Showing papers on "Fault detection and isolation published in 1983"

Distance Protection Based on Travelling Waves

Abstract: A technique is presented for rapid measurement of the distance to a fault using fault initiated travelling waves. The measurement uses the time it takes a given surge to travel from the relaying point to the fault and back. A correlation technique is used to recognise the surge returning from the fault and distinguish it from other surges present on the system. For a three phase transmission line, the modal components describing the incident wave are delayed and cross-correlated against the respective components reflected by the fault. Maximum output occurs when the delay corresponds to twice the fault distance.

Automatic fringe analysis with a computer image-processing system

Abstract: The application of a general-purpose image-processing computer system to automatic fringe analysis is presented. Three areas of application have been examined where the use of a system based on a random access frame store has enabled a processing algorithm to be developed to suit a specific problem. Furthermore, it has enabled automatic analysis to be performed with complex and noisy data. The applications considered are strain measurement by speckle interferometry, position location in three axes, and fault detection in holographic nondestructive testing. A brief description of each problem is presented, followed by a description of the processing algorithm, results, and timings.

Critical Path Tracing - An Alternative to Fault Simulation

Abstract: We present an alternative to fault simulation, referred to as critical path tracing, that determines the faults detected by a set of tests using a backtracing algorithm starting at the primary outputs of a circuit. Critical path tracing is an approximate method, but the approximations introduced occur seldom and do not affect its usefulness. This method is more efficient than conventional fault simulation.

Architecture and Design of a Reliable Token-Ring Network

Abstract: Architecture, performance, transmission system, and wiring strategy of a token-ring local area network implemented at the IBM Zurich Research Laboratory are described. In the design of the system, particular emphasis was placed on high reliability, availability, and serviceability. To ensure robustness of the token-access protocol, we employ the concept of a monitor function which is responsible for fast recovery from access-related errors. Our protocol supports asynchronous transmission of data frames concurrently with full-duplex synchronous channels, e.g., for voice services or other applications requiring guaranteed delay. The delay-throughput performance of the token ring is shown to depend very little on data rate and distance. The transmission system of the ring is fully bit synchronous and allows insertion/removal of stations in/from the ring at any time. A mixed ring/star wiring strategy is used which provides the means for both fault detection and isolation, and system reconfiguration, and allows wiring of a building systematically.

Fault detection and redundancy management system

Abstract: A fault detection and redundancy management system for a dual redundancy based network architecture in which the principal control components (master units) are configured and programmed to repetitively carry out intra- and inter-unit performance tests as an a priori requirement for network command capability. These performance tests are carried out in a prescribed sequence to define the fault detection and reconfiguration procedure. The procedure is designed to preclude the cascading of faults. As a first step in this procedure, each processor in a master unit performs a thorough self-test of its own functional capability. Secondly, if a processor has determined that it has passed all of these internal procedures, it must then successfully inform a designated "chief" processor via an interprocessor handshake. This interprocessor handshake is effected by causing each processor in the master unit to set a flag in a shared memory during a prescribed time interval. These flags are read by the chief processor to determine whether to enable an associated bus controller for the next succeeding time interval, and once these flags have been read they are reset by the chief processor, as each processor is required to refresh the handshake flag during successive repetitive time intervals. If the chief processor determines that all units (including itself) are functional, it executes a handshake with a bus interface unit, so as to enable the bus interface unit to conduct I/O operations on the network bus. Failure to complete any portion of this procedure will cause the affected master unit to "off-line" with the result that the redundant master unit will take command of the network bus.

Testing by Verifying Walsh Coefficients

Abstract: Testing of logic networks by verifying the Walsh coefricients of the outputs is explored. Measurement of one of these can detect arbitrarily many input leads stuck, and just two measurements, requiring little hardware, can detect any single stuck-at fault in appropriately designed networks.

On Fault Detection in CMOS Logic Networks

Abstract: This paper considers the problem of detecting faults in CMOS combinational networks. Effects of open and short faults in CMOS networks are analyzed. It is shown that the test sequence must be properly organized if the effects of all open faults are to be observable at the network output terminal. A simple and efficient heuristic method for organizing the test sequence to detect all single faults in a CMOS network is suggested.

Process control system with improved fault isolation

Abstract: A process control system includes redundant digital controllers and a plurality of input/output (I/O) modules for interfacing with remote field sensors and actuators. Bi-directional communication between controllers and I/O modules is achieved by a parallel wired, process I/O bus. Failures within the system, including the bus structure itself, that continually keep the bus active (i.e., in a low state) are isolated by a combination of software diagnostic routines for performing bus checkout and a unique quick disconnect feature that readily isolates the fault condition first between the I/O module nest area and the controllers, then, if necessary, to individual I/O modules. During fault isolation procedures, individual I/O modules may be disconnected from the bus while the values of field signals are simultaneously maintained to provide minimum process upset.

