Final published version
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - On the Effective Use of Fault Injection for the Assessment of AUTOSAR Safety Mechanisms
AU - Piper, T.
AU - Winter, S.
AU - Suri, Neeraj
AU - Fuhrman, T.E.
PY - 2015/9/7
Y1 - 2015/9/7
N2 - The automotive safety standard ISO 26262 strongly recommends the use of fault injection (FI) for the assessment of safety mechanisms that typically span composite dependability and real-time operations. However, with the standard providing very limited guidance on the actual design, implementation and execution of FI experiments, most AUTOSAR FI approaches use standard fault models (e.g., bit flips and data type based corruptions), and focus on using simulation environments. Unfortunately, the representation of timing faults using standard fault models, and the representation of real-time properties in simulation environments are hard, rendering both inadequate forthe comprehensive assessment of AUTOSAR's safety mechanisms. The actual development of ISO 26262 advocated FI is further hampered by the lack of representative software fault models and the lack of an openly accessible AUTOSAR FI framework. We address these gaps by (a) adapting the open source FI framework GRINDER to AUTOSAR and (b) showing how to effectively apply it for the assessment of AUTOSAR's safety mechanisms. © 2015 IEEE.
AB - The automotive safety standard ISO 26262 strongly recommends the use of fault injection (FI) for the assessment of safety mechanisms that typically span composite dependability and real-time operations. However, with the standard providing very limited guidance on the actual design, implementation and execution of FI experiments, most AUTOSAR FI approaches use standard fault models (e.g., bit flips and data type based corruptions), and focus on using simulation environments. Unfortunately, the representation of timing faults using standard fault models, and the representation of real-time properties in simulation environments are hard, rendering both inadequate forthe comprehensive assessment of AUTOSAR's safety mechanisms. The actual development of ISO 26262 advocated FI is further hampered by the lack of representative software fault models and the lack of an openly accessible AUTOSAR FI framework. We address these gaps by (a) adapting the open source FI framework GRINDER to AUTOSAR and (b) showing how to effectively apply it for the assessment of AUTOSAR's safety mechanisms. © 2015 IEEE.
KW - AUTOSAR
KW - fault injection
KW - instrumentation
KW - ISO 26262
KW - robustness testing
KW - Open source software
KW - AutoSAR
KW - Fault injection
KW - Robustness testing
KW - Software testing
U2 - 10.1109/EDCC.2015.14
DO - 10.1109/EDCC.2015.14
M3 - Conference contribution/Paper
SP - 85
EP - 96
BT - 2015 11th European Dependable Computing Conference (EDCC)
PB - IEEE
ER -