Author(s)

T. Lovric

Abstract

Fault injection for quantitative safety validation of software based reactive systems T. Lovric TUVInterTraffic GmbH, ISEB Institute for Software Electronics, Railway TUVRhe inland/ Berlin - Brandenburg, Germany Abstract For conventional safety architectures that mainly rely on structural redundancy much experience and a common understanding on the safety validation strategy is well established. Instead for single-channel hardware solutions without complete structural hardware redundancy (so called reactive fail-safety) such a common understanding is missing. Therefore, they have often been principally banned for use with highest safety responsibility (refer e.g. to IEC [1], Part 2, chapter 7.4.3). However, recent standards for railway industry explicitly recommend such architectures for use in railway signaling systems - also for highest safety responsibility. But a demonstration of compliance with the given quantitative safety targets is required (refer to CENELC [2]).

Keywords