Version: NASA Engineering and Safety Center 1.0 Technical Assessment Report Title: Page #: National Highway Traffic Safety Administration 2 of 134 Toyota Unintended Acceleration Investigation - Appendix A Table of Contents A.0 Software Analysis ......................................................................................................................... 7 A.1 Organization ................................................................................................................................. 7 A.2 Scope ............................................................................................................................................ 7 A.3 Facilities & Resources .................................................................................................................. 7 A.4 Technologies Applied ................................................................................................................... 9 A.4.1 Software Implementation Analysis Using Static Source Code Tools .......................................... 9 A.4.2 Software Logic Model Checking ................................................................................................ 10 A.4.3 Software Algorithm Design Analysis Using Matlab Models ..................................................... 11 A.5 Software Study ........................................................................................................................... 13 A.6 ECM Software Implementation and Basic Architecture ............................................................ 14 A.6.1 The CAN Data Network ............................................................................................................. 18 A.6.2 Reboot/Reset Scenarios .............................................................................................................. 18 A.7 Software Implementation Study ................................................................................................. 19 A.7.1 TMC Coding Rules ..................................................................................................................... 21 A.7.2 NASA Mission and Safety Critical Software Coding Rules ...................................................... 23 A.8 Static Analysis Results ............................................................................................................... 24 A.8.1 Additional NASA/JPL and MISRA Coding Rules ..................................................................... 28 A.8.2 Access to Shared Global Variables ............................................................................................. 31 A.8.3 Task Interference ........................................................................................................................ 34 A.8.4 Name Overloading/Aliasing ....................................................................................................... 38 A.8.5 Dead Code .................................................................................................................................. 40 A.8.6 Data Mirroring of Persistent Parameters .................................................................................... 41 A.9 Software Logic Model Checking ................................................................................................ 42 A.9.1 Interrupt Masking Method .......................................................................................................... 44 A.9.2 Accelerator Pedal Position Learning .......................................................................................... 47 A.9.3 Sensor Input ADC (GCCSI2) ..................................................................................................... 50 A.9.4 Motor Drive IC ........................................................................................................................... 53 A.9.5 Port Register Inputs (GCPR) ...................................................................................................... 55 A.9.6 PWM Functionality (GCPLS) .................................................................................................... 57 A.10 Software Algorithm Design Analysis Using Mathworks Models .............................................. 61 A.10.1 Modeling Effort Overview ......................................................................................................... 61 A.10.2 Model Development ................................................................................................................... 62 A.10.3 Phase 1 ........................................................................................................................................ 63 A.10.3.1 Safing Functions ......................................................................................................................... 63 A.10.3.2 Accelerator to Throttle Demand ................................................................................................. 64 A.10.4 Phase 2 ........................................................................................................................................ 65 A.10.4.1 Cruise Control ............................................................................................................................. 65 A.10.4.2 Idle Speed Control (ISC) ............................................................................................................ 66 A.10.4.3 Idle On Fuel Cut ......................................................................................................................... 67 A.10.4.4 Diagnostics ................................................................................................................................. 68 NESC Assessment #: TI-10-00618 Version: NASA Engineering and Safety Center 1.0 Technical Assessment Report Title: Page #: National Highway Traffic Safety Administration 3 of 134 Toyota Unintended Acceleration Investigation - Appendix A A.10.5 Phase 3 ........................................................................................................................................ 70 A.11 Mathworks Model Scope and Functional Description ............................................................... 71 A.11.1 Accelerator Pedal Control........................................................................................................... 71 A.11.1.1 Processing of Pedal Input Functions and Learning Functions .................................................... 72 A.11.1.2. Learning Functions and Released Position ................................................................................. 72 A.11.1.2.1Pedal Learning Algorithm .......................................................................................................... 73 A.11.1.3 Pedal Diagnostics ....................................................................................................................... 76 A.11.1.4 Sequence to Increase Throttle ..................................................................................................... 79 A.11.2 Throttle Control .......................................................................................................................... 80 A.11.3 Electronic Throttle Valve Model ................................................................................................ 86 A.11.3.1 DC Motor .................................................................................................................................... 87 A.11.3.2 Throttle Gear/Valve .................................................................................................................... 87 A.11.3.3 Throttle Sensor ........................................................................................................................... 87 A.11.3.4 Controller Description ................................................................................................................ 87 A.11.3.4.1 Lead Filter ................................................................................................................................. 88 A.11.3.4.2 Proportional Gain Lookup ......................................................................................................... 90 A.11.3.4.3 Integral Gain Lookup ................................................................................................................ 90 A.11.3.4.4 Integral Hold ............................................................................................................................. 91 A.11.3.4.5 Integral Offset ........................................................................................................................... 92 A.11.3.4.6 Integral ...................................................................................................................................... 92 A.11.3.4.7 Non-Linear Gain Treatment ...................................................................................................... 93 A.11.3.4.8 Duty-Cycle Conversion ............................................................................................................. 93 A.11.3.4.9 Output Saturation ...................................................................................................................... 93 A.11.3.5 PID Analysis ............................................................................................................................... 93 A.11.3.5.1 Integral Windup