robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

edits from last night, and title page changed

Browse Source
This commit is contained in:
Your Name 2012-03-28 10:17:41 +01:00
parent 8faade65ce
commit 0669c4aa30
4 changed files with 77 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

127
submission_thesis/CH5_Examples/copy.tex
View File

@ -1,15 +1,14 @@
\clearpage \pagenumbering{arabic}
%\clearpage %\pagenumbering{arabic}
This chapter gives examples of FMMD applied to
a variety of common electronic circuits.
\section{Basic Concepts Of FMMD}
The idea behind FMMD is to modularise, from the bottom-up, failure mode effects analysis.
Traditional FMEA takes part failure modes and then determines what effect each of these
failure modes could have on the system under investigation.
It is worth defining clearly the term part here.
Geoffry Hall writing in space Craft Systems Engineering~\cite{scse}[p.619], defines it thus:
``{Part(definition)}---The Lowest level of assembly, beyond which further disassembly irrevocably destroys the item''.
In the field of electronics a resistor, capacitor and op-amp would fit this definition of a `part'.
Failure modes for part types can be found in the literature~\cite{fmd91}\cite{mil1991}.
Traditional FMEA, by looking at `part' level failure modes
involves what we could term a large `reasoning~distance'; that is to say
@ -36,6 +35,13 @@ If we start building {\fgs} from derived components we can start to build a modu
hierarchical failure mode model. Modularising FMEA should give benefits of reducing reasoning distance,
allowing re-use of modules and reducing the number of by-hand analysis checks to consider.
As any form of FMEA is a bottom-up process, we start with the lowest--or most base components/parts.
%and with their failure modes.
It is worth defining clearly the term part here.
Geoffry Hall writing in space Craft Systems Engineering~\cite{scse}[p.619], defines it thus:
``{Part(definition)}---The Lowest level of assembly, beyond which further disassembly irrevocably destroys the item''.
In the field of electronics a resistor, capacitor and op-amp would fit this definition of a `part'.
Failure modes for part types can be found in the literature~\cite{fmd91}\cite{mil1991}.
@ -55,7 +61,7 @@ allowing re-use of modules and reducing the number of by-hand analysis checks to
In order to apply any form of Failure Mode Effects Analysis (FMEA) we need to know the ways in which the components we are using can fail.
Typically when choosing components for a design, we look at manufacturers data sheets,
which describe the range and tolerances, and can indicate how a component may fail/behave
which describe the environmental ranges and tolerances, and can indicate how a component may fail/behave
under certain conditions or environments.
How base components could fail internally, its not of interest to an FMEA investigation.
The FMEA investigator needs to know what failure behaviour a component may exhibit, or in other words, its
@ -75,6 +81,10 @@ and describes `failures' of common electronic components, with percentage statis
FMD-91 entries include general descriptions of internal failures alongside {\fms} of use to an FMEA investigation.
FMD-91 entries need, in some cases, some interpretation to be mapped to a clear set of
component {\fms} suitable for use in FMEA.
MIL-1991~\cite{mil1991} provides overall reliability statistics for
component types but does not detail specific failure modes.
Used in conjunction with FMD-91, we can determine statistics for the failure modes
of component types.
% One is from the US military document FMD-91, where internal failures
@ -93,7 +103,7 @@ component {\fms} suitable for use in FMEA.
% I hope to have chapter 5 finished by the end of March, chapter 5 being the
% electronics examples for the FMMD methodology.
In this section we look in detail at two common electrical components and examine how
In this section we look in detail at two common electrical components and examine how
the two sources of information define their failure mode behaviour.
We look at the reasons why some known failure modes % are omitted, or presented in
%specific but unintuitive ways.
@ -103,10 +113,11 @@ can be found in one source but not in the other and vice versa.
Finally we compare and contrast the failure modes determined for these components
from the FMD-91 reference source and from the guidelines of the
European burner standard EN298.
