robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

after meeting with Andrew Fish in Hove Friday

Browse Source
This commit is contained in:
Robin 2010-04-24 10:36:33 +01:00
parent 6eedb1e62d
commit 22386efd15
7 changed files with 260 additions and 164 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
component_failure_modes_definition/cfg.dia Normal file
View File

Binary file not shown.

BIN
component_failure_modes_definition/cfg.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

BIN
component_failure_modes_definition/component.dia Normal file
View File

Binary file not shown.

BIN
component_failure_modes_definition/component.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.0 KiB

424
component_failure_modes_definition/component_failure_modes_definition.tex
View File

@ -3,190 +3,281 @@
components, component fault modes and `unitary~state' component fault modes. components, component fault modes and `unitary~state' component fault modes.
The application of Bayes theorem in current methodologies, and The application of Bayes theorem in current methodologies, and
the suitability of the `null hypothesis' or `P' value statistical approach the suitability of the `null hypothesis' or `P' value statistical approach
ar discussed. are discussed.
Mathematical constraints and definitions are made using set theory. Mathematical constraints and definitions are made using set theory.
} }
\section{Introduction} \section{Introduction}
When building a system from components,
we should be able to find all known failure modes for each component. %When building a system from components,
For most common electrical and mechanical components, the failure modes %we should be able to find all known failure modes for each component.
for a given type of part can be obtained from standard literature\cite{mil1991} %For most common electrical and mechanical components, the failure modes
\cite{mech}. %The failure modes for a given component $K$ form a set $F$. %for a given type of part can be obtained from standard literature\cite{mil1991}
%\cite{mech}. %The failure modes for a given component $K$ form a set $F$.
Using these failure modes we can build a `failure model' from the bottom-up. %%
%% Paragraph component and its relationship to its failure modes
%%
\subsection{ What is a Component ?}
Let us first define a component. This is anything we use to build a
product or system with. This could be something quite complicated
like an integrated microcontroller, or quite simple like the humble resistor.
We can define a
component by its name, a manufacturers part number and perhaps
a vendors reference number.
What these components all have in common is that they can fail, and fail in
a number of well defined ways. For common components
there is established literature for the failure modes for the system designer consider (with accompanying statistical
failure rates)\cite{mil1991}. For instance, a simple resistor is generally considered
to fail in two ways, it can go open circuit or it can short. But we can also
associate it with a set of known failure modes. The UML diagram in figure
\ref{fig:component} shows a component as a simple data
structure with its failure modes.
\begin{figure}[h]
\centering
\includegraphics[width=400pt,bb=0 0 437 141,keepaspectratio=true]{./component.jpg}
% component.jpg: 437x141 pixel, 72dpi, 15.42x4.97 cm, bb=0 0 437 141
\caption{A Component and its Failure Modes}
\label{fig:component}
\end{figure}
% \begin{figure}[h+]
% \centering
% \includegraphics[width=400pt,bb=0 0 433 68,keepaspectratio=true]{component_failure_modes_definition/component.jpg}
% % component.jpg: 433x68 pixel, 72dpi, 15.28x2.40 cm, bb=0 0 433 68
% \caption{A Component and its failure modes}
% \label{fig:component}
% \end{figure}
A product naturally consists of many components and these are traditionally
kept in a `parts list'. For safety critical product this is a usually formal document
and is used by quality inspectors to ensure the correct parts are being fitted.
For our UML diagram the parts list is simply a collection of components
as shown in figure \ref{fig:componentpl}.
\begin{figure}[h]
\centering
\includegraphics[width=400pt,bb=0 0 712 68,keepaspectratio=true]{./componentpl.jpg}
% componentpl.jpg: 712x68 pixel, 72dpi, 25.12x2.40 cm, bb=0 0 712 68
\caption{Parts List of Components}
\label{fig:componentpl}
\end{figure}
%%
%% Paragraph using failure modes to build from bottom up
