robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Comments from Chris and John today

Browse Source 
Next CH8:
Apparently this will put the entire thesis into context.
This commit is contained in:
Robin Clark 2013-05-24 19:40:01 +01:00
parent db28cb4635
commit 0776011964
2 changed files with 64 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
submission_thesis/CH2_FMEA/copy.tex
View File

@ -46,7 +46,8 @@ and allows us to analytically discuss its strengths and weaknesses.
%\tableofcontents[currentsection]
%\paragraph{FMEA basic concept.}
FMEA~\cite{safeware}[pp.341-344] is widely used, and proof of its use is a mandatory legal requirement
FMEA~\cite{safeware}[pp.341-344] is widely used, and proof of its use is a %mandatory
legal requirement
for a large proportion of safety critical products sold in the European Union.
The acronym FMEA can be expanded as follows:
\begin{itemize}
@ -61,17 +62,18 @@ how failures could affect some equipment in %an initial
a brain-storming session
%in product design,
to formal submission as part of safety critical certification.
FMEA is a manual and therefore time intensive process. To reduce the amount of work to perform,
FMEA is a manual, % and therefore
time intensive process. To reduce the amount of manual work to perform,
software packages~\cite{931423, 1778436820050601} and analysis strategies have
been developed~\cite{incrementalfmea, automatingFMEA1281774}.
%
FMEA is always performed in context. That is, the equipment is always analysed for a particular purpose
and in a given environment. An `O' ring for instance can fail by leaking
but if fitted to a water seal on a garden hose, the system level failure is a
would be a slight leak at the tap outside the house.
but if fitted to a water seal on a garden hose, the system level failure %is a
would be a slight leak at the tap. % outside the house.
%
Applied to the rocket engine on a space shuttle that same 'O' ring failure mode
could cause a catastrophic fire and destruction of the spacecraft~\cite{challenger}.
could cause a catastrophic fire and destruction of the spacecraft and occupants~\cite{challenger}.
%
At a lower level, consider a resistor and capacitor forming a potential divider to ground.
This could be considered a low pass filter in some electrical environments~\cite{aoe},
@ -89,16 +91,16 @@ but when used as a phase changer, would be `no~signal' and `no~phase' change.
We begin FMEA with the basic, or starting components.
%
These components are the sort we buy in or consider as pre-assembled modules.
We term these the {\bcs}.
We term these the {\bcs}; they are considered ``atomic'' i.e. they are not broken down further.
%
Firstly we need to know how these can fail. So our first relationship
Firstly we need to know how these can fail, so our first relationship
is between a {\bc} and its failure modes, see figure~\ref{fig:component_fm_rel}.
%DIAGRAM of Base components and failure modes
\begin{figure}[h]
\centering
\includegraphics[width=400pt]{./CH2_FMEA/component_fm_rel.png}
\includegraphics[width=300pt]{./CH2_FMEA/component_fm_rel.png}
% component_fm_rel.png: 368x71 pixel, 72dpi, 12.98x2.50 cm, bb=0 0 368 71
\caption{Base Component to Failure Modes relationship}
\label{fig:component_fm_rel}
@ -135,17 +137,18 @@ for FMEA. This model is later extended in the conclusion
of this chapter.
\section{Determining the failure modes of components}
\section{Determining the failure modes of {\bcs}}
\label{sec:determine_fms}
In order to apply any form of FMEA we need to know the ways in which
the components we are using can fail. In practise, this part of the process is guided by
the {\bcs} we are using can fail. In practise, this part of the process is guided by
the standards to which we are seeking to conform.% to.
%
\footnote{A good introduction to hardware and software failure modes may be found in~\cite{sccs}[pp.114-124].}
%
Typically, when choosing components for a design, we look at manufacturers' data sheets
which describe functionality, physical dimensions,
environmental ranges, tolerances and can indicate how a component may fail/misbehave
environmental ranges, tolerances and by `reading~between~the~lines'
in some cases can indicate how a component may fail/misbehave
under given conditions.