Automatic fault reporting system

Abstract: Phase I (25) and Phase II (20) and III (24) AFRS (Automatic Fault Reporting System) signal processing implementations of fault related data permits utilization in steps, viz. Phase I and Phases II and III on board operational aircraft of AFRS, thereby permitting gradual phase in and substitution of AFRS for present state of the art flight crew FRM (Fault Reporting Manual) and ground personnel FIM (Fault Isolation Manual).

Incipient Fault Identification Through Neutral RF Monitoring of Large Rotating Machines

Abstract: Electromagnetic interference, or EMI, monitoring at an operating machine's neutral can detect many types of stator deterioration, as well as various design defects Accurate, wide-band spectrum analysis may indicate a problem's location, its severity and its rate of change This method can be sensitive enough to detect potential faults long before an inservice failure occurs The salient results of numerous tests conducted during 1980 and 1981 are presented

Spacecraft autonomous redundancy control

Abstract: The spacecraft system has automatic fault detection and autonomous reconfiguration of redundant hardware and software to correct that fault without ground station intervention. The spacecraft has redundant processors, sensors, control systems and buses. When a unit is believed to have failed as detected by the satellite processor unit, it switches to a backup unit. If the symptom persists after the unit is switched, the processor unit switches to a different bus. If the fault still exists, a new processor unit is switched in and the entire checking and switching repeats.

Performance Testing of the Ratio Ground Relay on a Four-Wire Distribution Feeder

Abstract: Digital fault investigations on six Pennsylvania Power and Light (PPL) 12 kV distribution feeders led to the development of a prototype ratio ground relay to theoretically provide better detection of broken conductor faults. Further assessment of the relay's performance was provided through analog computer tests followed by staged fault testing on an operating distribution feeder. Performance tests are described and documented. These positive test results provided the incentive to monitor the performance of the ratio ground relay on several PPL distribution feeders.

Distributed fault isolation and recovery system and method

Abstract: There is disclosed a system and a method for isolating faults and recovering a distributed system of the type including a plurality of modules to optimized operation. At least some of the modules are active fault recovery modules and include fault detecting means for initializing a fault check routine and sensing faults within the distributed system. Voting means are associated with each active module for placing a vote during each fault check routine in response to a detected fault. Collective vote determining means record the votes of the active modules after each fault check routine and recovery sequence initializing means initializes a fault isolation and recovery sequence in response to a given number of consecutive collective votes exceeding a predetermined value.

Generalized fault reporting system

Abstract: The present disclosure describes a system for handling detected error signals, providing the circuit elements for processing fault reports and implementing automatic fault isolation. More specifically, the system develops a fault report for each component based upon error signals derived therefrom. Changes in the fault report are detected and selector circuits are actuated to automatically isolate the fault to the particular component or components, or to reset the system in response to previous fault correction. The present system is advantageous in that it is independent of the equipment technology and applies to all design levels, from the unit itself to the individual components of which it is comprised.

Fault Detection and Isolation in a Nuclear Reactor

Abstract: A fault detection and identification methodology has been developed for sensor and plant component validation, with special emphasis on applications to nuclear powerplants. The methodology is particularly suitable for on-line fault diagnostics and does not rely on detailed knowledge of sensor and plant noise statistics. The algorithm has been computer coded for real-time applications and validated by on-line demonstration in an operating nuclear reactor. ARIOUS methods for fault detection and identification (FDI) of sensors have been reported in the literature.1"4 However, current practice in the nuclear industry is restricted to a few rather rudimentary techniques such as like-sensor comparisons, limit checking, auctioneering, etc. Although these techniques generally serve to improve system safety, availability, and operability, some limitations, such as the inability to identify gradual drifts and to detect common mode failures, significantly curtail their effectiveness. (If two or more elements fail identically, due to a common cause, the failure is called common mode.) The above limitations can often be circumvented with the aid of advanced computer-aided diagnostic techniques that have been developed for aerospace systems. In addition to improvement of plant availability and operability, these techniques promise to aid plant operators in making valid and timely decisions, thereby enhancing plant safety. The FDI methodology reported in this paper is developed on the basis of the "parity space" concept,3 which takes into account inconsistencies among all data sources. Any malfunctioning sensors are isolated by sequential checking until a relative consistency among the remaining (normal) sensors is achieved. This methodology does not require a detailed knowledge of sensor and plant noise statistics. Error bounds that are allowed for normal operation of the sensors are sufficient for making decisions. Real-time computer codes have been developed for detection and identification of failed sensors and plant components. As a proof of concept, these codes were verified by demonstration of on-line detection and identification of sensor failures in the 5 MW(t) nuclear reactor presently in operation at MIT, Cambridge, Mass.