\subsection{Failure mode determination for generic resistor}
%- Failure modes. Prescribed failure modes EN298 - FMD91
\subsubsection{Resistor failure modes according to FMD-91}
\paragraph{Resistor failure modes according to FMD-91}
The resistor is a ubiquitous component in electronics, and is therefore a prime
@ -140,16 +151,16 @@ to {\fms} thus:
\item Lead damage 1.9\% $\mapsto$ OPEN.
\end{itemize}
The main causes of drift are overloading of components.
This is borne out in entry for a resistor network where the failure
This is borne out in entry~\cite{fmd91}[232] for a resistor network where the failure
modes do not include drift.
If we can ensure that our resistors will not be exposed to overload conditions, drift or parameter change
If we can ensure that our resistors will not be exposed to overload conditions, drift (sometimes called parameter change)
can be reasonably excluded.
\subsubsection{Resistor failure modes according to EN298}
\paragraph{Resistor failure modes according to EN298}
EN298, the European gas burner safety standard, tends to be give failure modes more directly usable by FMEA than FMD-91.
EN298 requires that a full FMEA be undertaken, examining all failure modes
of all components~\cite{en298}[11.2 5] as part of the certification process.
of all electronic components~\cite{en298}[11.2 5] as part of the certification process.
%
Annex A of EN298, prescribes failure modes for common components
and guidance on determining sets of failure modes for complex components (i.e. integrated circuits).
@ -202,7 +213,7 @@ For the purpose of example, we look at
a typical op-amp designed for instrumentation and measurement, the dual packaged version of the LM358~\cite{lm358}
(see figure~\ref{fig:lm258}), and use this to compare the failure mode derivations from FMD-91 and EN298.
\subsubsection{ Failure Modes of an OP-AMP according to FMD-91 }
\paragraph{ Failure Modes of an OP-AMP according to FMD-91 }
%Literature suggests, latch up, latch down and oscillation.
For OP-AMP failures modes, FMD-91\cite{fmd91}{3-116] states,
@ -245,7 +256,7 @@ We map this failure cause to $HIGH$ or $LOW$.
We can define an OP-AMP, under FMD-91 definitions to have the following {\fms}.
$$fm(OP-AMP) = \{ HIGH, LOW, NOOP, LOW_{slew} \} $$
\subsubsection{Failure Modes of an OP-AMP according to EN298}
\paragraph{Failure Modes of an OP-AMP according to EN298}
EN298 does not specifically define OP\_AMPS failure modes; these can be determined
by following a procedure for `integrated~circuits' outlined in
@ -325,9 +336,17 @@ and determine its {\fms}.
\subsection{Comparing the component failure mode sources}
EN298 pinouts failure mode technique.
For our OP-AMP example could have come up with different symptoms for both sides. Cannot predict the effect of internal errors, for instance ($LOW_{slew}$)
is missing from the EN298 failure modes set.
The EN298 pinouts failure mode technique cannot reveal failure modes due to internal failures.
The FMD-91 entires for op-amps are not directly usable as
component {\fms} in FMEA or FMMD.
%For our OP-AMP example could have come up with different symptoms for both sides. Cannot predict the effect of internal errors, for instance ($LOW_{slew}$)
%is missing from the EN298 failure modes set.
For the purpose of the examples to follow, the op-amp will
have the following failure modes:-
$$ fm(OPAMP) = \{ LOW, HIGH, NOOP, LOW_{slew} \} $$
% FMD-91
%
@ -363,14 +382,10 @@ is missing from the EN298 failure modes set.
\section{ FMMD overview}
In the next sections we apply FMMD to example electronic circuits.
The basic principles of FMMD are presented here for clarity.
\paragraph{ Creating a fault hierarchy.}
The main concept of FMMD is to build a hierarchy of failure behaviour from the {\bc}
@ -1664,7 +1679,7 @@ from an FMEA perspective as a component itself, with a set of known failure mode
\end{figure}
\section{General Description of PT100 four wire circuit}
\subsection{General Description of PT100 four wire circuit}
The PT100 four wire circuit uses two wires to supply small electrical current,
and returns two sense voltages by the other two.
@ -1693,7 +1708,7 @@ Note that the low reading goes down as temperature increases, and the higher rea
For this reason the low reading will be referred to as {\em sense-}
and the higher as {\em sense+}.
\subsection{Accuracy despite variable \\ resistance in cables}
\paragraph{Accuracy despite variable \\ resistance in cables}
For electronic and accuracy reasons a four wire circuit is preferred
