robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

after meeting with Andrew Fish in Hove Friday

Browse Source
This commit is contained in:
Robin 2010-04-24 10:36:33 +01:00
parent 6eedb1e62d
commit 22386efd15
7 changed files with 260 additions and 164 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
component_failure_modes_definition/cfg.dia Normal file
View File

Binary file not shown.

BIN
component_failure_modes_definition/cfg.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

BIN
component_failure_modes_definition/component.dia Normal file
View File

Binary file not shown.

BIN
component_failure_modes_definition/component.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.0 KiB

424
component_failure_modes_definition/component_failure_modes_definition.tex
View File

@ -3,190 +3,281 @@
components, component fault modes and `unitary~state' component fault modes.
The application of Bayes theorem in current methodologies, and
the suitability of the `null hypothesis' or `P' value statistical approach
ar discussed.
are discussed.
Mathematical constraints and definitions are made using set theory.
}
\section{Introduction}
When building a system from components,
we should be able to find all known failure modes for each component.
For most common electrical and mechanical components, the failure modes
for a given type of part can be obtained from standard literature\cite{mil1991}
\cite{mech}. %The failure modes for a given component $K$ form a set $F$.
%When building a system from components,
%we should be able to find all known failure modes for each component.
%For most common electrical and mechanical components, the failure modes
%for a given type of part can be obtained from standard literature\cite{mil1991}
%\cite{mech}. %The failure modes for a given component $K$ form a set $F$.
Using these failure modes we can build a `failure model' from the bottom-up.
%%
%% Paragraph component and its relationship to its failure modes
%%
\subsection{ What is a Component ?}
Let us first define a component. This is anything we use to build a
product or system with. This could be something quite complicated
like an integrated microcontroller, or quite simple like the humble resistor.
We can define a
component by its name, a manufacturers part number and perhaps
a vendors reference number.
What these components all have in common is that they can fail, and fail in
a number of well defined ways. For common components
there is established literature for the failure modes for the system designer consider (with accompanying statistical
failure rates)\cite{mil1991}. For instance, a simple resistor is generally considered
to fail in two ways, it can go open circuit or it can short. But we can also
associate it with a set of known failure modes. The UML diagram in figure
\ref{fig:component} shows a component as a simple data
structure with its failure modes.
\begin{figure}[h]
\centering
\includegraphics[width=400pt,bb=0 0 437 141,keepaspectratio=true]{./component.jpg}
% component.jpg: 437x141 pixel, 72dpi, 15.42x4.97 cm, bb=0 0 437 141
\caption{A Component and its Failure Modes}
\label{fig:component}
\end{figure}
% \begin{figure}[h+]
% \centering
% \includegraphics[width=400pt,bb=0 0 433 68,keepaspectratio=true]{component_failure_modes_definition/component.jpg}
% % component.jpg: 433x68 pixel, 72dpi, 15.28x2.40 cm, bb=0 0 433 68
% \caption{A Component and its failure modes}
% \label{fig:component}
% \end{figure}
A product naturally consists of many components and these are traditionally
kept in a `parts list'. For safety critical product this is a usually formal document
and is used by quality inspectors to ensure the correct parts are being fitted.
For our UML diagram the parts list is simply a collection of components
as shown in figure \ref{fig:componentpl}.
\begin{figure}[h]
\centering
\includegraphics[width=400pt,bb=0 0 712 68,keepaspectratio=true]{./componentpl.jpg}
% componentpl.jpg: 712x68 pixel, 72dpi, 25.12x2.40 cm, bb=0 0 712 68
\caption{Parts List of Components}
\label{fig:componentpl}
\end{figure}
%%
%% Paragraph using failure modes to build from bottom up
%%
\subsection{Fault Mode Analysis, top down or bottom up?}
Traditional static fault analysis methods work from the top down.
They identify faults that can occur in a system, and then work down
to see how they could be caused. Some apply statistical tequniques to
determine the likelihood of component failures causing specific system level errors (see Bayes theorem \ref{bayes}).
Another top down technique is ato apply cost benifit analysis
determine the likelihood of component failures
causing specific system level errors (see Bayes theorem \ref{bayes}).
Another top down technique is to apply cost benifit analysis
to determine which faults are the highest priority to fix\cite{FMEA}.
The aim of this study is to produce complete failure
