Actions
Forum Thread Details
  • Replies 3 replies
  • Subscribers 496 subscribers
  • Views 532 views
  • Users 0 members are here
Related

Consequences of Bad Firmware

fustini

I read this EDN article today:

Toyota's killer firmware: Bad design and its consequences | EDN

On Thursday October 24, 2013, an Oklahoma court ruled against Toyota in a case of unintended acceleration that lead to the death of one the occupants. Central to the trial was the Engine Control Module's (ECM) firmware.

It was very interesting to learn of the different coding standards and safety measures.  For exmaple, error detecting and correcting RAM:

 

Toyota claimed the 2005 Camry's main CPU had error detecting and correcting (EDAC) RAM. It didn't. EDAC, or at least parity RAM, is relatively easy and low-cost insurance for safety-critical systems.

and issues with software not conforming to standards:

On top of that, stack-killing, MISRA-C rule-violating recursion was found in the code, and the CPU doesn't incorporate memory protection to guard against stack overflow.

Toyota's ETCS used a version of OSEK, which is an automotive standard RTOS API. For some reason, though, the CPU vendor-supplied version was not certified compliant.

 

Has anyone dealt with systems and standards like this?

 

thanks!

drew

Parents

  • Hi Drew,

     

    The safety issues in software/firmware development has been a hot topic for years.

    The requirements for a system are usually not passed down to the components since the end user/manufacturer is on the hook for testing/demonstrating compliance.

     

    It is very hard to determine what a company did or did not do to verify compliance.

    I know that in the DoD, the government would usually insist on an independent verification and validation group for any device that could result in a life threatening scenario.  Having participated on a number of these, the review process is very thurough and the testing is always scrutinized heavily to make sure that the conditions for catching failures is always observed.

     

    I have been very disappointed to see the the Auto industry is reinventing a lot of software, standards and testing capability that the Aerospace industry has spent decades resolving.  I see a lot of "Not Invented Here" mentality as the vehicles get more and more software/firmware driven.

     

    So in many ways, I am not surprised at the results.  A look back at the incidents of software issues in Aerospace should have alerted the Auto industry about the issues.

    Their failure to learn from the Billions of dollars spent making systems "safe" has been very disappointing.

     

    Perhaps this ruling on Toyoda will wake them up so that they do a better job of researching systems designs and borrow many of the standards that are common in the Aerospace industry.

     

    Or they can continue to sell defective vehicles just waiting to crash.

     

    Just my opinion,

    DAB


Reply

  • Hi Drew,

     

    The safety issues in software/firmware development has been a hot topic for years.

    The requirements for a system are usually not passed down to the components since the end user/manufacturer is on the hook for testing/demonstrating compliance.

     

    It is very hard to determine what a company did or did not do to verify compliance.

    I know that in the DoD, the government would usually insist on an independent verification and validation group for any device that could result in a life threatening scenario.  Having participated on a number of these, the review process is very thurough and the testing is always scrutinized heavily to make sure that the conditions for catching failures is always observed.

     

    I have been very disappointed to see the the Auto industry is reinventing a lot of software, standards and testing capability that the Aerospace industry has spent decades resolving.  I see a lot of "Not Invented Here" mentality as the vehicles get more and more software/firmware driven.

     

    So in many ways, I am not surprised at the results.  A look back at the incidents of software issues in Aerospace should have alerted the Auto industry about the issues.

    Their failure to learn from the Billions of dollars spent making systems "safe" has been very disappointing.

     

    Perhaps this ruling on Toyoda will wake them up so that they do a better job of researching systems designs and borrow many of the standards that are common in the Aerospace industry.

     

    Or they can continue to sell defective vehicles just waiting to crash.

     

    Just my opinion,

    DAB


Children
No Data