robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OK thinking of chucking this one at them as first draft

Browse Source
This commit is contained in:
Robin Clark 2013-09-02 19:53:22 +01:00
parent 815d0a614f
commit 1001bed13b
2 changed files with 147 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
submission_thesis/CH8_Conclusion/copy.tex
View File

@ -25,6 +25,7 @@ In all cases there was a performance gain,
that is to say that for all but trivial cases,
the number of manual analysis operations to perform
was significantly reduced.
\fmmdglossRD
%
Not only this, but the analysis naturally provided modules which could be re-used,
re-used not only in the circuit under analysis but potentially in different and future projects as well.
@ -48,6 +49,7 @@ the examples from chapter~\ref{sec:chap5}. % in this regard.
%
A unitary state failure mode concept was developed (see section~\ref{sec:unitarystate}), and it was shown that
the FMMD process naturally enforced this throughout the hierarchy of a model.
\fmmdglossMUTEX
%
Finally the FMMD process was described algorithmically using set theory in appendix~\ref{sec:algorithmfmmd}.%{app:alg}.
@ -78,7 +80,7 @@ These benefits fall under the following assumptions and constraints:
\item Software is hierarchical and its elements (functions) can be modelled using contract programming.
%\item
\end{itemize}
\fmmdglossRD
Whilst investigating FMMD a number of further areas for research revealed themselves.
@ -119,7 +121,7 @@ This is very closely related to the structure of FTA (top down) failure causatio
The possibility of automatically producing FTA diagrams from FMMD models
is examined in section~\ref{sec:fta}.
%
\fmmdglossRD
\subsection{Statistics: From base component failure modes to System level events/failures.}
\label{sec:bcstats}
@ -140,12 +142,12 @@ use FMMD to produce an FMEDA report.
\paragraph{Pt100 Example: Single Failures and statistical data.} %Mean Time to Failure}
\frategloss
From an earlier example, the model for the failure mode behaviour of the Pt100 circuit,
we can add {\bc} {\fm} statistics and determine the probability of symptoms of failure.
%
The DOD electronic reliability of components
document MIL-HDBK-217F\cite{mil1991} gives formulae for calculating
document MIL-HDBK-217F~\cite{mil1991} gives formulae for calculating
the
%$\frac{failures}{{10}^6}$
${failures}/{{10}^6}$ % looks better
@ -154,8 +156,8 @@ in hours for a wide range of generic components
can give conservative reliability figures when applied to
modern components}.
%
Using the MIL-HDBK-217F\cite{mil1991} specifications for resistor and thermistor
failure statistics, the reliability for the Pt100 example (see section~\ref{sec:Pt100}) is calculated below.
Using the MIL-HDBK-217F%~\cite{mil1991}
specifications for resistor and thermistor failure statistics, the reliability for the Pt100 example (see section~\ref{sec:Pt100}) is calculated below.
%
%
\paragraph{Resistor FIT Calculations.}
@ -189,7 +191,7 @@ resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E
\end{tabular}
\label{tab:resistor}
\end{table}
\frategloss
Applying equation \ref{resistorfit} with the parameters from table \ref{tab:resistor}
give the following failures in ${10}^6$ hours:
@ -250,6 +252,7 @@ resistor{\lambda}_p = {\lambda}_{b}{\pi}_Q{\pi}_E
%
Thus thermistor, bead type, `non~military~spec' is given a FIT of 315.0.
%
\frategloss
Using the RIAC finding we can draw up the following table (table \ref{tab:stat_single}),
showing the FIT values for all single failure modes.
%\glossary{name={FIT}, description={Failure in Time (FIT). The number of times a particular failure is expected to occur in a $10^{9}$ hour time period.}}
@ -291,6 +294,7 @@ This circuit is around 10 times more likely to fail in this way than in any othe
Were we to need a more reliable temperature sensor, this would probably
be the fault~mode we would scrutinise first.
%
\frategloss
%
\begin{figure}[h+]
\centering
@ -350,6 +354,7 @@ statistics for electronic sourced failures.