%%
\subsection{Fault Mode Analysis, top down or bottom up?}
Traditional static fault analysis methods work from the top down. Traditional static fault analysis methods work from the top down.
They identify faults that can occur in a system, and then work down They identify faults that can occur in a system, and then work down
to see how they could be caused. Some apply statistical tequniques to to see how they could be caused. Some apply statistical tequniques to
determine the likelihood of component failures causing specific system level errors (see Bayes theorem \ref{bayes}). determine the likelihood of component failures
Another top down technique is ato apply cost benifit analysis causing specific system level errors (see Bayes theorem \ref{bayes}).
Another top down technique is to apply cost benifit analysis
to determine which faults are the highest priority to fix\cite{FMEA}. to determine which faults are the highest priority to fix\cite{FMEA}.
The aim of this study is to produce complete failure The aim of this study is to produce complete failure
models of safety critical systems from the bottom-up, models of safety critical systems from the bottom-up,
starting, where possible with known component failure modes. starting, where possible with known component failure modes.
In order to analyse from the bottom-up, we need to take
\subsection{Systems, functional groups, sub-systems and failure modes} small groups of components from the parts~list that naturally
work together to perform a simple function.
It is helpful here to define some terms, `system', `functional~group', `component', `base~component' and `sub-system'. We can term this a `Functional~Group'. When we have a
`Functional~Group' we can look at the failure modes of all the components
A System, is really any coherent entity that would be sold as a safety critical product. in it and decide how these will affect the Group.
A sub-system is a part of some larger system. Or in other words we can determine the failure modes of the functional
For instance a stereo amplifier separate is a sub-system. The group. These failure modes are derived from the functional group, as so we can call
whole Sound System, consists perhaps of the following `sub-systems': them `derived failure modes'.
CD-player, tuner, amplifier~separate, loudspeakers and ipod~interface. We now have something very useful, because
we can now treat this functional group as a component with a known set of failure modes.
%Thinking like this is a top~down analysis approach This newly derived component can be used as a higher level
%and is the way in which FTA\cite{nucfta} analyses a System building block for the system we are analysing.
%and breaks it down. Derived components, can be used
to form higher level functional groups.
A sub-system will be composed of component parts, which This process can continue until have build a hierarcy that converges to a failure model of the entire system.
may themselves be sub-systems. To differentiate the components derived from functional groups, we can
add a new attribute to the class `Component', that of analysis
Eventually by a recursive downwards process we would be able to identify level.
sub-systems built from base component parts. We can represet this in a UML diagram see figure \ref{fig:cfg}
Each `component part'
will have a known fault/failure behaviour.
That is to say, each base component has a set of known
ways in which it can fail.
If we look at the sound system again as an
example; the CD~player could fail in serveral distinct ways, no matter
what has happened to it or has gone wrong inside it.
A top down approach has an intrinsic problem in that we cannot guess
every possible failure mode at the SYSTEM level.
Using the reasoning that working from the bottom up forces the consideration of all possible
component failures (which could be missed in a top~down approach)
we are presented with a problem. Which initial collections of base components should we choose ?
For instance in the CD~player example; to start at the bottom; we are presented with
a massive list of base~components, resistors, motors, user~switches, laser~diodes all sorts !
Clearly, working from the bottom~up we need to pick small
collections of components that work together in some way.
These are termed `functional~groups'. For instance the circuitry that powers the laser diode
to illuminate the CD might contain a handful of components, and as such would make a good candidate
