"Everyone should get a lecture on why their first industrial design won't work in the field."
Here
are few reasons getting a single system to work correctly for a few
minutes in a university lab is much easier than getting thousands of
systems to work correctly for months at a time in dozens of countries
around the world.
1. You forgot to make your "unreachable"
states transition to the initial (reset) state. Clock glitches, power
surges, etc will occasionally cause your system to jump to a state that
isn't defined or produce an illegal data value. When this happens, your
design should reset itself, rather than crash or generatel illegal
outputs.
2. You have internal registers that you can't access or
test. If you can set a register you must have some way of reading the
register from outside the chip.
3. Another chip controls your
chip, and the other chip is buggy. All of your external control lines
should be able to be disabled, so that you can isolate the source of
problems.
4. Not enough decoupling capacitors on your board. The
analog world is cruel and and unusual. Voltage spikes, current surges,
crosstalk, etc can all corrupt the integrity of digital signals. Trying
to save a few cents on decoupling capacitors can cause headaches and
significant financial costs in the future.
5. You only tested
your system in the lab, not in the real world. As a product, systems
will need to run for months in the field, simulation and simple lab
testing won't catch all of the weirdness of the real world.
6.
You didn't adequately test the corner cases and boundary conditions.
Every corner case is as important as the main case. Even if some weird
event happens only once every six months, if you do not handle it
correctly, the bug can still make your system unusable and unsellable.
Here
are few reasons getting a single system to work correctly for a few
minutes in a university lab is much easier than getting thousands of
systems to work correctly for months at a time in dozens of countries
around the world.
1. You forgot to make your "unreachable"
states transition to the initial (reset) state. Clock glitches, power
surges, etc will occasionally cause your system to jump to a state that
isn't defined or produce an illegal data value. When this happens, your
design should reset itself, rather than crash or generatel illegal
outputs.
2. You have internal registers that you can't access or
test. If you can set a register you must have some way of reading the
register from outside the chip.
3. Another chip controls your
chip, and the other chip is buggy. All of your external control lines
should be able to be disabled, so that you can isolate the source of
problems.
4. Not enough decoupling capacitors on your board. The
analog world is cruel and and unusual. Voltage spikes, current surges,
crosstalk, etc can all corrupt the integrity of digital signals. Trying
to save a few cents on decoupling capacitors can cause headaches and
significant financial costs in the future.
5. You only tested
your system in the lab, not in the real world. As a product, systems
will need to run for months in the field, simulation and simple lab
testing won't catch all of the weirdness of the real world.
6.
You didn't adequately test the corner cases and boundary conditions.
Every corner case is as important as the main case. Even if some weird
event happens only once every six months, if you do not handle it
correctly, the bug can still make your system unusable and unsellable.
Powered by ScribeFire.
No comments:
Post a Comment