WO2010104428A1 - Built-in test system with prognostic capability and method - Google Patents

Built-in test system with prognostic capability and method Download PDF

Info

Publication number
WO2010104428A1
WO2010104428A1 PCT/SE2009/050246 SE2009050246W WO2010104428A1 WO 2010104428 A1 WO2010104428 A1 WO 2010104428A1 SE 2009050246 W SE2009050246 W SE 2009050246W WO 2010104428 A1 WO2010104428 A1 WO 2010104428A1
Authority
WO
WIPO (PCT)
Prior art keywords
test
clocking
results
clock frequency
over
Prior art date
Application number
PCT/SE2009/050246
Other languages
French (fr)
Inventor
Rikard Johansson
Original Assignee
Saab Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Saab Ab filed Critical Saab Ab
Priority to PCT/SE2009/050246 priority Critical patent/WO2010104428A1/en
Publication of WO2010104428A1 publication Critical patent/WO2010104428A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/22Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing
    • G06F11/26Functional testing
    • G06F11/27Built-in tests

Definitions

  • the present invention relates to built-in testing of electronics systems.
  • it relates to built-in testing of systems having clocked components such as CPUs on board aircraft or other vehicles.
  • a method for predicting a component failure in order to alert responsible personnel to replace it before it breaks, such that the normal operation of the system of which the component is a part is not disturbed.
  • component should be interpreted widely, to include e.g., "unit” and "equipment”.
  • the method includes putting non-destructive strain upon a component in an attempt to force a failure developing in the component, but which failure does not show under normal operation. If such a failure is discovered, a warning is triggered, and an operator may initiate measures such that the component is replaced at the next upcoming convenient opportunity.
  • the system is designed in such a way that during start-up of the system the nominal frequency is used, but this can be altered under certain conditions by the system.
  • over-clocking and test sequences are initiated.
  • Initiation of over-clocking is preferably software controlled, and may embrace the CPU and other clocked circuits of the system. Under software control a sequence of tests are performed. Results from the tests are subsequently stored. When the sequence is performed, the program enters an endless loop. Of course, there exists the possibility that the program derails due to CPU malfunction -the system is arranged to, in this case, to not store all expected results in a memory. The system may finish the test sequence by saving a "finishing label" in memory - if the finishing label is not there after the test sequence is finished, an evaluation routine can infer that that the test sequence has derailed.
  • a circuit At the initiation of over-clocking a circuit is programmed to generate a non- maskable interrupt or a reset after a predetermined amount of time. When such an event occurs, a program in the CPU is triggered to start which verifies the result from the test sequence(s) as was discussed above.
  • a method for built-in prognostic testing of a component or a component group residing in an electronics system comprising the following steps:
  • the method may further include the steps of
  • the results of each test run is preferably categorised as either successful or failed based on comparison between results and predefined values.
  • the expected time to failure is preferably determined as follows:
  • the electronics system is provided with an interface unit to interface with units outside the electronics system.
  • the electronics system is an electronics system of an aircraft.
  • an electronics system capable of built in prognostic testing, the system comprising; a central processing unit 105, a non-volatile memory 115, characterised in that the system further comprises a clock unit 140 having means for selectable providing one of two different clock frequencies for clocking the system; a trigger signal connection 117 between the interface unit 110 and the clock unit
  • the electronics system further comprising an interface unit 110 connected between the CPU 105 and units outside the system for interfacing units outside the electronics system
  • the system further comprising an output protection unit 125 connected between the interface unit 110 and units outside the system for protecting units outside the electronics system from control signals issued from the interface unit
  • Figures Figure 1 shows a block diagram of a system having a central processing unit
  • CPU central processing unit
  • Figure 2 shows a flowchart of a method for built-in prognostic testing of a component residing in an electronics system.
  • Figure 3 shows a curve for predicted time to failure at nominal frequency as a function of frequency at which a failure was detected during tests.
  • Cold start the system is started by applying voltage.
  • Warm start the system is started by restarting it, i.e. by doing a "reset".
  • Nominal clock frequency the clock frequency fed to the component during normal operation of the system in question.
  • Normal clock frequency same as nominal clock frequency.
  • Over-clocking the act of feeding and running a component with a higher clock frequency than nominal clock frequency.
  • Figure 1 shows a block diagram of a system having a central processing unit (CPU) and other units and features enabling built-in test involving over-clocking of the CPU and the other circuits. These units and features will be described below in connection with a description of a method for built-in prognostic testing.
  • Figure 2 shows a flowchart of a method for built-in prognostic testing of a component residing in the electronics system of figure 1. The method comprises the following groups of steps:
