Merge branch 'master' of dev:/home/robin/git/thesis

presentations/fmea/fmea_pres.tex

@@ -131,41 +131,6 @@ double failure scenarios (for burner lock-out scenarios).
 
 \end{frame}
 
-\section{FMEA used for Saftey Critical Aprovals}
-\begin{frame}
-\frametitle{Safety Critical Approvals FMEA}
-Experts from Approval House and Equipement Manufacturer
-discuss selected component failure modes
-judged to be in critical sections of the product.
-
-
-\begin{figure}[h]
- \centering
- \includegraphics[width=100pt,keepaspectratio=true]{./tech_meeting.png}
- % tech_meeting.png: 350x299 pixel, 300dpi, 2.97x2.53 cm, bb=0 0 84 72
- \caption{FMEA  Meeting}
- \label{fig:tech_meeting}
-\end{figure}
-\end{frame}
-
-\begin{frame}
-\frametitle{Safety Critical Approvals FMEA}
-
-\begin{figure}[h]
- \centering
- \includegraphics[width=70pt,keepaspectratio=true]{./tech_meeting.png}
- % tech_meeting.png: 350x299 pixel, 300dpi, 2.97x2.53 cm, bb=0 0 84 72
- \caption{FMEA  Meeting}
- \label{fig:tech_meeting}
-\end{figure}
-
-\begin{itemize}
-  \pause \item Impossible to look at all component failures let alone apply FMEA rigorously.
-  \pause \item In practise, failure scenarios for critical sections are contested, and either justified or extra safety measures implemented.
-   \pause \item Meeting notes or minutes only.
-\end{itemize}
-
-\end{frame}
 
 \section{PFMEA - Production FMEA : 1940's to present}
 
@@ -333,8 +298,145 @@ FMEDA is the methodology behind statistical (safety integrity level)
 type standards (EN61508/IOC5108).
 It provides a statistical overall level of safety
 and allows diagnostic mitigation for self checking etc.
+It provides guidelines for the design and architecture
+of computer/software systems for the four levels of 
+safety Integrity.
+For Hardware 
+
+FMEDA does force the user to consider all components in a system
+by requiring that a MTTF value is assigned.
+This MTTF may be statistically mitigated (improved)
+if it can be shown that selfchecking will detect failure modes.
 \end{frame}
 
