Evaluate Fault Combinations on a Fault-Tolerant Fuel System
This example shows how to simulate faults on a fault-tolerant control system to check the effects of fault combinations and validate a Failure Mode and Effects Analysis (FMEA). For more information on creating faults, see Define and Model Faults. You can simulate combinations of faults to determine their effects on model behavior by using the Multiple Simulations panel. After configuring faults, you can link faults to safety analysis spreadsheets, run simulations from the spreadsheet, and analyze the spreadsheet by using the simulation results.
Open the Model
sldemo_fuelsys_fault_analyzer model and set up the faults, conditionals, and links by using the
fuelSysFaultSetup helper function.
mdlName = "sldemo_fuelsys_fault_analyzer";
The model represents a fuel control system for a gasoline engine, and is a modified version of the model in Model a Fault-Tolerant Fuel Control System. The model produces a fuel mode signal after detecting faults in the controller. When the controller detects a single fault, the controller changes the fuel mode signal,
LOW, which represents low emissions, to RICH, which represents a rich mixture. When the controller detects a second fault, it sets
After executing the helper function, the model contains three faults. Open the Fault Table pane to view the faults. In the Apps tab, click Fault Analyzer. Then, in the Fault Analyzer tab, in the View section, click Fault Table. Expand each model element to view the faults. The
ego_fault and the
map_fault_timed faults use a timed trigger, and the
map_fault_conditional uses a conditional trigger.
ego_fault is injected when the simulation time is
map_fault_timed is injected when the simulation time is
To view the conditional, in the Fault Table pane, in the Conditional tab, right-click the conditional
throttle_HIGH and click Properties. The properties open in the Property Inspector. The conditional trigger assigned to
map_fault_conditional is true if the throttle signal is greater than
18. When this condition is true, the fault is injected.
As you develop your conditionals, you may find that you need to update expressions to better represent fault injection conditions. You can adjust the signal threshold by adjusting the condition expression. For more information, see Create and Manage Conditionals.
Simulate Fault Combinations Manually
You can simulate one, several, or no faults in a given simulation. For example, to simulate only the
map_fault_conditional fault, enable the
To Controller/Inport/4 model element, disable
To Controller/Inport/3 model element, and activate
In the Fault Analyzer tab, in the Status Section, ensure the Fault Simulation button is enabled. Simulate the model. You can view the results of the simulation in the Simulation Data Inspector. In the Fault Analyzer tab, in the Review Results section, click Data Inspector. This image shows the injection status of the fault and the
Next, simulate the
map_fault_conditional fault with the
ego_fault fault. Activate these faults in the Fault Table pane.
Simulate the model again. This image shows the injection status of
map_fault_timed, and the
You can only activate one fault on a model element at a time. Consequentially, you cannot simulate
map_fault_conditional at the same time.
Simulate Faults with the Multiple Simulations Panel
You can simulate faults by manually activating them in the Fault Table pane, or automate combinations of faults by using the Multiple Simulations panel. For more information, see Configure and Run Simulations with Multiple Simulations Panel and Simulate Models with Faults by Using the Multiple Simulations Panel. To create the design study:
Open the Multiple Simulations panel. In the Fault Analyzer tab, in the Simulate section, click Multiple Simulations.
In the Multiple Simulations panel, create the design study. Click the Add a design study button .
Click the Add a set of faults to the design study button .
Select the faults. The design study prepares a list of simulations where each simulation enables one of the selected faults in the fault set. In this example, select all of the faults.
Save the design study. To run multiple simulations, in the Simulink® Toolstrip, in the Fault Analyzer tab, in the Simulate section, click Run > Run All. If you have Parallel Computing Toolbox™, you can also enable parallel simulation of the design study to improve simulation speeds. In the Multiple Simulations panel, in the Run Options tab, click Use Parallel.
You can review the study results using the Simulation Manager. At the bottom of the Simulink Editor, click Completed 3 simulations.
Select individual simulations and view their data in the Simulation Data Inspector. In the Simulations tab, select a simulation. In the toolstrip, in the Inspect section, click Show Results.
Link Faults and Model Elements to FMEA
After you configure the simulations that you want to run, you can link Simulink Fault Analyzer™ artifacts to elements in safety analysis spreadsheets that you create in the Safety Analysis Manager. In this example, the faults are linked to cell entries in an FMEA spreadsheet. An FMEA is a common safety analysis that analyzes unintended system or component behaviors, known as failure modes, with respect to their potential effects on the system. This analysis often includes how effective mitigation logic, such as safety mechanisms, are at detecting abnormal behavior. Open the spreadsheet,
FuelSysFMEA.mldatx, in the Safety Analysis Manager.
fuelSysFMEADoc = safetyAnalysisMgr.openDocument("FuelSysFMEA.mldatx");
Each entry in the Failure Mode column links to a fault, and each entry in the Detection Method column links to the associated detection logic in the model. Point to the link icon to view the links. You can also view the links by selecting the cell and, in the Properties pane, expanding the Links section.
Run Callbacks to Simulate and Evaluate FMEA
To analyze the spreadsheet, you create and execute a callback. See Write Callbacks to Analyze Safety Analysis Manager Documents. In this example, the spreadsheet executes a callback when you click Analyze Spreadsheet. The callback runs the code in the MATLAB® script,
validateFuelSysFMEAUsingSimulation. For each row of the spreadsheet with one or more linked faults in the Failure Mode column, the script activates those faults and simulates. The script then checks if the linked model artifact in the Detection Method column is active during simulation. If the fuel mode is not
LOW at the end of the simulation, the script adds a check flag to the cell in the Detection Method column. To view and edit the callback script, open the script in MATLAB.
Click Analyze Spreadsheet to view the results. In this example, the detection method executes as designed for each simulation.
You can add different modes to test to the spreadsheet by adding a row and linking to different combinations of faults.