  • test-result buffer of a non-volatile memory 115 It is not zeroed when power is lost or at system reset, but keeps its information
  • This trigger signal will trigger the following: - Programming a timer 135 to generate a system reset after a certain time delay T 1 .
  • a reset circuit 155 that generates a system reset based on a signal from the timer 135, or based on signals representing other reset criteria.
  • the CPU is arranged to be able to read, via the I/O-unit 110, if the timer 135 is programmed to generate a system reset or not.
  • the output protection unit 125 is arranged to set all critical outputs into a safe state.
  • Critical outputs are all outputs which are desired not to be influenced if an error is evoked during over-clocking procedure of built-in test. For example, in a flight control system it would be undesirable if ailerons began to move in an uncontrolled fashion.
  • the output protection unit 125 is reset at "system reset", such that signal from the I/O-unit 110 again can influence the outputs of the system.
  • the clock unit 140 is arranged to operate at normal clock frequency following a reset and only accept one over-clocking frequency until a reset has occurred.
  • the trigger signal from the I/O-unit 110 via the trigger signal connection 117, that initiates system restart/over-clocking/output protection is arranged to only be allowed to take effect if one or more safety interlock conditions are met. This is to avoid undesired activation of the over-clocking function. For example, it should only be possible to activate over-clocking when the aircraft is on the ground. Therefore, the &-unit 130 is arranged to handle this.
  • Group D includes the following substeps:
  • tests are arranged to test the functionality of the involved components. These tests may consist of but are not necessarily limited to the following type of test:
  • test result buffer in the non-volatile memory 115. If the system has become degraded it may happen that the test run derails - i.e., the CPU gets struck by an "exception", or it may simply restart. When the CPU restarts it is arranged to check if there is a request for "system reset". This is preferably accomplished by reading information from a timer 135, and if the information is affirmative continue and perform group D substeps as will be described below.
  • test sequence will cause the CPU to halt
  • test sequence will be completed without any of the two above described consequences, i.e., the CPU enters a wait state, waiting 240 for a (timer programmed) system reset.
  • group E consists of the following sub steps:
  • CPU reset (as discussed above) has occurred or if the timer 135 causes a "system reset” the CPU will restart.
  • the CPU shall therefore always start its execution by performing the following: o Read the signal "Warm or cold start”. If this signal indicates that the CPU has started during "cold start” the CPU shall continue its normal start up procedure (i.e. the CPU start was not triggered as part of an over-clocking test but due to a normal start up).
  • test-result buffer is scanned for start labels. Based on the number of start labels found the CPU either perform additional over-clocking sequences by performing the steps of group B through E again (except that the test result buffer is not be cleared as part of group B) or, if all required sequences has been completed, continues with the steps of group G below.
  • Group G includes the following substeps: - Evaluating 250 the content of the test result buffer. If any of the tests reported erroneously or if any results are missing this is reported to the operator.
  • Evaluating the content of the test result buffer is accomplished by comparing the results (i.e. a list of test result values) with a list of predetermined expected result values that is generated in advance and is said to represent a correct result list. For example, if each instruction of the CPU is tested, this is performed in such a way that e.g. typically the CPU is instructed to add two numbers and store the result. During evaluation, the stored value (in non-volatile memory NVM) is compared with a constant (the sum of the two numbers). For every instruction in the CPU instruction set, similar tests are provided, a result is stored, which then is compared to the predetermined answer(s), during evaluation 250
  • tests of steps of Group D 230 above also are executed 205 with the normal clock frequency. This makes it possible to differentiate between an actual and a potential future failure. Test results from over-clocking may be synthesized with the results from normal clocking as a part of this step 230, and the results reported to the operator.
  • a test is first run at nominal clock frequency, and subsequently at two or more over-clocking frequencies.
  • the resulting test results is then compiled and analysed to inform an operator of an expected time to failure (ETF) of the system.
  • ETF expected time to failure
  • FIG 3 is shown a curve with three tests on the curve giving the predicted time to failure under the condition that the corresponding test fails.
  • a - Test performed at normal clock speed. Any failure at this speed indicates a faulty component; and should cause the flight to be cancelled, if the tested system is part of an aeroplane.
  • b - Test performed at a first increased clock speed. A failure at this speed indicates that the system will fail at normal speed within 0-12 operating hours.
  • c - Test performed at a second increased clock speed, higher than the first. A failure at this speed but not at the "b" speed indicates that the system will fail at normal speed within 12-20 operating hours.
  • test a test at nominal frequency
  • test b test at a first over-clocking frequency
  • test c test at a second over-clocking frequency

