diff --git a/presentations/fmea/fmea_pres.tex b/presentations/fmea/fmea_pres.tex index 13cb535..e154d91 100644 --- a/presentations/fmea/fmea_pres.tex +++ b/presentations/fmea/fmea_pres.tex @@ -49,7 +49,7 @@ \pause \item \textbf{F - Failures of given component} Consider a component in a system \pause \item \textbf{M - Failure Mode} Look at one of the ways in which it can fail (i.e. determine a component `failure~mode') \pause \item \textbf{E - Effects} Determine the effects this failure mode will cause to the system we are examining - \pause \item \textbf{A - Analysis} Analyse how much impact this symptom will have on the environment/people/the system its-self + \pause \item \textbf{A - Analysis} Analyse how much impact this symptom will have on the environment/people/the system itsself \end{itemize} \end{frame} @@ -87,6 +87,11 @@ For the sake of example let us choose resistor R1 in the OP-AMP gain circuitry. \begin{frame} \frametitle{FMEA Example: Milli-volt reader} +\begin{figure} + \centering + \includegraphics[width=80pt]{./mvamp.png} + % mvamp.png: 561x403 pixel, 72dpi, 19.79x14.22 cm, bb=0 0 561 403 +\end{figure} \begin{itemize} \pause \item \textbf{F - Failures of given component} The resistor (R1) could fail by going OPEN or SHORT (EN298 definition). \pause \item \textbf{M - Failure Mode} Consider the component failure mode SHORT @@ -165,11 +170,23 @@ double failure scenarios (for burner lock-out scenarios). \end{frame} +\begin{frame} +\frametitle{Four main Variants of FMEA} + \begin{itemize} + \pause \item \textbf{PFMEA - Production} \pause Car Manufacture etc + \pause \item \textbf{FMECA - Criticallity} \pause Military/Space + \pause \item \textbf{FMEDA - Statistical safety} \pause EN61508/IOC1508 \pause Safety Integrity Levels + \pause \item \textbf{DFMEA - Design or static/theoretical} \pause EN298/EN230/UL1998 +\end{itemize} +\end{frame} + + + \section{PFMEA - Production FMEA : 1940's to present} \begin{frame} - + \frametitle{PFMEA} Production FMEA (or PFMEA), is FMEA used to prioritise, in terms of cost, problems to be addressed in product production. @@ -273,7 +290,12 @@ will return most cost benefit. http://www.youtube.com/watch?v=rcNeorjXMrE \end{frame} -\section{FMECA - Failure Modes Effects and Criticallity Analysis} + + + + +\section{FMECA - Failure Modes Effects and Criticality Analysis} + \begin{frame} @@ -286,27 +308,25 @@ will return most cost benefit. \caption{A10 Thunderbolt} \label{fig:f16missile} \end{figure} -Emphasis on determining criticallity of failure. +Emphasis on determining criticality of failure. Applies some Bayesian statistics (probabilities of component failures and those causing given system level failures). \end{frame} -\section{FMECA - Failure Modes Effects and Criticallity Analysis} \begin{frame} -\frametitle{ FMECA - Failure Modes Effects and Criticallity Analysis} -Very similar to PFMEA, but instead of cost, a criticallity or +\frametitle{ FMECA - Failure Modes Effects and Criticality Analysis} +Very similar to PFMEA, but instead of cost, a criticality or seriousness factor is ascribed to putative top level incidents. FMECA has three probability factors for component failures. \textbf{FMECA ${\lambda}_{p}$ value.} This is the overall failure rate of a base component. This will typically be the failure rate per million ($10^6$) or -billion ($10^9$) hours of operation. +billion ($10^9$) hours of operation.\pause reference MIL1991. \pause \textbf{FMECA $\alpha$ value.} The failure mode probability, usually denoted by $\alpha$ is the probability of -is the probability of a particular failure -mode occurring within a component. +a particular failure~mode occurring within a component. \pause reference FMD-91. %, should it fail. %A component with N failure modes will thus have %have an $\alpha$ value associated with each of those modes. @@ -314,7 +334,7 @@ mode occurring within a component. \end{frame} \begin{frame} -\frametitle{ FMECA - Failure Modes Effects and Criticallity Analysis} +\frametitle{ FMECA - Failure Modes Effects and Criticality Analysis} \textbf{FMECA $\beta$ value.