and hope to have them ready before the product actually ships. But 85 this doesn't have to keep us from working on our code.</p> 86</div> 87<div class="section"> 88<div class="titlepage"><div><div><h4 class="title"> 89<a name="idm130205785344"></a>Updating the Code</h4></div></div></div> 90<p>Inspecting this <a href="../../example/motor.c" target="_top">code</a>, we 91 find that it is written in a dialect of C rather than C itself. At the 92 time this code was written, conforming versions of the C compiler were not 93 available for PIC processors. We want to compile this code on the <a href="http://ww1.microchip.com/downloads/en/DeviceDoc/50002053G.pdf" target="_top">Microchip 94 XC8 compiler</a> which, for the most part, is standards conforming. So 95 we made the following minimal changes:</p> 96<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "> 97<li class="listitem"><p>Factor into <a href="../../example/motor1.c" target="_top">motor1.c</a> which contains the 98 motor driving code and <a href="../../example/motor_test1.c" target="_top">motor_test1.c</a> which tests 99 that code.</p></li> 100<li class="listitem"><p>Include header <code class="computeroutput"><xc.h></code> which contains 101 constants for the <a href="http://www.microchip.com/wwwproducts/en/PIC18F2520" target="_top">PIC18F2520</a> 102 processor</p></li> 103<li class="listitem"><p>Include header <code class="computeroutput"><stdint.h></code> to include 104 standard Fixed width integer types.</p></li> 105<li class="listitem"><p>Include header <code class="computeroutput"><stdbool.h></code> to include 106 keywords true and false in a C program.</p></li> 107<li class="listitem"><p>The original has some anomalies in the names of types. For 108 example, int16 is assumed to be unsigned. This is an artifact of the 109 original C compiler being used. So type names in the code were 110 altered to standard ones while retaining the intent of the original 111 code.</p></li> 112<li class="listitem"><p>Add in missing <code class="computeroutput">make16</code> function.</p></li> 113<li class="listitem"><p>Format code to personal taste.</p></li> 114<li class="listitem"><p>Replaced enable_interrupts and disable_interrupts functions 115 with appropriate PIC commands.</p></li> 116</ul></div> 117<p>The resulting program can be checked to be identical to the original 118 but compiles on with the Microchip XC8 compiler. Given a development 119 board, we could hook it up to a stepper motor, download and boot the code 120 and verify that the motor rotates 5 revolutions in each direction with 121 smooth acceleration and deceleration. We don't have such a board yet, but 122 the engineers have promised a working board real soon now.</p> 123</div> 124<div class="section"> 125<div class="titlepage"><div><div><h4 class="title"> 126<a name="idm130205769072"></a>Refactor for Testing</h4></div></div></div> 127<p>In order to develop our test suite and execute the same code on the 128 desktop and the target system we factor out the shared code as a separate 129 module which will used in both environments without change. The shared 130 module <a href="../../example/motor2.c" target="_top"><code class="computeroutput"><a href="../../example/motor1.c" target="_top">motor2.c</a></code></a> contains the 131 algorithm for handling the interrupts in such a way as to create the 132 smooth acceleration we require.</p> 133<div class="literallayout"><p>    <a href="../../example/motor2.c" target="_top"><code class="computeroutput"><a href="../../example/motor_test2.c" target="_top">motor_test2.c</a></code></a>        <a href="../../example/motor2.c" target="_top"><code class="computeroutput"><a href="../../example/example92.cpp" target="_top">example92.cpp</a></code></a><br> 134<br> 135    #include ...         #include ...<br> 136    PIC typedefs ...     desktop types ...<br> 137            \               /<br> 138             \             /<br> 139            #include <a href="../../example/motor2.c" target="_top"><code class="computeroutput"><a href="../../example/motor2.c" target="_top">motor2.c</a></code></a><br> 140             /             \<br> 141            /               \<br> 142    PIC test code        desktop test code</p></div> 143</div> 144<div class="section"> 145<div class="titlepage"><div><div><h4 class="title"> 146<a name="idm130205760352"></a>Compiling on the Desktop</h4></div></div></div> 147<p>Using the target environment to run tests is often very difficult or 148 impossible due to limited resources. So software unit testing for embedded 149 systems is very problematic and often skipped. The C language on our 150 desktop is the same used by the <a href="http://www.microchip.com/wwwproducts/en/PIC18F2520" target="_top">PIC18F2520</a>. 151 So now we can also run and debug the code on our desktop machine. Once our 152 code passes all our tests, we can download the code to the embedded 153 hardware and run the code natively. Here is a program we use on the 154 desktop to do that:</p> 155<pre class="programlisting"><span class="comment">//////////////////////////////////////////////////////////////////</span> 156<span class="comment">// example92.cpp</span> 157<span class="comment">//</span> 158<span class="comment">// Copyright (c) 2015 Robert Ramey</span> 159<span class="comment">//</span> 160<span class="comment">// Distributed under the Boost Software License, Version 1.0. (See</span> 161<span class="comment">// accompanying file LICENSE_1_0.txt or copy at</span> 162<span class="comment">// http://www.boost.org/LICENSE_1_0.txt)</span> 163 164<span class="preprocessor">#include</span> <span class="special"><</span><span class="identifier">iostream</span><span class="special">></span> 165 166<span class="comment">// *************************** </span> 167<span class="comment">// 1. include headers to support safe integers</span> 168<span class="preprocessor">#include</span> <span class="special"><</span><span class="identifier">boost</span><span class="special">/</span><span class="identifier">safe_numerics</span><span class="special">/</span><span class="identifier">cpp</span><span class="special">.</span><span class="identifier">hpp</span><span class="special">></span> 169<span class="preprocessor">#include</span> <span class="special"><</span><span class="identifier">boost</span><span class="special">/</span><span class="identifier">safe_numerics</span><span class="special">/</span><span class="identifier">exception</span><span class="special">.</span><span class="identifier">hpp</span><span class="special">></span> 170<span class="preprocessor">#include</span> <span class="special"><</span><span class="identifier">boost</span><span class="special">/</span><span class="identifier">safe_numerics</span><span class="special">/</span><span class="identifier">safe_integer</span><span class="special">.</span><span class="identifier">hpp</span><span class="special">></span> 171 172<span class="comment">// *************************** </span> 173<span class="comment">// 2. specify a promotion policy to support proper emulation of </span> 174<span class="comment">// PIC types on the desktop</span> 175<span class="keyword">using</span> <span class="identifier">pic16_promotion</span> <span class="special">=</span> <span class="identifier">boost</span><span class="special">::</span><span class="identifier">safe_numerics</span><span class="special">::</span><span class="identifier">cpp</span><span class="special"><</span> 176 <span class="number">8</span><span class="special">,</span> <span class="comment">// char 8 bits</span> 177 <span class="number">16</span><span class="special">,</span> <span class="comment">// short 16 bits</span> 178 <span class="number">16</span><span class="special">,</span> <span class="comment">// int 16 bits</span> 179 <span class="number">16</span><span class="special">,</span> <span class="comment">// long 16 bits</span> 180 <span class="number">32</span> <span class="comment">// long long 32 bits</span> 181<span class="special">></span><span class="special">;</span> 182 183<span class="comment">// 1st step=50ms; max speed=120rpm (based on 1MHz timer, 1.8deg steps)</span> 184<span class="preprocessor">#define</span> <span class="identifier">C0</span> <span class="special">(</span><span class="number">50000</span> <span class="special"><<</span> <span class="number">8</span><span class="special">)</span> 185<span class="preprocessor">#define</span> <span class="identifier">C_MIN</span> <span class="special">(</span><span class="number">2500</span> <span class="special"><<</span> <span class="number">8</span><span class="special">)</span> 186 187<span class="identifier">static_assert</span><span class="special">(</span><span class="identifier">C0</span> <span class="special"><</span> <span class="number">0xffffff</span><span class="special">,</span> <span class="string">"Largest step too long"</span><span class="special">)</span><span class="special">;</span> 188<span class="identifier">static_assert</span><span class="special">(</span><span class="identifier">C_MIN</span> <span class="special">></span> <span class="number">0</span><span class="special">,</span> <span class="string">"Smallest step must be greater than zero"</span><span class="special">)</span><span class="special">;</span> 189<span class="identifier">static_assert</span><span class="special">(</span><span class="identifier">C_MIN</span> <span class="special"><</span> <span class="identifier">C0</span><span class="special">,</span> <span class="string">"Smallest step must be smaller than largest step"</span><span class="special">)</span><span class="special">;</span> 190 191<span class="comment">// *************************** </span> 192<span class="comment">// 3. define PIC integer type names to be safe integer types of he same size.</span> 193 194<span class="keyword">template</span> <span class="special"><</span><span class="keyword">typename</span> <span class="identifier">T</span><span class="special">></span> <span class="comment">// T is char, int, etc data type</span> 195<span class="keyword">using</span> <span class="identifier">safe_t</span> <span class="special">=</span> <span class="identifier">boost</span><span class="special">::</span><span class="identifier">safe_numerics</span><span class="special">::</span><span class="identifier">safe</span><span class="special"><</span> 196 <span class="identifier">T</span><span class="special">,</span> 197 <span class="identifier">pic16_promotion</span> 198<span class="special">></span><span class="special">;</span> 199 200<span class="comment">// alias original program's integer types to corresponding PIC safe types</span> 201<span class="comment">// In conjunction with the promotion policy above, this will permit us to </span> 202<span class="comment">// guarantee that the resulting program will be free of arithmetic errors </span> 203<span class="comment">// introduced by C expression syntax and type promotion with no runtime penalty</span> 204 205<span class="keyword">typedef</span> <span class="identifier">safe_t</span><span class="special"><</span><span class="identifier">int8_t</span><span class="special">></span> <span class="identifier">int8</span><span class="special">;</span> 206<span class="keyword">typedef</span> <span class="identifier">safe_t</span><span class="special"><</span><span class="identifier">int16_t</span><span class="special">></span> <span class="identifier">int16</span><span class="special">;</span> 207<span class="keyword">typedef</span> <span class="identifier">safe_t</span><span class="special"><</span><span class="identifier">int32_t</span><span class="special">></span> <span class="identifier">int32</span><span class="special">;</span> 208<span class="keyword">typedef</span> <span class="identifier">safe_t</span><span class="special"><</span><span class="identifier">uint8_t</span><span class="special">></span> <span class="identifier">uint8</span><span class="special">;</span> 209<span class="keyword">typedef</span> <span class="identifier">safe_t</span><span class="special"><</span><span class="identifier">uint16_t</span><span class="special">></span> <span class="identifier">uint16</span><span class="special">;</span> 210<span class="keyword">typedef</span> <span class="identifier">safe_t</span><span class="special"><</span><span class="identifier">uint32_t</span><span class="special">></span> <span class="identifier">uint32</span><span class="special">;</span> 211 212<span class="comment">// *************************** </span> 213<span class="comment">// 4. emulate PIC features on the desktop</span> 214 215<span class="comment">// filter out special keyword used only by XC8 compiler</span> 216<span class="preprocessor">#define</span> <span class="identifier">__interrupt</span> 217<span class="comment">// filter out XC8 enable/disable global interrupts</span> 218<span class="preprocessor">#define</span> <span class="identifier">ei</span><span class="special">(</span><span class="special">)</span> 219<span class="preprocessor">#define</span> <span class="identifier">di</span><span class="special">(</span><span class="special">)</span> 220 221<span class="comment">// emulate PIC special registers</span> 222<span class="identifier">uint8</span> <span class="identifier">RCON</span><span class="special">;</span> 223<span class="identifier">uint8</span> <span class="identifier">INTCON</span><span class="special">;</span> 224<span class="identifier">uint8</span> <span class="identifier">CCP1IE</span><span class="special">;</span> 225<span class="identifier">uint8</span> <span class="identifier">CCP2IE</span><span class="special">;</span> 226<span class="identifier">uint8</span> <span class="identifier">PORTC</span><span class="special">;</span> 227<span class="identifier">uint8</span> <span class="identifier">TRISC</span><span class="special">;</span> 228<span class="identifier">uint8</span> <span class="identifier">T3CON</span><span class="special">;</span> 229<span class="identifier">uint8</span> <span class="identifier">T1CON</span><span class="special">;</span> 230 231<span class="identifier">uint8</span> <span class="identifier">CCPR2H</span><span class="special">;</span> 232<span class="identifier">uint8</span> <span class="identifier">CCPR2L</span><span class="special">;</span> 233<span class="identifier">uint8</span> <span class="identifier">CCPR1H</span><span class="special">;</span> 234<span class="identifier">uint8</span> <span class="identifier">CCPR1L</span><span class="special">;</span> 235<span class="identifier">uint8</span> <span class="identifier">CCP1CON</span><span class="special">;</span> 236<span class="identifier">uint8</span> <span class="identifier">CCP2CON</span><span class="special">;</span> 237<span class="identifier">uint8</span> <span class="identifier">TMR1H</span><span class="special">;</span> 238<span class="identifier">uint8</span> <span class="identifier">TMR1L</span><span class="special">;</span> 239 240<span class="comment">// create type used to map PIC bit names to</span> 241<span class="comment">// correct bit in PIC register</span> 242<span class="keyword">template</span><span class="special"><</span><span class="keyword">typename</span> <span class="identifier">T</span><span class="special">,</span> <span class="identifier">std</span><span class="special">::</span><span class="identifier">int8_t</span> <span class="identifier">N</span><span class="special">></span> 243<span class="keyword">struct</span> <span class="identifier">bit</span> <span class="special">{</span> 244 <span class="identifier">T</span> <span class="special">&</span> <span class="identifier">m_word</span><span class="special">;</span> 245 <span class="keyword">constexpr</span> <span class="keyword">explicit</span> <span class="identifier">bit</span><span class="special">(</span><span class="identifier">T</span> <span class="special">&</span> <span class="identifier">rhs</span><span class="special">)</span> <span class="special">:</span> 246 <span class="identifier">m_word</span><span class="special">(</span><span class="identifier">rhs</span><span class="special">)</span> 247 <span class="special">{</span><span class="special">}</span> 248 <span class="keyword">constexpr</span> <span class="identifier">bit</span> <span class="special">&</span> <span class="keyword">operator</span><span class="special">=</span><span class="special">(</span><span class="keyword">int</span> <span class="identifier">b</span><span class="special">)</span><span class="special">{</span> 249 <span class="keyword">if</span><span class="special">(</span><span class="identifier">b</span> <span class="special">!