A Practical Approach towards Validating HIL Simulation of a Safety-critical System

In order to perform efficient testing of software intensive safety-critical products, organisations often utilise hardware-in-the-loop simulation of the system under test surrounding environment. This way, the system could be invoked and its behaviour could be observed in a controlled setting rather than in the field. However, what effect simulation quality might have on the effectiveness of the testing process still remains an open question. An answer to such a question is rather critical for organisations who are obliged to safety certify their products. In this paper, we are presenting an approach used by Bombardier Transportation to validate their hardware-in-the-loop simulation of a safety-critical system, by executing test cases both in the control setting (lab) and on the real product (train). The process is intended to be used when certifying the simulation which is a necessary step in order to certify the complete system. In addition, we are also presenting some observations from the pilot study and lessons learned.