Fault diagnosis in nonlinear chemical processes. Part II. Application to a chemical reactor

Abstract: A two-level strategy for fault detection and diagnosis developed in Part I is applied to a chemical reactor in which heptane is converted to toluene. Simulation of various faults demonstrates that the proposed strategy is valid, and that it also represents an improvement over fault diagnosis via an extended Kalman filter.

In-Flight Parity Vector Compensation for FDI

Abstract: The performance of a failure detection and isolation (FDI) algorithm applied to a redundant strapdown inertial measurement unit (IMU) is limited by sensor errors such as input axis misalignment, scale factor errors, and biases. A techique is presented for improving the performance of FDI algorithms applied to redundant strapdown IMUs. A Kalman filter provides estimates of those linear combinations of sensor errors that affect the parity vector. These estimates are used to form a compensated parity vector which does not include the effects of sensor errors. The compensated parity vector is then used in place of the uncompensated parity vector to make FDI decisions. Simulation results are presented in which the algorithm is tested in a realistic flight environment that includes vehicle maneuvers, the effects of turbulence, and sensor failures. The results show that the algorithm can significantly improve FDI performance, especially during vehicle maneuvers.

Analytic Redundancy for On-Line Fault Diagnosis in a Nuclear Reactor

Abstract: A computer-aided diagnostic technique has been applied to on-line signal validation in an operating nuclear reactor. To avoid installation of additional redundant sensors for the sole purpose of fault isolation, a real-time model of nuclear instrumentation and the thermal-hydraulic process in the primary coolant loop was developed and experimentally validated. The model provides analytically redundant information sufficient for isolation of failed sensors as well as for detection of abnormal plant operation and component malfunctioning. Nomenclature B =bias for sensor calibration b = error bound for measurement C = specific heat F = mass flow rate of primary coolant H = measurement matrix K = product of heat transfer coefficient and area £ = number of measurements M = thermal mass m = measurement p = parity vector Q = power or rate of energy flow S = scale factor for measurement T = temperature t = time V = projection matrix v = sensor output in volts w = weighting coefficient (0 < w < 1) x = true value of a measured variable e = measurement noise 77 = parameter associated with heat transfer £ = shim blade position r = time constant X = fraction of neutron power

Spectral Fault Signatures for Internally Unate Combinational Networks

Abstract: A method is described for the derivation of fault signatures for certain classes or irredundant combinational networks. These signatures consist of a set of values derived from the network. Any stuck-at fault causes at least one of the values to change. The signatures provide complete fault detection for all single stuck-at faults. They are usually short and never contain more than n + 1 values for an n-input network.

Sequential Network Design Using Extra Inputs for Fault Detection

Abstract: In order to enhance fault-detection capability, extra inputs are used when designing sequential machines. Here, a technique is proposed that designs these machines, precisely with the use of extra inputs-so as especially to minimize the length of the checking sequence. The resulting checking sequences are shown to be upper bounded by (3 + 2n)m + rn (3m + 1), where n is the number of states, r is the number of inputs, m = log, n, and s is the number of extra inputs, respectively. The technique presented here also provides a procedure to construct directed graphs with a minimum diameter.

Framework for a taxonomy of fault-tolerance attributes in computer systems

Abstract: A conceptual framework is presented that relates various aspects of fault-tolerance in the context of system structure and architecture. Such a framework is an essential first step for the construction of a taxonomy of fault-tolerance. A design methodology for fault-tolerant systems is used as the means to identify and classify the major aspects of fault-tolerance: system pathology, fault detection and recovery algorithms, and methods of modeling and evaluation. A computing system is described in terms of four universes of observation and interpretation, ordered in the following sequence: physical, logic, information, and interface, or user's. The description is used to present a classification of faults, i.e., the causes of undesired behavior of computing systems.

A Module Interchange Placement Machine

Abstract: The interchange of pairs of modules is used in a number of popular automatic placement routines in which it is the most time-consuming computation. A system for automatic placement based on iterative placement improvement algorithms which use module interchange is presented. The major attribute of this system is in the hardware implementation of the computation of the cost increment for the new placement resulting from the interchange of two modules. The system was constructed and its results indicate that a speed-up could be achieved of one order of magnitude or better in comparison with software implementations.