=</span> <span class="number">0</span><span class="special">)</span> 250 <span class="identifier">m_word</span> <span class="special">|=</span> <span class="special">(</span><span class="number">1</span> <span class="special"><<</span> <span class="identifier">N</span><span class="special">)</span><span class="special">;</span> 251 <span class="keyword">else</span> 252 <span class="identifier">m_word</span> <span class="special">&=</span> <span class="special">~</span><span class="special">(</span><span class="number">1</span> <span class="special"><<</span> <span class="identifier">N</span><span class="special">)</span><span class="special">;</span> 253 <span class="keyword">return</span> <span class="special">*</span><span class="keyword">this</span><span class="special">;</span> 254 <span class="special">}</span> 255 <span class="keyword">constexpr</span> <span class="keyword">operator</span> <span class="keyword">int</span> <span class="special">(</span><span class="special">)</span> <span class="keyword">const</span> <span class="special">{</span> 256 <span class="keyword">return</span> <span class="identifier">m_word</span> <span class="special">>></span> <span class="identifier">N</span> <span class="special">&</span> <span class="number">1</span><span class="special">;</span> 257 <span class="special">}</span> 258<span class="special">}</span><span class="special">;</span> 259 260<span class="comment">// define bits for T1CON register</span> 261<span class="keyword">struct</span> <span class="special">{</span> 262 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">uint8</span><span class="special">,</span> <span class="number">7</span><span class="special">></span> <span class="identifier">RD16</span><span class="special">{</span><span class="identifier">T1CON</span><span class="special">}</span><span class="special">;</span> 263 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">uint8</span><span class="special">,</span> <span class="number">5</span><span class="special">></span> <span class="identifier">T1CKPS1</span><span class="special">{</span><span class="identifier">T1CON</span><span class="special">}</span><span class="special">;</span> 264 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">uint8</span><span class="special">,</span> <span class="number">4</span><span class="special">></span> <span class="identifier">T1CKPS0</span><span class="special">{</span><span class="identifier">T1CON</span><span class="special">}</span><span class="special">;</span> 265 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">uint8</span><span class="special">,</span> <span class="number">3</span><span class="special">></span> <span class="identifier">T1OSCEN</span><span class="special">{</span><span class="identifier">T1CON</span><span class="special">}</span><span class="special">;</span> 266 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">uint8</span><span class="special">,</span> <span class="number">2</span><span class="special">></span> <span class="identifier">T1SYNC</span><span class="special">{</span><span class="identifier">T1CON</span><span class="special">}</span><span class="special">;</span> 267 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">uint8</span><span class="special">,</span> <span class="number">1</span><span class="special">></span> <span class="identifier">TMR1CS</span><span class="special">{</span><span class="identifier">T1CON</span><span class="special">}</span><span class="special">;</span> 268 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">uint8</span><span class="special">,</span> <span class="number">0</span><span class="special">></span> <span class="identifier">TMR1ON</span><span class="special">{</span><span class="identifier">T1CON</span><span class="special">}</span><span class="special">;</span> 269<span class="special">}</span> <span class="identifier">T1CONbits</span><span class="special">;</span> 270 271<span class="comment">// define bits for T1CON register</span> 272<span class="keyword">struct</span> <span class="special">{</span> 273 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">uint8</span><span class="special">,</span> <span class="number">7</span><span class="special">></span> <span class="identifier">GEI</span><span class="special">{</span><span class="identifier">INTCON</span><span class="special">}</span><span class="special">;</span> 274 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">uint8</span><span class="special">,</span> <span class="number">5</span><span class="special">></span> <span class="identifier">PEIE</span><span class="special">{</span><span class="identifier">INTCON</span><span class="special">}</span><span class="special">;</span> 275 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">uint8</span><span class="special">,</span> <span class="number">4</span><span class="special">></span> <span class="identifier">TMR0IE</span><span class="special">{</span><span class="identifier">INTCON</span><span class="special">}</span><span class="special">;</span> 276 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">uint8</span><span class="special">,</span> <span class="number">3</span><span class="special">></span> <span class="identifier">RBIE</span><span class="special">{</span><span class="identifier">INTCON</span><span class="special">}</span><span class="special">;</span> 277 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">uint8</span><span class="special">,</span> <span class="number">2</span><span class="special">></span> <span class="identifier">TMR0IF</span><span class="special">{</span><span class="identifier">INTCON</span><span class="special">}</span><span class="special">;</span> 278 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">uint8</span><span class="special">,</span> <span class="number">1</span><span class="special">></span> <span class="identifier">INT0IF</span><span class="special">{</span><span class="identifier">INTCON</span><span class="special">}</span><span class="special">;</span> 279 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">uint8</span><span class="special">,</span> <span class="number">0</span><span class="special">></span> <span class="identifier">RBIF</span><span class="special">{</span><span class="identifier">INTCON</span><span class="special">}</span><span class="special">;</span> 280<span class="special">}</span> <span class="identifier">INTCONbits</span><span class="special">;</span> 281 282<span class="comment">// ***************************</span> 283<span class="comment">// 5. include the environment independent code we want to test</span> 284<span class="preprocessor">#include</span> <span class="string">"motor2.c"</span> 285 286<span class="preprocessor">#include</span> <span class="special"><</span><span class="identifier">chrono</span><span class="special">></span> 287<span class="preprocessor">#include</span> <span class="special"><</span><span class="identifier">thread</span><span class="special">></span> 288 289<span class="comment">// round 24.8 format to microseconds</span> 290<span class="identifier">int32</span> <span class="identifier">to_microseconds</span><span class="special">(</span><span class="identifier">uint32</span> <span class="identifier">t</span><span class="special">)</span><span class="special">{</span> 291 <span class="keyword">return</span> <span class="special">(</span><span class="identifier">t</span> <span class="special">+</span> <span class="number">128</span><span class="special">)</span> <span class="special">/</span> <span class="number">256</span><span class="special">;</span> 292<span class="special">}</span> 293 294<span class="keyword">using</span> <span class="identifier">result_t</span> <span class="special">=</span> <span class="identifier">uint8_t</span><span class="special">;</span> 295<span class="keyword">const</span> <span class="identifier">result_t</span> <span class="identifier">success</span> <span class="special">=</span> <span class="number">1</span><span class="special">;</span> 296<span class="keyword">const</span> <span class="identifier">result_t</span> <span class="identifier">fail</span> <span class="special">=</span> <span class="number">0</span><span class="special">;</span> 297 298<span class="comment">// move motor to the indicated target position in steps</span> 299<span class="identifier">result_t</span> <span class="identifier">test</span><span class="special">(</span><span class="identifier">int32</span> <span class="identifier">m</span><span class="special">)</span><span class="special">{</span> 300 <span class="keyword">try</span> <span class="special">{</span> 301 <span class="identifier">std</span><span class="special">::</span><span class="identifier">cout</span> <span class="special"><<</span> <span class="string">"move motor to "</span> <span class="special"><<</span> <span class="identifier">m</span> <span class="special"><<</span> <span class="char">'\n'</span><span class="special">;</span> 302 <span class="identifier">motor_run</span><span class="special">(</span><span class="identifier">m</span><span class="special">)</span><span class="special">;</span> 303 <span class="identifier">std</span><span class="special">::</span><span class="identifier">cout</span> 304 <span class="special"><<</span> <span class="string">"step #"</span> <span class="special"><<</span> <span class="char">' '</span> 305 <span class="special"><<</span> <span class="string">"delay(us)(24.8)"</span> <span class="special"><<</span> <span class="char">' '</span> 306 <span class="special"><<</span> <span class="string">"delay(us)"</span> <span class="special"><<</span> <span class="char">' '</span> 307 <span class="special"><<</span> <span class="string">"CCPR"</span> <span class="special"><<</span> <span class="char">' '</span> 308 <span class="special"><<</span> <span class="string">"motor position"</span> <span class="special"><<</span> <span class="char">'\n'</span><span class="special">;</span> 309 <span class="keyword">do</span><span class="special">{</span> 310 <span class="identifier">std</span><span class="special">::</span><span class="identifier">this_thread</span><span class="special">::</span><span class="identifier">sleep_for</span><span class="special">(</span><span class="identifier">std</span><span class="special">::</span><span class="identifier">chrono</span><span class="special">::</span><span class="identifier">microseconds</span><span class="special">(</span><span class="identifier">to_microseconds</span><span class="special">(</span><span class="identifier">c</span><span class="special">)</span><span class="special">)</span><span class="special">)</span><span class="special">;</span> 311 <span class="identifier">uint32</span> <span class="identifier">last_c</span> <span class="special">=</span> <span class="identifier">c</span><span class="special">;</span> 312 <span class="identifier">uint32</span> <span class="identifier">last_ccpr</span> <span class="special">=</span> <span class="identifier">ccpr</span><span class="special">;</span> 313 <span class="identifier">isr_motor_step</span><span class="special">(</span><span class="special">)</span><span class="special">;</span> 314 <span class="identifier">std</span><span class="special">::</span><span class="identifier">cout</span> 315 <span class="special"><<</span> <span class="identifier">step_no</span> <span class="special"><<</span> <span class="char">' '</span> 316 <span class="special"><<</span> <span class="identifier">last_c</span> <span class="special"><<</span> <span class="char">' '</span> 317 <span class="special"><<</span> <span class="identifier">to_microseconds</span><span class="special">(</span><span class="identifier">last_c</span><span class="special">)</span> <span class="special"><<</span> <span class="char">' '</span> 318 <span class="special"><<</span> <span class="identifier">std</span><span class="special">::</span><span class="identifier">hex</span> <span class="special"><<</span> <span class="identifier">last_ccpr</span> <span class="special"><<</span> <span class="identifier">std</span><span class="special">::</span><span class="identifier">dec</span> <span class="special"><<</span> <span class="char">' '</span> 319 <span class="special"><<</span> <span class="identifier">motor_pos</span> <span class="special"><<</span> <span class="char">'\n'</span><span class="special">;</span> 320 <span class="special">}</span><span class="keyword">while</span><span class="special">(</span><span class="identifier">run_flg</span><span class="special">)</span><span class="special">;</span> 321 <span class="special">}</span> 322 <span class="keyword">catch</span><span class="special">(</span><span class="keyword">const</span> <span class="identifier">std</span><span class="special">::</span><span class="identifier">exception</span> <span class="special">&</span> <span class="identifier">e</span><span class="special">)</span><span class="special">{</span> 323 <span class="identifier">std</span><span class="special">::</span><span class="identifier">cout</span> <span class="special"><<</span> <span class="identifier">e</span><span class="special">.