Fault Injection & Validation

Deterministic Fault Injection
as a First-Class Workflow

The fully virtualized architecture transforms fault injection from a labor-intensive activity into a repeatable, automated engineering workflow — with zero hardware risk.

View Proof Read Whitepaper
🔬
No Hardware Risk
Thermal runaways, deep discharge events, cell imbalances, and LV pack degradation can be injected freely — zero risk to physical hardware or personnel.
🔁
Deterministic Replay
Every fault scenario is defined by a data stream mutation. The exact same fault can be replayed bit-for-bit, enabling precise regression testing and CI pipeline integration.
Middleware Interception
By intercepting the data stream at the middleware layer before it reaches the VCU, any fault can be constructed without modifying production firmware or hardware.
📊
Automated Assertions
Each scenario produces a deterministic, verifiable VCU state transition — enabling automated pass/fail assertions within a CI pipeline with no human judgment required.
Validated Scenarios

Fault Injection Matrix

# Scenario Injection Method Expected VCU Response Priority
F1 Overvoltage Event Corrupt HV cell voltage fields above threshold System Inhibit — Contactor Drop P1
F2 Sensor Variance Mismatch Delta between cell sum and pack-level aggregate Plausibility Fault — System Inhibit P2
F3 Phantom Node (CAN Loss) Drop all frames from critical CAN participant Watchdog Timeout — System Inhibit P2
F4 LV Pack Under-Voltage Drive 4S aux pack toward critical threshold Graceful Isolation — Controlled Shutdown P1
F5 Rogue Charger Overcurrent Inject EVSE telemetry exceeding demanded current Rogue Charger Fault — Relay Severed P2
F6 Thermal Runaway Escalate temperature sensor values to critical Thermal Fault — Highest Priority Inhibit P1
Injection Mechanism

How Fault Injection Works

BMS FIRMWARE Normal telemetry stream output MIDDLEWARE BRIDGE Intercept point ↑ Inject fault here ↑ No firmware modification FAULT INJECTOR CI test suite / manual mutated VCU DAEMON Receives mutated data Safety checks trigger → deterministic response SYSTEM INHIBIT Contactor isolation 0V command issued ✓ Pass/fail assertion Production firmware is unmodified throughout. Fault injection occurs entirely at the middleware layer.
CI/CD Integration

Boot Orchestration

Reliable CI integration requires deterministic boot order, dependency management, and race condition elimination.

CI PIPELINE ① Boot Virtual Android OS Virtual AAOS instance ② Launch MCU Simulation Renode · BMS firmware ③ Initialize VCU Daemon C++ daemon · AAOS vendor ④ Establish CAN + UDP Bridge Middleware bridge active OS Boot Flag Confirmed? NO · poll YES ✓ ENVIRONMENT READY

Orchestration Design

  • Async launch: Virtual OS, MCU simulation, and middleware bridge are launched as independent processes, managed concurrently to minimize total init time.
  • 🔒Boot flag polling: The orchestrator polls the Android boot completion flag before establishing inter-layer tunnels — eliminating race conditions where bridge or daemon might communicate before dependent services are ready.
  • 🎯Known-good state guarantee: No test scenario executes until the orchestrator confirms a fully synchronized system state — eliminating false failures from initialization timing variability.
  • 📊CI pass/fail: Every fault scenario produces a deterministic, verifiable VCU state transition — automatable without human judgment.

Shift-Left Testing

By moving fault injection into a virtual CI environment, EVO vHIL enables safety-critical validation to happen at every commit — not just on expensive physical HIL benches scheduled weeks in advance.