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Test And Diagnosis Of Digital Computers (AREA)

Abstract

A method for built-in prognostic testing of a component or a component group residing in an electronics system, the method comprising the following steps: - performing (205) a first self test at nominal clock frequency; by running a self test program for a first time; - saving the test results of this first run in a non-volatile memory; - performing a second self test (210, 220, 230, 240) using a first over-clocking clock frequency higher than the nominal clock frequency, and running the self test program for a second time; - saving the test results of this second run in the non-volatile memory; - restarting the system in an evaluation mode using nominal clock frequency; - comparing the results saved into the non-volatile memory with predefined values; - determining, based on the results from the test runs, the expected time to failure of the tested component group.

Description

BUILT-IN TEST SYSTEM WITH PROGNOSTIC CAPABILITY AND METHOD
Field
The present invention relates to built-in testing of electronics systems. In particular it relates to built-in testing of systems having clocked components such as CPUs on board aircraft or other vehicles.
Background
Electronics and avionics systems of contemporary aircraft become more and more complex. The probability for such an electronics system or unit of such a system failing may consequently increase. The necessity of built-in test systems increases. Costs for having aeroplanes on the ground is high for the airline companies due to the income loss due to chartering costs for replacement passenger capacity, and in worst case loss of passenger ticket money. Therefore it would be of great value to increase availability of aircraft.
Also service and repair costs increase. It is therefore desirable to serve, maintain and repair an aircraft where it is cheapest, which usually is home base airport, to avoid extra costs connected with having to carry out repair at a foreign airport. These extra costs may include costs for having to fly in spare parts and specialist personnel, and also for renting repair facilities.
There exists a problem of determining the best time to replace a unit. On the one hand it should be replaced at home base airport as discussed above, on the other hand, replacement should as far as is safe and possible take advantage of the full lifetime of the unit.
Summary of the invention
It is an object of the present invention to provide a solution to the above stated problem. The problem of being able to provide prognostic capability within electronics systems is not restricted to the aviation industry, but is also present in many other vehicle and industrial applications.
However, the inventor has realised that one of the worst moment to become aware of an electronics failure (save during flight) is when the aircraft is fully fuelled and filled with passengers and cargo. If one discovers a failure at this point in time there is much time and money lost for finding a replacement aircraft and for carrying out reloading.
To solve this, there is provided a method for predicting a component failure in order to alert responsible personnel to replace it before it breaks, such that the normal operation of the system of which the component is a part is not disturbed. In this context the term "component" should be interpreted widely, to include e.g., "unit" and "equipment". The method includes putting non-destructive strain upon a component in an attempt to force a failure developing in the component, but which failure does not show under normal operation. If such a failure is discovered, a warning is triggered, and an operator may initiate measures such that the component is replaced at the next upcoming convenient opportunity.
It is expected that future electronic integrated circuits having a high density, and very small wire width, may have a slightly different behaviour of failure than many of today's circuits. Among other thing it is expected that the ability of the circuit to handle fast voltage transitions, so called "flanks", will deteriorate gradually over time. The present invention heeds this understanding.
Particularly state of the art and future circuits, having high density of packing, will present the behaviour of failure as described above, the inventor has realized that these failures can be predicted by using a certain procedure involving the following steps: a) performing 205 a first test sequence while clocking the circuit at a first clock frequency, which is equal to nominal clock frequency, to verify that the circuits work correctly; b) performing 210, 220, 230, 240 at least one further test sequence(s), each equal to the first test sequence, except that the circuit is clocked at a different clock frequency for each further test sequence, each of these clock frequencies are higher than the nominal frequency, i.e., "over-clocking" the circuit; c) evaluating 250 the results from the first and the at least one further test sequence(s).
Such over-clocking of the circuit can be realised by letting the clock frequency fed to the CPU be controlled by the software of the system.
The system is designed in such a way that during start-up of the system the nominal frequency is used, but this can be altered under certain conditions by the system. At a certain point in time, e.g., at manual initiation or at shut-down or startup of the system, over-clocking and test sequences are initiated. In connection with the initiation of the over-clocking it may be necessary to inhibit all outputs, i.e., disconnect or make the outputs harmless in some other way, such that the system cannot be put in a dangerous state due to failures that may appear during the over- clocking procedure.