</span><span class="identifier">what</span><span class="special">(</span><span class="special">)</span> <span class="special"><<</span> <span class="char">'\n'</span><span class="special">;</span> 324 <span class="keyword">return</span> <span class="identifier">fail</span><span class="special">;</span> 325 <span class="special">}</span> 326 <span class="keyword">return</span> <span class="identifier">success</span><span class="special">;</span> 327<span class="special">}</span> 328 329<span class="keyword">int</span> <span class="identifier">main</span><span class="special">(</span><span class="special">)</span><span class="special">{</span> 330 <span class="identifier">std</span><span class="special">::</span><span class="identifier">cout</span> <span class="special"><<</span> <span class="string">"start test\n"</span><span class="special">;</span> 331 <span class="identifier">result_t</span> <span class="identifier">result</span> <span class="special">=</span> <span class="identifier">success</span><span class="special">;</span> 332 <span class="keyword">try</span><span class="special">{</span> 333 <span class="identifier">initialize</span><span class="special">(</span><span class="special">)</span><span class="special">;</span> 334 <span class="comment">// move motor to position 1000</span> 335 <span class="identifier">result</span> <span class="special">&=</span> <span class="identifier">test</span><span class="special">(</span><span class="number">1000</span><span class="special">)</span><span class="special">;</span> 336 <span class="comment">// move motor to position 200</span> 337 <span class="identifier">result</span> <span class="special">&=</span> <span class="identifier">test</span><span class="special">(</span><span class="number">200</span><span class="special">)</span><span class="special">;</span> 338 <span class="comment">// move motor to position 200 again! Should result in no movement.</span> 339 <span class="identifier">result</span> <span class="special">&=</span> <span class="identifier">test</span><span class="special">(</span><span class="number">200</span><span class="special">)</span><span class="special">;</span> 340 <span class="comment">// move back to position 0</span> 341 <span class="identifier">result</span> <span class="special">&=</span> <span class="identifier">test</span><span class="special">(</span><span class="number">0</span><span class="special">)</span><span class="special">;</span> 342 <span class="comment">// ***************************</span> 343 <span class="comment">// 6. error detected here! data types can't handle enough</span> 344 <span class="comment">// steps to move the carriage from end to end! Suppress this</span> 345 <span class="comment">// test for now.</span> 346 <span class="comment">// move motor to position 50000.</span> 347<span class="comment">// result &= test(50000);</span> 348 <span class="comment">// move motor back to position 0.</span> 349 <span class="identifier">result</span> <span class="special">&=</span> <span class="identifier">test</span><span class="special">(</span><span class="number">0</span><span class="special">)</span><span class="special">;</span> 350 <span class="special">}</span> 351 <span class="keyword">catch</span><span class="special">(</span><span class="keyword">const</span> <span class="identifier">std</span><span class="special">::</span><span class="identifier">exception</span> <span class="special">&</span> <span class="identifier">e</span><span class="special">)</span><span class="special">{</span> 352 <span class="identifier">std</span><span class="special">::</span><span class="identifier">cout</span> <span class="special"><<</span> <span class="identifier">e</span><span class="special">.</span><span class="identifier">what</span><span class="special">(</span><span class="special">)</span> <span class="special"><<</span> <span class="char">'\n'</span><span class="special">;</span> 353 <span class="keyword">return</span> <span class="number">1</span><span class="special">;</span> 354 <span class="special">}</span> 355 <span class="keyword">catch</span><span class="special">(</span><span class="special">...</span><span class="special">)</span><span class="special">{</span> 356 <span class="identifier">std</span><span class="special">::</span><span class="identifier">cout</span> <span class="special"><<</span> <span class="string">"test interrupted\n"</span><span class="special">;</span> 357 <span class="keyword">return</span> <span class="identifier">EXIT_FAILURE</span><span class="special">;</span> 358 <span class="special">}</span> 359 <span class="identifier">std</span><span class="special">::</span><span class="identifier">cout</span> <span class="special"><<</span> <span class="string">"end test\n"</span><span class="special">;</span> 360 <span class="keyword">return</span> <span class="identifier">result</span> <span class="special">==</span> <span class="identifier">success</span> <span class="special">?</span> <span class="identifier">EXIT_SUCCESS</span> <span class="special">:</span> <span class="identifier">EXIT_FAILURE</span><span class="special">;</span> 361<span class="special">}</span> 362</pre> 363<p>Here are the essential features of the desktop version of the test 364 program.</p> 365<div class="orderedlist"><ol class="orderedlist" type="1"> 366<li class="listitem"><p>Include headers required to support safe integers.</p></li> 367<li class="listitem"> 368<p>Specify a <a class="link" href="promotion_policy.html" title="PromotionPolicy<PP>">promotion policy</a> to 369 support proper emulation of PIC types on the desktop.</p> 370<p>The C language standard doesn't specify sizes for primitive 371 data types like <code class="computeroutput">int</code>. They can and do differ between 372 environments. Hence, the characterization of C/C++ as "portable" 373 languages is not strictly true. Here we choose aliases for data 374 types so that they can be defined to be the same in both 375 environments. But this is not enough to emulate the <a href="http://www.microchip.com/wwwproducts/en/PIC18F2520" target="_top">PIC18F2520</a> 376 on the desktop. The problem is that compilers implicitly convert 377 arguments of C expressions to some common type before performing 378 arithmetic operations. Often, this common type is the native 379 <code class="computeroutput">int</code> and the size of this native type is different in 380 the desktop and embedded environment. Thus, many arithmetic results 381 would be different in the two environments.</p> 382<p>But now we can specify our own implicit promotion rules for 383 test programs on the development platform that are identical to 384 those on the target environment! So unit testing executed in the 385 development environment can now provide results relevant to the 386 target environment.</p> 387</li> 388<li class="listitem"> 389<p>Define PIC integer type aliases to be safe integer types of he 390 same size.</p> 391<p>Code tested in the development environment will use safe 392 numerics to detect errors. We need these aliases to permit the code 393 in <a href="../../example/motor2.c" target="_top">motor2.c</a> to be tested 394 in the desktop environment. The same code run in the target system 395 without change.</p> 396</li> 397<li class="listitem"> 398<p>Emulate PIC features on the desktop.</p> 399<p>The PIC processor, in common with most micro controllers these 400 days, includes a myriad of special purpose peripherals to handle 401 things like interrupts, USB, timers, SPI bus, I^2C bus, etc.. These 402 peripherals are configured using special 8 bit words in reserved 403 memory locations. Configuration consists of setting particular bits 404 in these words. To facilitate configuration operations, the XC8 405 compiler includes a special syntax for setting and accessing bits in 406 these locations. One of our goals is to permit the testing of the 407 identical code with our desktop C++ compiler as will run on the 408 micro controller. To realize this goal, we create some C++ code 409 which implements the XC8 C syntax for setting bits in particular 410 memory locations.</p> 411</li> 412<li class="listitem"><p>include <a href="../../example/motor1.c" target="_top">motor1.c</a></p></li> 413<li class="listitem"><p>Add test to verify that the motor will be able to keep track 414 of a position from 0 to 50000 steps. This will be needed to maintain 415 the position of out linear stage across a range from 0 to 500 416 mm.</p></li> 417</ol></div> 418<p>Our first attempt to run this program fails by throwing an exception 419 from <a href="../../example/motor1.c" target="_top">motor1.c</a> indicating that 420 the code attempts to left shift a negative number at the 421 statements:</p> 422<pre class="programlisting"><span class="identifier">denom</span> <span class="special">=</span> <span class="special">(</span><span class="special">(</span><span class="identifier">step_no</span> <span class="special">-</span> <span class="identifier">move</span><span class="special">)</span> <span class="special"><<</span> <span class="number">2</span><span class="special">)</span> <span class="special">+</span> <span class="number">1</span><span class="special">;</span></pre> 423<p>According to the C/C++ standards this is implementation defined 424 behavior. But in practice with all modern platforms (as far as I know), 425 this will be equivalent to a multiplication by 4. Clearly the intent of 426 the original author is to "micro optimize" the operation by substituting a 427 cheap left shift for a potentially expensive integer multiplication. But 428 on all modern compilers, this substitution will be performed automatically 429 by the compiler's optimizer. So we have two alternatives here:</p> 430<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "> 431<li class="listitem"> 432<p>Just ignore the issue.</p> 433<p>This will work when the code is run on the PIC. But, in order to 434 permit testing on the desktop, we need to inhibit the error detection 435 in that environment. With safe numerics, error handling is determined 436 by specifying an <a class="link" href="exception_policy.html" title="ExceptionPolicy<EP>">exception policy</a>. In 437 this example, we've used the default exception policy which traps 438 implementation defined behavior. To ignore this kind of behavior we 439 could define our own custom <a class="link" href="exception_policy.html" title="ExceptionPolicy<EP>">exception 440 policy</a>.</p> 441</li> 442<li class="listitem"><p>change the <code class="computeroutput"><< 2</code> to <code class="computeroutput">* 4</code>. This 443 will produce the intended result in an unambiguous, portable way. For 444 all known compilers, this change should not affect runtime performance 445 in any way. It will result in unambiguously portable code.</p></li> 446<li class="listitem"><p>Alter the code so that the expression in question is never 447 negative. Depending on sizes of the operands and the size of the 448 native integer, this expression might return convert the operands to 449 int or result in an invalid result.</p></li> 450</ul></div> 451<p>Of these alternatives, the third seems the more definitive fix so 452 we'll choose that one. We also decide to make a couple of minor changes to 453 simplify the code and make mapping of the algorithm in the article to the 454 code more transparent. With these changes, our test program runs to the 455 end with no errors or exceptions. In addition, I made a minor change which 456 simplifies the handling of floating point values in format of 24.8. This 457 results in <a href="../../example/motor2.c" target="_top">motor2.c</a> which 458 makes the above changes. It should be easy to see that these two versions 459 are otherwise identical.</p> 460<p>Finally our range test fails. In order to handle the full range we 461 need, we'll have to change some data types used for holding step count and 462 position. We won't do that here as it would make our example too complex. 463 We'll deal with this on the next version.</p> 464</div> 465<div class="section"> 466<div class="titlepage"><div><div><h4 class="title"> 467<a name="idm130205230160"></a>Trapping Errors at Compile Time</h4></div></div></div> 468<p>We can test the same code we're going to load into our target system 469 on the desktop. We could build and execute a complete unit test suite. We 470 could capture the output and graph it. We have the ability to make are 471 code much more likely to be bug free. But:</p> 472<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "> 473<li class="listitem"><p>This system detects errors and exceptions on the test machine - 474 but it fails to address and detect such problems on the target system. 475 Since the target system is compiles only C code, we can't use the 476 exception/error facilities of this library at runtime.</p></li> 477<li class="listitem"><p><a href="https://en.wikiquote.org/wiki/Edsger_W._Dijkstra" target="_top">Testing shows 478 the presence, not the absence of bugs</a>. Can we not prove that 479 all integer arithmetic is correct?</p></li> 480<li class="listitem"><p>For at least some operations on safe integers there is runtime 481 cost in checking for errors. In this example, this is not really a 482 problem as the safe integer code is not included when the code is run 483 on the target - it's only a C compiler after all. But more generally, 484 using safe integers might incur an undesired runtime cost.</p></li> 485</ul></div> 486<p>Can we catch all potential problems at compiler time and therefore 487 eliminate all runtime cost?</p> 488<p>Our first attempt consists of simply changing default exception 489 policy from the default runtime checking to the compile time trapping one. 490 Then we redefine the aliases for the types used by the PIC to use this 491 exception policy.</p> 492<pre class="programlisting"><span class="comment">// generate compile time errors if operation could fail </span> 493<span class="keyword">using</span> <span class="identifier">trap_policy</span> <span class="special">=</span> <span class="identifier">boost</span><span class="special">::</span><span class="identifier">numeric</span><span class="special">::</span><span class="identifier">loose_trap_policy</span><span class="special">;</span> 494<span class="special">...</span> 495<span class="keyword">typedef</span> <span class="identifier">safe_t</span><span class="special"><</span><span class="identifier">int8_t</span><span class="special">,</span> <span class="identifier">trap_policy</span><span class="special">></span> <span class="identifier">int8</span><span class="special">;</span> 496<span class="special">...</span> 497</pre> 498<p>When we compile now, any expressions which could possibly fail will 499 be flagged as syntax errors. This occurs 11 times when compiling the 500 <a href="../../example/motor2.c" target="_top">motor2.c</a> program. This is 501 fewer than one might expect. To understand why, consider the following 502 example:</p> 503<pre class="programlisting"><span class="identifier">safe</span><span class="special"><</span><span class="identifier">std</span><span class="special">::</span><span class="identifier">int8_t</span><span class="special">></span> <span class="identifier">x</span><span class="special">,</span> <span class="identifier">y</span><span class="special">;</span> 504<span class="special">...