The Toyota story is a cautionary tale to all involved in safety-critical development.
We know that growing complexity is adding to the difficulty in testing software. We know that best-practices are necessary but won't get you all the way to perfect. What is really disturbing is when those best-practices are ignored, and mission-critical functions aren't fully tested. Then we get catastrophic failure.
These musings are inspired by a hair-raising EDN article I just read about the failures in the Toyota case recently decided in Oklahoma. (Those of you who know me know I am not prone to hyperbole. The hair on my arms actually stood up as I read this article.) Most of the technical testimony in the case focused on the firmware, but there was also a perhaps little-known hardware issue, and it had to do with memory.
Here's a quote from the article for you: "Although the investigation focused almost entirely on software, there is at least one HW factor: Toyota claimed the 2005 Camry's main CPU had error detecting and correcting (EDAC) RAM. It didn't. EDAC, or at least parity RAM, is relatively easy and low-cost insurance for safety-critical systems."
You can read Michael Dunn's investigative article on the engineering issues at stake on EDN. In the meantime, what do you think? Do you use EDAC RAM? Do you think quality checks should be more stringent?
— Janine Love , UBM Tech