diff --git a/submission_thesis/CH5_Examples/copy.tex b/submission_thesis/CH5_Examples/copy.tex index 4e63a44..22bfcd9 100644 --- a/submission_thesis/CH5_Examples/copy.tex +++ b/submission_thesis/CH5_Examples/copy.tex @@ -18,7 +18,7 @@ hybrids. \begin{itemize} \item The first example applies FMMD to an operational-amplifier inverting amplifier (see section~\ref{sec:invamp}); %using an op-amp and two resistors; -this demonstrates re-use of a potential divider {\dc} from section~\ref{subsec:potdiv}. +this examines re-use of the potential divider {\dc} from section~\ref{subsec:potdiv}. This amplifier is analysed twice, using different compositions of {\fgs}. The two approaches, i.e. effects of choice of membership for {\fgs} are then discussed. % @@ -48,7 +48,7 @@ by applying FMMD to a sigma delta ADC. %analogue to digital converter---again with a circular signal path---which operates on both %analogue and digital signals. \item Section~\ref{sec:Pt100} demonstrates FMMD being applied to a commonly used Pt100 -safety critical temperature sensor circuit, this is analysed for single and then double failure modes. +safety critical temperature sensor circuit, analysed for single and double failure mode scenarios. \end{itemize} \clearpage @@ -75,15 +75,16 @@ Both approaches are followed in the next two sub-sections. % \subsection{First Approach: Inverting OPAMP using a Potential Divider {\dc}} % -Ideally we would like to re-use {\dcs} from the $PD$ from section~\ref{subsec:potdiv}, which on initial inspection, %at first glance, +Ideally the {\dcs} from the $PD$ from section~\ref{subsec:potdiv} would be re-used; on initial inspection it %at first glance, looks a good candidate for this. % However, -it cannot directly re-use $PD$, and not just because +$PD$ cannot be directly re-used, and not just because the potential divider is floating i.e. that the polarity of the R2 side of the potential divider is determined by the output from the op-amp. % The circuit schematic stipulates that the input is positive. +% In normal operation then, this is an inverted potential divider. %, but in addition, it facilitates the %output feedback forming a current balance with the input signal. %---that potential divider would only be valid if the input signal were negative. @@ -288,11 +289,11 @@ by forming a {\fg} with the OpAmp and our new {\dc} $INVPD$. % %The differences are the root causes or component failure modes that %lead to the symptoms (i.e. the symptoms are the same but causation tree will be different). -Tailure modes for the {\dc} $INVAMP$ can be expressed thus; +Failure modes for the {\dc} $INVAMP$ can be expressed thus; %% $$ fm(INVAMP) = \{ {lowpass}, {high}, {low} \}.$$ $$ fm(INVAMP) = \{ HIGH, LOW, LOW PASS \} .$$ - % -We can draw a DAG representing the failure mode behaviour of + +A DAG is drawn representing the failure mode behaviour of this amplifier (see figure~\ref{fig:invdag1}). % Note that this allows us @@ -305,7 +306,7 @@ to traverse from system level or top failure modes to base component failure mod \subsection{Second Approach: Inverting OpAmp analysing with three components in one larger {\fg}} \label{subsec:invamp2} % -The problem above is analysed without using an intermediate $PD$ +The problem above is analysed without using an intermediate $INVPD$ derived component. % If the input voltage was not constrained to being positive this one stage analysis would be necessary. @@ -359,12 +360,16 @@ This concern is re-visited in the differencing amplifier example in the next sec \subsection{Comparison between the two approaches} \label{sec:invampcc} The first analysis used two FMMD stages. +% The first stage analysed an inverted potential divider %, analyses its failure modes, giving the {\dc} (INVPD). -The second stage analysed a {\fg} comprised of the INVPD and an OpAmp. % -The second analysis (3 components) has to look at the effects of each failure mode of each resistor -on the op-amp circuit. This meant more work for the analyst---that is +The next stage analysed a {\fg} comprised of the INVPD and an OpAmp. +% +The second analysis (3 components) looked at the effects of each failure mode of each resistor +and the op-amp. % circuit. +% +This meant more work for the analyst---that is an increase in the complexity of the analysis---compared to checking the two known failure