robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

systematic working through marked up printout of whole thesis as is

Browse Source
This commit is contained in:
Robin 2010-04-04 13:45:38 +01:00
parent 9fce93fdce
commit 2469683b5d
28 changed files with 16553 additions and 148 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
burner/Makefile Normal file
View File

@ -0,0 +1,17 @@
#
# Make the propositional logic diagram a paper
#
paper: paper.tex burner_paper.tex
#latex paper.tex
#dvipdf paper pdflatex cannot use eps ffs
pdflatex paper.tex
okular paper.pdf
# Remove the need for referncing graphics in subdirectories
#
burner_paper.tex: burner.tex
cat burner.tex | sed 's/burner\///' > paper.tex

63
burner/burner.tex Normal file
View File

@ -0,0 +1,63 @@
%
% Make the revision and doc number macro's then they are defined in one place
\begin{abstract}
things can get very abstract
\end{abstract}
\section{Overview of A Burner Controller : Safety Perspective}
\section{Background to the Industrial Burner Safety Analysis Problem}
An industrial burner is a good example of a safety critical system.
It has the potential for devistating explosions due to boiler overpressure, low water, or
ignition of an explosive mixture, and, because of the large amounts of fuel used,
is also a fire hazard. Industrial boilers are often left running unattended
for long periods of time (typically days).
To add to these problems
Operators are often under pressure to keep them running. A boiler supplying
heat to a large greenhouse complex could ruin crops
should it go off-line. Similarly a production line relying on heat or steam
can be very expensive in production down-time should it fail.
This places extra responsibility on the burner controller.
These are common place and account for a very large proportion of the enery usage
in the world today (find and ref stats)
Industrial burners are common enough to have different specific standards
written for the fuel types they use \ref{EN298} \ref{EN230} \ref{EN12067}.
A modern industrial burner has mechanical, electronic and software
elements, that are all safety critical. That is to say
unhandled failures could create dangerous faults.
A more detailed description of industrial burner controllers
is dealt with in chapter~\ref{burnercontroller}.
Systems such as industrial burners have been partially automated for some time.
A mechanical cam arrangement controls the flow of air and fuel for the range of
firing rate (output of the boiler).
These mechanical systems could suffer failures (such as a mechanical linkage beoming
detached) and could then operate in a potentially dangerous state.
More modern burner controllers use a safety critical computer controlling
motors to operate the fuel and air mixture and to control the safety
valves.
In working in the industrial burner industry and submitting product for
North American and European safety approval, it was apparent that
formal techniques could be applied to aspects of the ciruit design.
Some safety critical circuitry would be subjected to thought experiments, where
the actions of one or more components failing would be examined.
As a simple example a milli-volt input could become disconnected.
A milli-volt input is typically amplified so that its range matches that
of the A->D converter that you are reading. were this signal source to become disconnected
the systems would see a floating, amplified signal.
A high impedance safety resistor can be added to the circuit,
to pull the signal high (or out of nornal range) upon disconnection.
The system then knows that a fault has occurred and will not use
that sensor reading (see \ref{fig:millivolt}).

9
burner/burner.tex~ Normal file
View File

@ -0,0 +1,9 @@
%
% Make the revision and doc number macro's then they are defined in one place
\begin{abstract}
\end{abstract}
\section{Overview of A Burner Controller : Safety Perspective}

404
burner/mybib.bib Normal file
View File

@ -0,0 +1,404 @@
%
%
% $Id: mybib.bib,v 1.5 2008/12/18 17:05:23 robin Exp $
%
%
@TechReport{db,
author = {R Clark, D Legge},
title = {ETC6000 Daughterboard Design notes},
institution = {ETC HR221850},
year = {2004},
key = {},
OPTtype = {},
OPTnumber = {},
OPTaddress = {},
OPTmonth = {},
OPTnote = {},
OPTannote = {},
OPTurl = {},
OPTdoi = {},
issn = {HR221850},
OPTlocalfile = {},
OPTabstract = {},
}
@TechReport{mil1991,
author = {U.S. Department of Defence},
title = {Reliability Prediction of Electronic Equipment},
institution = {DOD},
year = {1991},
key = {MIL-HDBK-217F},
OPTtype = {},
OPTnumber = {},
OPTaddress = {},
OPTmonth = {},
OPTnote = {},
OPTannote = {},
OPTurl = {},
OPTdoi = {},
OPTissn = {},
OPTlocalfile = {},
OPTabstract = {},
}
@Manual{tlp181,
title = {TLP 181 Datasheet},
key = {TOSHIBA Photocoupler GaAs Ired & PhotoTransistor},
author = {Toshiba inc.},
OPTorganization = {},
%address = {http://www.toshiba.com/taec/components2/Datasheet\_Sync//206/4191.pdf},
OPTedition = {},
OPTmonth = {},
year = {2009},
OPTnote = {},
OPTannote = {},
OPTurl = {},
OPTdoi = {},
OPTissn = {},
OPTlocalfile = {},
OPTabstract = {},
}
@Manual{pic18f2523,
title = {PIC18F2523 Datasheet},
OPTkey = {},
author = {Microchip inc},
OPTorganization = {},
address = {http://ww1.microchip.com/downloads/en/DeviceDoc/39755c.pdf},
OPTedition = {},
OPTmonth = {},
year = {2009},
OPTnote = {},
OPTannote = {},
OPTurl = {},
OPTdoi = {},
OPTissn = {},
OPTlocalfile = {},
OPTabstract = {},
}
@Book{wt,
title = {Water Treatment Essentials for Boiler Plant Operation},
publisher = {Mc Graw Hill ISBN 0-07-048291-5},
year = {1997},
author = {Robert G Nunn},
ALTALTeditor = {},
OPTkey = {},
OPTvolume = {},
OPTnumber = {},
OPTseries = {},
OPTaddress = {},
OPTedition = {},
OPTmonth = {},
OPTnote = {},
OPTannote = {},
OPTurl = {},
OPTdoi = {},
OPTissn = {ISBN 0-07-048291-5},
OPTlocalfile = {},
OPTabstracts = {},
}
@TechReport{pcbAI222562,
author = {C Talmay},
title = {Circuit Schematic TDS Daughterboard AI222562},
institution = {ETC},
year = {2010},
OPTkey = {},
OPTtype = {},
OPTnumber = {AI222562},
OPTaddress = {},
OPTmonth = {},
OPTnote = {},
OPTannote = {},
OPTurl = {},
OPTdoi = {},
OPTissn = {},
OPTlocalfile = {},
OPTabstract = {},
}
@TechReport{spiraxsarco,
author = {Spirax Sarco},
title = {http://www.spiraxsarco.com/resources/steam-engineering-tutorials.asp},
institution = {Spirax Sarco},
year = {2010},
OPTkey = {},
OPTtype = {},
OPTnumber = {},
OPTaddress = {},
OPTmonth = {},
OPTnote = {},
OPTannote = {},
OPTurl = {},
OPTdoi = {},
OPTissn = {},
OPTlocalfile = {},
OPTabstract = {},
}
@Book{aoe,
title = {The Art of Electronics},
publisher = {Cambridge},
year = {1989},
author = {Paul Horowitz, Winfield Hill},
%author = {},
OPTkey = {},
OPTvolume = {},
OPTnumber = {},
OPTseries = {},
OPTaddress = {},
OPTedition = {2nd},
OPTmonth = {},
OPTnote = {},
OPTannote = {},
OPTurl = {},
OPTdoi = {},
OPTissn = {ISBN 0-521-37095-7},
OPTlocalfile = {},
OPTabstracts = {},
}
@TechReport{eurothermtables,
author = {},
title = {Thermocouple Emf TABLES and PLATINUM 100 RESISTANCE THERMOMETER TABLES},
institution = {Eurotherm},
year = {1973},
OPTkey = {},
OPTtype = {},
OPTnumber = {},
OPTaddress = {},
OPTmonth = {June},
OPTnote = {Bulletin TT-1},
OPTannote = {},
OPTurl = {},
OPTdoi = {},
OPTissn = {},
OPTlocalfile = {},
OPTabstract = {},
}
@MISC{iso639-1,
title = "ISO 639-1: Code for the Representation of Names of Languages",
author = "International Standardization Organization",
howpublished = "http://www.loc.gov/standards/iso639-2/criteria1.html"
year = "1998"
}
@MISC{nano-x,
title = "The nano-X windowing system",
author = "Greg Haerr",
howpublished = "http://www.microwindows.org/"
year = "2003"
}
@MISC{X11,
title = "The XFree86 Project, Inc",
author = "Open Source",
howpublished = "http://www.xfree86.org/"
year = "1992"
}
http://www.xfree86.org/
@MISC{iso639-2,
title = "ISO 639-2: Code for the Representation of Names of Languages",
author = "International Standardization Organization",
howpublished = "http://www.loc.gov/standards/iso639-2/criteria1.html"
year = "1998"
}
@misc{ touchscreenprod,
author = "M. Thirsk",
title = "Touchscreen Production Procedure : HR~222165",
howpublished = "Internal ETC Document",
year = "2008" };
@misc{ touchscreensoftware,
author = "ETC Software Dept.",
title = "Touchscreen Software released to Production : HR~222162",
howpublished = "Internal ETC Software (medium: 2 MMC cards)",
year = "2008" };
@misc{ touchscreengui,
author = "D.J. Legge, R.P.Clark",
title = "Touchscreen GUI Design Document : HR~222163",
howpublished = "Internal ETC Document",
year = "2008" };
@misc{ gumstix,
author = "Gumstix Inc",
title = "Gumstix Home Page",
howpublished = "WEB http://www.gumstix.com/",
year = "2008" };
@misc{ fltk,
author = "FLTK open Source Developers",
title = "Fast Light Toolkit",
howpublished = "WEB http://www.fltk.org/",
year = "2008" };
@Book{ldd,
author = {Jonathon Corbet},
ALTeditor = {Alessandro Rubini},
ALTeditor = {Greg Kroah-Hartman},
title = {Linux Device Drivers},
publisher = {O'Reilly ISBN 0-596-00590-3},
year = {1998},
OPTkey = {ISBN 0-596-00590-3},
OPTvolume = {},
OPTnumber = {},
OPTseries = {linux},
OPTaddress = {},
OPTedition = {3rd},
OPTmonth = {},
OPTnote = {},
OPTannote = {},
OPTurl = {www.oreilly.com},
OPTdoi = {},
OPTissn = {},
OPTlocalfile = {},
OPTabstract = {}
};
@Book{bash,
author = {Carl Albing},
title = {Bash Cookbook},
publisher = {O'Reilly ISBN 0-596-52678-4},
year = {2007},
OPTkey = {ISBN 0-596-52678-4},
OPTvolume = {},
OPTnumber = {},
OPTseries = {unix/linux},
OPTaddress = {},
OPTedition = {},
OPTmonth = {},
OPTnote = {},
OPTannote = {},
OPTurl = {www.oreilly.com},
OPTdoi = {},
OPTissn = {},
OPTlocalfile = {},
OPTabstract = {}
};
@Book{sedawk,
author = {Dale Dougherty, Arnold Robbins},
title = {Sed and Awk},
publisher = {O'Reilly ISBN 1-56592-225-5},
year = {1997},
OPTkey = {ISBN 1-56592-225-5},
OPTvolume = {},
OPTnumber = {},
OPTseries = {unix/linux},
OPTaddress = {},
OPTedition = {},
OPTmonth = {},
OPTnote = {},
OPTannote = {},
OPTurl = {www.oreilly.com},
OPTdoi = {},
OPTissn = {},
OPTlocalfile = {},
OPTabstract = {}
};
@Book{bels,
author = {Karim Yaghmour},
title = {Building Embedded LINUX systems},
publisher = {O'Reilly ISBN ISBN 0-596-00222-X},
year = {2003},
OPTkey = {ISBN 0-596-00222-X},
OPTvolume = {},
OPTnumber = {},
OPTseries = {linux},
OPTaddress = {},
OPTedition = {3rd},
OPTmonth = {},
OPTnote = {},
OPTannote = {},
OPTurl = {www.oreilly.com},
OPTdoi = {},
OPTissn = {},
OPTlocalfile = {},
OPTabstract = {}
};
@Book{can,
author = {Olaf Pfeiffer},
ALTeditor = {Andrew Ayre},
ALTeditor = {Christian Keydel},
title = {Embedded networking with CAN and CANopen},
publisher = {RTC ISBN 0-929392-78-7},
year = {2003},
OPTkey = { },
OPTvolume = {},
OPTnumber = {},
OPTseries = {Embedded Systems},
OPTaddress = {},
OPTedition = {1st},
OPTmonth = {},
OPTnote = {},
OPTannote = {},
OPTurl = {www.rtcbooks.com},
OPTdoi = {},
OPTissn = {},
OPTlocalfile = {},
OPTabstract = {}
};
@Article{article,
author = {dd},
title = {dd},
journal = {dd},
year = {2008},
OPTkey = {},
OPTvolume = {},
OPTnumber = {},
OPTpages = {1,2},
OPTmonth = {JAN},
OPTnote = {},
OPTannote = {},
OPTurl = {},
OPTdoi = {},
OPTissn = {},
OPTlocalfile = {},
OPTabstract = {}
};
@Book{sqlite,
author = {Micheal Owens},
title = {The definitive guide to SQLite},
publisher = {Apres ISBN 1-59059-673-0},
year = {2006},
OPTkey = {},
OPTvolume = {},
OPTnumber = {},
OPTseries = {Databases/SQLite},
OPTaddress = {},
OPTedition = {},
OPTmonth = {},
OPTnote = {},
OPTannote = {},
OPTurl = {},
OPTdoi = {},
OPTissn = {},
OPTlocalfile = {},
OPTabstract = {}
};

2
burner/papaer.tex Normal file
View File

@ -0,0 +1,2 @@
:e paper.tex

53
burner/paper.aux Normal file
View File

@ -0,0 +1,53 @@
\relax
\citation{aoe}
\@writefile{lof}{\contentsline {figure}{\numberline {1}{\ignorespaces PT100 four wire circuit}}{1}}
\newlabel{fig:pt100}{{1}{1}}
\@writefile{toc}{\contentsline {section}{\numberline {1}Overview of PT100 four wire circuit}{1}}
\@writefile{toc}{\contentsline {subsection}{\numberline {1.1}Accuracy despite variable \\ resistance in cables}{1}}
\citation{eurothermtables}
\citation{mil1991}
\citation{mil1991}
\@writefile{lof}{\contentsline {figure}{\numberline {2}{\ignorespaces PT100 expected voltage ranges}}{2}}
\newlabel{fig:pt100vrange}{{2}{2}}
\@writefile{toc}{\contentsline {subsection}{\numberline {1.2}Calculating Temperature from \\ the sense line voltages}{2}}
\@writefile{toc}{\contentsline {section}{\numberline {2}Safety case for 4 wire circuit}{2}}
\citation{aoe}
\citation{eurothermtables}
\citation{eurothermtables}
\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Single Fault FMEA Analysis \\ of PT100 Four wire circuit}{3}}
\newlabel{fmea}{{2.1}{3}}
\@writefile{lot}{\contentsline {table}{\numberline {1}{\ignorespaces PT100 FMEA Single Faults}}{3}}
\newlabel{ptfmea}{{1}{3}}
\@writefile{toc}{\contentsline {subsection}{\numberline {2.2}Range and PT100 Calculations}{3}}
\newlabel{pt100temp}{{2.2}{3}}
\@writefile{lot}{\contentsline {table}{\numberline {2}{\ignorespaces PT100 Maximum and Minimum Values}}{4}}
\newlabel{ptbounds}{{2}{4}}
\@writefile{toc}{\contentsline {section}{\numberline {3}Single Fault FMEA Analysis \\ of PT100 Four wire circuit}{4}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.1}Single Fault Modes as PLD}{4}}
\@writefile{lof}{\contentsline {figure}{\numberline {3}{\ignorespaces PT100 Component Failure Modes}}{4}}
\newlabel{fig:pt100_tc}{{3}{4}}
\@writefile{lof}{\contentsline {figure}{\numberline {4}{\ignorespaces Voltage Divider}}{5}}
\newlabel{fig:vd}{{4}{5}}
\newlabel{eqn:vd}{{1}{5}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.2}Proof of Out of Range \\ Values for Failures}{5}}
\newlabel{pt110range}{{3.2}{5}}
\@writefile{toc}{\contentsline {subsubsection}{\numberline {3.2.1} TC1 : Voltages $R_1$ SHORT }{5}}
\@writefile{toc}{\contentsline {subsubsection}{\numberline {3.2.2} TC2 : Voltages $R_1$ OPEN }{5}}
\@writefile{toc}{\contentsline {subsubsection}{\numberline {3.2.3} TC 3 : Voltages $R_2$ SHORT }{5}}
\@writefile{toc}{\contentsline {subsubsection}{\numberline {3.2.4} TC : 4 Voltages $R_2$ OPEN }{6}}
\@writefile{toc}{\contentsline {subsubsection}{\numberline {3.2.5} TC 5 : Voltages $R_3$ SHORT }{6}}
\@writefile{toc}{\contentsline {subsubsection}{\numberline {3.2.6} TC 6 : Voltages $R_3$ OPEN }{6}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.3}Summary of Analysis}{6}}
\@writefile{lof}{\contentsline {figure}{\numberline {5}{\ignorespaces PT100 Component Failure Modes}}{7}}
\newlabel{fig:pt100_tc_sp}{{5}{7}}
\@writefile{lof}{\contentsline {figure}{\numberline {6}{\ignorespaces PT100 Circuit Failure Modes : From Single Faults Analysis}}{7}}
\newlabel{fig:pt100_singlef}{{6}{7}}
\citation{mil1991}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.4}Mean Time to Failure}{8}}
\@writefile{lot}{\contentsline {table}{\numberline {3}{\ignorespaces PT100 FMEA Single // Fault Statistics}}{8}}
\newlabel{tab:stat_single}{{3}{8}}
\@writefile{lof}{\contentsline {figure}{\numberline {7}{\ignorespaces Probablistic Fault Tree : PT100 Single Faults}}{9}}
\newlabel{fig:stat_single}{{7}{9}}
\bibstyle{plain}
\bibdata{vmgbibliography,mybib}
\@writefile{toc}{\contentsline {section}{\numberline {4} PT100 Double Simultaneous \\ Fault Analysis}{10}}

