Finished implementing Andrews comments.
This commit is contained in:
parent
14a3dc4c34
commit
2dba32c6df
@ -480,12 +480,12 @@ $\Sigma\lambda_D$ the total number of dangerous base component failure modes.
|
|||||||
|
|
||||||
$$ DiagnosticCoverage = \Sigma\lambda_{DD} / \Sigma\lambda_D $$
|
$$ DiagnosticCoverage = \Sigma\lambda_{DD} / \Sigma\lambda_D $$
|
||||||
|
|
||||||
The diagnostic coverage for safe failures, where $\Sigma\lambda_SD$ represents the percentage of
|
The diagnostic coverage for safe failures, where $\Sigma\lambda_{SD}$ represents the percentage of
|
||||||
safe detected base component failure modes,
|
safe detected base component failure modes,
|
||||||
and $\Sigma\lambda_S$ the total number of safe base component failure modes,
|
and $\Sigma\lambda_S$ the total number of safe base component failure modes,
|
||||||
is given as
|
is given as
|
||||||
|
|
||||||
$$ SF = \frac{\Sigma\lambda_SD}{\Sigma\lambda_S} $$
|
$$ SF = \frac{\Sigma\lambda_{SD}}{\Sigma\lambda_S} $$
|
||||||
|
|
||||||
|
|
||||||
\paragraph{Safe Failure Fraction.}
|
\paragraph{Safe Failure Fraction.}
|
||||||
@ -700,11 +700,15 @@ at the much higher SYSTEM level' criticism of the FTA, FMEDA and FMECA methodolo
|
|||||||
%%%
|
%%%
|
||||||
%%% OK Got up to here Lunchtime edit 06DEC2010.............
|
%%% OK Got up to here Lunchtime edit 06DEC2010.............
|
||||||
|
|
||||||
\paragraph{Design Decision: Methodology must reduce and collate errors at each functional group stage.}
|
\paragraph{Design Decision: Methodology must collate errors at each functional group stage.}
|
||||||
SYSTEMS typically have far fewer failure modes than the sum of their component failure modes.
|
SYSTEMS typically have far fewer failure modes than the sum of their base component failure modes.
|
||||||
SYSTEM level failures may be caused by a variety of component failure modes.
|
SYSTEM level failures may be caused by a variety of component failure modes.
|
||||||
A SYSTEM level failure mode is an abstracted failure mode, in that
|
A SYSTEM level failure mode is an abstracted failure mode, in that
|
||||||
it is a symptom of some lower level failure or failures.
|
it is a symptom of some lower level failure or failures.
|
||||||
|
Tracing the SYSTEM level failure or symptom, down through
|
||||||
|
a decomposed system, will give a fault tree. This will typically
|
||||||
|
trace the SYSTEM level failure mode to some individual base compoenent failures
|
||||||
|
or combinations thereof.
|
||||||
% ABSTRACTION
|
% ABSTRACTION
|
||||||
For instance a failed resistor in a sensor at a base component level is a specific
|
For instance a failed resistor in a sensor at a base component level is a specific
|
||||||
failure mode.
|
failure mode.
|
||||||
@ -712,12 +716,12 @@ failure mode.
|
|||||||
For example it could be called `RESISTOR 1 OPEN'.
|
For example it could be called `RESISTOR 1 OPEN'.
|
||||||
%
|
%
|
||||||
Now consider the symptom in a functional group comprising the sensor channel that
|
Now consider the symptom in a functional group comprising the sensor channel that
|
||||||
RESISTOR 1 is part of of `RESISTOR 1 OPEN'.
|
RESISTOR 1 is part of `RESISTOR 1 OPEN'.
|
||||||
%
|
%
|
||||||
We might call it `READING~HIGH' failure perhaps.
|
We might call it `READING~HIGH' failure perhaps.
|
||||||
The Fault has become less detailed and more general. There may be other
|
The Fault has become less detailed and more general. There may be other
|
||||||
causes for a `READING~HIGH'. We can say that the failure
|
causes for a `READING~HIGH'. We can say that the failure
|
||||||
mode `READING~HIGH' is more abstract in terms of the STSEM, than `RESISTOR 1 OPEN'.
|
mode `READING~HIGH' is more abstract in terms of the SYSTEM, than `RESISTOR 1 OPEN'.
|
||||||
%
|
%
|
||||||
At a higher level still
|
At a higher level still
|
||||||
this may be called `SENSOR CHANNEL 1' fault.
