This article needs additional citations for verification .(February 2011) |
A built-in self-test (BIST) or built-in test (BIT) is a mechanism that permits a machine to test itself. Engineers design BISTs to meet requirements such as:
or constraints such as:
The main purpose [1] of BIST is to reduce the complexity, and thereby decrease the cost and reduce reliance upon external (pattern-programmed) test equipment. BIST reduces cost in two ways:
Both lead to a reduction in hourly charges for automated test equipment (ATE) service.
BIST is commonly placed in weapons, avionics, medical devices, automotive electronics, complex machinery of all types, unattended machinery of all types, and integrated circuits.
Automotive tests itself to enhance safety and reliability. For example, most vehicles with antilock brakes test them once per safety interval. If the antilock brake system has a broken wire or other fault, the brake system reverts to operating as a normal brake system. Most automotive engine controllers incorporate a "limp mode" for each sensor, so that the engine will continue to operate if the sensor or its wiring fails. Another, more trivial example of a limp mode is that some cars test door switches, and automatically turn lights on using seat-belt occupancy sensors if the door switches fail.
Almost all avionics now incorporate BIST. In avionics, the purpose is to isolate failing line-replaceable units, which are then removed and repaired elsewhere, usually in depots or at the manufacturer. Commercial aircraft only make money when they fly, so they use BIST to minimize the time on the ground needed for repair and to increase the level of safety of the system which contains BIST. Similar arguments apply to military aircraft. When BIST is used in flight, a fault causes the system to switch to an alternative mode or equipment that still operates. Critical flight equipment is normally duplicated, or redundant. Less critical flight equipment, such as entertainment systems, might have a "limp mode" that provides some functions.
Built-In-Self-Test is used to make faster, less-expensive integrated circuit manufacturing tests. The IC has a function that verifies all or a portion of the internal functionality of the IC. In some cases, this is valuable to customers, as well. For example, a BIST mechanism is provided in advanced fieldbus systems to verify functionality. At a high level this can be viewed similar to the PC BIOS's power-on self-test (POST) that performs a self-test of the RAM and buses on power-up.
The typical personal computer tests itself at start-up because it's a very complex piece of machinery. Since it includes a computer, a computerized self-test was an obvious, inexpensive feature. Most modern computers, including embedded systems, have self-tests of their computer, memory and software.
Unattended machinery performs self-tests to discover whether it needs maintenance or repair. Typical tests are for temperature, humidity, bad communications, burglars, or a bad power supply. For example, power systems or batteries are often under stress, and can easily overheat or fail. So, they are often tested.
Often the communication test is a critical item in a remote system. One of the most common unattended system is the telephone concentrator box. This contains complex electronics to accumulate telephone lines or data and route it to a central switch. Telephone concentrators test for communications continuously, by verifying the presence of periodic data patterns called frames (See SONET). Frames repeat about 8,000 times per second.
Remote systems often have tests to loop back the communications locally, to test transmitter and receiver, and remotely, to test the communication link without using the computer or software at the remote unit. Where electronic loop-backs are absent, the software usually provides the facility. For example, IP defines a local address which is a software loopback (IP-Address 127.0.0.1, usually locally mapped to name "localhost").
Many remote systems have automatic reset features to restart their remote computers. These can be triggered by lack of communications, improper software operation or other critical events. Satellites have automatic reset, and add automatic restart systems for power and attitude control, as well.
Medical devices test themselves to assure their continued safety. Normally there are two tests. A POST will perform a comprehensive test. Then, a periodic test will assure that the device has not become unsafe since the POST. Safety-critical devices normally define a "safety interval", a period of time too short for injury to occur. The self test of the most critical functions normally is completed at least once per safety interval. The periodic test is normally a subset of the POST.
One of the first computer-controlled BIST systems was in the U.S.'s Minuteman Missile.[ citation needed ] Using an internal computer to control the testing reduced the weight of cables and connectors for testing. The Minuteman was one of the first major weapons systems to field a permanently installed computer-controlled self-test.
There are several specialized versions of BIST which are differentiated according to what they do or how they are implemented:
Fly-by-wire (FBW) is a system that replaces the conventional manual flight controls of an aircraft with an electronic interface. The movements of flight controls are converted to electronic signals transmitted by wires, and flight control computers determine how to move the actuators at each control surface to provide the ordered response. It can use mechanical flight control backup systems or use fully fly-by-wire controls.
In engineering, a fail-safe is a design feature or practice that, in the event of a specific type of failure, inherently responds in a way that will cause minimal or no harm to other equipment, to the environment or to people. Unlike inherent safety to a particular hazard, a system being "fail-safe" does not mean that failure is impossible or improbable, but rather that the system's design prevents or mitigates unsafe consequences of the system's failure. That is, if and when a "fail-safe" system fails, it remains at least as safe as it was before the failure. Since many types of failure are possible, failure mode and effects analysis is used to examine failure situations and recommend safety design and procedures.
An embedded system is a computer system—a combination of a computer processor, computer memory, and input/output peripheral devices—that has a dedicated function within a larger mechanical or electronic system. It is embedded as part of a complete device often including electrical or electronic hardware and mechanical parts. Because an embedded system typically controls physical operations of the machine that it is embedded within, it often has real-time computing constraints. Embedded systems control many devices in common use. In 2009, it was estimated that ninety-eight percent of all microprocessors manufactured were used in embedded systems.
