Blog - Insights into Switching & Simulation Technology for Test

How to Automate Fault Insertion Tests in ECUs to Improve Software Quality

Written by Kim Otte | Apr 7, 2021 9:44:55 PM

Testing Engine Control Units (ECUs), especially safety related models, is as much about software testing as well as hardware these days—this is due to the increased intelligence required within ECUs to control braking, prevent rollovers, and ensure that power is applied to the correct wheels in a compromised driving mode. Automotive manufacturers such as Magna Powertrain, Delphi, and Continental have the same concerns for testing the safe operation of their products. 

For this blog post, we will focus on automotive transfer cases. A transfer case is a mechanical/electronic device that monitors wheel slippage and ensures that power is applied to wheels that are not slipping. More on this in a bit.

As part of the design process, manufacturers run a series of tests to ensure that the software that controls their transfer cases reacts to system failures, such as open, shorted, and cross/inline resistance connections, in a predictable and safe manner. Ultimately, this improves customer satisfaction and reduces warranty costs. 

A manufacturer could develop a test fixture that allows them to manually inject faults. And, while this fixture is effective, having to manually switch in faults is quite time-consuming—this limits the number of tests cases the manufacturer could run on a particular unit. Also, a manual fixture often requires more frequent maintenance, further slowing test times. And, manual tests are prone to operator error, which can compromise test results. 

To automate this process, consider using Fault Insertion Unit (FIU) switching modules for Hardware-in-the-Loop (HIL) simulation applications and Programmable Resistors. The FIU switching modules can be used to introduce electrical faults into a system, which typically duplicates various conditions that can occur because of corrosion, short/open circuits, and other electrical failures, inherited through age, damage, or even faulty installation. 

Finding faults
A transfer case is used to distribute power from a vehicle's transmission to the front and rear axles. One example is the Double Speed Active Transfer Case (ATC). The ATC features include a multi-plate wet clutch, electromechanical shift actuation, and chain driven front output. The system guarantees dynamic torque distribution between the front and rear wheels and can be tuned to provide desired vehicle performance characteristics in varied terrain and inclement weather. 

As part of the Transfer Case Control Mechanism (TCCM), a transfer case ECU controls the operation of the transfer case. It connects to sensors and actuators in the transfer case, as well as interfaces with the vehicle's Controller Area Network (CAN). When a driver shifts into gear, the transfer case ECU receives the command and then determines if it can perform this shift or not. After it has successfully performed a shift, the transfer case ECU reports this to the network. 

In operation, many different faults can occur. For example, consider an eight-conductor cable that connects actuators and sensors in the transfer case to the control module. These connections can fail open or short to adjacent conductors, in addition, high-resistance connections and high-resistance shorts can develop as automobiles age, and these can cause a transfer case to fail in the field. 

To ensure that the transfer case will operate safely under fault conditions, transfer case manufacturers simulate these faults in their Controls lab.

Hardware-in-the-loop testing has become a very popular way to test the electronic control units, such as the transfer case ECU, used in today's automobiles. A HIL simulator can provide all of the inputs and outputs of a vehicle without the need for actually building prototype vehicles. It saves ECU manufacturers a lot of money, not only because they don't have to build prototype vehicles, but also because they can perform exhaustive testing in a laboratory instead of on a test track or dynamometer. 

They can even test a transfer case ECU without actually having the mechanics of a transfer case. In this mode, the HIL test system simulates the transfer case in addition to the rest of the vehicle. 

To test the transfer case ECU software, designers have developed a number of different operating scenarios. These include vehicle startup, shutdown, and driving scenarios designed to put a transfer case control module through its paces. For example, in one scenario, a transfer case is commanded to go to its desired position. Other scenarios exercise various product features such as shifting, cold crank profile, and voltage profiles.

Now, let's go back to considering a test fixture that allows a manufacturer to manually inject faults. 

Arguably, the most problematic thing about manually inserting faults is that running a series of tests takes a long time. And, if you're running thousands of test cases, it's evident that you would have to find a way to reduce the test time. Another disadvantage of manually inserting faults is that you might only be able to insert shorts and opens. To more thoroughly test the transfer case ECU, you'll need to be able to insert resistive faults as well as hard opens and shorts. 

Automating fault insertion 
Clearly, manufacturers have been thinking about how to automate fault insertion.

There are few vendors who can offer you promising solutions. Finding one who can customize their products to your needs is key. For example, take a look at Pickering’s 19-slot PXI chassis populated with several PXI bus modules (PXI 30A Fault Insertion Switch Module, (model 40-191) to simulate shorts and opens. This module provides a robust solution to high current fault insertion. It uses solid state switching elements and is capable of carrying 40A on single channel or 30A on all channels at the same time. It is designed to insert three different fault conditions between the test fixture and the equipment under test, including open circuits, short circuits between UUT connections, and short circuits to external signals. 