%
%\glossary{name={FIT}, description={Failure in Time (FIT). The number of times a particular failure is expected to occur in a $10^{9}$ hour time period. Associated with continuous demand systems under EN61508~\cite{en61508}}}
%
\frategloss
\fmmdglossFIT
%
\subsection{Deriving FTA diagrams from FMMD models}
@ -375,8 +380,16 @@ different behaviour due to environmental or operational states~\cite{nucfta,nasa
If we require FMMD to produce full FTA diagrams, we need to add these
attributes to the FMMD UML model\footnote{Top down failure mode models, such as FTA, are additionally
useful in guiding diagnostic analysis.}.
\fmmdglossINHIBIT
%
\fmmdglossINHIBIT
\fmmdglossFTA
%
%%
%% Here could describe how XOR not OR is implemented and how AND
%% only works due to failure symptoms being derived from multiple failures.
%% This is a tangent and probably detracts from the main flow.
%% 02SEP2013
%%
\paragraph{Environment, operational states and inhibit gates: additions to the UML model.}
%
FTA, in addition to using symbols borrowed from digital logic introduces three new symbols to
@ -407,7 +420,7 @@ An undesired condition may occur where it could be necessary to inhibit some act
This is rather like a logical guard criterion. For instance in the gas burner standard EN298 it
states that a flame detector must confirm that a pilot flame has been established before the main burner fuel can be applied.
In FTA terms this would be an inhibit condition on the main fuel, i.e. PILOT\_NOT\_CONFIRMED.
\fmmdglossFTA
We now look at the nature of these three attributes and decide how they should fit into the UML
model for FMMD developed in section~\ref{sec:fmmd_uml}.
@ -423,9 +436,10 @@ Environmental analysis is thus applicable to components.
Environmental influences, such as over-stress due to voltage
can be eliminated by down-rating components as discussed in section~\ref{sec:determine_fms}.
With given environmental constraints, we can therefore eliminate some failure modes from the model.
\fmmdglossFTA
\paragraph{Operational states.}
%
Within the field of safety critical engineering, we often encounter
elements that include test or self-test facilities.
%
@ -470,7 +484,7 @@ both environmental conditions and failure modes.
%
%
%
\fmmdglossFTA
\paragraph{UML Diagram Additional Objects.}
The additional objects System, Environment, Inhibit and Operational States
@ -489,13 +503,13 @@ are added to UML diagram in figure \ref{fig:cfg} are represented in figure \ref
\clearpage
\subsection{Retrospective failure mode analysis and FMMD}
\fmmdgloss
The reasons for applying retrospective failure mode analysis could be:
\begin{itemize}
%\item approving previously un-assessed systems to a safety standard,
\item to re-visit a safety analysis after a small h/w or s/w change,
\item upon discovery of a new {\bc} {\fm},
\item or to determine the failure mode behaviour of an previously un-assessed instrument used in safety critical verification.
\item to re-visit a safety analysis after a small hardware or software change,
\item upon discovery of a new {\bc} {\fm}---or in software---a new contract programming requirement,
\item or to determine the failure mode behaviour of an previously un-assessed sub-system/instrument used in safety critical verification.
\end{itemize}
% verification.
%
@ -524,6 +538,7 @@ The electronic components {\fms} are established in the literature~\cite{fmd91,m
%
Each function in the software would have to be assigned a `design~contract'~\cite{dbcbe} (where violations of
contract clauses will be treated as failure modes in FMMD).
\fmmdgloss
\paragraph{Effect of newly discovered failure modes in components.}
%
@ -539,6 +554,7 @@ This is linked to the concepts behind
the need for failure mode coverage against all components in the system, that provoked discussions
leading to idealised XFMEA requirements (see section~\ref{sec:reasoningdistance}).
%
\fmmdgloss
\fmmdglossSFMEA
%
Using FMMD only those modules in the hierarchy above the
@ -581,14 +597,15 @@ we thus reveal design deficiencies in both the software, the electronics and the
%in the hardware/software interface.
%
\fmmdglossFMEDA
\fmmdgloss
FMEDA does not handle software ---or---the software/hardware interface.
It thus potentially misses many undetected failures (in EN61508 terms undetected-dangerous and undetected safe failures).
In Safety Integrity Level (SIL)~\cite{en61508} terms, by identifying undetectable faults and fixing them, we raise
the safe failure fraction (SFF).