Initiation of over-clocking is preferably software controlled, and may embrace the CPU and other clocked circuits of the system. Under software control a sequence of tests are performed. Results from the tests are subsequently stored. When the sequence is performed, the program enters an endless loop. Of course, there exists the possibility that the program derails due to CPU malfunction -the system is arranged to, in this case, to not store all expected results in a memory. The system may finish the test sequence by saving a "finishing label" in memory - if the finishing label is not there after the test sequence is finished, an evaluation routine can infer that that the test sequence has derailed.
At the initiation of over-clocking a circuit is programmed to generate a non- maskable interrupt or a reset after a predetermined amount of time. When such an event occurs, a program in the CPU is triggered to start which verifies the result from the test sequence(s) as was discussed above.
To be able to secure the safety of the system, the same test sequence as performed at over-clocking is as described above performed at start-up of the system, but this time not over-clocking the CPU. If this test is performed without errors, the system can be viewed upon as safe to use for the immediate future. With this mechanisation, i.e. running a test a first time with nominal clocking and one or several times with over-clocking, it is avoided that safety requirements are raised on tests during over-clocking, this to avoid having to argue that correct results have emerged as a result of a malfunctioning process in combination with over-clocking.
Thus, according to a first aspect of the invention there is provided a method for built-in prognostic testing of a component or a component group residing in an electronics system, the method comprising the following steps:
- performing 205 a first self test at nominal clock frequency; by running a self test program for a first time;
- saving the test results of this first run in a non-volatile memory;
- performing a second self test 210, 220, 230, 240 using a first over-clocking clock frequency higher than the nominal clock frequency, and running the self test program for a second time; - saving the test results of this second run in the non-volatile memory;
- restarting the system in an evaluation mode using nominal clock frequency;
- comparing the results saved into the non-volatile memory with predefined values;
- determining, based on the results from the test runs, the expected time to failure of the tested component group. The method may further include the steps of
- performing a third self test using a second over-clocking clock frequency higher than the first over-clocking clock frequency and running the self test program for a third time;
- saving the test results of this second run into non-volatile memory. - determining, based on the results from the test runs, the expected time to failure of the tested component group
The results of each test run is preferably categorised as either successful or failed based on comparison between results and predefined values. The expected time to failure is preferably determined as follows:
- zero, i.e. broken corresponding to the event that first test failed;
- less than Xl operating hours corresponding to first test successful, second test failed; wherein Xl is a number greater than zero, or, the method wherein the expected time to failure is determined as follows:
- zero, i.e. broken corresponding to first test failed;
- less than Xl operating hours corresponding to the event that first test successful, second test failed; - more than Xl operating hours, but less than X2 operating hours (first and second test successful, third test failed);
- more than X2 operating hours, (first, second and third tests successful); wherein Xl, and X2 are numbers, and X2 is greater than Xl .
The method as described above, wherein the electronics system is provided with an interface unit to interface with units outside the electronics system. The method as described above wherein the electronics system is an electronics system of an aircraft.
According to a second aspect of the invention there is provided an electronics system capable of built in prognostic testing, the system comprising; a central processing unit 105, a non-volatile memory 115, characterised in that the system further comprises a clock unit 140 having means for selectable providing one of two different clock frequencies for clocking the system; a trigger signal connection 117 between the interface unit 110 and the clock unit
140 for triggering use of clock frequency, wherein the CPU 105 is arranged to be able to run a test routine using two of the different clock frequencies. The electronics system further comprising an interface unit 110 connected between the CPU 105 and units outside the system for interfacing units outside the electronics system
The system further comprising an output protection unit 125 connected between the interface unit 110 and units outside the system for protecting units outside the electronics system from control signals issued from the interface unit
110 during self test.