models of safety critical systems from the bottom-up,
starting, where possible with known component failure modes.
\subsection{Systems, functional groups, sub-systems and failure modes}
It is helpful here to define some terms, `system', `functional~group', `component', `base~component' and `sub-system'.
A System, is really any coherent entity that would be sold as a safety critical product.
A sub-system is a part of some larger system.
For instance a stereo amplifier separate is a sub-system. The
whole Sound System, consists perhaps of the following `sub-systems':
CD-player, tuner, amplifier~separate, loudspeakers and ipod~interface.
%Thinking like this is a top~down analysis approach
%and is the way in which FTA\cite{nucfta} analyses a System
%and breaks it down.
A sub-system will be composed of component parts, which
may themselves be sub-systems.
Eventually by a recursive downwards process we would be able to identify
sub-systems built from base component parts.
Each `component part'
will have a known fault/failure behaviour.
That is to say, each base component has a set of known
ways in which it can fail.
If we look at the sound system again as an
example; the CD~player could fail in serveral distinct ways, no matter
what has happened to it or has gone wrong inside it.
A top down approach has an intrinsic problem in that we cannot guess
every possible failure mode at the SYSTEM level.
Using the reasoning that working from the bottom up forces the consideration of all possible
component failures (which could be missed in a top~down approach)
we are presented with a problem. Which initial collections of base components should we choose ?
For instance in the CD~player example; to start at the bottom; we are presented with
a massive list of base~components, resistors, motors, user~switches, laser~diodes all sorts !
Clearly, working from the bottom~up we need to pick small
collections of components that work together in some way.
These are termed `functional~groups'. For instance the circuitry that powers the laser diode
to illuminate the CD might contain a handful of components, and as such would make a good candidate
to be one of the base level functional~groups.
In choosing the lowest level (base component) sub-systems we would look
for the smallest `functional~groups' of components within a system. A functional~group is a set of components that interact
to perform a specific function.
When we have analysed the fault behaviour of a functional group, we can treat it as a `black box'.
We can now call our functional~group a sub-system. The goal here is to know how will behave under fault conditions !
%Imagine buying one such `sub~system' from a very honest vendor.
%One of those sir, yes but be warned it may fail in these distinct ways, here
%in the honest data sheet the set of failure modes is listed!
This type of thinking is starting to become more commonplace in product literature, with the emergence
of reliability safety standards such as IOC1508\cite{sccs},EN61508\cite{en61508}.
FIT (Failure in Time - expected number of failures per billion hours of operation) values
are published for some micro-controllers. A micro~controller
is a complex sub-system in its self and could be considered a `black~box' with a given reliability.
\footnote{Microchip sources give an FIT of 4 for their PIC18 series micro~controllers\cite{microchip}, The DOD
1991 reliability manual\cite{mil1991} applies a FIT of 100 for this generic type of component}
As electrical components have detailed datasheets a useful extension of this would
be failure modes of the component, with environmental factors and MTTF statistics.
Currently this sort of information is generally only available for generic component types\cite{mil1991}.
%At higher levels of analysis, functional~groups are pre-analysed sub-systems that interact to
%erform a given function.
%\vspace{0.3cm}
\begin{table}[h]
\begin{tabular}{||l|l||} \hline \hline
{\em Definition } & {\em Description} \\ \hline
System & A product designed to \\
& work as a coherent entity \\ \hline
Sub-system & A part of a system, \\
& sub-systems may contain sub-systems \\ \hline
Failure mode & A way in which a System, \\
& Sub-system or component can fail \\ \hline
Functional Group & A collection of sub-systems and/or \\
& components that interact to \\
& perform a specific function \\ \hline
Failure Mode & The collection of all failure \\
Group & modes from all the members of a \\
& functional group \\ \hline
Derived & A failure mode determined from the analysis \\
Failure mode & of a `Failure Mode Group' \\ \hline
Base Component & Any bought in component, which \\
& hopefully has a known set of failure modes \\ \hline
\hline
\end{tabular}
\label{tab:def}
\caption{Table of FMMD definitions}
\end{table}
%\vspace{0.3cm}
\section{A UML Model of terms introduced}
In order to analyse from the bottom-up, we need to take