} The second probability factor $\beta$, is the probability that the failure mode will cause a given system failure. @@ -342,6 +362,9 @@ for a project manager. \section{FMEDA - Failure Modes Effects and Diagnostic Analysis} + + + \begin{frame} \frametitle{ FMEDA - Failure Modes Effects and Diagnostic Analysis} \begin{figure} @@ -356,26 +379,26 @@ for a project manager. \begin{frame} \frametitle{ FMEDA - Failure Modes Effects and Diagnostic Analysis} FMEDA is the methodology behind statistical (safety integrity level) -type standards (EN61508/IOC5108). +type standards (EN61508/IOC5108). \pause It provides a statistical overall level of safety -and allows diagnostic mitigation for self checking etc. +and allows diagnostic mitigation for self checking etc. \pause It provides guidelines for the design and architecture of computer/software systems for the four levels of safety Integrity. %For Hardware - +\pause FMEDA does force the user to consider all components in a system -by requiring that a MTTF value is assigned for each failure~mode. -This MTTF may be statistically mitigated (improved) +by requiring that a MTTF value is assigned for each failure~mode; \pause +the MTTF may be statistically mitigated (improved) if it can be shown that self-checking will detect failure modes. \end{frame} \begin{frame} \frametitle{ FMEDA - Failure Modes Effects and Diagnostic Analysis} Failure modes are classified as Safe or Dangerous according -to the putative system level failure they will cause. +to the putative system level failure they will cause. \pause The Failure modes are also classified as Detected or -Undetected. +Undetected. This gives us four level failure mode classifications: Safe-Detected (SD), Safe-Undetected (SU), Dangerous-Detected (DD) or Dangerous-Undetected (DU), and the probabilistic failure rate of each classification @@ -415,15 +438,16 @@ against all safe and dangerous failure probabilities. Again this is usually expressed as a percentage. $$ SFF = \big( \Sigma\lambda_S + \Sigma\lambda_{DD} \big) / \big( \Sigma\lambda_S + \Sigma\lambda_D \big) $$ -SFF determines how proportionately fail-safe a system is, not how reliable it is ! +SFF determines how proportionately fail-safe a system is, not how reliable it is ! \pause +Weakness in this philosophy; \pause adding extra safe failures (even unused ones) improves the SFF. \end{frame} \begin{frame} \frametitle{ FMEDA - Failure Modes Effects and Diagnostic Analysis} To achieve SIL levels, diagnostic coverage and SFF levels are prescribed along with -hardware architectures and software techniques. -Over all the aim of SIL is classify the safety of a system, +hardware architectures and software techniques. \pause +The overall the aim of SIL is classify the safety of a system, by statistically determining how frequently it can fail dangerously. @@ -453,8 +477,8 @@ Table adapted from EN61508-1:2001 [7.6.2.9 p33] \begin{frame} \frametitle{ FMEDA - Failure Modes Effects and Diagnostic Analysis} FMEDA is a modern extension of FMEA, in that it will allow for -self checking features, and provides detailed recommendations for computer/software architecture. -It also has a simple final result, a Safety Integrity Level (SIL) from 1 to 4 (where 4 is safest). +self checking features, and provides detailed recommendations for computer/software architecture. \pause +It has a simple final result, a Safety Integrity Level (SIL) from 1 to 4 (where 4 is safest). %FMEA can be used as a term simple to mean Failure Mode Effects Analysis, and is %part of product approval for many regulated products in the EU and the USA... @@ -468,11 +492,6 @@ It also has a simple final result, a Safety Integrity Level (SIL) from 1 to 4 (w \begin{frame} \frametitle{DESIGN FMEA: Safety Critical Approvals FMEA} -Experts from Approval House and Equipment Manufacturer -discuss selected component failure modes -judged to be in critical sections of the product. - - \begin{figure}[h] \centering \includegraphics[width=100pt,keepaspectratio=true]{./tech_meeting.png} @@ -480,6 +499,14 @@ judged to be in critical sections of the product. \caption{FMEA Meeting} \label{fig:tech_meeting} \end{figure} +Static FMEA, Design FMEA, Approvals FMEA \pause + +Experts from Approval House and Equipment Manufacturer +discuss selected component failure modes +judged to be in critical sections of the product. + + + \end{frame} \begin{frame} @@ -525,9 +552,9 @@ judged to be in critical sections of the product. \begin{itemize} \pause \item State explosion - \pause \item Rigorous + \pause \item Rigorous (total coverage) \pause \item Reasoning Traceable - \pause \item re-useable + \pause \item Re-useable %\pause \item \end{itemize} @@ -558,9 +585,9 @@ judged to be in critical sections of the product. The FMMD methodology breaks the analysis down into small stages, by making the analyst choose {\fgs} of components, to which FMEA is applied. -When analysed, a set of symptoms of failure for the {\fg} is used create a derived~component. +When analysed, a set of symptoms of failure for the {\fg} is used to create a derived~component. \pause The derived components failure modes, are the symptoms of the {\fg} -from which it was derived. +from which it was derived. \pause We can use derived components to form `higher~level' {\fgs}. This creates an analysis hierarchy. \end{frame} @@ -574,7 +601,7 @@ This creates an analysis