JMC proof read
This commit is contained in:
parent
4ca160f7e7
commit
18fbf8bc08
@ -219,7 +219,7 @@ factor,
|
||||
$(N-1) \times N \times K \times E$.
|
||||
If we put some typical very small embedded system numbers\footnote{these figures would
|
||||
be typical of a very simple temperature controller, with a micro-controller sensor
|
||||
and heater circuit} into this, say $N=100$, $K=2.5$ and $E=10$
|
||||
and heater circuit.} into this, say $N=100$, $K=2.5$ and $E=10$
|
||||
we have $99 \times 100 \times 2.5 \times 10 = 247500 $.
|
||||
To look in detail at a quarter of a million test cases is obviously impractical.
|
||||
|
||||
@ -317,7 +317,7 @@ FMEA described in this section (\ref{pfmea}) is sometimes called `production FME
|
||||
|
||||
\subsection{FMECA}
|
||||
|
||||
Failure mode, effects, and criticality analysis (FMECA) extends FMEA adding a criticallity factor.
|
||||
Failure mode, effects, and criticality analysis (FMECA) extends FMEA adding a criticality factor.
|
||||
This is a bottom up methodology, which takes component failure modes
|
||||
and traces them to the SYSTEM level failures.
|
||||
%
|
||||
@ -342,9 +342,9 @@ is often justified using Bayes theorem \cite{probstat}.
|
||||
%
|
||||
The results of FMECA are similar to FMEA, in that component errors are
|
||||
listed according to importance, based on
|
||||
probability of occurrence and criticallity.
|
||||
probability of occurrence and criticality.
|
||||
% to prevent the SYSTEM fault of given criticallity.
|
||||
Again this essentially produces a prioritised `todo' list.
|
||||
Again this essentially produces a prioritised `to~do' list.
|
||||
|
||||
%%-WIKI- Failure mode, effects, and criticality analysis (FMECA) is an extension of failure mode and effects analysis (FMEA).
|
||||
%%-WIKI- FMEA is a a bottom-up, inductive analytical method which may be performed at either the functional or
|
||||
@ -359,7 +359,8 @@ Again this essentially produces a prioritised `todo' list.
|
||||
\begin{itemize}
|
||||
\item Possibility to miss the effects of failure modes at SYSTEM level.
|
||||
\item Possibility to miss environmental affects.
|
||||
\item The $\beta$ factor is based on heuristics and does not reflect any rigourous calculations.
|
||||
\item The $\beta$ factor is based on heuristics and does not reflect any rigorous calculations. Applying failure rates of individual components rather than individual failure modes
|
||||
makes the factor less statistically reliable.
|
||||
\item Complex component interaction effects can be missed.
|
||||
\item No possibility to model base component level double failure modes.
|
||||
\end{itemize}
|
||||
@ -370,11 +371,11 @@ Again this essentially produces a prioritised `todo' list.
|
||||
Failure Modes, Effects, and Diagnostic Analysis (FMEDA)
|
||||
% This
|
||||
is a process that takes all the components in a system,
|
||||
and using the failure modes of those components, the investigating engineer
|
||||
and using the failure modes of those components; the investigating engineer
|
||||
ties them to possible SYSTEM level events/failure modes.
|
||||
%
|
||||
This technique
|
||||
evaluates a products statistical level of safety
|
||||
evaluates a product's statistical level of safety
|
||||
taking into account its self-diagnostic ability.
|
||||
The calculations and procedures for FMEDA are
|
||||
described in EN61508 %Part 2 Appendix C
|
||||
@ -586,7 +587,7 @@ where he probably should assign a dangerous failure classification to it.
|
||||
%
|
||||
There is no analysis
|
||||
of how that resistor would/could affect the components close to it, but because the circuitry
|
||||
is part of critical section it will most likely
|
||||
is part of a critical section it will most likely
|
||||
be linked to a dangerous system level failure in an FMEDA study.
|
||||
%
|
||||
%%- IS THIS TRUE IS THERE A BETA FACTOR IN FMEDA????