</span> 505<span class="identifier">safe</span><span class="special"><</span><span class="identifier">std</span><span class="special">::</span><span class="identifier">int16_t</span><span class="special">></span> <span class="identifier">z</span> <span class="special">=</span> <span class="identifier">x</span> <span class="special">+</span> <span class="identifier">y</span><span class="special">;</span> 506</pre> 507<p>C promotion rules and arithmetic are such that the z will 508 always contain an arithmetically correct result regardless of what values 509 are assigned to x and y. Hence there is no need for any kind of checking 510 of the arithmetic or result. The Safe Numerics library uses compile time 511 range arithmetic, C++ template multiprogramming and other techniques to 512 restrict invocation of checking code to only those operations which could 513 possible fail. So the above code incurs no runtime overhead.</p> 514<p>Now we have 11 cases to consider. Our goal is to modify the program 515 so that this number of cases is reduced - hopefully to zero. Initially I 516 wanted to just make a few tweaks in the versions of 517 <code class="computeroutput">example92.c</code>, <code class="computeroutput">motor2.c</code> and 518 <code class="computeroutput">motor_test2.c</code> above without actually having to understand the 519 code. It turns out that one needs to carefully consider what various types 520 and variables are used for. This can be a good thing or a bad thing 521 depending on one's circumstances, goals and personality. The programs 522 above evolved into <a href="../../example/example93.c" target="_top"><code class="computeroutput">example93.c</code></a>, 523 <code class="computeroutput"><a href="../../example/motor3.c" target="_top">motor3.c</a></code> and 524 <a href="../../example/motor_test3.c" target="_top"><code class="computeroutput">motor_test3.c</code></a>. 525 First we'll look at <code class="computeroutput">example93.c</code>:</p> 526<pre class="programlisting"><span class="comment">//////////////////////////////////////////////////////////////////</span> 527<span class="comment">// example93.cpp</span> 528<span class="comment">//</span> 529<span class="comment">// Copyright (c) 2015 Robert Ramey</span> 530<span class="comment">//</span> 531<span class="comment">// Distributed under the Boost Software License, Version 1.0. (See</span> 532<span class="comment">// accompanying file LICENSE_1_0.txt or copy at</span> 533<span class="comment">// http://www.boost.org/LICENSE_1_0.txt)</span> 534 535<span class="preprocessor">#include</span> <span class="special"><</span><span class="identifier">iostream</span><span class="special">></span> 536 537<span class="comment">// include headers to support safe integers</span> 538<span class="preprocessor">#include</span> <span class="special"><</span><span class="identifier">boost</span><span class="special">/</span><span class="identifier">safe_numerics</span><span class="special">/</span><span class="identifier">cpp</span><span class="special">.</span><span class="identifier">hpp</span><span class="special">></span> 539<span class="preprocessor">#include</span> <span class="special"><</span><span class="identifier">boost</span><span class="special">/</span><span class="identifier">safe_numerics</span><span class="special">/</span><span class="identifier">exception</span><span class="special">.</span><span class="identifier">hpp</span><span class="special">></span> 540<span class="preprocessor">#include</span> <span class="special"><</span><span class="identifier">boost</span><span class="special">/</span><span class="identifier">safe_numerics</span><span class="special">/</span><span class="identifier">safe_integer</span><span class="special">.</span><span class="identifier">hpp</span><span class="special">></span> 541<span class="preprocessor">#include</span> <span class="special"><</span><span class="identifier">boost</span><span class="special">/</span><span class="identifier">safe_numerics</span><span class="special">/</span><span class="identifier">safe_integer_range</span><span class="special">.</span><span class="identifier">hpp</span><span class="special">></span> 542<span class="preprocessor">#include</span> <span class="special"><</span><span class="identifier">boost</span><span class="special">/</span><span class="identifier">safe_numerics</span><span class="special">/</span><span class="identifier">safe_integer_literal</span><span class="special">.</span><span class="identifier">hpp</span><span class="special">></span> 543 544<span class="comment">// use same type promotion as used by the pic compiler</span> 545<span class="comment">// target compiler XC8 supports:</span> 546<span class="keyword">using</span> <span class="identifier">pic16_promotion</span> <span class="special">=</span> <span class="identifier">boost</span><span class="special">::</span><span class="identifier">safe_numerics</span><span class="special">::</span><span class="identifier">cpp</span><span class="special"><</span> 547 <span class="number">8</span><span class="special">,</span> <span class="comment">// char 8 bits</span> 548 <span class="number">16</span><span class="special">,</span> <span class="comment">// short 16 bits</span> 549 <span class="number">16</span><span class="special">,</span> <span class="comment">// int 16 bits</span> 550 <span class="number">16</span><span class="special">,</span> <span class="comment">// long 16 bits</span> 551 <span class="number">32</span> <span class="comment">// long long 32 bits</span> 552<span class="special">></span><span class="special">;</span> 553 554<span class="comment">// ***************************</span> 555<span class="comment">// 1. Specify exception policies so we will generate a</span> 556<span class="comment">// compile time error whenever an operation MIGHT fail.</span> 557 558<span class="comment">// ***************************</span> 559<span class="comment">// generate runtime errors if operation could fail</span> 560<span class="keyword">using</span> <span class="identifier">exception_policy</span> <span class="special">=</span> <span class="identifier">boost</span><span class="special">::</span><span class="identifier">safe_numerics</span><span class="special">::</span><span class="identifier">default_exception_policy</span><span class="special">;</span> 561 562<span class="comment">// generate compile time errors if operation could fail</span> 563<span class="keyword">using</span> <span class="identifier">trap_policy</span> <span class="special">=</span> <span class="identifier">boost</span><span class="special">::</span><span class="identifier">safe_numerics</span><span class="special">::</span><span class="identifier">loose_trap_policy</span><span class="special">;</span> 564 565<span class="comment">// ***************************</span> 566<span class="comment">// 2. Create a macro named literal an integral value</span> 567<span class="comment">// that can be evaluated at compile time.</span> 568<span class="preprocessor">#define</span> <span class="identifier">literal</span><span class="special">(</span><span class="identifier">n</span><span class="special">)</span> <span class="identifier">make_safe_literal</span><span class="special">(</span><span class="identifier">n</span><span class="special">,</span> <span class="identifier">pic16_promotion</span><span class="special">,</span> <span class="keyword">void</span><span class="special">)</span> 569 570<span class="comment">// For min speed of 2 mm / sec (24.8 format)</span> 571<span class="comment">// sec / step = sec / 2 mm * 2 mm / rotation * rotation / 200 steps</span> 572<span class="preprocessor">#define</span> <span class="identifier">C0</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">5000</span> <span class="special"><<</span> <span class="number">8</span><span class="special">)</span> 573 574<span class="comment">// For max speed of 400 mm / sec</span> 575<span class="comment">// sec / step = sec / 400 mm * 2 mm / rotation * rotation / 200 steps</span> 576<span class="preprocessor">#define</span> <span class="identifier">C_MIN</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">25</span> <span class="special"><<</span> <span class="number">8</span><span class="special">)</span> 577 578<span class="identifier">static_assert</span><span class="special">(</span> 579 <span class="identifier">C0</span> <span class="special"><</span> <span class="identifier">make_safe_literal</span><span class="special">(</span><span class="number">0xffffff</span><span class="special">,</span> <span class="identifier">pic16_promotion</span><span class="special">,</span><span class="identifier">trap_policy</span><span class="special">)</span><span class="special">,</span> 580 <span class="string">"Largest step too long"</span> 581<span class="special">)</span><span class="special">;</span> 582<span class="identifier">static_assert</span><span class="special">(</span> 583 <span class="identifier">C_MIN</span> <span class="special">></span> <span class="identifier">make_safe_literal</span><span class="special">(</span><span class="number">0</span><span class="special">,</span> <span class="identifier">pic16_promotion</span><span class="special">,</span><span class="identifier">trap_policy</span><span class="special">)</span><span class="special">,</span> 584 <span class="string">"Smallest step must be greater than zero"</span> 585<span class="special">)</span><span class="special">;</span> 586 587<span class="comment">// ***************************</span> 588<span class="comment">// 3. Create special ranged types for the motor program</span> 589<span class="comment">// These wiil guarantee that values are in the expected</span> 590<span class="comment">// ranges and permit compile time determination of when</span> 591<span class="comment">// exceptional conditions might occur.</span> 592 593<span class="keyword">using</span> <span class="identifier">pic_register_t</span> <span class="special">=</span> <span class="identifier">boost</span><span class="special">::</span><span class="identifier">safe_numerics</span><span class="special">::</span><span class="identifier">safe</span><span class="special"><</span> 594 <span class="identifier">uint8_t</span><span class="special">,</span> 595 <span class="identifier">pic16_promotion</span><span class="special">,</span> 596 <span class="identifier">trap_policy</span> <span class="comment">// use for compiling and running tests</span> 597<span class="special">></span><span class="special">;</span> 598 599<span class="comment">// note: the maximum value of step_t would be:</span> 600<span class="comment">// 50000 = 500 mm / 2 mm/rotation * 200 steps/rotation.</span> 601<span class="comment">// But in one expression the value of number of steps * 4 is</span> 602<span class="comment">// used. To prevent introduction of error, permit this</span> 603<span class="comment">// type to hold the larger value.</span> 604<span class="keyword">using</span> <span class="identifier">step_t</span> <span class="special">=</span> <span class="identifier">boost</span><span class="special">::</span><span class="identifier">safe_numerics</span><span class="special">::</span><span class="identifier">safe_unsigned_range</span><span class="special"><</span> 605 <span class="number">0</span><span class="special">,</span> 606 <span class="number">200000</span><span class="special">,</span> 607 <span class="identifier">pic16_promotion</span><span class="special">,</span> 608 <span class="identifier">exception_policy</span> 609<span class="special">></span><span class="special">;</span> 610 611<span class="comment">// position</span> 612<span class="keyword">using</span> <span class="identifier">position_t</span> <span class="special">=</span> <span class="identifier">boost</span><span class="special">::</span><span class="identifier">safe_numerics</span><span class="special">::</span><span class="identifier">safe_unsigned_range</span><span class="special"><</span> 613 <span class="number">0</span><span class="special">,</span> 614 <span class="number">50000</span><span class="special">,</span> <span class="comment">// 500 mm / 2 mm/rotation * 200 steps/rotation</span> 615 <span class="identifier">pic16_promotion</span><span class="special">,</span> 616 <span class="identifier">exception_policy</span> 617<span class="special">></span><span class="special">;</span> 618 619<span class="comment">// next end of step timer value in format 24.8</span> 620<span class="comment">// where the .8 is the number of bits in the fractional part.</span> 621<span class="keyword">using</span> <span class="identifier">ccpr_t</span> <span class="special">=</span> <span class="identifier">boost</span><span class="special">::</span><span class="identifier">safe_numerics</span><span class="special">::</span><span class="identifier">safe</span><span class="special"><</span> 622 <span class="identifier">uint32_t</span><span class="special">,</span> 623 <span class="identifier">pic16_promotion</span><span class="special">,</span> 624 <span class="identifier">exception_policy</span> 625<span class="special">></span><span class="special">;</span> 626 627<span class="comment">// pulse length in format 24.8</span> 628<span class="comment">// note: this value is constrainted to be a positive value. But</span> 629<span class="comment">// we still need to make it a signed type. We get an arithmetic</span> 630<span class="comment">// error when moving to a negative step number.</span> 631<span class="keyword">using</span> <span class="identifier">c_t</span> <span class="special">=</span> <span class="identifier">boost</span><span class="special">::</span><span class="identifier">safe_numerics</span><span class="special">::</span><span class="identifier">safe_unsigned_range</span><span class="special"><</span> 632 <span class="identifier">C_MIN</span><span class="special">,</span> 633 <span class="identifier">C0</span><span class="special">,</span> 634 <span class="identifier">pic16_promotion</span><span class="special">,</span> 635 <span class="identifier">exception_policy</span> 636<span class="special">></span><span class="special">;</span> 637 638<span class="comment">// index into phase table</span> 639<span class="comment">// note: The legal values are 0-3. So why must this be a signed</span> 640<span class="comment">// type? Turns out that expressions like phase_ix + d</span> 641<span class="comment">// will convert both operands to unsigned. This in turn will</span> 642<span class="comment">// create an exception. So leave it signed even though the</span> 643<span class="comment">// value is greater than zero.