to be one of the base level functional~groups.
In choosing the lowest level (base component) sub-systems we would look
for the smallest `functional~groups' of components within a system. A functional~group is a set of components that interact
to perform a specific function.
When we have analysed the fault behaviour of a functional group, we can treat it as a `black box'.
We can now call our functional~group a sub-system. The goal here is to know how will behave under fault conditions !
%Imagine buying one such `sub~system' from a very honest vendor.
%One of those sir, yes but be warned it may fail in these distinct ways, here
%in the honest data sheet the set of failure modes is listed!
This type of thinking is starting to become more commonplace in product literature, with the emergence
of reliability safety standards such as IOC1508\cite{sccs},EN61508\cite{en61508}.
FIT (Failure in Time - expected number of failures per billion hours of operation) values
are published for some micro-controllers. A micro~controller
is a complex sub-system in its self and could be considered a `black~box' with a given reliability.
\footnote{Microchip sources give an FIT of 4 for their PIC18 series micro~controllers\cite{microchip}, The DOD
1991 reliability manual\cite{mil1991} applies a FIT of 100 for this generic type of component}
As electrical components have detailed datasheets a useful extension of this would
be failure modes of the component, with environmental factors and MTTF statistics.
Currently this sort of information is generally only available for generic component types\cite{mil1991}.
%At higher levels of analysis, functional~groups are pre-analysed sub-systems that interact to
%erform a given function.
%\vspace{0.3cm}
\begin{table}[h]
\begin{tabular}{||l|l||} \hline \hline
{\em Definition } & {\em Description} \\ \hline
System & A product designed to \\
& work as a coherent entity \\ \hline
Sub-system & A part of a system, \\
& sub-systems may contain sub-systems \\ \hline
Failure mode & A way in which a System, \\
& Sub-system or component can fail \\ \hline
Functional Group & A collection of sub-systems and/or \\
& components that interact to \\
& perform a specific function \\ \hline
Failure Mode & The collection of all failure \\
Group & modes from all the members of a \\
& functional group \\ \hline
Derived & A failure mode determined from the analysis \\
Failure mode & of a `Failure Mode Group' \\ \hline
Base Component & Any bought in component, which \\
& hopefully has a known set of failure modes \\ \hline
\hline
\end{tabular}
\label{tab:def}
\caption{Table of FMMD definitions}
\end{table}
%\vspace{0.3cm}
\section{A UML Model of terms introduced}
\begin{figure}[h] \begin{figure}[h]
\centering \centering
\includegraphics[width=350pt,bb=0 0 680 500,keepaspectratio=true]{component_failure_modes_definition/fmmd_uml.jpg} \includegraphics[width=400pt,bb=0 0 712 235,keepaspectratio=true]{./cfg.jpg}
% fmmd_uml.jpg: 680x500 pixel, 72dpi, 23.99x17.64 cm, bb=0 0 680 500 % cfg.jpg: 712x205 pixel, 72dpi, 25.12x7.23 cm, bb=0 0 712 205
\caption{UML respresentation of Failure Mode Data types} \caption{Components Derived from Functional Groups}
\label{fig:fmmd_uml} \label{fig:cfg}
\end{figure} \end{figure}
The diagram in figure \ref{fig:fmmd_uml}
shows the relationships between the terms defined in table \ref{tab:def} as classes in a UML model.
We can start with the functional group. This is a minimal collection
of components that perform a simple given function.
For our audio separates rig, this could be
the compoents that supply power to the laser diode.
From the `Functional~Group' we can now collect
all the `failure modes of the `components', and
produce a `Failure~Mode~Group'. This
has a reference to the `Functional~Group', and is a collection
of `failure modes.
By analysing the effects of the failure modes in the `Failure~Mode~Group'
we can determine the failure mode behaviour of the functional group.
This failure mode behaviour is a collection of derived failure modes.
We can now consider the Functional group as a component now, because
we have a set of failure modes for it.
\subsection{Sub-System Class Definition} %
A sub-system can be defined by the classes used to create it, and % \subsection{Systems, functional groups, sub-systems and failure modes}
its set of derived failure modes. %