%
How %base
@ -265,6 +268,7 @@ If we can ensure that our resistors will not be exposed to overload conditions,
probability of drift (sometimes called parameter change) occurring
is significantly reduced, enough for some standards to exclude it~\cite{en298}~\cite{en230}.
\paragraph{Resistor failure modes according to EN298.}
EN298, the European gas burner safety standard,
@ -282,7 +286,8 @@ only requires that the failure mode OPEN be considered for FMEA analysis.
For resistor types not specifically listed in EN298, the failure modes
are considered to be either OPEN or SHORT.
%
The reason that parameter change is not considered for resistors chosen for an EN298 compliant system, is that they must be {\em downrated}.
The reason that parameter change is not considered for resistors chosen for an EN298 compliant system, is that they must be {\em downrated}
during the design process.
%
That is to say the power and voltage ratings of components must be calculated
for maximum possible exposure, with a 40\% margin of error.
@ -290,7 +295,9 @@ for maximum possible exposure, with a 40\% margin of error.
This drastically reduces the probability
that the resistors will be overloaded,
and thus subject to drift/parameter change.
%
Clearly the assumed failure modes of base components represent a fundamental
limit of resolution in any failure analysis methodology.
% XXXXXX get ref from colin T
%If a resistor was rated for instance for
@ -327,21 +334,28 @@ $$ fm(R) = \{ OPEN, SHORT \} . $$
\subsection{Failure modes determination for generic operational amplifier}
\begin{figure}[h+]
\centering
\includegraphics[width=200pt]{CH5_Examples/lm258pinout.jpg}
% lm258pinout.jpg: 478x348 pixel, 96dpi, 12.65x9.21 cm, bb=0 0 359 261
\caption{Pinout for an LM358 dual Op-Amp}
\label{fig:lm258}
\end{figure}
The operational amplifier (op-amp) %is a differential amplifier and
is very widely used in nearly all fields of modern analogue electronics.
They are typically packaged in dual or quad configurations---meaning
%
Only one of two sources of information on {\bc} {\fms} we are comparing
has an entry specific to operational amplifiers (FMD-91).
%
EN298 does not specifically define the
{\fms} of op-amps but
instead has a procedure for determining the {\fms} of
components types not specifically listed in it.
%
Operational amplifiers are typically packaged in dual or quad configurations---meaning
that a chip will typically contain two or four amplifiers.
For the purpose of example, we look at
For the purpose of example for EN298, we look at
a typical op-amp designed for instrumentation and measurement, the dual packaged version of the LM358~\cite{lm358}
(see figure~\ref{fig:lm258}), and use this to compare the failure mode derivations from FMD-91 and EN298.
(see figure~\ref{fig:lm258}).
%
With the results from both sources of {\fm} definition,
we compare the failure mode definitions for FMD-91 and EN298
relating to operational amplifiers.
\paragraph{ Failure Modes of an Op-Amp according to FMD-91 }
@ -355,7 +369,8 @@ For Op-Amp failures modes, FMD-91\cite{fmd91}{3-116] states,
\end{itemize}
Again these are mostly internal causes of failure, more of interest to the component manufacturer
than a designer looking for the symptoms of failure.
than a test engineer % designer
looking for the symptoms of failure.
We need to translate these failure causes within the Op-Amp into {\fms}.
We can look at each failure cause in turn, and map it to potential {\fms} suitable for use in FMEA
investigations.
@ -446,8 +461,8 @@ that we got from FMD-91, listed in equation~\ref{eqn:opampfms}.
