robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Proof read by JMC: Now going to watcha breaking bad and get a cup of

Browse Source 
tea.....
This commit is contained in:
Robin Clark 2011-10-06 20:51:31 +01:00
parent 18302eb3c5
commit 33766a8fdc
1 changed files with 80 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
presentations/fmea/fmea_pres.tex
View File

@ -49,7 +49,7 @@
\pause \item \textbf{F - Failures of given component} Consider a component in a system
\pause \item \textbf{M - Failure Mode} Look at one of the ways in which it can fail (i.e. determine a component `failure~mode')
\pause \item \textbf{E - Effects} Determine the effects this failure mode will cause to the system we are examining
\pause \item \textbf{A - Analysis} Analyse how much impact this symptom will have on the environment/people/the system its-self
\pause \item \textbf{A - Analysis} Analyse how much impact this symptom will have on the environment/people/the system itsself
\end{itemize}
\end{frame}
@ -87,6 +87,11 @@ For the sake of example let us choose resistor R1 in the OP-AMP gain circuitry.
\begin{frame}
\frametitle{FMEA Example: Milli-volt reader}
\begin{figure}
\centering
\includegraphics[width=80pt]{./mvamp.png}
% mvamp.png: 561x403 pixel, 72dpi, 19.79x14.22 cm, bb=0 0 561 403
\end{figure}
\begin{itemize}
\pause \item \textbf{F - Failures of given component} The resistor (R1) could fail by going OPEN or SHORT (EN298 definition).
\pause \item \textbf{M - Failure Mode} Consider the component failure mode SHORT
@ -165,11 +170,23 @@ double failure scenarios (for burner lock-out scenarios).
\end{frame}
\begin{frame}
\frametitle{Four main Variants of FMEA}
\begin{itemize}
\pause \item \textbf{PFMEA - Production} \pause Car Manufacture etc
\pause \item \textbf{FMECA - Criticallity} \pause Military/Space
\pause \item \textbf{FMEDA - Statistical safety} \pause EN61508/IOC1508 \pause Safety Integrity Levels
\pause \item \textbf{DFMEA - Design or static/theoretical} \pause EN298/EN230/UL1998
\end{itemize}
\end{frame}
\section{PFMEA - Production FMEA : 1940's to present}
\begin{frame}
\frametitle{PFMEA}
Production FMEA (or PFMEA), is FMEA used to prioritise, in terms of
cost, problems to be addressed in product production.
@ -273,7 +290,12 @@ will return most cost benefit.
http://www.youtube.com/watch?v=rcNeorjXMrE
\end{frame}
\section{FMECA - Failure Modes Effects and Criticallity Analysis}
\section{FMECA - Failure Modes Effects and Criticality Analysis}
\begin{frame}
@ -286,27 +308,25 @@ will return most cost benefit.
\caption{A10 Thunderbolt}
\label{fig:f16missile}
\end{figure}
Emphasis on determining criticallity of failure.
Emphasis on determining criticality of failure.
Applies some Bayesian statistics (probabilities of component failures and those causing given system level failures).
\end{frame}
\section{FMECA - Failure Modes Effects and Criticallity Analysis}
\begin{frame}
\frametitle{ FMECA - Failure Modes Effects and Criticallity Analysis}
Very similar to PFMEA, but instead of cost, a criticallity or
\frametitle{ FMECA - Failure Modes Effects and Criticality Analysis}
Very similar to PFMEA, but instead of cost, a criticality or
seriousness factor is ascribed to putative top level incidents.
FMECA has three probability factors for component failures.
\textbf{FMECA ${\lambda}_{p}$ value.}
This is the overall failure rate of a base component.
This will typically be the failure rate per million ($10^6$) or
billion ($10^9$) hours of operation.
billion ($10^9$) hours of operation.\pause reference MIL1991. \pause
\textbf{FMECA $\alpha$ value.}
The failure mode probability, usually denoted by $\alpha$ is the probability of
is the probability of a particular failure
mode occurring within a component.
a particular failure~mode occurring within a component. \pause reference FMD-91.
%, should it fail.
%A component with N failure modes will thus have
%have an $\alpha$ value associated with each of those modes.
@ -314,7 +334,7 @@ mode occurring within a component.
\end{frame}
\begin{frame}
\frametitle{ FMECA - Failure Modes Effects and Criticallity Analysis}
\frametitle{ FMECA - Failure Modes Effects and Criticality Analysis}
\textbf{FMECA $\beta$ value.}
The second probability factor $\beta$, is the probability that the failure mode
will cause a given system failure.
@ -342,6 +362,9 @@ for a project manager.
