FADEC Computer Systems for Safety Critical Application PUBLIC ACCESS

[+] Author Affiliations
Friedrich Schwamm

Daimler-Benz Aerospace / Geschäftsbereich Antriebe (MTU), München, Germany

Paper No. 98-GT-170, pp. V005T15A017; 8 pages
  • ASME 1998 International Gas Turbine and Aeroengine Congress and Exhibition
  • Volume 5: Manufacturing Materials and Metallurgy; Ceramics; Structures and Dynamics; Controls, Diagnostics and Instrumentation; Education
  • Stockholm, Sweden, June 2–5, 1998
  • Conference Sponsors: International Gas Turbine Institute
  • ISBN: 978-0-7918-7866-8
  • Copyright © 1997 by ASME


One of the main requirements for modern FADEC systems is to implement great computing power with many interfaces and to keep the FADEC hardware effort to a minimum. On the other side the criticality potential of computer failures is considered as ‘hazardous’. The trend in FADEC development is to implement even more complex functions into the control software which consequently increases the authority and therefore the criticality potential of computer failures. In the mid 80’s a double computer system was used to performed a parallel execution of the control software with identical input parameters to output identical results. A difference in any one of these computer results causes the comparator hardware to output a failure indication. This was considered to have a 100% coverage of computer failures. The problem with this system was certainly the relatively large hardware overhead and the limited intelligence of the comparator logic. Some other FADEC systems have implemented only a Watch Dog Timer and Bus Access Supervisory hardware to detect computer malfunctions. With this method the proof for the achievements of the safety requirements have become almost impossible since adequate fault models of the computer components are difficult to establish due to their increasing functional complexity. This paper describes how to develop the safety features for the Computer Design from the Engine Control System Safety Requirements to achieve a full coverage of the potentially critical failure effects with fault tolerant failure recovery functions and a minimum of hardware overhead.

Copyright © 1997 by ASME
Topics: Safety , Computers
This article is only available in the PDF format.



Interactive Graphics


Country-Specific Mortality and Growth Failure in Infancy and Yound Children and Association With Material Stature

Use interactive graphics and maps to view and sort country-specific infant and early dhildhood mortality and growth failure data and their association with maternal

Citing articles are presented as examples only. In non-demo SCM6 implementation, integration with CrossRef’s "Cited By" API will populate this tab (http://www.crossref.org/citedby.html).

Some tools below are only available to our subscribers or users with an online account.

Related Content

Customize your page view by dragging and repositioning the boxes below.

Related eBook Content
Topic Collections

Sorry! You do not have access to this content. For assistance or to subscribe, please contact us:

  • TELEPHONE: 1-800-843-2763 (Toll-free in the USA)
  • EMAIL: asmedigitalcollection@asme.org
Sign In