|
this may be called `SENSOR CHANNEL 1' fault.
|
||||||
@ -731,8 +735,9 @@ This must be a process that incrementally reduces the number
|
|||||||
of failure modes as the abstraction level reaches the SYSTEM level.
|
of failure modes as the abstraction level reaches the SYSTEM level.
|
||||||
|
|
||||||
\paragraph{How to build a meaningful SYSTEM failure behaviour model.}
|
\paragraph{How to build a meaningful SYSTEM failure behaviour model.}
|
||||||
The next problem is how to we build a failure mode model
|
The next problem is how we build a failure mode model
|
||||||
that converges to a finite set of SYSTEM level failure modes.
|
that converges from a multitude of base
|
||||||
|
component failures to a finite set of SYSTEM level failure modes.
|
||||||
%
|
%
|
||||||
It would be better to analyse the failure mode behaviour of each
|
It would be better to analyse the failure mode behaviour of each
|
||||||
functional group, and determine the ways in which it, rather than its
|
functional group, and determine the ways in which it, rather than its
|
||||||
@ -745,7 +750,7 @@ are extracted.
|
|||||||
The number of symptoms will be less than or equal to the number
|
The number of symptoms will be less than or equal to the number
|
||||||
component failure modes, and in practise will be much less.
|
component failure modes, and in practise will be much less.
|
||||||
%
|
%
|
||||||
The symptoms thus become the objects used to reduce the number
|
Thus stage by stage symptom collection becomes the key to reducing the number
|
||||||
of failure modes to handle as we traverse up the hierarchy.
|
of failure modes to handle as we traverse up the hierarchy.
|
||||||
|
|
||||||
|
|
||||||
@ -777,7 +782,15 @@ We can take small {\fg}s of components, where the {\fg}
|
|||||||
is a small set of components that perform a simple
|
is a small set of components that perform a simple
|
||||||
task.
|
task.
|
||||||
%
|
%
|
||||||
This should be small enough to be able to consider all the failure
|
%The functional group should perform a clearly defined task.
|
||||||
|
The design engineer must chose the components that for a {\fg}.
|
||||||
|
It should be possible to consider the {\fg} as a a component or
|
||||||
|
black box, performing a given function.
|
||||||
|
The {\fg} should be chosen as to be as small
|
||||||
|
(in terms of the number of components) as possible.
|
||||||
|
%
|
||||||
|
This should be small enough to be able %Another advantage of the functional group being small
|
||||||
|
to comfortably analyse all the failure
|
||||||
modes of its components.
|
modes of its components.
|
||||||
%
|
%
|
||||||
We can consider these failure modes from the perspective
|
We can consider these failure modes from the perspective
|
||||||
@ -799,46 +812,70 @@ as its failure modes.
|
|||||||
This {\dc} can be used to build higher level
|
This {\dc} can be used to build higher level
|
||||||
{\fg}s, and this will naturally form a hierarchy.
|
{\fg}s, and this will naturally form a hierarchy.
|
||||||
This hierarchy can be extended until it encompasses
|
This hierarchy can be extended until it encompasses
|
||||||
an entire system. It can be considered complete when
|
an entire system.
|
||||||
all failure modes from all components are handled
|
%
|
||||||
and connectable to a SYSTEM level failure mode.
|
It can be considered complete when
|
||||||
|
all failure modes from all components are included in the model
|
||||||
|
and all base component failure modes can be traced
|
||||||
|
through the fault tree to SYSTEM level failure modes.
|
||||||
|
|
||||||
\paragraph{Directed Acyclic Graph (DAG).}
|
\paragraph{Directed Acyclic Graph (DAG).}
|
||||||
The data structure produced from collecting functional groups
|
If we ensure that
|
||||||
and deriving components will naturally form a DAG.
|
|
||||||
To ensure this we will have to ensure that
|
|
||||||
derived components cannot be included in {\fg}s
|
derived components cannot be included in {\fg}s
|
||||||
of a lower abstraction level.
|
of a lower abstraction level
|
||||||
|
the data structure produced from collecting functional groups
|
||||||
|
and deriving components will naturally form a DAG.
|
||||||
|
In other words we can say that we cannot allow a {\fg}
|
||||||
|
to include any component created from it.
