Yeah, the EDN article is weird in many ways. Claiming that ECC RAM (never heard the term "EDAC" anywhere before) was state of the art in an ECU ("ECM") from 2005 (if I figure this right) seems a bit weird. E.g. Tricore controllers had only simple parity check until recently and some years ago even this had to be disabled for some models due to according errata.
I refuse to believe that no stack measurement was done, as this is so stupidly easy to do (initialize with stack pattern, check where from the top the first pattern was overwritten) that it was done in every project I ever saw in the last 15 years. And static stack analysis is kinda futile as it will always result in catastrophically high stack utilization. Besides, it's kinda hard to believe that a stack overflow resulted in acceleration instead of a reset.
Other stuff like the paradigm of "mirroring all important data" is questionable at least. Apart from the runtime hit when mirroring all important variables and consistency issues: what should you do if the main value and the mirrored value differ? Which one would you trust? Stuff like this was used for NVRAM or reset safe values in the past (instead of proper CRC), but just to detect inconsistency and return to a default value. For inconsistent runtime variables, you could only cause a reset from my point of view. Anyway, monitoring variables instead of monitoring functions seems like a bad idea. At least I'm not aware that this is part of any automotive safety concept. And probably for a good reason.
MISRA-C rule violations don't mean anything without further details. MISRA is very strict and a lot of rules are questionable at best. Anyway, a MISRA violation doesn't mean that the code is not working correctly. It can be just a "wrong" C++ comment, a missing (needless) cast, a goto (even if it's the best solution in some cases, e.g. leaving multiple loops) or other formal stuff.
Indeed it's not clearly described what exactly caused the task to stop. My impression is that this was neither caused by a stack overflow nor by a bit fault in SRAM, nor due to MISRA violations.
Last but not least, wrong behavior due to SW bugs or HW issues (e.g. CPU errata) can never be ruled out, even in the most safety relevant systems and when following all possible processes and regulations. Therefore there has to be a safety concept on the system side which avoids critical behavior - and unintended acceleration is the top candidate there. In every ECU I ever saw there was a secondary controller checking the safety relevant paths. E.g. monitoring the pedal sensor values, comparing them to the ones reported by the CPU and shutting off the engine (or performing a reset) in case of severe misbehavior.
So it seems that Toyota (or the according supplier) hasn't implement a valid safety concept. This is the main issue, not bugs in the software or whatever.