\section{FMEDA - Failure Modes Effects and Diagnostic Analysis}
\begin{frame}
\frametitle{ FMEDA - Failure Modes Effects and Diagnostic Analysis}
\begin{figure}
@ -356,24 +379,24 @@ for a project manager.
\begin{frame}
\frametitle{ FMEDA - Failure Modes Effects and Diagnostic Analysis}
FMEDA is the methodology behind statistical (safety integrity level)
type standards (EN61508/IOC5108).
type standards (EN61508/IOC5108). \pause
It provides a statistical overall level of safety
and allows diagnostic mitigation for self checking etc.
and allows diagnostic mitigation for self checking etc. \pause
It provides guidelines for the design and architecture
of computer/software systems for the four levels of
safety Integrity.
%For Hardware
\pause
FMEDA does force the user to consider all components in a system
by requiring that a MTTF value is assigned for each failure~mode.
This MTTF may be statistically mitigated (improved)
by requiring that a MTTF value is assigned for each failure~mode; \pause
the MTTF may be statistically mitigated (improved)
if it can be shown that self-checking will detect failure modes.
\end{frame}
\begin{frame}
\frametitle{ FMEDA - Failure Modes Effects and Diagnostic Analysis}
Failure modes are classified as Safe or Dangerous according
to the putative system level failure they will cause.
to the putative system level failure they will cause. \pause
The Failure modes are also classified as Detected or
Undetected.
This gives us four level failure mode classifications:
@ -415,15 +438,16 @@ against all safe and dangerous failure probabilities.
Again this is usually expressed as a percentage.
$$ SFF = \big( \Sigma\lambda_S + \Sigma\lambda_{DD} \big) / \big( \Sigma\lambda_S + \Sigma\lambda_D \big) $$
SFF determines how proportionately fail-safe a system is, not how reliable it is !
SFF determines how proportionately fail-safe a system is, not how reliable it is ! \pause
Weakness in this philosophy; \pause adding extra safe failures (even unused ones) improves the SFF.
\end{frame}
\begin{frame}
\frametitle{ FMEDA - Failure Modes Effects and Diagnostic Analysis}
To achieve SIL levels, diagnostic coverage and SFF levels are prescribed along with
hardware architectures and software techniques.
Over all the aim of SIL is classify the safety of a system,
hardware architectures and software techniques. \pause
The overall the aim of SIL is classify the safety of a system,
by statistically determining how frequently it can fail dangerously.
@ -453,8 +477,8 @@ Table adapted from EN61508-1:2001 [7.6.2.9 p33]
\begin{frame}
\frametitle{ FMEDA - Failure Modes Effects and Diagnostic Analysis}
FMEDA is a modern extension of FMEA, in that it will allow for
self checking features, and provides detailed recommendations for computer/software architecture.
It also has a simple final result, a Safety Integrity Level (SIL) from 1 to 4 (where 4 is safest).
self checking features, and provides detailed recommendations for computer/software architecture. \pause
It has a simple final result, a Safety Integrity Level (SIL) from 1 to 4 (where 4 is safest).
%FMEA can be used as a term simple to mean Failure Mode Effects Analysis, and is
%part of product approval for many regulated products in the EU and the USA...
@ -468,11 +492,6 @@ It also has a simple final result, a Safety Integrity Level (SIL) from 1 to 4 (w
\begin{frame}
\frametitle{DESIGN FMEA: Safety Critical Approvals FMEA}
Experts from Approval House and Equipment Manufacturer
discuss selected component failure modes
judged to be in critical sections of the product.
\begin{figure}[h]
\centering
\includegraphics[width=100pt,keepaspectratio=true]{./tech_meeting.png}
@ -480,6 +499,14 @@ judged to be in critical sections of the product.
\caption{FMEA Meeting}
\label{fig:tech_meeting}
\end{figure}
Static FMEA, Design FMEA, Approvals FMEA \pause
Experts from Approval House and Equipment Manufacturer
discuss selected component failure modes
judged to be in critical sections of the product.
\end{frame}
\begin{frame}
@ -525,9 +552,9 @@ judged to be in critical sections of the product.
\begin{itemize}
\pause \item State explosion
\pause \item Rigorous
\pause \item Rigorous (total coverage)
\pause \item Reasoning Traceable
\pause \item re-useable
\pause \item Re-useable
%\pause \item
\end{itemize}
@ -558,9 +585,9 @@ judged to be in critical sections of the product.
The FMMD methodology breaks the analysis down into small stages,
by making the analyst choose {\fgs} of components, to which FMEA is applied.
When analysed, a set of symptoms of failure for the {\fg} is used create a derived~component.
When analysed, a set of symptoms of failure for the {\fg} is used to create a derived~component. \pause
The derived components failure modes, are the symptoms of the {\fg}
from which it was derived.
from which it was derived. \pause
We can use derived components to form `higher~level' {\fgs}.
This creates an analysis hierarchy.
\end{frame}
@ -574,7 +601,7 @@ This creates an analysis hierarchy.
