

Toyota Case: Single Bit Flip That Killed - krupan
http://www.eetimes.com/document.asp?doc_id=1319903

======
krupan
I'm not sure how to react to this. On the one hand it makes me think, shame on
Toyota for having such poor code quality. On the other hand I ask myself,
would any codebase survive 18 months of scrutiny by a team of industry experts
that only need to prove that a bug in the code _could_ have caused a
malfunction? As a consumer the first really worries me (and more particularly
as a Toyota owner, though I'm almost more worried about the products I use
who's code hasn't yet been scrutinized by Michael Barr). As an engineer the
second worries me.

Concern about that second case is an important thing to have as an engineer,
don't get me wrong, we should definitely put effort and care into making
products safe and reliable. One thing, however, that was missing from the
analysis of the Toyota code (at least from what I read) was the estimated
probability of a code malfunction occurring and causing a problem.

Nothing is perfect and simply pointing out potential failure modes without
characterizing further their likelihood under the various conditions that
could cause them seems like plain old fear mongering (which, I suppose, served
the purposes of the plaintiff in this case precisely).

------
krupan
Other articles about this story:

[http://www.edn.com/design/automotive/4423428/Toyota-s-
killer...](http://www.edn.com/design/automotive/4423428/Toyota-s-killer-
firmware--Bad-design-and-its-consequences)

[http://www.eetimes.com/document.asp?doc_id=1319966](http://www.eetimes.com/document.asp?doc_id=1319966)

[http://www.designnews.com/document.asp?doc_id=269500](http://www.designnews.com/document.asp?doc_id=269500)

[http://www.eetimes.com/document.asp?doc_id=1319952](http://www.eetimes.com/document.asp?doc_id=1319952)

