Hardware-in-the-Loop Testing in the Context of ISO 26262 2012-01-0035
Hardware-in-the-loop (HIL) simulation is now a standard component in the vehicle development process as a method for testing electronic control unit (ECU) software. HIL simulation is used for all aspects of development, naturally including safety-relevant functions and systems. This applies to all test tasks (from function testing to release tests, testing a single ECU or an ECU network, and so on) and also to different vehicle domains: The drivetrain, vehicle dynamics, driver assistance systems, interior/comfort systems and infotainment are all tested by HIL simulation.
At the same time, modern vehicles feature more and more safety-related systems such as Adaptive Cruise Control, Electronic Stability Program, Power Assisted Steering, and Integrated Chassis Management. To establish a uniform and commonly accepted approach for developing automotive safety-related electric/electronic systems, the safety standard ISO 26262 (“Road vehicles - Functional safety”) has been developed by OEMs, suppliers and service providers and released in late 2011. It defines certain requirements and furthermore gives recommendations on the development of automotive electronics. The ISO 26262 standard is mandatory for passenger car development worldwide.
ISO 26262 explicitly names HIL as a suitable test environment for software unit tests and integration tests, even recommends HIL for the verification of safety requirements at component level, and also names it as a suitable method for testing single ECUs/components and for testing ECU networks up to an entire virtual vehicle.
This paper describes the role of HIL simulation in the development of safety-relevant systems and the relationships between test methods proposed by ISO 26262 and HIL testing. It explains the requirements defined by ISO 26262 for HIL testing and for HIL systems used in developing safety-relevant systems, and how these requirements can be met.