Fault Detection Isolation And Recovery (FDIR)
FDIR is a field of control engineering which involves testing the responses of a system and identifying faults presented in the system. This can be through live monitoring of the sensor data to observe any discrepancies, or it can be regularly testing using a bespoke testing system to simulate environmental conditions and monitor system responses compared to expected values.
FDIR is particularly important in aviation as it has a much smaller margin for error compared to other modes of transport, erroneous data or a faulty sensor should not cause an aircraft critical system to malfunction. Similar to ‘limp-home’ mode that a car ECU may enter upon the failure of a sensor, critical aircraft systems should enter a mode where the aircraft can still fly safely in the event of a failure (this is the recovery bit of FDIR). “Fault Tolerant Systems” (where a system can operate within required reliability and safety limitation with certain fault configurations)
Fault Detection
- Found through maintenance data from previous faults
- Signal analysis through FFT
- Applying an environment (temperature & pressure) and record responses; compare to expected values
- This can either be in the production of each modular unit
- Or testing in situ on the runway between flights
Recovery
- Switch-off of a faulty equipment
- Switch-over from a faulty equipment to a redundant equipment
- Change of state of the complete system into a Safe Mode with limited functionalities
Full Authority Digital Engine Control (FADEC)
A FADEC is an Engine Control Unit (ECU) that has full authority over the engine with no manual overrides, the main goal of any ECU is to allow the engine to perform at maximum efficiency for a given condition. The FADEC is powered by a generator connected to the engine that it controls, it is comprised of an active and redundant channel for safety. As the unit has full control over the engine, loss of both the active and redundant channel will result in loss of the engine.
The FADEC allows the pilot to ‘command’ the aircraft engines rather than to directly control them; for instance the pilot can ‘command’ 80% thrust from the engine but it is the FADEC which controls the fuel flow, bleed valves and a number of other components to achieve the ‘commanded’ thrust depending on the current flight condition.
The FADEC uses a array of sensors across the engine and a series of actuators to control the overall engine performance and function.
The FADEC monitors:
- Shaft speeds (N1, N2)
- Pressures
- Exhaust Gas Temperatures
- Air density
- Thrust lever request positions
- Flight management system calculated power settings
The FADEC controls:
- Fuel Flow
- Air bleed valve positions
- Stator vane positions
- Engine starting, shutdown and restarting
Additionally, engine limitations (Maximum temperatures and speeds) can be programmed into the FADEC to issue warnings to the pilot and initiate necessary measures without pilot intervention. It can also generate engine health and maintenance reports.
| Advantages | Disadvantages |
| Automated control allows for much more efficient engine operation | The role of the Flight Engineer and the accompanying sector & knowledge-base is lost |
| Safer due to redundancy | No manual override in the case FADEC is lost |
| Automatic engine protection measures | High system complexity |
| ‘Commanding’ engine thrust, simpler inputs with guaranteed outputs | High system development and validation effort |
| Further integrating aircraft systems | Core mounted units require cooling which adds to weight and complexity |
| Health and maintenance reports | Engine is now only capable of operating within manufacturer ‘safety limits’ which may reduce engine capacity in a crisis compared to manual control |
| Reduces flight crew workload | |
| Creates a Fault Tolerant System (safely operable within fault configurations) |