A controller area network is a vehicle bus standard designed to allow microcontrollers and devices to communicate with each other. It is a message-based protocol, designed originally for multiplex electrical wiring within automobiles to save on copper, but it can also be used in many other contexts. For each device, the data in a frame is transmitted serially but in such a way that if more than one device transmits at the same time, the highest priority device can continue while the others back off. Frames are received by all devices, including by the transmitting device.
A safety-critical system or life-critical system is a system whose failure or malfunction may result in one of the following outcomes:
A dead man's switch is a switch that is designed to be activated or deactivated if the human operator becomes incapacitated, such as through death, loss of consciousness, or being bodily removed from control. Originally applied to switches on a vehicle or machine, it has since come to be used to describe other intangible uses, as in computer software.
A kill switch, also known more formally as an emergency brake, emergency stop (E-stop), emergency off (EMO), or emergency power off (EPO), is a safety mechanism used to shut off machinery in an emergency, when it cannot be shut down in the usual manner. Unlike a normal shut-down switch or shut-down procedure, which shuts down all systems in order and turns off the machine without damage, a kill switch is designed and configured to abort the operation as quickly as possible and to be operated simply and quickly. Kill switches are usually designed to be noticeable, even to an untrained operator or a bystander.
A watchdog timer, sometimes called a computer operating properly timer, is an electronic or software timer that is used to detect and recover from computer malfunctions. Watchdog timers are widely used in computers to facilitate automatic correction of temporary hardware faults, and to prevent errant or malevolent software from disrupting system operation.
A data logger is an electronic device that records data over time or about location either with a built-in instrument or sensor or via external instruments and sensors. Increasingly, but not entirely, they are based on a digital processor, and called digital data loggers (DDL). They generally are small, battery-powered, portable, and equipped with a microprocessor, internal memory for data storage, and sensors. Some data loggers interface with a personal computer and use software to activate the data logger and view and analyze the collected data, while others have a local interface device and can be used as a stand-alone device.
Aeronautical Radio, Incorporated (ARINC), established in 1929, was a major provider of transport communications and systems engineering solutions for eight industries: aviation, airports, defense, government, healthcare, networks, security, and transportation. ARINC had installed computer data networks in police cars and railroad cars and also maintains the standards for line-replaceable units.
MIL-STD-1553 is a military standard published by the United States Department of Defense that defines the mechanical, electrical, and functional characteristics of a serial data bus. It was originally designed as an avionic data bus for use with military avionics, but has also become commonly used in spacecraft on-board data handling (OBDH) subsystems, both military and civil, including use on the James Webb space telescope. It features multiple redundant balanced line physical layers, a (differential) network interface, time-division multiplexing, half-duplex command/response protocol, and can handle up to 31 Remote Terminals (devices); 32 is typically designated for broadcast messages. A version of MIL-STD-1553 using optical cabling in place of electrical is known as MIL-STD-1773.
Fault tolerance is the resilient property that enables a system to continue operating properly in the event of failure or major dysfunction in one or more of its components. If its operating quality decreases at all, the decrease is proportional to the severity of the failure, as compared to a naively designed system, in which even a small failure can lead to total breakdown. Fault tolerance is particularly sought after in high-availability, mission-critical, or even life-critical systems. The ability of maintaining functionality when portions of a system break down is referred to as graceful degradation.
Fleet management is the management of:
An electronic flight bag (EFB) is an electronic information management device that helps flight crews perform flight management tasks more easily and efficiently with less paper providing the reference material often found in the pilot's carry-on flight bag, including the flight-crew operating manual, navigational charts, etc. In addition, the EFB can host purpose-built software applications to automate other functions normally conducted by hand, such as take-off performance calculations. The EFB gets its name from the traditional pilot's flight bag, which is typically a heavy documents bag that pilots carry to the cockpit.
IEC 61508 is an international standard published by the International Electrotechnical Commission (IEC) consisting of methods on how to apply, design, deploy and maintain automatic protection systems called safety-related systems. It is titled Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems.
A diagnostic program is an automatic computer program sequence that determines the operational status within the software, hardware, or any combination thereof in a component, a system, or a network of systems. Diagnostic programs ideally provide the user with guidance regarding any issues or problems found during its operation.
Brake-by-wire technology in the automotive industry is the ability to control brakes through electronic means, without a mechanical connection that transfers force to the physical braking system from a driver input apparatus such as a pedal or lever.
The AN/UYK-43 was the standard 32-bit computer of the United States Navy for surface ship and submarine platforms, with the first unit delivered in October, 1984. Some 1,250 units were delivered through to 2000. The size of a refrigerator, it replaced the older AN/UYK-7, both built by UNISYS and shared the same instruction set. An enhancement to the UYK-43, the Open Systems Module (OSM), allows up to six VMEbus Type 6U commercial off-the-shelf (COTS) cards to be installed in a UYK-43 enclosure.
Automotive electronics are electronic systems used in vehicles, including engine management, ignition, radio, carputers, telematics, in-car entertainment systems, and others. Ignition, engine and transmission electronics are also found in trucks, motorcycles, off-road vehicles, and other internal combustion powered machinery such as forklifts, tractors and excavators. Related elements for control of relevant electrical systems are also found on hybrid vehicles and electric cars.
Functional safety is the part of the overall safety of a system or piece of equipment that depends on automatic protection operating correctly in response to its inputs or failure in a predictable manner (fail-safe). The automatic protection system should be designed to properly handle likely human errors, systematic errors, hardware failures and operational/environmental stress.