Using MOBATSim for Simulation-based Fault Injection

Since MOBATSim works completely on MATLAB and Simulink, there is no need for a chain of tools with defined interfaces. The Graphical User Interface (GUI) of MOBATSim is developed on MATLAB App Designer and is used to define the simulation parameters. These simulation parameters can also be defined using an m-file and should include information such as the number of vehicles, starting points of the vehicles, ending points of the vehicles, mass, size and their allowed top speed. The parameters regarding the dynamics of the vehicles, such as acceleration curves can be edited directly from the Simulink models of the vehicles. The Simulink models (click to see the autonomous vehicle models in MOBATSim) are designed to clearly show the interface and the input/output relationship between different components inside the vehicles. This interface allows the user to view any signal that is relevant to their interest by simply logging in to the workspace or viewing the signal by a scope block. These components can be broken down into smaller subsystems in order to simulate Electronic Control Units (ECUs). This customization allows the user to simply test different ECUs by replacing the component to be tested.

The testing according to ISO 26262 is a complicated task which requires rigorous analysis. The relevant parts of the safety standard for assessing the functional safety of a vehicle will be explained in detail (coming soon). Fault injection is a method recommended by the ISO 26262 standard which is used to simulate the faulty behavior of a component. For example, Chapter 11 Clause 5.5.2. of the standard is dedicated to the injection of faults in sensors, transducers, and MEMS (Micro-Electro-Mechanical Systems).

Error propagation analysis by using simulation-based fault injection (soon published at IAV2019) is a powerful method for either figuring out the effects of component faults in the system or finding the root causes of common failures and hazards. An example of an error propagation analysis done in our paper is illustrated below.

Error propagation analysis

This analysis can easily be mapped on to Simulink because of the clear interfaces between the vehicle components. In the figure below, red thunderbolt depicts the component where the faults are injected, red boxes depict the direct propagation whereas the orange boxes depict the conditional propagation of the injected fault. Therefore we can say that the "EmergencyCase" and the "DrivingMode" values or only affect in the presence of severe errors caused by the injected faults. The results of the paper help us the severity edge of the faults before collisions happen.

MOBATSim Simulink Model

Results are shown in the plot below. More detailed information will be published soon in IAV2019.

MOBATSim Safety Violation