robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OK thinking of chucking this one at them as first draft

Browse Source
This commit is contained in:
Robin Clark 2013-09-02 19:53:22 +01:00
parent 815d0a614f
commit 1001bed13b
2 changed files with 147 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
submission_thesis/CH8_Conclusion/copy.tex
View File

@ -25,6 +25,7 @@ In all cases there was a performance gain,
that is to say that for all but trivial cases, that is to say that for all but trivial cases,
the number of manual analysis operations to perform the number of manual analysis operations to perform
was significantly reduced. was significantly reduced.
\fmmdglossRD
% %
Not only this, but the analysis naturally provided modules which could be re-used, Not only this, but the analysis naturally provided modules which could be re-used,
re-used not only in the circuit under analysis but potentially in different and future projects as well. re-used not only in the circuit under analysis but potentially in different and future projects as well.
@ -48,6 +49,7 @@ the examples from chapter~\ref{sec:chap5}. % in this regard.
% %
A unitary state failure mode concept was developed (see section~\ref{sec:unitarystate}), and it was shown that A unitary state failure mode concept was developed (see section~\ref{sec:unitarystate}), and it was shown that
the FMMD process naturally enforced this throughout the hierarchy of a model. the FMMD process naturally enforced this throughout the hierarchy of a model.
\fmmdglossMUTEX
% %
Finally the FMMD process was described algorithmically using set theory in appendix~\ref{sec:algorithmfmmd}.%{app:alg}. Finally the FMMD process was described algorithmically using set theory in appendix~\ref{sec:algorithmfmmd}.%{app:alg}.
@ -78,7 +80,7 @@ These benefits fall under the following assumptions and constraints:
\item Software is hierarchical and its elements (functions) can be modelled using contract programming. \item Software is hierarchical and its elements (functions) can be modelled using contract programming.
%\item %\item
\end{itemize} \end{itemize}
\fmmdglossRD
Whilst investigating FMMD a number of further areas for research revealed themselves. Whilst investigating FMMD a number of further areas for research revealed themselves.
@ -119,7 +121,7 @@ This is very closely related to the structure of FTA (top down) failure causatio
The possibility of automatically producing FTA diagrams from FMMD models The possibility of automatically producing FTA diagrams from FMMD models
is examined in section~\ref{sec:fta}. is examined in section~\ref{sec:fta}.
% %
\fmmdglossRD
\subsection{Statistics: From base component failure modes to System level events/failures.} \subsection{Statistics: From base component failure modes to System level events/failures.}
\label{sec:bcstats} \label{sec:bcstats}
@ -140,12 +142,12 @@ use FMMD to produce an FMEDA report.
\paragraph{Pt100 Example: Single Failures and statistical data.} %Mean Time to Failure} \paragraph{Pt100 Example: Single Failures and statistical data.} %Mean Time to Failure}
\frategloss
From an earlier example, the model for the failure mode behaviour of the Pt100 circuit, From an earlier example, the model for the failure mode behaviour of the Pt100 circuit,
we can add {\bc} {\fm} statistics and determine the probability of symptoms of failure. we can add {\bc} {\fm} statistics and determine the probability of symptoms of failure.
% %
The DOD electronic reliability of components The DOD electronic reliability of components
document MIL-HDBK-217F\cite{mil1991} gives formulae for calculating document MIL-HDBK-217F~\cite{mil1991} gives formulae for calculating
the the
%$\frac{failures}{{10}^6}$ %$\frac{failures}{{10}^6}$
${failures}/{{10}^6}$ % looks better ${failures}/{{10}^6}$ % looks better
@ -154,8 +156,8 @@ in hours for a wide range of generic components
can give conservative reliability figures when applied to can give conservative reliability figures when applied to
modern components}. modern components}.
% %
Using the MIL-HDBK-217F\cite{mil1991} specifications for resistor and thermistor Using the MIL-HDBK-217F%~\cite{mil1991}
failure statistics, the reliability for the Pt100 example (see section~\ref{sec:Pt100}) is calculated below. specifications for resistor and thermistor failure statistics, the reliability for the Pt100 example (see section~\ref{sec:Pt100}) is calculated below.