because of resistance in the cables. Resistance from the supply
@ -1704,7 +1719,7 @@ causes only a negligible voltage drop, and thus the four wire
configuration is more accurate\footnote{The increased accuracy is because the voltage measured, is the voltage across
the thermistor and not the voltage across the thermistor and current supply wire resistance.}.
\subsection{Calculating Temperature from \\ the sense line voltages}
\paragraph{Calculating Temperature from \\ the sense line voltages}
The current flowing though the
whole circuit can be measured on the PCB by reading a third
@ -1734,7 +1749,7 @@ expected voltages for failure mode and temperature reading purposes.
V_{out} = V_{in}.\frac{Z2}{Z2+Z1}
\end{equation}
\section{Safety case for 4 wire circuit}
\subsection{Safety case for 4 wire circuit}
This sub-section looks at the behaviour of the PT100 four wire circuit
for the effects of component failures.
@ -1752,7 +1767,7 @@ Where this occurs a circuit re-design is probably the only sensible course of ac
\fmodegloss
\subsection{Single Fault FMEA Analysis \\ of PT100 Four wire circuit}
\paragraph{Single Fault FMEA Analysis \\ of PT100 Four wire circuit}
\label{fmea}
The PT100 circuit consists of three resistors, two `current~supply'
@ -1830,7 +1845,7 @@ and \ref{pt100temp}.
%will be determined by the accuracy of $R_2$ and $R_{3}$. It is reasonable to
%take the mean square error of these accuracy figures.
\subsection{Range and PT100 Calculations}
\paragraph{Range and PT100 Calculations}
\label{pt100temp}
PT100 resistors are designed to
have a resistance of \ohms{100} at {0\oc} \cite{aoe},\cite{eurothermtables}.
@ -1915,9 +1930,9 @@ will be determined by the accuracy of $R_2$ and $R_{3}$. It is reasonable to
take the mean square error of these accuracy figures.
\section{Single Fault FMEA Analysis \\ of PT100 Four wire circuit}
\paragraph{Single Fault FMEA Analysis \\ of PT100 Four wire circuit}
\subsection{Single Fault Modes as PLD}
\paragraph{Single Fault Modes as PLD}
The component~failure~modes in table \ref{ptfmea} can be represented as contours
on a PLD diagram.
@ -1961,13 +1976,13 @@ for the circuit shown in figure \ref{fig:vd}.
%
\subsection{Proof of Out of Range \\ Values for Failures}
\paragraph{Proof of Out of Range \\ Values for Failures}
\label{pt110range}
Using the temperature ranges defined above we can compare the voltages
we would get from the resistor failures to prove that they are
`out of range'. There are six test cases and each will be examined in turn.
\subsubsection{ TC 1 : Voltages $R_1$ SHORT }
\subparagraph{ TC 1 : Voltages $R_1$ SHORT }
With pt100 at 0\oc
$$ highreading = 5V $$
Since the highreading or sense+ is directly connected to the 5V rail,
@ -1980,14 +1995,14 @@ $$ lowreading = 5V.\frac{2k2}{2k2+212.02\Omega} = 4.56V$$
Thus with $R_1$ shorted both readings are outside the
proscribed range in table \ref{ptbounds}.
\subsubsection{ TC 2 : Voltages $R_1$ OPEN }
\paragraph{ TC 2 : Voltages $R_1$ OPEN }
In this case the 5V rail is disconnected. All voltages read are 0V, and
therefore both readings are outside the
proscribed range in table \ref{ptbounds}.
\subsubsection{ TC 3 : Voltages $R_2$ SHORT }
\paragraph{ TC 3 : Voltages $R_2$ SHORT }
With pt100 at 0\oc
$$ lowreading = 0V $$
@ -2000,12 +2015,12 @@ $$ highreading = 5V.\frac{212.02\Omega}{2k2+212.02\Omega} = 0.44V$$
Thus with $R_2$ shorted both readings are outside the
proscribed range in table \ref{ptbounds}.
\subsubsection{ TC 4 : Voltages $R_2$ OPEN }
\paragraph{ TC 4 : Voltages $R_2$ OPEN }
Here there is no potential divider operating and both sense lines
will read 5V, outside of the proscribed range.
\subsubsection{ TC 5 : Voltages $R_3$ SHORT }
\paragraph{ TC 5 : Voltages $R_3$ SHORT }
Here the potential divider is simply between
the two 2k2 load resistors. Thus it will read a nominal;
@ -2021,7 +2036,7 @@ $$ 5V.\frac{2k2*1.01}{2k2*1.01+2k2*0.99} = 2.525V $$
These readings both lie outside the proscribed range.
Also the sense+ and sense- readings would have the same value.
\subsubsection{ TC 6 : Voltages $R_3$ OPEN }
\paragraph{ TC 6 : Voltages $R_3$ OPEN }
Here the potential divider is broken. The sense- will read 0V and the sense+ will
read 5V. Both readings are outside the proscribed range.
@ -2090,7 +2105,7 @@ Using the MIL-HDBK-217F\cite{mil1991} specifications for resistor and thermisto
failure statistics we calculate the reliability of this circuit.
