BarrSlides_FINAL_SCRUBBED.pdf?utm_content=bufferb9206&utm_medium=social&utm_source=twitter

Recommendations

Info

TOYOTA’S DEFECTIVE “SAFETY LAYERS”Layer 1Layer 2Mirroring of Critical VariablesDTCs and Fail-Safe ModesBarr Chapter RegardingToyota’s Memory ProtectionsBarr Chapter RegardingToyota’s Fail-Safe ModesLayer 3Layer 4Watchdog SupervisorESP-B2 Monitor CPUBarr Chapter RegardingToyota’s Watchdog SupervisorBarr Chapter RegardingToyota’s Monitor CPU34
LAYER 1: MIRRORING OF CRITICAL VARIABLESToyota’s engineers sought to protect numerous variablesagainst software- and hardware-caused corruptions! e.g., by “mirroring” their contents in a 2 nd locationBut FAILED TO MIRROR several key critical variables! OSEK’s critical internal data structures! THE target throttle angle global variable!Commands a part of the software to open the throttleØ Recalculated every 8 ms (when the tasks are all alive)Corruption is indistinguishable from a driver gas pedal press!35Barr Chapter RegardingToyota’s Memory Protections
Page 3 and 4: BOOKS BY MICHAEL BARR1ed: 1999; 2ed
Page 5 and 6: MY REVIEW OF TOYOTA’S SOURCE CODE
Page 7 and 8: ELECTRONIC THROTTLE CONTROLfdadg7
Page 9 and 10: SAFETY-CRITICAL SYSTEMSNot all embe
Page 11 and 12: SUMMARY OF 2005 CAMRY L4 CONCLUSION
Page 13 and 14: NASA DID NOT RULE OUT UA BY SOFTWAR
Page 15 and 16: 15ETCS SOFTWARE MALFUNCTION
Page 17 and 18: TOYOTA’S OPERATING SYSTEM (OSEK)1
Page 19 and 20: MEMORY CORRUPTION AND TASK DEATH0Bi
Page 21 and 22: SOFTWARE CAUSES OF MEMORY CORRUPTIO
Page 23 and 24: TOYOTA’S SPAGHETTI CODETOY-MDL049
Page 25 and 26: STACK ANALYSIS FOR 2005 CAMRY L4OSE
Page 27 and 28: TOYOTA’S MAJOR STACK MISTAKESToyo
Page 29 and 30: TOYOTA FAILED TO COMPLY WITH STANDA
Page 31 and 32: TOYOTA FAILED TO COMPLY WITH STANDA
Page 33: NASA’S SOFTWARE AREAS OF CONCERNN
Page 37 and 38: UA VIA MEMORY CORRUPTIONTask X deat
Page 39 and 40: LAYER 2: DTCs AND FAIL-SAFE MODESNA
Page 41 and 42: TOYOTA’S DEFECTIVE WATCHDOG DESIG
Page 43 and 44: TOYOTA FAILED TO REVIEW MONITOR CPU
Page 45 and 46: MONITOR CPU IS LAST LINE OF UA DEFE
Page 47 and 48: TOYOTA’S INADEQUATE SOFTWARE PROC
Page 49 and 50: NASA SOUGHT WHAT BARR GROUP FOUND
Page 51 and 52: INDIVIDUAL TASK DEATH OUTCOMES(Watc
Page 53 and 54: UA FOREVER IF BRAKE ON AT TASK DEAT
Page 55 and 56: OTHER SIMILAR INCIDENT CRITERIAVehi
Page 57: TOYOTA’S EXPERT HAS NOT REBUTTEDM

BarrSlides_FINAL_SCRUBBED.pdf?utm_content=bufferb9206&utm_medium=social&utm_source=twitter

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?