Author | ktw624
Editor | Not Eating Pig Head Meat
IntroductionWith the rapid development of intelligent connected vehicle technology, the driving experience and travel efficiency have significantly improved, and people’s attention to safety has also increased. To ensure driving safety, functional safety standards such as ISO 26262 impose strict requirements on automotive electronic and electrical systems, among which fault injection testing is an important means to verify the effectiveness of system safety mechanisms. The goal of functional safety testing based on fault injection is to verify the stability and reliability of the hardware and software systems of intelligent connected vehicles under various fault conditions (whether they can enter a safe state or perform predetermined safety operations in the event of a system failure). Key points include fault simulation, fault response assessment, and safety function verification. Functional safety testing in a test bench or simulation environment is difficult to fully reflect the system’s performance under real driving conditions due to issues such as model accuracy, confidence, and system integrity. This article will focus on how to automate the simulation of various fault scenarios under real driving conditions to comprehensively verify the system’s fault detection, safety response mechanisms, and more realistically assess the system’s functional safety performance.
Functional Safety Testing Equipment
Functional safety testing equipment architectureAs shown in the figure above, the functional safety testing equipment launched by Beihui Information mainly consists of five major components:
Automated Control System: Uses CANoe for hardware configuration, virtual gateway routing, and test page development; uses vTESTstudio for test script editing and management.
Fault Injection Hardware Devices: Uses Vector VN and VT series boards, equipped with video fault injection boards, electrical fault injection boards, and other customized devices to achieve the transmission and reception of various communication data.
Measurement Devices: Uses combined inertial truth devices and sensor devices for real-time detection of vehicle motion status.
Customized Connectors: Used for mapping management of hardware channel resources, facilitating quick switching of controllers/targets.
Power Supply Devices: Uses a 220V portable power supply and programmable power supply for powering hardware devices and controllers.
The core principle is: To connect the fault injection hardware devices in series between the controller and the target, to transmit and receive different types of data (such as CAN/Ethernet bus, I/O, video, ultrasound, etc.), and through CANoe’s processing of communication data and configuration of hardware devices, to achieve the construction of four major types of fault scenarios; combined with real-time monitoring of bus signals and measurement devices to detect vehicle status, verify the system’s fault detection and safety response mechanisms, and complete the evaluation of the system’s functional safety performance.
Implementation of Functional Safety Fault ScenariosAs mentioned above, the fault scenarios for functional safety testing mainly include four major categories from the perspective of generation mechanisms. These different types of fault injections can comprehensively verify the system’s fault detection, diagnosis, and safety response mechanisms, ensuring that the system can maintain a safe state under various fault scenarios:
Communication Data Faults: Abnormal signal values from sensors, actuators, and controllers; such as camera image quality faults (color abnormalities, screen flickering, occlusion, underexposure, overexposure, etc.), abnormal wheel speed signals (offset, jamming, disturbance, etc.), brake pedal displacement sensor faults, brake fluid level sensor faults, unintended steering, unintended acceleration, etc.
Communication Link Faults: Communication interruptions, losses, delays, etc.; such as CAN bus Bus-off, frame loss, delays, TCP/UDP disconnections, unstable message cycles, GMSL link faults (such as camera stream interruptions, black frames, frame loss, jamming, delays, multi-camera synchronization issues, etc.).
Physical Link Connection Faults: Connection faults such as open circuits and short circuits (to power, ground, between pins), etc.
Power Supply Faults: Abnormalities such as power fluctuations, overvoltage, and undervoltage.
Simple and Efficient Device UsabilityIn addition to the coverage of functional safety fault scenarios and the comprehensiveness of testing, user-friendly test pages, one-click switching of test modes, quick switching of test items, fully automated testing, and data recording and analysis functions can significantly enhance the efficiency of device usage.1. User-Friendly Test PagesDesign clear, intuitive, and interactive standardized test pages using the Panel Designer feature of CANoe.
Test page illustration2. One-Click Switching of Test ModesDuring real vehicle testing, fault mode and non-fault mode can be switched with one click through a three-way board, and when the testing device unexpectedly stops running or loses power, it automatically switches to non-fault mode to ensure the vehicle can operate normally.3. Quick Switching of Test ItemsSwitching test items includes switching hardware devices and adapting test projects.Hardware device switching: Through customized connectors, one end maps to fault injection hardware resources, and the other end is a standard connector (such as DB9, rubber head, vehicle Ethernet connector), allowing for quick switching of hardware by simply plugging and unplugging the controller/target end connectors.Test project adaptation: The main workload for switching test projects is updating the communication database files, which can be easily configured and compiled in CANoe by converting standard database files into .can files using code generation tools, significantly reducing the amount of manual coding required and shortening the project switching cycle.4. Fully Automated TestingIntegrating programmable hardware devices, testing software CANoe, and automated testing software vTESTstudio enables fully automated functional safety testing of real vehicles, where users only need to run test scripts to improve testing efficiency and reduce testing risks.5. Data Recording and AnalysisCANoe can not only record and analyze CAN/Ethernet bus message data but also supports external USB cameras to record video data, facilitating monitoring of vehicle instruments/screens during testing.
Flexible Product FormsFunctional safety testing equipment can be standardized or customized. Standardized equipment has fixed types of hardware resources and channel numbers, with limited fault constructions, covering the minimum requirements for regulatory standard functional safety testing; customized equipment can be configured according to actual needs, covering various fault simulations comprehensively, improving the coverage of functional safety testing.
Left – Standardized equipment, Right – Customized equipment
ConclusionFunctional safety testing is an important means to ensure the reliable operation of intelligent automotive systems, and through scientific testing methods and rigorous verification processes, it can effectively identify potential safety hazards, providing strong assurance for the safe implementation of intelligent functions and delivering a reliable intelligent experience to users.Beihui Information is a high-tech enterprise focused on automotive electronic testing, leveraging the software and hardware tools of its partner Vector to provide customers with comprehensive testing solutions and related testing services covering intelligent driving/cockpit/power/chassis/vehicle control and MiL/SiL/HiL/ViL/real vehicle testing, assisting in the R&D testing and rapid iteration of automotive electronic products.Note: Some images in this article are sourced from Vector.