</span> 644<span class="keyword">using</span> <span class="identifier">phase_ix_t</span> <span class="special">=</span> <span class="identifier">boost</span><span class="special">::</span><span class="identifier">safe_numerics</span><span class="special">::</span><span class="identifier">safe_signed_range</span><span class="special"><</span> 645 <span class="number">0</span><span class="special">,</span> 646 <span class="number">3</span><span class="special">,</span> 647 <span class="identifier">pic16_promotion</span><span class="special">,</span> 648 <span class="identifier">trap_policy</span> 649<span class="special">></span><span class="special">;</span> 650 651<span class="comment">// settings for control value output</span> 652<span class="keyword">using</span> <span class="identifier">phase_t</span> <span class="special">=</span> <span class="identifier">boost</span><span class="special">::</span><span class="identifier">safe_numerics</span><span class="special">::</span><span class="identifier">safe</span><span class="special"><</span> 653 <span class="identifier">uint16_t</span><span class="special">,</span> 654 <span class="identifier">pic16_promotion</span><span class="special">,</span> 655 <span class="identifier">trap_policy</span> 656<span class="special">></span><span class="special">;</span> 657 658<span class="comment">// direction of rotation</span> 659<span class="keyword">using</span> <span class="identifier">direction_t</span> <span class="special">=</span> <span class="identifier">boost</span><span class="special">::</span><span class="identifier">safe_numerics</span><span class="special">::</span><span class="identifier">safe_signed_range</span><span class="special"><</span> 660 <span class="special">-</span><span class="number">1</span><span class="special">,</span> 661 <span class="special">+</span><span class="number">1</span><span class="special">,</span> 662 <span class="identifier">pic16_promotion</span><span class="special">,</span> 663 <span class="identifier">trap_policy</span> 664<span class="special">></span><span class="special">;</span> 665 666<span class="comment">// some number of microseconds</span> 667<span class="keyword">using</span> <span class="identifier">microseconds</span> <span class="special">=</span> <span class="identifier">boost</span><span class="special">::</span><span class="identifier">safe_numerics</span><span class="special">::</span><span class="identifier">safe</span><span class="special"><</span> 668 <span class="identifier">uint32_t</span><span class="special">,</span> 669 <span class="identifier">pic16_promotion</span><span class="special">,</span> 670 <span class="identifier">trap_policy</span> 671<span class="special">></span><span class="special">;</span> 672 673<span class="comment">// *************************** </span> 674<span class="comment">// emulate PIC features on the desktop</span> 675 676<span class="comment">// filter out special keyword used only by XC8 compiler</span> 677<span class="preprocessor">#define</span> <span class="identifier">__interrupt</span> 678<span class="comment">// filter out XC8 enable/disable global interrupts</span> 679<span class="preprocessor">#define</span> <span class="identifier">ei</span><span class="special">(</span><span class="special">)</span> 680<span class="preprocessor">#define</span> <span class="identifier">di</span><span class="special">(</span><span class="special">)</span> 681 682<span class="comment">// emulate PIC special registers</span> 683<span class="identifier">pic_register_t</span> <span class="identifier">RCON</span><span class="special">;</span> 684<span class="identifier">pic_register_t</span> <span class="identifier">INTCON</span><span class="special">;</span> 685<span class="identifier">pic_register_t</span> <span class="identifier">CCP1IE</span><span class="special">;</span> 686<span class="identifier">pic_register_t</span> <span class="identifier">CCP2IE</span><span class="special">;</span> 687<span class="identifier">pic_register_t</span> <span class="identifier">PORTC</span><span class="special">;</span> 688<span class="identifier">pic_register_t</span> <span class="identifier">TRISC</span><span class="special">;</span> 689<span class="identifier">pic_register_t</span> <span class="identifier">T3CON</span><span class="special">;</span> 690<span class="identifier">pic_register_t</span> <span class="identifier">T1CON</span><span class="special">;</span> 691 692<span class="identifier">pic_register_t</span> <span class="identifier">CCPR2H</span><span class="special">;</span> 693<span class="identifier">pic_register_t</span> <span class="identifier">CCPR2L</span><span class="special">;</span> 694<span class="identifier">pic_register_t</span> <span class="identifier">CCPR1H</span><span class="special">;</span> 695<span class="identifier">pic_register_t</span> <span class="identifier">CCPR1L</span><span class="special">;</span> 696<span class="identifier">pic_register_t</span> <span class="identifier">CCP1CON</span><span class="special">;</span> 697<span class="identifier">pic_register_t</span> <span class="identifier">CCP2CON</span><span class="special">;</span> 698<span class="identifier">pic_register_t</span> <span class="identifier">TMR1H</span><span class="special">;</span> 699<span class="identifier">pic_register_t</span> <span class="identifier">TMR1L</span><span class="special">;</span> 700 701<span class="comment">// ***************************</span> 702<span class="comment">// special checked type for bits - values restricted to 0 or 1</span> 703<span class="keyword">using</span> <span class="identifier">safe_bit_t</span> <span class="special">=</span> <span class="identifier">boost</span><span class="special">::</span><span class="identifier">safe_numerics</span><span class="special">::</span><span class="identifier">safe_unsigned_range</span><span class="special"><</span> 704 <span class="number">0</span><span class="special">,</span> 705 <span class="number">1</span><span class="special">,</span> 706 <span class="identifier">pic16_promotion</span><span class="special">,</span> 707 <span class="identifier">trap_policy</span> 708<span class="special">></span><span class="special">;</span> 709 710<span class="comment">// create type used to map PIC bit names to</span> 711<span class="comment">// correct bit in PIC register</span> 712<span class="keyword">template</span><span class="special"><</span><span class="keyword">typename</span> <span class="identifier">T</span><span class="special">,</span> <span class="identifier">std</span><span class="special">::</span><span class="identifier">int8_t</span> <span class="identifier">N</span><span class="special">></span> 713<span class="keyword">struct</span> <span class="identifier">bit</span> <span class="special">{</span> 714 <span class="identifier">T</span> <span class="special">&</span> <span class="identifier">m_word</span><span class="special">;</span> 715 <span class="keyword">constexpr</span> <span class="keyword">explicit</span> <span class="identifier">bit</span><span class="special">(</span><span class="identifier">T</span> <span class="special">&</span> <span class="identifier">rhs</span><span class="special">)</span> <span class="special">:</span> 716 <span class="identifier">m_word</span><span class="special">(</span><span class="identifier">rhs</span><span class="special">)</span> 717 <span class="special">{</span><span class="special">}</span> 718 <span class="comment">// special functions for assignment of literal</span> 719 <span class="keyword">constexpr</span> <span class="identifier">bit</span> <span class="special">&</span> <span class="keyword">operator</span><span class="special">=</span><span class="special">(</span><span class="keyword">decltype</span><span class="special">(</span><span class="identifier">literal</span><span class="special">(</span><span class="number">1</span><span class="special">)</span><span class="special">)</span><span class="special">)</span><span class="special">{</span> 720 <span class="identifier">m_word</span> <span class="special">|=</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">1</span> <span class="special"><<</span> <span class="identifier">N</span><span class="special">)</span><span class="special">;</span> 721 <span class="keyword">return</span> <span class="special">*</span><span class="keyword">this</span><span class="special">;</span> 722 <span class="special">}</span> 723 <span class="keyword">constexpr</span> <span class="identifier">bit</span> <span class="special">&</span> <span class="keyword">operator</span><span class="special">=</span><span class="special">(</span><span class="keyword">decltype</span><span class="special">(</span><span class="identifier">literal</span><span class="special">(</span><span class="number">0</span><span class="special">)</span><span class="special">)</span><span class="special">)</span><span class="special">{</span> 724 <span class="identifier">m_word</span> <span class="special">&=</span> <span class="special">~</span><span class="identifier">literal</span><span class="special">(</span><span class="number">1</span> <span class="special"><<</span> <span class="identifier">N</span><span class="special">)</span><span class="special">;</span> 725 <span class="keyword">return</span> <span class="special">*</span><span class="keyword">this</span><span class="special">;</span> 726 <span class="special">}</span> 727 <span class="comment">// operator to convert to 0 or 1</span> 728 <span class="keyword">constexpr</span> <span class="keyword">operator</span> <span class="identifier">safe_bit_t</span> <span class="special">(</span><span class="special">)</span> <span class="keyword">const</span> <span class="special">{</span> 729 <span class="keyword">return</span> <span class="identifier">m_word</span> <span class="special">>></span> <span class="identifier">literal</span><span class="special">(</span><span class="identifier">N</span><span class="special">)</span> <span class="special">&</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">1</span><span class="special">)</span><span class="special">;</span> 730 <span class="special">}</span> 731<span class="special">}</span><span class="special">;</span> 732 733<span class="comment">// define bits for T1CON register</span> 734<span class="keyword">struct</span> <span class="special">{</span> 735 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">pic_register_t</span><span class="special">,</span> <span class="number">7</span><span class="special">></span> <span class="identifier">RD16</span><span class="special">{</span><span class="identifier">T1CON</span><span class="special">}</span><span class="special">;</span> 736 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">pic_register_t</span><span class="special">,</span> <span class="number">5</span><span class="special">></span> <span class="identifier">T1CKPS1</span><span class="special">{</span><span class="identifier">T1CON</span><span class="special">}</span><span class="special">;</span> 737 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">pic_register_t</span><span class="special">,</span> <span class="number">4</span><span class="special">></span> <span class="identifier">T1CKPS0</span><span class="special">{</span><span class="identifier">T1CON</span><span class="special">}</span><span class="special">;</span> 738 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">pic_register_t</span><span class="special">,</span> <span class="number">3</span><span class="special">></span> <span class="identifier">T1OSCEN</span><span class="special">{</span><span class="identifier">T1CON</span><span class="special">}</span><span class="special">;</span> 739 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">pic_register_t</span><span class="special">,</span> <span class="number">2</span><span class="special">></span> <span class="identifier">T1SYNC</span><span class="special">{</span><span class="identifier">T1CON</span><span class="special">}</span><span class="special">;</span> 740 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">pic_register_t</span><span class="special">,</span> <span class="number">1</span><span class="special">></span> <span class="identifier">TMR1CS</span><span class="special">{</span><span class="identifier">T1CON</span><span class="special">}</span><span class="special">;</span> 741 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">pic_register_t</span><span class="special">,</span> <span class="number">0</span><span class="special">></span> <span class="identifier">TMR1ON</span><span class="special">{</span><span class="identifier">T1CON</span><span class="special">}</span><span class="special">;</span> 742<span class="special">}</span> <span class="identifier">T1CONbits</span><span class="special">;</span> 743 744<span class="comment">// define bits for T1CON register</span> 745<span class="keyword">struct</span> <span class="special">{</span> 746 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">pic_register_t</span><span class="special">,</span> <span class="number">7</span><span class="special">></span> <span class="identifier">GEI</span><span class="special">{</span><span class="identifier">INTCON</span><span class="special">}</span><span class="special">;</span> 747 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">pic_register_t</span><span class="special">,</span> <span class="number">5</span><span class="special">></span> <span class="identifier">PEIE</span><span class="special">{</span><span class="identifier">INTCON</span><span class="special">}</span><span class="special">;</span> 748 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">pic_register_t</span><span class="special">,</span> <span class="number">4</span><span class="special">></span> <span class="identifier">TMR0IE</span><span class="special">{</span><span class="identifier">INTCON</span><span class="special">}</span><span class="special">;</span> 749 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">pic_register_t</span><span class="special">,</span> <span class="number">3</span><span class="special">></span> <span class="identifier">RBIE</span><span class="special">{</span><span class="identifier">INTCON</span><span class="special">}</span><span class="special">;</span> 750 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">pic_register_t</span><span class="special">,</span> <span class="number">2</span><span class="special">></span> <span class="identifier">TMR0IF</span><span class="special">{</span><span class="identifier">INTCON</span><span class="special">}</span><span class="special">;</span> 751 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">pic_register_t</span><span class="special">,</span> <span class="number">1</span><span class="special">></span> <span class="identifier">INT0IF</span><span class="special">{</span><span class="identifier">INTCON</span><span class="special">}</span><span class="special">;</span> 752 <span class="identifier">bit</span><span class="special"><</span><span class="identifier">pic_register_t</span><span class="special">,</span> <span class="number">0</span><span class="special">></span> <span