Any of the systems as described above wherein the clock unit 140 have means for selectable providing one of three or more different clock frequencies for clocking the system; Any of the systems as described above wherein the CPU 105 is arranged to be able to run a test routine using three or more of the different clock frequencies. Any of the systems as described above wherein the over-clocking test(s) is/are implemented in such a way that a reset of the electronic circuits under test is triggered at the end of each over-clocking test.
It should be emphasized that the term "comprises/comprising" when used in this specification is taken to specify the presence of stated features, integers, steps or components but does not preclude the presence or addition of one or more other features, elements, integers, steps, components or groups thereof. Features that are described and/or illustrated with respect to one embodiment may be used in the same way or in a similar way in one or more other embodiments and/or in combination with or instead of the features of the other embodiments.
Figures Figure 1 shows a block diagram of a system having a central processing unit
(CPU) and features enabling built-in test involving over-clocking of the CPU.
Figure 2 shows a flowchart of a method for built-in prognostic testing of a component residing in an electronics system.
Figure 3 shows a curve for predicted time to failure at nominal frequency as a function of frequency at which a failure was detected during tests.
Detailed description Definitions
Cold start; the system is started by applying voltage. Warm start: the system is started by restarting it, i.e. by doing a "reset".
Nominal clock frequency: the clock frequency fed to the component during normal operation of the system in question.
Normal clock frequency: same as nominal clock frequency. Over-clocking: the act of feeding and running a component with a higher clock frequency than nominal clock frequency.
Figure 1 shows a block diagram of a system having a central processing unit (CPU) and other units and features enabling built-in test involving over-clocking of the CPU and the other circuits. These units and features will be described below in connection with a description of a method for built-in prognostic testing. Figure 2 shows a flowchart of a method for built-in prognostic testing of a component residing in the electronics system of figure 1. The method comprises the following groups of steps:
Group A steps - performing 205 tests at normal clock speed.
Group B steps
- Zeroing of a test-result buffer of a non-volatile memory 115. It is not zeroed when power is lost or at system reset, but keeps its information;
- Storing a label in the test-result buffer to indicate that an over-clocking test has started
- Initiating 210 a system reset signal via a first output from an I/O-unit 110;
Group C steps
- Programming 220 the clock unit 140 to switch to a different clock frequency upon command (described in the step below).
- Activating over-clocking through the I/O-unit 110 by sending a trigger signal via the trigger signal connection 117. This trigger signal will trigger the following: - Programming a timer 135 to generate a system reset after a certain time delay T1. There is arranged a reset circuit 155 that generates a system reset based on a signal from the timer 135, or based on signals representing other reset criteria. The CPU is arranged to be able to read, via the I/O-unit 110, if the timer 135 is programmed to generate a system reset or not. - The output protection unit 125 is arranged to set all critical outputs into a safe state. Critical outputs are all outputs which are desired not to be influenced if an error is evoked during over-clocking procedure of built-in test. For example, in a flight control system it would be undesirable if ailerons began to move in an uncontrolled fashion. The output protection unit 125 is reset at "system reset", such that signal from the I/O-unit 110 again can influence the outputs of the system.
- Commanding of the clock unit 140 to over-clock the system at the programmed over-clock frequency selected. The clock unit 140 is arranged to operate at normal clock frequency following a reset and only accept one over-clocking frequency until a reset has occurred.
The trigger signal from the I/O-unit 110 via the trigger signal connection 117, that initiates system restart/over-clocking/output protection is arranged to only be allowed to take effect if one or more safety interlock conditions are met. This is to avoid undesired activation of the over-clocking function. For example, it should only be possible to activate over-clocking when the aircraft is on the ground. Therefore, the &-unit 130 is arranged to handle this. Group D substeps
Group D includes the following substeps:
- Performing 230 certain test of components of the system, i.e., CPU 105, 1/O-unit 110, memory 107, 115 and other circuits 120. The term "other circuits" may comprise also interrupt unit, and control logic of the computer.
The tests are arranged to test the functionality of the involved components. These tests may consist of but are not necessarily limited to the following type of test:
- Test all CPU instructions and addressing modes;
- test the cache memory of the CPU; - test the ability of the memory circuit to cope with repeated access;
- test the ability of internal busses to handle data transfer
- test the ability of interrupt control circuits to cope with repeated access
