Looking for Safer Autonomous Vehicles using Fault Injection

Autonomous vehicle technology has the potential to redefine the automotive world and will definitely bring major benefits for road safety, emissions and congestions. With the growth of control complexity and the reduction of the driver’s role, many challenges arise with respect to the safety and controllability risk assessment of these vehicles.

The Cyber-Security & Safety team is working on a simulation-based approach for safety assessment of autonomous vehicles using fault injection techniques. This is a joint research work with the Autonomous Vehicle team and supported by the TECNALIA’s ICT Cluster. Our approach is being evaluated on a case study for the model-based design of a lateral control function embedded in an urban vehicle (Renault Twizy).

Among the unique challenges of designing automated cars is ensuring the ability to avoid a specified harm or damage through the timely reactions of the vehicle, assuming the driver is out of the loop. We refer to this ability as controllability. Additional focus needs to be given to controllability assessment, such as the accounting of stringent new conditions when performing hazard analysis. The most critical vehicle functions demand fail-operational behaviour, as the system cannot simply shut down silently, i.e. fail-silent behaviour is not acceptable for highly automated driving. Traditional validation and verification methods might not be sufficient, especially to perform combinations of exceptions in unusual operation conditions. A promising approach to overcome this limitation is fault injection.

We are developing a simulation-based fault injection framework to:

  • Get testing data regarding failure modes and failure effects of automated critical functions as a way to complement standard safety analysis techniques. We integrate our methodology with Hazard Analysis and Risk Assessment (HARA) activities as defined in the ISO-26262 standard (functional safety of electrical and/or electronic systems in road vehicles).
  • Calculate the Fault Tolerant Time Interval (FTTI), which is directly related to the controllability of vehicles. This parameter is crucial when calculating the maximum time for system reconfiguration (instead of a simply shut-down) before a hazardous event occurs.
  • Evaluate and improve the robustness of automated functions. Fault injection helps us to identify additional design areas to be added to improve dependability assurance and whether we need to concentrate more testing in specific areas to guarantee the robustness of the vehicle against harms.
  • Obtain trade-off evaluation results between safety and cost issues, already at concept level, by using a vehicle simulation environment.

For simulation purposes, we use the TECNALIA’s Dynacar platform, which is a real-time vehicle dynamics simulation software solution. It provides a high-fidelity vehicle physics simulation basing a multibody dynamics models (i.e.: engine, transmission, steering system, braking system, aerodynamics). In our research, the FTTI parameter of a given vehicle item must remain within the limits given by physical properties of the respective functionality e.g., the maximal time span the lateral control is allowed not to be under control without losing vehicle controllability. By using fault injection, we were able to determine the fault detection interval for permanent faults based on the maximum lateral error and steering saturation, as a vehicle controllability property.

The use of model-based design (MBD) yields significant benefits in combination with the inclusion of fault injection blocks. In the traditional model of software/product development, almost all the testing effort has been mainly put on the right side of the established ISO-26262’s V-model. Consequently, the possible defects that can arise might be discovered late leading to unwanted redesigns and increasing product costs. By using MBD some of this testing effort is shifted to the left side of the V-model allowing early validation and verification, thus reducing development time and saving significant amount of resources and cost.

Our fault injection framework is under development and we currently focus on relaxing the fault simulation constraints and instrumenting the automated assessment work. This includes: (1) to add the capability of collapsing and automating the injection of faults at post-processing stage, (2) the definition of generic fault models to be ready available in a database, (3) the evaluation of the acceptable time for switching the control to the driver while keeping controllability, and (4) to increase the automation of the full fault injection process from HARA to the generation of assessment reports.

The TECNALIA's research team working in this topic is composed of Garazi Juez, Ray Lattarulo, Estibaliz Amparan, Alejandra Ruiz, Joshue Perez and Huascar Espinoza.

Share this post