class="identifier">RBIF</span><span class="special">{</span><span class="identifier">INTCON</span><span class="special">}</span><span class="special">;</span> 753<span class="special">}</span> <span class="identifier">INTCONbits</span><span class="special">;</span> 754 755<span class="preprocessor">#include</span> <span class="string">"motor3.c"</span> 756 757<span class="preprocessor">#include</span> <span class="special"><</span><span class="identifier">chrono</span><span class="special">></span> 758<span class="preprocessor">#include</span> <span class="special"><</span><span class="identifier">thread</span><span class="special">></span> 759 760<span class="comment">// round 24.8 format to microseconds</span> 761<span class="identifier">microseconds</span> <span class="identifier">to_microseconds</span><span class="special">(</span><span class="identifier">ccpr_t</span> <span class="identifier">t</span><span class="special">)</span><span class="special">{</span> 762 <span class="keyword">return</span> <span class="special">(</span><span class="identifier">t</span> <span class="special">+</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">128</span><span class="special">)</span><span class="special">)</span> <span class="special">/</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">256</span><span class="special">)</span><span class="special">;</span> 763<span class="special">}</span> 764 765<span class="keyword">using</span> <span class="identifier">result_t</span> <span class="special">=</span> <span class="identifier">uint8_t</span><span class="special">;</span> 766<span class="keyword">const</span> <span class="identifier">result_t</span> <span class="identifier">success</span> <span class="special">=</span> <span class="number">1</span><span class="special">;</span> 767<span class="keyword">const</span> <span class="identifier">result_t</span> <span class="identifier">fail</span> <span class="special">=</span> <span class="number">0</span><span class="special">;</span> 768 769<span class="comment">// move motor to the indicated target position in steps</span> 770<span class="identifier">result_t</span> <span class="identifier">test</span><span class="special">(</span><span class="identifier">position_t</span> <span class="identifier">new_position</span><span class="special">)</span><span class="special">{</span> 771 <span class="keyword">try</span> <span class="special">{</span> 772 <span class="identifier">std</span><span class="special">::</span><span class="identifier">cout</span> <span class="special"><<</span> <span class="string">"move motor to "</span> <span class="special"><<</span> <span class="identifier">new_position</span> <span class="special"><<</span> <span class="char">'\n'</span><span class="special">;</span> 773 <span class="identifier">motor_run</span><span class="special">(</span><span class="identifier">new_position</span><span class="special">)</span><span class="special">;</span> 774 <span class="identifier">std</span><span class="special">::</span><span class="identifier">cout</span> 775 <span class="special"><<</span> <span class="string">"step #"</span> <span class="special"><<</span> <span class="char">' '</span> 776 <span class="special"><<</span> <span class="string">"delay(us)(24.8)"</span> <span class="special"><<</span> <span class="char">' '</span> 777 <span class="special"><<</span> <span class="string">"delay(us)"</span> <span class="special"><<</span> <span class="char">' '</span> 778 <span class="special"><<</span> <span class="string">"CCPR"</span> <span class="special"><<</span> <span class="char">' '</span> 779 <span class="special"><<</span> <span class="string">"motor position"</span> <span class="special"><<</span> <span class="char">'\n'</span><span class="special">;</span> 780 <span class="keyword">while</span><span class="special">(</span><span class="identifier">busy</span><span class="special">(</span><span class="special">)</span><span class="special">)</span><span class="special">{</span> 781 <span class="identifier">std</span><span class="special">::</span><span class="identifier">this_thread</span><span class="special">::</span><span class="identifier">sleep_for</span><span class="special">(</span><span class="identifier">std</span><span class="special">::</span><span class="identifier">chrono</span><span class="special">::</span><span class="identifier">microseconds</span><span class="special">(</span><span class="identifier">to_microseconds</span><span class="special">(</span><span class="identifier">c</span><span class="special">)</span><span class="special">)</span><span class="special">)</span><span class="special">;</span> 782 <span class="identifier">c_t</span> <span class="identifier">last_c</span> <span class="special">=</span> <span class="identifier">c</span><span class="special">;</span> 783 <span class="identifier">ccpr_t</span> <span class="identifier">last_ccpr</span> <span class="special">=</span> <span class="identifier">ccpr</span><span class="special">;</span> 784 <span class="identifier">isr_motor_step</span><span class="special">(</span><span class="special">)</span><span class="special">;</span> 785 <span class="identifier">std</span><span class="special">::</span><span class="identifier">cout</span> <span class="special"><<</span> <span class="identifier">i</span> <span class="special"><<</span> <span class="char">' '</span> 786 <span class="special"><<</span> <span class="identifier">last_c</span> <span class="special"><<</span> <span class="char">' '</span> 787 <span class="special"><<</span> <span class="identifier">to_microseconds</span><span class="special">(</span><span class="identifier">last_c</span><span class="special">)</span> <span class="special"><<</span> <span class="char">' '</span> 788 <span class="special"><<</span> <span class="identifier">std</span><span class="special">::</span><span class="identifier">hex</span> <span class="special"><<</span> <span class="identifier">last_ccpr</span> <span class="special"><<</span> <span class="identifier">std</span><span class="special">::</span><span class="identifier">dec</span> <span class="special"><<</span> <span class="char">' '</span> 789 <span class="special"><<</span> <span class="identifier">motor_position</span> <span class="special"><<</span> <span class="char">'\n'</span><span class="special">;</span> 790 <span class="special">}</span><span class="special">;</span> 791 <span class="special">}</span> 792 <span class="keyword">catch</span><span class="special">(</span><span class="keyword">const</span> <span class="identifier">std</span><span class="special">::</span><span class="identifier">exception</span> <span class="special">&</span> <span class="identifier">e</span><span class="special">)</span><span class="special">{</span> 793 <span class="identifier">std</span><span class="special">::</span><span class="identifier">cout</span> <span class="special"><<</span> <span class="identifier">e</span><span class="special">.</span><span class="identifier">what</span><span class="special">(</span><span class="special">)</span> <span class="special"><<</span> <span class="char">'\n'</span><span class="special">;</span> 794 <span class="keyword">return</span> <span class="identifier">fail</span><span class="special">;</span> 795 <span class="special">}</span> 796 <span class="keyword">return</span> <span class="identifier">success</span><span class="special">;</span> 797<span class="special">}</span> 798 799<span class="keyword">int</span> <span class="identifier">main</span><span class="special">(</span><span class="special">)</span><span class="special">{</span> 800 <span class="identifier">std</span><span class="special">::</span><span class="identifier">cout</span> <span class="special"><<</span> <span class="string">"start test\n"</span><span class="special">;</span> 801 <span class="identifier">result_t</span> <span class="identifier">result</span> <span class="special">=</span> <span class="identifier">success</span><span class="special">;</span> 802 <span class="keyword">try</span> <span class="special">{</span> 803 <span class="identifier">initialize</span><span class="special">(</span><span class="special">)</span><span class="special">;</span> 804 <span class="comment">// move motor to position 1000</span> 805 <span class="identifier">result</span> <span class="special">&=</span> <span class="identifier">test</span><span class="special">(</span><span class="identifier">literal</span><span class="special">(</span><span class="number">1000</span><span class="special">)</span><span class="special">)</span><span class="special">;</span> 806 <span class="comment">// move to the left before zero position</span> 807 <span class="comment">// fails to compile !</span> 808 <span class="comment">// result &= ! test(-10);</span> 809 <span class="comment">// move motor to position 200</span> 810 <span class="identifier">result</span> <span class="special">&=</span> <span class="identifier">test</span><span class="special">(</span><span class="identifier">literal</span><span class="special">(</span><span class="number">200</span><span class="special">)</span><span class="special">)</span><span class="special">;</span> 811 <span class="comment">// move motor to position 200 again! Should result in no movement.</span> 812 <span class="identifier">result</span> <span class="special">&=</span> <span class="identifier">test</span><span class="special">(</span><span class="identifier">literal</span><span class="special">(</span><span class="number">200</span><span class="special">)</span><span class="special">)</span><span class="special">;</span> 813 <span class="comment">// move motor to position 50000.</span> 814 <span class="identifier">result</span> <span class="special">&=</span> <span class="identifier">test</span><span class="special">(</span><span class="identifier">literal</span><span class="special">(</span><span class="number">50000</span><span class="special">)</span><span class="special">)</span><span class="special">;</span> 815 <span class="comment">// move motor back to position 0.</span> 816 <span class="identifier">result</span> <span class="special">&=</span> <span class="identifier">test</span><span class="special">(</span><span class="identifier">literal</span><span class="special">(</span><span class="number">0</span><span class="special">)</span><span class="special">)</span><span class="special">;</span> 817 <span class="special">}</span> 818 <span class="keyword">catch</span><span class="special">(</span><span class="special">...</span><span class="special">)</span><span class="special">{</span> 819 <span class="identifier">std</span><span class="special">::</span><span class="identifier">cout</span> <span class="special"><<</span> <span class="string">"test interrupted\n"</span><span class="special">;</span> 820 <span class="keyword">return</span> <span class="identifier">EXIT_FAILURE</span><span class="special">;</span> 821 <span class="special">}</span> 822 <span class="identifier">std</span><span class="special">::</span><span class="identifier">cout</span> <span class="special"><<</span> <span class="string">"end test\n"</span><span class="special">;</span> 823 <span class="keyword">return</span> <span class="identifier">result</span> <span class="special">==</span> <span class="identifier">success</span> <span class="special">?</span> <span class="identifier">EXIT_SUCCESS</span> <span class="special">:</span> <span class="identifier">EXIT_FAILURE</span><span class="special">;</span> 824<span class="special">}</span> 825</pre> 826<p>Here are the changes we've made int the desktop test 827 program</p> 828<div class="orderedlist"><ol class="orderedlist" type="1"> 829<li class="listitem"><p>Specify exception policies so we can generate a compile time 830 error whenever an operation MIGHT fail. We've aliased this policy 831 with the name <code class="computeroutput">trap_policy</code>. The default policy of which 832 throws a runtime exception when an error is countered is aliased as 833 <code class="computeroutput">exception_policy</code>. When creating safe types, we'll now 834 specify which type of checking, compile time or runtime, we want 835 done.</p></li> 836<li class="listitem"> 837<p>Create a macro named "literal" an integral value that can be 838 evaluated at compile time.</p> 839<p>"literal" values are instances of safe numeric types which are 840 determined at compile time. They are <code class="computeroutput">constexpr</code> values. 841 When used along with other instances of safe numeric types, the 842 compiler can calculate the range of the result and verify whether or 843 not it can be contained in the result type. To create "literal" 844 types we use the macro <code class="computeroutput"><a class="link" href="safe_literal.html#safe_numerics.safe_literal.make_safe_literal" title="make_safe_literal(n, PP, EP)">make_safe_literal</a>(n, 845 p, e)</code> where n is the value, p is the <a class="link" href="promotion_policy.html" title="PromotionPolicy<PP>">promotion policy</a> and 846 e is the <a class="link" href="exception_policy.html" title="ExceptionPolicy<EP>">exception 847 policy</a>.</p> 848<p>When all the values in an expression are safe numeric values, 849 the compiler can calculate the narrowest range of the result. If all 850 the values in this range can be represented by the result type, then 851 it can be guaranteed that an invalid result cannot be produced at 852 runtime and no runtime checking is required.</p> 853<p>Make sure that all literal values are x are replaced with the 854 macro invocation "literal(x)".</p> 855<p>It's unfortunate that the "literal" macro is required as it 856 clutters the code. The good news is that is some future version of 857 C++, expansion of <code class="computeroutput">constexpr</code> facilities may result in 858 elimination of this requirement.</p> 859</li> 860<li class="listitem"> 861<p>Create special types for the motor program. These will 862 guarantee that values are in the expected ranges and permit compile 863 time determination of when exceptional conditions might occur. In 864 this example we create a special type c_t to the width of the pulse 865 applied to the motor. Engineering constraints (motor load inertia) 866 limit this value to the range of C0 to C_MIN. So we create a type 867 with those limits. By using limits no larger than necessary, we 868 supply enough information for the compiler to determine that the 869 result of a calculation cannot fall outside the range of the result 870 type. So less runtime checking is required. In addition, we get 871 extra verification at compile time that values are in reasonable 872 ranges for the quantity being modeled.</p> 873<p>We call these types "strong types".