Runtime observation of functional safety properties in an automotive control network

This paper exploits the observability of control messages in a control network to formally monitor safety properties to verify a control application's correct behaviour. A monitor scheme is proposed based on a runtime verification method, which can verify selected properties of an application's behaviour, including the verification of formally specified functional safety properties. A prototype hardware based circuit is developed to provide a monitor function. A case study example for an automotive gearbox control system is presented. The control application is evaluated in the target application environment, which is a controller area network (CAN) based network. The behaviour of the monitor is assessed and the results show that it is feasible to monitor and verify functional safety properties, as defined by the ISO 26262 standard for functional safety in road vehicles, using the proposed method.