diff --git a/fmmd_design_aide/Makefile b/fmmd_design_aide/Makefile new file mode 100644 index 0000000..857a84c --- /dev/null +++ b/fmmd_design_aide/Makefile @@ -0,0 +1,18 @@ + +# + + +paper: paper.tex fmmd_design_aide_paper.tex + #latex paper.tex + #dvipdf paper pdflatex cannot use eps ffs + pdflatex paper.tex + okular paper.pdf + + +# Remove the need for referncing graphics in subdirectories +# +fmmd_design_aide_paper.tex: fmmd_design_aide.tex paper.tex + cat fmmd_design_aide.tex | sed 's/fmmd_design_aide\///' > fmmd_design_aide_paper.tex + +bib: + bibtex paper diff --git a/fmmd_design_aide/fmmd_design_aide.tex b/fmmd_design_aide/fmmd_design_aide.tex new file mode 100644 index 0000000..aa7582e --- /dev/null +++ b/fmmd_design_aide/fmmd_design_aide.tex @@ -0,0 +1,106 @@ + + + + +\ifthenelse {\boolean{paper}} +{ +\abstract{ This +paper +describes how the FMMD methodology can be used to refine +safety critical designs and identify undetectable faults. +Used in this way, its is a design aide, giving the user +the possibility to model a system from the perspective +of its failure mode behaviour. +} +} +{ +\section{Introduction} +This chapter +describes how the FMMD methodology can be used to refine +safety critical designs and identify undetectable faults. +Used in this way, its is a design aide, giving the user +the possibility to model a system from the perspective +of its failure mode behaviour. + + +} + + +\section{How FMMD Analysis can reveal design flaws in failure mode detection } + +A feature of FMMD analysis is symptom collection. Common symptoms are collected +after analysis, and this means that the failure modes of the {\fg} +are examined. The symptoms will be detectable (like a value of of range) +or undetectable (like a logic state of value being incorrect). +The `undetectable' failure modes are the most worrying for thesafety critical designer. +It is these that are, generally the ones that stand out as single +failure modes. For instance, out of range values, we know we can cope with; they +are an obvious error condition that will be detected by any modules +using the {\fg}. +i +\subsection{iterative design} + +By applying FMMD analysis to a {\fg} we can determine which failure +modes are detectable, and which are undetectable. +We can then either modifiy the circuit and iteratively +apply FMMD to the design again, or we could add another {\fg} +that specifically tests for the undetectable conditions. + +This +\ifthenelse {\boolean{paper}} +{ +paper +} +{ +chapter +} +describes a milli-volt amplifier, with an inbuilt safety\footnote{The `safety resistor also acts as a potential divider to provide a mill-volt offset} +resistor. The circuit is analysed and it is found that all but one component failure modes +are detectable. +We then design a circuit to test for the `undetectable' failure mode +and analyse this with FMMD. +With both {\dcs} we then use them to form a {\fg} which we can call our `self testing milli-volt amplifier'. +We then analsye the {\fg} and the resultant {\dc} failure modes descussed. +\section{An example: A Millivolt Amplifier} + + +\section{FMMD Analysis} + +\subsection{Undetected Failure Mode: Incorrect Reading} + +Although statistically, this failure is unlikely (get stats for R short FIT etc from pt100 doc) +if the reading is considered critical, or we are aiming for a high integrity level +this may be unacceptable. +We will need to add some type of detection mechanism to the circuit to +test $R_{off}$ periodically. +For instance were we to check $R_off$ every $\tau = 20mS$ work out detection +allowance according to EN61508. + +\section{Proposed Checking Method} + +Were we to switch in a a second resistor in parrallel with the +safety resistor $R_{safety}$, using a switch (or transistor) +we could detect the effect on the reading with the potential divider +according to the following formula. + +\vspace{10pt} +Work out a pot div formula, and some typical values +\vspace{10pt} + + +\section{FMMD analysis of Safety Addition} + + +\section{FMMD Hierarchy, with milli-volt amp and safety addition} + +Draw FMMD hierarchy diagram. + +\subsection{Analysis of FMMD Derived component `added safety milli-volt amp'} + + + +\section{conclusions} + +With safety addition reliability GOES DOWN ! +But safety goes UP ! +Work it out diff --git a/fmmd_design_aide/paper.tex b/fmmd_design_aide/paper.tex new file mode 100644 index 0000000..3267860 --- /dev/null +++ b/fmmd_design_aide/paper.tex @@ -0,0 +1,31 @@ + +\documentclass[a4paper,10pt]{article} +\usepackage{graphicx} +\usepackage{fancyhdr} +\usepackage{tikz} +\usepackage{amsfonts,amsmath,amsthm} +\input{../style} +\usepackage{ifthen} +\newboolean{paper} +\setboolean{paper}{true} % boolvar=true or false + + +%\newtheorem{definition}{Definition:} + +\begin{document} +\pagestyle{fancy} + +%\outerhead{{\small\bf Statistical Basis for Current Static Analysis Methodologies}} +%\innerfoot{{\small\bf R.P. Clark } } + % numbers at outer edges +\pagenumbering{arabic} % Arabic page numbers hereafter +\author{R.P.Clark} +\title{FMMD as a design aide} +\maketitle +\input{fmmd_design_aide_paper} + +\bibliographystyle{plain} +\bibliography{../vmgbibliography,../mybib} + +\today +\end{document} diff --git a/thesis.tex b/thesis.tex index 1442033..8772a03 100644 --- a/thesis.tex +++ b/thesis.tex @@ -129,6 +129,10 @@ Safety critical in that it must not overheat, and that it must alarm for incorrect temperature. +\chapter{FMMD Used as a design aide} +\input{fmmd_design_aide/fmmd_design_aide} + + \chapter{Conclusion} %\input{conclusion/conclusion}