modes from the pre-analysed inverted potential divider against the OpAmp. @@ -407,8 +412,8 @@ It would therefore, be desirable to represent this circuit as a {\dc} called say % Identifying {\fgs} from the components in the circuit is the starting point for analysis. % -Looking first at the components in the signal path, it can be noticed that we have a non-inverting -amplifier formed by R1,R2 and IC1. +Looking first at the components in the signal path, it can be noticed that a non-inverting +amplifier is formed by R1,R2 and IC1. % In fact, apart from being inverted visually on the schematic, it is identical to the example @@ -430,7 +435,9 @@ a positive voltage from the schematic). This means the junction of R2 R3 is always +ve. This means the input voltage `+V2' could be lower than this. This means R3 R4 is not a fixed potential divider, with R4 being on the positive side. -It could be on either polarity (i.e. the other way around R4 could be the negative side). +% +It could be at either polarity. % (i.e. the other way around R4 could be the negative side). +% Here it is more intuitive to model the resistors not as a potential divider, but individually. %This means we are either going to %get a high or low reading if R3 or R4 fail. @@ -468,22 +475,18 @@ Here it is more intuitive to model the resistors not as a potential divider, but Collecting the symptoms it can be seen that this amplifier fails in four ways. %$\{ AMPHigh, AMPLow, LowPass, AMPIncorrectOutput\}$. %We can now -We create a derived component, $SEC\_AMP$, to represent it +A {\dc}, $SEC\_AMP$, is created %to represent it with failure modes described by: $$ fm(SEC\_AMP) = \{ AMPHigh, AMPLow, LowPass, AMPIncorrectOutput \} .$$ - - - -%Its failure modes are therefore the same. We can therefore re-use -%the derived component for $NI\_AMP$ - +% +% \pagebreak[4] \subsection{Final stage of the $DiffAmp$ Analysis} - -For the final stage we create a {\fg} consisting of -two derived components of the type $NI\_AMP$ and $SEC\_AMP$. % -We apply FMMD analysis to this {\fg} in table~\ref{tbl:diffampfinal}. +For the final stage a {\fg} consisting of +two derived components of the type $NI\_AMP$ and $SEC\_AMP$ is created. +% +FMMD analysis is applied to this {\fg} in table~\ref{tbl:diffampfinal}. % \begin{table}[h+] \label{tbl:diffampfinal} @@ -515,14 +518,15 @@ We apply FMMD analysis to this {\fg} in table~\ref{tbl:diffampfinal}. \label{tbl:ampfmea} \end{table} % -Collecting common symptoms of failure the failure modes for this circuit are determined. +%Collecting common symptoms of failure the failure modes for this circuit are determined. +Common symptoms of failure are collected. %$\{DiffAMPLow, DiffAMPHigh, DiffAMP\_LP, DiffAMPIncorrect \}$. A derived component to represent the failure mode behaviour of the differencing amplifier circuit (see figure~\ref{fig:circuit1}) is created: $$ fm (DiffAMP) = \{DiffAMPLow, DiffAMPHigh, DiffAMP\_LP, DiffAMPIncorrect\} . $$ -The failure analysis performed is represented as a directed graph (see figure~\ref{fig:circuit1_dag}). +The failure analysis performed is represented as a directed graph in figure~\ref{fig:circuit1_dag}. %of the failure modes and derived components. % Using this any top level fault can be traced back to @@ -588,7 +592,8 @@ This FMMD analysis also revealed an undetectable failure mode, $DiffAMPIncorrec The circuit in figure~\ref{fig:circuit2} shows a five pole low pass filter. -Starting at the input, we have a first order low pass filter buffered by an op-amp, +% +Starting at the input, there is a first order low pass filter buffered by an op-amp, the output of this is passed to a Sallen~Key~\cite{aoe}[p.267]~\cite{electronicssysapproach}[p.288] second order low-pass filter. The output of this is passed into another Sallen~Key filter. % -- which although it may have different values %for its resistors/capacitors and thus have a different frequency response -- is identical from a failure mode perspective. @@ -627,7 +632,8 @@ to a potential divider (see section~\ref{subsec:potdiv}). % Capacitors generally fail OPEN but some types fail OPEN and SHORT. % -Consider the worst case: a two failure mode model for this analysis. +%Consider the worst case: a two failure mode model for this analysis. +The worst case for failure for capacitors is taken, i.e. OPEN and SHORT. % The first order low pass filter is analysed in table~\ref{tbl:firstorderlpass}.