%
%
%
%
\section{Objective and Subjective Reasoning stages}
%Opportunity for formal definitions and perhaps an interface or process for achieving it....
The act of applying failure mode effects analysis, is commonly performed from
@ -635,6 +652,8 @@ FMEDA~\cite{en61508,fmeda} with its classification of dangerous and safe failure
It is the author's opinion that more work is required to clarify this area. The scope of FMMD is the objective level only.
Accurate models of objective failure modes, are seen by the author to be a pre-requisite
for subjective assessment.
\today
%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%\today%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

214
submission_thesis/colophon/copy.tex
View File

@ -1,113 +1,113 @@
%\renewcommand{\baselinestretch}{1.15}
\chapter*{Colophon}
In short ``Thanks every body''!
%
\\
\\
%
Completing my PhD %degree
is the most intellectually challenging %% FUCK OFF ZERNIKE POLYNOMIALS WERE MORE DIFFICULT --- and actually useful unlike set theory
activity of my first 52 years of my life! %% SET THEORY IS A LOAD OF BOLLOCKS
%
The best and worst moments of this journey
have been shared with many people.
%
It has been a great privilege to spend several years
visiting the Mathematics and Engineering departments of
the University of Brighton, pushing me forward in clarity of self-expression,
precision through mathematics, critical assessment and carefully crafted English:
its members will always remain dear to me.
%
%%%% IS THIS BIT A BIT MAD???? YES! 27AUG2013
% % % Like an army recruits training Sergeant Major I found them
% % % hard task masters at first, and then, as with realising the rationale behind training and
% % % {\em even} parade drill, respected and grew to like them.
% % % %
%
My first debt of gratitude must go to my supervisors,
Dr. A. Fish,
Dr. C Garret and %% TOP BLOKE
%Dr. C Garret, %% TOP BLOKE
Professor J. Howse. %% JAVALA LAT HUND
%Dr. A. Fish. %% JAVALA LAT HUND
%
They patiently provided the guidance,
encouragement and advice necessary for me to proceed through the
research, consolidation and write-up phases of the PhD program,
to prepare and present three papers to conferences~\cite{syssafe2011,syssafe2012,Clark_fastzone}
and to complete and submit this thesis.
\\
\\
%
%
I owe a debt of thanks to Dr J. flower, my MSc project supervisor,
who explained that the chapter in my project documentation postulating a modular form of
FMEA---which had %obvious
potential for making the process %FMEA
more efficient---was a concept worthy of being developed for a PhD and assisting me
to present the chapter as %submit this as
a conference paper~\cite{Clark200519}.
%
Further I thank her for encouraging me to apply for the PhD. %% PITY SHE DID NOT STAY ON AS MY PHD SUPERVISOR
%
\\
\\
%
I am deeply thankful to the directors of {\etc} not only for
funding this course, but providing training and work experience in the
field of safety critical engineering, and giving me Friday
afternoons to pursue my studies.
%
At Energy~Technology~Control, the following people gave encouragement, and
validated the concepts for the `modular~FMEA' that I was developing, Martin~Thirsk, Colin~Talmay,
Darren~Legge and Hazel~Anderson.
%
These Engineers, whose whole careers
have been focused on the safety critical electronic/computing area,
gave valuable time to look at and comment on my FMMD proposals.
%
Their comments gave me confidence that the methodology I was developing had
%was not only an academic exercise but had
potential practical
applications and benefits.
%
The environment and context of the work at {\etc}
was very useful for clarifying concepts relating to FMEA and
safety; at least once a week there is a new practical case study arising
and being discussed, be it, say, the observability of the effect of failures in an
traditional amplifier configuration,
or how a particular sensor could fail.
%
The field of industrial burner control, is highly regulated and
is rich with practical examples of safety measures built into
hybrid digital/electronic systems.
%
This has given me many opportunities to % has been % be
apply the new methodology against `real~world' problems.
%
%and thus its
%theoretical aspects have been often
%sounded out against `real~world' problems.
%
These real~world failure scenarios and their proposed solutions, were often detailed in
requirements and design documentation, submitted in support of
safety accreditation.
%
I was glad to be tasked to produce many of these documents.
%
Again I thank {\etc}, for giving me
these parallel tasks, which aided my studies.
