diff --git a/submission_thesis/CH2_FMEA/copy.tex b/submission_thesis/CH2_FMEA/copy.tex index a4a9db0..c472260 100644 --- a/submission_thesis/CH2_FMEA/copy.tex +++ b/submission_thesis/CH2_FMEA/copy.tex @@ -46,7 +46,8 @@ and allows us to analytically discuss its strengths and weaknesses. %\tableofcontents[currentsection] %\paragraph{FMEA basic concept.} -FMEA~\cite{safeware}[pp.341-344] is widely used, and proof of its use is a mandatory legal requirement +FMEA~\cite{safeware}[pp.341-344] is widely used, and proof of its use is a %mandatory +legal requirement for a large proportion of safety critical products sold in the European Union. The acronym FMEA can be expanded as follows: \begin{itemize} @@ -61,17 +62,18 @@ how failures could affect some equipment in %an initial a brain-storming session %in product design, to formal submission as part of safety critical certification. -FMEA is a manual and therefore time intensive process. To reduce the amount of work to perform, +FMEA is a manual, % and therefore +time intensive process. To reduce the amount of manual work to perform, software packages~\cite{931423, 1778436820050601} and analysis strategies have been developed~\cite{incrementalfmea, automatingFMEA1281774}. % FMEA is always performed in context. That is, the equipment is always analysed for a particular purpose and in a given environment. An `O' ring for instance can fail by leaking -but if fitted to a water seal on a garden hose, the system level failure is a -would be a slight leak at the tap outside the house. +but if fitted to a water seal on a garden hose, the system level failure %is a +would be a slight leak at the tap. % outside the house. % Applied to the rocket engine on a space shuttle that same 'O' ring failure mode -could cause a catastrophic fire and destruction of the spacecraft~\cite{challenger}. +could cause a catastrophic fire and destruction of the spacecraft and occupants~\cite{challenger}. % At a lower level, consider a resistor and capacitor forming a potential divider to ground. This could be considered a low pass filter in some electrical environments~\cite{aoe}, @@ -89,16 +91,16 @@ but when used as a phase changer, would be `no~signal' and `no~phase' change. We begin FMEA with the basic, or starting components. % These components are the sort we buy in or consider as pre-assembled modules. -We term these the {\bcs}. +We term these the {\bcs}; they are considered ``atomic'' i.e. they are not broken down further. % -Firstly we need to know how these can fail. So our first relationship +Firstly we need to know how these can fail, so our first relationship is between a {\bc} and its failure modes, see figure~\ref{fig:component_fm_rel}. %DIAGRAM of Base components and failure modes \begin{figure}[h] \centering - \includegraphics[width=400pt]{./CH2_FMEA/component_fm_rel.png} + \includegraphics[width=300pt]{./CH2_FMEA/component_fm_rel.png} % component_fm_rel.png: 368x71 pixel, 72dpi, 12.98x2.50 cm, bb=0 0 368 71 \caption{Base Component to Failure Modes relationship} \label{fig:component_fm_rel} @@ -135,17 +137,18 @@ for FMEA. This model is later extended in the conclusion of this chapter. -\section{Determining the failure modes of components} +\section{Determining the failure modes of {\bcs}} \label{sec:determine_fms} In order to apply any form of FMEA we need to know the ways in which -the components we are using can fail. In practise, this part of the process is guided by +the {\bcs} we are using can fail. In practise, this part of the process is guided by the standards to which we are seeking to conform.% to. % \footnote{A good introduction to hardware and software failure modes may be found in~\cite{sccs}[pp.114-124].