This paper presents a method for deriving requirements for the efficiency of diagnostic functions in distributed electronic turbofan engine control systems. Distributed engine control systems consist of sensor, actuator, and control unit nodes that exchange data over a communication network. The method is applicable to engine control systems that are partially redundant. Traditionally, turbofan engine control systems use dual channel solutions in which all units are duplicated. Our method is intended for analyzing the diagnostic requirements for systems in which a subset of the sensors and the actuators is nonredundant. Such systems rely on intelligent monitoring and analytical redundancy to detect and tolerate failures in the nonredundant units. These techniques cannot provide perfect diagnostic coverage and, hence, our method focuses on analyzing the impact of nonperfect diagnostic coverage on the reliability and safety of distributed engine control systems. The method is based on a probabilistic analysis that combines fault trees and Markov chains. The input parameters for these models include failure rates as well as several coverage factors that characterize the performance of the diagnostic functions. Since the use of intelligent monitoring can cause false alarms, i.e., an error is falsely indicated by a diagnostic function, the parameters also include a false alarm rate. The method was used to derive the diagnostic requirements for a hypothetical unmanned aerial vehicle engine control system. Given the requirement that an engine failure due to the control system is not allowed to occur more than ten times per million hours, the diagnostic functions in a node must achieve 99% error coverage for transient faults and 90–99% error coverage for permanent faults. The system-level diagnosis must achieve 90–95% detection coverage for node failures, which are not detected by the nodes themselves. These results are based on the assumption that transient faults are 100 times more frequent than permanent faults. It is important to have a method for deriving probabilistic requirements on diagnostic functions for engine control systems that rely on analytical redundancy as a means to reduce the hardware redundancy. The proposed method allows us to do this using an existing tool (FAULTTREE+) for safety and reliability analysis.

Issue Section:
Gas Turbines: Controls, Diagnostics, and Instrumentation
Keywords:
actuators, control systems, fault trees, jet engines, Markov processes, remotely operated vehicles, sensors, control system, diagnostic, distributed, gas turbine, fault tree, Markov
Topics:
Control systems, Engines, Errors, Failure, Transients (Dynamics), Unmanned aerial vehicles, Sensors, Chain, Probability, Actuators, Turbofans
1.
Yeh
,
Y. C.
, 1996, “
Triple-Triple Redundant 777 Primary Flight Computer
,”
Proceedings of the IEEE Aerospace Applications Conference
,
Aspen, CO
, pp.
293
307
.
2.
Lala
,
J. H.
, and
Harper
,
R. E.
, 1994, “
Architectural Principles for Safety-Critical Real-Time Applications
,”
Proc. IEEE
0018-9219,
82
(
1
), pp.
25
40
.
Crossref
Search ADS
 
3.
Conigho
,
S.
, 2004, “
Combat Aircraft Propulsion Revisited
,”
Military Technology
,
28
(
7
), pp.
56
63
(more details on the control system can be found at Lockheed Martin’s web site: http://www.lockheedmartin.com/wms/findPage.do?dsp=fec&ci=11564&rsbci=0&fti=112&ti=0&sc=400&prfr=true, 2005).
4.
Normand
,
E.
, 1993, “
Single Event Upsets in Avionics
,”
IEEE Trans. Nucl. Sci.
0018-9499,
40
(
2
), pp.
120
126
.
5.
Normand
,
E.
, 1996, “
Single Event Effects in Avionics
,”
IEEE Trans. Nucl. Sci.
0018-9499,
43
(
2
), pp.
461
-
474
.
Crossref
Search ADS
 
6.
Normand
,
E.
, 1996, “
Single Event Upsets at Ground Level
,”
IEEE Trans. Nucl. Sci.
0018-9499,
43
(
6
), pp.
2742
2750
.
Crossref
Search ADS
 
7.
Desai
,
M. N.
,
Deckert
,
J. C.
, and
Deyst
,
J. J.
, Jr., 1979, “
Dual-Sensor Failure Identification Using Analytic Redundancy
,”
J. Guid. Control Dyn.
0731-5090,
2
(
3
), pp.
213
220
.
Crossref
Search ADS
 
8.
Forsberg
,
K.
, 2003, “
Design Principles of Fly-By-Wire Architectures
,”
Chalmers, University of Technology
Report No. 3D with Ph.D. thesis, Chalmers University of Technology, Göteborg, Sweden.
9.
Merrill
,
W. C.
, 1985, “
Sensor Failure Detection for Jet Engines Using Analytical Redundancy
,”
J. Guid. Control Dyn.
0731-5090,
8
(
6
), pp.
673
682
.
Crossref
Search ADS
 