% %
% %
\paragraph{Resistor FIT Calculations.} \paragraph{Resistor FIT Calculations.}
@ -189,7 +191,7 @@ resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E
\end{tabular} \end{tabular}
\label{tab:resistor} \label{tab:resistor}
\end{table} \end{table}
\frategloss
Applying equation \ref{resistorfit} with the parameters from table \ref{tab:resistor} Applying equation \ref{resistorfit} with the parameters from table \ref{tab:resistor}
give the following failures in ${10}^6$ hours: give the following failures in ${10}^6$ hours:
@ -250,6 +252,7 @@ resistor{\lambda}_p = {\lambda}_{b}{\pi}_Q{\pi}_E
% %
Thus thermistor, bead type, `non~military~spec' is given a FIT of 315.0. Thus thermistor, bead type, `non~military~spec' is given a FIT of 315.0.
% %
\frategloss
Using the RIAC finding we can draw up the following table (table \ref{tab:stat_single}), Using the RIAC finding we can draw up the following table (table \ref{tab:stat_single}),
showing the FIT values for all single failure modes. showing the FIT values for all single failure modes.
%\glossary{name={FIT}, description={Failure in Time (FIT). The number of times a particular failure is expected to occur in a $10^{9}$ hour time period.}} %\glossary{name={FIT}, description={Failure in Time (FIT). The number of times a particular failure is expected to occur in a $10^{9}$ hour time period.}}
@ -291,6 +294,7 @@ This circuit is around 10 times more likely to fail in this way than in any othe
Were we to need a more reliable temperature sensor, this would probably Were we to need a more reliable temperature sensor, this would probably
be the fault~mode we would scrutinise first. be the fault~mode we would scrutinise first.
% %
\frategloss
% %
\begin{figure}[h+] \begin{figure}[h+]
\centering \centering
@ -350,6 +354,7 @@ statistics for electronic sourced failures.
% %
%\glossary{name={FIT}, description={Failure in Time (FIT). The number of times a particular failure is expected to occur in a $10^{9}$ hour time period. Associated with continuous demand systems under EN61508~\cite{en61508}}} %\glossary{name={FIT}, description={Failure in Time (FIT). The number of times a particular failure is expected to occur in a $10^{9}$ hour time period. Associated with continuous demand systems under EN61508~\cite{en61508}}}
% %
\frategloss
\fmmdglossFIT \fmmdglossFIT
% %
\subsection{Deriving FTA diagrams from FMMD models} \subsection{Deriving FTA diagrams from FMMD models}
@ -375,8 +380,16 @@ different behaviour due to environmental or operational states~\cite{nucfta,nasa
If we require FMMD to produce full FTA diagrams, we need to add these If we require FMMD to produce full FTA diagrams, we need to add these
attributes to the FMMD UML model\footnote{Top down failure mode models, such as FTA, are additionally attributes to the FMMD UML model\footnote{Top down failure mode models, such as FTA, are additionally
useful in guiding diagnostic analysis.}. useful in guiding diagnostic analysis.}.
\fmmdglossINHIBIT
% %
\fmmdglossINHIBIT
\fmmdglossFTA
%
%%
%% Here could describe how XOR not OR is implemented and how AND
%% only works due to failure symptoms being derived from multiple failures.
%% This is a tangent and probably detracts from the main flow.
%% 02SEP2013
%%
\paragraph{Environment, operational states and inhibit gates: additions to the UML model.} \paragraph{Environment, operational states and inhibit gates: additions to the UML model.}
% %
FTA, in addition to using symbols borrowed from digital logic introduces three new symbols to FTA, in addition to using symbols borrowed from digital logic introduces three new symbols to
@ -407,7 +420,7 @@ An undesired condition may occur where it could be necessary to inhibit some act
This is rather like a logical guard criterion. For instance in the gas burner standard EN298 it This is rather like a logical guard criterion. For instance in the gas burner standard EN298 it
states that a flame detector must confirm that a pilot flame has been established before the main burner fuel can be applied. states that a flame detector must confirm that a pilot flame has been established before the main burner fuel can be applied.
In FTA terms this would be an inhibit condition on the main fuel, i.e. PILOT\_NOT\_CONFIRMED. In FTA terms this would be an inhibit condition on the main fuel, i.e. PILOT\_NOT\_CONFIRMED.
\fmmdglossFTA
We now look at the nature of these three attributes and decide how they should fit into the UML We now look at the nature of these three attributes and decide how they should fit into the UML
model for FMMD developed in section~\ref{sec:fmmd_uml}. model for FMMD developed in section~\ref{sec:fmmd_uml}.
