From 18fbf8bc08293048583ffbdc4626b607a603dead Mon Sep 17 00:00:00 2001 From: Robin Clark Date: Sun, 16 Jan 2011 15:13:37 +0000 Subject: [PATCH] JMC proof read --- fmmd_concept/fmmd_concept.tex | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/fmmd_concept/fmmd_concept.tex b/fmmd_concept/fmmd_concept.tex index d34957a..fb2e0a5 100644 --- a/fmmd_concept/fmmd_concept.tex +++ b/fmmd_concept/fmmd_concept.tex @@ -219,7 +219,7 @@ factor, $(N-1) \times N \times K \times E$. If we put some typical very small embedded system numbers\footnote{these figures would be typical of a very simple temperature controller, with a micro-controller sensor -and heater circuit} into this, say $N=100$, $K=2.5$ and $E=10$ +and heater circuit.} into this, say $N=100$, $K=2.5$ and $E=10$ we have $99 \times 100 \times 2.5 \times 10 = 247500 $. To look in detail at a quarter of a million test cases is obviously impractical. @@ -317,7 +317,7 @@ FMEA described in this section (\ref{pfmea}) is sometimes called `production FME \subsection{FMECA} -Failure mode, effects, and criticality analysis (FMECA) extends FMEA adding a criticallity factor. +Failure mode, effects, and criticality analysis (FMECA) extends FMEA adding a criticality factor. This is a bottom up methodology, which takes component failure modes and traces them to the SYSTEM level failures. % @@ -342,9 +342,9 @@ is often justified using Bayes theorem \cite{probstat}. % The results of FMECA are similar to FMEA, in that component errors are listed according to importance, based on -probability of occurrence and criticallity. +probability of occurrence and criticality. % to prevent the SYSTEM fault of given criticallity. -Again this essentially produces a prioritised `todo' list. +Again this essentially produces a prioritised `to~do' list. %%-WIKI- Failure mode, effects, and criticality analysis (FMECA) is an extension of failure mode and effects analysis (FMEA). %%-WIKI- FMEA is a a bottom-up, inductive analytical method which may be performed at either the functional or @@ -359,7 +359,8 @@ Again this essentially produces a prioritised `todo' list. \begin{itemize} \item Possibility to miss the effects of failure modes at SYSTEM level. \item Possibility to miss environmental affects. -\item The $\beta$ factor is based on heuristics and does not reflect any rigourous calculations. +\item The $\beta$ factor is based on heuristics and does not reflect any rigorous calculations. Applying failure rates of individual components rather than individual failure modes +makes the factor less statistically reliable. \item Complex component interaction effects can be missed. \item No possibility to model base component level double failure modes. \end{itemize} @@ -370,11 +371,11 @@ Again this essentially produces a prioritised `todo' list. Failure Modes, Effects, and Diagnostic Analysis (FMEDA) % This is a process that takes all the components in a system, -and using the failure modes of those components, the investigating engineer +and using the failure modes of those components; the investigating engineer ties them to possible SYSTEM level events/failure modes. % This technique -evaluates a products statistical level of safety +evaluates a product's statistical level of safety taking into account its self-diagnostic ability. The calculations and procedures for FMEDA are described in EN61508 %Part 2 Appendix C @@ -586,7 +587,7 @@ where he probably should assign a dangerous failure classification to it. % There is no analysis of how that resistor would/could affect the components close to it, but because the circuitry -is part of critical section it will most likely +is part of a critical section it will most likely be linked to a dangerous system level failure in an FMEDA study. % %%- IS THIS TRUE IS THERE A BETA FACTOR IN FMEDA???? @@ -706,10 +707,10 @@ A hierarchy of functional grouping, leading to a system model still leaves us with the problem of the number of component failure modes. The base components will typically have several failure modes each. % -Given a typical embedded system may have hundreds of components. -This means that we would still have to tie base component failure modes +Given a typical embedded system may have hundreds of components, +this means that we would still have to tie base component failure modes to SYSTEM level errors. -The problem with this is that the base component failure mode under investigation +The problem with this is that the base component failure mode under investigation, effects are not rigorously examined in relation to functionally adjacent components. Thus there is the `possibility to miss failure mode effects at the much higher SYSTEM level' criticism of the FTA, FMEDA and FMECA methodologies. @@ -986,7 +987,7 @@ must be analysed for each operational state and environment condition that can affect it. % Two design decisions are required here: which objects should we -analyse the environmental and the operational states with respect to. +analyse the environmental and the operational states with respect to? There are three objects in our model to which these considerations could be applied. We could apply these conditions for analysis to the functional group, the components, or the derived @@ -1001,13 +1002,13 @@ Consider ambient temperature, pressure or even electrical interference levels. Environmental conditions may affect different components in a {\fg} in different ways. -For instance a system may be specified for +For instance, a system may be specified for $0\oc$ to $85\oc$ operation, but some components may show failure behaviour between $60\oc$ and $85\oc$ \footnote{Opto-islolators typically show marked performance decrease after $60\oc$ \cite{tlp181}, whereas another common component, say a resistor, will be unaffected.}. Other components may operate comfortably within that whole temperature range specified. -Environmental conditions will have an effect on the {\fg} and the {\dc} +Environmental conditions will have an effect on the {\fg} and the {\dc}, but they will have specific effects on individual components. \paragraph{Design Decision.} @@ -1086,7 +1087,7 @@ The minimal cuts sets for the SYSTEM level failures can have computed MTTF and danger evaluation statistics sourced from the component failure mode statistics \cite {mil1991}. \subsubsection{ It should be easy to use, ideally -using a graphical syntax (as oppossed to a formal mathematical one).} +using a graphical syntax (as opposed to a formal mathematical one).} A modified form of constraint diagram (an extension of Euler diagrams) has been developed to support the FMMD methodology. This uses Euler circles to represent failure modes, and spiders to collect symptoms, to @@ -1155,7 +1156,7 @@ An example FTA inhibit gate is shown in figure \ref{fig:inhibitconcept}. \end{figure} \paragraph{Static or Dynamic Modelling of Inhibit} -If the model is static we can consider the conditional failure +If the model is static we can consider the conditional failure, at a lower probability of occurring (i.e. the probability of A multiplied by the probability of Q). If we wish to dynamically model the conditional failure @@ -1175,7 +1176,7 @@ incorporated into a self checking functional group. These undetected failures correspond to a minimal cut set where a single base~component failure mode can be traced to a SYSTEM level failure mode. -They can thus be determined by searched the DAG +They can thus be determined by searching the DAG for a single base~component failure mode minimal cut set~\cite{nucfta}. % UML DIAGRAM