Fault Injection & Validation

Deterministic Fault Injection
as a First-Class Workflow

The fully virtualized architecture transforms fault injection from a labor-intensive activity into a repeatable, automated engineering workflow โ€” with zero hardware risk.

๐Ÿ”ฌ
No Hardware Risk
Thermal runaways, deep discharge events, cell imbalances, and LV pack degradation can be injected freely โ€” zero risk to physical hardware or personnel.
๐Ÿ”
Deterministic Replay
Every fault scenario is defined by a data stream mutation. The exact same fault can be replayed bit-for-bit, enabling precise regression testing and CI pipeline integration.
โšก
Middleware Interception
By intercepting the data stream at the middleware layer before it reaches the VCU, any fault can be constructed without modifying production firmware or hardware.
๐Ÿ“Š
Automated Assertions
Each scenario produces a deterministic, verifiable VCU state transition โ€” enabling automated pass/fail assertions within a CI pipeline with no human judgment required.
Validated Scenarios

Fault Injection Matrix

# Scenario Injection Method Expected VCU Response Priority
F1 Overvoltage Event Corrupt HV cell voltage fields above threshold System Inhibit โ€” Contactor Drop P1
F2 Sensor Variance Mismatch Delta between cell sum and pack-level aggregate Plausibility Fault โ€” System Inhibit P2
F3 Phantom Node (CAN Loss) Drop all frames from critical CAN participant Watchdog Timeout โ€” System Inhibit P2
F4 LV Pack Under-Voltage Drive 4S aux pack toward critical threshold Graceful Isolation โ€” Controlled Shutdown P1
F5 Rogue Charger Overcurrent Inject EVSE telemetry exceeding demanded current Rogue Charger Fault โ€” Relay Severed P2
F6 Thermal Runaway Escalate temperature sensor values to critical Thermal Fault โ€” Highest Priority Inhibit P1
Injection Mechanism

How Fault Injection Works

BMS FIRMWARE Normal telemetry stream output MIDDLEWARE BRIDGE Intercept point โ†‘ Inject fault here โ†‘ No firmware modification FAULT INJECTOR CI test suite / manual mutated VCU DAEMON Receives mutated data Safety checks trigger โ†’ deterministic response SYSTEM INHIBIT Contactor isolation 0V command issued โœ“ Pass/fail assertion Production firmware is unmodified throughout. Fault injection occurs entirely at the middleware layer.
CI/CD Integration

Boot Orchestration

Reliable CI integration requires deterministic boot order, dependency management, and race condition elimination.

CI PIPELINE โ‘  Boot Virtual Android OS Virtual AAOS instance โ‘ก Launch MCU Simulation Renode ยท BMS firmware โ‘ข Initialize VCU Daemon C++ daemon ยท AAOS vendor โ‘ฃ Establish CAN + UDP Bridge Middleware bridge active OS Boot Flag Confirmed? NO ยท poll YES โœ“ ENVIRONMENT READY

Orchestration Design

  • โšกAsync launch: Virtual OS, MCU simulation, and middleware bridge are launched as independent processes, managed concurrently to minimize total init time.
  • ๐Ÿ”’Boot flag polling: The orchestrator polls the Android boot completion flag before establishing inter-layer tunnels โ€” eliminating race conditions where bridge or daemon might communicate before dependent services are ready.
  • ๐ŸŽฏKnown-good state guarantee: No test scenario executes until the orchestrator confirms a fully synchronized system state โ€” eliminating false failures from initialization timing variability.
  • ๐Ÿ“ŠCI pass/fail: Every fault scenario produces a deterministic, verifiable VCU state transition โ€” automatable without human judgment.

Shift-Left Testing

By moving fault injection into a virtual CI environment, EVO vHIL enables safety-critical validation to happen at every commit โ€” not just on expensive physical HIL benches scheduled weeks in advance.