\pause \item Using the failure modes of the components create failure scenarios.
\pause \item Analyse each failure scenario of the {\fg}.
\pause \item Collect Symptoms.
\pause \item Create a '{\dc}', where its failure modes are the symptoms of the {\fg} it was derived from.
\pause \item Create a '{\dc}', where its failure modes are the symptoms of the {\fg} from which it was derived.
\pause \item The {\dc} is now available to be used in higher level {\fgs}.
\end{itemize}
\end{frame}
@ -584,18 +611,19 @@ This creates an analysis hierarchy.
\subsection{FMMD - Example - Milli Volt Amplifier}
\begin{frame}
\frametitle{FMMD - Example - Milli Volt Amplifier}
We can return to the milli-volt amplifier as an example to analyse.
We can begin by looking for functional groups.
The resistors would together to perform a fairly common function in electronics, that of the potential divider.
So our first functional group is $\{ R1, R2 \}$.
We can now take the failure modes for the resistors (OPEN and SHORT EN298) and see what effect each of these failures will have on the {\fg} (the potential divider).
\begin{figure}
\centering
\includegraphics[width=100pt]{./mvampcircuit.png}
% mvampcircuit.png: 243x143 pixel, 72dpi, 8.57x5.04 cm, bb=0 0 243 143
\end{figure}
We can return to the milli-volt amplifier as an example to analyse.
\pause
We can begin by looking for functional groups.\pause
The resistors would together to perform a fairly common function in electronics, that of the potential divider.
So our first functional group is $\{ R1, R2 \}$.\pause
We can now take the failure modes for the resistors (OPEN and SHORT EN298) and see what effect each of these failures will have on the {\fg} (the potential divider).
\end{frame}
@ -757,8 +785,9 @@ how the levels work and converge to a top or system level.
\frametitle{FMMD - Failure Mode Modular De-Composition}
The fact FMMD analyses small groups of components at a time, and organises them
into a hierarchy
addresses the state explosion (where $O$ is order
of complexity) $O=N^2$ inherent in equation
addresses the state explosion problem. \pause
Where $O$ is order
of complexity $O(N^2)$ in the equation below.
\begin{equation}
\label{eqn:fmea_single2}
@ -777,7 +806,7 @@ with equation~\ref{eqn:anscen}.
Where $fgn$ is the number of components in each functional group,
and $cfm$ is the number of failure modes per component
and L is the number of levels, the number of
analysis scenarios to consider is show in equation~\ref{eqn:anscen}.
analysis scenarios to consider.
~\ref{eqn:fmea_state_exp}.
@ -826,7 +855,7 @@ To see the effects of reducing `state~explosion' we can use an example.
Let us take a system with 4 levels (with a top/system 0 level),
with three components per functional group and three failure modes per component,
and apply these formulae.
Having 4 levels (in addition to the top zero'th level)
Having 4 levels (in addition to the top zeroth level)
will require 81 base level components.
$$
@ -853,7 +882,7 @@ $$
\begin{itemize}
\pause \item Thus for FMMD we needed to examine 2178 failure~modes against functionally adjacent components, and for traditional FMEA
type analysis methods 19440.
type analysis methods, the number rises to 19440.
\pause \item 19440 `checks' is not practical
\pause \item 2178 checks is alot, but...
\pause \item Modules in FMMD can be re-used...
@ -869,17 +898,18 @@ type analysis methods 19440.
\begin{frame}
\frametitle{FMMD - Failure Mode Modular De-Composition}
Note that for all possible double simultaneous failures the equation~\ref{eqn:fmea_state_exp2} becomes
equation~\ref{eqn:fmea_state_exp2} essentially making the order $N^3$.
The FMMD case (equation~\ref{eqn:anscen2}), is cubic within the functional groups only,
not all the components in the system.
To determine all possible double simultaneous failures for rigorous FMEA
the order $O(N^3)$.
\begin{equation}
\label{eqn:fmea_state_exp2}
N.(N-1).(N-2).cfm % \\
%(N^2 - N).cfm
\end{equation}
\pause
The FMMD case (equation~\ref{eqn:anscen2}), is cubic within the functional groups only,
not all the components in the system.
\begin{equation}
\label{eqn:anscen2}
\sum_{n=0}^{L} {fgn}^{n}.fgn.cfm.(fgn-1).(fgn-2)
@ -889,7 +919,7 @@ not all the components in the system.
\begin{frame}
\frametitle{FMMD - Failure Mode Modular De-Composition}
\textbf{Traceability}
Because each reasoning stage contains associations ($FailureMode \mapsto Sypmtom$)
Because each reasoning stage contains associations ($FailureMode \mapsto Symptom$)
we can trace the `reasoning' from base level component failure mode to top level/system
failure, by traversing the tree/hierarchy. This is in effect providing a `framework' of the reasoning.