555
burner/paper.log Normal file
View File

@ -0,0 +1,555 @@
This is pdfTeXk, Version 3.141592-1.40.3 (Web2C 7.5.6) (format=pdflatex 2010.2.1) 1 APR 2010 18:16
entering extended mode
%&-line parsing enabled.
**paper.tex
(./paper.tex
LaTeX2e <2005/12/01>
Babel <v3.8h> and hyphenation patterns for english, usenglishmax, dumylang, noh
yphenation, loaded.
(/usr/share/texmf-texlive/tex/latex/base/article.cls
Document Class: article 2005/09/16 v1.4f Standard LaTeX document class
(/usr/share/texmf-texlive/tex/latex/base/size10.clo
File: size10.clo 2005/09/16 v1.4f Standard LaTeX file (size option)
)
\c@part=\count79
\c@section=\count80
\c@subsection=\count81
\c@subsubsection=\count82
\c@paragraph=\count83
\c@subparagraph=\count84
\c@figure=\count85
\c@table=\count86
\abovecaptionskip=\skip41
\belowcaptionskip=\skip42
\bibindent=\dimen102
)
(/usr/share/texmf-texlive/tex/latex/graphics/graphicx.sty
Package: graphicx 1999/02/16 v1.0f Enhanced LaTeX Graphics (DPC,SPQR)
(/usr/share/texmf-texlive/tex/latex/graphics/keyval.sty
Package: keyval 1999/03/16 v1.13 key=value parser (DPC)
\KV@toks@=\toks14
)
(/usr/share/texmf-texlive/tex/latex/graphics/graphics.sty
Package: graphics 2006/02/20 v1.0o Standard LaTeX Graphics (DPC,SPQR)
(/usr/share/texmf-texlive/tex/latex/graphics/trig.sty
Package: trig 1999/03/16 v1.09 sin cos tan (DPC)
)
(/etc/texmf/tex/latex/config/graphics.cfg
File: graphics.cfg 2007/01/18 v1.5 graphics configuration of teTeX/TeXLive
)
Package graphics Info: Driver file: pdftex.def on input line 90.
(/usr/share/texmf-texlive/tex/latex/pdftex-def/pdftex.def
File: pdftex.def 2007/01/08 v0.04d Graphics/color for pdfTeX
\Gread@gobject=\count87
))
\Gin@req@height=\dimen103
\Gin@req@width=\dimen104
)
(/usr/share/texmf-texlive/tex/latex/fancyhdr/fancyhdr.sty
\fancy@headwidth=\skip43
\f@ncyO@elh=\skip44
\f@ncyO@erh=\skip45
\f@ncyO@olh=\skip46
\f@ncyO@orh=\skip47
\f@ncyO@elf=\skip48
\f@ncyO@erf=\skip49
\f@ncyO@olf=\skip50
\f@ncyO@orf=\skip51
)
(/usr/share/texmf/tex/latex/pgf/frontendlayer/tikz.sty
(/usr/share/texmf/tex/latex/pgf/basiclayer/pgf.sty
(/usr/share/texmf/tex/latex/pgf/utilities/pgfrcs.sty
(/usr/share/texmf/tex/generic/pgf/utilities/pgfutil-common.tex
\pgfutil@everybye=\toks15
)
(/usr/share/texmf/tex/generic/pgf/utilities/pgfutil-latex.def)
(/usr/share/texmf/tex/generic/pgf/utilities/pgfrcs.code.tex
Package: pgfrcs 2008/02/20 v2.00 (rcs-revision 1.21)
))
Package: pgf 2008/01/15 v2.00 (rcs-revision 1.12)
(/usr/share/texmf/tex/latex/pgf/basiclayer/pgfcore.sty
(/usr/share/texmf/tex/latex/pgf/systemlayer/pgfsys.sty
(/usr/share/texmf/tex/generic/pgf/systemlayer/pgfsys.code.tex
Package: pgfsys 2008/02/07 v2.00 (rcs-revision 1.31)
(/usr/share/texmf/tex/generic/pgf/utilities/pgfkeys.code.tex
\pgfkeys@pathtoks=\toks16
\pgfkeys@temptoks=\toks17
)
\pgf@x=\dimen105
\pgf@y=\dimen106
\pgf@xa=\dimen107
\pgf@ya=\dimen108
\pgf@xb=\dimen109
\pgf@yb=\dimen110
\pgf@xc=\dimen111
\pgf@yc=\dimen112
\c@pgf@counta=\count88
\c@pgf@countb=\count89
\c@pgf@countc=\count90
\c@pgf@countd=\count91
(/usr/share/texmf/tex/generic/pgf/systemlayer/pgf.cfg
File: pgf.cfg 2008/01/13 (rcs-revision 1.6)
)
Package pgfsys Info: Driver file for pgf: pgfsys-pdftex.def on input line 885.
(/usr/share/texmf/tex/generic/pgf/systemlayer/pgfsys-pdftex.def
File: pgfsys-pdftex.def 2007/12/20 (rcs-revision 1.20)
(/usr/share/texmf/tex/generic/pgf/systemlayer/pgfsys-common-pdf.def
File: pgfsys-common-pdf.def 2007/12/17 (rcs-revision 1.8)
)))
(/usr/share/texmf/tex/generic/pgf/systemlayer/pgfsyssoftpath.code.tex
File: pgfsyssoftpath.code.tex 2008/01/23 (rcs-revision 1.6)
\pgfsyssoftpath@smallbuffer@items=\count92
\pgfsyssoftpath@bigbuffer@items=\count93
)
(/usr/share/texmf/tex/generic/pgf/systemlayer/pgfsysprotocol.code.tex
File: pgfsysprotocol.code.tex 2006/10/16 (rcs-revision 1.4)
))
(/usr/share/texmf/tex/latex/xcolor/xcolor.sty
Package: xcolor 2007/01/21 v2.11 LaTeX color extensions (UK)
(/etc/texmf/tex/latex/config/color.cfg
File: color.cfg 2007/01/18 v1.5 color configuration of teTeX/TeXLive
)
Package xcolor Info: Driver file: pdftex.def on input line 225.
Package xcolor Info: Model `cmy' substituted by `cmy0' on input line 1337.
Package xcolor Info: Model `hsb' substituted by `rgb' on input line 1341.
Package xcolor Info: Model `RGB' extended on input line 1353.
Package xcolor Info: Model `HTML' substituted by `rgb' on input line 1355.
Package xcolor Info: Model `Hsb' substituted by `hsb' on input line 1356.
Package xcolor Info: Model `tHsb' substituted by `hsb' on input line 1357.
Package xcolor Info: Model `HSB' substituted by `hsb' on input line 1358.
Package xcolor Info: Model `Gray' substituted by `gray' on input line 1359.
Package xcolor Info: Model `wave' substituted by `hsb' on input line 1360.
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcore.code.tex
Package: pgfcore 2008/01/15 v2.00 (rcs-revision 1.6)
(/usr/share/texmf/tex/generic/pgf/math/pgfmath.code.tex
(/usr/share/texmf/tex/generic/pgf/math/pgfmathcalc.code.tex
(/usr/share/texmf/tex/generic/pgf/math/pgfmathutil.code.tex
\pgfmath@box=\box26
)
(/usr/share/texmf/tex/generic/pgf/math/pgfmathparser.code.tex
\pgfmath@stack=\toks18
\c@pgfmath@parsecounta=\count94
\c@pgfmath@parsecountb=\count95
\c@pgfmath@parsecountc=\count96
\pgfmath@parsex=\dimen113
)
(/usr/share/texmf/tex/generic/pgf/math/pgfmathoperations.code.tex
(/usr/share/texmf/tex/generic/pgf/math/pgfmathtrig.code.tex)
(/usr/share/texmf/tex/generic/pgf/math/pgfmathrnd.code.tex))
(/usr/share/texmf/tex/generic/pgf/math/pgfmathbase.code.tex)))
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcorepoints.code.tex
File: pgfcorepoints.code.tex 2008/02/03 (rcs-revision 1.13)
\pgf@picminx=\dimen114
\pgf@picmaxx=\dimen115
\pgf@picminy=\dimen116
\pgf@picmaxy=\dimen117
\pgf@pathminx=\dimen118
\pgf@pathmaxx=\dimen119
\pgf@pathminy=\dimen120
\pgf@pathmaxy=\dimen121
\pgf@xx=\dimen122
\pgf@xy=\dimen123
\pgf@yx=\dimen124
\pgf@yy=\dimen125
\pgf@zx=\dimen126
\pgf@zy=\dimen127
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcorepathconstruct.code.tex
File: pgfcorepathconstruct.code.tex 2008/02/13 (rcs-revision 1.14)
\pgf@path@lastx=\dimen128
\pgf@path@lasty=\dimen129
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcorepathusage.code.tex
File: pgfcorepathusage.code.tex 2008/01/23 (rcs-revision 1.11)
\pgf@shorten@end@additional=\dimen130
\pgf@shorten@start@additional=\dimen131
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcorescopes.code.tex
File: pgfcorescopes.code.tex 2008/01/15 (rcs-revision 1.26)
\pgfpic=\box27
\pgf@hbox=\box28
\pgf@layerbox@main=\box29
\pgf@picture@serial@count=\count97
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcoregraphicstate.code.tex
File: pgfcoregraphicstate.code.tex 2007/12/12 (rcs-revision 1.8)
\pgflinewidth=\dimen132
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcoretransformations.code.tex
File: pgfcoretransformations.code.tex 2008/02/04 (rcs-revision 1.10)
\pgf@pt@x=\dimen133
\pgf@pt@y=\dimen134
\pgf@pt@temp=\dimen135
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcorequick.code.tex
File: pgfcorequick.code.tex 2006/10/11 (rcs-revision 1.2)
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcoreobjects.code.tex
File: pgfcoreobjects.code.tex 2006/10/11 (rcs-revision 1.2)
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcorepathprocessing.code.tex
File: pgfcorepathprocessing.code.tex 2008/01/23 (rcs-revision 1.7)
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcorearrows.code.tex
File: pgfcorearrows.code.tex 2007/06/07 (rcs-revision 1.8)
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcoreshade.code.tex
File: pgfcoreshade.code.tex 2007/12/10 (rcs-revision 1.9)
\pgf@max=\dimen136
\pgf@sys@shading@range@num=\count98
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcoreimage.code.tex
File: pgfcoreimage.code.tex 2008/01/15 (rcs-revision 1.1)
\pgfexternal@startupbox=\box30
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcorelayers.code.tex
File: pgfcorelayers.code.tex 2008/01/15 (rcs-revision 1.1)
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcoretransparency.code.tex
File: pgfcoretransparency.code.tex 2008/01/17 (rcs-revision 1.2)
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcorepatterns.code.tex
File: pgfcorepatterns.code.tex 2008/01/15 (rcs-revision 1.1)
)))
(/usr/share/texmf/tex/generic/pgf/modules/pgfmoduleshapes.code.tex
File: pgfmoduleshapes.code.tex 2008/02/13 (rcs-revision 1.4)
\pgfnodeparttextbox=\box31
\toks@savedmacro=\toks19
)
(/usr/share/texmf/tex/generic/pgf/modules/pgfmoduleplot.code.tex
File: pgfmoduleplot.code.tex 2008/01/15 (rcs-revision 1.1)
\pgf@plotwrite=\write3
)
(/usr/share/texmf/tex/latex/pgf/compatibility/pgfcomp-version-0-65.sty
Package: pgfcomp-version-0-65 2007/07/03 v2.00 (rcs-revision 1.7)
\pgf@nodesepstart=\dimen137
\pgf@nodesepend=\dimen138
)
(/usr/share/texmf/tex/latex/pgf/compatibility/pgfcomp-version-1-18.sty
Package: pgfcomp-version-1-18 2007/07/23 v2.00 (rcs-revision 1.1)
))
(/usr/share/texmf/tex/latex/pgf/utilities/pgffor.sty
(/usr/share/texmf/tex/generic/pgf/utilities/pgffor.code.tex
Package: pgffor 2007/11/07 v2.00 (rcs-revision 1.8)
\pgffor@iter=\dimen139
\pgffor@skip=\dimen140
))
(/usr/share/texmf/tex/generic/pgf/frontendlayer/tikz/tikz.code.tex
Package: tikz 2008/02/13 v2.00 (rcs-revision 1.27)
(/usr/share/texmf/tex/generic/pgf/libraries/pgflibraryplothandlers.code.tex
File: pgflibraryplothandlers.code.tex 2007/03/09 v2.00 (rcs-revision 1.9)
\pgf@plot@mark@count=\count99
\pgfplotmarksize=\dimen141
)
\tikz@lastx=\dimen142
\tikz@lasty=\dimen143
\tikz@lastxsaved=\dimen144
\tikz@lastysaved=\dimen145
\tikzleveldistance=\dimen146
\tikzsiblingdistance=\dimen147
\tikz@figbox=\box32
\tikz@tempbox=\box33
\tikztreelevel=\count100
\tikznumberofchildren=\count101
\tikznumberofcurrentchild=\count102
\tikz@fig@count=\count103
(/usr/share/texmf/tex/generic/pgf/modules/pgfmodulematrix.code.tex
File: pgfmodulematrix.code.tex 2008/01/15 (rcs-revision 1.1)
\pgfmatrixcurrentrow=\count104
\pgfmatrixcurrentcolumn=\count105
\pgf@matrix@numberofcolumns=\count106
)
\tikz@expandcount=\count107
(/usr/share/texmf/tex/generic/pgf/frontendlayer/tikz/libraries/tikzlibrarytopat
hs.code.tex
File: tikzlibrarytopaths.code.tex 2008/01/09 v2.00 (rcs-revision 1.1)
))) (/usr/share/texmf-texlive/tex/latex/amsfonts/amsfonts.sty
Package: amsfonts 2001/10/25 v2.2f
\@emptytoks=\toks20
\symAMSa=\mathgroup4
\symAMSb=\mathgroup5
LaTeX Font Info: Overwriting math alphabet `\mathfrak' in version `bold'
(Font) U/euf/m/n --> U/euf/b/n on input line 132.
)
(/usr/share/texmf-texlive/tex/latex/amsmath/amsmath.sty
Package: amsmath 2000/07/18 v2.13 AMS math features
\@mathmargin=\skip52
For additional information on amsmath, use the `?' option.
(/usr/share/texmf-texlive/tex/latex/amsmath/amstext.sty
Package: amstext 2000/06/29 v2.01
(/usr/share/texmf-texlive/tex/latex/amsmath/amsgen.sty
File: amsgen.sty 1999/11/30 v2.0
\@emptytoks=\toks21
\ex@=\dimen148
))
(/usr/share/texmf-texlive/tex/latex/amsmath/amsbsy.sty
Package: amsbsy 1999/11/29 v1.2d
\pmbraise@=\dimen149
)
(/usr/share/texmf-texlive/tex/latex/amsmath/amsopn.sty
Package: amsopn 1999/12/14 v2.01 operator names
)
\inf@bad=\count108
LaTeX Info: Redefining \frac on input line 211.
\uproot@=\count109
\leftroot@=\count110
LaTeX Info: Redefining \overline on input line 307.
\classnum@=\count111
\DOTSCASE@=\count112
LaTeX Info: Redefining \ldots on input line 379.
LaTeX Info: Redefining \dots on input line 382.
LaTeX Info: Redefining \cdots on input line 467.
\Mathstrutbox@=\box34
\strutbox@=\box35
\big@size=\dimen150
LaTeX Font Info: Redeclaring font encoding OML on input line 567.
LaTeX Font Info: Redeclaring font encoding OMS on input line 568.
\macc@depth=\count113
\c@MaxMatrixCols=\count114
\dotsspace@=\muskip10
\c@parentequation=\count115
\dspbrk@lvl=\count116
\tag@help=\toks22
\row@=\count117
\column@=\count118
\maxfields@=\count119
\andhelp@=\toks23
\eqnshift@=\dimen151
\alignsep@=\dimen152
\tagshift@=\dimen153
\tagwidth@=\dimen154
\totwidth@=\dimen155
\lineht@=\dimen156
\@envbody=\toks24
\multlinegap=\skip53
\multlinetaggap=\skip54
\mathdisplay@stack=\toks25
LaTeX Info: Redefining \[ on input line 2666.
LaTeX Info: Redefining \] on input line 2667.
)
(/usr/share/texmf-texlive/tex/latex/amscls/amsthm.sty
Package: amsthm 2004/08/06 v2.20
\thm@style=\toks26
\thm@bodyfont=\toks27
\thm@headfont=\toks28
\thm@notefont=\toks29
\thm@headpunct=\toks30
\thm@preskip=\skip55
\thm@postskip=\skip56
\thm@headsep=\skip57
\dth@everypar=\toks31
) (../style.tex
LaTeX Font Info: Redeclaring symbol font `AMSb' on input line 34.
LaTeX Font Info: Overwriting symbol font `AMSb' in version `normal'
(Font) U/msb/m/n --> U/msb/m/n on input line 34.
LaTeX Font Info: Overwriting symbol font `AMSb' in version `bold'
(Font) U/msb/m/n --> U/msb/m/n on input line 34.
\c@examplec=\count120
\c@definitionc=\count121
\c@summaryc=\count122
\c@example=\count123
\c@definition=\count124
)
(./paper.aux)
\openout1 = `paper.aux'.
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 11.
LaTeX Font Info: ... okay on input line 11.
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 11.
LaTeX Font Info: ... okay on input line 11.
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 11.
LaTeX Font Info: ... okay on input line 11.
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 11.
LaTeX Font Info: ... okay on input line 11.
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 11.
LaTeX Font Info: ... okay on input line 11.
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 11.
LaTeX Font Info: ... okay on input line 11.
(/usr/share/texmf/tex/context/base/supp-pdf.tex
[Loading MPS to PDF converter (version 2006.09.02).]
\scratchcounter=\count125
\scratchdimen=\dimen157
\scratchbox=\box36
\nofMPsegments=\count126
\nofMParguments=\count127
\everyMPshowfont=\toks32
\MPscratchCnt=\count128
\MPscratchDim=\dimen158
\MPnumerator=\count129
\everyMPtoPDFconversion=\toks33
)
LaTeX Font Info: Try loading font information for U+msa on input line 20.
(/usr/share/texmf-texlive/tex/latex/amsfonts/umsa.fd
File: umsa.fd 2002/01/19 v2.2g AMS font definitions
)
LaTeX Font Info: Try loading font information for U+msb on input line 20.
(/usr/share/texmf-texlive/tex/latex/amsfonts/umsb.fd
File: umsb.fd 2002/01/19 v2.2g AMS font definitions
) (./pt100_paper.tex
LaTeX Warning: Citation `aoe' on page 1 undefined on input line 8.
Package pdftex.def Warning: Option `bb' does not make sense,
(pdftex.def) using `viewport' instead on input line 28.
<./pt100.jpg, id=4, 721.69624pt x 172.645pt>
File: ./pt100.jpg Graphic file (type jpg)
<use ./pt100.jpg>
Package pdftex.def Warning: Option `bb' does not make sense,
(pdftex.def) using `viewport' instead on input line 48.
<./vrange.jpg, id=5, 296.10625pt x 485.815pt>
File: ./vrange.jpg Graphic file (type jpg)
<use ./vrange.jpg>
LaTeX Warning: `h' float specifier changed to `ht'.
[1
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map} <./pt100.jpg>]
LaTeX Warning: Citation `eurothermtables' on page 2 undefined on input line 83.
LaTeX Warning: Citation `mil1991' on page 2 undefined on input line 92.
LaTeX Warning: Citation `mil1991' on page 2 undefined on input line 108.
Package Fancyhdr Warning: \headheight is too small (12.0pt):
Make it at least 22.54448pt.
We now make it that large for the rest of the document.
This may cause the page layout to be inconsistent, however.
[2 <./vrange.jpg>]
LaTeX Warning: Reference `pt100range' on page 3 undefined on input line 152.
LaTeX Warning: Citation `aoe' on page 3 undefined on input line 160.
LaTeX Warning: Citation `eurothermtables' on page 3 undefined on input line 160
.
LaTeX Warning: Citation `eurothermtables' on page 3 undefined on input line 164
.
[3]
Package pdftex.def Warning: Option `bb' does not make sense,
(pdftex.def) using `viewport' instead on input line 224.
<./pt100_tc.jpg, id=31, 519.9425pt x 366.36874pt>
File: ./pt100_tc.jpg Graphic file (type jpg)
<use ./pt100_tc.jpg>
Package pdftex.def Warning: Option `bb' does not make sense,
(pdftex.def) using `viewport' instead on input line 239.
<./voltage_divider.png, id=32, 183.68625pt x 170.6375pt>
File: ./voltage_divider.png Graphic file (type png)
<use ./voltage_divider.png>
LaTeX Warning: `h' float specifier changed to `ht'.
[4 <./pt100_tc.jpg>] [5 <./voltage_divider.png>]
Package pdftex.def Warning: Option `bb' does not make sense,
(pdftex.def) using `viewport' instead on input line 336.
<./pt100_tc_sp.jpg, id=40, 519.9425pt x 365.365pt>
File: ./pt100_tc_sp.jpg Graphic file (type jpg)
<use ./pt100_tc_sp.jpg>
LaTeX Warning: `h' float specifier changed to `ht'.
Package pdftex.def Warning: Option `bb' does not make sense,
(pdftex.def) using `viewport' instead on input line 348.
<./pt100_singlef.jpg, id=41, 167.62625pt x 194.7275pt>
File: ./pt100_singlef.jpg Graphic file (type jpg)
<use ./pt100_singlef.jpg>
LaTeX Warning: `h' float specifier changed to `ht'.
[6] [7 <./pt100_tc_sp.jpg> <./pt100_singlef.jpg>]
LaTeX Warning: Citation `mil1991' on page 8 undefined on input line 362.
Package pdftex.def Warning: Option `bb' does not make sense,
(pdftex.def) using `viewport' instead on input line 419.
<./stat_single.jpg, id=49, 859.21pt x 328.22626pt>
File: ./stat_single.jpg Graphic file (type jpg)
<use ./stat_single.jpg>
LaTeX Warning: `h' float specifier changed to `ht'.
[8
] [9 <./stat_single.jpg>])
No file paper.bbl.
[10
] (./paper.aux)
LaTeX Warning: There were undefined references.
LaTeX Warning: Label(s) may have changed. Rerun to get cross-references right.
)
Here is how much of TeX's memory you used:
8241 strings out of 95086
138707 string characters out of 1183256
189938 words of memory out of 1500000
11225 multiletter control sequences out of 10000+50000
14073 words of font info for 54 fonts, out of 1200000 for 2000
28 hyphenation exceptions out of 8191
47i,12n,49p,350b,264s stack positions out of 5000i,500n,6000p,200000b,5000s
</usr/share/texmf-texlive/fonts/type1/bluesky/cm/cmbx10.pfb></usr/share/texmf
-texlive/fonts/type1/bluesky/cm/cmbx12.pfb></usr/share/texmf-texlive/fonts/type
1/bluesky/cm/cmbx9.pfb></usr/share/texmf-texlive/fonts/type1/bluesky/cm/cmmi10.
pfb></usr/share/texmf-texlive/fonts/type1/bluesky/cm/cmmi6.pfb></usr/share/texm
f-texlive/fonts/type1/bluesky/cm/cmmi7.pfb></usr/share/texmf-texlive/fonts/type
1/bluesky/cm/cmmi9.pfb></usr/share/texmf-texlive/fonts/type1/bluesky/cm/cmr10.p
fb></usr/share/texmf-texlive/fonts/type1/bluesky/cm/cmr12.pfb></usr/share/texmf
-texlive/fonts/type1/bluesky/cm/cmr17.pfb></usr/share/texmf-texlive/fonts/type1
/bluesky/cm/cmr6.pfb></usr/share/texmf-texlive/fonts/type1/bluesky/cm/cmr7.pfb>
</usr/share/texmf-texlive/fonts/type1/bluesky/cm/cmr8.pfb></usr/share/texmf-tex
live/fonts/type1/bluesky/cm/cmr9.pfb></usr/share/texmf-texlive/fonts/type1/blue
sky/cm/cmsl10.pfb></usr/share/texmf-texlive/fonts/type1/bluesky/cm/cmsy10.pfb><
/usr/share/texmf-texlive/fonts/type1/bluesky/cm/cmti10.pfb>
Output written on paper.pdf (10 pages, 247678 bytes).
PDF statistics:
114 PDF objects out of 1000 (max. 8388607)
0 named destinations out of 1000 (max. 131072)
48 words of extra memory for PDF output out of 10000 (max. 10000000)

BIN
burner/paper.pdf Normal file
View File

Binary file not shown.

27
burner/paper.tex Normal file
View File

@ -0,0 +1,27 @@
\documentclass[a4paper,10pt]{article}
\usepackage{graphicx}
\usepackage{fancyhdr}
\usepackage{tikz}
\usepackage{amsfonts,amsmath,amsthm}
\input{../style}
%\newtheorem{definition}{Definition:}
\begin{document}
\pagestyle{fancy}
\outerhead{{\small\bf PT100 FMMD analysis}}
%\innerfoot{{\small\bf R.P. Clark } }
% numbers at outer edges
\pagenumbering{arabic} % Arabic page numbers hereafter
\author{R.P.Clark}
\title{PT100 FMMD analysis}
\maketitle
\input{pt100_paper}
\bibliographystyle{plain}
\bibliography{vmgbibliography,mybib}
\today
\end{document}

BIN
burner/pt100.dia~ Normal file
View File

Binary file not shown.

