The increasing complexity and certification needs of cyber-physical systems (CPS) requires improved methods of dependability analysis. Fault injection (FI) is an experimental-based way for safety analysis of a system which is mainly divided in model-based, software-based and hardware-based techniques. For safety analysis during model-based development, FI mechanisms can be added directly into models of hardware, models of software and/or models of the system. This approach is denoted as model-implemented hybrid FI. The availability of a modelling environment such as Simulink allows for early stage verification of FI experiments to analyze the correct behavior of the system-under-design. This results in a reduced time and cost by testing at early stages of the development process. This paper presents an automated framework to inject faults in the Simulink model. The framework is not only limited to injection at the model-in-the-loop (MiL) level but is also applicable at other approximation levels in model-based testing such as hardware-in-the-loop (HiL). The modeler instruments the model with FI blocks to specify which faults need to be injected and when they should be injected. This model is converted to a fault-injected model and a FI orchestrator that allows the FI experiment to run automatically. The framework is completely build upon the generative technique of model transformation, allowing it to be ported to other formalisms and tool environments.

1. 1
Model-Implemented Hybrid Fault Injection for
Simulink (Tool demonstration)
Mehrdad Moradi, Bert Van Acker, Ken Vanherpen and Joachim Denil
Oct. 5, 2018
CyPhy workshop

2. 2 2
“It takes dozens of microprocessors running 100 million lines of code to get a premium
car out of the driveway, and this software is only going to get more complex”
http://www.real-programmer.com/interesting_things/IEEE%20SpectrumThisCarRunsOnCode.pdf
Fault
injection
Fault lib
MiL fault
injection
HiL fault
injection
Conclusion
Future
direction

3. 3
Dependability Analysis
What to be checked?
• Robustness
• Determining failure modes
• Safety
• Etc….
How?
Fault injection
A testing technique that aids in understanding how [virtual/real]
system behaves when stressed in unusual ways
3
Fault
injection
Fault lib
MiL fault
injection
HiL fault
injection
Conclusion
Future
direction

4. 4
Running example
Power window
4
Fault
injection
Fault lib
MiL fault
injection
HiL fault
injection
Conclusion
Future
direction

5. 5
Terminology
5
• Fault
• Error
• Failure
• Yu, Y., et. al. : Fault Injection Techniques and Tools for Embedded Systems Reliability Evaluation
• A. Pecchia, M. Cinque and D. Cotroneo, "Event Logs for the Analysis of Software Failures: A Rule-Based Approach,"
in IEEE Transactions on Software Engineering, vol. 39, no. , pp. 806-821.
Fault
injection
Fault lib
MiL fault
injection
HiL fault
injection
Conclusion
Future
direction

6. 6
Types of fault injection
6
Fault
injection
Fault lib
MiL fault
injection
HiL fault
injection
Conclusion
Future
direction

7. 7
Fault injection environment
• Fault Injection Techniques and Tools
• J. Arlat, M. Aguera, L. Amat, Y. Crouzet, J.C. Fabre, J.-C. Laprie, E. Martins, D. Powell, Fault Injection for Dependability Validation: A
Methodology and some Applications, IEEE Transactions on Software Engineering, Vol. 16, No. 2, February 1990, pp. 166–182
7
FARM model:
1. the set of Faults to be injected,
2. the set of Activations exercised during the experiment,
3. the Readouts to define observers of system behavior,
4. the Measures dependability properties.
Fault
injection
Fault lib
MiL fault
injection
HiL fault
injection
Conclusion
Future
direction

8. 8
Our contribution
Generative techniques: Model implemented Fault Injection by explicit
modelling of FARM in Simulink to setup the experiments both for
Model-in-the-Loop (MiL) and Hardware-in-the-Loop (HiL)
8
Embedded
Target
Real-Time
System
Fault
injection
Fault lib
MiL fault
injection
HiL fault
injection
Conclusion
Future
direction
Control Models Plant Models
MiL
HiL

9. 9
Fault Library
• Hard- and software fault type
• Fault nature
• Categories
• Block insertion/drop
• Open link
• Data changing
• latency
9
Fault
injection
Fault lib
MiL fault
injection
HiL fault
injection
Conclusion
Future
direction

10. 10
Why these faults?
Data changing
Latency
10
.
.
.
Fault
injection
Fault lib
MiL fault
injection
HiL fault
injection
Conclusion
Future
direction

11. 11
Modeling faults
11
Annotation Block
Fault
injection
Fault lib
MiL fault
injection
HiL fault
injection
Conclusion
Future
direction

12. 12
Modeling faults
12
Annotation Block
Fault
injection
Fault lib
MiL fault
injection
HiL fault
injection
Conclusion
Future
direction (FARM) User defines the set of Fault

13. 13
How to inject faults?
13
Fault
injection
Fault lib
MiL fault
injection
HiL fault
injection
Conclusion
Future
direction

14. 14
How to inject faults?
14
.
.
.
Fault
injection
Fault lib
MiL fault
injection
HiL fault
injection
Conclusion
Future
direction
Model
Transformation

15. 15
When to inject?
15
Orchestrator
Fault
injection
Fault lib
MiL fault
injection
HiL fault
injection
Conclusion
Future
direction
(FARM) defining the Activation time

16. 16
Model-in-the-Loop demo
16
Fault
injection
Fault lib
MiL fault
injection
HiL fault
injection
Conclusion
Future
direction
Control Models Plant Models

17. 17
Model-in-the-Loop
17
Normal Simulation Faulty Simulation
Up
Down
Window
Position
External
Force
Fault
injection
Fault lib
MiL fault
injection
HiL fault
injection
Conclusion
Future
direction

18. 18
Model-in-the-Loop to Hardware-in-the-Loop
18
Embedded Target
Real-Time System
Fault
injection
Fault lib
MiL fault
injection
HiL fault
injection
Conclusion
Future
direction
Control Models Plant Models
Code
Generation
Code
Generation

19. 19
HiL Fault Injection
19
Fault
injection
Fault lib
MiL fault
injection
HiL fault
injection
Conclusion
Future
direction

20. 20
Task0
DeadlineStart time
Execution time
Slack
Slack
20
• Use slack to save time
• Greedy approach
• Slack mapper
...
Fault
injection
Fault lib
MiL fault
injection
HiL fault
injection
Conclusion
Future
direction

21. 21
Fault Injection Orchestrator
21
Fault
injection
Fault lib
MiL fault
injection
HiL fault
injection
Conclusion
Future
direction

22. 22
Hardware-in-the-Loop Demo
22
Fault
injection
Fault lib
MiL fault
injection
HiL fault
injection
Conclusion
Future
direction

23. 23
Conclusion
• The framework automated the FI process
• MiL
• Model level fault injection
• HiL
• Execution based fault injection
• Cover almost all of fault type
• Able to define scenario
23
Fault
injection
Fault lib
MiL fault
injection
HiL fault
injection
Conclusion
Future
direction

24. 24
Future direction
▪ Complete FARM model
▪ Temporal Logic
▪ Efficient fault injection
▪ Increase fault coverage and speed
▪ Complex fault injection scenario
▪ Trace back from failure to fault
24
Fault
injection
Fault lib
MiL fault
injection
HiL fault
injection
Conclusion
Future
direction

25. 25
Thank you for your attention
For watching Demo’s video: https://www.youtube.com/channel/UCvfwLU_G0FrbSl1Ef7fbHUg