diff --git a/mybib.bib b/mybib.bib index 79406a8..b1adfaa 100644 --- a/mybib.bib +++ b/mybib.bib @@ -1294,7 +1294,7 @@ OPTissn = {}, OPTkey = {}, author = {Microchip}, OPTorganization = {}, - address = {http://ww1.microchip.com/downloads/en/DeviceDoc/80519d.pdf}, + address = {http://ww1.microchip.com/ downloads/en/DeviceDoc/80519d.pdf}, OPTedition = {}, OPTmonth = {}, year = {2011}, @@ -1333,7 +1333,7 @@ OPTissn = {}, OPTkey = {}, author = {Microchip}, OPTorganization = {}, - address = {http://ww1.microchip.com/downloads/en/DeviceDoc/39755c.pdf}, + address = {http://ww1.microchip.com/ downloads/en/DeviceDoc/39755c.pdf}, OPTedition = {}, OPTmonth = {}, year = {2009}, diff --git a/papers/JOURNAL_fmea_sw_hw/sw_hw_fmea.tex b/papers/JOURNAL_fmea_sw_hw/sw_hw_fmea.tex index 6cba39f..794bc9a 100644 --- a/papers/JOURNAL_fmea_sw_hw/sw_hw_fmea.tex +++ b/papers/JOURNAL_fmea_sw_hw/sw_hw_fmea.tex @@ -113,6 +113,7 @@ failure mode of the component or sub-system}}} %\nodate \maketitle +\today \paragraph{Keywords:} static failure mode modelling; safety-critical; software fmea %\small @@ -156,7 +157,7 @@ This paper presents a simple worked example of FMMD applied to an integrated electronics/software system, the industry standard {\ft} signalling loop. % -} +} % abstract @@ -212,7 +213,8 @@ the known failure mode behaviour. %Presently FMEA, stops at the glass ceiling of the computer program: FMMD seeks to address %this, and offers additional test efficiency benefits. This paper is a condensed version of the PhD thesis entitled `failure Mode Modular De-compositon'~\cite{clark}. \today -} + + %\today \nocite{en298} @@ -485,7 +487,7 @@ it terms `indenture' levels. Indenture levels are arranged from the top down and identify finer and finer grained modules. For instance, an aircraft may be the first indenture level, and the next may be an identifiable module such as an altitude radar: within that finer grained modules may be identified until -the base components are listed. Note that this is a top down approach and +the base components are listed. Note that this is a top down approach to modularisation and this can introduce errors into the reliability calculations~\cite{MILSTD1629short}. % \paragraph{Modularisation in Software} @@ -644,17 +646,25 @@ in an improved FMEA methodology, \section{The proposed Methodology} \label{fmmdproc} -In essence, this methodology beginning with low level modules (or {\fgs}) -which are analysed and assigned a failure mode behaviour. -They are then considered as higher level components with -their own failure mode behaviour. These higher level components -are then collected to form {\fgs} and so on until a hierarchy is built -representing the entire system. - - +% +%% One line +The idea is to modularise from the bottom-up, by choosing groups of components that +work together to perform a given function: the failure modes of the components +are considered, and a failure mode behaviour for the group determined: this group +can now be used as a component in its own right with a set of failure modes. +% +% In essence, this methodology beginning with low level modules (or {\fgs}) +% which are analysed and assigned a failure mode behaviour. +% They are then considered as higher level components with +% their own failure mode behaviour. These higher level components +% are then collected to form {\fgs} and so on until a hierarchy is built +% representing the entire system. +% % Any new static failure mode methodology must ensure that it % represents all component failure modes and it therefore should be bottom-up, % starting with individual component failure modes. + +\paragraph{FMMD process.} To ensure all component failure modes are modelled, the new methodology must be bottom-up. % %This seems essential to satisfy criterion 2. @@ -663,7 +673,7 @@ A {\em {\fg}}, is defined as a small collection of components that interact to provide a function or task within a system. % -Starting with base~components small {\fgs} are chosen and each component failure mode considered in the +Starting with {\bcs} small {\fgs} are chosen and each component failure mode considered in the context of the {\fg}. % %% GARK @@ -692,10 +702,9 @@ The failure modes of this new {\dc} are the symptoms of the {\fg} it was derived % By using {\dcs} in higher level functional groups, a hierarchy can be built representing the failure mode behaviour of a system. Because the hierarchy maintains information -linking the symptoms to component failure modes (via {\fcs}). - -Reasoning connections from base component failures to top level failures can now be made -by tracing cause and effect though the hierarchy of modules. +linking the symptoms to component failure modes (via {\fcs}), reasoning connections from base component failures to top level failures can now be made +by tracing cause and effect though the hierarchy of modules~\footnote{This means that an FMMD model can be used to produce traditional FMEA reports where each {\bc} {\fm} is linked to +a system level failure.}. %The traceability should satisfy criterion 5. An advantage of performing FMEA in this modular way, is that the {\fgs} are small in terms of the numbers of components. This means the $O(N^2)$ effect @@ -704,7 +713,8 @@ This addresses the state explosion problem of XFMEA. It also means that modules are re-usable (analogous to software classes). % % -A practical example of a hardware FMEA performed both traditionally and using FMMD may be found in~\cite{syssafe2011} +A practical example of a hardware FMEA performed both traditionally and using FMMD may be found in~\cite{syssafe2011}, a hybrid +software and hardware hybrid example is analysed in~\cite{syssafe2012} and examples of `reasoning~distance' efficiency savings can be found in~\cite{clark}[Ch.7]. % \paragraph{Integrating software into the FMMD model} @@ -774,7 +784,7 @@ applying FMMD means deciding on the members for {\fgs} and the subsequent hierar % \section{Example for analysis} % : How can we apply FMEA} % -For the purpose of example, we chose a simple common safety critical industrial circuit +For the purpose of example, a simple common safety critical industrial circuit has been chosen that is nearly always used in conjunction with a programmatic element. A common method for delivering a quantitative value in analogue electronics is to supply a current signal to represent the value to be sent~\cite{aoe}[p.934].