\\ @@ -658,18 +664,18 @@ The first order low pass filter is analysed in table~\ref{tbl:firstorderlpass}.\ The symptoms $\{ LPnofilter,LPnosignal \}$ are collected and a derived component created called $FirstOrderLP$. % -Applying the $fm$ function yields $$ fm(FirstOrderLP) = \{ LPnofilter,LPnosignal \}.$$ +Applying the $fm$ function yields: $$ fm(FirstOrderLP) = \{ LPnofilter,LPnosignal \}.$$ % \paragraph{Addition of Buffer Amplifier: First stage.} % The op-amp IC1 is being used simply as a buffer. % -By placing it between the next stages -on the signal path, we remove the possibility of unwanted signal feedback. +By placing it between the stages %next stages +on the signal path the possibility of unwanted signal feedback is avoided. % The buffer is one of the simplest op-amp configurations. % -It has no other components, and so we can now form a {\fg} +It has no other components, and a {\fg} is formed from the $FirstOrderLP$ and the OpAmp component. \begin{table}[ht] @@ -702,7 +708,7 @@ from the $FirstOrderLP$ and the OpAmp component. From the table~\ref{tbl:firststage} three symptoms of failure of the first stage of this circuit (i.e. R10,C10,IC1) are observed. % -A {\dc} is created for it, lets call it $LP1$. +A {\dc} is created for it, $LP1$, where: $$ fm(LP1) = \{ LP1High, LP1Low, LP1filterincorrect, LP1nosignal \} $$ @@ -717,8 +723,8 @@ on the schematic as in figure~\ref{fig:circuit2002_LP1}. \centering \includegraphics[width=300pt,keepaspectratio=true]{CH5_Examples/circuit2002_LP1.png} % circuit2002_LP1.png: 575x331 pixel, 72dpi, 20.28x11.68 cm, bb=0 0 575 331 - \caption{Five Pole Sallen Key Filter: Circuit showing the first two {\fgs} modelled. - Shown as an Euler diagram super-imposed onto the electrical schematic.} % so far.} + \caption{Five Pole Sallen Key Filter: Circuit showing the first two {\fgs} + modelled as an Euler diagram super-imposed onto the electrical schematic.} \label{fig:circuit2002_LP1} \end{figure} @@ -770,10 +776,8 @@ $$ fm ( SKLP ) = \{ SKLPHigh, SKLPLow, SKLPIncorrect, SKLPnosignal . \} $$ % \paragraph{A failure mode model of Op-Amp Circuit 2.} % -We now have {\dcs} representing the three stages of this filter -and this follows the signal flow in the filter circuit (see figure~\ref{fig:blockdiagramcircuit2}). -% -% +A {\dcs} representing the three stages of this filter is created following + the signal flow in the filter circuit (see figure~\ref{fig:blockdiagramcircuit2}). % % As the signal has to pass through each block/stage @@ -794,7 +798,7 @@ and these are marked on the circuit schematic in figure~\ref{fig:circuit2002_FIV % \pagebreak[4] % -So our final {\fg} will consist of the derived components $\{ LP1, SKLP_1, SKLP_2 \}$. +So the final {\fg} will consist of the derived components $\{ LP1, SKLP_1, SKLP_2 \}$. % The FMMD hierarchy is shown in figure~\ref{fig:circuit2h}. % @@ -880,7 +884,7 @@ three op-amp driven non-inverting low pass filter elements. It is not surprising therefore that they have very similar failure modes. % From a safety point of view, the failure modes $LOW$, $HIGH$ and $NO\_SIGNAL$ -could be easily detected; the failure symptom $FilterIncorrect$ may be less detectable. +could be easily detected; the failure symptom $FilterIncorrect$ is not detectable. % \subsection{Conclusion} This example shows the analysis of a linear signal path circuit with three easily identifiable @@ -926,7 +930,9 @@ However, this is not a problem for FMMD, as {\fgs} are readily identifiable. %We start the FMMD process by determining {\fgs}. Initially three types of {\fgs} are identified, an inverting amplifier (analysed in section~\ref{fig:invamp}), a 45 degree phase shifter (a {$10k\Omega$} resistor and a $10nF$ capacitor) and a non-inverting buffer -amplifier. We can name these $INVAMP$, $PHS45$ and $NIBUFF$ respectively. +amplifier. +% +These are named $INVAMP$, $PHS45$ and $NIBUFF$ respectively. These {\fgs} are used to describe the circuit in block diagram form with arrows indicating the signal path, in figure~\ref{fig:bubbablock}. \begin{figure}[h] @@ -942,10 +948,10 @@ determine {\dcs}. \subsection{Inverting Amplifier: INVAMP} % -The inverting amplifier was analysed in section~\ref{sec:invamp} and can therefore simply re-use those results +The inverting amplifier