Diagnosis of multiple faults in a nationwide communications network

Abstract: The Network Diagnostic System (NDS) is an ARBY based expert system for fault isolation in a nationwide communications network (COMNET). Due to both the structure and function of the network, failures in COMNET are of ten multiple component failures (either dependent or independent) or intermittent failures. The maintenance procedure for isolating and correcting faults in COMNET exploits multiple types of knowledge, including the topological structure of COMNET, geographic organization, and frequency of failure information. Using ARBY, fault isolation in NDS is represented as a heuristic search through a space of hypotheses. The available diagnostic tests impose a refinement hierarchy on the space of hypotheses, enabling the exploitation of hierarchical search. Back links to more general hypotheses at higher levels in the refinement hierarchy are introduced to ensure the isolation and repair of multiple and intermittent failures. The NDS currently performs at the level of an intermediate COMNET diagnostician.

A Real-Time Microprocessor-Based System for Engine Deficiency Analysis

Abstract: The main objective of this work is to develop an on-board microprocessor-based device to detect faults in reciprocating combustion engines. This paper discusses two methods of analysis that have been utilized for fault detection. The first method requires the computation of the Fourier transform, while the second is based on the autocorrelation function. Both the methods provide encouraging results for the few cases that have been studied so far.

LSI Testing Techniques

Abstract: Tests good for SSI and MSI circuits can't cope with the complexity of LSI. New techniques for test generation and response evaluation are required.

Distributed processing environment fault isolation

Abstract: In a machine having a plurality of operating components controlled by a plurality of processors (70, 72, 74, 76, 78, 82) one of the processors is designated the master processor (70). All the other processors report their faults to the master processor. When it receives a fault message, the master processor records the type of fault and the source of the message in suitable memory locations. The master will also time stamp the fault message to identify the first fault message. Finally, the master will transmit a message to itself to verify that the master's communication channel is valid to verify whether the master processor itself or one of the remote processors is faulty.

Generic Faults and Architecture Design Considerations in Flight-Critical Systems

Abstract: Specific examples of generic faults involving interaction of hardware and software in flight-critical systems are described. Such faults can cause an avalanche shutdown of all redundant computer channels. The popular technique of redundant computer frame synchronization is shown to be particularly vulnerable. Architecture solutions that allow dissimilar redundancy and incorporate "brick-wall" isolation are described. Practical techniques of coping with time-skew effects in unsynchronized computer channels are given, and it is shown that they offer many simplicity advantages. HE term ''generic fault" became part of the technical language to describe design defects that elude the test and analysis procedures used to validate a redundant control system design. Although the existence of such defects can be postulated in any type of system, the generic fault concept is especially significant in the flight-critical system application because it defeats the massive redundancy strategies that designers rely on to meet safety or reliability objectives. A vision of such a fault toppling each channel of a flight-critical redundant system is a nightmare that haunts the designer and the "certifier" communities. The first part of this paper examines various classes of such faults, acknowledging that there can be no 100% certainty that a system is free of them. Specific illustrations show why their detection and correction are difficult. It is contended that redundancy architecture is a key factor in generic fault vulnerability, with redundant channel syn- chronization as a major aggravator of error mechanisms. Well-known solutions to such vulnerabilities involve concepts of channel decoupling, including the "brick wall" approaches that were popular in early analog mechanizations.1 '2 The term "brick wall" refers to extraordinary measures taken to insure the physical and electrical separation of redundant channels. Dissimilar redundancy also has its advocates,3 but both solutions preclude the advantages provided by frame (or loose) synchronization of computer channels. Such syn- chronization allows an inherent simplification of monitoring algorithms. Various degrees of synchronizati on tightness have been used. The Space Shuttle computers synchronize to sublevels of frames or tasks, 4 while some systems under development use complete microclock synchronization in massively redundant central processing unit (CPU) and memory structures.5'6 When channel decoupling and isolation (including dissimilar hardware and software mechanisms) are used to avoid generic-fault vulnerabilities, channel syn- chronization must then be abandoned. A recurring theme of this paper is that the synchronization of redundant computers opens pathways for generic faults to cause multiple channel shutdowns. In some instances these faults reside in incomplete logic designs that might not an- ticipate the multiplicity of computer resynchronization in- teractions following transient events in the power distribution system. In other instances, the generic fault could also exist in the nonsynchronized systems, but an event which triggers the fault would cause only one channel to shut down, whereas the same fault in synchronous architectures would cause multiple