@ -423,9 +436,10 @@ Environmental analysis is thus applicable to components.
Environmental influences, such as over-stress due to voltage Environmental influences, such as over-stress due to voltage
can be eliminated by down-rating components as discussed in section~\ref{sec:determine_fms}. can be eliminated by down-rating components as discussed in section~\ref{sec:determine_fms}.
With given environmental constraints, we can therefore eliminate some failure modes from the model. With given environmental constraints, we can therefore eliminate some failure modes from the model.
\fmmdglossFTA
\paragraph{Operational states.} \paragraph{Operational states.}
%
Within the field of safety critical engineering, we often encounter Within the field of safety critical engineering, we often encounter
elements that include test or self-test facilities. elements that include test or self-test facilities.
% %
@ -470,7 +484,7 @@ both environmental conditions and failure modes.
% %
% %
% %
\fmmdglossFTA
\paragraph{UML Diagram Additional Objects.} \paragraph{UML Diagram Additional Objects.}
The additional objects System, Environment, Inhibit and Operational States The additional objects System, Environment, Inhibit and Operational States
@ -489,13 +503,13 @@ are added to UML diagram in figure \ref{fig:cfg} are represented in figure \ref
\clearpage \clearpage
\subsection{Retrospective failure mode analysis and FMMD} \subsection{Retrospective failure mode analysis and FMMD}
\fmmdgloss
The reasons for applying retrospective failure mode analysis could be: The reasons for applying retrospective failure mode analysis could be:
\begin{itemize} \begin{itemize}
%\item approving previously un-assessed systems to a safety standard, %\item approving previously un-assessed systems to a safety standard,
\item to re-visit a safety analysis after a small h/w or s/w change, \item to re-visit a safety analysis after a small hardware or software change,
\item upon discovery of a new {\bc} {\fm}, \item upon discovery of a new {\bc} {\fm}---or in software---a new contract programming requirement,
\item or to determine the failure mode behaviour of an previously un-assessed instrument used in safety critical verification. \item or to determine the failure mode behaviour of an previously un-assessed sub-system/instrument used in safety critical verification.
\end{itemize} \end{itemize}
% verification. % verification.
% %
@ -524,6 +538,7 @@ The electronic components {\fms} are established in the literature~\cite{fmd91,m
% %
Each function in the software would have to be assigned a `design~contract'~\cite{dbcbe} (where violations of Each function in the software would have to be assigned a `design~contract'~\cite{dbcbe} (where violations of
contract clauses will be treated as failure modes in FMMD). contract clauses will be treated as failure modes in FMMD).
\fmmdgloss
\paragraph{Effect of newly discovered failure modes in components.} \paragraph{Effect of newly discovered failure modes in components.}
% %
@ -539,6 +554,7 @@ This is linked to the concepts behind
the need for failure mode coverage against all components in the system, that provoked discussions the need for failure mode coverage against all components in the system, that provoked discussions
leading to idealised XFMEA requirements (see section~\ref{sec:reasoningdistance}). leading to idealised XFMEA requirements (see section~\ref{sec:reasoningdistance}).
% %
\fmmdgloss
\fmmdglossSFMEA \fmmdglossSFMEA
% %
Using FMMD only those modules in the hierarchy above the Using FMMD only those modules in the hierarchy above the
@ -581,14 +597,15 @@ we thus reveal design deficiencies in both the software, the electronics and the
%in the hardware/software interface. %in the hardware/software interface.
% %
\fmmdglossFMEDA \fmmdglossFMEDA
\fmmdgloss
FMEDA does not handle software ---or---the software/hardware interface. FMEDA does not handle software ---or---the software/hardware interface.
It thus potentially misses many undetected failures (in EN61508 terms undetected-dangerous and undetected safe failures). It thus potentially misses many undetected failures (in EN61508 terms undetected-dangerous and undetected safe failures).
In Safety Integrity Level (SIL)~\cite{en61508} terms, by identifying undetectable faults and fixing them, we raise In Safety Integrity Level (SIL)~\cite{en61508} terms, by identifying undetectable faults and fixing them, we raise
the safe failure fraction (SFF). the safe failure fraction (SFF).
