Modeling and testing a critical fault-tolerant multi-process system

The paper discusses modeling and fault insertion testing of the Boeing 777 "fly-by-wire" Primary Flight Computer (PFC) system. The 777 PFC was modeled to perform a behavior analysis. The simulation model includes all systems communicating with the Primary Flight Computers (PFC). The simulation environment allows errors to be injected into the communication portion of the model and into selected PFC internal variables. The model is used to test the system response to errors in the PFC input data and to PFC internal errors. The behavior analysis tests have been chosen to stress the fault tolerant design and to investigate PFC anomalies encountered during either laboratory tests or during flight test. The effects of both input and PFC internal errors were studied and the effects of asynchronous communication were examined. The paper is composed of the following: 1. Introduction which briefly describes both the airplane "fly-by-wire" features and the simulation. 2. PFC description which gives more details about the PFC. 3. Failure model. 4. Simulation description which describes the simulation environment and facilities. 5. Fault-tolerant testing which gives some examples. 6. Summary.<>