Testing for the Unexpected: An Automated T ti f th U t d A A t t d Method of Injecting Faults for Engine Management Development M t D l t Scott James – Applied Dynamics International Sh Shaun Fuller – Pickering Interfaces F ll Pi k i I t f
Key questions, requiring straightforward answers. y g g • What will happen if a fault occurs in a military or commercial aircraft electrical system? l t i l t ? • How do you discover these problems before a product is deployed? How do you discover these problems before a product is deployed? • Fault simulation during the design and validation of aircraft avionics is one method – Establishing solid predictions – Ultimately ensuring the safety of driver/pilot and passengers Ultimately ensuring the safety of driver/pilot and passengers • Automated Fault Insertion testing – Developed by ADI for FADEC Test – Switching solution developed by Pickering Interfaces enhancing test capability in this domain p y
Design Issues • Important aspect of aircraft electronic systems testing is introducing electrical faults into a system – Simulates potentially occurring conditions • Corrosion, • Short/open circuits p • Other electrical failures • Inherited through age, damage or even faulty installation • F Fault insertion testing important aspect of avionics design validation lt i ti t ti i t t t f i i d i lid ti – Idea of testing for system failures is not new • Traditional test method Traditional test method – Manual insertion and extraction of cables to and from a patch panel – Far from ideal – Prone to human error – Time consuming and time is money!!
High Reliability Requirement • Present in many applications today – Often involving safety-critical considerations Oft i l i f t iti l id ti – Demands high predictability and reliability of operation • Unexpected behaviour cannot be tolerated! • These environments exhibit a high level safety sensitive aspect • F il Failure of a module to act in an appropriate manner under emergency f d l i i d conditions – Could pose a threat to life and/or property – Justifies any increased cost of test • Example - Full Authority Digital Electronic Controllers (FADECs) used y g ( ) to manage jet aircraft engines
Traditional Solution • When necessary to inject faults, most laboratories utilize a patch panel • Cables may be used to connect any input/output (I/O) line on a Cables may be used to connect any input/output (I/O) line on a FADEC to stimulus or measurement instrumentation • Engineer would move the patch cables – Simulate a desired fault – Measure the results • This solution has many inherent disadvantages: This solution has many inherent disadvantages: – Size – Maintenance costs – Knowledge base – Repeatability – Labour costs – Potential Human Error
New Thinking • Software control - instrument & signal routing – Combined with real time insertion of all types of electrical faults Combined with real-time insertion of all types of electrical faults • Inevitably enhance both testing process and the data recording • Standard cross-point matrix with adequate Standard cross point matrix with adequate specifications may be capable of handling the instrument routing – Fault insertion requirement demands additional capability • System design for fault verification S t d i f f lt ifi ti • • Special matrix design implemented Special matrix design implemented
Real-Time Fault Insertion • Insert faults in-sync with real- time simulation based test time simulation-based test • Stimulate with microsecond- level test repeatability • Hardware-In-the-Loop (HIL) testing – Enables the user to put a FADEC th FADEC through test scenarios h t t i identical to those carried out in ‘engine test stand’ testing
Fault Insertion with ADvantage • Add simulation models – Simulink – SystemBuild – C++/C C++/C – Fortran
Fault Insertion with ADvantage • Create fault insertion test scenarios using real-time i i l ti scripting – Time-based – Event-based
Repeatable Fault Insertion Test E Example: FADEC Testing l FADEC T ti • Start engine g • Wait until Lit = True • Ramp fuel until shaft speed >= 550 RPM from time now until (now+300s) (now+300s) • Ramp fuel until shaft speed >= 5900 RPM AND ramp Mach No. from 0 to 0.6 AND ramp altitude to 10000 ft • D Drop DC power for 4ms DC f 4 Simultaneous 4ms open • Perform landing signal faults (all power lanes) using BRIC fault insertion
Repeatable Fault Insertion Test E Example: Fly-by-wire Side-stick testing l Fl b i Sid i k i • Start take-off procedure Start take off procedure • When altitude >= 5000 ft -> start left bank maneuver • Wait 1.500 sec • Resistive Fault (XCLFP429 to XCRFP429 @ 40ohms, XCSP429 to XCLFR429 @ 100ohms) • • Wait 240 000 sec Wait 240.000 sec Degrade the health of one • Start landing procedure lane on the dual redundant flight control bus. Ensure g that second lane takes over.
Fault Insertion BRIC TM Solution • Custom matrix for fault insertion - Pickering Interfaces Fault Insertion BRIC TM – Scalable solution which may be used to switch signals between simulations and real- life devices in a HIL simulation and test system system • Helps to simplify and accelerate the testing, diagnosis and integration work in HIL applications • Fault insertion and measurement are performed via the Y-axis • Connection to the FADEC via the X-axis • X-axis also has a breakout facility – 3-pin in this illustration – Allows interruption of I/O signals to the FADEC FADEC
Fault Insertion BRIC TM Solution • Intended to improve methods of error injection, monitoring and self-test in various test and simulation systems – Manual and automatic access to each signal line connecting the test system with the FADEC • • Powerful solution for routing simulated faults to the FADEC with Powerful solution for routing simulated faults to the FADEC with guaranteed repeatability – Open-circuits - Simulating cable breaks between a FADEC and it’s sensors or actuators – Short-circuits to ground – Short-circuits to either a battery or an external voltage source Short circuits to either a battery or an external voltage source – Short-circuits between I/O signal lines
TM solution High Density Fault Insertion BRIC TM The 40 The 40- -592 592 – – High Density Fault Insertion BRIC solution • Instrumentation grade ruthenium sputtered reed relays • 1A (150Vdc/100Vac, 20W) switching capacity and long operating life • Available in both 4 slot and 8 slot options Available in both 4-slot and 8-slot options • Scalable solution • 24 configurations - featuring 2-pin and 3-pin breakout options (a facility allowing the interruption of I/O signals to the FADEC) facility allowing the interruption of I/O signals to the FADEC) Maximum matrix sizes are 248x8 for the 2-pin breakout option and 160x8 for the 3-pin breakout option with larger matrices achieved by simply daisy-chaining modules breakout option, with larger matrices achieved by simply daisy chaining modules.
40-592 Fault Types
The 40-595 - High power Fault Insertion BRIC TM solution • High quality gold plated electromechanical relays • 10A (125Vdc/250Vac, 240W/2000VA) switching capacity ( / / ) • 8-slot Module width • Scalable solution • 3-pin breakout facility • Various configurations are offered up to a fully populated 30x8 matrix
Conclusion • Fault verification is safety critical • Additional test requirement over conventional methods • Fault InserXion System has F l I Xi S h proven technique for design evaluation evaluation • Pickering Fault Insertion BRIC specially designed to BRIC specially designed to insert faults • Bottom line – improved testing – faster and repeatable
Questions? Thank you for your time Thank you for your time
Recommend
More recommend