PXI 30A Fault Insertion Switch Module, model 40-191

Solid State Relays on each channel enable the test system to set signals to the UUT to open-circuit. Fault-insertion buses allow any channel to be shorted to any other channel and also enable any channel to be connected to an external signal such as Power, Ignition or Ground to simulate fault conditions. The module is supplied with two fault buses. 

Because faults aren't always completely open or hard shorts, Programmable Resistor modules like Pickering’s model 40-295, are used to simulate high-resistance faults. This module provides up to 18 fully isolated variable resistors at eight-bit resolution or ten fully isolated variable resistors at 16-bit resolution. The resistance of each of the channels can be set between 0 ohms and 16 MΩ. 

PXI Programmable Resistor Module, model 40-295

The switching system is used to inject all of the potential faults. For example, to inject open faults, you would simply have to open the line. To short two lines, connect each of the two lines to a Fault Insertion module and connect the two signals to one of the module's fault busses. To simulate a short to power or ground, connect the signal line to one of the fault busses and then connect that bus to ground or to an external voltage. 

This figure shows how the switching system connects the HIL simulator, the transfer case ECU being tested, and the transfer case, if an actual transfer case needs to be part of the test.

To inject a resistance fault into one of the signal lines running between the transfer case and the transfer case ECU, the control computer would command the switching system to switch in one of the variable resistors on the 40-295 Programmable Resistor Module. Next, you vary the resistance in discreet steps: 0Ω, 5Ω, 10Ω, 20Ω, 50Ω, 100Ω, 200Ω, 500Ω, 1,000Ω, and so on until you reach 1 MΩ, or until the line reacts like it is an open circuit. 

Once a fault has been inserted, run one or more driving scenarios and gather test data. One of the most significant bits of data to gather is the current that the system is drawing. An unusually high current is a sure sign of problems. Look at a number of other parameters, too, though. These include CAN signals and Electrical signals being generated by the transfer case ECU and overall system behavior. 

By automating the fault insertion, the time it takes to run a single test case has been cut. It has also allowed the manufacturer to reduce the elapsed time it takes to run a complete test. With manual insertion, a technician or test engineer has to be present to switch faults in and out. Now, however, personnel only need to be present when risky tests are being performed, as most tests are run overnight with no supervision needed. 

Interestingly, the time-savings are not necessarily used to make the test runs shorter, but to run more test cases, such as those that include resistance faults, in the same amount of time. Using the test time to improve test effectiveness is an indication of the emphasis that companies put on software quality and reliability. 

Analyzing the test results 
As you can imagine, these tests generate a very high volume of test data, and analyzing this data is a big task. The first thing they look for is whether the test has caused any damage to the UUT. No faults should damage the transfer case of the transfer case ECU, so any indication that the unit has been damaged throws up a red flag. 

If none of the test cases have caused any damage, start analyzing the rest of the test data. Of particular interest at this point are the CAN signals and overall system behavior. What you're looking for is data that would indicate unintentional motor movement in a transfer case. You might also check to see that the transfer case ECU generated the appropriate diagnostic codes. 

Analyzing the test data is a team effort—the team not only includes the test engineers, but also the mechanical engineers, electronics engineers, and software developers that designed the transfer case. By working as a team, you're not only able to quickly find areas of concern but are also able to complete the fixes faster. 

The future is automated 
Now that part of your test system has been automated, you'll realize that this is only the beginning. For example, instead of having separate test fixtures for each transfer case, consider working on a “universal” test system for your transfer cases. Using a computer-controlled switching system, you can accomplish this. 

One hurdle that manufacturers will have to jump is figuring out how to reduce the time it takes to analyze the test data. Automating fault insertion allows you to run many more tests, but it also increases the amount of time you must spend analyzing the test data. Developing a tool that would automatically flag test data that might indicate a problem would save a lot of time. 

It would also be worthwhile to reduce the number of test cases. Identify test cases that are really testing the same thing and eliminate them from the test program. It should also be noted that often a subset of the test cases developed in NPI are used in the product test strategy. This tactic provides for consistent test results compared to NPI measurements and speeds the production test development. 

The bottom line for this phase of testing- find a vendor, like Pickering Interfaces, who supports ECU manufacturers in automating the fault injection process, helping them run more test cases in a shorter period of time. 

To see our range of compatible FIU switching modules, click here.

Want to learn more about switching and simulation solutions for the automotive industry? Check out these resources:

Developing a PXI Solution for Testing Automotive Battery Management Systems

 

 

Automotive Test Solutions Brochure