12452
burner/pt100.log Normal file
View File

File diff suppressed because it is too large Load Diff

526
burner/pt100.tex.25MAR2010 Normal file
View File

@ -0,0 +1,526 @@
%
% Make the revision and doc number macro's then they are defined in one place
\begin{abstract}
The PT100, or platinum wire \ohms{100} sensor is
a wisely used industrial temperature sensor that is
are slowly replacing the use of thermocouples in many
industrial applications below 600\oc, due to high accuracy\cite{aoe}.
This chapter looks at the most common configuration, the
four wire circuit, and analyses it from an FMEA perspective twice.
Once considering single faults (cardinality constrained powerset of 1) and then again, considering the
possibility of double simultaneous faults (cardinality constrained powerset of 2).
The analysis is performed using Propositional Logic
diagrasms to assist the reasoning process.
This chapter describes taking
the failure modes of the components, analysing the circuit using FMEA
and producing a failure mode model for the circuit as a whole.
Thus after the analysis the PT100 temperature sensing circuit, may be veiwed
from an FMEA persepective as a component itsself, with a set of know failure modes.
\end{abstract}
\begin{figure}[h]
\centering
\includegraphics[width=400pt,bb=0 0 714 180,keepaspectratio=true]{./pt100/pt100.jpg}
% pt100.jpg: 714x180 pixel, 72dpi, 25.19x6.35 cm, bb=0 0 714 180
\caption{PT100 four wire circuit}
\label{fig:pt100}
\end{figure}
\section{Overview of PT100 four wire circuit}
The PT100 four wire circuit consists of two resistors supplying
a current to a third, the thermistor or PT100. By measuring volatges
from sections of this circuit forming potential dividers, we can determine the
current resistance of the platinum wire sensor. The resistance
of this is directly related to temperature, and may be determined by
look-up tables or a suitable polynomial expression.
\begin{figure}[h]
\centering
\includegraphics[width=150pt,bb=0 0 273 483,keepaspectratio=true]{./pt100/vrange.jpg}
% pt100.jpg: 714x180 pixel, 72dpi, 25.19x6.35 cm, bb=0 0 714 180
\caption{PT100 expected voltage ranges}
\label{fig:pt100vrange}
\end{figure}
The voltage ranges we expect from from this three stage potential divider
are shown in figure \ref{fig:pt100vrange}. Note that there is
an expected range for each reading for a given temperature span.
Note that the low reading goes down as temperature increases, and the higher reading goes up.
For this reason the low reading will be reffered to as {\em sense-}
and the higher as {\em sense+}.
\subsection{Accuracy despite variable resistance in cables}
For electronic and accuracy reasons a four wire circuit is preffered
because of resistance in the cables. Resitance from the supply
causes a slight voltage
drop in the supply to the PT100. As no significant current
is carried by the two `sense' lines the resistance back to the ADC
causes only a negligible voltage drop, and thus the four wire
configuration is more accurate.
\subsection{Calculating Temperature from the sense line voltages}
The current flowing though the
whole circuit can be measured on the PCB by reading a third
sense voltage from one of the load resistors. Knowing the current flowing
through the circuit
and knowing the voltage drop over the PT100, we can calculate its
resistance by ohms law $V=I.R$, $R=\frac{I}{V}$.
Thus a little loss of supply current due to resistance in the cables
does not impinge on accuracy.
The resistance to temperature conversion is achieved
through the published PT100 tables\cite{eurothermtables}.
\section{Safety case for 4 wire circuit}
This sub-section looks at the behaviour of the PT100 four wire circuit
for the effects of component failures.
All components have a set of known `failure modes'.
In other words we know that a given component can fail in several distict ways.
Studies have been published which list common component types
and their sets of failure modes, often with MTTF statistics \cite{mil1991}.
Thus for each component, an analysis is made for each of it failure modes,
with respect to its effect on the
circuit. Each one of these scenarios is termed a `test case'.
The resultant circuit behaviour for each of these test cases is noted.
The worst case for this type of
analysis would be a fault that we cannot detect.
Where this occurs a circuit re-design is probably the only sensible course of action.
\subsection{Single Fault FMEA Analysis of PT100 Four wire circuit}
\label{fmea}
This circuit simply consists of three resistors.
Resistors according to the DOD Electronic component fault handbook
1991, fail by either going OPEN or SHORT circuit \cite{mil1991}.
%Should wires become disconnected these will have the same effect as
%given resistors going open.
For the purpose of his analyis;
$R_{1}$ is the \ohms{2k2} from 5V to the thermistor,
$R_3$ is the PT100 thermistor and $R_{2}$ connects the thermistor to ground.
We can define the terms `High Fault' and `Low Fault' here, with reference to figure
\ref{fig:pt100vrange}. Should we get a reading outside the safe green zone
in the diagram we can consider this a fault.
Should the reading be above its expected range this is a `High Fault'
and if below a `Low Fault'.
The Table \ref{ptfmea} plays through the scenarios of each of the resistors failing
in both SHORT and OPEN failure modes, and hypothesises an error condition in the readings.
The range 0\oc to 300\oc will be analysed using potential divider equations to
determine out of range voltage limits in section \ref{ptbounds}.
\begin{table}[ht]
\caption{PT100 FMEA Single Faults} % title of Table
\centering % used for centering table
\begin{tabular}{||l|c|c|l|l||}
\hline \hline
\textbf{Test} & \textbf{Result} & \textbf{Result } & \textbf{General} \\
\textbf{Case} & \textbf{sense +} & \textbf{sense -} & \textbf{Symtom Description} \\
% R & wire & res + & res - & description
\hline
\hline
$R_1$ SHORT & High Fault & - & Value Out of Range Value \\ \hline
$R_1$ OPEN & Low Fault & Low Fault & Both values out of range \\ \hline
\hline
$R_3$ SHORT & Low Fault & High Fault & Both values out of range \\ \hline
$R_3$ OPEN & High Fault & Low Fault & Both values out of range \\ \hline
\hline
$R_2$ SHORT & - & Low Fault & Value Out of Range Value \\
$R_2$ OPEN & High Fault & High Fault & Both values out of range \\ \hline
\hline
\end{tabular}
\label{ptfmea}
\end{table}
From table \ref{ptfmea} it can be seen that any component failure in the circuit
should cause a common symptom, that of one or more of the values being `out of range'.
Temperature range calculations and detailed calculations
on the effects of each test case are found in section \ref{pt100range}
and \ref{pt100temp}.
\pagebreak
% \subsection{Single Fault Modes as PLD}
%
% The component~failure~modes in table \ref{ptfmea} can be represented as contours
% on a PLD diagram. Each test case, or analysis into the effects of the component failure
% caused by the component~failure is represented by an labelled asterisk.
%
%
% \begin{figure}[h]
% \centering
% \includegraphics[width=400pt,bb=0 0 518 365,keepaspectratio=true]{./pt100/pt100_tc.jpg}
% % pt100_tc.jpg: 518x365 pixel, 72dpi, 18.27x12.88 cm, bb=0 0 518 365
% \caption{PT100 Component Failure Modes}
% \label{fig:pt100_tc}
% \end{figure}
%
% This circuit supplies two results, sense+ and sense- voltage readings.
% To establish the valid voltage ranges for these, and knowing our
% valid tempperature range for this example ({0\oc} .. {300\oc}) we can calculate
% valid voltage reading ranges by using the standard voltage divider equation \ref{eqn:vd}
% for the circuit shown in figure \ref{fig:vd}.
\begin{figure}[h]
\centering
\includegraphics[width=100pt,bb=0 0 183 170,keepaspectratio=true]{./pt100/voltage_divider.png}
% voltage_divider.png: 183x170 pixel, 72dpi, 6.46x6.00 cm, bb=0 0 183 170
\caption{Voltage Divider}
\label{fig:vd}
\end{figure}
%The looking at figure \ref{fig:vd} the standard voltage divider formula (equation \ref{eqn:vd}) is used.
\begin{equation}
\label{eqn:vd}
V_{out} = V_{in}.\frac{Z2}{Z2+Z1}
\end{equation}
\subsection{Range and PT100 Calculations}
\label{pt100temp}
PT100 resistors are designed to
have a resistance of ohms{100} at 0 \oc \cite{eurothermtables}.
A suitable `wider than to be expected range' was considered to be {0\oc} to {300\oc}
for a given application.
According to the Eurotherm PT100
tables \cite{eurothermtables}, this corresponded to the resistances \ohms{60.28}
and \ohms{212.02} respectively. From this the potential divider circuit can be
analysed and the maximum and minimum acceptable voltages determined.
These can be used as bounds results to apply the findings from the
PT100 FMEA analysis in section \ref{fmea}.
As the PT100 forms a potential divider with the \ohms{2k2} load resistors,
the upper and lower readings can be calculated thus:
$$ highreading = 5V.\frac{2k2+pt100}{2k2+2k2+pt100} $$
$$ lowreading = 5V.\frac{2k2}{2k2+2k2+pt100} $$
So by defining an acceptable measurement/temperature range,
and ensuring the
values are always within these bounds we can be confident that none of the
resistors in this circuit has failed.
To convert these to twelve bit ADC (\adctw) counts:
$$ highreading = 2^{12}.\frac{2k2+pt100}{2k2+2k2+pt100} $$
$$ lowreading = 2^{12}.\frac{2k2}{2k2+2k2+pt100} $$
\begin{table}[ht]
\caption{PT100 Maximum and Minimum Values} % title of Table
\centering % used for centering table
\begin{tabular}{||c|c|c|l|l||}
\hline \hline
\textbf{Temperature} & \textbf{PT100 resistance} &
\textbf{Lower} & \textbf{Higher} & \textbf{Description} \\
\hline
% {-100 \oc} & {\ohms{68.28}} & 2.46V & 2.53V & Boundary of \\
% & & 2017\adctw & 2079\adctw & out of range LOW \\ \hline
{0 \oc} & {\ohms{100}} & 2.44V & 2.56V & Boundary of \\
& & 2002\adctw & 2094\adctw & out of range LOW \\ \hline
{+300 \oc} & {\ohms{212.02}} & 2.38V & 2.62V & Boundary of \\
& & 1954\adctw & 2142\adctw & out of range HIGH \\ \hline
\hline
\end{tabular}
\label{ptbounds}
\end{table}
Table \ref{ptbounds} gives ranges that determine correct operation. In fact it can be shown that
for any single error (short or opening of any resistor) this bounds check
will detect it.
%\vbox{
%\subsubsection{Calculating Bounds: High Value : HP48 RPL}
%
%
%HP RPL calculator program to take pt100 resistance
%and convert to voltage and {\adctw} values.
%
%\begin{verbatim}
%<< -> p
% <<
% p 2200 + 2200 2200 + p + / 5 * DUP 5
% / 4096 *
% >>
%>>
%\end{verbatim}
%}
%
%\vbox{
%\subsubsection{Calculating Bounds: LOW Value : HP48 RPL}
%
%
%HP RPL calculator program to take pt100 resistance
%and convert to voltage and {\adctw} values.
%
%\begin{verbatim}
%<< -> p
% <<
% p 2200 2200 p 2200 + + / 5 * DUP 5
% / 4096 *
% >>
%>>
%\end{verbatim}
%}
%
%\subsection{Implementation of Four Wire Circuit}
%
%A standard 4 wire PT100\cite[pp 992]{aoe} circuit is read by
%ports on the 12 bit ADC of the PIC18F2523\cite{pic18f2523}.
%Three readings are taken. A reading to confirm the voltage level
%over $R_2$ is taken,
%from which the current can be determined.
%The two sense lines then give the vo
\section{Single Fault FMEA Analysis of PT100 Four wire circuit}
\subsection{Single Fault Modes as PLD}
The component~failure~modes in table \ref{ptfmea} can be represented as contours
on a PLD diagram. Each test case, or analysis into the effects of the component failure
caused by the component~failure is represented by an labelled asterisk.
\begin{figure}[h]
\centering
\includegraphics[width=400pt,bb=0 0 518 365,keepaspectratio=true]{./pt100/pt100_tc.jpg}
% pt100_tc.jpg: 518x365 pixel, 72dpi, 18.27x12.88 cm, bb=0 0 518 365
\caption{PT100 Component Failure Modes}
\label{fig:pt100_tc}
\end{figure}
This circuit supplies two results, sense+ and sense- voltage readings.
To establish the valid voltage ranges for these, and knowing our
valid tempperature range for this example ({0\oc} .. {300\oc}) we can calculate
valid voltage reading ranges by using the standard voltage divider equation \ref{eqn:vd}
for the circuit shown in .
\subsection{Proof of Out of Range Values for Failures}
\label{pt110range}
Using the temperature ranges defined above we can compare the voltages
we would get from the resistor failures to prove that they are
`out of range'. There are six test cases and each will be examined in turn.
\subsubsection{ TC1 : Voltages $R_1$ SHORT }
With pt100 at 0\oc
$$ highreading = 5V $$
Since the highreading or sense+ is directly connected to the 5V rail,
both temperature readings will be 5V..
$$ lowreading = 5V.\frac{2k2}{2k2+68\Omega} = 4.85V$$
With pt100 at the high end of the temperature range 300\oc.
$$ highreading = 5V $$
$$ lowreading = 5V.\frac{2k2}{2k2+212.02\Omega} = 4.56V$$
Thus with $R_1$ shorted both readingare outside the
proscribed range in table \ref{ptbounds}.
\subsubsection{ TC2 : Voltages $R_1$ OPEN }
In this case the 5V rail is disconnected. All voltages read are 0V, and
therefore both readings are outside the
proscribed range in table \ref{ptbounds}.
\subsubsection{ TC 4 : Voltages $R_2$ SHORT }
With pt100 at -100\oc
$$ lowreading = 0V $$
Since the lowreading or sense- is directly connected to the 0V rail,
both temperature readings will be 0V.
$$ lowreading = 5V.\frac{68\Omega}{2k2+68\Omega} = 0.15V$$
With pt100 at the high end of the temperature range 300\oc.
$$ highreading = 5V $$
$$ lowreading = 5V.\frac{212.02\Omega}{2k2+212.02\Omega} = 0.44V$$
Thus with $R_2$ shorted both readingare outside the
proscribed range in table \ref{ptbounds}.
\subsubsection{ TC : 5 Voltages $R_2$ OPEN }
Here there is no potential divider operating and both sense lines
will read 5V, outside of the proscibed range.
\subsubsection{ TC 5 : Voltages $R_3$ SHORT }
Here the potential divider is simply between
the two 2k2 load resistors. Thus it will read a nominal;
2.5V.
Assuming the load resistors are
precision components, and then taking an absolute worst case of 1\% either way.
$$ 5V.\frac{2k2*0.99}{2k2*1.01+2k2*0.99} = 2.475V $$
$$ 5V.\frac{2k2*1.01}{2k2*1.01+2k2*0.99} = 2.525V $$
These readings both lie outside the proscribed range.
Also the sense+ and sense- readings would have the same value.
\subsubsection{ TC 6 : Voltages $R_3$ OPEN }
Here the potential divider is broken. The sense- will read 0V and the sense+ will
read 5V. Both readings are outside the proscribed range.
\subsection{Summary of Analysis}
All six test cases have been analysed and the results agree with the hypothesis
put in Table \ref{ptfmea}. The PLD diagram, can now be used to collect the
symptoms. In this case there is a common and easily detected symptom for all these single
resistor faults : Voltage out of range.
A spider can be drawn on the PLD diagram to this effect.
In practical use, by defining an acceptable measurement/temperature range,
and ensuring the
values are always within these bounds we can be confident that none of the
resistors in this circuit has failed.
\begin{figure}[h]
\centering
\includegraphics[width=400pt,bb=0 0 518 365,keepaspectratio=true]{./pt100/pt100_tc_sp.jpg}
% pt100_tc.jpg: 518x365 pixel, 72dpi, 18.27x12.88 cm, bb=0 0 518 365
\caption{PT100 Component Failure Modes}
\label{fig:pt100_tc_sp}
\end{figure}
The PT100 circuit can now be treated as a component in its own right, and has one failure mode,
{\textbf OUT\_OF\_RANGE}. It can now be represnted as a PLD see figure \ref{fig:pt100_singlef}.
\begin{figure}[h]
\centering
\includegraphics[width=100pt,bb=0 0 167 194,keepaspectratio=true]{./pt100/pt100_singlef.jpg}
% pt100_singlef.jpg: 167x194 pixel, 72dpi, 5.89x6.84 cm, bb=0 0 167 194
\caption{PT100 Circuit Failure Modes : From Single Faults Analysis}
\label{fig:pt100_singlef}
\end{figure}
%Interestingly we can calculate the failure statistics for this circuit now.
%Mill 1991 gives resistor stats of ${10}^{11}$ times 6 (can we get special stats for pt100) ???
The PT100 analysis presents a simple result for single faults.
% OK we can look at stats here.
% the probabilities of the faults occurring in failures per billion hours
% of operation.
\subsection{Statistical MTTF for the PT100 circuit}
Mil1991\cite{mil1991} gives a mean time to failure for a fixed film resistor
at up to 60oC at a low stress (current) level as
$$0.00092 . 1.0 . 15 . 1.0 . 1000$$
13.8 failure per billion hours of operation.
RAC \cite{rac} states that a resistor will fail 9/10 OPEN and 1/10 SHORT.
So 13.8 - 1.38 OPEN
1.38 SHORT
MILL 1991 gives Thermisitors, bead $$0.21 15 1.0 1000$$
3150 failures per billion hours of operation.
Again we can apply the RAC division of resistor errors.
We can now see the six error types and see a statistical
prediction of which will occur. We can also
determine the reliability of the circuit as a whole.
The next analysis phase looks at how the circuit will behave under double simultaneous failure
conditions.
% typeset in {\Huge \LaTeX} \today
%
%\begin{table}[ht]
%\caption{PT100 Maximum and Minimum Values} % title of Table
%\centering % used for centering table
%\begin{tabular}{||c|c|c|l|l||}
%\hline \hline
% \textbf{Temperature} & \textbf{PT100 resistance} &
%\textbf{Lower} & \textbf{Higher} & \textbf{Description} \\
%\hline
%% {-100 \oc} & {\ohms{68.28}} & 2.46V & 2.53V & Boundary of \\
%% & & 2017\adctw & 2079\adctw & out of range LOW \\ \hline
% {0 \oc} & {\ohms{100}} & 2.44V & 2.56V & Boundary of \\
% & & 2002\adctw & 2094\adctw & out of range LOW \\ \hline
% {+300 \oc} & {\ohms{212.02}} & 2.38V & 2.62V & Boundary of \\
% & & 1954\adctw & 2142\adctw & out of range HIGH \\ \hline
%\hline
%\end{tabular}
%\label{ptbounds}
%\end{table}
%
\begin{table}[ht]
\caption{PT100 FMEA Single Fault Statistics} % title of Table
\centering % used for centering table
\begin{tabular}{||l|c|c|l|c||}
\hline \hline
\textbf{Test} & \textbf{Result} & \textbf{Result } & \textbf{MTTF} \\
\textbf{Case} & \textbf{sense +} & \textbf{sense -} & \textbf{per $10^9$ hours of operation} \\
% R & wire & res + & res - & description
\hline
\hline
$R_1$ SHORT & High Fault & - & 12.42 \\ \hline
$R_1$ OPEN & Low Fault & Low Fault & 1.38 \\ \hline
\hline
$R_3$ SHORT & Low Fault & High Fault & 2835 \\ \hline
$R_3$ OPEN & High Fault & Low Fault & 315 \\ \hline
\hline
$R_2$ SHORT & - & Low Fault & 12.42 \\
$R_2$ OPEN & High Fault & High Fault & 1.38 \\ \hline
\hline
\end{tabular}
\label{pt100_single_stats}
\end{table}
The ciruit overall has a MTTF of (13.8*2 + 3150) 3177.6
Failure in Time FIT\footnote{FIT values are measured as failures per billion ($10^9$) hours of operation}.
This gives an individual pt100 circuit of this type an MTTF of around 39 years.
Interestingly though we can now look at the results of our analysis
as a probablistic tree see figure \ref{fig:stat_single}. We can see the overall
reliability of the circuit
and we can see the most likely fault (the thermisitor going OPEN circuit).
The circuit is 8 times more likely to fail in this way than in any other.
Were we to need a more reliable temperature sensor this would probably
be the component area we would scrutinise first.
\begin{figure}[h]
\centering
\includegraphics[width=400pt,bb=0 0 856 328,keepaspectratio=true]{./stat_single.jpg}
% stat_single.jpg: 856x328 pixel, 72dpi, 30.20x11.57 cm, bb=0 0 856 328
\caption{Probablistic Tree}
\label{fig:stat_single}
\end{figure}
\clearpage
\section{ PT100 Double Simultaneous Fault Analysis}