small groups of components from the parts~list that naturally
work together to perform a simple function.
We can term this a `Functional~Group'. When we have a
`Functional~Group' we can look at the failure modes of all the components
in it and decide how these will affect the Group.
Or in other words we can determine the failure modes of the functional
group. These failure modes are derived from the functional group, as so we can call
them `derived failure modes'.
We now have something very useful, because
we can now treat this functional group as a component with a known set of failure modes.
This newly derived component can be used as a higher level
building block for the system we are analysing.
Derived components, can be used
to form higher level functional groups.
This process can continue until have build a hierarcy that converges to a failure model of the entire system.
To differentiate the components derived from functional groups, we can
add a new attribute to the class `Component', that of analysis
level.
We can represet this in a UML diagram see figure \ref{fig:cfg}
\begin{figure}[h]
\centering
\includegraphics[width=350pt,bb=0 0 680 500,keepaspectratio=true]{component_failure_modes_definition/fmmd_uml.jpg}
% fmmd_uml.jpg: 680x500 pixel, 72dpi, 23.99x17.64 cm, bb=0 0 680 500
\caption{UML respresentation of Failure Mode Data types}
\label{fig:fmmd_uml}
\includegraphics[width=400pt,bb=0 0 712 235,keepaspectratio=true]{./cfg.jpg}
% cfg.jpg: 712x205 pixel, 72dpi, 25.12x7.23 cm, bb=0 0 712 205
\caption{Components Derived from Functional Groups}
\label{fig:cfg}
\end{figure}
The diagram in figure \ref{fig:fmmd_uml}
shows the relationships between the terms defined in table \ref{tab:def} as classes in a UML model.
We can start with the functional group. This is a minimal collection
of components that perform a simple given function.
For our audio separates rig, this could be
the compoents that supply power to the laser diode.
From the `Functional~Group' we can now collect
all the `failure modes of the `components', and
produce a `Failure~Mode~Group'. This
has a reference to the `Functional~Group', and is a collection
of `failure modes.
By analysing the effects of the failure modes in the `Failure~Mode~Group'
we can determine the failure mode behaviour of the functional group.
This failure mode behaviour is a collection of derived failure modes.
We can now consider the Functional group as a component now, because
we have a set of failure modes for it.
\subsection{Sub-System Class Definition}
A sub-system can be defined by the classes used to create it, and
its set of derived failure modes.
In this way sub-systems naturally form trees, with the lower most leaf nodes being
base components.
Note that the UML model is recursive. We can build functional groups using sub-systems
as components. This UML model naturally therefore, forms a hierarchy
of failure mode analysis, which has a one top level entry, that being the SYSTEM.
The TOP level entry will determine the failure modes
for the product/system under analysis.
\subsection{Refining the UML model to use inheritance}
We can refine this model a little by noticing that a system is merely the
top level sub-system. We can thus have System inherit sub-system.
A derived failure mode, is simply a failure mode at a higher level of analysis
it can therefore inherit `failure\_mode'.
The modified UML diagram using inheritance is figure \ref{fig:fmmd_uml2}.
\begin{figure}[h]
\centering
\includegraphics[width=350pt,bb=0 0 877 675,keepaspectratio=true]{./fmmd_uml2.jpg}
% fmmd_uml2.jpg: 877x675 pixel, 72dpi, 30.94x23.81 cm, bb=0 0 877 675
\caption{UML Representation of Failure Mode Data Types}
\label{fig:fmmd_uml2}
\end{figure}
%
% \subsection{Systems, functional groups, sub-systems and failure modes}
%
% It is helpful here to define some terms, `system', `functional~group', `component', `base~component' and `sub-system'.
%
% A System, is really any coherent entity that would be sold as a safety critical product.
% A sub-system is a part of some larger system.
% For instance a stereo amplifier separate is a sub-system. The
% whole Sound System, consists perhaps of the following `sub-systems':
% CD-player, tuner, amplifier~separate, loudspeakers and ipod~interface.
%
% %Thinking like this is a top~down analysis approach
% %and is the way in which FTA\cite{nucfta} analyses a System
% %and breaks it down.
%
% A sub-system will be composed of component parts, which
% may themselves be sub-systems.
%
% Eventually by a recursive downwards process we would be able to identify
% sub-systems built from base component parts.
% Each `component part'
% will have a known fault/failure behaviour.
% That is to say, each base component has a set of known
% ways in which it can fail.
%
% If we look at the sound system again as an