In this way sub-systems naturally form trees, with the lower most leaf nodes being % It is helpful here to define some terms, `system', `functional~group', `component', `base~component' and `sub-system'.
base components. %
Note that the UML model is recursive. We can build functional groups using sub-systems % A System, is really any coherent entity that would be sold as a safety critical product.
as components. This UML model naturally therefore, forms a hierarchy % A sub-system is a part of some larger system.
of failure mode analysis, which has a one top level entry, that being the SYSTEM. % For instance a stereo amplifier separate is a sub-system. The
The TOP level entry will determine the failure modes % whole Sound System, consists perhaps of the following `sub-systems':
for the product/system under analysis. % CD-player, tuner, amplifier~separate, loudspeakers and ipod~interface.
%
\subsection{Refining the UML model to use inheritance} % %Thinking like this is a top~down analysis approach
We can refine this model a little by noticing that a system is merely the % %and is the way in which FTA\cite{nucfta} analyses a System
top level sub-system. We can thus have System inherit sub-system. % %and breaks it down.
A derived failure mode, is simply a failure mode at a higher level of analysis %
it can therefore inherit `failure\_mode'. % A sub-system will be composed of component parts, which
% may themselves be sub-systems.
The modified UML diagram using inheritance is figure \ref{fig:fmmd_uml2}. %
\begin{figure}[h] % Eventually by a recursive downwards process we would be able to identify
\centering % sub-systems built from base component parts.
\includegraphics[width=350pt,bb=0 0 877 675,keepaspectratio=true]{./fmmd_uml2.jpg} % Each `component part'
% fmmd_uml2.jpg: 877x675 pixel, 72dpi, 30.94x23.81 cm, bb=0 0 877 675 % will have a known fault/failure behaviour.
\caption{UML Representation of Failure Mode Data Types} % That is to say, each base component has a set of known
\label{fig:fmmd_uml2} % ways in which it can fail.
\end{figure} %
% If we look at the sound system again as an
% example; the CD~player could fail in serveral distinct ways, no matter
% what has happened to it or has gone wrong inside it.
%
% A top down approach has an intrinsic problem in that we cannot guess
% every possible failure mode at the SYSTEM level.
% Using the reasoning that working from the bottom up forces the consideration of all possible
% component failures (which could be missed in a top~down approach)
% we are presented with a problem. Which initial collections of base components should we choose ?
%
% For instance in the CD~player example; to start at the bottom; we are presented with
% a massive list of base~components, resistors, motors, user~switches, laser~diodes all sorts !
% Clearly, working from the bottom~up we need to pick small
% collections of components that work together in some way.
% These are termed `functional~groups'. For instance the circuitry that powers the laser diode
% to illuminate the CD might contain a handful of components, and as such would make a good candidate
% to be one of the base level functional~groups.
%
%
% In choosing the lowest level (base component) sub-systems we would look
% for the smallest `functional~groups' of components within a system. A functional~group is a set of components that interact
% to perform a specific function.
%
% When we have analysed the fault behaviour of a functional group, we can treat it as a `black box'.
% We can now call our functional~group a sub-system. The goal here is to know how will behave under fault conditions !
% %Imagine buying one such `sub~system' from a very honest vendor.
% %One of those sir, yes but be warned it may fail in these distinct ways, here
% %in the honest data sheet the set of failure modes is listed!
% This type of thinking is starting to become more commonplace in product literature, with the emergence
% of reliability safety standards such as IOC1508\cite{sccs},EN61508\cite{en61508}.
% FIT (Failure in Time - expected number of failures per billion hours of operation) values
% are published for some micro-controllers. A micro~controller
% is a complex sub-system in its self and could be considered a `black~box' with a given reliability.
% \footnote{Microchip sources give an FIT of 4 for their PIC18 series micro~controllers\cite{microchip}, The DOD
% 1991 reliability manual\cite{mil1991} applies a FIT of 100 for this generic type of component}