was analysed in section~\ref{sec:invamp} and can be re-used. % those results i.e. the {\dc} $INVAMP$. % -The inverting amplifier, as a {\dc}, has the following failure modes: +This inverting amplifier, as a {\dc}, has the following failure modes: % $$ fm(INVAMP) = \{ AMP\_High, AMP\_Low, LowPass \}. $$ % \{ HIGH, LOW, LOW PASS \}. $$ % @@ -955,34 +961,28 @@ $$ fm(INVAMP) = \{ AMP\_High, AMP\_Low, LowPass \}. $$ % \{ HIGH, LOW, LOW PASS \subsection{Phase shifter: PHS45} % This consists of a resistor and a capacitor. -% CUNT CUNT CUNT WEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE this is doing my head in +% Failure mode models exist for these components -- $ fm(R) = \{OPEN, SHORT\}$, $fm(C) = \{OPEN, SHORT\}$ -- the question next is, how do these failure modes affect the phase shifter? % Note that the circuit here is identical to the low pass filter in circuit topology (see section~\ref{sec:lp}), but its intended use is different. % -We have to analyse this circuit from the perspective of it being a {\em phase~shifter} not a {\em low~pass~filter}. +Therefore this circuit is analysed from the perspective of it being a {\em phase~shifter} not a {\em low~pass~filter}. % The {\fg} for the phase shifter consists of a resistor and a capacitor, $G_0 = \{ R, C \}$ -(FMMD analysis details in appendix section~\ref{detail:PHS45}), +(FMMD analysis details in appendix~\ref{detail:PHS45}), % % $$ fm (G_0) = \{ nosignal, 0\_phaseshift \} . $$ - -%$$ CC(G_0) = 4 \times 1 = 4 $$ -%23SEP2012 - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -%%% WE romoval ends here for CH5: doing my fucking head in re-arranging sentences. -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% \subsection{Non Inverting Buffer: NIBUFF.} % The non-inverting buffer {\fg} is comprised of one component, an op-amp. % -We use the failure modes for an op-amp~\cite{fmd91}[p.3-116] to represent this group. -% GARK -We can express the failure modes for the non-inverting buffer ($NIBUFF$) thus: +The failure modes for an op-amp~\cite{fmd91}[p.3-116] are used to represent this group. +% +The failure modes for the non-inverting buffer ($NIBUFF$) are expressed thus: $$ fm(NIBUFF) = fm(OPAMP) = \{L\_{up}, L\_{dn}, Noop, L\_slew \} . $$ % %Because we obtain the failure modes for $NIBUFF$ from the literature, @@ -994,17 +994,18 @@ $$ fm(NIBUFF) = fm(OPAMP) = \{L\_{up}, L\_{dn}, Noop, L\_slew \} . $$ % \subsection{Bringing the {\fgs} Together: FMMD model of the `Bubba' Oscillator.} % -We could at this point bring all the {\dcs} together into one large functional +At this point all the {\dcs} could be collected into one large functional group (see figure~\ref{fig:bubbaeuler1}) %{fig:poss1finalbubba}) -or we could try to merge in smaller stages, which will have the side-effect of +or merged in smaller stages, which will have the side-effect of creating intermediate {\dcs}. % -Initially we use the first identified {\fgs} to create our model without further stages of refinement/hierarchy. +Initially the first identified {\fgs} are used to create the {\fm} model without further stages of refinement/hierarchy. +% +% % - - \subsection{FMMD Analysis using initially identified {\fgs}} \label{sec:bubba1} +% By indexing the re-used {\dcs} the {\fg} for this analysis can be expressed thus: % @@ -1028,7 +1029,7 @@ or in Euler diagram format as in figure~\ref{fig:bubbaeuler1}. \end{figure} % -The detail of the FMMD analysis can be found in section~\ref{detail:BUBOSC1}. +The detail of the FMMD analysis can be found in appendix~\ref{detail:BUBOSC1}. Applying $fm$ to the Bubba oscillator returns two failure modes, % @@ -1047,22 +1048,21 @@ $$ fm(BubbaOscillator) = \{ NO_{osc}, HI_{fosc}\} . $$ %, LO_{fosc} \} . $$ %Traditional FMEA would have lead us to a much higher comparison complexity %of $468$ failure modes to check against components. %However, -The analysis here appears top-heavy; we should be able to refine the model more +The analysis here appears top-heavy; it should be possible to refine the model more and break this down into smaller {\fgs} by allowing more stages of hierarchy. %and hopefully %this should lead a further reduction in the complexity comparison figure. By decreasing the size of the modules with further refinement, -we may also discover new derived components that may be of use for other analyses in the