+\begin{frame}
+\frametitle{ FMEDA - Failure Modes Effects and Diagnostic Analysis}
+Failure modes are classified as Safe or Dangerous according 
+to the putative system level failure they will cause.
+The Failure modes are also classified as Detected or
+Undetected.
+This gives us four level failure mode classifications:
+Safe-Detected (SD), Safe-Undetected (SU), Dangerous-Detected (DD) or Dangerous-Undetected (DU),
+and the probablistic failure rate of each classification 
+is represented by lambda variables
+(i.e. $\lambda_{SD}$, $\lambda_{SU}$, $\lambda_{DD}$, $\lambda_{DU}$).
+\end{frame}
+\begin{frame}
+\frametitle{ FMEDA - Failure Modes Effects and Diagnostic Analysis}
+\textbf{Diagnostic Coverage.}
+The diagnostic coverage is simply the ratio
+of the dangerous detected probabilities
+against the probability of all dangerous failures,
+and is normally expressed as a percentage. $\Sigma\lambda_{DD}$ represents
+the percentage of dangerous detected base component failure modes, and 
+$\Sigma\lambda_D$ the total number of dangerous base component failure modes.
+
+$$ DiagnosticCoverage = \Sigma\lambda_{DD} / \Sigma\lambda_D $$
+\end{frame}
+
+
+\begin{frame}
+\frametitle{ FMEDA - Failure Modes Effects and Diagnostic Analysis}
+The diagnostic coverage for safe failures, where  $\Sigma\lambda_{SD}$ represents the percentage of
+safe detected base component failure modes,
+and $\Sigma\lambda_S$ the total number of safe base component failure modes,
+is given as
+
+$$ SF = \frac{\Sigma\lambda_{SD}}{\Sigma\lambda_S} $$
+
+
+\textbf{Safe Failure Fraction.}
+A key concept in  FMEDA is Safe Failure Fraction (SFF).
+This is the ratio of safe  and dangerous detected failures
+against all safe and dangerous failure probabilities. 
+Again this is usually expressed as a percentage.
+
+$$ SFF = \big( \Sigma\lambda_S + \Sigma\lambda_{DD} \big) / \big( \Sigma\lambda_S + \Sigma\lambda_D \big) $$
+SFF determines how proportionately fail-safe a system is, not how reliable it is !
+
+\end{frame}
+
+\begin{frame}
+\frametitle{ FMEDA - Failure Modes Effects and Diagnostic Analysis}
+To achieve SIL levels, diagnostic coverage and SFF levels are prescribed along with
+hardware architectures and software techniques.
+Over all   the aim of SIL is classify the safety of a system,
+by statistically determining how frequently it can fail dangerously.
+
+
+\end{frame}
+
+\begin{frame}
+\frametitle{ FMEDA - Failure Modes Effects and Diagnostic Analysis}
+{
+\begin{table}[ht]
+\caption{FMEA Calculations} % title of Table
+%\centering % used for centering table
+\begin{tabular}{|| l | l | c | c | l ||} \hline
+ \textbf{SIL} &   \textbf{Low Demand}     & \textbf{Continuous Demand}          \\ 
+              & Prob of failing on demand & Prob of failure per hour  \\ \hline \hline
+      4       & $ 10^{-5}$ to $< 10^{-4}$  &   $ 10^{-9}$ to $< 10^{-8}$                \\ \hline
+      3       &  $ 10^{-4}$ to $< 10^{-3}$ &    $ 10^{-8}$ to $< 10^{-7}$             \\ \hline
+      2       &  $ 10^{-3}$ to $< 10^{-2}$ &    $ 10^{-7}$ to $< 10^{-6}$             \\ \hline
+      1       &  $ 10^{-2}$ to $< 10^{-1}$ &    $ 10^{-6}$ to $< 10^{-5}$                        \\ \hline
+
+\hline
+\end{tabular}
+\end{table}
+}
+Table adapted from EN61508-1:2001 [7.6.2.9 p33]
+\end{frame}
+
+\begin{frame}
+\frametitle{ FMEDA - Failure Modes Effects and Diagnostic Analysis}
+FMEDA is a modern extension of FMEA, in that it will allow for 
+self checking features, and provides detailed recommendations for computer/software architecture.
+It also has a simple final result, a Safety Integrity Level (SIL) from 1 to 4 (where 4 is safest).
+
+FMEA can be used as a term simple to mean Failure Mode Effects Analysis, and is
+part of product approval for many regulated products in the EU and the USA...
+
+\end{frame}
+
+
+
+
+\section{FMEA used for Safety Critical Approvals}
+
+\begin{frame}
+\frametitle{Safety Critical Approvals FMEA}
+Experts from Approval House and Equipment Manufacturer
+discuss selected component failure modes
+judged to be in critical sections of the product.
+
+
+\begin{figure}[h]
+ \centering
+ \includegraphics[width=100pt,keepaspectratio=true]{./tech_meeting.png}
+ % tech_meeting.png: 350x299 pixel, 300dpi, 2.97x2.53 cm, bb=0 0 84 72
+ \caption{FMEA  Meeting}
+ \label{fig:tech_meeting}
+\end{figure}
+\end{frame}
+
+\begin{frame}
+\frametitle{Safety Critical Approvals FMEA}
+
+\begin{figure}[h]
+ \centering
+ \includegraphics[width=70pt,keepaspectratio=true]{./tech_meeting.png}
+ % tech_meeting.png: 350x299 pixel, 300dpi, 2.97x2.53 cm, bb=0 0 84 72
+ \caption{FMEA  Meeting}
+ \label{fig:tech_meeting}
+\end{figure}
+
+\begin{itemize}
+  \pause \item Impossible to look at all component failures let alone apply FMEA rigorously.
+  \pause \item In practise, failure scenarios for critical sections are contested, and either justified or extra safety measures implemented.
+   \pause \item Meeting notes or minutes only.
+\end{itemize}
+
+\end{frame}
 
