robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

JMC proof read

Browse Source
This commit is contained in:
Robin Clark 2011-01-16 15:13:37 +00:00
parent 4ca160f7e7
commit 18fbf8bc08
1 changed files with 18 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
fmmd_concept/fmmd_concept.tex
View File

@ -219,7 +219,7 @@ factor,
$(N-1) \times N \times K \times E$. $(N-1) \times N \times K \times E$.
If we put some typical very small embedded system numbers\footnote{these figures would If we put some typical very small embedded system numbers\footnote{these figures would
be typical of a very simple temperature controller, with a micro-controller sensor be typical of a very simple temperature controller, with a micro-controller sensor
and heater circuit} into this, say $N=100$, $K=2.5$ and $E=10$ and heater circuit.} into this, say $N=100$, $K=2.5$ and $E=10$
we have $99 \times 100 \times 2.5 \times 10 = 247500 $. we have $99 \times 100 \times 2.5 \times 10 = 247500 $.
To look in detail at a quarter of a million test cases is obviously impractical. To look in detail at a quarter of a million test cases is obviously impractical.
@ -317,7 +317,7 @@ FMEA described in this section (\ref{pfmea}) is sometimes called `production FME
\subsection{FMECA} \subsection{FMECA}
Failure mode, effects, and criticality analysis (FMECA) extends FMEA adding a criticallity factor. Failure mode, effects, and criticality analysis (FMECA) extends FMEA adding a criticality factor.
This is a bottom up methodology, which takes component failure modes This is a bottom up methodology, which takes component failure modes
and traces them to the SYSTEM level failures. and traces them to the SYSTEM level failures.
% %
@ -342,9 +342,9 @@ is often justified using Bayes theorem \cite{probstat}.
% %
The results of FMECA are similar to FMEA, in that component errors are The results of FMECA are similar to FMEA, in that component errors are
listed according to importance, based on listed according to importance, based on
probability of occurrence and criticallity. probability of occurrence and criticality.
% to prevent the SYSTEM fault of given criticallity. % to prevent the SYSTEM fault of given criticallity.
Again this essentially produces a prioritised `todo' list. Again this essentially produces a prioritised `to~do' list.
%%-WIKI- Failure mode, effects, and criticality analysis (FMECA) is an extension of failure mode and effects analysis (FMEA). %%-WIKI- Failure mode, effects, and criticality analysis (FMECA) is an extension of failure mode and effects analysis (FMEA).
%%-WIKI- FMEA is a a bottom-up, inductive analytical method which may be performed at either the functional or %%-WIKI- FMEA is a a bottom-up, inductive analytical method which may be performed at either the functional or
@ -359,7 +359,8 @@ Again this essentially produces a prioritised `todo' list.
\begin{itemize} \begin{itemize}
\item Possibility to miss the effects of failure modes at SYSTEM level. \item Possibility to miss the effects of failure modes at SYSTEM level.
\item Possibility to miss environmental affects. \item Possibility to miss environmental affects.
\item The $\beta$ factor is based on heuristics and does not reflect any rigourous calculations. \item The $\beta$ factor is based on heuristics and does not reflect any rigorous calculations. Applying failure rates of individual components rather than individual failure modes
makes the factor less statistically reliable.
\item Complex component interaction effects can be missed. \item Complex component interaction effects can be missed.
\item No possibility to model base component level double failure modes. \item No possibility to model base component level double failure modes.
\end{itemize} \end{itemize}
@ -370,11 +371,11 @@ Again this essentially produces a prioritised `todo' list.
Failure Modes, Effects, and Diagnostic Analysis (FMEDA) Failure Modes, Effects, and Diagnostic Analysis (FMEDA)
% This % This
is a process that takes all the components in a system, is a process that takes all the components in a system,
and using the failure modes of those components, the investigating engineer and using the failure modes of those components; the investigating engineer
ties them to possible SYSTEM level events/failure modes. ties them to possible SYSTEM level events/failure modes.
% %
This technique This technique
evaluates a products statistical level of safety evaluates a product's statistical level of safety
taking into account its self-diagnostic ability. taking into account its self-diagnostic ability.
The calculations and procedures for FMEDA are The calculations and procedures for FMEDA are
described in EN61508 %Part 2 Appendix C described in EN61508 %Part 2 Appendix C
@ -586,7 +587,7 @@ where he probably should assign a dangerous failure classification to it.
% %
There is no analysis There is no analysis
of how that resistor would/could affect the components close to it, but because the circuitry of how that resistor would/could affect the components close to it, but because the circuitry
is part of critical section it will most likely is part of a critical section it will most likely
be linked to a dangerous system level failure in an FMEDA study. be linked to a dangerous system level failure in an FMEDA study.
% %
%%- IS THIS TRUE IS THERE A BETA FACTOR IN FMEDA???? %%- IS THIS TRUE IS THERE A BETA FACTOR IN FMEDA????
@ -706,10 +707,10 @@ A hierarchy of functional grouping, leading to a system model
still leaves us with the problem of the number of component failure modes. still leaves us with the problem of the number of component failure modes.