future. - - - +new derived components may be discovered that could + be of use for other analyses in the future. +% \clearpage - +% \subsection{FMMD Analysis of Bubba Oscillator using a finer grained modular approach (i.e. more hierarchical stages)} \label{sec:bubba2} The example above---from the initial {\fgs}---used one very large {\fg} to model the circuit. %This mean a quite large comparison complexity for this final stage. -We should be able to determine smaller {\fgs} and refine the model further. +It should be possible to determine smaller {\fgs} and refine the model further. % HTR 23SEP2012 \begin{figure}[h+] % HTR 23SEP2012 \centering @@ -1082,20 +1082,24 @@ We should be able to determine smaller {\fgs} and refine the model further. \paragraph{Outline of finer grained FMMD analysis of the Bubba oscillator.} % -We use the pre-analysed $NIBUFF$ and $PHS45$ -{\dcs} to form a {\fg}, analysed in table~\ref{tbl:buff45}, giving the +The pre-analysed $NIBUFF$ and $PHS45$ +{\dcs} are used to form a {\fg}, analysed in table~\ref{tbl:buff45}, giving the {\dc} $BUFF45$. % %Thus, $BUFF45$ is a {\dc} representing an actively buffered $45^{\circ}$ phase shifter. % -From the block circuit diagram (figure~\ref{fig:circuit3}), we see that there are three -$45^{\circ}$ phase shifter circuits in series. Together these apply a $135^{\circ}$ phase shift to the signal. +From the block circuit diagram (figure~\ref{fig:circuit3}), +it is seen that there are three +$45^{\circ}$ phase shifter circuits in series. % -We use this property to model a higher level {\dc}, that of a $135^{\circ}$ phase shifter. +Together these apply a $135^{\circ}$ phase shift to the signal. +% +This property is used to model a higher level {\dc}, that of a $135^{\circ}$ phase shifter. % The three $BUFF45$ {\dcs} form a {\fg} which is analysed in table~\ref{tbl:phs135buffered}. +% The result of this analysis is the {\dc} $PHS135BUFFERED$ which represents an actively buffered $135^{\circ}$ phase shifter. % @@ -1107,29 +1111,15 @@ A PHS45 {\dc} and an inverting amplifier\footnote{Inverting amplifiers apply a form a {\fg} providing an amplified $225^{\circ}$ phase shift, analysed in table~\ref{tbl:phs225amp} resulting in the {\dc} $PHS225AMP$. -Applying FMMD we create a derived component $PHS225AMP$ which has the following failure modes: +% +Applying FMMD the {\dc} $PHS225AMP$ is created with the following failure modes: $$ fm (PHS225AMP) = \{ 180\_phaseshift, NO\_signal \}. % 270\_phaseshift, $$ % -%---with the remaining $PHS45$ and the $INVAMP$ (re-used from section~\ref{sec:invamp})in a second group $PHS225AMP$--- -Finally we form a final {\fg} with $PHS135BUFFERED$ and $PHS225AMP$. -%in a final stage (see figure~{fig:bubbaeuler2}) % \ref{fig:poss2finalbubba}) +A final {\fg} is formed with $PHS135BUFFERED$ and $PHS225AMP$. % -%We can take a more modular approach by creating two intermediate functional groups, a buffered $45^{\circ}$ phase shifter (BUFF45) -%we can combine three $BUFF45$'s to make -%a $135^{\circ}$ buffer phase shifter (PHS135BUFFERED). -% -%We can combine a $PHS45$ and a $NIBUFF$ to create -%and an amplifying $225^{\circ}$ phase shifter (PHS225AMP). -% -% By combining PHS225AMP and PHS135BUFFERED we can create a more modularised hierarchical -% model of the bubba oscillator. -% The proposed hierarchy is shown in figure~\ref{fig:poss2finalbubba}. -% -% -% -We analyse this {\fg} (see section~\ref{detail:BUFF45}) and create a derived component, $BUFF45$ which has the following failure modes: +This {\fg} is analysed in appendix~\ref{detail:BUFF45} giving a {\dc}, $BUFF45$, which has the following failure modes: $$ fm (BUFF45) = \{ 0\_phaseshift, NO\_signal \} .% 90\_phaseshift, $$ @@ -1137,7 +1127,9 @@ $$ %$$ CC(BUFF45) = 7 \times 1 = 7 $$ % Three $BUFF45$ {\dcs} form a {\fg}, and after FMMD analysis -we create a $PHS135BUFFERED$ {\dc}. The FMMD analysis may be viewed at section~\ref{detail:PHS135BUFFERED}. % +we create a $PHS135BUFFERED$ {\dc}. +% +The FMMD analysis table is in appendix~\ref{detail:PHS135BUFFERED}. % % % % @@ -1147,19 +1139,14 @@ we create a $PHS135BUFFERED$ {\dc}. The FMMD analysis may be viewed at section~\ % The $PHS225AMP$ consists of a $PHS45$, providing $45^{\circ}$ of phase shift, and an $INVAMP$, providing $180^{\circ}$ giving a total of $225^{\circ}$. -Detailed FMMD analysis may