%
% As electrical components have detailed datasheets a useful extension of this would
% be failure modes of the component, with environmental factors and MTTF statistics.
%
% Currently this sort of information is generally only available for generic component types\cite{mil1991}.
%
%
% %At higher levels of analysis, functional~groups are pre-analysed sub-systems that interact to
% %erform a given function.
%
% %\vspace{0.3cm}
% \begin{table}[h]
% \begin{tabular}{||l|l||} \hline \hline
% {\em Definition } & {\em Description} \\ \hline
% System & A product designed to \\
% & work as a coherent entity \\ \hline
% Sub-system & A part of a system, \\
% & sub-systems may contain sub-systems \\ \hline
% Failure mode & A way in which a System, \\
% & Sub-system or component can fail \\ \hline
% Functional Group & A collection of sub-systems and/or \\
% & components that interact to \\
% & perform a specific function \\ \hline
% Failure Mode & The collection of all failure \\
% Group & modes from all the members of a \\
% & functional group \\ \hline
% Derived & A failure mode determined from the analysis \\
% Failure mode & of a `Failure Mode Group' \\ \hline
% Base Component & Any bought in component, which \\
% & hopefully has a known set of failure modes \\ \hline
% \hline
% component_failure_modes_definition/
% \end{tabular}
% \label{tab:def}
% \caption{Table of FMMD definitions}
% \end{table}
% %\vspace{0.3cm}
%
% \section{A UML Model of terms introduced}
%
% %
% \begin{figure}[h] % \begin{figure}[h]
% \centering % \centering
% \includegraphics[width=350pt,bb=0 0 680 500,keepaspectratio=true]{component_failure_modes_definition/fmmd_uml2.jpg} % \includegraphics[width=350pt,bb=0 0 680 500,keepaspectratio=true]{component_failure_modes_definition/fmmd_uml.jpg}
% % fmmd_uml.jpg: 680x500 pixel, 72dpi, 23.99x17.64 cm, bb=0 0 680 500 % % fmmd_uml.jpg: 680x500 pixel, 72dpi, 23.99x17.64 cm, bb=0 0 680 500
% \caption{UML respresentation of Failure Mode Data types} % \caption{UML respresentation of Failure Mode Data types}
% \label{fig:fmmd_uml}
% \end{figure}
%
% The diagram in figure \ref{fig:fmmd_uml}
% shows the relationships between the terms defined in table \ref{tab:def} as classes in a UML model.
% We can start with the functional group. This is a minimal collection
% of components that perform a simple given function.
% For our audio separates rig, this could be
% the compoents that supply power to the laser diode.
% From the `Functional~Group' we can now collect
% all the `failure modes of the `components', and
% produce a `Failure~Mode~Group'. This
% has a reference to the `Functional~Group', and is a collection
% of `failure modes.
% By analysing the effects of the failure modes in the `Failure~Mode~Group'
% we can determine the failure mode behaviour of the functional group.
% This failure mode behaviour is a collection of derived failure modes.
% We can now consider the Functional group as a component now, because
% we have a set of failure modes for it.
%
% \subsection{Sub-System Class Definition}
% A sub-system can be defined by the classes used to create it, and
% its set of derived failure modes.
% In this way sub-systems naturally form trees, with the lower most leaf nodes being
% base components.
% Note that the UML model is recursive. We can build functional groups using sub-systems
% as components. This UML model naturally therefore, forms a hierarchy
% of failure mode analysis, which has a one top level entry, that being the SYSTEM.
% The TOP level entry will determine the failure modes
% for the product/system under analysis.
%
% \subsection{Refining the UML model to use inheritance}
% We can refine this model a little by noticing that a system is merely the
% top level sub-system. We can thus have System inherit sub-system.
% A derived failure mode, is simply a failure mode at a higher level of analysis
% it can therefore inherit `failure\_mode'.
%
% The modified UML diagram using inheritance is figure \ref{fig:fmmd_uml2}.
% \begin{figure}[h]
% \centering
% \includegraphics[width=350pt,bb=0 0 877 675,keepaspectratio=true]{./fmmd_uml2.jpg}
% % fmmd_uml2.jpg: 877x675 pixel, 72dpi, 30.94x23.81 cm, bb=0 0 877 675
% \caption{UML Representation of Failure Mode Data Types}
% \label{fig:fmmd_uml2} % \label{fig:fmmd_uml2}
% \end{figure} % \end{figure}
% %
% % \begin{figure}[h]
% % \centering
