- Bad design and its consequences
On Thursday October 24, 2013, an Oklahoma court ruled against Toyota in a case of unintended acceleration that lead to the death of one the occupants. Central to the trial was the Engine Control Module's (ECM) firmware.
Michael Barr, CTO and co-founder of Barr Group, as a primary expert witness for the plaintiffs, conducted the in-depth analysis with his colleagues showing a shameful example of software design and development. Barr described the code as “spaghetti.”
He concluded that:
- Toyota’s electronic throttle control system (ETCS) source code is of unreasonable quality.
- Toyota’s source code is defective and contains bugs, including bugs that can cause unintended acceleration (UA).
- Code-quality metrics predict presence of additional bugs.
- Toyota’s fail safes are defective and inadequate (referring to them as a “house of cards” safety architecture).
- Misbehaviors of Toyota’s ETCS are a cause of UA.
This highlights the importance of a good software design following proper coding rules, using code-quality tools and metrics. This also calls for creating code that is failure-resistant by design, especially in safety-critical devices.
More on the depth of Toyota firmware can be found: http://www.ibtimes.com/oklahoma-jury-finds-toyota-liable-sudden-acceleration-fault-awards-3m-damages-1441202 http://www.edn.com/design/automotive/4423428/2/Toyota-s-killer-firmware--Bad-design-and-its-consequences