Early Assessment of System-Level Safety Mechanisms through Co-Simulation-based Fault Injection

Depending on the autonomy level, safety assessment leads to different functional safety requirements for advanced driver-assistance systems and autonomous driving functions. To provide the necessary guarantees, technical safety requirements are derived that support the safety case by means of appropriate system architectures. These build on safety mechanisms: Technical solutions responsible for maintaining the intended functionality (fail-operational) or transition to a safe state in the presence of hardware and software faults (fail-safe). As the choice and implementation of such safety mechanisms are critical decisions with a high impact on the overall architecture, their early validation is crucial for an efficient engineering process. However, analytical safety analysis techniques applied to date support only coarse time models and do not provide explicit guidance for considering systemic realtime properties of closed-loop systems. Therefore, we propose a simulation-based fault injection framework to identify problematic emerging temporal behaviors such as instability. In contrast to existing solutions, we leverage the Functional Mock-up Interface (FMI) standard for black-box co-simulation to overcome intellectual property concerns in distributed automotive supply chains and to account for heterogeneous tool landscapes. By considering the allocation of software units to processing elements as well as the communication infrastructure, our contribution allows for the injection and propagation of faults affecting a vehicle's software and its electrical/electronic (E/E) architecture, which is crucial for the assessment of safety mechanisms. Experimental results obtained by applying the approach to an industry-oriented use case indicate its validity and low overhead.