be found in section~\ref{detail:PHS225AMP}. % -% -% -%$$ CC(PHS225AMP) = 7 \times 1 $$ +Detailed FMMD analysis may be found in appendix~\ref{detail:PHS225AMP}. % The $PHS225AMP$ consists of a $PHS45$ and an $INVAMP$ (which provides $180^{\circ}$ of phase shift). % -% -% To complete the analysis we now bring the derived components $PHS135BUFFERED$ and $PHS225AMP$ together -and perform FMEA with these (see section~\ref{detail:BUBBAOSC}), to obtain a model for the Bubba Oscillator. -%Collecting symptoms from table~\ref{tbl:bubba2}, we can create a derived component $BUBBAOSC$ which has the following failure modes: +and perform FMEA with these (see appendix~\ref{detail:BUBBAOSC}), to obtain a model for the Bubba Oscillator. +% $$ fm (BUBBAOSC) = \{ HI_{osc}, NO\_signal .\} % LO_{fosc}, $$ @@ -1194,9 +1181,8 @@ Smaller {\fgs} signify less by-hand checks and a more finely grained model. % This means that -there will %would -be more {\dcs} and this %therefore -increases the potential for re-use of pre-analysed {\dcs}. +more {\dcs} will be created and this %therefore +increases the potential for re-use. % of pre-analysed {\dcs}. % A finer grained model---with potentially more hierarchy stages---also means that %more work, or @@ -1288,89 +1274,99 @@ of the input voltage (i.e. the value of the sum of 1's and 0's is proportional t %$$\{ IC1, IC2, IC3, IC4, R1, R2, R3, R4, C1 \} $$. % The parts for the {\sd} are a mixture of analogue (resistors, capacitors, OpAmps) and digital -(D type flip flop, and a digital clock). We examine the failure modes of all components in this circuit below. +(D type flip flop, and a digital clock). The failure modes of all components are examined in this circuit below. % -IC1,IC2 and IC3 are all OpAmps and we have failure modes for this component type -from section~\ref{sec:opamp_fms}: +IC1,IC2 and IC3 are all OpAmps and have failure modes for this component type +(i.e. from section~\ref{sec:opamp_fms}): % $$ fm(OPAMP) = \{ HIGH, LOW, NOOP, LOW\_SLEW \}. $$ % -We examine the literature for a failure model for the D-type flip flop~\cite{fmd91}[3-105], for example the CD4013B~\cite{cd4013}, -and obtain its failure modes, which we can express using the $fm$ function: +The literature was examined for a failure model +for a D-type flip flop~\cite{fmd91}[3-105], and the CD4013B~\cite{cd4013} chosen. +Its {\fms} are expressed using the $fm$ function: %% $$ fm ( CD4013B) = \{ HIGH, LOW, NOOP \}. $$ % -The resistors and capacitor failure modes we take from EN298~\cite{en298}[An.A]. -We express the failure modes for the resistors (R) and capacitors (C) thus: +The resistors and capacitor failure modes are taken from EN298~\cite{en298}[An.A]. +% +The failure modes for the resistors (R) and capacitors (C) are expressed thus: % $$ fm ( R ) = \{OPEN, SHORT\},$$ % $$ fm ( C ) = \{OPEN, SHORT\}. $$ % -We are also given a CLOCK. For the purpose of example we shall attribute -one failure mode to this, that it might stop. -We express the failure modes of the CLOCK, thus: +A CLOCK signal is required for the \sd. +% +For the purpose of example +one failure mode is assigned to this, that it might stop. +The failure modes of the CLOCK, is stated thus: % $$ fm ( CLOCK ) = \{ STOPPED \}. $$ \subsection{Identifying initial {\fgs}} \subsubsection{Summing Junction Integrator (SUMJINT)} -We next choose {\fgs}. The most obvious way to find initial {\fgs} is -to follow the signal path. The signal path is circular, but we can start -with the input voltage, which is applied via $R2$, we term this voltage $V_{in}$. % -The feedback voltage for the ADC is supplied via $R1$, we term this voltage as $V_{fb}$. +The next stage is to choose initial (base) {\fgs}. +% +The most obvious way to find initial {\fgs} is +to follow the signal path. +% +The signal path is circular, but can be started +with the input voltage, which is applied via $R2$, this voltage is labelled $V_{in}$. +% +The feedback voltage for the ADC is supplied via $R1$, this voltage is called $V_{fb}$. %The input voltage is supplied via $R2$ and we term this voltage as $V_{in}$. $R2$ and $R1$ form a summing junction to IC1: they balance the integrator provided by the capacitor C1 and the opamp IC1. -This can be our first {\fg} and we analyse it in table~\ref{detail:SUMJINT}: %{tbl:sumjint}. -%For the symptoms, we have to think in terms of the effect -%on its performance as a summing junction and not be -%distracted by the integrator formed by $C_1$ and $IC1$. +% +This can be the first {\fg} and it is analysed in table~\ref{detail:SUMJINT}: %{tbl:sumjint}. % $$FG = \{R1, R2, IC1, C1 \} .