Virtualized Fault Injection Methods in the Context of the ISO 26262 Standard 2012-01-0001
Software quality is one of the biggest concerns of the automotive industry. Releasing a product with defects and having a recall can have enormous direct and indirect cost for an automotive OEM. In order to improve software quality is not sufficient to only increase the number of tests. It is extremely important to establish more sophisticated tests that can cover corner cases which are not unveiled during normal operation. Typically, corner cases are very difficult to test as those are often only triggered when the underlying hardware fails or the software gets unexpectedly corrupted. How to test those cases, to make sure that the right SW routines are executed and that the system moves back on time to a safe state? Fault-injection methods are typically used to cover a subset of these tests. However, there are quite some limitations on how effective and cost efficient existing methods can be applied for a more extensive coverage.
The upcoming ISO 26262 Functional Safety standard defines fault-injection testing as a relevant method to be applied for different parts of the standard. At the system level (part 4) fault-injection testing is proposed as a highly recommended method for ASIL C/D to improve test coverage of safety measures that are not invoked during normal operation. At the hardware level (part 5) fault-injection testing is also recommended for highest ASIL whenever a hardware safety mechanism is defined to analyze its response to faults. And finally, at the software level (part 6) fault-injection testing is highly recommended for ASIL C/D where arbitrary faults corrupting software or hardware components must be injected to test the safety mechanism. However the standard does not define how the existing fault-injection techniques can be applied in order to satisfy its requirements.
In this paper a simulation-based fault-injection solution based on Virtual Prototyping technology is presented. Real fault-injection scenarios are described using a Freescale dual core virtual MCU model. This work illustrates how the unmatched visibility and controllability capabilities of virtual prototypes are leveraged to build a fault-injection framework. This fault-injection framework enables the description of very complex test scenarios involving software and hardware elements. Moreover, the analysis capabilities of our solution allow tracing the software and hardware activities over time. This enables a better understanding of the correlation between fault and response and allows validating whether it is correct or not. The scripting capabilities of our framework allow fault-injection tests to be part of the overall regression testing. This removes the human interaction and reduces the effort for this type of testing dramatically.