% %
%
%
%
\section{Objective and Subjective Reasoning stages} \section{Objective and Subjective Reasoning stages}
%Opportunity for formal definitions and perhaps an interface or process for achieving it.... %Opportunity for formal definitions and perhaps an interface or process for achieving it....
The act of applying failure mode effects analysis, is commonly performed from The act of applying failure mode effects analysis, is commonly performed from
@ -635,6 +652,8 @@ FMEDA~\cite{en61508,fmeda} with its classification of dangerous and safe failure
It is the author's opinion that more work is required to clarify this area. The scope of FMMD is the objective level only. It is the author's opinion that more work is required to clarify this area. The scope of FMMD is the objective level only.
Accurate models of objective failure modes, are seen by the author to be a pre-requisite Accurate models of objective failure modes, are seen by the author to be a pre-requisite
for subjective assessment. for subjective assessment.
%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\today %\today%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

214
submission_thesis/colophon/copy.tex
View File

@ -1,113 +1,113 @@
%\renewcommand{\baselinestretch}{1.15} %\renewcommand{\baselinestretch}{1.15}
\chapter*{Colophon} \chapter*{Colophon}
In short ``Thanks every body''! % In short ``Thanks every body''!
% % %
\\ % \\
\\ % \\
% % %
Completing my PhD %degree % Completing my PhD %degree
is the most intellectually challenging %% FUCK OFF ZERNIKE POLYNOMIALS WERE MORE DIFFICULT --- and actually useful unlike set theory % is the most intellectually challenging %% FUCK OFF ZERNIKE POLYNOMIALS WERE MORE DIFFICULT --- and actually useful unlike set theory
activity of my first 52 years of my life! %% SET THEORY IS A LOAD OF BOLLOCKS % activity of my first 52 years of my life! %% SET THEORY IS A LOAD OF BOLLOCKS
% % %
The best and worst moments of this journey % The best and worst moments of this journey
have been shared with many people. % have been shared with many people.
% % %
It has been a great privilege to spend several years % It has been a great privilege to spend several years
visiting the Mathematics and Engineering departments of % visiting the Mathematics and Engineering departments of
the University of Brighton, pushing me forward in clarity of self-expression, % the University of Brighton, pushing me forward in clarity of self-expression,
precision through mathematics, critical assessment and carefully crafted English: % precision through mathematics, critical assessment and carefully crafted English:
its members will always remain dear to me. % its members will always remain dear to me, and a strong influence.
% % %
%%%% IS THIS BIT A BIT MAD???? YES! 27AUG2013 % %%%% IS THIS BIT A BIT MAD???? YES! 27AUG2013
% % % Like an army recruits training Sergeant Major I found them % % % % Like an army recruits training Sergeant Major I found them
% % % hard task masters at first, and then, as with realising the rationale behind training and % % % % hard task masters at first, and then, as with realising the rationale behind training and
% % % {\em even} parade drill, respected and grew to like them. % % % % {\em even} parade drill, respected and grew to like them.
% % % % % % % % %
% % %
My first debt of gratitude must go to my supervisors, % My first debt of gratitude must go to my supervisors,
Dr. A. Fish, % Dr. A. Fish,
Dr. C Garret and %% TOP BLOKE % Dr. C Garret and %% TOP BLOKE
%Dr. C Garret, %% TOP BLOKE % %Dr. C Garret, %% TOP BLOKE
Professor J. Howse. %% JAVALA LAT HUND % Professor J. Howse. %% JAVALA LAT HUND
%Dr. A. Fish. %% JAVALA LAT HUND % %Dr. A. Fish. %% JAVALA LAT HUND
% % %
They patiently provided the guidance, % They patiently provided the guidance,
encouragement and advice necessary for me to proceed through the % encouragement and advice necessary for me to proceed through the
research, consolidation and write-up phases of the PhD program, % research, consolidation and write-up phases of the PhD program,
to prepare and present three papers to conferences~\cite{syssafe2011,syssafe2012,Clark_fastzone} % to prepare and present three papers to conferences~\cite{syssafe2011,syssafe2012,Clark_fastzone}
and to complete and submit this thesis. % and to complete and submit this thesis.