\\
\\
%
%
I wish to thank my parents, Jennifer and Richard Clark.
% MY MUM for proof reading alot!
I hope that this work makes you proud.
%
\\
\\
% In short ``Thanks every body''!
% %
% \\
% \\
% %
% Completing my PhD %degree
% is the most intellectually challenging %% FUCK OFF ZERNIKE POLYNOMIALS WERE MORE DIFFICULT --- and actually useful unlike set theory
% activity of my first 52 years of my life! %% SET THEORY IS A LOAD OF BOLLOCKS
% %
% The best and worst moments of this journey
% have been shared with many people.
% %
% It has been a great privilege to spend several years
% visiting the Mathematics and Engineering departments of
% the University of Brighton, pushing me forward in clarity of self-expression,
% precision through mathematics, critical assessment and carefully crafted English:
% its members will always remain dear to me, and a strong influence.
% %
% %%%% IS THIS BIT A BIT MAD???? YES! 27AUG2013
% % % % Like an army recruits training Sergeant Major I found them
% % % % hard task masters at first, and then, as with realising the rationale behind training and
% % % % {\em even} parade drill, respected and grew to like them.
% % % % %
% %
% My first debt of gratitude must go to my supervisors,
% Dr. A. Fish,
% Dr. C Garret and %% TOP BLOKE
% %Dr. C Garret, %% TOP BLOKE
% Professor J. Howse. %% JAVALA LAT HUND
% %Dr. A. Fish. %% JAVALA LAT HUND
% %
% They patiently provided the guidance,
% encouragement and advice necessary for me to proceed through the
% research, consolidation and write-up phases of the PhD program,
% to prepare and present three papers to conferences~\cite{syssafe2011,syssafe2012,Clark_fastzone}
% and to complete and submit this thesis.
% \\
% \\
% %
% %
% I owe a debt of thanks to Dr J. flower, my MSc project supervisor,
% who explained that the chapter in my project documentation postulating a modular form of
% FMEA---which had %obvious
% potential for making the process %FMEA
% more efficient---was a concept worthy of being developed for a PhD and assisting me
% to present the chapter as %submit this as
% a conference paper~\cite{Clark200519}.
% %
% Further I thank her for encouraging me to apply for the PhD. %% PITY SHE DID NOT STAY ON AS MY PHD SUPERVISOR
% %
% \\
% \\
% %
% I am deeply thankful to the directors of {\etc} not only for
% funding this course, but providing training and work experience in the
% field of safety critical engineering, and giving me Friday
% afternoons to pursue my studies.
% %
% At Energy~Technology~Control, the following people gave encouragement, and
% validated the concepts for the `modular~FMEA' that I was developing, Martin~Thirsk, Colin~Talmay,
% Darren~Legge and Hazel~Anderson.
% %
% These Engineers, whose whole careers
% have been focused on the safety critical electronic/computing area,
% gave valuable time to look at and comment on my FMMD proposals.
% %
% Their comments gave me confidence that the methodology I was developing had
% %was not only an academic exercise but had
% potential practical
% applications and benefits.
% %
% The environment and context of the work at {\etc}
% was very useful for clarifying concepts relating to FMEA and
% safety; at least once a week there is a new practical case study arising
% and being discussed, be it, say, the observability of the effect of failures in an
% traditional amplifier configuration,
% or how a particular sensor could fail.
% %
% The field of industrial burner control, is highly regulated and
% is rich with practical examples of safety measures built into
% hybrid digital/electronic systems.
% %
% This has given me many opportunities to % has been % be
% apply the new methodology against `real~world' problems.
% %
% %and thus its
% %theoretical aspects have been often
% %sounded out against `real~world' problems.
% %
% These real~world failure scenarios and their proposed solutions, were often detailed in
% requirements and design documentation, submitted in support of
% safety accreditation.
% %
% I was glad to be tasked to produce many of these documents.
% %
% Again I thank {\etc}, for giving me
% these parallel tasks, which aided my studies.
% \\
% \\
% %
% %
% I wish to thank my parents, Jennifer and Richard Clark.
% % MY MUM for proof reading alot!
% I hope that this work makes you proud.
% %
% \\
% \\
%\vspace{3cm}
Typeset in \LaTeX \today.