412
burner/pt100.tex.backup Normal file
View File

@ -0,0 +1,412 @@
%
% Make the revision and doc number macro's then they are defined in one place
\begin{abstract}
The PT100, or platinum wire \ohms{100} sensor is
a wisely used industrial temperature sensor that is
are slowly replacing the use of thermocouples in many
industrial applications below 600\oc, due to high accuracy\cite{aoe}.
This chapter looks at the most common configuration, the
four wire circuit, and analyses it from an FMEA perspective twice.
Once considering single faults (cardinality constrained powerset of 1) and then again, considering the
possibility of double simultaneous faults (cardinality constrained powerset of 2).
The analysis is performed using Propositional Logic
diagrasms to assist the reasoning process.
This chapter describes taking
the failure modes of the components, analysing the circuit using FMEA
and producing a failure mode model for the circuit as a whole.
Thus after the analysis the PT100 temperature sensing circuit, may be veiwed
from an FMEA persepective as a component itsself, with a set of know failure modes.
\end{abstract}
\begin{figure}[h]
\centering
\includegraphics[width=400pt,bb=0 0 714 180,keepaspectratio=true]{./pt100/pt100.jpg}
% pt100.jpg: 714x180 pixel, 72dpi, 25.19x6.35 cm, bb=0 0 714 180
\caption{PT100 four wire circuit}
\label{fig:pt100}
\end{figure}
\section{Overview of PT100 four wire circuit}
The PT100 four wire circuit consists of two resistors supplying
a current to a third, the thermistor or PT100. By measuring volatges
from sections of this circuit forming potential dividers, we can determine the
current resistance of the platinum wire sensor. The resistance
of this is directly related to temperature, and may be determined by
look-up tables or a suitable polynomial expression.
\begin{figure}[h]
\centering
\includegraphics[width=150pt,bb=0 0 273 483,keepaspectratio=true]{./pt100/vrange.jpg}
% pt100.jpg: 714x180 pixel, 72dpi, 25.19x6.35 cm, bb=0 0 714 180
\caption{PT100 expected voltage ranges}
\label{fig:pt100vrange}
\end{figure}
The voltage ranges we expect from from this three stage potential divider
are shown in figure \ref{fig:pt100vrange}. Note that there is
an expected range for each reading for a given temperature span.
Note that the low reading goes down as temperature increases, and the higher reading goes up.
For this reason the low reading will be reffered to as {\em sense-}
and the higher as {\em sense+}.
\subsection{Accuracy despite variable resistance in cables}
For electronic and accuracy reasons a four wire circuit is preffered
because of resistance in the cables. Resitance from the supply
causes a slight voltage
drop in the supply to the PT100. As no significant current
is carried by the two `sense' lines the resistance back to the ADC
causes only a negligible voltage drop, and thus the four wire
configuration is more accurate.
\subsection{Calculating Temperature from the sense line voltages}
The current flowing though the
whole circuit can be measured on the PCB by reading a third
sense voltage from one of the load resistors. Knowing the current flowing
through the circuit
and knowing the voltage drop over the PT100, we can calculate its
resistance by ohms law $V=I.R$, $R=\frac{I}{V}$.
Thus a little loss of supply current due to resistance in the cables
does not impinge on accuracy.
The resistance to temperature conversion is achieved
through the published PT100 tables\cite{eurothermtables}.
\section{Safety case for 4 wire circuit}
This sub-section looks at the behaviour of the PT100 four wire circuit
for the effects of component failures.
All components have a set of known `failure modes'.
In other words we know that a given component can fail in several distict ways.
Studies have been published which list common component types
and their sets of failure modes, often with MTTF statistics \cite{mil1991}.
Thus for each component, an analysis is made for each of it failure modes,
with respect to its effect on the
circuit. Each one of these scenarios is termed a `test case'.
The resultant circuit behaviour for each of these test cases is noted.
The worst case for this type of
analysis would be a fault that we cannot detect.
Where this occurs a circuit re-design is probably the only sensible course of action.
\subsection{Single Fault FMEA Analysis of PT100 Four wire circuit}
\label{fmea}
This circuit simply consists of three resistors.
Resistors according to the DOD Electronic component fault handbook
1991, fail by either going OPEN or SHORT circuit \cite{mil1991}.
%Should wires become disconnected these will have the same effect as
%given resistors going open.
For the purpose of his analyis;
$R_{1}$ is the \ohms{2k2} from 5V to the thermistor,
$R_p$ is the PT100 thermistor and $R_{2}$ connects the thermistor to ground.
We can define the terms `High Fault' and `Low Fault' here, with reference to figure
\ref{fig:pt100vrange}. Should we get a reading outside the safe green zone
in the diagram we can consider this a fault.
Should the reading be above its expected range this is a `High Fault'
and if below a `Low Fault'.
The Table \ref{ptfmea} plays through the scenarios of each of the resistors failing
in both SHORT and OPEN failure modes, and predicts an error condition in the readings.
The range 0\oc to 300\oc will be analysed using potential divider equations to
to the out of range voltage limits in section \ref{ptbounds}.
\begin{table}[ht]
\caption{PT100 FMEA Single Faults} % title of Table
\centering % used for centering table
\begin{tabular}{||l|c|c|l|l||}
\hline \hline
\textbf{Test} & \textbf{Result} & \textbf{Result } & \textbf{General} \\
\textbf{Case} & \textbf{sense +} & \textbf{sense -} & \textbf{Symtom Description} \\
% R & wire & res + & res - & description
\hline
\hline
$R_1$ SHORT & High Fault & - & Value Out of Range Value \\ \hline
$R_1$ OPEN & Low Fault & Low Fault & Both values out of range \\ \hline
\hline
$R_p$ SHORT & Low Fault & High Fault & Both values out of range \\ \hline
$R_p$ OPEN & High Fault & Low Fault & Both values out of range \\ \hline
\hline
$R_2$ SHORT & - & Low Fault & Value Out of Range Value \\
$R_2$ OPEN & High Fault & High Fault & Both values out of range \\ \hline
\hline
\end{tabular}
\label{ptfmea}
\end{table}
From table \ref{ptfmea} it can be seen that any component failure in the circuit
will cause a common symptom, that of one or more of the values being `out of range'.
Temperature range calculations and detailed calculations
on the effects of each test case are found in section \ref{pt100range}
and \ref{pt100temp}.
So by defining an acceptable measurement/temperature range,
and ensuring the
values are always within these bounds we can be confident that none of the
resistors in this circuit has failed.
\pagebreak
\subsection{Single Fault Modes as PLD}
The component~failure~modes in table \ref{ptfmea} can be represented as contours
on a PLD diagram. Each test case, or analysis into the effects of the component failure
caused by the component~failure is represented by an labelled asterisk.
\begin{figure}[h]
\centering
\includegraphics[width=400pt,bb=0 0 518 365,keepaspectratio=true]{./pt100/pt100_tc.jpg}
% pt100_tc.jpg: 518x365 pixel, 72dpi, 18.27x12.88 cm, bb=0 0 518 365
\caption{PT100 Component Failure Modes}
\label{fig:pt100_tc}
\end{figure}
This circuit supplies two results, sense+ and sense- voltage readings.
To establish the valid voltage ranges for these, and knowing our
valid tempperature range for this example ({0\oc} .. {300\oc}) we can calculate
valid voltage reading ranges by using the standard voltage divider equation \ref{eqn:vd}
for the circuit shown in figure \ref{fig:vd}.
\begin{figure}[h]
\centering
\includegraphics[width=100pt,bb=0 0 183 170,keepaspectratio=true]{./pt100/voltage_divider.png}
% voltage_divider.png: 183x170 pixel, 72dpi, 6.46x6.00 cm, bb=0 0 183 170
\caption{Voltage Divider}
\label{fig:vd}
\end{figure}
%The looking at figure \ref{fig:vd} the standard voltage divider formula (equation \ref{eqn:vd}) is used.
\begin{equation}
\label{eqn:vd}
V_{out} = V_{in}.\frac{Z2}{Z2+Z1}
\end{equation}
\subsection{Range and PT100 Calculations}
\label{pt100temp}
PT100 resistors are designed to
have a resistance of ohms{100} at 0 \oc \cite{eurothermtables}.
A suitable `wider than to be expected range' was considered to be {0\oc} to {300\oc}
for a given application.
According to the Eurotherm PT100
tables \cite{eurothermtables}, this corresponded to the resistances \ohms{60.28}
and \ohms{212.02} respectively. From this the potential divider circuit can be
analysed and the maximum and minimum acceptable voltages determined.
These can be used as bounds results to apply the findings from the
PT100 FMEA analysis in section \ref{fmea}.
As the PT100 forms a potential divider with the \ohms{2k2} load resistors,
the upper and lower readings can be calculated thus:
$$ highreading = 5V.\frac{2k2+pt100}{2k2+2k2+pt100} $$
$$ lowreading = 5V.\frac{2k2}{2k2+2k2+pt100} $$
To convert these to twelve bit ADC (\adctw) counts:
$$ highreading = 2^{12}.\frac{2k2+pt100}{2k2+2k2+pt100} $$
$$ lowreading = 2^{12}.\frac{2k2}{2k2+2k2+pt100} $$
\begin{table}[ht]
\caption{PT100 Maximum and Minimum Values} % title of Table
\centering % used for centering table
\begin{tabular}{||c|c|c|l|l||}
\hline \hline
\textbf{Temperature} & \textbf{PT100 resistance} &
\textbf{Lower} & \textbf{Higher} & \textbf{Description} \\
\hline
% {-100 \oc} & {\ohms{68.28}} & 2.46V & 2.53V & Boundary of \\
% & & 2017\adctw & 2079\adctw & out of range LOW \\ \hline
{0 \oc} & {\ohms{100}} & 2.44V & 2.56V & Boundary of \\
& & 2002\adctw & 2094\adctw & out of range LOW \\ \hline
{+300 \oc} & {\ohms{212.02}} & 2.38V & 2.62V & Boundary of \\
& & 1954\adctw & 2142\adctw & out of range HIGH \\ \hline
\hline
\end{tabular}
\label{ptbounds}
\end{table}
Table \ref{ptbounds} gives ranges that determine correct operation. In fact it can be shown that
for any single error (short or opening of any resistor) this bounds check
will detect it.
%\vbox{
%\subsubsection{Calculating Bounds: High Value : HP48 RPL}
%
%
%HP RPL calculator program to take pt100 resistance
%and convert to voltage and {\adctw} values.
%
%\begin{verbatim}
%<< -> p
% <<
% p 2200 + 2200 2200 + p + / 5 * DUP 5
% / 4096 *
% >>
%>>
%\end{verbatim}
%}
%
%\vbox{
%\subsubsection{Calculating Bounds: LOW Value : HP48 RPL}
%
%
%HP RPL calculator program to take pt100 resistance
%and convert to voltage and {\adctw} values.
%
%\begin{verbatim}
%<< -> p
% <<
% p 2200 2200 p 2200 + + / 5 * DUP 5
% / 4096 *
% >>
%>>
%\end{verbatim}
%}
%
%\subsection{Implementation of Four Wire Circuit}
%
%A standard 4 wire PT100\cite[pp 992]{aoe} circuit is read by
%ports on the 12 bit ADC of the PIC18F2523\cite{pic18f2523}.
%Three readings are taken. A reading to confirm the voltage level
%over $R_2$ is taken,
%from which the current can be determined.
%The two sense lines then give the vo
\section{Single Fault FMEA Analysis of PT100 Four wire circuit}
\subsection{Single Fault Modes as PLD}
The component~failure~modes in table \ref{ptfmea} can be represented as contours
on a PLD diagram. Each test case, or analysis into the effects of the component failure
caused by the component~failure is represented by an labelled asterisk.
\begin{figure}[h]
\centering
\includegraphics[width=400pt,bb=0 0 518 365,keepaspectratio=true]{./pt100/pt100_tc.jpg}
% pt100_tc.jpg: 518x365 pixel, 72dpi, 18.27x12.88 cm, bb=0 0 518 365
\caption{PT100 Component Failure Modes}
\label{fig:pt100_tc}
\end{figure}
This circuit supplies two results, sense+ and sense- voltage readings.
To establish the valid voltage ranges for these, and knowing our
valid tempperature range for this example ({0\oc} .. {300\oc}) we can calculate
valid voltage reading ranges by using the standard voltage divider equation \ref{eqn:vd}
for the circuit shown in .
\subsection{Proof of Out of Range Values for Failures}
\label{pt110range}
Using the temperature ranges defined above we can compare the voltages
we would get from the resistor failures to prove that they are
`out of range'. There are six test cases and each will be examined in turn.
\subsubsection{ TC1 : Voltages $R_1$ SHORT }
With pt100 at 0\oc
$$ highreading = 5V $$
Since the highreading or sense+ is directly connected to the 5V rail,
both temperature readings will be 5V..
$$ lowreading = 5V.\frac{2k2}{2k2+68\Omega} = 4.85V$$
With pt100 at the high end of the temperature range 300\oc.
$$ highreading = 5V $$
$$ lowreading = 5V.\frac{2k2}{2k2+212.02\Omega} = 4.56V$$
Thus with $R_1$ shorted both readingare outside the
proscribed range in table \ref{ptbounds}.
\subsubsection{ TC2 : Voltages $R_1$ OPEN }
In this case the 5V rail is disconnected. All voltages read are 0V, and
therefore both readings are outside the
proscribed range in table \ref{ptbounds}.
\subsubsection{ TC 4 : Voltages $R_2$ SHORT }
With pt100 at -100\oc
$$ lowreading = 0V $$
Since the lowreading or sense- is directly connected to the 0V rail,
both temperature readings will be 0V.
$$ lowreading = 5V.\frac{68\Omega}{2k2+68\Omega} = 0.15V$$
With pt100 at the high end of the temperature range 300\oc.
$$ highreading = 5V $$
$$ lowreading = 5V.\frac{212.02\Omega}{2k2+212.02\Omega} = 0.44V$$
Thus with $R_2$ shorted both readingare outside the
proscribed range in table \ref{ptbounds}.
\subsubsection{ TC : 5 Voltages $R_2$ OPEN }
Here there is no potential divider operating and both sense lines
will read 5V, outside of the proscibed range.
\subsubsection{ TC 5 : Voltages $R_3$ SHORT }
Here the potential divider is simply between
the two 2k2 load resistors. Thus it will read a nominal;
2.5V.
Assuming the load resistors are
precision components, and then taking an absolute worst case of 1\% either way.
$$ 5V.\frac{2k2*0.99}{2k2*1.01+2k2*0.99} = 2.475V $$
$$ 5V.\frac{2k2*1.01}{2k2*1.01+2k2*0.99} = 2.525V $$
These readings both lie outside the proscribed range.
Also the sense+ and sense- readings would have the same value.
\subsubsection{ TC 6 : Voltages $R_3$ OPEN }
Here the potential divider is broken. The sense- will read 0V and the sense+ will
read 5V. Both readings are outside the proscribed range.
\subsection{Summary of Analysis}
All six test cases have been analysed and the results agree with the hypothesis
put in Table \ref{ptfmea}. The PLD diagram, can now be used to collect the
symptoms. In this case there is a common and easily detected symptom for all these single
resistor faults : Voltage out of range.
A spider can be drawn on the PLD diagram to this effect.
\begin{figure}[h]
\centering
\includegraphics[width=400pt,bb=0 0 518 365,keepaspectratio=true]{./pt100/pt100_tc_sp.jpg}
% pt100_tc.jpg: 518x365 pixel, 72dpi, 18.27x12.88 cm, bb=0 0 518 365
\caption{PT100 Component Failure Modes}
\label{fig:pt100_tc_sp}
\end{figure}
%Interestingly we can calculate the failure statistics for this circuit now.
%Mill 1991 gives resistor stats of ${10}^{11}$ times 6 (can we get special stats for pt100) ???
The PT100 analysis presents a simple result for single faults.
The next analysis phase looks at how the circuit will behave under double simultaneous failure
conditions.
\section{ PT100 Double Simultaneous Fault Analysis}
% typeset in {\Huge \LaTeX} \today