} % Typically, when choosing components for a design, we look at manufacturers' data sheets which describe functionality, physical dimensions, -environmental ranges, tolerances and can indicate how a component may fail/misbehave +environmental ranges, tolerances and by `reading~between~the~lines' +in some cases can indicate how a component may fail/misbehave under given conditions. % How %base @@ -265,6 +268,7 @@ If we can ensure that our resistors will not be exposed to overload conditions, probability of drift (sometimes called parameter change) occurring is significantly reduced, enough for some standards to exclude it~\cite{en298}~\cite{en230}. + \paragraph{Resistor failure modes according to EN298.} EN298, the European gas burner safety standard, @@ -282,7 +286,8 @@ only requires that the failure mode OPEN be considered for FMEA analysis. For resistor types not specifically listed in EN298, the failure modes are considered to be either OPEN or SHORT. % -The reason that parameter change is not considered for resistors chosen for an EN298 compliant system, is that they must be {\em downrated}. +The reason that parameter change is not considered for resistors chosen for an EN298 compliant system, is that they must be {\em downrated} +during the design process. % That is to say the power and voltage ratings of components must be calculated for maximum possible exposure, with a 40\% margin of error. @@ -290,7 +295,9 @@ for maximum possible exposure, with a 40\% margin of error. This drastically reduces the probability that the resistors will be overloaded, and thus subject to drift/parameter change. - +% +Clearly the assumed failure modes of base components represent a fundamental +limit of resolution in any failure analysis methodology. % XXXXXX get ref from colin T %If a resistor was rated for instance for @@ -327,21 +334,28 @@ $$ fm(R) = \{ OPEN, SHORT \} . $$ \subsection{Failure modes determination for generic operational amplifier} -\begin{figure}[h+] - \centering - \includegraphics[width=200pt]{CH5_Examples/lm258pinout.jpg} - % lm258pinout.jpg: 478x348 pixel, 96dpi, 12.65x9.21 cm, bb=0 0 359 261 - \caption{Pinout for an LM358 dual Op-Amp} - \label{fig:lm258} -\end{figure} + The operational amplifier (op-amp) %is a differential amplifier and is very widely used in nearly all fields of modern analogue electronics. -They are typically packaged in dual or quad configurations---meaning +% +Only one of two sources of information on {\bc} {\fms} we are comparing +has an entry specific to operational amplifiers (FMD-91). +% +EN298 does not specifically define the +{\fms} of op-amps but +instead has a procedure for determining the {\fms} of +components types not specifically listed in it. +% +Operational amplifiers are typically packaged in dual or quad configurations---meaning that a chip will typically contain two or four amplifiers. -For the purpose of example, we look at +For the purpose of example for EN298, we look at a typical op-amp designed for instrumentation and measurement, the dual packaged version of the LM358~\cite{lm358} -(see figure~\ref{fig:lm258}), and use this to compare the failure mode derivations from FMD-91 and EN298. +(see figure~\ref{fig:lm258}). +% +With the results from both sources of {\fm} definition, +we compare the failure mode definitions for FMD-91 and EN298 +relating to operational amplifiers. \paragraph{ Failure Modes of an Op-Amp according to FMD-91 } @@ -355,7 +369,8 @@ For Op-Amp failures modes, FMD-91\cite{fmd91}{3-116] states, \end{itemize} Again these are mostly internal causes of failure, more of interest to the component manufacturer -than a designer looking for the symptoms of failure. +than a test engineer % designer +looking for the symptoms of failure. We need to translate these failure causes within the Op-Amp into {\fms}. We can look at each failure cause in turn, and map it to potential {\fms} suitable for use in FMEA investigations. @@ -446,8 +461,8 @@ that we got from FMD-91, listed in equation~\ref{eqn:opampfms}. FS8: PIN 8 OPEN & & power to chip & & \\ FS8: PIN 8 OPEN & & (Vcc) disconnected & & $NOOP_A$ and $NOOP_B$ \\ \hline & & & & \\ - & & & & \\ - & & & & \\ \hline + % & & & & \\ + % & & & & \\ \hline FS9: PIN 1 $\stackrel{short}{\longrightarrow}$ PIN 2 & & A -ve 100\% Feed back, low