How not to design an ECU
Posted: Wed Oct 30, 2013 5:41 am
https://www.dropbox.com/s/wnzqidngrtj8y ... DACTED.pdf
The Bookout vs Toyota unintended acceleration case, transcript of testimony from Michael Barr. This is a very important read in my opinion. It shows how inept even a company like Toyota is at producing quality firmware for an ECU.
If the link goes down I have a copy of the PDF.
He found:
Spaghetti code
4000+ C files
11,000+ global variables
No mirroring of critical variables
No EEC ram even though they claimed to have it
No error detection whatsoever in operating system
Cruise control, brake override, and DTC diagnostics in same task
Buffer Overflows
Stack overflows
Invalid pointer dereferencing
Nested schedule unlocking
Unsafe Casting
Race conditions
And more...
"And they're all linked together with these global variables. Some of which are 25, 30 characters long and some don't have vowels and some -- two of them are identical, except one has a P and one has a D, or a P and 2 a B."
The Bookout vs Toyota unintended acceleration case, transcript of testimony from Michael Barr. This is a very important read in my opinion. It shows how inept even a company like Toyota is at producing quality firmware for an ECU.
If the link goes down I have a copy of the PDF.
He found:
Spaghetti code
4000+ C files
11,000+ global variables
No mirroring of critical variables
No EEC ram even though they claimed to have it
No error detection whatsoever in operating system
Cruise control, brake override, and DTC diagnostics in same task
Buffer Overflows
Stack overflows
Invalid pointer dereferencing
Nested schedule unlocking
Unsafe Casting
Race conditions
And more...
"And they're all linked together with these global variables. Some of which are 25, 30 characters long and some don't have vowels and some -- two of them are identical, except one has a P and one has a D, or a P and 2 a B."
Toyota, on the other hand...