516
burner/pt100.tex~ Normal file
View File

@ -0,0 +1,516 @@
%
% Make the revision and doc number macro's then they are defined in one place
\begin{abstract}
The PT100, or platinum wire \ohms{100} sensor is
a wisely used industrial temperature sensor that is
are slowly replacing the use of thermocouples in many
industrial applications below 600\oc, due to high accuracy\cite{aoe}.
This chapter looks at the most common configuration, the
four wire circuit, and analyses it from an FMEA perspective twice.
Once considering single faults (cardinality constrained powerset of 1) and then again, considering the
possibility of double simultaneous faults (cardinality constrained powerset of 2).
The analysis is performed using Propositional Logic
diagrasms to assist the reasoning process.
This chapter describes taking
the failure modes of the components, analysing the circuit using FMEA
and producing a failure mode model for the circuit as a whole.
Thus after the analysis the PT100 temperature sensing circuit, may be veiwed
from an FMEA persepective as a component itsself, with a set of know failure modes.
\end{abstract}
\begin{figure}[h]
\centering
\includegraphics[width=400pt,bb=0 0 714 180,keepaspectratio=true]{./pt100/pt100.jpg}
% pt100.jpg: 714x180 pixel, 72dpi, 25.19x6.35 cm, bb=0 0 714 180
\caption{PT100 four wire circuit}
\label{fig:pt100}
\end{figure}
\section{Overview of PT100 four wire circuit}
The PT100 four wire circuit consists of two resistors supplying
a current to a third, the thermistor or PT100. By measuring volatges
from sections of this circuit forming potential dividers, we can determine the
current resistance of the platinum wire sensor. The resistance
of this is directly related to temperature, and may be determined by
look-up tables or a suitable polynomial expression.
\begin{figure}[h]
\centering
\includegraphics[width=150pt,bb=0 0 273 483,keepaspectratio=true]{./pt100/vrange.jpg}
% pt100.jpg: 714x180 pixel, 72dpi, 25.19x6.35 cm, bb=0 0 714 180
\caption{PT100 expected voltage ranges}
\label{fig:pt100vrange}
\end{figure}
The voltage ranges we expect from from this three stage potential divider
are shown in figure \ref{fig:pt100vrange}. Note that there is
an expected range for each reading for a given temperature span.
Note that the low reading goes down as temperature increases, and the higher reading goes up.
For this reason the low reading will be reffered to as {\em sense-}
and the higher as {\em sense+}.
\subsection{Accuracy despite variable resistance in cables}
For electronic and accuracy reasons a four wire circuit is preffered
because of resistance in the cables. Resitance from the supply
causes a slight voltage
drop in the supply to the PT100. As no significant current
is carried by the two `sense' lines the resistance back to the ADC
causes only a negligible voltage drop, and thus the four wire
configuration is more accurate.
\subsection{Calculating Temperature from the sense line voltages}
The current flowing though the
whole circuit can be measured on the PCB by reading a third
sense voltage from one of the load resistors. Knowing the current flowing
through the circuit
and knowing the voltage drop over the PT100, we can calculate its
resistance by ohms law $V=I.R$, $R=\frac{I}{V}$.
Thus a little loss of supply current due to resistance in the cables
does not impinge on accuracy.
The resistance to temperature conversion is achieved
through the published PT100 tables\cite{eurothermtables}.
\section{Safety case for 4 wire circuit}
This sub-section looks at the behaviour of the PT100 four wire circuit
for the effects of component failures.
All components have a set of known `failure modes'.
In other words we know that a given component can fail in several distict ways.
Studies have been published which list common component types
and their sets of failure modes, often with MTTF statistics \cite{mil1991}.
Thus for each component, an analysis is made for each of it failure modes,
with respect to its effect on the
circuit. Each one of these scenarios is termed a `test case'.
The resultant circuit behaviour for each of these test cases is noted.
The worst case for this type of
analysis would be a fault that we cannot detect.
Where this occurs a circuit re-design is probably the only sensible course of action.
\subsection{Single Fault FMEA Analysis of PT100 Four wire circuit}
\label{fmea}
This circuit simply consists of three resistors.
Resistors according to the DOD Electronic component fault handbook
1991, fail by either going OPEN or SHORT circuit \cite{mil1991}.
%Should wires become disconnected these will have the same effect as
%given resistors going open.
For the purpose of his analyis;
$R_{1}$ is the \ohms{2k2} from 5V to the thermistor,
$R_3$ is the PT100 thermistor and $R_{2}$ connects the thermistor to ground.
We can define the terms `High Fault' and `Low Fault' here, with reference to figure
\ref{fig:pt100vrange}. Should we get a reading outside the safe green zone
in the diagram we can consider this a fault.
Should the reading be above its expected range this is a `High Fault'
and if below a `Low Fault'.
The Table \ref{ptfmea} plays through the scenarios of each of the resistors failing
in both SHORT and OPEN failure modes, and hypothesises an error condition in the readings.
The range 0\oc to 300\oc will be analysed using potential divider equations to
determine out of range voltage limits in section \ref{ptbounds}.
\begin{table}[ht]
\caption{PT100 FMEA Single Faults} % title of Table
\centering % used for centering table
\begin{tabular}{||l|c|c|l|l||}
\hline \hline
\textbf{Test} & \textbf{Result} & \textbf{Result } & \textbf{General} \\
\textbf{Case} & \textbf{sense +} & \textbf{sense -} & \textbf{Symtom Description} \\
% R & wire & res + & res - & description
\hline
\hline
$R_1$ SHORT & High Fault & - & Value Out of Range Value \\ \hline
$R_1$ OPEN & Low Fault & Low Fault & Both values out of range \\ \hline
\hline
$R_3$ SHORT & Low Fault & High Fault & Both values out of range \\ \hline
$R_3$ OPEN & High Fault & Low Fault & Both values out of range \\ \hline
\hline
$R_2$ SHORT & - & Low Fault & Value Out of Range Value \\
$R_2$ OPEN & High Fault & High Fault & Both values out of range \\ \hline
\hline
\end{tabular}
\label{ptfmea}
\end{table}
From table \ref{ptfmea} it can be seen that any component failure in the circuit
should cause a common symptom, that of one or more of the values being `out of range'.
Temperature range calculations and detailed calculations
on the effects of each test case are found in section \ref{pt100range}
and \ref{pt100temp}.
\pagebreak
% \subsection{Single Fault Modes as PLD}
%
% The component~failure~modes in table \ref{ptfmea} can be represented as contours
% on a PLD diagram. Each test case, or analysis into the effects of the component failure
% caused by the component~failure is represented by an labelled asterisk.
%
%
% \begin{figure}[h]
% \centering
% \includegraphics[width=400pt,bb=0 0 518 365,keepaspectratio=true]{./pt100/pt100_tc.jpg}
% % pt100_tc.jpg: 518x365 pixel, 72dpi, 18.27x12.88 cm, bb=0 0 518 365
% \caption{PT100 Component Failure Modes}
% \label{fig:pt100_tc}
% \end{figure}
%
% This circuit supplies two results, sense+ and sense- voltage readings.
% To establish the valid voltage ranges for these, and knowing our
% valid tempperature range for this example ({0\oc} .. {300\oc}) we can calculate
% valid voltage reading ranges by using the standard voltage divider equation \ref{eqn:vd}
% for the circuit shown in figure \ref{fig:vd}.
\begin{figure}[h]
\centering
\includegraphics[width=100pt,bb=0 0 183 170,keepaspectratio=true]{./pt100/voltage_divider.png}
% voltage_divider.png: 183x170 pixel, 72dpi, 6.46x6.00 cm, bb=0 0 183 170
\caption{Voltage Divider}
\label{fig:vd}
\end{figure}
%The looking at figure \ref{fig:vd} the standard voltage divider formula (equation \ref{eqn:vd}) is used.
\begin{equation}
\label{eqn:vd}
V_{out} = V_{in}.\frac{Z2}{Z2+Z1}
\end{equation}
\subsection{Range and PT100 Calculations}
\label{pt100temp}
PT100 resistors are designed to
have a resistance of ohms{100} at 0 \oc \cite{eurothermtables}.
A suitable `wider than to be expected range' was considered to be {0\oc} to {300\oc}
for a given application.
According to the Eurotherm PT100
tables \cite{eurothermtables}, this corresponded to the resistances \ohms{60.28}
and \ohms{212.02} respectively. From this the potential divider circuit can be
analysed and the maximum and minimum acceptable voltages determined.
These can be used as bounds results to apply the findings from the
PT100 FMEA analysis in section \ref{fmea}.
As the PT100 forms a potential divider with the \ohms{2k2} load resistors,
the upper and lower readings can be calculated thus:
$$ highreading = 5V.\frac{2k2+pt100}{2k2+2k2+pt100} $$
$$ lowreading = 5V.\frac{2k2}{2k2+2k2+pt100} $$
So by defining an acceptable measurement/temperature range,
and ensuring the
values are always within these bounds we can be confident that none of the
resistors in this circuit has failed.
To convert these to twelve bit ADC (\adctw) counts:
$$ highreading = 2^{12}.\frac{2k2+pt100}{2k2+2k2+pt100} $$
$$ lowreading = 2^{12}.\frac{2k2}{2k2+2k2+pt100} $$
\begin{table}[ht]
\caption{PT100 Maximum and Minimum Values} % title of Table
\centering % used for centering table
\begin{tabular}{||c|c|c|l|l||}
\hline \hline
\textbf{Temperature} & \textbf{PT100 resistance} &
\textbf{Lower} & \textbf{Higher} & \textbf{Description} \\
\hline
% {-100 \oc} & {\ohms{68.28}} & 2.46V & 2.53V & Boundary of \\
% & & 2017\adctw & 2079\adctw & out of range LOW \\ \hline
{0 \oc} & {\ohms{100}} & 2.44V & 2.56V & Boundary of \\
& & 2002\adctw & 2094\adctw & out of range LOW \\ \hline
{+300 \oc} & {\ohms{212.02}} & 2.38V & 2.62V & Boundary of \\
& & 1954\adctw & 2142\adctw & out of range HIGH \\ \hline
\hline
\end{tabular}
\label{ptbounds}
\end{table}
Table \ref{ptbounds} gives ranges that determine correct operation. In fact it can be shown that
for any single error (short or opening of any resistor) this bounds check
will detect it.
%\vbox{
%\subsubsection{Calculating Bounds: High Value : HP48 RPL}
%
%
%HP RPL calculator program to take pt100 resistance
%and convert to voltage and {\adctw} values.
%
%\begin{verbatim}
%<< -> p
% <<
% p 2200 + 2200 2200 + p + / 5 * DUP 5
% / 4096 *
% >>
%>>
%\end{verbatim}
%}
%
%\vbox{
%\subsubsection{Calculating Bounds: LOW Value : HP48 RPL}
%
%
%HP RPL calculator program to take pt100 resistance
%and convert to voltage and {\adctw} values.
%
%\begin{verbatim}
%<< -> p
% <<
% p 2200 2200 p 2200 + + / 5 * DUP 5
% / 4096 *
% >>
%>>
%\end{verbatim}
%}
%
%\subsection{Implementation of Four Wire Circuit}
%
%A standard 4 wire PT100\cite[pp 992]{aoe} circuit is read by
%ports on the 12 bit ADC of the PIC18F2523\cite{pic18f2523}.
%Three readings are taken. A reading to confirm the voltage level
%over $R_2$ is taken,
%from which the current can be determined.
%The two sense lines then give the vo
\section{Single Fault FMEA Analysis of PT100 Four wire circuit}
\subsection{Single Fault Modes as PLD}
The component~failure~modes in table \ref{ptfmea} can be represented as contours
on a PLD diagram. Each test case, or analysis into the effects of the component failure
caused by the component~failure is represented by an labelled asterisk.
\begin{figure}[h]
\centering
\includegraphics[width=400pt,bb=0 0 518 365,keepaspectratio=true]{./pt100/pt100_tc.jpg}
% pt100_tc.jpg: 518x365 pixel, 72dpi, 18.27x12.88 cm, bb=0 0 518 365
\caption{PT100 Component Failure Modes}
\label{fig:pt100_tc}
\end{figure}
This circuit supplies two results, sense+ and sense- voltage readings.
To establish the valid voltage ranges for these, and knowing our
valid tempperature range for this example ({0\oc} .. {300\oc}) we can calculate
valid voltage reading ranges by using the standard voltage divider equation \ref{eqn:vd}
for the circuit shown in .
\subsection{Proof of Out of Range Values for Failures}
\label{pt110range}
Using the temperature ranges defined above we can compare the voltages
we would get from the resistor failures to prove that they are
`out of range'. There are six test cases and each will be examined in turn.
\subsubsection{ TC1 : Voltages $R_1$ SHORT }
With pt100 at 0\oc
$$ highreading = 5V $$
Since the highreading or sense+ is directly connected to the 5V rail,
both temperature readings will be 5V..
$$ lowreading = 5V.\frac{2k2}{2k2+68\Omega} = 4.85V$$
With pt100 at the high end of the temperature range 300\oc.
$$ highreading = 5V $$
$$ lowreading = 5V.\frac{2k2}{2k2+212.02\Omega} = 4.56V$$
Thus with $R_1$ shorted both readingare outside the
proscribed range in table \ref{ptbounds}.
\subsubsection{ TC2 : Voltages $R_1$ OPEN }
In this case the 5V rail is disconnected. All voltages read are 0V, and
therefore both readings are outside the
proscribed range in table \ref{ptbounds}.
\subsubsection{ TC 4 : Voltages $R_2$ SHORT }
With pt100 at -100\oc
$$ lowreading = 0V $$
Since the lowreading or sense- is directly connected to the 0V rail,
both temperature readings will be 0V.
$$ lowreading = 5V.\frac{68\Omega}{2k2+68\Omega} = 0.15V$$
With pt100 at the high end of the temperature range 300\oc.
$$ highreading = 5V $$
$$ lowreading = 5V.\frac{212.02\Omega}{2k2+212.02\Omega} = 0.44V$$
Thus with $R_2$ shorted both readingare outside the
proscribed range in table \ref{ptbounds}.
\subsubsection{ TC : 5 Voltages $R_2$ OPEN }
Here there is no potential divider operating and both sense lines
will read 5V, outside of the proscibed range.
\subsubsection{ TC 5 : Voltages $R_3$ SHORT }
Here the potential divider is simply between
the two 2k2 load resistors. Thus it will read a nominal;
2.5V.
Assuming the load resistors are
precision components, and then taking an absolute worst case of 1\% either way.
$$ 5V.\frac{2k2*0.99}{2k2*1.01+2k2*0.99} = 2.475V $$
$$ 5V.\frac{2k2*1.01}{2k2*1.01+2k2*0.99} = 2.525V $$
These readings both lie outside the proscribed range.
Also the sense+ and sense- readings would have the same value.
\subsubsection{ TC 6 : Voltages $R_3$ OPEN }
Here the potential divider is broken. The sense- will read 0V and the sense+ will
read 5V. Both readings are outside the proscribed range.
\subsection{Summary of Analysis}
All six test cases have been analysed and the results agree with the hypothesis
put in Table \ref{ptfmea}. The PLD diagram, can now be used to collect the
symptoms. In this case there is a common and easily detected symptom for all these single
resistor faults : Voltage out of range.
A spider can be drawn on the PLD diagram to this effect.
In practical use, by defining an acceptable measurement/temperature range,
and ensuring the
values are always within these bounds we can be confident that none of the
resistors in this circuit has failed.
\begin{figure}[h]
\centering
\includegraphics[width=400pt,bb=0 0 518 365,keepaspectratio=true]{./pt100/pt100_tc_sp.jpg}
% pt100_tc.jpg: 518x365 pixel, 72dpi, 18.27x12.88 cm, bb=0 0 518 365
\caption{PT100 Component Failure Modes}
\label{fig:pt100_tc_sp}
\end{figure}
The PT100 circuit can now be treated as a component in its own right, and has one failure mode,
{\textbf OUT\_OF\_RANGE}. It can now be represnted as a PLD see figure \ref{fig:pt100_singlef}.
\begin{figure}[h]
\centering
\includegraphics[width=100pt,bb=0 0 167 194,keepaspectratio=true]{./pt100/pt100_singlef.jpg}
% pt100_singlef.jpg: 167x194 pixel, 72dpi, 5.89x6.84 cm, bb=0 0 167 194
\caption{PT100 Circuit Failure Modes : From Single Faults Analysis}
\label{fig:pt100_singlef}
\end{figure}
%Interestingly we can calculate the failure statistics for this circuit now.
%Mill 1991 gives resistor stats of ${10}^{11}$ times 6 (can we get special stats for pt100) ???
The PT100 analysis presents a simple result for single faults.
% OK we can look at stats here.
% the probabilities of the faults occurring in failures per billion hours
% of operation.
\subsection{Statistical MTTF for the PT100 circuit}
Mil1991\cite{mil1991} gives a mean time to failure for a fixed film resistor
at up to 60oC at a low stress (current) level as
$$0.00092 . 1.0 . 15 . 1.0 . 1000$$
13.8 failure per billion hours of operation.
RAC \cite{rac} states that a resistor will fail 9/10 OPEN and 1/10 SHORT.
So 13.8 - 1.38 OPEN
1.38 SHORT
MILL 1991 gives Thermisitors, bead $$0.21 15 1.0 1000$$
3150 failures per billion hours of operation.
Again we can apply the RAC division of resistor errors.
We can now see the six error types and see a statistical
prediction of which will occur. We can also
determine the reliability of the circuit as a whole.
The next analysis phase looks at how the circuit will behave under double simultaneous failure
conditions.
\section{ PT100 Double Simultaneous Fault Analysis}
% typeset in {\Huge \LaTeX} \today
%
%\begin{table}[ht]
%\caption{PT100 Maximum and Minimum Values} % title of Table
%\centering % used for centering table
%\begin{tabular}{||c|c|c|l|l||}
%\hline \hline
% \textbf{Temperature} & \textbf{PT100 resistance} &
%\textbf{Lower} & \textbf{Higher} & \textbf{Description} \\
%\hline
%% {-100 \oc} & {\ohms{68.28}} & 2.46V & 2.53V & Boundary of \\
%% & & 2017\adctw & 2079\adctw & out of range LOW \\ \hline
% {0 \oc} & {\ohms{100}} & 2.44V & 2.56V & Boundary of \\
% & & 2002\adctw & 2094\adctw & out of range LOW \\ \hline
% {+300 \oc} & {\ohms{212.02}} & 2.38V & 2.62V & Boundary of \\
% & & 1954\adctw & 2142\adctw & out of range HIGH \\ \hline
%\hline
%\end{tabular}
%\label{ptbounds}
%\end{table}
%
\begin{table}[ht]
\caption{PT100 FMEA Single Fault Statistics} % title of Table
\centering % used for centering table
\begin{tabular}{||l|c|c|l|c||}
\hline \hline
\textbf{Test} & \textbf{Result} & \textbf{Result } & \textbf{MTTF} \\
\textbf{Case} & \textbf{sense +} & \textbf{sense -} & \textbf{per $10^9$ hours of operation} \\
% R & wire & res + & res - & description
\hline
\hline
$R_1$ SHORT & High Fault & - & 12.42 \\ \hline
$R_1$ OPEN & Low Fault & Low Fault & 1.38 \\ \hline
\hline
$R_3$ SHORT & Low Fault & High Fault & 2835 \\ \hline
$R_3$ OPEN & High Fault & Low Fault & 315 \\ \hline
\hline
$R_2$ SHORT & - & Low Fault & 12.42 \\
$R_2$ OPEN & High Fault & High Fault & 1.38 \\ \hline
\hline
\end{tabular}
\label{pt100_single_stats}
\end{table}
The ciruit overall has a MTTF of (13.8*2 + 3150) 3177.6
per billion ($10^9$) hours of operation.
This gives an individual circuit a MTTF of around 39 years.
Interestingly though we can now look at the results of our analysis
as a probablistioc tree. We can see the overall reliability of the circuit
and we can see the most likely fault (the thermisitor going OPEN circuit).
The circuit is 8 times more likely to fail in this way than in any other.
Were we to need a more reliable temperature sensor this would probably
be the component area we would scrutinise first.

434
burner/pt100_paper.tex Normal file
View File

@ -0,0 +1,434 @@
%
% Make the revision and doc number macro's then they are defined in one place
\begin{abstract}
The PT100, or platinum wire \ohms{100} sensor is
a widely used industrial temperature sensor that is
slowly replacing the use of thermocouples in many
industrial applications below 600\oc, due to high accuracy\cite{aoe}.
This chapter looks at the most common configuration, the
four wire circuit, and analyses it from an FMEA perspective twice.
Once considering single faults (cardinality constrained powerset of 1) and then again, considering the
possibility of double faults (cardinality constrained powerset of 2).
The analysis is performed using Propositional Logic
diagrams to assist the reasoning process.
This chapter describes taking
the failure modes of the components, analysing the circuit using FMEA
and producing a failure mode model for the circuit as a whole.
Thus after the analysis the PT100 temperature sensing circuit, may be veiwed
from an FMEA persepective as a component itself, with a set of known failure modes.
\end{abstract}
\begin{figure}[h]
\centering
\includegraphics[width=400pt,bb=0 0 714 180,keepaspectratio=true]{./pt100.jpg}
% pt100.jpg: 714x180 pixel, 72dpi, 25.19x6.35 cm, bb=0 0 714 180
\caption{PT100 four wire circuit}
\label{fig:pt100}
\end{figure}
\section{Overview of PT100 four wire circuit}
The PT100 four wire circuit uses two wires to supply small electrical current,
and returns two sense volages by the other two.
By measuring volatges
from sections of this circuit forming potential dividers, we can determine the
resistance of the platinum wire sensor. The resistance
of this is directly related to temperature, and may be determined by
look-up tables or a suitable polynomial expression.
\begin{figure}[h]
\centering
\includegraphics[width=150pt,bb=0 0 273 483,keepaspectratio=true]{./vrange.jpg}
% pt100.jpg: 714x180 pixel, 72dpi, 25.19x6.35 cm, bb=0 0 714 180
\caption{PT100 expected voltage ranges}
\label{fig:pt100vrange}
\end{figure}
The voltage ranges we expect from this three stage potential divider
are shown in figure \ref{fig:pt100vrange}. Note that there is
an expected range for each reading, for a given temperature span.
Note that the low reading goes down as temperature increases, and the higher reading goes up.
For this reason the low reading will be reffered to as {\em sense-}
and the higher as {\em sense+}.
\subsection{Accuracy despite variable \\ resistance in cables}
For electronic and accuracy reasons a four wire circuit is preffered
because of resistance in the cables. Resistance from the supply
causes a slight voltage
drop in the supply to the PT100. As no significant current
is carried by the two `sense' lines the resistance back to the ADC
causes only a negligible voltage drop, and thus the four wire
configuration is more accurate.
\subsection{Calculating Temperature from \\ the sense line voltages}
The current flowing though the
whole circuit can be measured on the PCB by reading a third
sense voltage from one of the load resistors. Knowing the current flowing
through the circuit
and knowing the voltage drop over the PT100, we can calculate its
resistance by ohms law $V=I.R$, $R=\frac{V}{I}$.
Thus a little loss of supply current due to resistance in the cables
does not impinge on accuracy.
The resistance to temperature conversion is achieved
through the published PT100 tables\cite{eurothermtables}.
\section{Safety case for 4 wire circuit}
This sub-section looks at the behaviour of the PT100 four wire circuit
for the effects of component failures.
All components have a set of known `failure modes'.
In other words we know that a given component can fail in several distinct ways.
Studies have been published which list common component types
and their sets of failure modes, often with MTTF statistics \cite{mil1991}.
Thus for each component, an analysis is made for each of it failure modes,
with respect to its effect on the
circuit. Each one of these scenarios is termed a `test case'.
The resultant circuit behaviour for each of these test cases is noted.
The worst case for this type of
analysis would be a fault that we cannot detect.
Where this occurs a circuit re-design is probably the only sensible course of action.
\subsection{Single Fault FMEA Analysis \\ of PT100 Four wire circuit}
\label{fmea}
This circuit simply consists of three resistors.
Resistors according to the DOD Electronic component fault handbook
1991, fail by either going OPEN or SHORT circuit \cite{mil1991}.
%Should wires become disconnected these will have the same effect as
%given resistors going open.
For the purpose of this analyis;
$R_{1}$ is the \ohms{2k2} from 5V to the thermistor,
$R_3$ is the PT100 thermistor and $R_{2}$ connects the thermistor to ground.
We can define the terms `High Fault' and `Low Fault' here, with reference to figure
\ref{fig:pt100vrange}. Should we get a reading outside the safe green zone
in the diagram we can consider this a fault.
Should the reading be above its expected range this is a `High Fault'
and if below a `Low Fault'.
Table \ref{ptfmea} plays through the scenarios of each of the resistors failing
in both SHORT and OPEN failure modes, and hypothesises an error condition in the readings.
The range {0\oc} to {300\oc} will be analysed using potential divider equations to
determine out of range voltage limits in section \ref{ptbounds}.
\begin{table}[ht]
\caption{PT100 FMEA Single Faults} % title of Table
\centering % used for centering table
\begin{tabular}{||l|c|c|l|l||}
\hline \hline
\textbf{Test} & \textbf{Result} & \textbf{Result } & \textbf{General} \\
\textbf{Case} & \textbf{sense +} & \textbf{sense -} & \textbf{Symtom Description} \\
% R & wire & res + & res - & description
\hline
\hline
$R_1$ SHORT & High Fault & - & Value Out of Range Value \\ \hline
$R_1$ OPEN & Low Fault & Low Fault & Both values out of range \\ \hline
\hline
$R_3$ SHORT & Low Fault & High Fault & Both values out of range \\ \hline
$R_3$ OPEN & High Fault & Low Fault & Both values out of range \\ \hline
\hline
$R_2$ SHORT & - & Low Fault & Value Out of Range Value \\
$R_2$ OPEN & High Fault & High Fault & Both values out of range \\ \hline
\hline
\end{tabular}
\label{ptfmea}
\end{table}
From table \ref{ptfmea} it can be seen that any component failure in the circuit
should cause a common symptom, that of one or more of the values being `out of range'.
Temperature range calculations and detailed calculations
on the effects of each test case are found in section \ref{pt100range}
and \ref{pt100temp}.
\subsection{Range and PT100 Calculations}
\label{pt100temp}
PT100 resistors are designed to
have a resistance of \ohms{100} at {0\oc} \cite{aoe},\cite{eurothermtables}.
A suitable `wider than to be expected range' was considered to be {0\oc} to {300\oc}
for a given application.
According to the Eurotherm PT100
tables \cite{eurothermtables}, this corresponded to the resistances \ohms{100}
and \ohms{212.02} respectively. From this the potential divider circuit can be
analysed and the maximum and minimum acceptable voltages determined.
These can be used as bounds results to apply the findings from the
PT100 FMEA analysis in section \ref{fmea}.
As the PT100 forms a potential divider with the \ohms{2k2} load resistors,
the upper and lower readings can be calculated thus:
$$ highreading = 5V.\frac{2k2+pt100}{2k2+2k2+pt100} $$
$$ lowreading = 5V.\frac{2k2}{2k2+2k2+pt100} $$
So by defining an acceptable measurement/temperature range,
and ensuring the
values are always within these bounds we can be confident that none of the
resistors in this circuit has failed.
To convert these to twelve bit ADC (\adctw) counts:
$$ highreading = 2^{12}.\frac{2k2+pt100}{2k2+2k2+pt100} $$
$$ lowreading = 2^{12}.\frac{2k2}{2k2+2k2+pt100} $$
\begin{table}[ht]
\caption{PT100 Maximum and Minimum Values} % title of Table
\centering % used for centering table
\begin{tabular}{||c|c|c|l|l||}
\hline \hline
\textbf{Temperature} & \textbf{PT100 resistance} &
\textbf{Lower} & \textbf{Higher} & \textbf{Description} \\
\hline
% {-100 \oc} & {\ohms{68.28}} & 2.46V & 2.53V & Boundary of \\
% & & 2017\adctw & 2079\adctw & out of range LOW \\ \hline
{0 \oc} & {\ohms{100}} & 2.44V & 2.56V & Boundary of \\
& & 2002\adctw & 2094\adctw & out of range LOW \\ \hline
{+300 \oc} & {\ohms{212.02}} & 2.38V & 2.62V & Boundary of \\
& & 1954\adctw & 2142\adctw & out of range HIGH \\ \hline
\hline
\end{tabular}
\label{ptbounds}
\end{table}
Table \ref{ptbounds} gives ranges that determine correct operation. In fact it can be shown that
for any single error (short or opening of any resistor) this bounds check
will detect it.
\section{Single Fault FMEA Analysis \\ of PT100 Four wire circuit}
\subsection{Single Fault Modes as PLD}
The component~failure~modes in table \ref{ptfmea} can be represented as contours
on a PLD diagram.
Each test case, is defined by the contours that enclose
it. The test cases here deal with single faults only
and are thus enclosed by one contour each.
\begin{figure}[h]
\centering
\includegraphics[width=400pt,bb=0 0 518 365,keepaspectratio=true]{./pt100_tc.jpg}
% pt100_tc.jpg: 518x365 pixel, 72dpi, 18.27x12.88 cm, bb=0 0 518 365
\caption{PT100 Component Failure Modes}
\label{fig:pt100_tc}
\end{figure}
This circuit supplies two results, sense+ and sense- voltage readings.
To establish the valid voltage ranges for these, and knowing our
valid temperature range for this example ({0\oc} .. {300\oc}) we can calculate
valid voltage reading ranges by using the standard voltage divider equation \ref{eqn:vd}
for the circuit shown in figure \ref{fig:vd}.
\begin{figure}[h]
\centering
\includegraphics[width=100pt,bb=0 0 183 170,keepaspectratio=true]{./voltage_divider.png}
% voltage_divider.png: 183x170 pixel, 72dpi, 6.46x6.00 cm, bb=0 0 183 170
\caption{Voltage Divider}
\label{fig:vd}
\end{figure}
%The looking at figure \ref{fig:vd} the standard voltage divider formula (equation \ref{eqn:vd}) is used.
\begin{equation}
\label{eqn:vd}
V_{out} = V_{in}.\frac{Z2}{Z2+Z1}
\end{equation}
\subsection{Proof of Out of Range \\ Values for Failures}
\label{pt110range}
Using the temperature ranges defined above we can compare the voltages
we would get from the resistor failures to prove that they are
`out of range'. There are six test cases and each will be examined in turn.
\subsubsection{ TC1 : Voltages $R_1$ SHORT }
With pt100 at 0\oc
$$ highreading = 5V $$
Since the highreading or sense+ is directly connected to the 5V rail,
both temperature readings will be 5V..
$$ lowreading = 5V.\frac{2k2}{2k2+100\Omega} = 4.78V$$
With pt100 at the high end of the temperature range 300\oc.
$$ highreading = 5V $$
$$ lowreading = 5V.\frac{2k2}{2k2+212.02\Omega} = 4.56V$$
Thus with $R_1$ shorted both readingare outside the
proscribed range in table \ref{ptbounds}.
\subsubsection{ TC2 : Voltages $R_1$ OPEN }
In this case the 5V rail is disconnected. All voltages read are 0V, and
therefore both readings are outside the
proscribed range in table \ref{ptbounds}.
\subsubsection{ TC 3 : Voltages $R_2$ SHORT }
With pt100 at 0\oc
$$ lowreading = 0V $$
Since the lowreading or sense- is directly connected to the 0V rail,
both temperature readings will be 0V.
$$ lowreading = 5V.\frac{100\Omega}{2k2+100\Omega} = 0.218V$$
With pt100 at the high end of the temperature range 300\oc.
$$ highreading = 5V $$
$$ lowreading = 5V.\frac{212.02\Omega}{2k2+212.02\Omega} = 0.44V$$
Thus with $R_2$ shorted both readings are outside the
proscribed range in table \ref{ptbounds}.
\subsubsection{ TC : 4 Voltages $R_2$ OPEN }
Here there is no potential divider operating and both sense lines
will read 5V, outside of the proscribed range.
\subsubsection{ TC 5 : Voltages $R_3$ SHORT }
Here the potential divider is simply between
the two 2k2 load resistors. Thus it will read a nominal;
2.5V.
Assuming the load resistors are
precision components, and then taking an absolute worst case of 1\% either way.
$$ 5V.\frac{2k2*0.99}{2k2*1.01+2k2*0.99} = 2.475V $$
$$ 5V.\frac{2k2*1.01}{2k2*1.01+2k2*0.99} = 2.525V $$
These readings both lie outside the proscribed range.
Also the sense+ and sense- readings would have the same value.
\subsubsection{ TC 6 : Voltages $R_3$ OPEN }
Here the potential divider is broken. The sense- will read 0V and the sense+ will
read 5V. Both readings are outside the proscribed range.
\subsection{Summary of Analysis}
All six test cases have been analysed and the results agree with the hypothesis
put in Table \ref{ptfmea}. The PLD diagram, can now be used to collect the
symptoms. In this case there is a common and easily detected symptom for all these single
resistor faults : Voltage out of range.
A spider can be drawn on the PLD diagram to this effect.
In practical use, by defining an acceptable measurement/temperature range,
and ensuring the
values are always within these bounds we can be confident that none of the
resistors in this circuit has failed.
\begin{figure}[h]
\centering
\includegraphics[width=400pt,bb=0 0 518 365,keepaspectratio=true]{./pt100_tc_sp.jpg}
% pt100_tc.jpg: 518x365 pixel, 72dpi, 18.27x12.88 cm, bb=0 0 518 365
\caption{PT100 Component Failure Modes}
\label{fig:pt100_tc_sp}
\end{figure}
The PT100 circuit can now be treated as a component in its own right, and has one failure mode,
{\textbf OUT\_OF\_RANGE}. It can now be represnted as a PLD see figure \ref{fig:pt100_singlef}.
\begin{figure}[h]
\centering
\includegraphics[width=100pt,bb=0 0 167 194,keepaspectratio=true]{./pt100_singlef.jpg}
% pt100_singlef.jpg: 167x194 pixel, 72dpi, 5.89x6.84 cm, bb=0 0 167 194
\caption{PT100 Circuit Failure Modes : From Single Faults Analysis}
\label{fig:pt100_singlef}
\end{figure}
%Interestingly we can calculate the failure statistics for this circuit now.
%Mill 1991 gives resistor stats of ${10}^{11}$ times 6 (can we get special stats for pt100) ???
\clearpage
\subsection{Mean Time to Failure}
Using the MIL1991\cite{mil1991} specifications for resistor and thermistor
failure statistics we calculate the reliability of this circuit.
MIL1991 gives MTTF for a wide range of common components.
It does not specify how the components will fail (in this case OPEN or SHORT). {Some standards, notably EN298 only consider resistors failing in OPEN mode}.
FMD-97 Gives 27\% OPEN and 3\% SHORTED, for resistors under certain electrical and environmental stresses. This example
compromises and uses a 90:10 ratio, for resistor failure.
Thus for this example resistors are expevcted to fail OPEN in 90\% of cases and SHORTED
in the other 10\%.
A standard fixed film resistor, for use in a benign environment, non military spec at
temperatures up to 60\oc is given a probability of 13.8 failures per billion ($10^9$)
hours of operation. This figure is referred to as a FIT\footnote{FIT values are measured as the number of failures per billion hours of operation, (roughly 1.1 Million years). The smaller the FIT number the more reliable the fault~mode}, Failure in time.
A thermistor, bead type, non military spec is given a FIT of 3150.
Using the RIAC finding we can draw up the following table (table \ref{tab:stat_single}),
showing the FIT values for all faults considered.
\begin{table}[h+]
\caption{PT100 FMEA Single // Fault Statistics} % title of Table
\centering % used for centering table
\begin{tabular}{||l|c|c|l|l||}
\hline \hline
\textbf{Test} & \textbf{Result} & \textbf{Result } & \textbf{MTTF} \\
\textbf{Case} & \textbf{sense +} & \textbf{sense -} & \textbf{per $10^9$ hours of operation} \\
% R & wire & res + & res - & description
\hline
\hline
TC:1 $R_1$ SHORT & High Fault & - & 12.42 \\ \hline
TC:2 $R_1$ OPEN & Low Fault & Low Fault & 1.38 \\ \hline
\hline
TC:3 $R_3$ SHORT & Low Fault & High Fault & 2835 \\ \hline
TC:4 $R_3$ OPEN & High Fault & Low Fault & 315 \\ \hline
\hline
TC:5 $R_2$ SHORT & - & Low Fault & 12.42 \\
TC:6 $R_2$ OPEN & High Fault & High Fault & 1.38 \\ \hline
\hline
\end{tabular}
\label{tab:stat_single}
\end{table}
The FIT for the circuit as a whole is the sum of MTTF values for all the
test cases. The PT100 circuit here has a FIT of 3177.6. This is a MTTF of
about 360 years per circuit.
A Probablistic tree can now be drawn, with a FIT value for the PT100
circuit and FIT values for all the component fault modes that it was calculated from.
We can see from this that that the most likely fault is the thermistor going OPEN.
This circuit is 8 times more likely to fail in this way than in any other.
Were we to need a more reliable temperature sensor this would probably
be the fault~mode we would scrutinise first.
\begin{figure}[h+]
\centering
\includegraphics[width=400pt,bb=0 0 856 327,keepaspectratio=true]{./stat_single.jpg}
% stat_single.jpg: 856x327 pixel, 72dpi, 30.20x11.54 cm, bb=0 0 856 327
\caption{Probablistic Fault Tree : PT100 Single Faults}
\label{fig:stat_single}
\end{figure}
The PT100 analysis presents a simple result for single faults.
The next analysis phase looks at how the circuit will behave under double simultaneous failure
conditions.
\clearpage
\section{ PT100 Double Simultaneous \\ Fault Analysis}
% typeset in {\Huge \LaTeX} \today