|
||||||
|
|
||||||
%
|
%
|
||||||
%
|
%
|
||||||
By representing the failure mode model as a DAG, we
|
By representing the failure mode model as a DAG, we
|
||||||
now have the capability to take SYSTEM level failure modes
|
now have the capability to take SYSTEM level failure modes
|
||||||
and determine the possible combinations of component failure modes that
|
and determine the possible combinations of component failure modes that
|
||||||
could have caused it.
|
could have caused it.
|
||||||
In FTA terminology, a list of possible
|
This will allow us to define fault trees for each SYSTEM level failure.
|
||||||
causes for a SYSTEM level failure is known as a minimal cut set \cite{nasafta}.
|
This will mean that we be able to determine which
|
||||||
%
|
combinations of base component failures could cause the SYSTEM
|
||||||
%
|
failure.
|
||||||
|
%In FTA terminology, a list of possible
|
||||||
|
%causes for a SYSTEM level failure is known as a `cut set' \cite{nasafta}\cite{nucfta}.
|
||||||
If statistical models exist for the component failure modes
|
If statistical models exist for the component failure modes
|
||||||
these failure causation trees (or minimal cut sets \cite{nucfta})
|
these failure causation trees (or minimal cut sets
|
||||||
can be used to calculate Mean Time to Failure (MTTF) or Probability of Failure on demand (PFD) figures.
|
\footnote{In FTA terminology a minimal cut set is the branch of a
|
||||||
|
fault tree, from the top SYSTEM level to the bottom, with the least number
|
||||||
|
of base component failure modes. If a single base component failure mode can cause
|
||||||
|
a SYSTEM level error this is usually considered a liability.})
|
||||||
|
can be used to calculate Mean Time to Failure (MTTF) or
|
||||||
|
Probability of Failure on demand (PFD) figures.
|
||||||
Contrast the analytical capability of FMMD with the
|
Contrast the analytical capability of FMMD with the
|
||||||
methodologies where the component failure modes are linked
|
methodologies where the component failure modes are linked
|
||||||
directly to SYSTEM failure modes with no analysis stages in between.
|
directly to SYSTEM failure modes with no analysis stages in between.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
\paragraph{Design Decision: A functional group cannot contain {\dc}s at a higher abstraction level than its self}
|
\paragraph{Design Decision: A functional group cannot
|
||||||
|
contain {\dc}s at a higher abstraction level than itself}
|
||||||
|
|
||||||
|
We can say that no component may be derived from itself directly
|
||||||
|
or indirectly.
|
||||||
|
We can track the `abstraction level' by increasing it each time
|
||||||
|
there is a phase of symptom collection.
|
||||||
|
We can use the symbol $alpha$ to represent the abstraction level
|
||||||
|
and make it an attribute of a component.
|
||||||
|
Base components will have an $\alpha$ level of zero.
|
||||||
|
A derived component when created must always be greater than any
|
||||||
|
of the components included in the {\fg} it was derived from.
|
||||||
|
|
||||||
We can implement this rule in two ways, firstly, by saying that any functional group
|
|
||||||
will take the `abstraction level + 1' of all components it includes.
|
|
||||||
Secondly we can say that no component may be derived from itself.
|
|
||||||
|
|
||||||
\paragraph{Natural Reduction in number of failure modes with abstraction level}
|
\paragraph{Natural Reduction in number of failure modes with abstraction level}
|
||||||
%
|
%
|
||||||
Because common symptoms are being collected, as we build the tree up-ward
|
Because common symptoms are being collected, as we build the tree upward
|
||||||
the number of failure modes decreases (or exceptionally stays the same) at each level.
|
the number of failure modes decreases (or exceptionally stays the same)
|
||||||
%
|
at each level.\footnote{In very unusual cases where the none
|
||||||
|
failure modes of a {\fg} can be collected into symptoms,
|
||||||
|
the number of failure modes from its components would be the
|
||||||
|
same as the number of failure modes in the component derived from it.}
|
||||||
This decreasing of the number of failure modes is borne out {\irl}.
|
This decreasing of the number of failure modes is borne out {\irl}.
|
||||||
Of the thousands of component failure modes in a typical product
|
Of the thousands of component failure modes in a typical product
|
||||||
there are generally only a handful of SYSTEM level failure modes
|
there are generally only a handful of SYSTEM level failure modes
|
||||||
@ -858,14 +895,15 @@ Functional groups are collections of components
|
|||||||
that work together to perform a simple function.
