morning edit, not breakfast!
This commit is contained in:
parent
4266232aa3
commit
2b5a98ea35
28
mybib.bib
28
mybib.bib
@ -910,7 +910,7 @@ strength of materials, the causes of boiler explosions",
|
||||
@BOOK{faa,
|
||||
AUTHOR = "Federal~Aviation~Administration FAA",
|
||||
TITLE = "System Safety Handbook",
|
||||
PUBLISHER = "http://www.faa.gov/library/manuals/aviation/risk\_management/ss\_handbook/",
|
||||
PUBLISHER = "http://www.faa.gov/ library/manuals/aviation/risk\_management/ss\_handbook/",
|
||||
YEAR = "2008"
|
||||
}
|
||||
|
||||
@ -973,6 +973,13 @@ doi={10.1109/HASE.2011.10},
|
||||
ISSN={1530-2059},}
|
||||
|
||||
|
||||
@PHDTHESIS{clark,
|
||||
AUTHOR = "Robin Clark",
|
||||
TITLE = "Failure mode modular de-composition",
|
||||
SCHOOL = "Brighton University, School of Computing, Engineering and Mathematics http://eprints.brighton.ac.uk/12183/",
|
||||
URL = "http://eprints.brighton.ac.uk/12183/",
|
||||
YEAR = "2013"
|
||||
}
|
||||
|
||||
@PHDTHESIS{garrett,
|
||||
AUTHOR = "Chris Garrett",
|
||||
@ -1291,6 +1298,25 @@ OPTissn = {},
|
||||
|
||||
|
||||
|
||||
@Manual{mcp2515,
|
||||
title = {MCP2515 Can Protocol IC Datasheet},
|
||||
OPTkey = {},
|
||||
author = {Microchip},
|
||||
OPTorganization = {},
|
||||
address = {http://www.microchip.com/ wwwproducts/Devices.aspx?product=MCP2515},
|
||||
OPTedition = {},
|
||||
OPTmonth = {},
|
||||
year = {2012},
|
||||
OPTnote = {},
|
||||
OPTannote = {},
|
||||
OPTurl = {},
|
||||
OPTdoi = {},
|
||||
OPTissn = {},
|
||||
OPTlocalfile = {},
|
||||
OPTabstract = {},
|
||||
}
|
||||
|
||||
|
||||
@Manual{pic18f2523,
|
||||
title = {PIC18F2523 Datasheet},
|
||||
OPTkey = {},
|
||||
|
||||
@ -198,7 +198,7 @@ the known failure mode behaviour.
|
||||
%
|
||||
%Presently FMEA, stops at the glass ceiling of the computer program: FMMD seeks to address
|
||||
%this, and offers additional test efficiency benefits.
|
||||
}
|
||||
This paper is a condensed version of the PhD thesis entitled `failure Mode Modular De-compositon'~\cite{clark}.
|
||||
%\today
|
||||
\nocite{en298}
|
||||
\nocite{en61508}
|
||||
@ -424,7 +424,7 @@ on anything but a small hypothetical system.
|
||||
%\item \textbf{PFMEA - Production} Emphasis on cost reduction and product improvement;
|
||||
\item \textbf{FMECA - Criticality} Emphasis on minimising the effect of critical systems failing~\cite{fmeca}; % Military/Space
|
||||
\item \textbf{FMEDA - Statistical Safety} Statistical analysis giving Safety Integrity Levels~\cite{en61508};
|
||||
\item \textbf{DFMEA - Design or Static/Theoretical} Approval of safety critical systems using FMEA and single or double failure prevention~\cite{fmea};% EN298/EN230/UL1998
|
||||
\item \textbf{DFMEA - Design or Static/Theoretical} Approval of safety critical systems using FMEA and single or double failure prevention~\cite{en298};% EN298/EN230/UL1998
|
||||
\item \textbf{SFMEA - Software FMEA} --- Usage not enforced by most current standards~\cite{en298,en230,en61508}. %only used in highly critical systems at present.
|
||||
\end{itemize}
|
||||
|
||||
@ -435,10 +435,10 @@ on anything but a small hypothetical system.
|
||||
Because modern electronics has become more complex the number
|
||||
of basic components has risen dramatically.
