Toyota’s Killer Firmware

- Bad design and its consequences

On Thursday October 24, 2013, an Oklahoma court ruled against Toyota in a case of unintended acceleration that lead to the death of one the occupants. Central to the trial was the Engine Control Module's (ECM) firmware.

Michael Barr, CTO and co-founder of Barr Group, as a primary expert witness for the plaintiffs, conducted the in-depth analysis  with his colleagues showing a shameful example of software design and development. Barr described the code as “spaghetti.” 

He concluded that:

  • Toyota’s electronic throttle control system (ETCS) source code is of unreasonable quality.
  • Toyota’s source code is defective and contains bugs, including bugs that can cause unintended acceleration (UA).
  • Code-quality metrics predict presence of additional bugs.
  • Toyota’s fail safes are defective and inadequate (referring to them as a “house of cards” safety architecture).
  • Misbehaviors of Toyota’s ETCS are a cause of UA.

This highlights the importance of a good software design following proper coding rules, using code-quality tools and metrics. This also calls for creating code that is failure-resistant by design, especially in safety-critical devices.

More on the depth of Toyota firmware can be found: