robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OK lets work on it this rainy morning and swim in the pells

Browse Source 
at lunchtime.
This commit is contained in:
Robin Clark 2011-06-20 07:19:28 +01:00
parent a762c1db5c
commit 1986f5f5ba
1 changed files with 47 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
fmmd_concept/System_safety_2011/submission.tex
View File

@ -91,10 +91,12 @@ behaviour of a non inverting op-amp.
\paragraph{Current methodologies} \paragraph{Current methodologies}
We briefly analyse the four current methodologies. We briefly analyse the four current methodologies.
Comprehensive overviews of these methodologies maybe found
in ~\cite{safeware,sccs}.
\paragraph{Fault Tree Analysis (FTA)} \paragraph{Fault Tree Analysis (FTA)}
FTA is a top down methodology in which a hierarchical diagram is drawn for FTA~\cite{nucfta,nasafta} is a top down methodology in which a hierarchical diagram is drawn for
each undesirable top level failure, presenting the conditions that must arise to cause each undesirable top level failure, presenting the conditions that must arise to cause
the event. the event.
% %
@ -113,9 +115,11 @@ support for environmental and operational states.
\paragraph{Fault Mode Effects Analysis FMEA)} is used principally in manufacturing. \paragraph{Fault Mode Effects Analysis FMEA)} is used principally in manufacturing.
Each top level failure is assessed by its cost to repair and its frequency,%, using a It is bottom up and starts with component failure modes, which
lead to top level failure/events.
Each top level failure is assessed by its cost to repair and its estimated frequency.%, using a
%failure mode ratio. %failure mode ratio.
A list of failures and their cost is then calculated. A list of failures according to their cost to repair~\cite{bfmea}, or effect on system reliability is then calculated.
It is easy to identify single component failure to system failure scenarios It is easy to identify single component failure to system failure scenarios
and an estimate of product reliability can be calculated. and an estimate of product reliability can be calculated.
% %
@ -126,24 +130,11 @@ or operational states in sub-systems or components. It cannot model
self-checking safety elements or other in-built safety features or self-checking safety elements or other in-built safety features or
analyse how particular components may fail. analyse how particular components may fail.
\subsection{Fault Mode Effects Analysis FMEA)}
FMEA is used principally in manufacturing.
Each defect is assessed by its cost to repair and its frequency. %, using a
%failure mode ratio.
A list of failures and their cost is generated.
It is easy to identify single component failure to system failure scenarios,
and an estimate of product reliability can be calculated. It cannot focus on
component interactions that cause system failure modes or determine potential
problems from simultaneous failure modes. It does not consider environmental
or operational states in sub-systems or components. It cannot model
self-checking safety elements or other in-built safety features or
analyse how particular components may fail.
\paragraph{Failure Mode Criticality Analysis (FMECA)} is a refinement of FMEA, using \paragraph{Failure Mode Criticality Analysis (FMECA)} is a refinement of FMEA, using
two extra variables: the probability of a component failure mode occurring three extra variables: the probability of a component failure mode occurring,
and the probability that this will cause a top level failure, and the perceived the probability that this will cause a given top level failure, and the perceived
criticallity. It gives better estimations of product reliability/safety and the critically. It gives better estimations of product reliability/safety and the
occurrence of particular system failure modes than FMEA but has similar deficiencies. occurrence of particular system failure modes than FMEA but has similar deficiencies.
@ -157,7 +148,7 @@ for environmental and operational states in sub-systems or components,
via self checking statistical mitigation. FMEDA is the methodology associated with via self checking statistical mitigation. FMEDA is the methodology associated with
the safety integrity standards IOC5108 and EN61508~\cite{en61508}. the safety integrity standards IOC5108 and EN61508~\cite{en61508}.
\subsection{Summary of Defeciencies in Current Methods} \subsection{Summary of Deficiencies in Current Methods}
\paragraph{Top Down approach: FTA} The top down technique FTA, introduces the possibility of missing base component \paragraph{Top Down approach: FTA} The top down technique FTA, introduces the possibility of missing base component
level failure modes~\cite{faa}[Ch.9]. Since one FTA tree is drawn for each top level level failure modes~\cite{faa}[Ch.9]. Since one FTA tree is drawn for each top level
@ -226,7 +217,7 @@ a {\bcfm} and not investigate other possibilities.
