He found massive failures in all of the safety systems, and successfully demonstrated that a single bit flip could cause the task responsible for controlling the gas/fuel mixture to stop running, preventing the driver from decelerating the car. The safety mechanisms in the car would entirely fail to catch this, and at this point Toyota wasn't using error-correcting RAM, so it's not entirely implausible.
He found many possible buffer overflows, stack overflows, race conditions, and unsafe casts that could lead to memory corruption or logic errors. He went on at length about bigger-picture design flaws in the way that their failsafes were implemented, rendering them often useless. They explicitly ignored error codes from the operating system which indicated that things were going wrong, as well as from their own code which was warning them that the CPU was overburdened and necessary tasks my not have been completed.
He testifies that Toyota has no real bug tracking system, no consistent code review, and had countless violatings of both their own safe coding standards, and other standards which they had had contributed to.
None of this is finding the bug. RAM bits almost never flip, and "a single bit" - "the" bit he pointed to - flipping on multiple occasions is a virtual impossibility. As to all those other things: yes, bad stuff, did he see how at the "small picture level" these faults could cause the problem though? The whole thing is extremely unclear and blaming all those different things smells of not having actually understood the problem.
He found massive failures in all of the safety systems, and successfully demonstrated that a single bit flip could cause the task responsible for controlling the gas/fuel mixture to stop running, preventing the driver from decelerating the car. The safety mechanisms in the car would entirely fail to catch this, and at this point Toyota wasn't using error-correcting RAM, so it's not entirely implausible.
He found many possible buffer overflows, stack overflows, race conditions, and unsafe casts that could lead to memory corruption or logic errors. He went on at length about bigger-picture design flaws in the way that their failsafes were implemented, rendering them often useless. They explicitly ignored error codes from the operating system which indicated that things were going wrong, as well as from their own code which was warning them that the CPU was overburdened and necessary tasks my not have been completed.
He testifies that Toyota has no real bug tracking system, no consistent code review, and had countless violatings of both their own safe coding standards, and other standards which they had had contributed to.
The corresponding Reddit discussion at http://www.reddit.com/r/programming/comments/1pgyaa/ may also be of interest.