% % \includegraphics[width=350pt,bb=0 0 680 500,keepaspectratio=true]{component_failure_modes_definition/fmmd_uml2.jpg}
% % % fmmd_uml.jpg: 680x500 pixel, 72dpi, 23.99x17.64 cm, bb=0 0 680 500
% % \caption{UML respresentation of Failure Mode Data types}
% % \label{fig:fmmd_uml2}
% % \end{figure}
\subsection{Unitary State Component Failure Mode sets} \subsection{Unitary State Component Failure Mode sets}
@ -233,7 +324,10 @@ Thus if the failure modes of $F$ are unitary~state, we can say $F \in U$.
A component with simple ``unitary~state'' failure modes is the electrical resistor. A component with simple ``unitary~state'' failure modes is the electrical resistor.
Electrical resistors can fail by going OPEN or SHORTED. Electrical resistors can fail by going OPEN or SHORTED.
However they cannot fail with both conditions active. The conditions
For a given resistor R we can assign it the failure mode by applying
the function $FM$ thus $ FM(R) = \{R_{SHORTED},R_{OPEN}\} $.
Nothing can fail with both conditions open and short active at the same time ! The conditions
OPEN and SHORT are mutually exclusive. OPEN and SHORT are mutually exclusive.
Because of this the failure mode set $F=FM(R)$ is `unitary~state'. Because of this the failure mode set $F=FM(R)$ is `unitary~state'.
@ -244,31 +338,33 @@ $$ R_{SHORTED} \cap R_{OPEN} = \emptyset $$
We can make this a general case by taking a set $C$ (where $c1, c2 \in C$) representing a collection We can make this a general case by taking a set $C$ (where $c1, c2 \in C$) representing a collection
of component failure modes, of component failure modes.
We can now state that We can now state that
$$ c1 \cap c2 \neq \emptyset | c1 \neq c2 \wedge c1,c2 \in C \wedge C \not\in U $$ $$ c1 \cap c2 \neq \emptyset | c1 \neq c2 \wedge c1,c2 \in C \wedge C \not\in U $$
That is to say that if it is impossible that any pair of failure modes can be active at the same time That is to say that it is impossible that any pair of failure modes can be active at the same time
the failure mode set is not unitary~state and does not exist in the family of sets $U$ for the failure mode set $C$ to exists in the family of sets $U$
Note where that are more than two failure~modes, by banning pairs from happening at the same time Note where that are more than two failure~modes, by banning pairs from happening at the same time
we have banned larger combinations as well we have banned larger combinations as well.
\subsection{Component Failure Modes and Statistical Sample Space} \subsection{Component Failure Modes and Statistical Sample Space}
%\paragraph{NOT WRITTEN YET PLEASE IGNORE} %\paragraph{NOT WRITTEN YET PLEASE IGNORE}
A sample space is defined as the set of all possible outcomes. A sample space is defined as the set of all possible outcomes.
Here the outcomes we are interested in are the failure modes
of the component.
When dealing with failure modes, we are not interested in When dealing with failure modes, we are not interested in
the state where the compoent is working perfectly or `OK' (i.e. operating with no error). the state where the component is working perfectly or `OK' (i.e. operating with no error).
We are interested only in ways in which it can fail. We are interested only in ways in which it can fail.
By definition while all components in a system are `working perfectly' By definition while all components in a system are `working perfectly'
that system will not exhibit faulty behavuiour. that system will not exhibit faulty behaviour.
Thus the statistical sample space $\Omega$ for a component/sub-system K is Thus the statistical sample space $\Omega$ for a component/sub-system K is
%$$ \Omega = {OK, failure\_mode_{1},failure\_mode_{2},failure\_mode_{3} ... failure\_mode_{N} $$ %$$ \Omega = {OK, failure\_mode_{1},failure\_mode_{2},failure\_mode_{3} ... failure\_mode_{N} $$
$$ \Omega(K) = \{OK, failure\_mode_{1},failure\_mode_{2},failure\_mode_{3} ... failure\_mode_{N}\} $$ $$ \Omega(K) = \{OK, failure\_mode_{1},failure\_mode_{2},failure\_mode_{3}, ... ,failure\_mode_{N}\} $$
The failure mode set for a given component or sub-system $F$ The failure mode set for a given component or sub-system $F$
is therefore is therefore
$$ F = \Omega(K) \backslash OK $$ $$ F = \Omega(K) \backslash OK $$

BIN
component_failure_modes_definition/componentpl.dia Normal file
View File

Binary file not shown.

BIN
component_failure_modes_definition/componentpl.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.9 KiB