The results of each test are stored in a test result buffer in the non-volatile memory 115. If the system has become degraded it may happen that the test run derails - i.e., the CPU gets struck by an "exception", or it may simply restart. When the CPU restarts it is arranged to check if there is a request for "system reset". This is preferably accomplished by reading information from a timer 135, and if the information is affirmative continue and perform group D substeps as will be described below.
Group E substeps
As was discussed above there are a number of possible outcomes of running the system in over-clocking mode and performing the test sequence described in group D. The possible outcomes are: - The test sequence will cause the CPU to reset
- The test sequence will cause the CPU to halt
- The test sequence will be completed without any of the two above described consequences, i.e., the CPU enters a wait state, waiting 240 for a (timer programmed) system reset. In order to handle all of the above scenarios group E consists of the following sub steps:
- Determine if an over-clocking type "system reset" is pending by reading the timer 135. If this is the case then the test sequence was completed without causing a CPU reset or halt. The program shall wait for the reset to occur.
- If CPU reset (as discussed above) has occurred or if the timer 135 causes a "system reset" the CPU will restart. The CPU shall therefore always start its execution by performing the following: o Read the signal "Warm or cold start". If this signal indicates that the CPU has started during "cold start" the CPU shall continue its normal start up procedure (i.e. the CPU start was not triggered as part of an over-clocking test but due to a normal start up).
o If the "Warm or cold start" signal indicates "warm start", the label indicating that a over-clocking test is in progress can be found in the test-result buffer but a "system reset" is pending (as indicated by the timer 135), the reset is due to a CPU halt during the over-clocking test and the CPU shall wait for the pending "system reset" to occur.
o If the "Warm or cold start" signal indicates "warm start", the label indicating that a over-clocking test is in progress can be found in the test-result buffer but no "system reset" is pending (as indicated by the timer 135), the reset was caused by the timer 135 and the CPU shall continue with the steps defined for group E below.
Group F substeps
In order to determine if additional over-clocking sequences shall be performed the test-result buffer is scanned for start labels. Based on the number of start labels found the CPU either perform additional over-clocking sequences by performing the steps of group B through E again (except that the test result buffer is not be cleared as part of group B) or, if all required sequences has been completed, continues with the steps of group G below.
Group G substeps
Group G includes the following substeps: - Evaluating 250 the content of the test result buffer. If any of the tests reported erroneously or if any results are missing this is reported to the operator.
Evaluating the content of the test result buffer is accomplished by comparing the results (i.e. a list of test result values) with a list of predetermined expected result values that is generated in advance and is said to represent a correct result list. For example, if each instruction of the CPU is tested, this is performed in such a way that e.g. typically the CPU is instructed to add two numbers and store the result. During evaluation, the stored value (in non-volatile memory NVM) is compared with a constant (the sum of the two numbers). For every instruction in the CPU instruction set, similar tests are provided, a result is stored, which then is compared to the predetermined answer(s), during evaluation 250
Note that the tests of steps of Group D 230 above also are executed 205 with the normal clock frequency. This makes it possible to differentiate between an actual and a potential future failure. Test results from over-clocking may be synthesized with the results from normal clocking as a part of this step 230, and the results reported to the operator.
Preferably a test is first run at nominal clock frequency, and subsequently at two or more over-clocking frequencies. The resulting test results is then compiled and analysed to inform an operator of an expected time to failure (ETF) of the system.
In figure 3 is shown a curve with three tests on the curve giving the predicted time to failure under the condition that the corresponding test fails. a - Test performed at normal clock speed. Any failure at this speed indicates a faulty component; and should cause the flight to be cancelled, if the tested system is part of an aeroplane. b - Test performed at a first increased clock speed. A failure at this speed indicates that the system will fail at normal speed within 0-12 operating hours. c - Test performed at a second increased clock speed, higher than the first. A failure at this speed but not at the "b" speed indicates that the system will fail at normal speed within 12-20 operating hours.
Thus, if test at nominal frequency (test a) and test at a first over-clocking frequency (test b) runs without failure, but test at a second over-clocking frequency (test c) fails, the it can be read from the shown curve of expected time to failure that the system probably will run flawless for another 12 operating hours, but will probably be subject to an emerging error at a point in time somewhere between 12 and 20 hours of operation from the time of the test.