%\section{Requirements for a new static failure mode Analysis methodology} %\section{Requirements for a new static failure mode Analysis methodology}
\section{Desireable Criteria for a failure mode methodology}. \section{Desireable Criteria for a failure mode methodology.}
From the deficiencies outlined above, ideally we can form a set of desirable criteria for a better methodology. From the deficiencies outlined above, ideally we can form a set of desirable criteria for a better methodology.
{ \small { \small
\begin{enumerate} \begin{enumerate}
@ -397,6 +388,8 @@ Alternatively they could be self~checking sub-systems that are either in a norma
Operational states are conditions that apply to some functional groups, not individual components. Operational states are conditions that apply to some functional groups, not individual components.
\section{Worked Example: Non-Inverting Operational Amplifier}
A standard non inverting op amp (from ``The Art of Electronics'' ~\cite{aoe}[pp.234]) is shown in figure \ref{fig:noninvamp}. A standard non inverting op amp (from ``The Art of Electronics'' ~\cite{aoe}[pp.234]) is shown in figure \ref{fig:noninvamp}.
@ -454,7 +447,7 @@ Thus $R1$ has failure modes $\{R1\_OPEN, R1\_SHORT\}$ and $R2$ has failure modes
%\clearpage %\clearpage
\section{Failure Mode Analysis of the Potential Divider} \paragraph{Failure Mode Analysis of the Potential Divider}
\ifthenelse {\boolean{pld}} \ifthenelse {\boolean{pld}}
{ {
@ -703,13 +696,12 @@ as a building block for other {\fgs} in the same way as we used the resistors $R
%\clearpage %\clearpage
\section{Failure Mode Analysis of the OP-AMP} \paragraph{Failure Mode Analysis of the OP-AMP}
Let use now consider the op-amp. According to Let use now consider the op-amp. According to
FMD-91~\cite{fmd91}[3-116] an op amp may have the following failure modes: FMD-91~\cite{fmd91}[3-116] an op amp may have the following failure modes:
latchup(12.5\%), latchdown(6\%), nooperation(31.3\%), lowslewrate(50\%). latchup(12.5\%), latchdown(6\%), nooperation(31.3\%), lowslewrate(50\%).
\nocite{mil1991}
\ifthenelse {\boolean{pld}} \ifthenelse {\boolean{pld}}
{ {
@ -762,11 +754,10 @@ We can represent these failure modes on a DAG (see figure~\ref{fig:op1dag}).
%\clearpage %\clearpage
\section{Bringing the OP amp and the potential divider together} \paragraph{Modelling the OP amp with the potential divider.}
We can now consider bringing the OP amp and the potential divider components to
We can now consider bringing the OP amp and the potential divider together to form a {\fg} to represent the non inverting amplifier. We have the failure modes of the {\fg} for the potential divider,
model the non inverting amplifier. We have the failure modes of the functional group for the potential divider, so we do not need to go back and consider the individual resistor failure modes that define its behaviour.
so we do not need to consider the individual resistor failure modes that define its behaviour.
\ifthenelse {\boolean{pld}} \ifthenelse {\boolean{pld}}
{ {
We can make a new functional group to represent the amplifier, by bringing the component \textbf{opamp} We can make a new functional group to represent the amplifier, by bringing the component \textbf{opamp}
@ -799,7 +790,7 @@ regions) see figure~\ref{fig:fgampa}.
\ifthenelse {\boolean{dag}} \ifthenelse {\boolean{dag}}
{ {
We can now crate a {\fg} for the non-inverting amplifier We can now create a {\fg} for the non-inverting amplifier
by bringing together the failure modes from \textbf{opamp} and \textbf{PD}. by bringing together the failure modes from \textbf{opamp} and \textbf{PD}.
Each of these failure modes will be given a test case for analysis, Each of these failure modes will be given a test case for analysis,
and this is represented in table \ref{ampfmea}. and this is represented in table \ref{ampfmea}.