BIN
burner/stat_single.dia~ Normal file
View File

Binary file not shown.

BIN
burner/vrange.dia~ Normal file
View File

Binary file not shown.

83
component_failure_modes_definition/component_failure_modes_definition.tex
View File

@ -1,6 +1,6 @@
\abstract{ This chapter defines what is meant by the terms \abstract{ This chapter defines what is meant by the terms
components, component fault modess and `unitary~state' component fault modes. components, component fault modes and `unitary~state' component fault modes.
Mathematical constraints and definitions are made using set theory. Mathematical constraints and definitions are made using set theory.
} }
@ -12,15 +12,28 @@ For most common electrical and mechanical components, the failure modes
for a given type of part can be obtained from standard literature\cite{mil1991} for a given type of part can be obtained from standard literature\cite{mil1991}
\cite{mech}. %The failure modes for a given component $K$ form a set $F$. \cite{mech}. %The failure modes for a given component $K$ form a set $F$.
An important factor in defining a failure mode is that they An important factor in defining a set of failure modes is that they
should be as clearly defined as possible. should be as clearly defined as possible.
% %
It should not be possible for instance for It should not be possible for instance for
a component to have two or more failure modes active at once. a component to have two or more failure modes active at once.
Should this be the case, the failure modes have not been clearly analysed.
The combination could be represented by a new failure mode, or Having a set of failure modes where $N$ modes could be active simultaneously
the component should be re-analysed. A set of failure modes where only one fault mode would mean having to consider $2^N$ failure mode scenarios.
%
Should a component be analysed and simultaneous failure mode cases exit,
the combinations could be represented by a new failure modes, or
the component should be considered from a fresh perspective,
perhaps considering it as several smaller components
within one package.
\begin{definition}
A set of failure modes where only one fault mode
can be active at a time is termed a `unitary~state' failure mode set. can be active at a time is termed a `unitary~state' failure mode set.
This is termed the $U$ set thoughout this study.
This corresponds to the `mutually exclusive' definition in
probability theory\cite{probandstat}.
\end{definition}
We can define a function $FM()$ to We can define a function $FM()$ to
take a given component $K$ and return its set of failure modes $F$. take a given component $K$ and return its set of failure modes $F$.
@ -38,61 +51,29 @@ A component with simple ``unitary~state'' failure modes is the electrical resist
Electrical resistors can fail by going OPEN or SHORTED. Electrical resistors can fail by going OPEN or SHORTED.
However they cannot fail with both conditions active. The conditions However they cannot fail with both conditions active. The conditions
OPEN and SHORT are mutually exlusive. OPEN and SHORT are mutually exclusive.
Because of this the failure mode set $F=FM(R)$ is `unitary~state'. Because of this the failure mode set $F=FM(R)$ is `unitary~state'.
%A more complex component, say a micro controller could have several
%faults active. It could for instance have a broken I/O output
%and an unstable ADC input. Here the faults cannot be considered `unitary~state'.
% A set of failure modes, where only one or no failure modes
% are active is termed an `unitary~state' failure mode set. This
% will be donoted as set $A$.
%
To define `unitary~state' using set theory we can define a function
`active'.
The function $active(f)$ deontes that the failure mode $f$ (where $f$ is an element of $F$) is currently active.
Thus for the set $F$ to exist in $U$ the following condition must be true.
\begin{equation}
\label{unitarystate_def}
F \in U | f \in F \wedge active(f) \wedge f1 \in F \wedge f1 \neq f \wedge \neg active(f1)
\end{equation}
As an example the resistor $R$
has two failure modes $R_{open}$ and $R_{shorted}$.
$$ FM(R) = F = \{ R_{open}, R_{shorted} \} $$
Applying equation \ref{`unitarystate'_definition} to a resistor
for both fault modes
$$ active(R_{short}) | R_{short} \in F \wedge R_{open} \in F \wedge R_{open} \neq R_{short} \wedge \neg active(R_{open}) $$
$$ active(R_{open}) | R_{open} \in F \wedge R_{short} \in F \wedge R_{short} \neq R_{open} \wedge \neg active(R_{short}) $$
For the case of the resistor with only two failure modes the results above, being true,
show that the failure modes for a resistor of $ F = \{ R_{open}, R_{shorted} \} $ are `unitary~state'
component failure modes.
Thus Thus
$$ FM(R) = \{ R_{open}, R_{shorted} \} \in U $$
$$ R_{SHORTED} \cap R_{OPEN} = \emptyset $$
A general case can be stated by taking equation \ref{unitary_state_def} and making it a function thus. We can make this a general case by taking a set $C$ representing a collection
of component failure modes,
We can now state that
\begin{equation} $$ c1 \cap c2 \neq \emptyset | c1 \neq c2 \wedge c1,c2 \in C \wedge C \not\in U $$
\label{`unitarystate'_def}
UnitaryState(F) = \forall f \in F | active(f) \wedge f1 \in F \wedge f1 \neq f \wedge \neg active(f1)
\end{equation}
%Which can be written That is to say that if it is impossible that any pair of failure modes can be active at the same time
the failure mode set is not unitary~state and does not exist in the family of sets $U$
%$$ UnitaryState(FM(K)) $$
% should this be a paragraph in Symptom Abstraction ????
Note where that are more than two failure~modes, by banning pairs from happening at the same time
we have banned larger combinations as well
%$$ c1 \cap c2 \eq \emptyset | c1 \neq c2 \wedge c1,c2 \in C \wedge C \in U $$
%Thus if the failure~modes are pairwaise mutually exclusive they qualify for inclusion into the
%unitary~state set family.

166
introduction/introduction.tex
View File

@ -21,12 +21,21 @@ This changed the target for the study slightly to encompass these domains in a c
I completed an MSc in Software engineering in 2004 at Brighton university while working for I completed an MSc in Software engineering in 2004 at Brighton university while working for
an Engineering firm as a software Engineer. an Engineering firm as a software Engineer.
The firm make industrial burner controllers. The firm make industrial burner controllers.
iIndustrial Burners are potentially very dangerous industrail plant. Industrial Burners are potentially very dangerous industrial plant.
They are subject to stringent safety regulations and any product controlling them They are generally left running unattended for long periods.
must conform to specific `EN' standards. This involved not only writing software and designing hardware in compliance, They are subject to stringent safety regulations and
but also stages of formal certification testing. The certification testing had to be performed by must conform to specific `EN' standards.
`competent body' recognised under European law. A significant part
of this process was `static testing'. This involved looking at the design of the products, One cannot merely comply with the standards.
The product must be `certified' by an independent
and
`competent body' recognised under European law.
The cerification involved stress testing with repeated operation cycles,
within a range of temperatures. Electrical stress testing with high voltage interference, and
power supply voltage surges and dips. Electro static discharge testing, and
EMC (Electro Magnetic Compatibility). A significant part
of this process however, was `static testing'. This involved looking at the design of the products,
from the perspective of components failing, and the effect on safety this would have. from the perspective of components failing, and the effect on safety this would have.
Some of the static testing involved checking that the germane `EN' standards had Some of the static testing involved checking that the germane `EN' standards had
been complied with. Failure Mode Effects Analysis (FMEA) was also applied. This involved been complied with. Failure Mode Effects Analysis (FMEA) was also applied. This involved
@ -36,10 +45,20 @@ answer was required, or a counter proposal to change the design to cope with
the comonent failure eventuality. FMEA was time consuming, and being directed by the comonent failure eventuality. FMEA was time consuming, and being directed by
experts undoubtly ironed out many potential safety faults before the product saw experts undoubtly ironed out many potential safety faults before the product saw
light of day. However it was quickly apparent that only a small proportion light of day. However it was quickly apparent that only a small proportion
of copmponent~failure modes was considered. Also there was no formaliswm. of copmponent~failure modes was considered. Also there was no formalism.
The component~failure~modes investigated were not analysed within The component~failure~modes investigated were not analysed within
any rigourous framework. any rigourous framework.
\subsection{ Blanket Risk Reduction Approach }
The suite of tests applied for a certified product amount to a `blanket' approach.
That is to say that by applying Electrical, repeated operations, and environmental
stress testing it is hoped that the majority of latent faults are discovered.
The FMEA, or static sections, only look at the most obviously safety critical
aspects, and a small minority of the total component base for a product.
Systememic faults, or mistakes will often by-pass this testing.
\subsection{Possibility of applying mathematical techniques to FMEA} \subsection{Possibility of applying mathematical techniques to FMEA}
My MSc project was a diagram editor for Constraint diagrams. My MSc project was a diagram editor for Constraint diagrams.
@ -66,23 +85,25 @@ obviously impractical.
\subsection{General description of a Safety Critical System} \subsection{General description of a Safety Critical System}
A safety critical system is one in which lives may depend upon it or A safety critical system is one in which lives may depend upon it or
it has the potential to become dangerous. it has the potential to become dangerous\cite{sccs}.
(/usr/share/texmf-texlive/tex/latex/amsmath/amstext.sty) %(/usr/share/texmf-texlive/tex/latex/amsmath/amstext.sty)
An industrial burner is typical of plant that is potentially dangerous. An industrial burner is typical of plant that is potentially dangerous.
An incorrect air/fuel mixture can be explosive. An incorrect air/fuel mixture can be explosive.
Medical electronics for automatically dispensing drugs or maintaining Medical electronics for automatically dispensing drugs or maintaining
life support are examples of systems that lives depend upon. life support are examples of systems that lives depend upon.
\subsection{Two approaches : Probablistic, and Compnent fault tolerant} \subsection{Two approaches : Probablistic, and Deterministic}
There are two main philosophies applied to safety critical systems certification. There are two main philosophies applied to safety critical systems certification.
\paragraph{Statistical safety Measures} \paragraph{Probablistic safety Measures}
One is a general number of acceptable failure per hour of operation. One is a general number of acceptable failures per hour\footnote{The common metric is Failure in Time (FIT) values - failures per ${10}^{9}$
hours of operation} of operation or
a given statistical failure on demand.
This is the probablistic approach and is embodied in the european standard This is the probablistic approach and is embodied in the european standard
EN61508 \cite{EN61508}. EN61508 \cite{EN61508}.
\paragraph{Prescriptive safety Measures} \paragraph{Deterministic safety Measures}
The second philosophy, applied to application specific standards, is to investigate The second philosophy, applied to application specific standards, is to investigate
components ior sub-systems in the critical safety path and to look at component failure modes components ior sub-systems in the critical safety path and to look at component failure modes
and ensure that they cannot cause dangerous faults. and ensure that they cannot cause dangerous faults.
@ -114,67 +135,36 @@ reference chapter dealing speciifically with this but given a quick overview.
\subsubsection{Overview of current testing and certification} \subsubsection{Overview of current testing and certification}
ref chapter speciifically on this but give an overview now ref chapter speciifically on this but give an overview now
\section{Background to the Industrial Burner Safety Analysis Problem}
An industrial burner is a good example of a safety critical system.
It has the potential for devistating explosions due to boiler overpressure, or
ignition of an explosive mixture, and, because of the large amounts of fuel used,
is also a fire hazard. Also Industrial boilers are often left running unattended
for long periods of time (typically days).
To add to these problems
Operators are often under pressure to keep them running. An boiler supplying
heat to a large greenhouse complex could ruin crops
should it go off-line. Similarly a production line relying on heat or steam
can be very expensive in production down-time should it fail.
This places extra responsibility on the burner controller.
These are common place and account for a very large proportion of the enery usage
in the world today (find and ref stats)
Industrial burners are common enough to have different specific standards
written for the fuel types they use \ref{EN298} \ref{EN230} \ref{EN12067}.
A modern industrial burner has mechanical, electronic and software A modern industrial burner has mechanical, electronic and software
elements, that are all safety critical. That is to say elements, that are all safety critical. That is to say
unhandled failures could create dangerous faults. unhandled failures could create dangerous faults.
To add to these problems %To add to these problems
Operators are often under pressure to keep them running. An boiler supplying %Operators are often under pressure to keep them running. An boiler supplying
heat to a large greenhouse complex could ruin crops %heat to a large greenhouse complex could ruin crops
should it go off-line. Similarly a production line relying on heat or steam %should it go off-line. Similarly a production line relying on heat or steam
can be very expensive in production down-time should it fail. %can be very expensive in production down-time should it fail.
This places extra responsibility on the burner controller. %This places extra responsibility on the burner controller.
%
%
These are common place and account for a very large proportion of the enery usage
in the world today (find and ref stats)
Industrial burners are common enough to have different specific standards
written for the fuel types they usei \ref{EN298} \ref{EN230} \ref{EN12067}.
A modern industrial burner has mechanical, electronic and software
elements, that are all safety critical. That is to say
unhandled failures could create dangerous faults.
A more detailed description of industrial burner controllers
is dealt with in chapter~\ref{burnercontroller}.
\subsection{Mechanical components}
describe the mechanical parts - gas valves damper s
electronic and software
give a diagram of how it all fits A
together with a
\subsection{electronic Components}
\subsection{Software/Firmware Components}
\subsection{A high level Fault Hierarchy for an Industrial Burner}
This section shows the component level, leading up higher and higher in the abstraction level
to the software levels and finally a top level abstract level. If the system has been
designed correctly no `undetected faults' should be present here.
% This needs to become a chapter
%\subsection{Mechanical components}
%describe the mechanical parts - gas valves damper s
%electronic and software
%give a diagram of how it all fits A
%together with a
%\subsection{electronic Components}
%
%\subsection{Software/Firmware Components}
%
%
%\subsection{A high level Fault Hierarchy for an Industrial Burner}
%
%This section shows the component level, leading up higher and higher in the abstraction level
%to the software levels and finally a top level abstract level. If the system has been
%designed correctly no `undetected faults' should be present here.
%
\section{An Outline of the FMMD Technique} \section{An Outline of the FMMD Technique}
The methodology takes a bottom up approach to The methodology takes a bottom up approach to
@ -182,8 +172,10 @@ the design of an integrated system.
Each component is assigned a well defined set of failure modes. Each component is assigned a well defined set of failure modes.
The components are formed into modules, or functional groups. The components are formed into modules, or functional groups.
These functional groups are analysed with respect to the failure modes of the These functional groups are analysed with respect to the failure modes of the
components. The `functional group' or module will have a set of derived components. The `functional group' or module will, after analysis, have a set of derived
failure modes. The number of derived failure modes will be failure modes. Thus we can now treat our `functional group' as a component in its own right,
with its own set of failure~modes.
The number of derived failure modes will be
less than or equal to the sum of the failure modes of all its components. less than or equal to the sum of the failure modes of all its components.
A `derived' set of failure modes, is at a higher abstraction level. A `derived' set of failure modes, is at a higher abstraction level.
derived modules may now be used as building blocks, to model the system at derived modules may now be used as building blocks, to model the system at
@ -197,6 +189,7 @@ A formal description of this process is dealt with in Chapter \ref{fmmddefinitio
%on simple control systems for maintaining temperature %on simple control systems for maintaining temperature
%and for industrial burners. It is hoped that a general mathematical %and for industrial burners. It is hoped that a general mathematical
%framework is created that can be applied to other fields of safety critical engineering. %framework is created that can be applied to other fields of safety critical engineering.
\subsection{Automated Systems and Safety}
Automated systems, as opposed to manual ones are now the norm Automated systems, as opposed to manual ones are now the norm
in the home and in industry. in the home and in industry.
@ -238,30 +231,6 @@ corrections cannot be enough.
It could also develop an internal fault, and must be able to cope with this. It could also develop an internal fault, and must be able to cope with this.
Systems such as industrial burners have been partially automated for some time.
A mechanical cam arrangement controls the flow of air and fuel for the range of
firing rate (output of the boiler).
These mechanical systems could suffer failures (such as a mechanical linkage beoming
detached) and could then operate in a potentially dangerous state.
More modern burner controllers use a safety critical computer controlling
motors to operate the fuel and air mixture and to control the safety
valves.
In working in the industrial burner industry and submitting product for
North American and European safety approval, it was apparent that
formal techniques could be applied to aspects of the ciruit design.
Some safety critical circuitry would be subjected to thought experiments, where
the actions of one or more components failing would be examined.
As a simple example a milli-volt input could become disconnected.
A milli-volt input is typically amplified so that its range matches that
of the A->D converter that you are reading. were this signal source to become disconnected
the systems would see a floating, amplified signal.
A high impedance safety resistor can be added to the circuit,
to pull the signal high (or out of nornal range) upon disconnection.
The system then knows that a fault has occurred and will not use
that sensor reading (see \ref{fig:millivolt}).
@ -389,6 +358,12 @@ The problem lay in a seal that had an operating temperature range.
On the day of the launch the temperature of this seal was out of range. On the day of the launch the temperature of this seal was out of range.
A bottom up safety approach would have revealed this as a fault. A bottom up safety approach would have revealed this as a fault.
The FTA in use by NASA and the US Nuclear regulatory commisssion
allows for enviromental considerations such as temperature\cite{NASA}\cite{NUK}.
But because of the top down nature of the FTA technique, the safety designer must be aware of
the environemtnal constraints of all component parts in order to use this correctly.
This element of FTA is discussed in \ref{surveysc}
\section{Problems with Natural Language} \section{Problems with Natural Language}
Written natural language desciptions can not only be ambiguous or easy to misinterpret, it Written natural language desciptions can not only be ambiguous or easy to misinterpret, it
@ -427,6 +402,7 @@ temperature being the most typical. Very often what happens to the system outsid
\section{Project Goals} \section{Project Goals}
\begin{itemize} \begin{itemize}
\item To create a Bottom up FMEA technique that is modular and permits a linked hierarchy to be build representing the fault behaviour of a system.
\item To create a user friendly formal common visual notation to represent fault modes \item To create a user friendly formal common visual notation to represent fault modes
in Software, Electronic and Mechanical sub-systems. in Software, Electronic and Mechanical sub-systems.
\item To formally define this visual language. \item To formally define this visual language.

