How not to design an ECU

Free and Open Source Engine Management discussions excluding more specific things on this board.
Post Reply
thebigmacd
LQFP112 - Up with the play
Posts: 205
Joined: Thu Apr 10, 2008 5:51 pm

How not to design an ECU

Post by thebigmacd »

https://www.dropbox.com/s/wnzqidngrtj8y ... DACTED.pdf

The Bookout vs Toyota unintended acceleration case, transcript of testimony from Michael Barr. This is a very important read in my opinion. It shows how inept even a company like Toyota is at producing quality firmware for an ECU.

If the link goes down I have a copy of the PDF.

He found:
Spaghetti code
4000+ C files
11,000+ global variables
No mirroring of critical variables
No EEC ram even though they claimed to have it
No error detection whatsoever in operating system
Cruise control, brake override, and DTC diagnostics in same task
Buffer Overflows
Stack overflows
Invalid pointer dereferencing
Nested schedule unlocking
Unsafe Casting
Race conditions

And more...

"And they're all linked together with these global variables. Some of which are 25, 30 characters long and some don't have vowels and some -- two of them are identical, except one has a P and one has a D, or a P and 2 a B."
Keith MacDonald
Control Engineering (Systems) Technologist
User avatar
Fred
Moderator
Posts: 15431
Joined: Tue Jan 15, 2008 2:31 pm
Location: Home sweet home!
Contact:

Re: How not to design an ECU

Post by Fred »

Oh man! I thought this thread was going to be much shorter! Something like "Don't do what FreeEMS has done!" ;-)

Just finished page 36, no meat yet. Saved the file and will read it on the weekend when I know I will have a lot of time and little else to do but read.

Thanks for this. I'll comment on the specifics later, but I'm sure I've violated quite a few items from your list so far. It's more that I've not unviolated them yet in other cases :-)

Fred.
DIYEFI.org - where Open Source means Open Source, and Free means Freedom
FreeEMS.org - the open source engine management system
FreeEMS dev diary and its comments thread and my turbo truck!
n00bs, do NOT PM or email tech questions! Use the forum!
The ever growing list of FreeEMS success stories!
thebigmacd
LQFP112 - Up with the play
Posts: 205
Joined: Thu Apr 10, 2008 5:51 pm

Re: How not to design an ECU

Post by thebigmacd »

Fred wrote:Thanks for this. I'll comment on the specifics later, but I'm sure I've violated quite a few items from your list so far. It's more that I've not unviolated them yet in other cases :-)
It can be be forgiven, since you aren't claiming to meet any standards but your own. :P Toyota, on the other hand...
Keith MacDonald
Control Engineering (Systems) Technologist
User avatar
Fred
Moderator
Posts: 15431
Joined: Tue Jan 15, 2008 2:31 pm
Location: Home sweet home!
Contact:

Re: How not to design an ECU

Post by Fred »

That's untrue. I don't claim to meet my own standards! :-p
DIYEFI.org - where Open Source means Open Source, and Free means Freedom
FreeEMS.org - the open source engine management system
FreeEMS dev diary and its comments thread and my turbo truck!
n00bs, do NOT PM or email tech questions! Use the forum!
The ever growing list of FreeEMS success stories!
User avatar
sim
LQFP112 - Up with the play
Posts: 112
Joined: Thu Jun 02, 2011 8:17 pm

Re: How not to design an ECU

Post by sim »

Link is down already, that was fast.

I'm guessing this was a leaked document?
<@TekniQue> but in the end, it's code that makes a computer useful
User avatar
Dan
LQFP144 - On Top Of The Game
Posts: 1204
Joined: Tue Mar 02, 2010 2:33 pm
Location: Australia

Re: How not to design an ECU

Post by Dan »

yep, link is broken.

can we get this rehosted/relinked please?
ivan141
LQFP112 - Up with the play
Posts: 148
Joined: Sat Sep 29, 2012 9:16 pm
Location: Rotterdam, the Netherlands

Re: How not to design an ECU

Post by ivan141 »

Google the document name, I found it mirrored somewhere yesterday.
If all else fails, I have a copy on my hard drive.
FABRICA MI DIEM, PVNC!
thebigmacd
LQFP112 - Up with the play
Posts: 205
Joined: Thu Apr 10, 2008 5:51 pm

Re: How not to design an ECU

Post by thebigmacd »

Nope, not a leaked document, it's public record. Although I'd like to see a non-redacted version :)
Bookout_v_Toyota_Barr_REDACTED.pdf
(834.06 KiB) Downloaded 1078 times
Keith MacDonald
Control Engineering (Systems) Technologist
Post Reply