gain & & $LOW_A$ \\ \hline @@ -469,8 +484,15 @@ that we got from FMD-91, listed in equation~\ref{eqn:opampfms}. \label{tbl:lm358} \end{table} +\begin{figure}[h+] + \centering + \includegraphics[width=200pt]{CH5_Examples/lm258pinout.jpg} + % lm258pinout.jpg: 478x348 pixel, 96dpi, 12.65x9.21 cm, bb=0 0 359 261 + \caption{Pinout for an LM358 dual Op-Amp} + \label{fig:lm258} +\end{figure} -\clearpage +%\clearpage \subsubsection{Failure modes of an Op-Amp} @@ -487,6 +509,9 @@ $$ fm(OPAMP) = \{ LOW, HIGH, NOOP, LOW_{slew} \} $$ The EN298 pinouts failure mode technique cannot reveal failure modes due to internal failures. The FMD-91 entries for op-amps are not directly usable as component {\fms} in FMEA or FMMD and require interpretation. +% +However, once a failure mode analysis has been carried out, the model can +be used throughout the FMEA and FMMD process. @@ -549,14 +574,15 @@ component {\fms} in FMEA or FMMD and require interpretation. % % \item Analysis % % \end{itemize} -%\clearpage +\clearpage + -FMEA is a bottom-up procedure which starts with the failure modes of the low level components of a system, an example -analysis will serve to demonstrate it in practise. \section{FMEA worked example: milli-volt reader.} + FMEA is a bottom-up procedure which starts with the failure modes of the low level components of a system, an example +analysis will serve to demonstrate it in practise. Example: Let us consider a system, in this case a simple milli-volt reader, consisting of instrumentation amplifiers connected to a micro-processor that reports its readings via RS-232. @@ -788,6 +814,10 @@ nuclear material will be present during transport and launch, and when outside e % Subjective appraisal of the outcome of a system failure mode can also be subject to management and/or political pressure. +% +The two most recent variants of FMEA, +FMEDA and FMECA have dipped a metaphorical toe into the subjective realm, FMECA with itself `criticality~factor' and +FMEDA with its definition of `dangerous'. \paragraph{Multiple Simultaneous Failure Modes.} diff --git a/submission_thesis/CH3_FMEA_criticism/copy.tex b/submission_thesis/CH3_FMEA_criticism/copy.tex index 91eb10e..78226c0 100644 --- a/submission_thesis/CH3_FMEA_criticism/copy.tex +++ b/submission_thesis/CH3_FMEA_criticism/copy.tex @@ -148,7 +148,8 @@ While this is impossible for all but trivial systems, we note that it should be for small groups of components that work together to provide a well defined function. We could term such a group a `{\fg}'. Potentially here we have a way of de-composing the problem and reducing the $O(N^2)$ state explosion effect -associated with XFMEA. +associated with XFMEA. An order $N^2$ could be seen as desirable in an automated process such as a search algorithm, but here +its is a time consuming manual process which demands experienced and highly qualified personnel. @@ -190,7 +191,7 @@ for most new designs of electronic product, the poor integration capabilities of are now being seen as deficiencies. This is becoming apparent in a dilemma now faced -by organisations dealing with highly safety critical systems, and having rely on `smart~instruments' +by organisations dealing with highly safety critical systems, and having to rely on `smart~instruments' that they can no longer validate using FMEA. % Smart instruments are dealt with in the section below. @@ -215,7 +216,7 @@ with firmware to read the user controls, and display results on an LCD. For quality control, many safety critical processes require regular inspections and measurements of physical characteristics of materials and machinery. % -For highly critical systems i.e. the nuclear industry~\cite{parnas1991assessment}, +For highly critical systems e.g. the nuclear industry~\cite{parnas1991assessment}, the instruments used to perform these measurements, must be analysed using traditional assessment (which entails FMEA), to ensure that failure modes within the instrument cannot lead to invalid measurements. %