% example; the CD~player could fail in serveral distinct ways, no matter
% what has happened to it or has gone wrong inside it.
%
% A top down approach has an intrinsic problem in that we cannot guess
% every possible failure mode at the SYSTEM level.
% Using the reasoning that working from the bottom up forces the consideration of all possible
% component failures (which could be missed in a top~down approach)
% we are presented with a problem. Which initial collections of base components should we choose ?
%
% For instance in the CD~player example; to start at the bottom; we are presented with
% a massive list of base~components, resistors, motors, user~switches, laser~diodes all sorts !
% Clearly, working from the bottom~up we need to pick small
% collections of components that work together in some way.
% These are termed `functional~groups'. For instance the circuitry that powers the laser diode
% to illuminate the CD might contain a handful of components, and as such would make a good candidate
% to be one of the base level functional~groups.
%
%
% In choosing the lowest level (base component) sub-systems we would look
% for the smallest `functional~groups' of components within a system. A functional~group is a set of components that interact
% to perform a specific function.
%
% When we have analysed the fault behaviour of a functional group, we can treat it as a `black box'.
% We can now call our functional~group a sub-system. The goal here is to know how will behave under fault conditions !
% %Imagine buying one such `sub~system' from a very honest vendor.
% %One of those sir, yes but be warned it may fail in these distinct ways, here
% %in the honest data sheet the set of failure modes is listed!
% This type of thinking is starting to become more commonplace in product literature, with the emergence
% of reliability safety standards such as IOC1508\cite{sccs},EN61508\cite{en61508}.
% FIT (Failure in Time - expected number of failures per billion hours of operation) values
% are published for some micro-controllers. A micro~controller
% is a complex sub-system in its self and could be considered a `black~box' with a given reliability.
% \footnote{Microchip sources give an FIT of 4 for their PIC18 series micro~controllers\cite{microchip}, The DOD
% 1991 reliability manual\cite{mil1991} applies a FIT of 100 for this generic type of component}
%
% As electrical components have detailed datasheets a useful extension of this would
% be failure modes of the component, with environmental factors and MTTF statistics.
%
% Currently this sort of information is generally only available for generic component types\cite{mil1991}.
%
%
% %At higher levels of analysis, functional~groups are pre-analysed sub-systems that interact to
% %erform a given function.
%
% %\vspace{0.3cm}
% \begin{table}[h]
% \begin{tabular}{||l|l||} \hline \hline
% {\em Definition } & {\em Description} \\ \hline
% System & A product designed to \\
% & work as a coherent entity \\ \hline
% Sub-system & A part of a system, \\
% & sub-systems may contain sub-systems \\ \hline
% Failure mode & A way in which a System, \\
% & Sub-system or component can fail \\ \hline
% Functional Group & A collection of sub-systems and/or \\
% & components that interact to \\
% & perform a specific function \\ \hline
% Failure Mode & The collection of all failure \\
% Group & modes from all the members of a \\
% & functional group \\ \hline
% Derived & A failure mode determined from the analysis \\
% Failure mode & of a `Failure Mode Group' \\ \hline
% Base Component & Any bought in component, which \\
% & hopefully has a known set of failure modes \\ \hline
% \hline
% component_failure_modes_definition/
% \end{tabular}
% \label{tab:def}
% \caption{Table of FMMD definitions}
% \end{table}
% %\vspace{0.3cm}
%
% \section{A UML Model of terms introduced}
%
%
% \begin{figure}[h]
% \centering
% \includegraphics[width=350pt,bb=0 0 680 500,keepaspectratio=true]{component_failure_modes_definition/fmmd_uml2.jpg}
% \includegraphics[width=350pt,bb=0 0 680 500,keepaspectratio=true]{component_failure_modes_definition/fmmd_uml.jpg}
% % fmmd_uml.jpg: 680x500 pixel, 72dpi, 23.99x17.64 cm, bb=0 0 680 500
% \caption{UML respresentation of Failure Mode Data types}
% \label{fig:fmmd_uml}
% \end{figure}
%
% The diagram in figure \ref{fig:fmmd_uml}
% shows the relationships between the terms defined in table \ref{tab:def} as classes in a UML model.
% We can start with the functional group. This is a minimal collection
% of components that perform a simple given function.
% For our audio separates rig, this could be
% the compoents that supply power to the laser diode.
% From the `Functional~Group' we can now collect
% all the `failure modes of the `components', and
% produce a `Failure~Mode~Group'. This
% has a reference to the `Functional~Group', and is a collection
% of `failure modes.