10.
Diao
,
Y.
, and
Passino
,
K. M.
, 2004, “
Fault Diagnosis for a Turbine Engine
,”
Control Eng. Pract.
0967-0661,
12
, pp.
1151
1165
.
Crossref
Search ADS
 
11.
Gertler
,
J. J.
, 1988, “
Survey of Model-Based Failure Detection and Isolation in Complex Plants
,”
IEEE Control Syst. Mag.
0272-1708,
8
(
6
), pp.
3
11
.
Crossref
Search ADS
 
12.
Willsky
,
S.
, 1976, “
A Survey of Design Methods for Failure Detection in Dynamic Systems
,”
Automatica
0005-1098
12
, pp.
601
611
.
Crossref
Search ADS
 
13.
Schneider
,
S.
,
Weinhold
,
N.
,
Ding
,
S. X.
, and
Rehm
,
A.
, 2005, “
Parity Space Based FDI-Scheme for Vehicle Lateral Dynamics
,”
Proceedings of the IEEE Conference on Control Applications
, pp.
1409
1414
.
14.
Frank
,
P. M.
, 1990, “
Fault Diagnosis in Dynamic Systems Using Analytical and Knowledge Based Redundancy: A Survey and Some New Results
,”
Automatica
0005-1098,
26
, pp.
459
474
.
Crossref
Search ADS
 
15.
Simani
,
S.
, 2005, “
Identification and Fault Diagnosis of a Simulated Model of an Industrial Gas Turbine
,”
IEEE Transactions on Industrial Informatics
,
1
(
3
), pp.
202
216
.
Crossref
Search ADS
 
16.
Kyusung
,
K.
,
Ball
,
C.
, and
Nwadiogbu
,
E.
, 2004, “
Fault Diagnosis in Turbine Engines Using Unsupervised Neural Networks Technique
,”
Proc. SPIE
0277-786X,
5439
, pp.
150
158
.
17.
Gayme
,
D.
,
Menon
,
S.
,
Ball
,
C.
,
Mukavetz
,
D.
, and
Nwadiogbu
,
E.
, 2003, “
Fault Diagnosis in Gas Turbine Engines Using Fuzzy Logic
,”
SMC’03 Proceedings of the IEEE International Conference on Systems, Man and Cybernetics
, Vol.
4
, pp.
3756
62
.
18.
Benso
,
A.
,
Chiusano
,
S.
,
Prinetto
,
P.
, and
Tagliaferri
,
L.
, 2000, “
A C/C++ Source-To-Source Compiler for Dependable Applications
,”
Proceedings of the International Conference on Dependable Systems and Networks
,
New York
.
19.
Nicolescu
,
B.
, and
Velazco
,
R.
, 2003, “
Detecting Soft Errors by a Purely Software Approach: Method, Tools and Experimental Results
,”
Proceedings of the Design, Automation and Test in Europe Conference and Exhibition
, pp.
57
62
suppl.
20.
Hocenski
,
Z.
, and
Martinovic
,
G.
, 1999, “
Influence of Software on Fault-Tolerant Microprocessor Control System Dependability
,”
IEEE International Symposium on Industrial Electronics ISIE’99
, Vol.
3
, pp.
0
̱1–0̱
3
.
21.
Arlat
,
J.
,
Crouzet
,
Y.
,
Karlsson
,
J.
,
Folkesson
,
P.
,
Fuchs
,
E.
, and
Leber
,
G. H.
, 2003, “
Comparison of Physical and Software-Implemented Fault Injection Techniques
,”
IEEE Trans. Comput.
0018-9340,
52
(
9
), pp.
1115
1133
.
Crossref
Search ADS
 
22.
Vinter
,
J.
,
Aidemark
,
J.
,
Folkesson
,
P.
, and
Karlsson
,
J.
, 2001, “
Reducing Critical Failures for Control Algorithms Using Executable Assertions and Best Effort Recovery
,”
Proceedings of the International Conference on Dependable Systems and Networks (DSN-2001)
,
Göteborg, Sweden
.
23.
Avizienis
,
A.
,
Laprie
,
J. C. C.
,
Randell
,
B.
, and
Landwehr
,
C.
, 2004, “
Basic Concepts and Taxonomy of Dependable and Secure Computing
,”
IEEE Transactions on Dependable and Secure Computing
,
1
(
1
), pp.
11
33
.
Crossref
Search ADS
 
24.
Åslund
,
J.
,
Biteus
,
J.
,
Frisk
,
E.
,
Krysander
,
M.
, and
Nielsen
,
L.
, 2005, “
A Systematic Inclusion of Diagnosis Performance in Fault Tree Analysis
,”
16th IFAC World Congress
,
Prague
.
Copyright © 2008
 by American Society of Mechanical Engineers
You do not currently have access to this content.