In my opinion Toyota firmware engineers were not empowered check the quality of their own firmware, and were likely under time pressure to just Get-It-Done™
I've managed embedded C & C++ products in my career, and I always insisted that the developers be given the time to set up the firmware to run under representative load in a lab. Without fail the developers found significant problems that did not crop up during QA or dev unit testing. Tasks performed by the devs included creating and evolving simulation hardware, firmware and software to make the most representative load scenario possible to find and kill chaos. The funniest part? Nothing I ever did was in safety critical systems, and we clearly did more than Toyota.
I've managed embedded C & C++ products in my career, and I always insisted that the developers be given the time to set up the firmware to run under representative load in a lab. Without fail the developers found significant problems that did not crop up during QA or dev unit testing. Tasks performed by the devs included creating and evolving simulation hardware, firmware and software to make the most representative load scenario possible to find and kill chaos. The funniest part? Nothing I ever did was in safety critical systems, and we clearly did more than Toyota.