% By analysing the effects of the failure modes in the `Failure~Mode~Group'
% we can determine the failure mode behaviour of the functional group.
% This failure mode behaviour is a collection of derived failure modes.
% We can now consider the Functional group as a component now, because
% we have a set of failure modes for it.
%
% \subsection{Sub-System Class Definition}
% A sub-system can be defined by the classes used to create it, and
% its set of derived failure modes.
% In this way sub-systems naturally form trees, with the lower most leaf nodes being
% base components.
% Note that the UML model is recursive. We can build functional groups using sub-systems
% as components. This UML model naturally therefore, forms a hierarchy
% of failure mode analysis, which has a one top level entry, that being the SYSTEM.
% The TOP level entry will determine the failure modes
% for the product/system under analysis.
%
% \subsection{Refining the UML model to use inheritance}
% We can refine this model a little by noticing that a system is merely the
% top level sub-system. We can thus have System inherit sub-system.
% A derived failure mode, is simply a failure mode at a higher level of analysis
% it can therefore inherit `failure\_mode'.
%
% The modified UML diagram using inheritance is figure \ref{fig:fmmd_uml2}.
% \begin{figure}[h]
% \centering
% \includegraphics[width=350pt,bb=0 0 877 675,keepaspectratio=true]{./fmmd_uml2.jpg}
% % fmmd_uml2.jpg: 877x675 pixel, 72dpi, 30.94x23.81 cm, bb=0 0 877 675
% \caption{UML Representation of Failure Mode Data Types}
% \label{fig:fmmd_uml2}
% \end{figure}
% %
% % \begin{figure}[h]
% % \centering
% % \includegraphics[width=350pt,bb=0 0 680 500,keepaspectratio=true]{component_failure_modes_definition/fmmd_uml2.jpg}
% % % fmmd_uml.jpg: 680x500 pixel, 72dpi, 23.99x17.64 cm, bb=0 0 680 500
% % \caption{UML respresentation of Failure Mode Data types}
% % \label{fig:fmmd_uml2}
% % \end{figure}
\subsection{Unitary State Component Failure Mode sets}
@ -233,7 +324,10 @@ Thus if the failure modes of $F$ are unitary~state, we can say $F \in U$.
A component with simple ``unitary~state'' failure modes is the electrical resistor.
Electrical resistors can fail by going OPEN or SHORTED.
However they cannot fail with both conditions active. The conditions
For a given resistor R we can assign it the failure mode by applying
the function $FM$ thus $ FM(R) = \{R_{SHORTED},R_{OPEN}\} $.
Nothing can fail with both conditions open and short active at the same time ! The conditions
OPEN and SHORT are mutually exclusive.
Because of this the failure mode set $F=FM(R)$ is `unitary~state'.
@ -244,31 +338,33 @@ $$ R_{SHORTED} \cap R_{OPEN} = \emptyset $$
We can make this a general case by taking a set $C$ (where $c1, c2 \in C$) representing a collection
of component failure modes,
of component failure modes.
We can now state that
$$ c1 \cap c2 \neq \emptyset | c1 \neq c2 \wedge c1,c2 \in C \wedge C \not\in U $$
That is to say that if it is impossible that any pair of failure modes can be active at the same time
the failure mode set is not unitary~state and does not exist in the family of sets $U$
That is to say that it is impossible that any pair of failure modes can be active at the same time
for the failure mode set $C$ to exists in the family of sets $U$
Note where that are more than two failure~modes, by banning pairs from happening at the same time
we have banned larger combinations as well
we have banned larger combinations as well.
\subsection{Component Failure Modes and Statistical Sample Space}
%\paragraph{NOT WRITTEN YET PLEASE IGNORE}
A sample space is defined as the set of all possible outcomes.
Here the outcomes we are interested in are the failure modes
of the component.
When dealing with failure modes, we are not interested in
the state where the compoent is working perfectly or `OK' (i.e. operating with no error).
the state where the component is working perfectly or `OK' (i.e. operating with no error).
We are interested only in ways in which it can fail.
By definition while all components in a system are `working perfectly'
that system will not exhibit faulty behavuiour.
that system will not exhibit faulty behaviour.
Thus the statistical sample space $\Omega$ for a component/sub-system K is
%$$ \Omega = {OK, failure\_mode_{1},failure\_mode_{2},failure\_mode_{3} ... failure\_mode_{N} $$
$$ \Omega(K) = \{OK, failure\_mode_{1},failure\_mode_{2},failure\_mode_{3} ... failure\_mode_{N}\} $$
$$ \Omega(K) = \{OK, failure\_mode_{1},failure\_mode_{2},failure\_mode_{3}, ... ,failure\_mode_{N}\} $$
The failure mode set for a given component or sub-system $F$
is therefore
$$ F = \Omega(K) \backslash OK $$

BIN
component_failure_modes_definition/componentpl.dia Normal file
View File

Binary file not shown.

BIN
component_failure_modes_definition/componentpl.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.9 KiB