17
standards/Makefile Normal file
View File

@ -0,0 +1,17 @@
#
# Make the propositional logic diagram a paper
#
paper: paper.tex standards_paper.tex
#latex paper.tex
#dvipdf paper pdflatex cannot use eps ffs
pdflatex paper.tex
okular paper.pdf
# Remove the need for referncing graphics in subdirectories
#
standards_paper.tex: standards.tex
cat standards.tex | sed 's/standards\///' > standards_paper.tex

11
standards/paper.aux Normal file
View File

@ -0,0 +1,11 @@
\relax
\bibstyle{plain}
\bibdata{vmgbibliography,mybib}
\@writefile{toc}{\contentsline {section}{\numberline {1}Introduction}{1}}
\@writefile{toc}{\contentsline {section}{\numberline {2}European Safety Standards Legal Framework}{1}}
\@writefile{toc}{\contentsline {section}{\numberline {3}North American Legal Framework}{1}}
\@writefile{toc}{\contentsline {section}{\numberline {4}Cross Referencing}{1}}
\@writefile{toc}{\contentsline {section}{\numberline {5}EN298}{1}}
\@writefile{toc}{\contentsline {section}{\numberline {6}UL1998}{1}}
\@writefile{toc}{\contentsline {section}{\numberline {7}EN230}{1}}
\@writefile{toc}{\contentsline {section}{\numberline {8}EN61508}{1}}

429
standards/paper.log Normal file
View File

@ -0,0 +1,429 @@
This is pdfTeXk, Version 3.141592-1.40.3 (Web2C 7.5.6) (format=pdflatex 2010.2.1) 4 APR 2010 13:40
entering extended mode
%&-line parsing enabled.
**paper.tex
(./paper.tex
LaTeX2e <2005/12/01>
Babel <v3.8h> and hyphenation patterns for english, usenglishmax, dumylang, noh
yphenation, loaded.
(/usr/share/texmf-texlive/tex/latex/base/article.cls
Document Class: article 2005/09/16 v1.4f Standard LaTeX document class
(/usr/share/texmf-texlive/tex/latex/base/size10.clo
File: size10.clo 2005/09/16 v1.4f Standard LaTeX file (size option)
)
\c@part=\count79
\c@section=\count80
\c@subsection=\count81
\c@subsubsection=\count82
\c@paragraph=\count83
\c@subparagraph=\count84
\c@figure=\count85
\c@table=\count86
\abovecaptionskip=\skip41
\belowcaptionskip=\skip42
\bibindent=\dimen102
)
(/usr/share/texmf-texlive/tex/latex/graphics/graphicx.sty
Package: graphicx 1999/02/16 v1.0f Enhanced LaTeX Graphics (DPC,SPQR)
(/usr/share/texmf-texlive/tex/latex/graphics/keyval.sty
Package: keyval 1999/03/16 v1.13 key=value parser (DPC)
\KV@toks@=\toks14
)
(/usr/share/texmf-texlive/tex/latex/graphics/graphics.sty
Package: graphics 2006/02/20 v1.0o Standard LaTeX Graphics (DPC,SPQR)
(/usr/share/texmf-texlive/tex/latex/graphics/trig.sty
Package: trig 1999/03/16 v1.09 sin cos tan (DPC)
)
(/etc/texmf/tex/latex/config/graphics.cfg
File: graphics.cfg 2007/01/18 v1.5 graphics configuration of teTeX/TeXLive
)
Package graphics Info: Driver file: pdftex.def on input line 90.
(/usr/share/texmf-texlive/tex/latex/pdftex-def/pdftex.def
File: pdftex.def 2007/01/08 v0.04d Graphics/color for pdfTeX
\Gread@gobject=\count87
))
\Gin@req@height=\dimen103
\Gin@req@width=\dimen104
)
(/usr/share/texmf-texlive/tex/latex/fancyhdr/fancyhdr.sty
\fancy@headwidth=\skip43
\f@ncyO@elh=\skip44
\f@ncyO@erh=\skip45
\f@ncyO@olh=\skip46
\f@ncyO@orh=\skip47
\f@ncyO@elf=\skip48
\f@ncyO@erf=\skip49
\f@ncyO@olf=\skip50
\f@ncyO@orf=\skip51
)
(/usr/share/texmf/tex/latex/pgf/frontendlayer/tikz.sty
(/usr/share/texmf/tex/latex/pgf/basiclayer/pgf.sty
(/usr/share/texmf/tex/latex/pgf/utilities/pgfrcs.sty
(/usr/share/texmf/tex/generic/pgf/utilities/pgfutil-common.tex
\pgfutil@everybye=\toks15
)
(/usr/share/texmf/tex/generic/pgf/utilities/pgfutil-latex.def)
(/usr/share/texmf/tex/generic/pgf/utilities/pgfrcs.code.tex
Package: pgfrcs 2008/02/20 v2.00 (rcs-revision 1.21)
))
Package: pgf 2008/01/15 v2.00 (rcs-revision 1.12)
(/usr/share/texmf/tex/latex/pgf/basiclayer/pgfcore.sty
(/usr/share/texmf/tex/latex/pgf/systemlayer/pgfsys.sty
(/usr/share/texmf/tex/generic/pgf/systemlayer/pgfsys.code.tex
Package: pgfsys 2008/02/07 v2.00 (rcs-revision 1.31)
(/usr/share/texmf/tex/generic/pgf/utilities/pgfkeys.code.tex
\pgfkeys@pathtoks=\toks16
\pgfkeys@temptoks=\toks17
)
\pgf@x=\dimen105
\pgf@y=\dimen106
\pgf@xa=\dimen107
\pgf@ya=\dimen108
\pgf@xb=\dimen109
\pgf@yb=\dimen110
\pgf@xc=\dimen111
\pgf@yc=\dimen112
\c@pgf@counta=\count88
\c@pgf@countb=\count89
\c@pgf@countc=\count90
\c@pgf@countd=\count91
(/usr/share/texmf/tex/generic/pgf/systemlayer/pgf.cfg
File: pgf.cfg 2008/01/13 (rcs-revision 1.6)
)
Package pgfsys Info: Driver file for pgf: pgfsys-pdftex.def on input line 885.
(/usr/share/texmf/tex/generic/pgf/systemlayer/pgfsys-pdftex.def
File: pgfsys-pdftex.def 2007/12/20 (rcs-revision 1.20)
(/usr/share/texmf/tex/generic/pgf/systemlayer/pgfsys-common-pdf.def
File: pgfsys-common-pdf.def 2007/12/17 (rcs-revision 1.8)
)))
(/usr/share/texmf/tex/generic/pgf/systemlayer/pgfsyssoftpath.code.tex
File: pgfsyssoftpath.code.tex 2008/01/23 (rcs-revision 1.6)
\pgfsyssoftpath@smallbuffer@items=\count92
\pgfsyssoftpath@bigbuffer@items=\count93
)
(/usr/share/texmf/tex/generic/pgf/systemlayer/pgfsysprotocol.code.tex
File: pgfsysprotocol.code.tex 2006/10/16 (rcs-revision 1.4)
))
(/usr/share/texmf/tex/latex/xcolor/xcolor.sty
Package: xcolor 2007/01/21 v2.11 LaTeX color extensions (UK)
(/etc/texmf/tex/latex/config/color.cfg
File: color.cfg 2007/01/18 v1.5 color configuration of teTeX/TeXLive
)
Package xcolor Info: Driver file: pdftex.def on input line 225.
Package xcolor Info: Model `cmy' substituted by `cmy0' on input line 1337.
Package xcolor Info: Model `hsb' substituted by `rgb' on input line 1341.
Package xcolor Info: Model `RGB' extended on input line 1353.
Package xcolor Info: Model `HTML' substituted by `rgb' on input line 1355.
Package xcolor Info: Model `Hsb' substituted by `hsb' on input line 1356.
Package xcolor Info: Model `tHsb' substituted by `hsb' on input line 1357.
Package xcolor Info: Model `HSB' substituted by `hsb' on input line 1358.
Package xcolor Info: Model `Gray' substituted by `gray' on input line 1359.
Package xcolor Info: Model `wave' substituted by `hsb' on input line 1360.
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcore.code.tex
Package: pgfcore 2008/01/15 v2.00 (rcs-revision 1.6)
(/usr/share/texmf/tex/generic/pgf/math/pgfmath.code.tex
(/usr/share/texmf/tex/generic/pgf/math/pgfmathcalc.code.tex
(/usr/share/texmf/tex/generic/pgf/math/pgfmathutil.code.tex
\pgfmath@box=\box26
)
(/usr/share/texmf/tex/generic/pgf/math/pgfmathparser.code.tex
\pgfmath@stack=\toks18
\c@pgfmath@parsecounta=\count94
\c@pgfmath@parsecountb=\count95
\c@pgfmath@parsecountc=\count96
\pgfmath@parsex=\dimen113
)
(/usr/share/texmf/tex/generic/pgf/math/pgfmathoperations.code.tex
(/usr/share/texmf/tex/generic/pgf/math/pgfmathtrig.code.tex)
(/usr/share/texmf/tex/generic/pgf/math/pgfmathrnd.code.tex))
(/usr/share/texmf/tex/generic/pgf/math/pgfmathbase.code.tex)))
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcorepoints.code.tex
File: pgfcorepoints.code.tex 2008/02/03 (rcs-revision 1.13)
\pgf@picminx=\dimen114
\pgf@picmaxx=\dimen115
\pgf@picminy=\dimen116
\pgf@picmaxy=\dimen117
\pgf@pathminx=\dimen118
\pgf@pathmaxx=\dimen119
\pgf@pathminy=\dimen120
\pgf@pathmaxy=\dimen121
\pgf@xx=\dimen122
\pgf@xy=\dimen123
\pgf@yx=\dimen124
\pgf@yy=\dimen125
\pgf@zx=\dimen126
\pgf@zy=\dimen127
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcorepathconstruct.code.tex
File: pgfcorepathconstruct.code.tex 2008/02/13 (rcs-revision 1.14)
\pgf@path@lastx=\dimen128
\pgf@path@lasty=\dimen129
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcorepathusage.code.tex
File: pgfcorepathusage.code.tex 2008/01/23 (rcs-revision 1.11)
\pgf@shorten@end@additional=\dimen130
\pgf@shorten@start@additional=\dimen131
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcorescopes.code.tex
File: pgfcorescopes.code.tex 2008/01/15 (rcs-revision 1.26)
\pgfpic=\box27
\pgf@hbox=\box28
\pgf@layerbox@main=\box29
\pgf@picture@serial@count=\count97
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcoregraphicstate.code.tex
File: pgfcoregraphicstate.code.tex 2007/12/12 (rcs-revision 1.8)
\pgflinewidth=\dimen132
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcoretransformations.code.tex
File: pgfcoretransformations.code.tex 2008/02/04 (rcs-revision 1.10)
\pgf@pt@x=\dimen133
\pgf@pt@y=\dimen134
\pgf@pt@temp=\dimen135
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcorequick.code.tex
File: pgfcorequick.code.tex 2006/10/11 (rcs-revision 1.2)
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcoreobjects.code.tex
File: pgfcoreobjects.code.tex 2006/10/11 (rcs-revision 1.2)
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcorepathprocessing.code.tex
File: pgfcorepathprocessing.code.tex 2008/01/23 (rcs-revision 1.7)
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcorearrows.code.tex
File: pgfcorearrows.code.tex 2007/06/07 (rcs-revision 1.8)
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcoreshade.code.tex
File: pgfcoreshade.code.tex 2007/12/10 (rcs-revision 1.9)
\pgf@max=\dimen136
\pgf@sys@shading@range@num=\count98
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcoreimage.code.tex
File: pgfcoreimage.code.tex 2008/01/15 (rcs-revision 1.1)
\pgfexternal@startupbox=\box30
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcorelayers.code.tex
File: pgfcorelayers.code.tex 2008/01/15 (rcs-revision 1.1)
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcoretransparency.code.tex
File: pgfcoretransparency.code.tex 2008/01/17 (rcs-revision 1.2)
)
(/usr/share/texmf/tex/generic/pgf/basiclayer/pgfcorepatterns.code.tex
File: pgfcorepatterns.code.tex 2008/01/15 (rcs-revision 1.1)
)))
(/usr/share/texmf/tex/generic/pgf/modules/pgfmoduleshapes.code.tex
File: pgfmoduleshapes.code.tex 2008/02/13 (rcs-revision 1.4)
\pgfnodeparttextbox=\box31
\toks@savedmacro=\toks19
)
(/usr/share/texmf/tex/generic/pgf/modules/pgfmoduleplot.code.tex
File: pgfmoduleplot.code.tex 2008/01/15 (rcs-revision 1.1)
\pgf@plotwrite=\write3
)
(/usr/share/texmf/tex/latex/pgf/compatibility/pgfcomp-version-0-65.sty
Package: pgfcomp-version-0-65 2007/07/03 v2.00 (rcs-revision 1.7)
\pgf@nodesepstart=\dimen137
\pgf@nodesepend=\dimen138
)
(/usr/share/texmf/tex/latex/pgf/compatibility/pgfcomp-version-1-18.sty
Package: pgfcomp-version-1-18 2007/07/23 v2.00 (rcs-revision 1.1)
))
(/usr/share/texmf/tex/latex/pgf/utilities/pgffor.sty
(/usr/share/texmf/tex/generic/pgf/utilities/pgffor.code.tex
Package: pgffor 2007/11/07 v2.00 (rcs-revision 1.8)
\pgffor@iter=\dimen139
\pgffor@skip=\dimen140
))
(/usr/share/texmf/tex/generic/pgf/frontendlayer/tikz/tikz.code.tex
Package: tikz 2008/02/13 v2.00 (rcs-revision 1.27)
(/usr/share/texmf/tex/generic/pgf/libraries/pgflibraryplothandlers.code.tex
File: pgflibraryplothandlers.code.tex 2007/03/09 v2.00 (rcs-revision 1.9)
\pgf@plot@mark@count=\count99
\pgfplotmarksize=\dimen141
)
\tikz@lastx=\dimen142
\tikz@lasty=\dimen143
\tikz@lastxsaved=\dimen144
\tikz@lastysaved=\dimen145
\tikzleveldistance=\dimen146
\tikzsiblingdistance=\dimen147
\tikz@figbox=\box32
\tikz@tempbox=\box33
\tikztreelevel=\count100
\tikznumberofchildren=\count101
\tikznumberofcurrentchild=\count102
\tikz@fig@count=\count103
(/usr/share/texmf/tex/generic/pgf/modules/pgfmodulematrix.code.tex
File: pgfmodulematrix.code.tex 2008/01/15 (rcs-revision 1.1)
\pgfmatrixcurrentrow=\count104
\pgfmatrixcurrentcolumn=\count105
\pgf@matrix@numberofcolumns=\count106
)
\tikz@expandcount=\count107
(/usr/share/texmf/tex/generic/pgf/frontendlayer/tikz/libraries/tikzlibrarytopat
hs.code.tex
File: tikzlibrarytopaths.code.tex 2008/01/09 v2.00 (rcs-revision 1.1)
))) (/usr/share/texmf-texlive/tex/latex/amsfonts/amsfonts.sty
Package: amsfonts 2001/10/25 v2.2f
\@emptytoks=\toks20
\symAMSa=\mathgroup4
\symAMSb=\mathgroup5
LaTeX Font Info: Overwriting math alphabet `\mathfrak' in version `bold'
(Font) U/euf/m/n --> U/euf/b/n on input line 132.
)
(/usr/share/texmf-texlive/tex/latex/amsmath/amsmath.sty
Package: amsmath 2000/07/18 v2.13 AMS math features
\@mathmargin=\skip52
For additional information on amsmath, use the `?' option.
(/usr/share/texmf-texlive/tex/latex/amsmath/amstext.sty
Package: amstext 2000/06/29 v2.01
(/usr/share/texmf-texlive/tex/latex/amsmath/amsgen.sty
File: amsgen.sty 1999/11/30 v2.0
\@emptytoks=\toks21
\ex@=\dimen148
))
(/usr/share/texmf-texlive/tex/latex/amsmath/amsbsy.sty
Package: amsbsy 1999/11/29 v1.2d
\pmbraise@=\dimen149
)
(/usr/share/texmf-texlive/tex/latex/amsmath/amsopn.sty
Package: amsopn 1999/12/14 v2.01 operator names
)
\inf@bad=\count108
LaTeX Info: Redefining \frac on input line 211.
\uproot@=\count109
\leftroot@=\count110
LaTeX Info: Redefining \overline on input line 307.
\classnum@=\count111
\DOTSCASE@=\count112
LaTeX Info: Redefining \ldots on input line 379.
LaTeX Info: Redefining \dots on input line 382.
LaTeX Info: Redefining \cdots on input line 467.
\Mathstrutbox@=\box34
\strutbox@=\box35
\big@size=\dimen150
LaTeX Font Info: Redeclaring font encoding OML on input line 567.
LaTeX Font Info: Redeclaring font encoding OMS on input line 568.
\macc@depth=\count113
\c@MaxMatrixCols=\count114
\dotsspace@=\muskip10
\c@parentequation=\count115
\dspbrk@lvl=\count116
\tag@help=\toks22
\row@=\count117
\column@=\count118
\maxfields@=\count119
\andhelp@=\toks23
\eqnshift@=\dimen151
\alignsep@=\dimen152
\tagshift@=\dimen153
\tagwidth@=\dimen154
\totwidth@=\dimen155
\lineht@=\dimen156
\@envbody=\toks24
\multlinegap=\skip53
\multlinetaggap=\skip54
\mathdisplay@stack=\toks25
LaTeX Info: Redefining \[ on input line 2666.
LaTeX Info: Redefining \] on input line 2667.
)
(/usr/share/texmf-texlive/tex/latex/amscls/amsthm.sty
Package: amsthm 2004/08/06 v2.20
\thm@style=\toks26
\thm@bodyfont=\toks27
\thm@headfont=\toks28
\thm@notefont=\toks29
\thm@headpunct=\toks30
\thm@preskip=\skip55
\thm@postskip=\skip56
\thm@headsep=\skip57
\dth@everypar=\toks31
) (../style.tex
LaTeX Font Info: Redeclaring symbol font `AMSb' on input line 34.
LaTeX Font Info: Overwriting symbol font `AMSb' in version `normal'
(Font) U/msb/m/n --> U/msb/m/n on input line 34.
LaTeX Font Info: Overwriting symbol font `AMSb' in version `bold'
(Font) U/msb/m/n --> U/msb/m/n on input line 34.
\c@examplec=\count120
\c@definitionc=\count121
\c@summaryc=\count122
\c@example=\count123
\c@definition=\count124
)
(./paper.aux)
\openout1 = `paper.aux'.
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 11.
LaTeX Font Info: ... okay on input line 11.
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 11.
LaTeX Font Info: ... okay on input line 11.
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 11.
LaTeX Font Info: ... okay on input line 11.
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 11.
LaTeX Font Info: ... okay on input line 11.
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 11.
LaTeX Font Info: ... okay on input line 11.
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 11.
LaTeX Font Info: ... okay on input line 11.
(/usr/share/texmf/tex/context/base/supp-pdf.tex
[Loading MPS to PDF converter (version 2006.09.02).]
\scratchcounter=\count125
\scratchdimen=\dimen157
\scratchbox=\box36
\nofMPsegments=\count126
\nofMParguments=\count127
\everyMPshowfont=\toks32
\MPscratchCnt=\count128
\MPscratchDim=\dimen158
\MPnumerator=\count129
\everyMPtoPDFconversion=\toks33
)
LaTeX Font Info: Try loading font information for U+msa on input line 20.
(/usr/share/texmf-texlive/tex/latex/amsfonts/umsa.fd
File: umsa.fd 2002/01/19 v2.2g AMS font definitions
)
LaTeX Font Info: Try loading font information for U+msb on input line 20.
(/usr/share/texmf-texlive/tex/latex/amsfonts/umsb.fd
File: umsb.fd 2002/01/19 v2.2g AMS font definitions
) (./standards_paper.tex)
No file paper.bbl.
[1
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}] (./paper.aux) )
Here is how much of TeX's memory you used:
8154 strings out of 95086
137506 string characters out of 1183256
183820 words of memory out of 1500000
11159 multiletter control sequences out of 10000+50000
9805 words of font info for 37 fonts, out of 1200000 for 2000
28 hyphenation exceptions out of 8191
47i,6n,49p,350b,196s stack positions out of 5000i,500n,6000p,200000b,5000s
</usr/share
/texmf-texlive/fonts/type1/bluesky/cm/cmbx12.pfb></usr/share/texmf-texlive/font
s/type1/bluesky/cm/cmbx9.pfb></usr/share/texmf-texlive/fonts/type1/bluesky/cm/c
mr10.pfb></usr/share/texmf-texlive/fonts/type1/bluesky/cm/cmr12.pfb></usr/share
/texmf-texlive/fonts/type1/bluesky/cm/cmr17.pfb></usr/share/texmf-texlive/fonts
/type1/bluesky/cm/cmr9.pfb>
Output written on paper.pdf (1 page, 42142 bytes).
PDF statistics:
33 PDF objects out of 1000 (max. 8388607)
0 named destinations out of 1000 (max. 131072)
13 words of extra memory for PDF output out of 10000 (max. 10000000)

BIN
standards/paper.pdf Normal file
View File

Binary file not shown.

