Testing for the Unexpected: An Automated T ti f th U t d A A t - - PowerPoint PPT Presentation

T ti f th U t d A A t t d Testing for the Unexpected: An Automated Method of Injecting Faults for Engine M t D l t Management Development

Scott James – Applied Dynamics International Sh F ll Pi k i I t f Shaun Fuller – Pickering Interfaces

Key questions, requiring straightforward answers. y g g

• What will happen if a fault occurs in a military or commercial aircraft

l t i l t ? electrical system?

• How do you discover these problems before a product is deployed?

How do you discover these problems before a product is deployed?

• Fault simulation during the design and validation of aircraft avionics is
• ne method

– Establishing solid predictions – Ultimately ensuring the safety of driver/pilot and passengers Ultimately ensuring the safety of driver/pilot and passengers

• Automated Fault Insertion testing

– Developed by ADI for FADEC Test – Switching solution developed by Pickering Interfaces enhancing test capability in this domain p y

Design Issues

• Important aspect of aircraft electronic systems testing is introducing

electrical faults into a system

– Simulates potentially occurring conditions

• Corrosion,
• Short/open circuits

p

• Other electrical failures
• Inherited through age, damage or even faulty installation

F lt i ti t ti i t t t f i i d i lid ti

• Fault insertion testing important aspect of avionics design validation

– Idea of testing for system failures is not new

• Traditional test method

Traditional test method

– Manual insertion and extraction of cables to and from a patch panel – Far from ideal – Prone to human error – Time consuming

and time is money!!

High Reliability Requirement

• Present in many applications today

Oft i l i f t iti l id ti – Often involving safety-critical considerations – Demands high predictability and reliability of operation

• Unexpected behaviour cannot be tolerated!
• These environments exhibit a high level safety sensitive aspect

F il f d l i i d

• Failure of a module to act in an appropriate manner under emergency

conditions

– Could pose a threat to life and/or property – Justifies any increased cost of test

• Example - Full Authority Digital Electronic Controllers (FADECs) used

y g ( ) to manage jet aircraft engines

Traditional Solution

• When necessary to inject faults, most laboratories utilize a patch panel
• Cables may be used to connect any input/output (I/O) line on a

Cables may be used to connect any input/output (I/O) line on a FADEC to stimulus or measurement instrumentation

• Engineer would move the patch cables

– Simulate a desired fault – Measure the results

This solution has many inherent disadvantages:

• This solution has many inherent disadvantages:

– Size – Maintenance costs – Knowledge base – Repeatability – Labour costs – Potential Human Error

New Thinking

• Software control - instrument & signal routing

Combined with real time insertion of all types of electrical faults – Combined with real-time insertion of all types of electrical faults

• Inevitably enhance both testing process and the data recording
• Standard cross-point matrix with adequate

Standard cross point matrix with adequate specifications may be capable of handling the instrument routing

– Fault insertion requirement demands additional capability

S t d i f f lt ifi ti

• System design for fault verification
• Special matrix design implemented
• Special matrix design implemented

Real-Time Fault Insertion

• Insert faults in-sync with real-

time simulation based test time simulation-based test

• Stimulate with microsecond-

level test repeatability

• Hardware-In-the-Loop (HIL)

testing

– Enables the user to put a FADEC th h t t i FADEC through test scenarios identical to those carried out in ‘engine test stand’ testing

Fault Insertion with ADvantage

• Add simulation models

– Simulink – SystemBuild C++/C – C++/C – Fortran

Fault Insertion with ADvantage

• Create fault insertion test

i i l ti scenarios using real-time scripting – Time-based – Event-based

Repeatable Fault Insertion Test

E l FADEC T ti Example: FADEC Testing

• Start engine

g

• Wait until Lit = True
• Ramp fuel until shaft speed >= 550 RPM from time now until

(now+300s) (now+300s)

• Ramp fuel until shaft speed >= 5900 RPM AND ramp Mach No. from

0 to 0.6 AND ramp altitude to 10000 ft D DC f 4

• Drop DC power for 4ms
• Perform landing

Simultaneous 4ms open signal faults (all power lanes) using BRIC fault insertion

Repeatable Fault Insertion Test

E l Fl b i Sid i k i Example: Fly-by-wire Side-stick testing

• Start take-off procedure

Start take off procedure

• When altitude >= 5000 ft -> start left bank maneuver
• Wait 1.500 sec
• Resistive Fault (XCLFP429 to XCRFP429 @ 40ohms, XCSP429 to

XCLFR429 @ 100ohms)

• Wait 240 000 sec
• Wait 240.000 sec
• Start landing procedure

Degrade the health of one lane on the dual redundant flight control bus. Ensure g that second lane takes

• ver.

Fault Insertion BRICTM Solution

• Custom matrix for fault insertion - Pickering

Interfaces Fault Insertion BRICTM

– Scalable solution which may be used to switch signals between simulations and real- life devices in a HIL simulation and test system system

• Helps to simplify and accelerate the testing,

diagnosis and integration work in HIL applications

• Fault insertion and measurement are

performed via the Y-axis

• Connection to the FADEC via the X-axis
• X-axis also has a breakout facility

– 3-pin in this illustration – Allows interruption of I/O signals to the FADEC FADEC

Fault Insertion BRICTM Solution

• Intended to improve methods of error injection, monitoring and self-test

in various test and simulation systems

– Manual and automatic access to each signal line connecting the test system with the FADEC

• Powerful solution for routing simulated faults to the FADEC with
• Powerful solution for routing simulated faults to the FADEC with

guaranteed repeatability

– Open-circuits - Simulating cable breaks between a FADEC and it’s sensors

• r actuators

– Short-circuits to ground – Short-circuits to either a battery or an external voltage source Short circuits to either a battery or an external voltage source – Short-circuits between I/O signal lines

The 40 The 40-

• 592

592 – – High Density Fault Insertion BRIC High Density Fault Insertion BRICTM

TM solution

solution

• Instrumentation grade ruthenium sputtered reed relays
• 1A (150Vdc/100Vac, 20W) switching capacity and long operating life

Available in both 4 slot and 8 slot options

• Available in both 4-slot and 8-slot options
• Scalable solution
• 24 configurations - featuring 2-pin and 3-pin breakout options (a

facility allowing the interruption of I/O signals to the FADEC) facility allowing the interruption of I/O signals to the FADEC)

Maximum matrix sizes are 248x8 for the 2-pin breakout option and 160x8 for the 3-pin breakout option with larger matrices achieved by simply daisy-chaining modules breakout option, with larger matrices achieved by simply daisy chaining modules.

40-592 Fault Types

The 40-595 - High power Fault Insertion BRICTM solution

• High quality gold plated electromechanical relays

( / / )

• 10A (125Vdc/250Vac, 240W/2000VA) switching capacity
• 8-slot Module width
• Scalable solution
• 3-pin breakout facility
• Various configurations are offered up to a fully populated 30x8

matrix

Conclusion

• Fault verification is safety

critical

• Additional test requirement
• ver conventional methods

F l I Xi S h

• Fault InserXion System has

proven technique for design evaluation evaluation

• Pickering Fault Insertion

BRIC specially designed to BRIC specially designed to insert faults

• Bottom line

– improved testing – faster and repeatable

Questions?

Thank you for your time Thank you for your time