|
that work together to perform a simple function.
|
||||||
%
|
%
|
||||||
We can perform a failure mode effects analysis on each of the component failure
|
We can perform a failure mode effects analysis on each of the component failure
|
||||||
modes within a {\fg}. Because we can implemnent the process in software we can thus ensure that all component failure modes
|
modes within a {\fg}. Because we can implemnent the process in software we can
|
||||||
are covered.
|
thus ensure that all component failure modes
|
||||||
|
are included in the model.
|
||||||
%
|
%
|
||||||
We can then treat the {\fg} as a `black box' or component in its own right.
|
We can then treat the {\fg} as a `black box' or component in its own right.
|
||||||
We can now look at how the {\fg} can fail.
|
We can now look at how the {\fg} can fail.
|
||||||
%
|
%
|
||||||
Many of the component failure modes will
|
Many of the component failure modes will
|
||||||
cause the same failure symptoms in the {\fg} failure behaviour.
|
cause the same failure symptoms in the {\fg}.
|
||||||
We can collect these failures as common symptoms.
|
We can collect these failures as common symptoms.
|
||||||
%
|
%
|
||||||
When we have our set of symptoms, we can now create
|
When we have our set of symptoms, we can now create
|
||||||
@ -875,9 +913,7 @@ modes, the collected symptoms of the {\fg}.
|
|||||||
Because we can now have {\dcs} we can use these to form
|
Because we can now have {\dcs} we can use these to form
|
||||||
new {\fg}s and we can build a hierarchical `failure~mode' model of the SYSTEM.
|
new {\fg}s and we can build a hierarchical `failure~mode' model of the SYSTEM.
|
||||||
|
|
||||||
The diagram in figure \ref{fig:fmmd_hierachy}, shows one stage
|
|
||||||
of the FMMD process. The resultant {\dc} may be used to
|
|
||||||
create higher level {\fg}s in later stages.
|
|
||||||
%%- Need diagram of hierarchy
|
%%- Need diagram of hierarchy
|
||||||
%%-
|
%%-
|
||||||
%%-
|
%%-
|
||||||
@ -889,6 +925,18 @@ create higher level {\fg}s in later stages.
|
|||||||
\label{fig:fmmd_hierarchy}
|
\label{fig:fmmd_hierarchy}
|
||||||
\end{figure}
|
\end{figure}
|
||||||
|
|
||||||
|
A {\fg} is a set components (each with a set of of failure modes)
|
||||||
|
that collectively group together to serve some purpose (to perform some function),
|
||||||
|
and derived components are determined
|
||||||
|
from analysis and symtom collection
|
||||||
|
of the {\fg}.
|
||||||
|
|
||||||
|
The {\dc} is equipped with a new set of failure modes
|
||||||
|
corresponding to the symptoms from the {\fg}.
|
||||||
|
|
||||||
|
The diagram in figure \ref{fig:fmmd_hierarchy}, shows one stage
|
||||||
|
of the FMMD process. The resultant {\dc} may be used to
|
||||||
|
create higher level {\fg}s in later stages.
|
||||||
|
|
||||||
% \begin{figure}[h]
|
% \begin{figure}[h]
|
||||||
% \centering
|
% \centering
|
||||||
@ -916,13 +964,15 @@ This is represented in UML in figure \ref{fig:componentconcept}.
|
|||||||
|
|
||||||
\subsection{Environmental Conditions, Operational States and FMMD}
|
\subsection{Environmental Conditions, Operational States and FMMD}
|
||||||
|
|
||||||
Any real world sub-system will exist in a variable environment and may have several modes of operation.
|
Any real world sub-system will exist in a variable environment
|
||||||
In order to find all possible failures, the sub-system must be analysed for each operational state
|
and may have several modes of operation.
|
||||||
|
In order to find all possible failures, the sub-system
|
||||||
|
must be analysed for each operational state
|
||||||
and environment condition that can affect it.
|
and environment condition that can affect it.
|
||||||
%
|
%
|
||||||
Two design decisions are required here, which objects should we
|
Two design decisions are required here: which objects should we
|
||||||
analyse the environment and operational states with respect to.
|
analyse the environment and the operational states with respect to.
|
||||||
we have three objects in our model that these considerations could be applied to.
|
There are three objects in our model that these considerations could be applied to.
|
||||||
We could apply these conditions for analysis
|
We could apply these conditions for analysis
|
||||||
to the functional group, the components, or the derived
|
to the functional group, the components, or the derived
|
||||||
component.
