
Toyota: 81514 issues in the code, 89 people killed - denzil_correa
http://www.viva64.com/en/b/0439/
======
gravypod
> Hey, Toyota, we found a couple of bugs in your code, namely 7134 MISRA
> standards violations, recursion, 740-string long function and 9000 global
> variables

Why is recursion a bug? Recursion is not just a bug just because it's not as
efficient for some problems. Most of the time the compiler will optimize out
the recursion.

>740-string long function

What does that even mean? Are they talking about the length of the function in
lines? If so that's not horrible depending on what you're doing. No it's not
ideal but if it works and it's correct it's not inherently a bug. It entirely
depends on what's going on in the function.

Edit: Reading more there are even crazier complaints. Nested "/* */" comments
are considered a bug. What the hell?

Also using a Macro-like function is a bug? That makes no sense. If you've got
something that really doesn't need to be a function it's fine to put it into a
macro. For instance

    
    
       #define GET_LSD(number) (number % 10)
    

This just gets the least significant digit. Should this be a function? I don't
think so. Using a macro lets you see why you're modding by 10.

Continuing onward... the use of "continue" is a bug. That doesn't make any
sense.

Then we get onto the rule of 10 rules.

> Do not use dynamic memory allocation after initialization. > Give all loops
> a fixed upper-bound. > Limit functions to no more than 60 lines of text >
> Use minimally two assertions per function on average

How the hell do you avoid allocating memory? How the hell do you poll sensors
and send a value onto a CAN bus without a while (true) loop? Is a function
with 70 lines not allowed? Use two assertions per function, what?