FS8: PIN 8 OPEN & & power to chip & & \\
FS8: PIN 8 OPEN & & (Vcc) disconnected & & $NOOP_A$ and $NOOP_B$ \\ \hline
& & & & \\
& & & & \\
& & & & \\ \hline
% & & & & \\
% & & & & \\ \hline
FS9: PIN 1 $\stackrel{short}{\longrightarrow}$ PIN 2 & & A -ve 100\% Feed back, low gain & & $LOW_A$ \\ \hline
@ -469,8 +484,15 @@ that we got from FMD-91, listed in equation~\ref{eqn:opampfms}.
\label{tbl:lm358}
\end{table}
\begin{figure}[h+]
\centering
\includegraphics[width=200pt]{CH5_Examples/lm258pinout.jpg}
% lm258pinout.jpg: 478x348 pixel, 96dpi, 12.65x9.21 cm, bb=0 0 359 261
\caption{Pinout for an LM358 dual Op-Amp}
\label{fig:lm258}
\end{figure}
\clearpage
%\clearpage
\subsubsection{Failure modes of an Op-Amp}
@ -487,6 +509,9 @@ $$ fm(OPAMP) = \{ LOW, HIGH, NOOP, LOW_{slew} \} $$
The EN298 pinouts failure mode technique cannot reveal failure modes due to internal failures.
The FMD-91 entries for op-amps are not directly usable as
component {\fms} in FMEA or FMMD and require interpretation.
%
However, once a failure mode analysis has been carried out, the model can
be used throughout the FMEA and FMMD process.
@ -549,14 +574,15 @@ component {\fms} in FMEA or FMMD and require interpretation.
% % \item Analysis
% % \end{itemize}
%\clearpage
\clearpage
FMEA is a bottom-up procedure which starts with the failure modes of the low level components of a system, an example
analysis will serve to demonstrate it in practise.
\section{FMEA worked example: milli-volt reader.}
FMEA is a bottom-up procedure which starts with the failure modes of the low level components of a system, an example
analysis will serve to demonstrate it in practise.
Example: Let us consider a system, in this case a simple milli-volt reader, consisting
of instrumentation amplifiers connected to a micro-processor
that reports its readings via RS-232.
@ -788,6 +814,10 @@ nuclear material will be present during transport and launch, and when outside e
%
Subjective appraisal of the outcome of a system failure mode can also
be subject to management and/or political pressure.
%
The two most recent variants of FMEA,
FMEDA and FMECA have dipped a metaphorical toe into the subjective realm, FMECA with itself `criticality~factor' and
FMEDA with its definition of `dangerous'.
\paragraph{Multiple Simultaneous Failure Modes.}

7
submission_thesis/CH3_FMEA_criticism/copy.tex
View File

@ -148,7 +148,8 @@ While this is impossible for all but trivial systems, we note that it should be
for small groups of components that work together to provide a well defined function.
We could term such a group a `{\fg}'. Potentially here we have a way of de-composing
the problem and reducing the $O(N^2)$ state explosion effect
associated with XFMEA.
associated with XFMEA. An order $N^2$ could be seen as desirable in an automated process such as a search algorithm, but here
its is a time consuming manual process which demands experienced and highly qualified personnel.
@ -190,7 +191,7 @@ for most new designs of electronic product, the poor integration capabilities of
are now being seen as deficiencies.
This is becoming apparent in a dilemma now faced
by organisations dealing with highly safety critical systems, and having rely on `smart~instruments'
by organisations dealing with highly safety critical systems, and having to rely on `smart~instruments'
that they can no longer validate using FMEA.
%
Smart instruments are dealt with in the section below.
@ -215,7 +216,7 @@ with firmware to read the user controls, and display results on an LCD.
For quality control, many safety critical processes require regular inspections
and measurements of physical characteristics of materials and machinery.
%
For highly critical systems i.e. the nuclear industry~\cite{parnas1991assessment},
For highly critical systems e.g. the nuclear industry~\cite{parnas1991assessment},
the instruments used to perform these measurements, must be analysed using traditional assessment (which entails
FMEA), to ensure that failure modes within the instrument cannot lead to invalid measurements.
%