Claims

1. A method for built-in prognostic testing of a component or a component group residing in an electronics system, the method comprising the following steps: - performing (205) a first self test at nominal clock frequency; by running a self test program for a first time;
- saving the test results of this first run in a non-volatile memory;
- performing a second self test (210, 220, 230, 240) using a first over-clocking clock frequency higher than the nominal clock frequency, and running the self test program for a second time;
- saving the test results of this second run in the non-volatile memory;
- restarting the system in an evaluation mode using nominal clock frequency;
- comparing the results saved into the non-volatile memory with predefined values;
- determining, based on the results from the test runs, the expected time to failure of the tested component group.
2. The method of claim 1 further including the steps of:
- performing a third self test using a second over-clocking clock frequency higher than the first over-clocking clock frequency and running the self test program for a third time;
- saving the test results of this second run into non-volatile memory.
- determining, based on the results from the test runs, the expected time to failure of the tested component group
3. The method of claim 1 or 2, wherein the results of each test run is categorised as either successful or failed based on comparison between results and predefined values.
4. The method of claim 1-3 wherein the expected time to failure is determined as follows:
- zero, i.e broken (first test failed);
- less than Xl operating hours (first test successful, second test failed); wherein Xl is a number greater than zero.
5. The method of claim 1-3 wherein the expected time to failure is determined as follows:
- zero, i.e broken (first test failed);
- less than Xl operating hours (first test successful, second test failed); - more than Xl operating hours, but less than X2 operating hours (first and second test successful, third test failed);
- more than X2 operating hours, (first, second and third tests successful); wherein Xl, and X2 are numbers, and X2 is greater than Xl .
6. The method of any of the preceding claims, wherein the electronics system is provided with an interface unit to interface with units outside the electronics system.
7. The method of claim 6 wherein the electronics system is an electronics system of an aircraft.
8. An electronics system capable of built in prognostic testing, the system comprising; a central processing unit (105), a non-volatile memory (115), characterised in that the system further comprises a clock unit (140) having means for selectable providing one of two different clock frequencies for clocking the system; a trigger signal connection (117) between the interface unit (110) and the clock unit (140) for triggering use of clock frequency, wherein the CPU (105) is arranged to be able to run a test routine using two of the different clock frequencies.
9. The system of claim 8 further comprising an interface unit (110) connected between the CPU (105) and units outside the system for interfacing units outside the electronics system
10. The system of claim 9 further comprising an output protection unit (125) connected between the interface unit (110) and units outside the system for protecting units outside the electronics system from control signals issued from the interface unit (110) during self test.
11. The system of any of the claims 8-10 wherein the clock unit (140) have means for selectable providing one of three or more different clock frequencies for clocking the system;
12. The system of claim 11 wherein the CPU (105) is arranged to be able to run a test routine using three or more of the different clock frequencies.
13. The system of any of the claims 8-12 wherein the over-clocking test(s) is/are implemented in such a way that a reset of the electronic circuits under test is triggered at the end of each over-clocking test.
PCT/SE2009/050246 2009-03-10 2009-03-10 Built-in test system with prognostic capability and method WO2010104428A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/SE2009/050246 WO2010104428A1 (en) 2009-03-10 2009-03-10 Built-in test system with prognostic capability and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/SE2009/050246 WO2010104428A1 (en) 2009-03-10 2009-03-10 Built-in test system with prognostic capability and method