|
||||
@ -706,10 +707,10 @@ A hierarchy of functional grouping, leading to a system model
|
||||
still leaves us with the problem of the number of component failure modes.
|
||||
The base components will typically have several failure modes each.
|
||||
%
|
||||
Given a typical embedded system may have hundreds of components.
|
||||
This means that we would still have to tie base component failure modes
|
||||
Given a typical embedded system may have hundreds of components,
|
||||
this means that we would still have to tie base component failure modes
|
||||
to SYSTEM level errors.
|
||||
The problem with this is that the base component failure mode under investigation
|
||||
The problem with this is that the base component failure mode under investigation,
|
||||
effects are not rigorously examined in relation to functionally adjacent components.
|
||||
Thus there is the `possibility to miss failure mode effects
|
||||
at the much higher SYSTEM level' criticism of the FTA, FMEDA and FMECA methodologies.
|
||||
@ -986,7 +987,7 @@ must be analysed for each operational state
|
||||
and environment condition that can affect it.
|
||||
%
|
||||
Two design decisions are required here: which objects should we
|
||||
analyse the environmental and the operational states with respect to.
|
||||
analyse the environmental and the operational states with respect to?
|
||||
There are three objects in our model to which these considerations could be applied.
|
||||
We could apply these conditions for analysis
|
||||
to the functional group, the components, or the derived
|
||||
@ -1001,13 +1002,13 @@ Consider ambient temperature, pressure or even electrical interference levels.
|
||||
Environmental conditions may affect different components in a {\fg}
|
||||
in different ways.
|
||||
|
||||
For instance a system may be specified for
|
||||
For instance, a system may be specified for
|
||||
$0\oc$ to $85\oc$ operation, but some components
|
||||
may show failure behaviour between $60\oc$ and $85\oc$
|
||||
\footnote{Opto-islolators typically show marked performance decrease after
|
||||
$60\oc$ \cite{tlp181}, whereas another common component, say a resistor, will be unaffected.}.
|
||||
Other components may operate comfortably within that whole temperature range specified.
|
||||
Environmental conditions will have an effect on the {\fg} and the {\dc}
|
||||
Environmental conditions will have an effect on the {\fg} and the {\dc},
|
||||
but they will have specific effects on individual components.
|
||||
|
||||
\paragraph{Design Decision.}
|
||||
@ -1086,7 +1087,7 @@ The minimal cuts sets for the SYSTEM level failures can have computed MTTF
|
||||
and danger evaluation statistics sourced from the component failure mode statistics \cite {mil1991}.
|
||||
|
||||
\subsubsection{ It should be easy to use, ideally
|
||||
using a graphical syntax (as oppossed to a formal mathematical one).}
|
||||
using a graphical syntax (as opposed to a formal mathematical one).}
|
||||
A modified form of constraint diagram (an extension of Euler diagrams) has
|
||||
been developed to support the FMMD methodology.
|
||||
This uses Euler circles to represent failure modes, and spiders to collect symptoms, to
|
||||
@ -1155,7 +1156,7 @@ An example FTA inhibit gate is shown in figure \ref{fig:inhibitconcept}.
|
||||
\end{figure}
|
||||
|
||||
\paragraph{Static or Dynamic Modelling of Inhibit}
|
||||
If the model is static we can consider the conditional failure
|
||||
If the model is static we can consider the conditional failure,
|
||||
at a lower probability of occurring (i.e. the probability
|
||||
of A multiplied by the probability of Q).
|
||||
If we wish to dynamically model the conditional failure
|
||||
@ -1175,7 +1176,7 @@ incorporated into a self checking functional group.
|
||||
These undetected failures correspond to a minimal cut
|
||||
set where a single base~component failure mode
|
||||
can be traced to a SYSTEM level failure mode.
|
||||
They can thus be determined by searched the DAG
|
||||
They can thus be determined by searching the DAG
|
||||
for a single base~component failure mode minimal cut set~\cite{nucfta}.
|
||||
|
||||
% UML DIAGRAM
|
||||
|
||||
Loading…
Reference in New Issue
Block a user