</p> 874</li> 875</ol></div> 876<p>And we've made changes consistent with the above to <a href="../../example/motor3.c" target="_top">motor3.c</a> as well</p> 877<pre class="programlisting"><span class="comment">/* 878 * david austin 879 * http://www.embedded.com/design/mcus-processors-and-socs/4006438/Generate-stepper-motor-speed-profiles-in-real-time 880 * DECEMBER 30, 2004 881 * 882 * Demo program for stepper motor control with linear ramps 883 * Hardware: PIC18F252, L6219 884 * 885 * Copyright (c) 2015 Robert Ramey 886 * 887 * Distributed under the Boost Software License, Version 1.0. (See 888 * accompanying file LICENSE_1_0.txt or copy at 889 * http://www.boost.org/LICENSE_1_0.txt) 890 */</span> 891 892<span class="preprocessor">#include</span> <span class="special"><</span><span class="identifier">assert</span><span class="special">.</span><span class="identifier">h</span><span class="special">></span> 893 894<span class="comment">// ramp state-machine states</span> 895<span class="keyword">enum</span> <span class="identifier">ramp_state</span> <span class="special">{</span> 896 <span class="identifier">ramp_idle</span> <span class="special">=</span> <span class="number">0</span><span class="special">,</span> 897 <span class="identifier">ramp_up</span> <span class="special">=</span> <span class="number">1</span><span class="special">,</span> 898 <span class="identifier">ramp_const</span> <span class="special">=</span> <span class="number">2</span><span class="special">,</span> 899 <span class="identifier">ramp_down</span> <span class="special">=</span> <span class="number">3</span><span class="special">,</span> 900<span class="special">}</span><span class="special">;</span> 901 902<span class="comment">// ***************************</span> 903<span class="comment">// 1. Define state variables using custom strong types</span> 904 905<span class="comment">// initial setup</span> 906<span class="keyword">enum</span> <span class="identifier">ramp_state</span> <span class="identifier">ramp_sts</span><span class="special">;</span> 907<span class="identifier">position_t</span> <span class="identifier">motor_position</span><span class="special">;</span> 908<span class="identifier">position_t</span> <span class="identifier">m</span><span class="special">;</span> <span class="comment">// target position</span> 909<span class="identifier">position_t</span> <span class="identifier">m2</span><span class="special">;</span> <span class="comment">// midpoint or point where acceleration changes</span> 910<span class="identifier">direction_t</span> <span class="identifier">d</span><span class="special">;</span> <span class="comment">// direction of traval -1 or +1</span> 911 912<span class="comment">// curent state along travel</span> 913<span class="identifier">step_t</span> <span class="identifier">i</span><span class="special">;</span> <span class="comment">// step number</span> 914<span class="identifier">c_t</span> <span class="identifier">c</span><span class="special">;</span> <span class="comment">// 24.8 fixed point delay count increment</span> 915<span class="identifier">ccpr_t</span> <span class="identifier">ccpr</span><span class="special">;</span> <span class="comment">// 24.8 fixed point delay count</span> 916<span class="identifier">phase_ix_t</span> <span class="identifier">phase_ix</span><span class="special">;</span> <span class="comment">// motor phase index</span> 917 918<span class="comment">// ***************************</span> 919<span class="comment">// 2. Surround all literal values with the "literal" keyword</span> 920 921<span class="comment">// Config data to make CCP1&2 generate quadrature sequence on PHASE pins</span> 922<span class="comment">// Action on CCP match: 8=set+irq; 9=clear+irq</span> 923<span class="identifier">phase_t</span> <span class="keyword">const</span> <span class="identifier">ccpPhase</span><span class="special">[</span><span class="special">]</span> <span class="special">=</span> <span class="special">{</span> 924 <span class="identifier">literal</span><span class="special">(</span><span class="number">0x909</span><span class="special">)</span><span class="special">,</span> 925 <span class="identifier">literal</span><span class="special">(</span><span class="number">0x908</span><span class="special">)</span><span class="special">,</span> 926 <span class="identifier">literal</span><span class="special">(</span><span class="number">0x808</span><span class="special">)</span><span class="special">,</span> 927 <span class="identifier">literal</span><span class="special">(</span><span class="number">0x809</span><span class="special">)</span> 928<span class="special">}</span><span class="special">;</span> <span class="comment">// 00,01,11,10</span> 929 930<span class="keyword">void</span> <span class="identifier">current_on</span><span class="special">(</span><span class="special">)</span><span class="special">{</span><span class="comment">/* code as needed */</span><span class="special">}</span> <span class="comment">// motor drive current</span> 931<span class="keyword">void</span> <span class="identifier">current_off</span><span class="special">(</span><span class="special">)</span><span class="special">{</span><span class="comment">/* code as needed */</span><span class="special">}</span> <span class="comment">// reduce to holding value</span> 932 933<span class="comment">// ***************************</span> 934<span class="comment">// 3. Refactor code to make it easier to understand</span> 935<span class="comment">// and relate to the documentation</span> 936 937<span class="keyword">bool</span> <span class="identifier">busy</span><span class="special">(</span><span class="special">)</span><span class="special">{</span> 938 <span class="keyword">return</span> <span class="identifier">ramp_idle</span> <span class="special">!=</span> <span class="identifier">ramp_sts</span><span class="special">;</span> 939<span class="special">}</span> 940 941<span class="comment">// set outputs to energize motor coils</span> 942<span class="keyword">void</span> <span class="identifier">update</span><span class="special">(</span><span class="identifier">ccpr_t</span> <span class="identifier">ccpr</span><span class="special">,</span> <span class="identifier">phase_ix_t</span> <span class="identifier">phase_ix</span><span class="special">)</span><span class="special">{</span> 943 <span class="comment">// energize correct windings</span> 944 <span class="keyword">const</span> <span class="identifier">phase_t</span> <span class="identifier">phase</span> <span class="special">=</span> <span class="identifier">ccpPhase</span><span class="special">[</span><span class="identifier">phase_ix</span><span class="special">]</span><span class="special">;</span> 945 <span class="identifier">CCP1CON</span> <span class="special">=</span> <span class="identifier">phase</span> <span class="special">&</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">0xff</span><span class="special">)</span><span class="special">;</span> <span class="comment">// set CCP action on next match</span> 946 <span class="identifier">CCP2CON</span> <span class="special">=</span> <span class="identifier">phase</span> <span class="special">>></span> <span class="identifier">literal</span><span class="special">(</span><span class="number">8</span><span class="special">)</span><span class="special">;</span> 947 <span class="comment">// timer value at next CCP match</span> 948 <span class="identifier">CCPR1H</span> <span class="special">=</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">0xff</span><span class="special">)</span> <span class="special">&</span> <span class="special">(</span><span class="identifier">ccpr</span> <span class="special">>></span> <span class="identifier">literal</span><span class="special">(</span><span class="number">8</span><span class="special">)</span><span class="special">)</span><span class="special">;</span> 949 <span class="identifier">CCPR1L</span> <span class="special">=</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">0xff</span><span class="special">)</span> <span class="special">&</span> <span class="identifier">ccpr</span><span class="special">;</span> 950<span class="special">}</span> 951 952<span class="comment">// compiler-specific ISR declaration</span> 953<span class="comment">// ***************************</span> 954<span class="comment">// 4. Rewrite interrupt handler in a way which mirrors the orginal</span> 955<span class="comment">// description of the algorithm and minimizes usage of state variable,</span> 956<span class="comment">// accumulated values, etc.</span> 957<span class="keyword">void</span> <span class="identifier">__interrupt</span> <span class="identifier">isr_motor_step</span><span class="special">(</span><span class="keyword">void</span><span class="special">)</span> <span class="special">{</span> <span class="comment">// CCP1 match -> step pulse + IRQ</span> 958 <span class="comment">// *** possible exception</span> 959 <span class="comment">// motor_position += d;</span> 960 <span class="comment">// use the following to avoid mixing exception policies which is an error</span> 961 <span class="keyword">if</span><span class="special">(</span><span class="identifier">d</span> <span class="special"><</span> <span class="number">0</span><span class="special">)</span> 962 <span class="special">--</span><span class="identifier">motor_position</span><span class="special">;</span> 963 <span class="keyword">else</span> 964 <span class="special">++</span><span class="identifier">motor_position</span><span class="special">;</span> 965 <span class="comment">// *** possible exception</span> 966 <span class="special">++</span><span class="identifier">i</span><span class="special">;</span> 967 <span class="comment">// calculate next difference in time</span> 968 <span class="keyword">for</span><span class="special">(</span><span class="special">;</span><span class="special">;</span><span class="special">)</span><span class="special">{</span> 969 <span class="keyword">switch</span> <span class="special">(</span><span class="identifier">ramp_sts</span><span class="special">)</span> <span class="special">{</span> 970 <span class="keyword">case</span> <span class="identifier">ramp_up</span><span class="special">:</span> <span class="comment">// acceleration</span> 971 <span class="keyword">if</span> <span class="special">(</span><span class="identifier">i</span> <span class="special">==</span> <span class="identifier">m2</span><span class="special">)</span> <span class="special">{</span> 972 <span class="identifier">ramp_sts</span> <span class="special">=</span> <span class="identifier">ramp_down</span><span class="special">;</span> 973 <span class="keyword">continue</span><span class="special">;</span> 974 <span class="special">}</span> 975 <span class="comment">// equation 13</span> 976 <span class="comment">// *** possible negative overflow on update of c</span> 977 <span class="identifier">c</span> <span class="special">-=</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">2</span><span class="special">)</span> <span class="special">*</span> <span class="identifier">c</span> <span class="special">/</span> <span class="special">(</span><span class="identifier">literal</span><span class="special">(</span><span class="number">4</span><span class="special">)</span> <span class="special">*</span> <span class="identifier">i</span> <span class="special">+</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">1</span><span class="special">)</span><span class="special">)</span><span class="special">;</span> 978 <span class="keyword">if</span><span class="special">(</span><span class="identifier">c</span> <span class="special"><</span> <span class="identifier">C_MIN</span><span class="special">)</span><span class="special">{</span> 979 <span class="identifier">c</span> <span class="special">=</span> <span class="identifier">C_MIN</span><span class="special">;</span> 980 <span class="identifier">ramp_sts</span> <span class="special">=</span> <span class="identifier">ramp_const</span><span class="special">;</span> 981 <span class="comment">// *** possible exception</span> 982 <span class="identifier">m2</span> <span class="special">=</span> <span class="identifier">m</span> <span class="special">-</span> <span class="identifier">i</span><span class="special">;</span> <span class="comment">// new inflection point</span> 983 <span class="keyword">continue</span><span class="special">;</span> 984 <span class="special">}</span> 985 <span class="keyword">break</span><span class="special">;</span> 986 <span class="keyword">case</span> <span class="identifier">ramp_const</span><span class="special">:</span> <span class="comment">// constant speed</span> 987 <span class="keyword">if</span><span class="special">(</span><span class="identifier">i</span> <span class="special">></span> <span class="identifier">m2</span><span class="special">)</span> <span class="special">{</span> 988 <span class="identifier">ramp_sts</span> <span class="special">=</span> <span class="identifier">ramp_down</span><span class="special">;</span> 989 <span class="keyword">continue</span><span class="special">;</span> 990 <span class="special">}</span> 991 <span class="keyword">break</span><span class="special">;</span> 992 <span class="keyword">case</span> <span class="identifier">ramp_down</span><span class="special">:</span> <span class="comment">// deceleration</span> 993 <span class="keyword">if</span> <span class="special">(</span><span class="identifier">i</span> <span class="special">==</span> <span class="identifier">m</span><span class="special">)</span> <span class="special">{</span> 994 <span class="identifier">ramp_sts</span> <span class="special">=</span> <span class="identifier">ramp_idle</span><span class="special">;</span> 995 <span class="identifier">current_off</span><span class="special">(</span><span class="special">)</span><span class="special">;</span> <span class="comment">// reduce motor current to holding value</span> 996 <span class="identifier">CCP1IE</span> <span class="special">=</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">0</span><span class="special">)</span><span class="special">;</span> <span class="comment">// disable_interrupts(INT_CCP1);</span> 997 <span class="keyword">return</span><span class="special">;</span> 998 <span class="special">}</span> 999 <span class="comment">// equation 14</span> 1000 <span class="comment">// *** possible positive overflow on update of c</span> 1001 <span class="comment">// note: re-arrange expression to avoid negative result</span> 1002 <span class="comment">// from difference of two unsigned values</span> 1003 <span class="identifier">c</span> <span class="special">+=</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">2</span><span class="special">)</span> <span class="special">*</span> <span class="identifier">c</span> <span class="special">/</span> <span class="special">(</span><span class="identifier">literal</span><span class="special">(</span><span class="number">4</span><span class="special">)</span> <span class="special">*</span> <span class="special">(</span><span class="identifier">m</span> <span class="special">-</span> <span class="identifier">i</span><span class="special">)</span> <span class="special">-</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">1</span><span class="special">)</span><span class="special">)</span><span class="special">;</span> 1004 <span class="keyword">if</span><span class="special">(</span><span class="identifier">c</span> <span class="special">></span> <span class="identifier">C0</span><span class="special">)</span><span class="special">{</span> 1005 <span class="identifier">c</span> <span class="special">=</span> <span class="identifier">C0</span><span class="special">;</span> 1006 <span class="special">}</span> 1007 <span class="keyword">break</span><span class="special">;</span> 1008 <span class="keyword">default</span><span class="special">:</span> 1009 <span class="comment">// should never arrive here!