 \section{FMEA - General Criticism}
 \begin{frame}
@@ -347,44 +449,63 @@ and allows diagnostic mitigation for self checking etc.
   \pause \item FMEA type methodologies were designed for simple electro-mechanical systems of the 1940's to 1960's.
 \end{itemize}
 
-FMEDA is an extension of FMEA, in that it will give higher ratings
-for self checking. It
+%
 
 \end{frame}
 
+\begin{frame}
+\frametitle{FMEA - Better Metodology - Wish List}
 
+\begin{itemize}
+  
+   \pause \item State explosion  
+  \pause \item  Rigorous
+   \pause \item Reasoning Traceable  
+   \pause \item re-useable
+  \pause \item  
+\end{itemize}
+
+%FMEDA is a modern extension of FMEA, in that it will allow for 
+%self checking features, and provides detailed recommendations for computer/software architecture,
+%but
+
+\end{frame}
 \section{Failure Mode Modular De-Composition}
-\subsection{FMEA and complexity of each failure scenario analysis}
 \begin{frame}
  
-Consider the FMEA type methodologies
-where we look at all the failure modes in a system, and then 
-see how they can affect all other components within it,
-to determine its system level symptom or failure mode.
-We need to look at a large number of failure scenarios
-to do this completely (all failure modes against all components).
-This is represented in equation~\ref{eqn:fmea_state_exp},
-where $N$ is the total number of components in the system, and 
-$cfm$ is the number of failure modes per component.
-
-\begin{equation}
-  \label{eqn:fmea_state_exp}
-  N.(N-1).cfm % \\
-  %(N^2 - N).cfm 
-\end{equation}
+% Consider the FMEA type methodologies
+% where we look at all the failure modes in a system, and then 
+% see how they can affect all other components within it,
+% to determine its system level symptom or failure mode.
+% We need to look at a large number of failure scenarios
+% to do this completely (all failure modes against all components).
+% This is represented in equation~\ref{eqn:fmea_state_exp},
+% where $N$ is the total number of components in the system, and 
+% $cfm$ is the number of failure modes per component.
+% 
+% \begin{equation}
+%   \label{eqn:fmea_state_exp}
+%   N.(N-1).cfm % \\
+%   %(N^2 - N).cfm 
+% \end{equation}
 
 
 The FMMD methodology breaks the analysis down into small stages,
-by making the analyst choose functional groups, and then when analysed the groups
-are treated as components to be used for a higher stage.
-This is designed to address the state explosion (where $O$ is order
+by making the analyst choose functional groups of components, to which FMEA is applied.
+When analysed, we will have a set of symptoms of failure for the functional group.
+We can then create a derived~component,
+to represent the functional group.
+We can use derived components to form `higher~level' functional groups.
+This creates an analysis hierarchy.
+
+This addresses the state explosion (where $O$ is order
 of complexity) $O=N^2$ inherent in equation~\ref{eqn:fmea_state_exp}.
 \end{frame}
 
-
+\begin{frame}
 We can view the functional groups in FMMD as forming a hierarchy.
 If for the sake of example we consider each functional group to
-be three components, figure~\ref{fig:three_tree} shows
+be three components, the figure below shows
 how the levels work and converge to a top or system level.
 
 % \begin{figure}
@@ -395,7 +516,7 @@ how the levels work and converge to a top or system level.
 %  \label{fig:three_tree}
 % \end{figure}
 
-\clearpage
+\end{frame}
 We can represent the number of failure scenarios to check in an FMMD hierarchy
 with equation~\ref{eqn:anscen}.
 
@@ -442,7 +563,7 @@ group is the same for equation~\ref{eqn:fmea_state_exp22}
 and equation~\ref{eqn:anscen}.
 \clearpage
 
-\section{Example}
+%\section{Example}
 
 To see the effects of reducing `state~explosion' we need to look at a larger system.
 Let us take a system with 3 levels and apply these formulae.