Runtime verification monitoring for automotive embedded systems using the ISO 26262 Functional Safety Standard as a guide for the definition of the monitored properties

Abstract

The ISO 26262 Road vehicles Functional Safety Standard is intended to guide the derivation of appropriate requirements and processes for avoiding systematic and/or random failures in automotive electrical/electronic equipment. Functional safety statements can be captured in the requirements specifications for automotive embedded control units and systems. However, the process of verifying the behaviour of resulting products continues to be incomplete; because embedded programme verification is unsolvable in general. This study shows that it is possible to monitor some proof obligations in the testing phase, or even in the actual operating phase of a system by the use of an on-chip, real-time runtime verification monitor. In this work, the ISO 26262 standard for functional safety is used to guide the definition of the functional safety requirements for a product, and the specific requirements are mapped to logic formulae, such that the actual runtime behaviour of the system for selected properties can be formally verified throughout the lifetime of a product. A case study example for an automotive gearbox control system is presented to demonstrate the feasibility of the scheme. The monitor is constructed as a permanent feature within an integrated circuit that can continuously observe the system's runtime behaviour.