hierarchy. \pause \item Using the failure modes of the components create failure scenarios. \pause \item Analyse each failure scenario of the {\fg}. \pause \item Collect Symptoms. - \pause \item Create a '{\dc}', where its failure modes are the symptoms of the {\fg} it was derived from. + \pause \item Create a '{\dc}', where its failure modes are the symptoms of the {\fg} from which it was derived. \pause \item The {\dc} is now available to be used in higher level {\fgs}. \end{itemize} \end{frame} @@ -584,18 +611,19 @@ This creates an analysis hierarchy. \subsection{FMMD - Example - Milli Volt Amplifier} \begin{frame} \frametitle{FMMD - Example - Milli Volt Amplifier} -We can return to the milli-volt amplifier as an example to analyse. - -We can begin by looking for functional groups. -The resistors would together to perform a fairly common function in electronics, that of the potential divider. -So our first functional group is $\{ R1, R2 \}$. -We can now take the failure modes for the resistors (OPEN and SHORT EN298) and see what effect each of these failures will have on the {\fg} (the potential divider). \begin{figure} \centering \includegraphics[width=100pt]{./mvampcircuit.png} % mvampcircuit.png: 243x143 pixel, 72dpi, 8.57x5.04 cm, bb=0 0 243 143 \end{figure} +We can return to the milli-volt amplifier as an example to analyse. +\pause +We can begin by looking for functional groups.\pause +The resistors would together to perform a fairly common function in electronics, that of the potential divider. +So our first functional group is $\{ R1, R2 \}$.\pause +We can now take the failure modes for the resistors (OPEN and SHORT EN298) and see what effect each of these failures will have on the {\fg} (the potential divider). + \end{frame} @@ -757,8 +785,9 @@ how the levels work and converge to a top or system level. \frametitle{FMMD - Failure Mode Modular De-Composition} The fact FMMD analyses small groups of components at a time, and organises them into a hierarchy -addresses the state explosion (where $O$ is order -of complexity) $O=N^2$ inherent in equation +addresses the state explosion problem. \pause +Where $O$ is order +of complexity $O(N^2)$ in the equation below. \begin{equation} \label{eqn:fmea_single2} @@ -777,7 +806,7 @@ with equation~\ref{eqn:anscen}. Where $fgn$ is the number of components in each functional group, and $cfm$ is the number of failure modes per component and L is the number of levels, the number of -analysis scenarios to consider is show in equation~\ref{eqn:anscen}. +analysis scenarios to consider. ~\ref{eqn:fmea_state_exp}. @@ -826,7 +855,7 @@ To see the effects of reducing `state~explosion' we can use an example. Let us take a system with 4 levels (with a top/system 0 level), with three components per functional group and three failure modes per component, and apply these formulae. -Having 4 levels (in addition to the top zero'th level) +Having 4 levels (in addition to the top zeroth level) will require 81 base level components. $$ @@ -853,7 +882,7 @@ $$ \begin{itemize} \pause \item Thus for FMMD we needed to examine 2178 failure~modes against functionally adjacent components, and for traditional FMEA -type analysis methods 19440. +type analysis methods, the number rises to 19440. \pause \item 19440 `checks' is not practical \pause \item 2178 checks is alot, but... \pause \item Modules in FMMD can be re-used... @@ -869,17 +898,18 @@ type analysis methods 19440. \begin{frame} \frametitle{FMMD - Failure Mode Modular De-Composition} -Note that for all possible double simultaneous failures the equation~\ref{eqn:fmea_state_exp2} becomes -equation~\ref{eqn:fmea_state_exp2} essentially making the order $N^3$. -The FMMD case (equation~\ref{eqn:anscen2}), is cubic within the functional groups only, -not all the components in the system. +To determine all possible double simultaneous failures for rigorous FMEA + the order $O(N^3)$. + \begin{equation} \label{eqn:fmea_state_exp2} N.(N-1).(N-2).cfm % \\ %(N^2 - N).cfm \end{equation} - +\pause +The FMMD case (equation~\ref{eqn:anscen2}), is cubic within the functional groups only, +not all the components in the system. \begin{equation} \label{eqn:anscen2} \sum_{n=0}^{L} {fgn}^{n}.fgn.cfm.(fgn-1).(fgn-2) @@ -889,7 +919,7 @@ not all the components in the system. \begin{frame} \frametitle{FMMD - Failure Mode Modular De-Composition} \textbf{Traceability} -Because each reasoning stage contains associations ($FailureMode \mapsto Sypmtom$) +Because each reasoning stage contains associations ($FailureMode \mapsto Symptom$) we can trace the `reasoning' from base level component failure mode to top level/system failure, by traversing the tree/hierarchy. This is in effect providing a `framework' of the reasoning.