Publications (1)

Publication Number Publication Date
WO2010104428A1 true WO2010104428A1 (en) 2010-09-16

Family

ID=42728548

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2009/050246 WO2010104428A1 (en) 2009-03-10 2009-03-10 Built-in test system with prognostic capability and method

Country Status (1)

Country Link
WO (1) WO2010104428A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI662553B (en) * 2018-08-27 2019-06-11 群聯電子股份有限公司 Memory testing method and memory testing system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2407892A (en) * 2003-11-07 2005-05-11 Hewlett Packard Development Co Computer system test module for testing a component at several frequencies
US20060071653A1 (en) * 2003-02-20 2006-04-06 Gattiker Anne E Integrated circuit testing methods using well bias modification
US20090083598A1 (en) * 2007-09-26 2009-03-26 Anand Dixit Method for monitoring and adjusting circuit performance

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060071653A1 (en) * 2003-02-20 2006-04-06 Gattiker Anne E Integrated circuit testing methods using well bias modification
GB2407892A (en) * 2003-11-07 2005-05-11 Hewlett Packard Development Co Computer system test module for testing a component at several frequencies
US20090083598A1 (en) * 2007-09-26 2009-03-26 Anand Dixit Method for monitoring and adjusting circuit performance

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"Aerospace Conference, 2001, IEEE Proceedings. Mar. 10-17, 2001', _ - 20010320; 20010320 - 20010317 - Piscataway, NJ, USA", vol. 6, IEEE, ISBN: 978-0-7803-65, article MICHAEL; ROEMER J ET AL.: "Development of diagnostic and prognostic technologies for aerospace health management applications", pages: 3139 - 3147, XP010548433 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI662553B (en) * 2018-08-27 2019-06-11 群聯電子股份有限公司 Memory testing method and memory testing system

Similar Documents

Publication Publication Date Title
CN110650878B (en) Abnormality determination device, abnormality determination method, and computer-readable storage medium
US7703072B2 (en) Component-based application constructing method
US7714702B2 (en) Health monitoring system for preventing a hazardous condition
US10017188B2 (en) Method and device for handling safety critical errors
US8984346B2 (en) Method for automatically reloading software and a device for automatically reloading software
CN105373455B (en) Processor system, engine control system and control method
CN111891134B (en) Automatic driving processing system, system on chip and method for monitoring processing module
US10360991B2 (en) Semiconductor device, monitoring system, and lifetime prediction method
CN112015599B (en) Method and apparatus for error recovery
JP6462870B2 (en) Semiconductor device and diagnostic test method
EP3460632B1 (en) Microcontroller and control method of the same
US20200142795A1 (en) Semiconductor device, semiconductor systems and test-control methods
CN114968646A (en) Functional fault processing system and method
WO2010104428A1 (en) Built-in test system with prognostic capability and method
KR100345115B1 (en) Method for diagnosing logics
US20110218783A1 (en) Method and tool for aided aircraft design using a criterion of operational availability
JPWO2018116400A1 (en) Control device and method for processing failure of control device
JP2872113B2 (en) Micro diagnostic system for information processing equipment
US20230092493A1 (en) Apparatus for controlling to cope with failure in autonomous driving system and method thereof
US11379297B2 (en) System and method to provide safety partition for automotive system-on-a-chip
JP6670703B2 (en) Function reliability check circuit for built-in IC
JPH10171546A (en) Activation monitoring device
CN116749770A (en) Range-extending system abnormality prompting method, device, equipment and storage medium
Harutyunyan et al. Functional Safety Compliant Test & Repair Framework for System-on-Chip Lifecycle Management
KR102483013B1 (en) Apparatus and method for monitoring power fail of vehicle

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09841592

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09841592

Country of ref document: EP

Kind code of ref document: A1