Using Fault Injection to Verify an AUTOSAR Application According to the ISO 26262

The complexity and the criticality of automotive electronic embedded systems are steadily increasing today, and that is particularly the case for software development. The new ISO 26262 standard for functional safety is one of the answers to these challenges. The ISO 26262 defines requirements on the development process in order to ensure the safety. Among these requirements, fault injection (FI) is introduced as a dedicated technique to assess the effectiveness of safety mechanisms and demonstrate the correct implementation of the safety requirements. Our work aims at developing an approach that will help integrate FI in the whole development process in a continuous way, from system requirements to the verification and validation phase. This leads us to explore the benefits of safety analyses (Failure Mode Effects and Criticality Analysis (FMECA), Fault Tree Analysis (FTA), Critical Path Analysis (CPA) or Freedom From Interference (FFI) Analysis, etc.) for the definition of the test plan, defining efficient FI tests cases. The paper discusses the objectives and role of FI in the Verification and Validation process. It also illustrates how to apply this methodology on a platform based on AUTOSAR 4.X that integrates a trusted Front-Light Manager Application (Automotive Safety Integrity Level-ASIL B) and a non-trusted (Quality Management-QM) application. This proposed architecture allows ensuring the safety requirements with dedicated safety mechanisms and also FFI using both temporal and spatial partitioning. Finally, the results of FI test cases obtained on a mock-up running the Front-Light Manager Application, developed at Valeo GEEDS are presented.