@ -927,7 +918,7 @@ We can now derive a `component' to represent this amplifier configuration (see f
%failure mode contours). %failure mode contours).
%\clearpage %\clearpage
%\clearpage %\clearpage
\section{Failure Modes from non inverting amplifier as a Directed Acyclic Graph (DAG)} \paragraph{Failure Modes from non inverting amplifier as a Directed Acyclic Graph (DAG)}
\ifthenelse {\boolean{pld}} \ifthenelse {\boolean{pld}}
{ {
We can now represent the FMMD analysis as a directed graph, see figure \ref{fig:noninvdag1}. We can now represent the FMMD analysis as a directed graph, see figure \ref{fig:noninvdag1}.
@ -1070,6 +1061,13 @@ to assist in building models for FTA, FMEA, FMECA and FMEDA failure mode analysi
\label{fig:noninvdag1} \label{fig:noninvdag1}
\end{figure} \end{figure}
\paragraph{Worked example. Effect on State explosion.}
The potential divider {\dc} reduced the number of failures to consider from four to two.
The op-amp and potential divider modelled together, reduced the number of
failure symptoms from eight to three. Because symptoms are collected, we can state
the the number of failure symptoms for a {\fg} will be less then or equal to the number
of component failues. In practise the number of symptoms is usually around half the
number of component failure modes.
@ -1162,23 +1160,30 @@ It can therefore be used to analyse systems comprised of electrical,
mechanical and software elements in one integrated model. mechanical and software elements in one integrated model.
{ \small { %\tiny
\begin{table}[ht] \begin{table}[ht]
\caption{Features of static Failure Mode analysis methodologies} % title of Table \caption{Features of static Failure Mode analysis methodologies} % title of Table
\centering % used for centering table %\centering % used for centering table
\begin{tabular}{||l|c|c|c|c|c||} \begin{tabular}{||l|c|c|c|c|c||}
\hline \hline \hline \hline
\textbf{Desirable} & \textbf{FTA} & \textbf{FMEA} & \textbf{FMECA} & \textbf{FDEMA} & \textbf{FMMD} \\ % \textbf{Des.} & \textbf{FTA} & \textbf{FMEA} & \textbf{FMECA} & \textbf{FDEMA} & \textbf{FMMD} \\
\textbf{Criteria} & \textbf{} & \textbf{} & \textbf{} & \textbf{} & \textbf{} \\ \textbf{\tiny Des.} & \textbf{\tiny FTA} & \textbf{\tiny FMEA} & \textbf{\tiny FMECA} & \textbf{\tiny FDEMA} & \textbf{\tiny FMMD} \\
\textbf{\tiny Crit.} & \textbf{} & \textbf{} & \textbf{} & \textbf{} & \textbf{} \\
% R & wire & res + & res - & description % R & wire & res + & res - & description
\hline \hline
\hline \hline
C1: state exp & partial & & & & $\tickYES$ \\ \hline C1: % state exp
C2: $\forall$ failures & &$\tickYES$ & $\tickYES$ & $\tickYES$ & $\tickYES$ \\ \hline & partial & & & & $\tickYES$ \\ \hline
C3: mech,elec,s/w & $\tickYES$ & & & & $\tickYES$ \\ \hline C2: % $\forall$ failures
C4: modular & & & & partial & $\tickYES$ \\ \hline & &$\tickYES$ & $\tickYES$ & $\tickYES$ & $\tickYES$ \\ \hline
C5: formal & partial & partial & partial & partial & $\tickYES$ \\ \hline C3: %mech,elec,s/w & $\tickYES$
C6: multiple fm & $\tickYES$ & & & partial & $\tickYES$ \\ \hline & & & & & $\tickYES$ \\ \hline
C4: %modular
& & & & partial & $\tickYES$ \\ \hline
C5: %formal
& partial & partial & partial & partial & $\tickYES$ \\ \hline
C6: %multiple fm
& $\tickYES$ & & & partial & $\tickYES$ \\ \hline
\hline \hline
\hline \hline
\end{tabular} \end{tabular}