Simulink Fault Analyzer Essentials, Part 6: Analyze Faults in an Aircraft Elevator Control System - MATLAB & Simulink
Video Player is loading.
Current Time 0:00
Duration 9:05
Loaded: 1.82%
Stream Type LIVE
Remaining Time 9:05
 
1x
  • Chapters
  • descriptions off, selected
  • en (Main), selected
    Video length is 9:05

    Simulink Fault Analyzer Essentials, Part 6: Analyze Faults in an Aircraft Elevator Control System

    From the series: Simulink Fault Analyzer Essentials

    Learn how to use Simulink Fault Analyzer™ to model faults, measure fault effects, and perform a systematic FMEA by leveraging simulation results on an aircraft elevator control system.

    Published: 23 Aug 2023

    Hi, everyone. This is Pat from the Simulink Fault Analyzer team. In this video, I'm going to show you how to use Simulink Fault Analyzer to model faults, measure fault effects, and perform an FMEA while leveraging simulation results. I'll be walking through one of our shipping examples-- Verify Fault Detection Logic in Aircraft Elevator Control System. Feel free to open the example using the link below to follow along.

    A typical aircraft has two elevators-- one on each side of the fuselage, attached on the horizontal tails. To enhance the safety of the aircraft, the elevator control system contains these redundant parts. Four independent hydraulic actuators, two actuators per elevator; three hydraulic circuits that drive the actuators; each outer actuator has a dedicated hydraulic circuit; the inner actuators share a hydraulic circuit, two primary flight control units, or PFCUs, and two control modules per actuator. Let's open the model.

    The model includes fault detection logic in the signal conditioning and failures subsystem, and fault mitigation logic in a state flow state chart. We will be exercising both sets of logic via fault injection. Let's open the Fault Analyzer app from the Simulink toolstrip. At the bottom of the window, we have the fault table. The fault table is designed to help you configure a fault simulation. You can enable model elements and activate faults.

    Wait a minute. "Enable" and "activate?" Let's take a step back and talk about faults for a minute. When I say "fault," I am referring to any abnormal behavior you want to simulate. In most cases, you want to override the behavior of a signal during simulation.

    I like to think of a fault as having three properties. The first is the where, which is the location of the signal you want to override. These are defined as model elements, such as a block import or outport. The what is the abnormal behavior you want to inject on the signal. This is modeled in a separate file we call a fault model.

    Finally is the when. You can inject a fault at the beginning of simulation, after a given simulation time, or based on a system condition. If you combine all three, you have an instance of a fault.

    For any given model element, the where, you can have any number of associated faults with their own behavior and trigger settings. However, only one fault per model element can be active during a given simulation. Remember, model elements are enabled. Faults are activated.

    OK. Now that we've covered the basics, let's go back to the fault table. The model has several existing faults. Let's take a look at the fault for Hydraulic System 1. If we right-click on the fault in the fault table, we can view its location via Show Faulted Model Elements in Canvas. The hydraulic pressure is simply a constant of 1,000 PSI, which we can override to simulate either a sensor failure or a hydraulic leak.

    Let's open the fault behavior for Hydraulic System 1 Fault. The fault I want to inject is simply going to override the pump pressure for Hydraulic System 1 to be 100 PSI after 5 seconds of simulation. Before I simulate the fault, I want to be sure I'm measuring the fault effects. You can use conditionals to monitor when simulation data meets specified criteria.

    This example includes a set of conditionals which are used to analyze whether specific faults have been detected. The first conditional, Hide Sis 1 Fail, is simply checking if a fault has been detected for Hydraulic System 1. Let's make sure this conditional is logged during simulation.

    I just wanted to stop and show a quick tip. You can also use the reserve simulation time symbol, T, in a condition expression to model more complex triggering conditions. For example, you might want to delay a fault from being triggered until a given simulation time has passed. You could do so like this.

    Here is an important point. Faults in conditionals are objects in MATLAB. You can use the Simulink Fault Analyzer APIs to change properties or perform operations on faults and conditionals. I strongly encourage you use these APIs to automate your workflows.

    Let's go back to the model and start simulating some faults. In order to simulate a fault, we need to enable its associated model element, and then activate the appropriate fault. In this case, each element has just one fault. Let's enable the fault for Hydraulic System 1. I'm already logging the conditional for Hydraulic System 1's fault detection logic.

    Let's also log two signals from the state chart-- left outer mode and left inner mode. If we inject a fault on Hydraulic System 1, we expect left outer actuator to be commanded off and the left inner actuator to go from standby to active. OK. Everything is set up for simulation. Let's click the Play button.

    We can view the simulation results in the Simulation Data Inspector, or SDI. Let's plot the conditional, fault, and actuator mode signals on their own subplots. As expected, the Hydraulic System 1 fault occurs at 5 seconds, is detected correctly, and the actuator modes change as expected. This is great.

    So far, I've showed you how to enable fault simulation and analyze fault effects. But that's just part of the story. Let's open the safety analysis manager using the button in the fault analyzer tool strip. This example includes a simple FMEA spreadsheet, which is comprised of a table with six columns, including failure mode, failure effect, and detection method.

    You can link cells within a spreadsheet to faults, model elements, requirements, test cases, and more. You can also customize a spreadsheet and create your own templates. We've included a few templates for some common safety analyses to get you started.

    But my favorite feature is the Analyze Spreadsheet button. To show you what will happen once I press this button, let's take a look at the callbacks for this spreadsheet. Each spreadsheet can include a set of callbacks, such as pre-load and post-load functions. But I want to talk about the Analyze function callback. This is what we run when I click on the Analyze Spreadsheet button.

    Let's see what is in this callback. I've written a MATLAB script called Validate Aircraft Elevator FMEA Using Simulation, which will run when I click on Analyze Spreadsheet. Let's take a look at that script. This script will simulate each failure mode, which is linked to a fault in the model, and determine whether or not the failure mode was appropriately detected.

    This is a fairly simple script which leverages some of the APIs for safety analysis manager. For instance, it will find the destination links from the failure mode cell for a given row and then activate the appropriate fault for simulation. It does this using the Get Links and Get Destination Label functions. Then, it enables the model element for that fault and activates the fault.

    The detection method is linked to a conditional. We want to log the relevant conditional during simulation. We can do this using a similar approach that we use for activating faults, using the Get Links and Get Destination label functions. Then, we log activity for that conditional.

    We then simply check to see if the conditional was true at the end of simulation, then use the Add Flag Method to update the detection method cell for that row with either a check mark or error flag. By the way, you can run this script on its own, outside of Safety Analysis Manager to debug it before using it as part of the Analyze callback. Let's go back and click on Analyze Spreadsheet.

    All set. Let's review. In this video, I showed you how to enable and simulate faults and analyze their effects, and how to leverage simulation results while conducting an FMEA. Check out the example I used using the link below for more information.