Validating a Fault-Tolerant Fuel Control System

This example shows how SystemTest is used to validate a fault-tolerant fuel control system that uses Simulink and Stateflow to model a hybrid system containing both continuous dynamics and complex logical behavior.

This example requires the following products to run:

  • Simulink

  • Stateflow

System Model

The model represents a fuel control system for a gasoline engine. This robust control system detects individual sensor failures and is reconfigured dynamically for uninterrupted operation.

The Fuel Rate Controller subsystem uses signals from the system's sensors to determine the fuel rate that gives an ideal mixture. The Engine Gas Dynamics subsystem determines the resulting air/fuel mixture ratio. System sensors include:

  • Throttle angle

  • Speed

  • Exhaust gas (EGO)

  • Manifold absolute pressure (MAP)


Operating Modes

The requirements for this system define 3 operating modes:

  • Shutdown Mode - Occurs when more than 1 sensor has failed, or under high engine speed conditions ( ~700 rad/sec )

  • Low Emissions Mode - Considered the normal mode of operation where no sensors have failed

  • Rich Mixture Mode - Occurs when 1 sensor has failed

System Requirements

Based on the operating mode the system is running in, there are certain requirements that must be satisfied:

  • Shutdown Mode - The system should become inoperable, indicated by an average fuel rate of less than 0.2

  • Low Emissions Mode - The target air/fuel ratio should be 14.6, with a 3% relative tolerance

  • Rich Mixture Mode - The target air/fuel ratio should adjust to 11.6, with a 3% relative tolerance

System Verification & Validation

Using SystemTest, test vectors are used to simulate the enabling and disabling of system sensors. This is done by creating test vectors that:

  • Vary sensor block values from 0 to 1, where 0 indicates the sensor is disabled, and 1 indicates the sensor is enabled

  • Cycle the nominal engine speed through a range of 300 to 800 rad/sec

Using elements, the system requirements are validated as follows:

  • Simulink Element - For each main test iteration, a Simulink element is used to enable/disable each sensor, as well as adjust the nominal speed. For each iteration, the simulated fuel rate and air/fuel ratio are also measured and assigned to test variables.

  • MATLAB Element - MATLAB elements are used to calculate the number of active sensors for each main test iteration, as well as estimate the average air/fuel ratio and fuel rate consumption.

  • IF Element - IF elements are used to determine what mode of operation the system is currently running in, in order to determine the system requirement that needs to be checked.

  • Limit Check Element - Based on the operating mode the current main test iteration is in, a Limit Check element is used to verify the average fuel rate and air/fuel ratio meet the system's requirements.

  • Stop Element - A Stop element is used to halt the current iteration if the system enters a shutdown mode of operation.

  • General Plot Element - For each main test iteration, the simulated fuel rate is plotted using a General Plot element.

To view the test, use the systemtest function to open the test.


Open the example in the SystemTest desktop.Open the example in the SystemTest desktop.

Saving Results

For each main test iteration, the following information is saved for post-processing by specifying them under Save Results:

  • Simulated fuel rate

  • Simulated air/fuel ratio

  • Number of active sensors

  • Average fuel rate calculation

  • Average air/fuel ratio