Notes from last night on a design aide aspect to fmmd

2010-10-06 09:04:41 +01:00 · 2010-10-06 09:04:41 +01:00 · 1e20bb3b0b
commit 1e20bb3b0b
parent 95328ba5da
4 changed files with 159 additions and 0 deletions
--- a/fmmd_design_aide/Makefile
+++ b/fmmd_design_aide/Makefile
@ -0,0 +1,18 @@
+
+#
+
+
+paper:	paper.tex fmmd_design_aide_paper.tex
+	#latex paper.tex
+	#dvipdf paper     pdflatex cannot use eps ffs
+	pdflatex paper.tex
+	okular paper.pdf
+
+
+# Remove the need for referncing graphics in subdirectories
+#
+fmmd_design_aide_paper.tex: fmmd_design_aide.tex paper.tex
+	cat fmmd_design_aide.tex | sed 's/fmmd_design_aide\///' > fmmd_design_aide_paper.tex
+
+bib:	
+	bibtex paper
--- a/fmmd_design_aide/fmmd_design_aide.tex
+++ b/fmmd_design_aide/fmmd_design_aide.tex
@ -0,0 +1,106 @@
+
+
+
+
+\ifthenelse {\boolean{paper}}
+{
+\abstract{ This 
+paper 
+describes how the FMMD methodology can be used to refine
+safety critical designs and identify undetectable faults.
+Used in this way, its is a design aide, giving the user
+the possibility to model a system from the perspective
+of its failure mode behaviour.
+}
+}
+{
+\section{Introduction}
+This chapter 
+describes how the FMMD methodology can be used to refine
+safety critical designs and identify undetectable faults.
+Used in this way, its is a design aide, giving the user
+the possibility to model a system from the perspective
+of its failure mode behaviour.
+
+
+}
+
+ 
+\section{How FMMD Analysis can reveal design flaws in failure mode detection }
+
+A feature of FMMD analysis is symptom collection. Common symptoms are collected
+after analysis, and this means that the failure modes of the {\fg}
+are examined. The symptoms will be detectable (like a value of  of range)
+or undetectable (like a logic state of value being incorrect).
+The `undetectable' failure modes are the most worrying for thesafety critical designer.
+It is these that are, generally the ones that stand out as single 
+failure modes. For instance, out of range values, we know we can cope with; they
+are an obvious error condition that will be detected by any modules
+using the {\fg}.
+i
+\subsection{iterative design}
+
+By applying FMMD analysis to a {\fg} we can determine which failure
+modes are detectable, and which are undetectable.
+We can then either modifiy the circuit and iteratively
+apply FMMD to the design again, or we could add another {\fg}
+that specifically tests for the undetectable conditions.
+
+This
+\ifthenelse {\boolean{paper}}
+{
+paper
+}
+{
+chapter
+}
+describes a milli-volt amplifier, with an inbuilt safety\footnote{The `safety resistor also acts as a potential divider to provide a mill-volt offset}
+resistor. The circuit is analysed and it is found that all but one component failure modes
+are detectable.
+We then design a circuit to test for the `undetectable' failure mode
+and analyse this with FMMD.
+With both {\dcs} we then use them to form a {\fg} which we can call our `self testing milli-volt amplifier'.
+We then analsye the {\fg} and the resultant {\dc} failure modes descussed.
+\section{An example: A Millivolt Amplifier}
+
+
+\section{FMMD Analysis}
+
+\subsection{Undetected Failure Mode: Incorrect Reading}
+
+Although statistically, this failure is unlikely (get stats for R short FIT etc from pt100 doc)
+if the reading is considered critical, or we are aiming for a high integrity level
+this may be unacceptable.
+We will need to add some type of detection mechanism to the circuit to
+test $R_{off}$ periodically.
+For instance were we to check $R_off$ every $\tau = 20mS$ work out detection
+allowance according to EN61508.
+
+\section{Proposed Checking Method}
+
+Were we to switch in a a second resistor in parrallel with the 
+safety resistor $R_{safety}$, using a switch (or transistor)
+we could detect the effect on the reading with the potential divider
+according to the following formula.
+
+\vspace{10pt}
+Work out a pot div formula, and some typical values
+\vspace{10pt}
+
+
+\section{FMMD analysis of Safety Addition}
+
+
+\section{FMMD Hierarchy, with milli-volt amp and safety addition}
+
+Draw FMMD hierarchy diagram.
+
+\subsection{Analysis of FMMD Derived component `added safety milli-volt amp'}
+
+
+
+\section{conclusions}
+
+With safety addition reliability GOES DOWN !
+But safety goes UP !
+Work it out 
--- a/fmmd_design_aide/paper.tex
+++ b/fmmd_design_aide/paper.tex
@ -0,0 +1,31 @@
+
+\documentclass[a4paper,10pt]{article}
+\usepackage{graphicx}
+\usepackage{fancyhdr}
+\usepackage{tikz}
+\usepackage{amsfonts,amsmath,amsthm}
+\input{../style}
+\usepackage{ifthen}
+\newboolean{paper}
+\setboolean{paper}{true} % boolvar=true or false
+
+
+%\newtheorem{definition}{Definition:}
+
+\begin{document}
+\pagestyle{fancy}
+
+%\outerhead{{\small\bf Statistical Basis for Current Static Analysis Methodologies}}         
+%\innerfoot{{\small\bf R.P. Clark } }   
+                                              % numbers at outer edges
+\pagenumbering{arabic}                        % Arabic page numbers hereafter
+\author{R.P.Clark}
+\title{FMMD as a design aide}
+\maketitle 
+\input{fmmd_design_aide_paper}
+
+\bibliographystyle{plain}
+\bibliography{../vmgbibliography,../mybib}
+
+\today
+\end{document}
--- a/thesis.tex
+++ b/thesis.tex
@ -129,6 +129,10 @@
 Safety critical in that it must not overheat, and that it must alarm
 for incorrect temperature.

+\chapter{FMMD Used as a design aide}
+\input{fmmd_design_aide/fmmd_design_aide}
+
+
 \chapter{Conclusion}
 %\input{conclusion/conclusion}