Common use of Fault Injection Clause in Contracts

Fault Injection. Fault injection is a fundamental technique required by ISO26262 norm to provide evidence that the obtained product complies with the safety requirements. Main goal of this technique is to support the assessment of: • the correct implementation of functional safety and technical safety requirements during: • HW/SW integration, system integration and vehicle integration phases, to verify that the integrated elements interact correctly. • HW development phase. • SW unit development phase and during SW unit integration on a SW architecture • the effectiveness of a safety mechanism's diagnostic coverage at the HW/SW development phase and failure coverage at system/vehicle level One of the main goals of the MAENAD project is to develop capabilities for modelling and analysis support, following ISO 26262. In this context, MAENAD language and related tools could provide support for experimental V&V activities based on fault injection technique with different scope: during the design phase of fault injection experiments, where models of the systems are used to transfer information useful for the design of test experiments according with the methods expressed by the norm, and during the execution of fault injection experiments. Across the whole WP6 analysis activities, a test bench will be used as a basis to evaluate, to some extent, the correctness of the results of the MAENAD Analysis workbenches and the related fitness of purpose from the user perspective, and to assess the capability of MAENAD to support V&V activities based on fault injection technique. The test bench, realized with Rapid control prototype technologies, is intended to close the loop between "design phase" and "production phase". The support for the analysis activities falls down in different application fields: 1) Evaluation of the correctness of results of the timing analysis. The effectiveness of the Timing plug-in and the predictability of the Timing analysis engine will be evaluated by comparing the results coming from a virtual analysis and the experimental results of a deployed FEV function on the target HW. Similarly, the same approach will be applied for the evaluation of safety related features that decay in the timing analysis fields, such as the evaluation of the fault detection time interval. 2) Evaluation of the correctness of results of the Dependability plug-in. The correctness of the FMEA & FTA generated automatically by the Dependability plug-in will be assessed through fault injection experiments performed on the deployed functions. 3) Evaluation on the suitability of model “transformation related plug-in” to external simulation engine tools (e.g. Simulink) for V&V activities and model based design of control algorithms. This includes the evaluation of the suitability of the translated Environment model for HIL based testing techniques (simulation of the plant), as well for the development of control algorithm for embedded systems. 4) Evaluation on the suitability of MAENAD modelling language to support design of fault injection experiment and their execution using on a real subsystem. The test bench is designed to provide support for Fault injection experiment, especially those related to Integration phases (system level and vehicle level) of the safety lifecycle. Focus will be on a subsystem of a real vehicle, interaction of this subsystem with the rest of the plant will be emulated through dedicated HIL technologies. The following picture provide an overview on the physical demonstrator, green boxes highlight the real component of the physical test bench setup. Interaction of the physical components with the emulated subsystem will be done through the communication network. INTERFACES •Motor •Battery •Power Electronics •Accelerator pedal (emulated) ITEM •HVJB EVC •PRND (simulated) •Brake pdl FIU Figure 4-1:Test bench demonstrator concept and design diagram

Fault Injection. Fault injection is a fundamental technique required by ISO26262 norm to provide evidence that the obtained product complies with the safety requirements. Main The main goal of this technique is to support the assessment of: • the correct implementation of functional safety and technical safety requirements during: • HW/SW integration, system integration and vehicle integration phases, to verify that the integrated elements interact correctly. • HW development phase. • SW unit development phase and during SW unit integration on a SW architecture • the effectiveness of a safety mechanism's diagnostic coverage at the HW/SW development phase and failure coverage at system/vehicle level One of the main goals of the MAENAD project is to develop capabilities for modelling and analysis support, following ISO 26262. In this context, MAENAD language and related tools could provide support for experimental V&V activities based on fault injection technique with different scope: during the design phase of fault injection experiments, where models of the systems are used to transfer information useful for the design of test experiments according with the methods expressed by the norm, and during the execution of fault injection experiments. Across the whole WP6 analysis activities, a test bench will be used as a basis to evaluate, to some extent, the correctness of the results of the MAENAD Analysis workbenches and the related fitness of purpose from the user perspective, and to assess the capability of MAENAD to support V&V activities based on fault injection technique. The test bench, realized with Rapid control prototype technologies, is intended to close the loop between the "design phase" and the "production phase". The support for the analysis activities falls down in different application fields: 1) Evaluation of the correctness of results of the timing analysis. The effectiveness of the Timing plug-in and the predictability of the Timing analysis engine will be evaluated by comparing the results coming from a virtual analysis and the experimental results of a deployed FEV function on the target HW. Similarly, the same approach will be applied for the evaluation of safety related features that decay in the timing analysis fields, such as the evaluation of the fault detection time interval. 2) Evaluation of the correctness of results of the Dependability plug-in. The correctness of the FMEA & FTA generated automatically by the Dependability plug-in will be assessed through fault injection experiments performed on the deployed functions. 3) Evaluation on the suitability of model “transformation related plug-in” to external simulation engine tools (e.g. Simulink) for V&V activities and model based design of control algorithms. This includes the evaluation of the suitability of the translated Environment model for HIL based testing techniques (simulation of the plant), as well for the development of control algorithm for embedded systems. 4) Evaluation on the suitability of MAENAD modelling language to support design of fault injection experiment and their execution using on a real subsystem. The test bench is designed to provide support for Fault injection experiment, especially those related to Integration phases (system level and vehicle level) of the safety lifecycle. Focus will be on a subsystem of a real vehicle, interaction of this subsystem with the rest of the plant will be emulated through dedicated HIL technologies. The following picture provide an overview on the physical demonstrator, green boxes highlight the real component of the physical test bench setup. Interaction of the physical components with the emulated subsystem will be done through the communication network. ITEM •HVJB •PRND •Brake pdl INTERFACES •Motor •Battery •Power Electronics •Accelerator pedal (emulated) ITEM •HVJB EVC •PRND (simulated) •Brake pdl FIU Figure 4-1:Test bench demonstrator concept and design diagramdiagram The following picture show the Brake Accellerator PRND EVC HWJB Figure 4-2: test bench prototype