n**********2
发帖数: 648 | 1 【 以下文字转载自 Automobile 讨论区 】
发信人: chauncey (ag), 信区: Automobile
标 题: 丰田的自动加速是因为ECM代码写的太烂了
发信站: BBS 未名空间站 (Sun Apr 26 11:27:39 2015, 美东)
http://www.edn.com/design/automotive/4423428/Toyota-s-killer-fi
https://news.ycombinator.com/item?id=9440094
>> The Camry ETCS code was found to have 11,000 global variables. Barr
described the code as “spaghetti.” Using the Cyclomatic Complexity metric,
67 functions were rated untestable (meaning they scored more than 50). The
throttle angle function scored more than 100 (unmaintainable).
代码里有11,000个全局变量,67个函数被认为是根本没法测试的因为代码太乱了。油门
角度的函数被认为是没法维护的
>> Toyota loosely followed the widely adopted MISRA-C coding rules but Barr
’s group found 80,000 rule violations. Toyota's own internal standards make
use of only 11 MISRA-C rules, and five of those were violated in the actual
code. MISRA-C:1998, in effect when the code was originally written, has 93
required and 34 advisory rules. Toyota nailed six of them.
丰田违反了80,000次编程规范。丰田自己的内部标准只采用了11项MISRA-C规范,这其
中5项在实际编程中被违反。MISRA-C应该是有93项必须的规范和34条建议规范。丰田只
符合了6项规范
Stack overflow. Toyota claimed only 41% of the allocated stack space was
being used. Barr's investigation showed that 94% was closer to the truth. On
top of that, stack-killing, MISRA-C rule-violating recursion was found in
the code, and the CPU doesn't incorporate memory protection to guard against
stack overflow.
丰田宣称只用了41%的栈空间,但是调查发现实际使用了94%,而且没有任何栈溢出的保
护(栈溢出会毁坏数据使得程序的运行变得不可预料)
Toyota's ETCS used a version of OSEK, which is an automotive standard RTOS
API. For some reason, though, the CPU vendor-supplied version was not
certified compliant.
Unintentional RTOS task shutdown was heavily investigated as a potential
source of the UA. As single bits in memory control each task, corruption due
to HW or SW faults will suspend needed tasks or start unwanted ones.
Vehicle tests confirmed that one particular dead task would result in loss
of throttle control, and that the driver might have to fully remove their
foot from the brake during an unintended acceleration event before being
able to end the unwanted acceleration.
丰田的CPU用的是没有经过认证的。由于硬件或软件造成的内存数据毁坏由此导致需要
的任务被关闭或者启动不需要的任务被认为是造成自动加速的潜在原因。测试确认一个
特定的被关闭的任务会导致失去油门控制
我不下任何结论,只说事实。 | b*******s
发帖数: 5216 | 2 skill set issue of embedded system engineers |
|