\\ % \\
\\ % \\
% % %
% % %
I owe a debt of thanks to Dr J. flower, my MSc project supervisor, % I owe a debt of thanks to Dr J. flower, my MSc project supervisor,
who explained that the chapter in my project documentation postulating a modular form of % who explained that the chapter in my project documentation postulating a modular form of
FMEA---which had %obvious % FMEA---which had %obvious
potential for making the process %FMEA % potential for making the process %FMEA
more efficient---was a concept worthy of being developed for a PhD and assisting me % more efficient---was a concept worthy of being developed for a PhD and assisting me
to present the chapter as %submit this as % to present the chapter as %submit this as
a conference paper~\cite{Clark200519}. % a conference paper~\cite{Clark200519}.
% % %
Further I thank her for encouraging me to apply for the PhD. %% PITY SHE DID NOT STAY ON AS MY PHD SUPERVISOR % Further I thank her for encouraging me to apply for the PhD. %% PITY SHE DID NOT STAY ON AS MY PHD SUPERVISOR
% % %
\\ % \\
\\ % \\
% % %
I am deeply thankful to the directors of {\etc} not only for % I am deeply thankful to the directors of {\etc} not only for
funding this course, but providing training and work experience in the % funding this course, but providing training and work experience in the
field of safety critical engineering, and giving me Friday % field of safety critical engineering, and giving me Friday
afternoons to pursue my studies. % afternoons to pursue my studies.
% % %
At Energy~Technology~Control, the following people gave encouragement, and % At Energy~Technology~Control, the following people gave encouragement, and
validated the concepts for the `modular~FMEA' that I was developing, Martin~Thirsk, Colin~Talmay, % validated the concepts for the `modular~FMEA' that I was developing, Martin~Thirsk, Colin~Talmay,
Darren~Legge and Hazel~Anderson. % Darren~Legge and Hazel~Anderson.
% % %
These Engineers, whose whole careers % These Engineers, whose whole careers
have been focused on the safety critical electronic/computing area, % have been focused on the safety critical electronic/computing area,
gave valuable time to look at and comment on my FMMD proposals. % gave valuable time to look at and comment on my FMMD proposals.
% % %
Their comments gave me confidence that the methodology I was developing had % Their comments gave me confidence that the methodology I was developing had
%was not only an academic exercise but had % %was not only an academic exercise but had
potential practical % potential practical
applications and benefits. % applications and benefits.
% % %
The environment and context of the work at {\etc} % The environment and context of the work at {\etc}
was very useful for clarifying concepts relating to FMEA and % was very useful for clarifying concepts relating to FMEA and
safety; at least once a week there is a new practical case study arising % safety; at least once a week there is a new practical case study arising
and being discussed, be it, say, the observability of the effect of failures in an % and being discussed, be it, say, the observability of the effect of failures in an
traditional amplifier configuration, % traditional amplifier configuration,
or how a particular sensor could fail. % or how a particular sensor could fail.
% % %
The field of industrial burner control, is highly regulated and % The field of industrial burner control, is highly regulated and
is rich with practical examples of safety measures built into % is rich with practical examples of safety measures built into
hybrid digital/electronic systems. % hybrid digital/electronic systems.
% % %
This has given me many opportunities to % has been % be % This has given me many opportunities to % has been % be
apply the new methodology against `real~world' problems. % apply the new methodology against `real~world' problems.
% % %
%and thus its % %and thus its
%theoretical aspects have been often % %theoretical aspects have been often
%sounded out against `real~world' problems. % %sounded out against `real~world' problems.
% % %
These real~world failure scenarios and their proposed solutions, were often detailed in % These real~world failure scenarios and their proposed solutions, were often detailed in
requirements and design documentation, submitted in support of % requirements and design documentation, submitted in support of
safety accreditation. % safety accreditation.
% % %
I was glad to be tasked to produce many of these documents. % I was glad to be tasked to produce many of these documents.
% % %
Again I thank {\etc}, for giving me % Again I thank {\etc}, for giving me
these parallel tasks, which aided my studies. % these parallel tasks, which aided my studies.
\\ % \\
\\ % \\
% % %
% % %
I wish to thank my parents, Jennifer and Richard Clark. % I wish to thank my parents, Jennifer and Richard Clark.
% MY MUM for proof reading alot! % % MY MUM for proof reading alot!
I hope that this work makes you proud. % I hope that this work makes you proud.
% % %
\\ % \\
\\ % \\
%\vspace{3cm} %\vspace{3cm}
Typeset in \LaTeX \today. Typeset in \LaTeX \today.