The base components will typically have several failure modes each. The base components will typically have several failure modes each.
% %
Given a typical embedded system may have hundreds of components. Given a typical embedded system may have hundreds of components,
This means that we would still have to tie base component failure modes this means that we would still have to tie base component failure modes
to SYSTEM level errors. to SYSTEM level errors.
The problem with this is that the base component failure mode under investigation The problem with this is that the base component failure mode under investigation,
effects are not rigorously examined in relation to functionally adjacent components. effects are not rigorously examined in relation to functionally adjacent components.
Thus there is the `possibility to miss failure mode effects Thus there is the `possibility to miss failure mode effects
at the much higher SYSTEM level' criticism of the FTA, FMEDA and FMECA methodologies. at the much higher SYSTEM level' criticism of the FTA, FMEDA and FMECA methodologies.
@ -986,7 +987,7 @@ must be analysed for each operational state
and environment condition that can affect it. and environment condition that can affect it.
% %
Two design decisions are required here: which objects should we Two design decisions are required here: which objects should we
analyse the environmental and the operational states with respect to. analyse the environmental and the operational states with respect to?
There are three objects in our model to which these considerations could be applied. There are three objects in our model to which these considerations could be applied.
We could apply these conditions for analysis We could apply these conditions for analysis
to the functional group, the components, or the derived to the functional group, the components, or the derived
@ -1001,13 +1002,13 @@ Consider ambient temperature, pressure or even electrical interference levels.
Environmental conditions may affect different components in a {\fg} Environmental conditions may affect different components in a {\fg}
in different ways. in different ways.
For instance a system may be specified for For instance, a system may be specified for
$0\oc$ to $85\oc$ operation, but some components $0\oc$ to $85\oc$ operation, but some components
may show failure behaviour between $60\oc$ and $85\oc$ may show failure behaviour between $60\oc$ and $85\oc$
\footnote{Opto-islolators typically show marked performance decrease after \footnote{Opto-islolators typically show marked performance decrease after
$60\oc$ \cite{tlp181}, whereas another common component, say a resistor, will be unaffected.}. $60\oc$ \cite{tlp181}, whereas another common component, say a resistor, will be unaffected.}.
Other components may operate comfortably within that whole temperature range specified. Other components may operate comfortably within that whole temperature range specified.
Environmental conditions will have an effect on the {\fg} and the {\dc} Environmental conditions will have an effect on the {\fg} and the {\dc},
but they will have specific effects on individual components. but they will have specific effects on individual components.
\paragraph{Design Decision.} \paragraph{Design Decision.}
@ -1086,7 +1087,7 @@ The minimal cuts sets for the SYSTEM level failures can have computed MTTF
and danger evaluation statistics sourced from the component failure mode statistics \cite {mil1991}. and danger evaluation statistics sourced from the component failure mode statistics \cite {mil1991}.
\subsubsection{ It should be easy to use, ideally \subsubsection{ It should be easy to use, ideally
using a graphical syntax (as oppossed to a formal mathematical one).} using a graphical syntax (as opposed to a formal mathematical one).}
A modified form of constraint diagram (an extension of Euler diagrams) has A modified form of constraint diagram (an extension of Euler diagrams) has
been developed to support the FMMD methodology. been developed to support the FMMD methodology.
This uses Euler circles to represent failure modes, and spiders to collect symptoms, to This uses Euler circles to represent failure modes, and spiders to collect symptoms, to
@ -1155,7 +1156,7 @@ An example FTA inhibit gate is shown in figure \ref{fig:inhibitconcept}.
\end{figure} \end{figure}
\paragraph{Static or Dynamic Modelling of Inhibit} \paragraph{Static or Dynamic Modelling of Inhibit}
If the model is static we can consider the conditional failure If the model is static we can consider the conditional failure,
at a lower probability of occurring (i.e. the probability at a lower probability of occurring (i.e. the probability
of A multiplied by the probability of Q). of A multiplied by the probability of Q).
If we wish to dynamically model the conditional failure If we wish to dynamically model the conditional failure
@ -1175,7 +1176,7 @@ incorporated into a self checking functional group.
These undetected failures correspond to a minimal cut These undetected failures correspond to a minimal cut
set where a single base~component failure mode set where a single base~component failure mode
can be traced to a SYSTEM level failure mode. can be traced to a SYSTEM level failure mode.
They can thus be determined by searched the DAG They can thus be determined by searching the DAG
for a single base~component failure mode minimal cut set~\cite{nucfta}. for a single base~component failure mode minimal cut set~\cite{nucfta}.
% UML DIAGRAM % UML DIAGRAM