https://www.dropbox.com/s/wnzqidngrtj8y ... DACTED.pdf
The Bookout vs Toyota unintended acceleration case, transcript of testimony from Michael Barr. This is a very important read in my opinion. It shows how inept even a company like Toyota is at producing quality firmware for an ECU.
If the link goes down I have a copy of the PDF.
He found:
Spaghetti code
4000+ C files
11,000+ global variables
No mirroring of critical variables
No EEC ram even though they claimed to have it
No error detection whatsoever in operating system
Cruise control, brake override, and DTC diagnostics in same task
Buffer Overflows
Stack overflows
Invalid pointer dereferencing
Nested schedule unlocking
Unsafe Casting
Race conditions
And more...
"And they're all linked together with these global variables. Some of which are 25, 30 characters long and some don't have vowels and some -- two of them are identical, except one has a P and one has a D, or a P and 2 a B."
How not to design an ECU
-
- LQFP112 - Up with the play
- Posts: 205
- Joined: Thu Apr 10, 2008 5:51 pm
How not to design an ECU
Keith MacDonald
Control Engineering (Systems) Technologist
Control Engineering (Systems) Technologist
Re: How not to design an ECU
Oh man! I thought this thread was going to be much shorter! Something like "Don't do what FreeEMS has done!" ;-)
Just finished page 36, no meat yet. Saved the file and will read it on the weekend when I know I will have a lot of time and little else to do but read.
Thanks for this. I'll comment on the specifics later, but I'm sure I've violated quite a few items from your list so far. It's more that I've not unviolated them yet in other cases :-)
Fred.
Just finished page 36, no meat yet. Saved the file and will read it on the weekend when I know I will have a lot of time and little else to do but read.
Thanks for this. I'll comment on the specifics later, but I'm sure I've violated quite a few items from your list so far. It's more that I've not unviolated them yet in other cases :-)
Fred.
DIYEFI.org - where Open Source means Open Source, and Free means Freedom
FreeEMS.org - the open source engine management system
FreeEMS dev diary and its comments thread and my turbo truck!
n00bs, do NOT PM or email tech questions! Use the forum!
The ever growing list of FreeEMS success stories!
FreeEMS.org - the open source engine management system
FreeEMS dev diary and its comments thread and my turbo truck!
n00bs, do NOT PM or email tech questions! Use the forum!
The ever growing list of FreeEMS success stories!
-
- LQFP112 - Up with the play
- Posts: 205
- Joined: Thu Apr 10, 2008 5:51 pm
Re: How not to design an ECU
It can be be forgiven, since you aren't claiming to meet any standards but your own. Toyota, on the other hand...Fred wrote:Thanks for this. I'll comment on the specifics later, but I'm sure I've violated quite a few items from your list so far. It's more that I've not unviolated them yet in other cases
Keith MacDonald
Control Engineering (Systems) Technologist
Control Engineering (Systems) Technologist
Re: How not to design an ECU
That's untrue. I don't claim to meet my own standards! :-p
DIYEFI.org - where Open Source means Open Source, and Free means Freedom
FreeEMS.org - the open source engine management system
FreeEMS dev diary and its comments thread and my turbo truck!
n00bs, do NOT PM or email tech questions! Use the forum!
The ever growing list of FreeEMS success stories!
FreeEMS.org - the open source engine management system
FreeEMS dev diary and its comments thread and my turbo truck!
n00bs, do NOT PM or email tech questions! Use the forum!
The ever growing list of FreeEMS success stories!
Re: How not to design an ECU
Link is down already, that was fast.
I'm guessing this was a leaked document?
I'm guessing this was a leaked document?
<@TekniQue> but in the end, it's code that makes a computer useful
Re: How not to design an ECU
yep, link is broken.
can we get this rehosted/relinked please?
can we get this rehosted/relinked please?
-
- LQFP112 - Up with the play
- Posts: 148
- Joined: Sat Sep 29, 2012 9:16 pm
- Location: Rotterdam, the Netherlands
Re: How not to design an ECU
Google the document name, I found it mirrored somewhere yesterday.
If all else fails, I have a copy on my hard drive.
If all else fails, I have a copy on my hard drive.
FABRICA MI DIEM, PVNC!
-
- LQFP112 - Up with the play
- Posts: 205
- Joined: Thu Apr 10, 2008 5:51 pm
Re: How not to design an ECU
Nope, not a leaked document, it's public record. Although I'd like to see a non-redacted version
Keith MacDonald
Control Engineering (Systems) Technologist
Control Engineering (Systems) Technologist