|
||||
To add to this components used to fulfil common functions are often Integrated Circuits (ICs)..
|
||||
Typical examples include voltage regulators, op-amps, micro-controller~\cite{pic18f25k80}, memory modules and
|
||||
Typical examples include voltage regulators, op-amps, micro-controller~\cite{pic18f2523}, memory modules and
|
||||
protocol handlers~\cite{mcp2515}. To build any of these component from scratch would be very expensive and time consuming,
|
||||
but these IC `components' have very high internal transistor counts, and each have their own
|
||||
failure mode behaviours.
|
||||
but these IC `components' have very high internal transistor counts, and each have their own unique
|
||||
failure mode behaviour.
|
||||
Modern electronics has already jumped the gun of the basic component failure mode mapped to
|
||||
a system failure paradigm.
|
||||
|
||||
@ -609,7 +609,7 @@ in an improved FMEA methodology,
|
||||
\item avoid state explosion (i.e. XFMEA is impractical by hand~\cite{cbds}),
|
||||
\item encourage exhaustive checking within each modular, %(total failure coverage within {\fgs} all interacting component and failure modes checked),
|
||||
\item traceable reasoning inherent in system failure models,% to aid repeatability and checking,
|
||||
\item re-usable i.e. it should be possible to re-use analysis,
|
||||
\item re-usable i.e. it should be possible to re-use analysis~\cite{rudov2009language},
|
||||
\item possibility to analyse simultaneous/multiple failures,
|
||||
\item one to one mapping from {\bc} {\fms} to system level failures (see section~\ref{sec:onetoone}),
|
||||
\item modular --- i.e. usable in a distributed system.
|
||||
@ -631,24 +631,16 @@ in an improved FMEA methodology,
|
||||
|
||||
|
||||
\paragraph{A more-complete Failure Mode Model}
|
||||
|
||||
% HFMEA
|
||||
% SFMEA
|
||||
% VARIABLE CURRUPTION
|
||||
% MICRO PROCESSOR FAULTS
|
||||
% INTERFACE ANALYSIS
|
||||
%
|
||||
% add them all together --- a load of bollocks, lots of impressive inches of reports that no one will be bothered to read....
|
||||
%
|
||||
In order to obtain a more complete failure mode model of
|
||||
a hybrid electronic/software system we need to analyse
|
||||
the hardware, the software, the hardware the software runs on (i.e. the software's medium),
|
||||
and the software/hardware interface.
|
||||
%
|
||||
HFMEA is a well established technique and needs no further description in this paper.
|
||||
|
||||
%
|
||||
\section{Example for analysis} % : How can we apply FMEA}
|
||||
|
||||
%
|
||||
For the purpose of example, we chose a simple common safety critical industrial circuit
|
||||
that is nearly always used in conjunction with a programmatic element.
|
||||
A common method for delivering a quantitative value in analogue electronics is
|
||||
@ -676,7 +668,7 @@ current signal into a voltage that we can read with an ADC.%
|
||||
|
||||
\begin{figure}[h]
|
||||
\centering
|
||||
\includegraphics[width=250pt]{./ftcontext.png}
|
||||
\includegraphics[width=230pt]{./ftcontext.png}
|
||||
% ftcontext.png: 767x385 pixel, 72dpi, 27.06x13.58 cm, bb=0 0 767 385
|
||||
\caption{Context Diagram for {\ft} loop}
|
||||
\label{fig:ftcontext}
|
||||
@ -697,6 +689,12 @@ Consider a software function that reads a {\ft} input, and returns a value betwe
|
||||
representing the value intended by the current detected, with an additional error indication flag to indicate the validity
|
||||
of the value returned.
|
||||
%
|
||||
This example straddles the hardware software interface, but is not overly complex, which allows
|
||||
the FMEA seamless failure modelling of FMMD to be demonstrated.
|
||||
%
|
||||
A complete
|
||||
PID based temperature controller is modelled in~\cite{clark}[6.3].
|
||||
%
|
||||
Let us assume the {\ft} detection is via a \ohms{220} resistor, and that we read a voltage
|
||||
from an ADC into the software.
|
||||
Let us define any value outside the 4mA to 20mA range as an error condition.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user