Fault Injection Block
Fault injection methods help to evaluate system fault tolerance. In the modern industrial safety standards, including IEC 61508, the fault injection is a required procedure to verify and ensure system reliability. The automotive safety standard ISO 26262 requires not only a single fault injection, but the combination of faults. The injection of fault in multiple locations in some studies is called ’dual-point fault’. I will call it ’Chained Fault Injection’.
In this article I introduce a new model-based fault injection method implemented as a highly-customizable Simulink block called a Fault Injection Block (FIBlock). It supports the injection of typical faults of essential heterogeneous components of Cyber-Physical Systems such as sensors, computing hardware, and network.
The FIBlock GUI allows the user to select a fault type and configure multiple parameters to tune error magnitude, fault activation, and fault exposure times. Additional trigger inputs and outputs of the block enable the modeling of conditional faults. Furthermore, two or more FIBlocks connected with the trigger signals can model so-called chained errors.
Fault Injection Block enable conduction of the fault injection experiments for the model-based safety assessment.
In the next two chapters I'll present more details on FIBlock and an example of its implementation on a test Simulink model.
How to set up FIBlock
Failure rate distribution is not supported yet! Bit flips, Time delay, and Noise faults may have some bugs :D In different FIBlock instances, the 'name' of the block in GUI must be different (must be an integer number).
The presented FIBlock is developed as a MATLAB Simulink custom library block and implemented as a masked subsystem containing MATLAB Function block with additional Simulink Clock block as second input. FIBlock also supports, what I call, a chained fault injection. Second output of a FIBlock emits a trigger flag. This output signal could be connected to the second input of other FIBlock. In case of the fault injection, emitted trigger flag connected to the different FIBlock, will force trigger the fault injection in the last one.
Fault injection is performed by the instances of the Fault Injection class, which are being created for each FIBlock with the parameters specified by the user. I've developed the Fault Injection class as an Object-oriented programmingbased implementation of the ErrorSim functions. MATLAB Function blocks support code generation with Simulink Coder, therefore it is possible to generate code for a controller.
FIBlock allows to inject different types of fault with a certain stochastic method and duration. User is able to turn on and off specific FIBlock, in case when the fault injection on a certain block is not necessary at the moment. Following is types of faults that are supported by the FIBlock, fault events, i.e. when the fault will occur, and fault effects, i.e. the duration of the fault injection:
1) Types of fault. Stuck-at: the block output stays constant, preserving the latest correct value before the error occurrence; Package drop: the correct output is replaced by the specified Value, emulating a package drop; Bias/Offset: the defined positive or negative Bias value is added to the block output; Noise: a random noise value is added. The Boundaries are defined as the percentage of the correct value; Time delay: a delay is introduced into the signal. During the delay the value is same as was before the fault activation; Bit flips: the defined Number of bits are inverted in the binary representation of the correct value.
2) Fault events. Failure probability: errors are injected based on the constant failure probability for each executionof the block function; Mean Time to Failure: errors are injected according to the specified MTTF, normal distribution.
3) Fault effects. Once: an error appears only one time during a simulation; Constant time: the block produces erroneous output during the specified time period; Infinite time: the block produces erroneous output until the end of the simulation; Mean Time to Repair: normally distributed MTTR regulates the time of the error effect.
An example of application
In this simple example I'll explain the chained fault injection with FIBlocks. Two input Sine waves with the same parameters a bsubject to the fault injection experiments. First (left) FIBlock will inject 'bias/offset' value fault stochastically with probability 0.001, fault duration is 1 second, and the fault value is 2. Second (right) FIBlock will inject 'stuck at current value' fault. Note, however, that the fault probability is deliberately set to 0 (zero).
In the first FIBlock there is also a second input signal being a constant 0 (zero) signal. The second output of this FIBlock is being a second input of the second (right) FIBlock. Remember that fault probability of second FIBlock is set to 0 (zero). Because of the chained fault injection, whenever the fault is activated in the first FIBlock, triger signal will force trigger fault injection in the second FIBlock as well.
Made By Tagir Fabarisov, TU Dresden 2020, GNU General Public License v3.0