diff --git a/submission_thesis/CH3_FMEA_criticism/copy.tex b/submission_thesis/CH3_FMEA_criticism/copy.tex index 9f02153..bc95ba8 100644 --- a/submission_thesis/CH3_FMEA_criticism/copy.tex +++ b/submission_thesis/CH3_FMEA_criticism/copy.tex @@ -56,14 +56,14 @@ one failure can influence the programmatic behaviour and decisions made, complicating the analysis of additional failures. % Dual failure analysis is required by some recent European standards~\cite{en298,en230} -and with increasing demands on safety, we are likely to see more multiple failure -FMEA requirements. +and with increasing demands on safety, additional multiple failure +FMEA requirements are likely. Other problems such as the inability to easily re-use, and validate/audit (through traceable reasoning) FMEA models are presented. % -Finally we conclude with a list of deficiencies in current FMEA methodologies and present a wish list -for an improved methodology. +Finally a list of deficiencies in current FMEA methodologies and a wish list +for an improved methodology are presented. \section{Historical Origins of FMEA and the {\bc} {\fm} to system level failure/symptom paradigm} @@ -76,7 +76,9 @@ for predicting safety~levels/failure~rates. % However a typical entry in each of the above methodologies, starts with a particular component failure mode and associates it with a system---or top level---failure symptom. -This means that we have one analysis case per component failure mode for all the components in the system under investigation. +% +This means that there is one analysis case per component failure mode for all the components in the system under investigation. +% This analysis philosophy has not changed since FMEA was first used. @@ -100,7 +102,8 @@ to the component base in a system, it is very difficult to determine which FMEA test scenarios must be re-worked. % It is common in safety critical systems to have repeated circuit topologies. -For instance we may have several signal input and output +% +For instance there may be several signal input and output structures that are repeated. % The failure mode behaviour of these repeated structures will be the same. @@ -291,7 +294,7 @@ analogue electronics only~\cite{smart_instruments_1514209}. % It is termed `smart' because it has some software, or intelligence incorporated into it. % -For instance, an AVO-8 multi-meter circa 1970, uses only analogue electronics, and we can determine +For instance, an AVO-8 multi-meter circa 1970, uses only analogue electronics,it can be determined using FMEA how component failures within it could affect readings. % A modern multi-meter will have a small dedicated micro-processor and sensing electronics, all on the same chip, @@ -348,11 +351,14 @@ This adjustment could be direct, or could be another CANbus message passed to a % In terms of FMEA, see figure~\ref{fig:distcon}, our reasoning path spans (at least) four interface layers of electronics to software. % -Traditional FMEA does not cater for the software hardware interface, and here we have the additional complications +Traditional FMEA does not cater for the software hardware interface, and this leads to the additional complications %with the additional complications of the communications protocol used to transmit data and the failure mode characteristics -of the communications physical layer. This means the signal path will +of the communications physical layer. +% +This means the signal path will cross several hardware/software interfaces. +% \fmmdglossSIGPATH %(figure~\ref{fig:distcon} The failure reasoning paths for a distributed real time system, % AF does not like this but I think its OK