\subsubsection{Resistor FIT Calculations}
\paragraph{Resistor FIT Calculations}
The formula for given in MIL-HDBK-217F\cite{mil1991}[9.2] for a generic fixed film non-power resistor
is reproduced in equation \ref{resistorfit}. The meanings
@ -2356,9 +2371,9 @@ in the pt100 circuit. The next task is to investigate
these test cases in more detail to prove the failure mode hypothesis set out in table \ref{tab:ptfmea2}.
\subsection{Proof of Double Faults Hypothesis }
\paragraph{Proof of Double Faults Hypothesis }
\subsubsection{ TC 7 : Voltages $R_1$ OPEN $R_2$ OPEN }
\paragraph{ TC 7 : Voltages $R_1$ OPEN $R_2$ OPEN }
\label{pt100:bothfloating}
This double fault mode produces an interesting symptom.
Both sense lines are floating.
@ -2370,30 +2385,30 @@ This is an interesting case, because it is, at this stage an undetectable
fault that must be handled.
\subsubsection{ TC 8 : Voltages $R_1$ OPEN $R_2$ SHORT }
\paragraph{ TC 8 : Voltages $R_1$ OPEN $R_2$ SHORT }
This cuts the supply from Vcc. Both sense lines will be at zero.
Thus both values will be out of range.
\subsubsection{ TC 9 : Voltages $R_1$ OPEN $R_3$ OPEN }
\paragraph{ TC 9 : Voltages $R_1$ OPEN $R_3$ OPEN }
Sense- will be floating.
Sense+ will be tied to Vcc and will thus be out of range.
\subsubsection{ TC 10 : Voltages $R_1$ OPEN $R_3$ SHORT }
\paragraph{ TC 10 : Voltages $R_1$ OPEN $R_3$ SHORT }
This shorts ground to the
both of the sense lines.
Both values thuis out of range.
\subsubsection{ TC 11 : Voltages $R_1$ SHORT $R_2$ OPEN }
\paragraph{ TC 11 : Voltages $R_1$ SHORT $R_2$ OPEN }
This shorts both sense lines to Vcc.
Both values will be out of range.
\subsubsection{ TC 12 : Voltages $R_1$ SHORT $R_2$ SHORT }
\paragraph{ TC 12 : Voltages $R_1$ SHORT $R_2$ SHORT }
This shorts the sense+ to Vcc and the sense- to ground.
Both values will be out of range.
@ -2406,23 +2421,23 @@ Both values will be out of range.
\subsubsection{ TC 13 : Voltages $R_1$ SHORT $R_3$ OPEN }
\paragraph{ TC 13 : Voltages $R_1$ SHORT $R_3$ OPEN }
This shorts the sense+ to Vcc and the sense- to ground.
Both values will be out of range.
\subsubsection{ TC 14 : Voltages $R_1$ SHORT $R_3$ SHORT }
\paragraph{ TC 14 : Voltages $R_1$ SHORT $R_3$ SHORT }
This shorts the sense+ and sense- to Vcc.
Both values will be out of range.
\subsubsection{ TC 15 : Voltages $R_2$ OPEN $R_3$ OPEN }
\paragraph{ TC 15 : Voltages $R_2$ OPEN $R_3$ OPEN }
This shorts the sense+ to Vcc and causes sense- to float.
The sense+ value will be out of range.
\subsubsection{ TC 16 : Voltages $R_2$ OPEN $R_3$ SHORT }
\paragraph{ TC 16 : Voltages $R_2$ OPEN $R_3$ SHORT }
This shorts the sense+ and sense- to Vcc.
Both values will be out of range.
@ -2431,13 +2446,13 @@ Both values will be out of range.
\subsubsection{ TC 17 : Voltages $R_2$ SHORT $R_3$ OPEN }
\paragraph{ TC 17 : Voltages $R_2$ SHORT $R_3$ OPEN }
This shorts the sense- to Ground.
The sense- value will be out of range.
\subsubsection{ TC 18 : Voltages $R_2$ SHORT $R_3$ SHORT }
\paragraph{ TC 18 : Voltages $R_2$ SHORT $R_3$ SHORT }
This shorts the sense+ and sense- to Vcc.
Both values will be out of range.
@ -2465,7 +2480,7 @@ From the diagram it is easy to verify
the number of failure modes considered for each test case, but
not that all for a given cardinality constraint have been included.
\subsubsection{Symptom Extraction}
\paragraph{Symptom Extraction}
We can now examine the results of the test case analysis and apply symptom abstraction.
In all the test case results we have at least one out of range value, except for

3
submission_thesis/Makefile
View File

@ -6,6 +6,9 @@ all: ${CHAPTERS}
pdflatex thesis
acroread thesis.pdf
clean:
touch ${CHAPTERS}
rm thesis.pdf
bib:
bibtex thesis

4
submission_thesis/thesis.tex
View File

@ -11,7 +11,7 @@
\usepackage{algorithmic}
\usepackage{lastpage}
\usepackage{glossary}
\renewcommand{\baselinestretch}{1.5}
\makeglossary
%% fix for hyperref bug in algorithm package
@ -81,7 +81,7 @@
\chapter{Failure Mode Modular Discrimination}
\input{CH4_FMMD/copy}
\chapter{Examples of FMMD applied to lectronic circuits}
\chapter{Examples of FMMD applied to electronic circuits}
\input{CH5_Examples/copy}
\chapter {FMMD Evaluation}

2
submission_thesis/titlepage/titlepage.tex
View File

@ -10,7 +10,7 @@
\vspace{2.15in}
{ \bf A mathematical methodology to model and analyse safety critical integrated mechanical/electronic/software systems }
{ \bf A proposed modularisation of Failure Mode Effects Analysis.}
\vspace{1.15in}