|
component.
|
||||||
@ -937,10 +987,10 @@ Environmental conditions may affect different components in a {\fg}
|
|||||||
in different ways.
|
in different ways.
|
||||||
|
|
||||||
For instance a system may be specified for
|
For instance a system may be specified for
|
||||||
$0\oc$ to {85\oc} operation, but some components
|
$0\oc$ to $85\oc$ operation, but some components
|
||||||
may show failure behaviour between $60\oc$ and $85\oc$
|
may show failure behaviour between $60\oc$ and $85\oc$
|
||||||
\footnote{Opto-islolators typically show marked performace decrease after
|
\footnote{Opto-islolators typically show marked performance decrease after
|
||||||
60oC \cite{tlp181}, whereas another common component, the resistor will be unaffected.}.
|
60oC \cite{tlp181}, whereas another common component, say a resistor, will be unaffected.}.
|
||||||
Other components may operate comfortably within that whole temperature range specified.
|
Other components may operate comfortably within that whole temperature range specified.
|
||||||
Environmental conditions will have an effect on the {\fg} and the {\dc}
|
Environmental conditions will have an effect on the {\fg} and the {\dc}
|
||||||
but they will have specific effects on individual components.
|
but they will have specific effects on individual components.
|
||||||
@ -962,15 +1012,16 @@ normal operation, graceful degradation or lockout.
|
|||||||
Or they could be self~checking sub-systems that are either in a normal or self~check state.
|
Or they could be self~checking sub-systems that are either in a normal or self~check state.
|
||||||
|
|
||||||
Operational states are conditions that apply to a functional group, not individual components.
|
Operational states are conditions that apply to a functional group, not individual components.
|
||||||
|
%% Andrew says that that does no make sense But I think it does
|
||||||
|
|
||||||
\paragraph{Design Decision.}
|
\paragraph{Design Decision.}
|
||||||
Operational state will be applied to {\fg}s.
|
Operational state will be applied to {\fg}s.
|
||||||
|
|
||||||
\paragraph{UML Model of FMMD Analysis}
|
\paragraph{UML Model of FMMD Analysis}
|
||||||
|
|
||||||
Draw a UML model showing the components and the functional group
|
The UML diagram in figure \ref{fig:env_op_uml}, shows the data
|
||||||
with the ENV and OP\_STAT classes associated with them
|
relationships between {\fgs} and operational states, and component
|
||||||
|
failure modes and environmental factors.
|
||||||
|
|
||||||
|
|
||||||
\begin{figure}[h]
|
\begin{figure}[h]
|
||||||
@ -1008,20 +1059,21 @@ or even in other projects where the same {\dc} is used.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
\subsubsection{ It should have a formal basis, that is to say, it should be able to produce mathematical proofs
|
\subsubsection{ It should have a formal basis, data should be available to produce mathematical proofs
|
||||||
for its results}
|
for its results}
|
||||||
Because the failure mode of a SYSTEM is a hierarchy of {\fg}s and derived components
|
Because the failure mode of a SYSTEM is a hierarchy of {\fg}s and derived components
|
||||||
SYSTEM level failure modes are traceable back down the tree to
|
SYSTEM level failure modes are traceable back down the fault tree to
|
||||||
component level failure modes. This provides causation trees \cite{sccs} or, minimal cut sets
|
component level failure modes. This provides causation trees \cite{sccs} or, minimal cut sets
|
||||||
\footnote{Here minimal cut sets represent combinations of component failure modes that can result in s SYSTEM level failure.}
|
|
||||||
for all SYSTEM failure modes.
|
for all SYSTEM failure modes.
|
||||||
|
|
||||||
\subsubsection{ It should be capable of producing reliability and danger evaluation statistics.}
|
\subsubsection{ It should be capable of producing reliability and danger evaluation statistics.}
|
||||||
The minimal cuts sets for the SYSTEM level failures can have computed MTTF
|
The minimal cuts sets for the SYSTEM level failures can have computed MTTF
|
||||||
and danger evaluation statistics sourced from the component failure mode statistics \cite {mil1991}.
|
and danger evaluation statistics sourced from the component failure mode statistics \cite {mil1991}.