</span> 1010 <span class="identifier">assert</span><span class="special">(</span><span class="keyword">false</span><span class="special">)</span><span class="special">;</span> 1011 <span class="special">}</span> <span class="comment">// switch (ramp_sts)</span> 1012 <span class="keyword">break</span><span class="special">;</span> 1013 <span class="special">}</span> 1014 <span class="identifier">assert</span><span class="special">(</span><span class="identifier">c</span> <span class="special"><=</span> <span class="identifier">C0</span> <span class="special">&&</span> <span class="identifier">c</span> <span class="special">>=</span> <span class="identifier">C_MIN</span><span class="special">)</span><span class="special">;</span> 1015 <span class="comment">// *** possible exception</span> 1016 <span class="identifier">ccpr</span> <span class="special">=</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">0xffffff</span><span class="special">)</span> <span class="special">&</span> <span class="special">(</span><span class="identifier">ccpr</span> <span class="special">+</span> <span class="identifier">c</span><span class="special">)</span><span class="special">;</span> 1017 <span class="identifier">phase_ix</span> <span class="special">=</span> <span class="special">(</span><span class="identifier">phase_ix</span> <span class="special">+</span> <span class="identifier">d</span><span class="special">)</span> <span class="special">&</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">3</span><span class="special">)</span><span class="special">;</span> 1018 <span class="identifier">update</span><span class="special">(</span><span class="identifier">ccpr</span><span class="special">,</span> <span class="identifier">phase_ix</span><span class="special">)</span><span class="special">;</span> 1019<span class="special">}</span> <span class="comment">// isr_motor_step()</span> 1020 1021<span class="comment">// set up to drive motor to pos_new (absolute step#)</span> 1022<span class="keyword">void</span> <span class="identifier">motor_run</span><span class="special">(</span><span class="identifier">position_t</span> <span class="identifier">new_position</span><span class="special">)</span> <span class="special">{</span> 1023 <span class="keyword">if</span><span class="special">(</span><span class="identifier">new_position</span> <span class="special">></span> <span class="identifier">motor_position</span><span class="special">)</span><span class="special">{</span> 1024 <span class="identifier">d</span> <span class="special">=</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">1</span><span class="special">)</span><span class="special">;</span> 1025 <span class="comment">// *** possible exception</span> 1026 <span class="identifier">m</span> <span class="special">=</span> <span class="identifier">new_position</span> <span class="special">-</span> <span class="identifier">motor_position</span><span class="special">;</span> 1027 <span class="special">}</span> 1028 <span class="keyword">else</span> 1029 <span class="keyword">if</span><span class="special">(</span><span class="identifier">motor_position</span> <span class="special">></span> <span class="identifier">new_position</span><span class="special">)</span><span class="special">{</span> 1030 <span class="identifier">d</span> <span class="special">=</span> <span class="identifier">literal</span><span class="special">(</span><span class="special">-</span><span class="number">1</span><span class="special">)</span><span class="special">;</span> 1031 <span class="comment">// *** possible exception</span> 1032 <span class="identifier">m</span> <span class="special">=</span> <span class="identifier">motor_position</span> <span class="special">-</span> <span class="identifier">new_position</span><span class="special">;</span> 1033 <span class="special">}</span> 1034 <span class="keyword">else</span><span class="special">{</span> 1035 <span class="identifier">d</span> <span class="special">=</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">0</span><span class="special">)</span><span class="special">;</span> 1036 <span class="identifier">m</span> <span class="special">=</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">0</span><span class="special">)</span><span class="special">;</span> 1037 <span class="identifier">ramp_sts</span> <span class="special">=</span> <span class="identifier">ramp_idle</span><span class="special">;</span> <span class="comment">// start ramp state-machine</span> 1038 <span class="keyword">return</span><span class="special">;</span> 1039 <span class="special">}</span> 1040 1041 <span class="identifier">i</span> <span class="special">=</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">0</span><span class="special">)</span><span class="special">;</span> 1042 <span class="identifier">m2</span> <span class="special">=</span> <span class="identifier">m</span> <span class="special">/</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">2</span><span class="special">)</span><span class="special">;</span> 1043 1044 <span class="identifier">ramp_sts</span> <span class="special">=</span> <span class="identifier">ramp_up</span><span class="special">;</span> <span class="comment">// start ramp state-machine</span> 1045 1046 <span class="identifier">T1CONbits</span><span class="special">.</span><span class="identifier">TMR1ON</span> <span class="special">=</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">0</span><span class="special">)</span><span class="special">;</span> <span class="comment">// stop timer1;</span> 1047 1048 <span class="identifier">current_on</span><span class="special">(</span><span class="special">)</span><span class="special">;</span> <span class="comment">// current in motor windings</span> 1049 1050 <span class="identifier">c</span> <span class="special">=</span> <span class="identifier">C0</span><span class="special">;</span> 1051 <span class="identifier">ccpr</span> <span class="special">=</span> <span class="special">(</span><span class="identifier">TMR1H</span> <span class="special"><<</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">8</span><span class="special">)</span> <span class="special">|</span> <span class="identifier">TMR1L</span><span class="special">)</span> <span class="special">+</span> <span class="identifier">C0</span> <span class="special">+</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">1000</span><span class="special">)</span><span class="special">;</span> 1052 <span class="identifier">phase_ix</span> <span class="special">=</span> <span class="identifier">d</span> <span class="special">&</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">3</span><span class="special">)</span><span class="special">;</span> 1053 <span class="identifier">update</span><span class="special">(</span><span class="identifier">ccpr</span><span class="special">,</span> <span class="identifier">phase_ix</span><span class="special">)</span><span class="special">;</span> 1054 1055 <span class="identifier">CCP1IE</span> <span class="special">=</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">1</span><span class="special">)</span><span class="special">;</span> <span class="comment">// enable_interrupts(INT_CCP1);</span> 1056 <span class="identifier">T1CONbits</span><span class="special">.</span><span class="identifier">TMR1ON</span> <span class="special">=</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">1</span><span class="special">)</span><span class="special">;</span> <span class="comment">// restart timer1;</span> 1057<span class="special">}</span> <span class="comment">// motor_run()</span> 1058 1059<span class="keyword">void</span> <span class="identifier">initialize</span><span class="special">(</span><span class="special">)</span> <span class="special">{</span> 1060 <span class="identifier">di</span><span class="special">(</span><span class="special">)</span><span class="special">;</span> <span class="comment">// disable_interrupts(GLOBAL);</span> 1061 <span class="identifier">motor_position</span> <span class="special">=</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">0</span><span class="special">)</span><span class="special">;</span> 1062 <span class="identifier">CCP1IE</span> <span class="special">=</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">0</span><span class="special">)</span><span class="special">;</span> <span class="comment">// disable_interrupts(INT_CCP1);</span> 1063 <span class="identifier">CCP2IE</span> <span class="special">=</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">0</span><span class="special">)</span><span class="special">;</span> <span class="comment">// disable_interrupts(INT_CCP2);</span> 1064 <span class="identifier">PORTC</span> <span class="special">=</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">0</span><span class="special">)</span><span class="special">;</span> <span class="comment">// output_c(0);</span> 1065 <span class="identifier">TRISC</span> <span class="special">=</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">0</span><span class="special">)</span><span class="special">;</span> <span class="comment">// set_tris_c(0);</span> 1066 <span class="identifier">T3CON</span> <span class="special">=</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">0</span><span class="special">)</span><span class="special">;</span> 1067 <span class="identifier">T1CON</span> <span class="special">=</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">0x35</span><span class="special">)</span><span class="special">;</span> 1068 <span class="identifier">INTCONbits</span><span class="special">.</span><span class="identifier">PEIE</span> <span class="special">=</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">1</span><span class="special">)</span><span class="special">;</span> 1069 <span class="identifier">INTCONbits</span><span class="special">.</span><span class="identifier">RBIF</span> <span class="special">=</span> <span class="identifier">literal</span><span class="special">(</span><span class="number">0</span><span class="special">)</span><span class="special">;</span> 1070 <span class="identifier">ei</span><span class="special">(</span><span class="special">)</span><span class="special">;</span> <span class="comment">// enable_interrupts(GLOBAL);</span> 1071<span class="special">}</span> <span class="comment">// initialize()</span> 1072</pre> 1073<div class="orderedlist"><ol class="orderedlist" type="1"> 1074<li class="listitem"><p>Define variables using strong types</p></li> 1075<li class="listitem"><p>Surround all literal values with the "literal" keyword</p></li> 1076<li class="listitem"><p>Re-factor code to make it easier to understand and compare 1077 with the algorithm as described in the original <a href="../../example/stepper-motor.pdf" target="_top">article</a>.</p></li> 1078<li class="listitem"><p>Rewrite interrupt handler in a way which mirrors the original 1079 description of the algorithm and minimizes usage of state variable, 1080 accumulated values, etc.</p></li> 1081<li class="listitem"><p>Distinguish all the statements which might invoke a runtime 1082 exception with a comment. There are 12 such instances.</p></li> 1083</ol></div> 1084<p>Finally we make a couple minor changes in <a href="../../example/motor_test3.c" target="_top">motor_test3.c</a> to verify that we 1085 can compile the exact same version of motor3.c on the PIC as well as on 1086 the desktop.</p> 1087</div> 1088<div class="section"> 1089<div class="titlepage"><div><div><h4 class="title"> 1090<a name="idm130204123024"></a>Summary</h4></div></div></div> 1091<p>The intent of this case study is to show that the Safe Numerics 1092 Library can be an essential tool in validating the correctness of C/C++ 1093 programs in all environments - including the most restricted.</p> 1094<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "> 1095<li class="listitem"><p>We started with a program written for a tiny micro controller 1096 for controlling the acceleration and deceleration of a stepper 1097 motor. The algorithm for doing this is very non-trivial and 1098 difficult prove that it is correct.</p></li> 1099<li class="listitem"><p>We used the type promotion policies of the Safe Numerics 1100 Library to test and validate this algorithm on the desk top. The 1101 tested code is also compiled for the target micro controller.</p></li> 1102<li class="listitem"><p>We used <span class="emphasis"><em>strong typing</em></span> features of Safe 1103 Numerics to check that all types hold the values expected and invoke 1104 no invalid implicit conversions. Again the tested code is compiled 1105 for the target processor.</p></li> 1106</ul></div> 1107<p>What we failed to do is to create a version of the program which 1108 uses the type system to prove that no results can be invalid. I turns out 1109 that states such as</p> 1110<pre class="programlisting"><span class="special">++</span><span class="identifier">i</span><span class="special">;</span> 1111<span class="identifier">c</span> <span class="special">=</span> <span class="identifier">f</span><span class="special">(</span><span class="identifier">c</span><span class="special">)</span><span class="special">;</span></pre> 1112<p>can't be proved not to overflow with this system. So we're left with 1113 having to depend upon exhaustive testing. It's not what we hoped, but it's 1114 the best we can do.</p> 1115</div> 1116</div> 1117<table xmlns:rev="http://www.cs.rpi.edu/~gregod/boost/tools/doc/revision" width="100%"><tr> 1118<td align="left"></td> 1119<td align="right"><div class="copyright-footer">Copyright © 2012-2018 Robert Ramey<p><a href="http://www.boost.org/LICENSE_1_0.txt" target="_top">Subject to Boost 1120 Software License</a></p> 1121</div></td> 1122</tr></table> 1123<hr> 1124<div class="spirit-nav"> 1125<a accesskey="p" href="composition_with_other_libraries.html"><img src="images/prev.png" alt="Prev"></a><a accesskey="u" href="case_studies.html"><img src="images/up.png" alt="Up"></a><a accesskey="h" href="index.html"><img src="images/home.png" alt="Home"></a><a accesskey="n" href="notes.html"><img src="images/next.png" alt="Next"></a> 1126</div> 1127</body> 1128</html> 1129