27
standards/paper.tex Normal file
View File

@ -0,0 +1,27 @@
\documentclass[a4paper,10pt]{article}
\usepackage{graphicx}
\usepackage{fancyhdr}
\usepackage{tikz}
\usepackage{amsfonts,amsmath,amsthm}
\input{../style}
%\newtheorem{definition}{Definition:}
\begin{document}
\pagestyle{fancy}
\outerhead{{\small\bf Safety Critical Standards Review}}
%\innerfoot{{\small\bf R.P. Clark } }
% numbers at outer edges
\pagenumbering{arabic} % Arabic page numbers hereafter
\author{R.P.Clark}
\title{Safety Critical Standards Review}
\maketitle
\input{standards_paper}
\bibliographystyle{plain}
\bibliography{vmgbibliography,mybib}
\today
\end{document}

434
standards/pt100.tex Normal file
View File

@ -0,0 +1,434 @@
%
% Make the revision and doc number macro's then they are defined in one place
\begin{abstract}
The PT100, or platinum wire \ohms{100} sensor is
a widely used industrial temperature sensor that is
slowly replacing the use of thermocouples in many
industrial applications below 600\oc, due to high accuracy\cite{aoe}.
This chapter looks at the most common configuration, the
four wire circuit, and analyses it from an FMEA perspective twice.
Once considering single faults (cardinality constrained powerset of 1) and then again, considering the
possibility of double faults (cardinality constrained powerset of 2).
The analysis is performed using Propositional Logic
diagrams to assist the reasoning process.
This chapter describes taking
the failure modes of the components, analysing the circuit using FMEA
and producing a failure mode model for the circuit as a whole.
Thus after the analysis the PT100 temperature sensing circuit, may be veiwed
from an FMEA persepective as a component itself, with a set of known failure modes.
\end{abstract}
\begin{figure}[h]
\centering
\includegraphics[width=400pt,bb=0 0 714 180,keepaspectratio=true]{./pt100/pt100.jpg}
% pt100.jpg: 714x180 pixel, 72dpi, 25.19x6.35 cm, bb=0 0 714 180
\caption{PT100 four wire circuit}
\label{fig:pt100}
\end{figure}
\section{Overview of PT100 four wire circuit}
The PT100 four wire circuit uses two wires to supply small electrical current,
and returns two sense volages by the other two.
By measuring volatges
from sections of this circuit forming potential dividers, we can determine the
resistance of the platinum wire sensor. The resistance
of this is directly related to temperature, and may be determined by
look-up tables or a suitable polynomial expression.
\begin{figure}[h]
\centering
\includegraphics[width=150pt,bb=0 0 273 483,keepaspectratio=true]{./pt100/vrange.jpg}
% pt100.jpg: 714x180 pixel, 72dpi, 25.19x6.35 cm, bb=0 0 714 180
\caption{PT100 expected voltage ranges}
\label{fig:pt100vrange}
\end{figure}
The voltage ranges we expect from this three stage potential divider
are shown in figure \ref{fig:pt100vrange}. Note that there is
an expected range for each reading, for a given temperature span.
Note that the low reading goes down as temperature increases, and the higher reading goes up.
For this reason the low reading will be reffered to as {\em sense-}
and the higher as {\em sense+}.
\subsection{Accuracy despite variable \\ resistance in cables}
For electronic and accuracy reasons a four wire circuit is preffered
because of resistance in the cables. Resistance from the supply
causes a slight voltage
drop in the supply to the PT100. As no significant current
is carried by the two `sense' lines the resistance back to the ADC
causes only a negligible voltage drop, and thus the four wire
configuration is more accurate.
\subsection{Calculating Temperature from \\ the sense line voltages}
The current flowing though the
whole circuit can be measured on the PCB by reading a third
sense voltage from one of the load resistors. Knowing the current flowing
through the circuit
and knowing the voltage drop over the PT100, we can calculate its
resistance by ohms law $V=I.R$, $R=\frac{V}{I}$.
Thus a little loss of supply current due to resistance in the cables
does not impinge on accuracy.
The resistance to temperature conversion is achieved
through the published PT100 tables\cite{eurothermtables}.
\section{Safety case for 4 wire circuit}
This sub-section looks at the behaviour of the PT100 four wire circuit
for the effects of component failures.
All components have a set of known `failure modes'.
In other words we know that a given component can fail in several distinct ways.
Studies have been published which list common component types
and their sets of failure modes, often with MTTF statistics \cite{mil1991}.
Thus for each component, an analysis is made for each of it failure modes,
with respect to its effect on the
circuit. Each one of these scenarios is termed a `test case'.
The resultant circuit behaviour for each of these test cases is noted.
The worst case for this type of
analysis would be a fault that we cannot detect.
Where this occurs a circuit re-design is probably the only sensible course of action.
\subsection{Single Fault FMEA Analysis \\ of PT100 Four wire circuit}
\label{fmea}
This circuit simply consists of three resistors.
Resistors according to the DOD Electronic component fault handbook
1991, fail by either going OPEN or SHORT circuit \cite{mil1991}.
%Should wires become disconnected these will have the same effect as
%given resistors going open.
For the purpose of this analyis;
$R_{1}$ is the \ohms{2k2} from 5V to the thermistor,
$R_3$ is the PT100 thermistor and $R_{2}$ connects the thermistor to ground.
We can define the terms `High Fault' and `Low Fault' here, with reference to figure
\ref{fig:pt100vrange}. Should we get a reading outside the safe green zone
in the diagram we can consider this a fault.
Should the reading be above its expected range this is a `High Fault'
and if below a `Low Fault'.
Table \ref{ptfmea} plays through the scenarios of each of the resistors failing
in both SHORT and OPEN failure modes, and hypothesises an error condition in the readings.
The range {0\oc} to {300\oc} will be analysed using potential divider equations to
determine out of range voltage limits in section \ref{ptbounds}.
\begin{table}[ht]
\caption{PT100 FMEA Single Faults} % title of Table
\centering % used for centering table
\begin{tabular}{||l|c|c|l|l||}
\hline \hline
\textbf{Test} & \textbf{Result} & \textbf{Result } & \textbf{General} \\
\textbf{Case} & \textbf{sense +} & \textbf{sense -} & \textbf{Symtom Description} \\
% R & wire & res + & res - & description
\hline
\hline
$R_1$ SHORT & High Fault & - & Value Out of Range Value \\ \hline
$R_1$ OPEN & Low Fault & Low Fault & Both values out of range \\ \hline
\hline
$R_3$ SHORT & Low Fault & High Fault & Both values out of range \\ \hline
$R_3$ OPEN & High Fault & Low Fault & Both values out of range \\ \hline
\hline
$R_2$ SHORT & - & Low Fault & Value Out of Range Value \\
$R_2$ OPEN & High Fault & High Fault & Both values out of range \\ \hline
\hline
\end{tabular}
\label{ptfmea}
\end{table}
From table \ref{ptfmea} it can be seen that any component failure in the circuit
should cause a common symptom, that of one or more of the values being `out of range'.
Temperature range calculations and detailed calculations
on the effects of each test case are found in section \ref{pt100range}
and \ref{pt100temp}.
\subsection{Range and PT100 Calculations}
\label{pt100temp}
PT100 resistors are designed to
have a resistance of \ohms{100} at {0\oc} \cite{aoe},\cite{eurothermtables}.
A suitable `wider than to be expected range' was considered to be {0\oc} to {300\oc}
for a given application.
According to the Eurotherm PT100
tables \cite{eurothermtables}, this corresponded to the resistances \ohms{100}
and \ohms{212.02} respectively. From this the potential divider circuit can be
analysed and the maximum and minimum acceptable voltages determined.
These can be used as bounds results to apply the findings from the
PT100 FMEA analysis in section \ref{fmea}.
As the PT100 forms a potential divider with the \ohms{2k2} load resistors,
the upper and lower readings can be calculated thus:
$$ highreading = 5V.\frac{2k2+pt100}{2k2+2k2+pt100} $$
$$ lowreading = 5V.\frac{2k2}{2k2+2k2+pt100} $$
So by defining an acceptable measurement/temperature range,
and ensuring the
values are always within these bounds we can be confident that none of the
resistors in this circuit has failed.
To convert these to twelve bit ADC (\adctw) counts:
$$ highreading = 2^{12}.\frac{2k2+pt100}{2k2+2k2+pt100} $$
$$ lowreading = 2^{12}.\frac{2k2}{2k2+2k2+pt100} $$
\begin{table}[ht]
\caption{PT100 Maximum and Minimum Values} % title of Table
\centering % used for centering table
\begin{tabular}{||c|c|c|l|l||}
\hline \hline
\textbf{Temperature} & \textbf{PT100 resistance} &
\textbf{Lower} & \textbf{Higher} & \textbf{Description} \\
\hline
% {-100 \oc} & {\ohms{68.28}} & 2.46V & 2.53V & Boundary of \\
% & & 2017\adctw & 2079\adctw & out of range LOW \\ \hline
{0 \oc} & {\ohms{100}} & 2.44V & 2.56V & Boundary of \\
& & 2002\adctw & 2094\adctw & out of range LOW \\ \hline
{+300 \oc} & {\ohms{212.02}} & 2.38V & 2.62V & Boundary of \\
& & 1954\adctw & 2142\adctw & out of range HIGH \\ \hline
\hline
\end{tabular}
\label{ptbounds}
\end{table}
Table \ref{ptbounds} gives ranges that determine correct operation. In fact it can be shown that
for any single error (short or opening of any resistor) this bounds check
will detect it.
\section{Single Fault FMEA Analysis \\ of PT100 Four wire circuit}
\subsection{Single Fault Modes as PLD}
The component~failure~modes in table \ref{ptfmea} can be represented as contours
on a PLD diagram.
Each test case, is defined by the contours that enclose
it. The test cases here deal with single faults only
and are thus enclosed by one contour each.
\begin{figure}[h]
\centering
\includegraphics[width=400pt,bb=0 0 518 365,keepaspectratio=true]{./pt100/pt100_tc.jpg}
% pt100_tc.jpg: 518x365 pixel, 72dpi, 18.27x12.88 cm, bb=0 0 518 365
\caption{PT100 Component Failure Modes}
\label{fig:pt100_tc}
\end{figure}
This circuit supplies two results, sense+ and sense- voltage readings.
To establish the valid voltage ranges for these, and knowing our
valid temperature range for this example ({0\oc} .. {300\oc}) we can calculate
valid voltage reading ranges by using the standard voltage divider equation \ref{eqn:vd}
for the circuit shown in figure \ref{fig:vd}.
\begin{figure}[h]
\centering
\includegraphics[width=100pt,bb=0 0 183 170,keepaspectratio=true]{./pt100/voltage_divider.png}
% voltage_divider.png: 183x170 pixel, 72dpi, 6.46x6.00 cm, bb=0 0 183 170
\caption{Voltage Divider}
\label{fig:vd}
\end{figure}
%The looking at figure \ref{fig:vd} the standard voltage divider formula (equation \ref{eqn:vd}) is used.
\begin{equation}
\label{eqn:vd}
V_{out} = V_{in}.\frac{Z2}{Z2+Z1}
\end{equation}
\subsection{Proof of Out of Range \\ Values for Failures}
\label{pt110range}
Using the temperature ranges defined above we can compare the voltages
we would get from the resistor failures to prove that they are
`out of range'. There are six test cases and each will be examined in turn.
\subsubsection{ TC1 : Voltages $R_1$ SHORT }
With pt100 at 0\oc
$$ highreading = 5V $$
Since the highreading or sense+ is directly connected to the 5V rail,
both temperature readings will be 5V..
$$ lowreading = 5V.\frac{2k2}{2k2+100\Omega} = 4.78V$$
With pt100 at the high end of the temperature range 300\oc.
$$ highreading = 5V $$
$$ lowreading = 5V.\frac{2k2}{2k2+212.02\Omega} = 4.56V$$
Thus with $R_1$ shorted both readingare outside the
proscribed range in table \ref{ptbounds}.
\subsubsection{ TC2 : Voltages $R_1$ OPEN }
In this case the 5V rail is disconnected. All voltages read are 0V, and
therefore both readings are outside the
proscribed range in table \ref{ptbounds}.
\subsubsection{ TC 3 : Voltages $R_2$ SHORT }
With pt100 at 0\oc
$$ lowreading = 0V $$
Since the lowreading or sense- is directly connected to the 0V rail,
both temperature readings will be 0V.
$$ lowreading = 5V.\frac{100\Omega}{2k2+100\Omega} = 0.218V$$
With pt100 at the high end of the temperature range 300\oc.
$$ highreading = 5V $$
$$ lowreading = 5V.\frac{212.02\Omega}{2k2+212.02\Omega} = 0.44V$$
Thus with $R_2$ shorted both readings are outside the
proscribed range in table \ref{ptbounds}.
\subsubsection{ TC : 4 Voltages $R_2$ OPEN }
Here there is no potential divider operating and both sense lines
will read 5V, outside of the proscribed range.
\subsubsection{ TC 5 : Voltages $R_3$ SHORT }
Here the potential divider is simply between
the two 2k2 load resistors. Thus it will read a nominal;
2.5V.
Assuming the load resistors are
precision components, and then taking an absolute worst case of 1\% either way.
$$ 5V.\frac{2k2*0.99}{2k2*1.01+2k2*0.99} = 2.475V $$
$$ 5V.\frac{2k2*1.01}{2k2*1.01+2k2*0.99} = 2.525V $$
These readings both lie outside the proscribed range.
Also the sense+ and sense- readings would have the same value.
\subsubsection{ TC 6 : Voltages $R_3$ OPEN }
Here the potential divider is broken. The sense- will read 0V and the sense+ will
read 5V. Both readings are outside the proscribed range.
\subsection{Summary of Analysis}
All six test cases have been analysed and the results agree with the hypothesis
put in Table \ref{ptfmea}. The PLD diagram, can now be used to collect the
symptoms. In this case there is a common and easily detected symptom for all these single
resistor faults : Voltage out of range.
A spider can be drawn on the PLD diagram to this effect.
In practical use, by defining an acceptable measurement/temperature range,
and ensuring the
values are always within these bounds we can be confident that none of the
resistors in this circuit has failed.
\begin{figure}[h]
\centering
\includegraphics[width=400pt,bb=0 0 518 365,keepaspectratio=true]{./pt100/pt100_tc_sp.jpg}
% pt100_tc.jpg: 518x365 pixel, 72dpi, 18.27x12.88 cm, bb=0 0 518 365
\caption{PT100 Component Failure Modes}
\label{fig:pt100_tc_sp}
\end{figure}
The PT100 circuit can now be treated as a component in its own right, and has one failure mode,
{\textbf OUT\_OF\_RANGE}. It can now be represnted as a PLD see figure \ref{fig:pt100_singlef}.
\begin{figure}[h]
\centering
\includegraphics[width=100pt,bb=0 0 167 194,keepaspectratio=true]{./pt100/pt100_singlef.jpg}
% pt100_singlef.jpg: 167x194 pixel, 72dpi, 5.89x6.84 cm, bb=0 0 167 194
\caption{PT100 Circuit Failure Modes : From Single Faults Analysis}
\label{fig:pt100_singlef}
\end{figure}
%Interestingly we can calculate the failure statistics for this circuit now.
%Mill 1991 gives resistor stats of ${10}^{11}$ times 6 (can we get special stats for pt100) ???
\clearpage
\subsection{Mean Time to Failure}
Using the MIL1991\cite{mil1991} specifications for resistor and thermistor
failure statistics we calculate the reliability of this circuit.
MIL1991 gives MTTF for a wide range of common components.
It does not specify how the components will fail (in this case OPEN or SHORT). {Some standards, notably EN298 only consider resistors failing in OPEN mode}.
FMD-97 Gives 27\% OPEN and 3\% SHORTED, for resistors under certain electrical and environmental stresses. This example
compromises and uses a 90:10 ratio, for resistor failure.
Thus for this example resistors are expevcted to fail OPEN in 90\% of cases and SHORTED
in the other 10\%.
A standard fixed film resistor, for use in a benign environment, non military spec at
temperatures up to 60\oc is given a probability of 13.8 failures per billion ($10^9$)
hours of operation. This figure is referred to as a FIT\footnote{FIT values are measured as the number of failures per billion hours of operation, (roughly 1.1 Million years). The smaller the FIT number the more reliable the fault~mode}, Failure in time.
A thermistor, bead type, non military spec is given a FIT of 3150.
Using the RIAC finding we can draw up the following table (table \ref{tab:stat_single}),
showing the FIT values for all faults considered.
\begin{table}[h+]
\caption{PT100 FMEA Single // Fault Statistics} % title of Table
\centering % used for centering table
\begin{tabular}{||l|c|c|l|l||}
\hline \hline
\textbf{Test} & \textbf{Result} & \textbf{Result } & \textbf{MTTF} \\
\textbf{Case} & \textbf{sense +} & \textbf{sense -} & \textbf{per $10^9$ hours of operation} \\
% R & wire & res + & res - & description
\hline
\hline
TC:1 $R_1$ SHORT & High Fault & - & 12.42 \\ \hline
TC:2 $R_1$ OPEN & Low Fault & Low Fault & 1.38 \\ \hline
\hline
TC:3 $R_3$ SHORT & Low Fault & High Fault & 2835 \\ \hline
TC:4 $R_3$ OPEN & High Fault & Low Fault & 315 \\ \hline
\hline
TC:5 $R_2$ SHORT & - & Low Fault & 12.42 \\
TC:6 $R_2$ OPEN & High Fault & High Fault & 1.38 \\ \hline
\hline
\end{tabular}
\label{tab:stat_single}
\end{table}
The FIT for the circuit as a whole is the sum of MTTF values for all the
test cases. The PT100 circuit here has a FIT of 3177.6. This is a MTTF of
about 360 years per circuit.
A Probablistic tree can now be drawn, with a FIT value for the PT100
circuit and FIT values for all the component fault modes that it was calculated from.
We can see from this that that the most likely fault is the thermistor going OPEN.
This circuit is 8 times more likely to fail in this way than in any other.
Were we to need a more reliable temperature sensor this would probably
be the fault~mode we would scrutinise first.
\begin{figure}[h+]
\centering
\includegraphics[width=400pt,bb=0 0 856 327,keepaspectratio=true]{./pt100/stat_single.jpg}
% stat_single.jpg: 856x327 pixel, 72dpi, 30.20x11.54 cm, bb=0 0 856 327
\caption{Probablistic Fault Tree : PT100 Single Faults}
\label{fig:stat_single}
\end{figure}
The PT100 analysis presents a simple result for single faults.
The next analysis phase looks at how the circuit will behave under double simultaneous failure
conditions.
\clearpage
\section{ PT100 Double Simultaneous \\ Fault Analysis}
% typeset in {\Huge \LaTeX} \today

30
standards/standards.tex Normal file
View File

@ -0,0 +1,30 @@
%
% Make the revision and doc number macro's then they are defined in one place
\begin{abstract}
This chapter describes the legal frameworks and standards organisations
that exist in Europe and North America.
Some specific standards (that the author has experience with directly)
are reviewed.
\end{abstract}
\section{Introduction}
\section{European Safety Standards Legal Framework}
\section{North American Legal Framework}
Protection against being sued mainly ! UL - underwriters laboratories.... etc
\section{Cross Referencing}
Stabndards of ten reference other - i.e. EMC testing in EN298 refers toEN blah blah to level blah blah
\section{EN298}
\section{UL1998}
\section{EN230}
\section{EN61508}

30
standards/standards_paper.tex Normal file
View File

@ -0,0 +1,30 @@
%
% Make the revision and doc number macro's then they are defined in one place
\begin{abstract}
This chapter describes the legal frameworks and standards organisations
that exist in Europe and North America.
Some specific standards (that the author has experience with directly)
are reviewed.
\end{abstract}
\section{Introduction}
\section{European Safety Standards Legal Framework}
\section{North American Legal Framework}
Protection against being sued mainly ! UL - underwriters laboratories.... etc
\section{Cross Referencing}
Stabndards of ten reference other - i.e. EMC testing in EN298 refers toEN blah blah to level blah blah
\section{EN298}
\section{UL1998}
\section{EN230}
\section{EN61508}

2
thesis.tex
View File

@ -128,7 +128,7 @@ Software documentation for fmmd tool.
\input{fzd/fzd} \input{fzd/fzd}
\chapter{A detailed look at the safety systems required by industrial burner controller} \chapter{A detailed look at the safety systems required by industrial burner controller}
%\input{indburner/indburner} \input{burner/burner}
%\chapter{FMMD tool : Algorithms and Euler Diagram Parsing} %\chapter{FMMD tool : Algorithms and Euler Diagram Parsing}