|
||||||
|
|
||||||
\subsubsection{ It should be easy to use, ideally using a graphical syntax (as oppossed to a formal mathematical one).}
|
\subsubsection{ It should be easy to use, ideally
|
||||||
A modified form of constraint diagram (an extension of Euler diagrams) has been developed to support the FMMD methodology.
|
using a graphical syntax (as oppossed to a formal mathematical one).}
|
||||||
|
A modified form of constraint diagram (an extension of Euler diagrams) has
|
||||||
|
been developed to support the FMMD methodology.
|
||||||
This uses Euler circles to represent failure modes, and spiders to collect symptoms, to
|
This uses Euler circles to represent failure modes, and spiders to collect symptoms, to
|
||||||
advance a {\fg} to a {\dc}.
|
advance a {\fg} to a {\dc}.
|
||||||
|
|
||||||
@ -1036,6 +1088,9 @@ are built from components performing a given task.
|
|||||||
By breaking the problem of failure mode analysis into small stages
|
By breaking the problem of failure mode analysis into small stages
|
||||||
and building a hierarchy, the problems associated with the cross products of
|
and building a hierarchy, the problems associated with the cross products of
|
||||||
all failure modes within a system are reduced by an exponential order.
|
all failure modes within a system are reduced by an exponential order.
|
||||||
|
This is because the mutliple failure modes are considered
|
||||||
|
within {\fgs} which have fewer failure modes to consider
|
||||||
|
at each FMMD stage.
|
||||||
Where appropriate multiple simultaneous failures can be modelled, by
|
Where appropriate multiple simultaneous failures can be modelled, by
|
||||||
intoducing test~cases where the conjunction of failure modes is considered.
|
intoducing test~cases where the conjunction of failure modes is considered.
|
||||||
|
|
||||||
@ -1107,16 +1162,22 @@ An UML diagram with inhibit conditions added is shown in figure \ref{fig:umlconc
|
|||||||
\subsection{Advantages of FMMD Methodology}
|
\subsection{Advantages of FMMD Methodology}
|
||||||
|
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item It can be checked automatically that all component failure modes have been considered in the model.
|
\item It can be checked automatically that all component failure modes have
|
||||||
\item Because we are modelling with failure modes the {\fgs} and {\dcs} these can be generic, i.e. mechanical, electronic or software components.
|
been considered in the model. Should a failure mode have been missed
|
||||||
|
the data model can be searched and the unhandled failure modes flagged to the design engineer.
|
||||||
|
\item Because we are modelling with failure modes the {\fgs} and {\dcs} these can be generic,
|
||||||
|
i.e. mechanical, electronic or software components.
|
||||||
\item The {\dcs} are re-usable, in that commonly used modules can be re-used in other designs/projects.
|
\item The {\dcs} are re-usable, in that commonly used modules can be re-used in other designs/projects.
|
||||||
\item It will have a formal basis, that is to say, it is able to produce mathematical proofs
|
\item It will have a formal basis, that is to say,
|
||||||
for its results (MTTF and the cause trees for SYSTEM level faults).
|
we have the data at hand to produce meaningful
|
||||||
|
results (MTTF and the cause trees for SYSTEM level faults).
|
||||||
\item Overall reliability and danger evaluation statistics can be computed.
|
\item Overall reliability and danger evaluation statistics can be computed.
|
||||||
By knowing all causation trees,
|
By knowing all causation trees,
|
||||||
the statistical probabilities (from base component data) for all causes can be simply added.
|
the statistical probabilities (from base component data) for all causes can be simply added.
|
||||||
\item A graphical representation based on Euler diagrams is used. Providing an interface that does not involve
|
\item A graphical representation based on Euler diagrams is used.
|
||||||
formal mathematical notation. This is intended to be user friendly and to guide the user through the FMMD process
|
This provides an interface that does not involve
|
||||||
|
formal mathematical/symbolic notation.
|
||||||
|
This is intended to be user friendly and to guide the user through the FMMD process
|
||||||
while applying automatic checks for unhandled conditions.
|
while applying automatic checks for unhandled conditions.
|
||||||
\item From the top down the failure mode model will follow a logical de-composition of the functionality; by
|
\item From the top down the failure mode model will follow a logical de-composition of the functionality; by
|
||||||
chosing {\fg}s and working bottom-up this hierarchical trait will occur as a natural consequence.
|
chosing {\fg}s and working bottom-up this hierarchical trait will occur as a natural consequence.
|
||||||
|
Loading…
Reference in New Issue
Block a user