Testing Safety-Critical Systems for Automotive: Harnessing Technology to Save Lives

I was recently speaking in Germany at the Automotive Ethernet Congress about robustness testing of automotive Ethernet networks as it pertains to conformance, performance and controlled noise injection. Below is the Q&A from the interview I had with a leading German news outlet where we discussed the challenges and benefits of Automotive Ethernet Testing.

What challenges are there for automotive Ethernet conformance testing and validation?

The challenge for Automotive Ethernet testing is each OEM wants to customize on top of existing standards. Spirent helps address this by offering flexible, configurable and editable test scripts inside a user friendly integration development environment, which allows customers to change, re-compile and re-run conformance test suites. The real value comes from working with world-class research and developments departments across the globe to enhance and update the Test Suites offered to customers for: Autosar, OPEN Alliance, IEEE, AVB, TSN and AVnu Alliance Automotive test plans. The need for devices to be interoperable when connected to an Ethernet network has never been greater to ensure a robust and reliable system design.

What are the benefits of testing Automotive Ethernet performance testing?

Performance testing of a closed automotive network allows the tester to uncover issues before they become issues. The benefit of this is that you don’t need to have your application code 100 percent to check the data flow of a packet switched network.  Just recently I had a customer indicate how powerful our testing methodology is for our RFC2544 switch benchmarking tests. Our customer was able to find holes inside their switch configuration that they didn’t know existed before running the benchmarks. Performance testing can also help identify latency, jitter and throughput issues in a live network. Spirent can provide additional load onto the network and check existing ECU functionally to ensure safety-critical functions are working properly at all frame sizes and loads.

Looking at safety in particular, are there special requirements for automotive Ethernet systems to meet ASIL/ISO26262 standards? If so, can you elaborate on what is needed and how these needs are met?

When looking to design a system that is safety-critical many aspects must be looked at to ensure a single point of failure will not affect overall system response.  Designers use Failure Modes, Effects and Diagnostics Analysis (FMEDA) to confirm a system satisfies the metrics required for ASIL-D standards.  The inputs of that analysis from ASIL-D are a Single-point Fault Metric (SPFM), Latent Fault Metric (LFM) and Probabilistic Metric for Random Hardware Failures (PMHF) to determine what components need redundancy. Recently I’ve seen a ring topology used to partly satisfy these requirements, and the supporting draft standard IEEE802.1cb Frame replication and elimination to support zero switch-over time, by connecting two outputs from a Spirent Test System to a switch and one receive port from the switch to Spirent TestCenter software’s Traffic Analysis using the high-resolution stream block sampling functions to evaluate system behavior. Once you have performed the timing analysis by generating variable loads to traffic streams, you can then use a Spirent Automotive Impairment Noise Generator (AING-5000) to physically product noise on the copper wires to see how well, first, a switch is able to handle physical noise on a primary signal path and second, in the presence of noise determines the switch over time performed at Layer 2 from primary to fall-back signal path flows.

There have been several partnership announcements from Spirent. How does it collaborate with providers like Technica Engineering to facilitate validation and conformance?

Spirent partners with companies that enhance and complement a combined product offering for our customers. Each partner brings a unique design, validation and certification experience from the physical layer to device conformance, interoperability and testing. Technica Engineering is helping Spirent validate new PHY interfaces and has provided a production grade video demo setup that enables Spirent to show off the power of their simple user-interface for packet creation, generation, measurement and analysis.

How does Spirent work with industry bodies like AutoSar, to develop the next-generation of automotive Ethernet networks?

Spirent is an active member of the Autosar community and has developed an Autosar Test Suite to validate customer ECU’s conform to these standards. Spirent is supporting the Automotive Ethernet Acceptance Test specifications in AUTOSAR.


Having worked on safety-critical systems I would rather place my bets on an autonomous system driving next to me, than having a texting teenage driver that is distracted who doesn’t have an autonomous system, at least with an autonomous system, I can ensure that the vehicle would always be paying attention to its surroundings. It takes 60 milliseconds to blink your eye, it takes 20milli-seconds for an airbag controller to decide to fire off your airbags. Every second data is flowing from sensors, microprocessors and algorithms to process information to help ensure its occupants and the vehicle orientation are controlled in a safe manor. The challenge of moving around high-bandwidth data required for autonomous driving sensors is driving a paradigm shift away from traditional CAN/FlexRay networks into Ethernet networks.

Read our White Paper: What's Driving the Connected Car?


comments powered by Disqus
× Spirent.com uses cookies to enhance and streamline your experience. By continuing to browse our site, you are agreeing to the use of cookies.