$$ - +% That is, the failure modes (see FMMD analysis at~\ref{detail:SUMJINT}) of our new {\dc} $SUMJINT$ are $$\{ V_{in} DOM, V_{fb} DOM, NO\_INTEGRATION, HIGH, LOW \} .$$ - +% %\clearpage - +% \subsubsection{High Impedance Signal Buffer (HISB)} - +% Next in the signal path (see figure~\ref{fig:sigmadeltablock}) is a signal buffer. +% This presents a high impedance to the circuit driving it. +% This prevents electrical loading, and thus interference with, the SUMJINT stage. +% This is simply an op-amp with the input connected to the +ve input and the -ve input grounded. -%% \end{table} -% % This is an OpAmp in a signal buffer configuration and therefore simply has the failure modes of an Op-amp. % -% -% \end{tabular} -% -% As it is performing one particular function -we may consider it as a derived component, that of a High Impedance Signal Buffer (HISB). -This is analysed using FMMD in section~\ref{detail:HISB}. +it can be considered as a {\dc} a High Impedance Signal Buffer (HISB). +% +This is analysed using FMMD in appendix~\ref{detail:HISB}. +% +The {\dc} $HISB$ is created and its failure modes stated as: +$$fm(HISB) = \{HIGH, LOW, NOOP, LOW_{SLEW} \}.$$ % -We create the {\dc} $HISB$ and its failure modes may be stated as: $$fm(HISB) = \{HIGH, LOW, NOOP, LOW_{SLEW} \}.$$ - \subsubsection{Digital level to analogue level conversion ($DL2AL$).} +% The integrator is implemented in analogue electronics, but the output from the D type flip flop is a digital signal. +% A conversion stage is required to interface these stages. +% Digital level to analogue level conversion is performed by IC3 in conjunction with a potential divider formed by R3,R4. +% The potential divider provides a mid rail reference voltage to the inverting input of IC3. - +% \paragraph{Potential divider formed by R3,R4.} -We re-use the analysis from table~\ref{tbl:pdfmea}, and use the derived component $PD$ -to represent the potential divider formed by R3 and R4. -%Because PD is a derived component, we can denote this -%by super-scripting it with its abstraction level of 1, thus $PD$. +The analysis from table~\ref{tbl:pdfmea} is re-used, i.e. the {\dc} $PD$ +represents the potential divider formed by R3 and R4. +% +% $$ fm(PD) = \{ HIGH, LOW \}. $$ @@ -1381,13 +1377,13 @@ $$fm(IC3) = \{ HIGH, LOW, NOOP, LOW\_SLEW \} . $$ The digital signal is supplied to the non-inverting input. The output is a voltage level in the analogue domain $-V$ or $+V$. % -We now form a {\fg} from $PD $ and $IC3$. +A {\fg} is formed from $PD $ and $IC3$. % -$$ FG = \{ PD , IC3 \} $$ +$$ FG = \{ PD , IC3 \} . $$ % -We now analyse this {\fg} (see section~\ref{detail:DL2AL}). - -$$ fm (DL2AL) = \{ LOW, HIGH, LOW\_{SLEW} \} $$ +This {\fg} is analysed (see appendix~\ref{detail:DL2AL}) giving: +% +$$ fm (DL2AL) = \{ LOW, HIGH, LOW\_{SLEW} \} . $$ %\clearpage @@ -1399,20 +1395,17 @@ $$ fm (DL2AL) = \{ LOW, HIGH, LOW\_{SLEW} \} $$ The digital element of the {\sd}, is a `one~bit~memory', or D type flip flop. This buffers the feedback result and provides the output bit stream. -We create a {\fg} from the CLOCK and IC4 to model this digital buffer, +% +A {\fg} is created from the CLOCK and IC4 {\dcs} to model this digital buffer, % $$FG = \{ IC4, CLOCK \} . $$ % % %% DIGBUF --- Digital Buffer % -We now analyse this {\fg} (see section~\ref{detail:DIGBUF}). -%in table~\ref{tbl:digbuf}. -% -% -We can now derive a new component to represent the digital buffer and call it $DIGBUF$, . -% +This {\fg} (see appendix~\ref{detail:DIGBUF}) is now analysed giving the {\dc} $DIGBUF$: % +where % $$ fm (DIGBUF) = \{ LOW, STOPPED \} . $$ % % @@ -1420,8 +1413,8 @@ $$ fm (DIGBUF) = \{ LOW, STOPPED \} . $$ % \subsection{First {\fgs} analysed} % -We have analysed the initial {\fgs} and -have created our first {\dcs}. %and can now take stock of the situation +The initial {\fgs} have been analysed giving +the first {\dcs}. %and can now take stock of the situation %and see what is now required. %Figure~\ref{fig:sigdel1} shows which {\fgs} we have analysed so far. %hierarchy has been built. @@ -1434,10 +1427,10 @@ These are: \item DIGBUF --- A digital one bit buffer/memory. \end{itemize} These {\dcs} follow the signal path shown in figure~\ref{fig:sigmadeltablock}. -We now use these {\dcs} to create higher level {\fgs}. -%to represent the failure mode -%behaviour of the $\Sigma \Delta ADC$. -We represent these in the Euler diagram in figure~\ref{fig:eulersd}. +% +These {\dcs} can now be used to create higher level {\fgs}. +% +These are represented in the Euler diagram in figure~\ref{fig:eulersd}. % They are later used to create {\fgs} to %from these initial {\dcs} make a complete failure mode for the {\sd}. @@ -1466,15 +1459,13 @@ make a complete failure mode for the {\sd}. % \subsubsection{Buffered Integrating Summing Junction (BISJ): {\fg} of $HISB$ and $SUMJINT$} % -We now form a {\fg} with the two derived components $HISB$ and $SUMJINT$. -This forms a buffered integrating summing junction. We analyse this using FMMD -(see section~\ref{detail:BISJ}). -%which we analyse in table~\ref{tbl:BISJ}. -We define this {\fg} thus: -$ FG = \{ HISB, SUMJINT \} .$ +A {\fg} with the two derived components $HISB$ and $SUMJINT$ is now created. % -Using the $fm$ function we define the failure modes of -our derived component BISJ thus: +This forms a buffered integrating summing junction {\fg} i.e. $ FG = \{ HISB, SUMJINT \} .$ +% +This is analysed using FMMD +(see appendix~\ref{detail:BISJ}) +giving the {\dc} $BISJ$: % $$ fm(BISJ) = \{ OUTPUT STUCK , REDUCED\_INTEGRATION \} . $$ % @@ -1490,28 +1481,27 @@ $$ fm(BISJ) = \{ OUTPUT STUCK , REDUCED\_INTEGRATION \} . $$ The {\fg} formed by $DIGBUF$ and $DL2AL$ takes the flip flop clocked and buffered value, and outputs it at analogue voltage levels for the summing junction. % -$ FG = \{ DIGBUF, DL2AL \} $ -% -We analyse the buffered flip flop circuitry (see table~\ref{detail:FFB}) -and create a {\dc} $FFB$, -where $$fm (FFB) = \{OUTPUT STUCK, LOW\_SLEW\} .$$ -%\clearpage +$ FG = \{ DIGBUF, DL2AL \} . $ + +The buffered flip flop circuitry is analysed (see appendix~\ref{detail:FFB}) +and the {\dc} $FFB$ created, +where: +$$fm (FFB) = \{OUTPUT STUCK, LOW\_SLEW\} .$$ + \subsection{Final, top level {\fg} for sigma delta Converter} % % -We now have two {\dcs}, $FFB$ and $BISJ$. +The FMMD model now has just two {\dcs}, $FFB$ and $BISJ$. +% These together represent all base components within this circuit. -We form a final {\fg} with these: +% +A final {\fg} is formed with these: $$ FG = \{ FFB , BISJ \} .$$ -We analyse the buffered {\sd} circuit using FMMD (see section~\ref{detail:SDADC}). -%in table~\ref{tbl:sdadc}. -% -% FFB^3 $\{OUTPUT STUCK, LOW\_SLEW\}$ -% BISJ^2 $\{ OUTPUT STUCK , REDUCED\_INTEGRATION \}$ -% -We now have a {\dc} $SDADC$ which provides a failure mode model for the \sd: + +The buffered {\sd} circuit is analysed using FMMD (see appendix~\ref{detail:SDADC}) giving +a {\dc} $SDADC$ which provides a failure mode model for the \sd: $$fm(SSDADC) = \{OUTPUT\_OUT\_OF\_RANGE, OUTPUT\_INCORRECT\} . $$ -We now show the final {\dc} hierarchy in figure~\ref{fig:eulersdfinal}. +The {\dc} hierarchy is shown in figure~\ref{fig:eulersdfinal}. % \begin{figure}[h] \centering @@ -1549,7 +1539,9 @@ We now show the final {\dc} hierarchy in figure~\ref{fig:eulersdfinal}. % The output from this is sent to the summing integrator as the signal summed with the input. \subsection{Conclusion} The {\sd} example, shows that FMMD can be applied to mixed digital and analogue circuitry: -which means the analogue/digital interface is also achieved. This +which means the analogue/digital interface is also achieved. +% +This leads onto interfacing to software and digital~systems in the next chapter. % % @@ -1571,14 +1563,15 @@ leads onto interfacing to software and digital~systems in the next chapter. %% %% STATS MOVED TO FUTURE WORK %% -For this example we look at an industry standard temperature measurement circuit, -the `four~wire~Pt100'. +For this example an industry standard temperature measurement circuit, +the `four~wire~Pt100', is examined. % The four wire Pt100 configuration is a commonly used -and is a well known safety critical circuit. +and well known safety critical circuit. % -Applying FMMD lets us look at this circuit in a fresh light. -We analyse this for both single and double failures, +Applying FMMD provides a fresh look at this established circuit. +% +It is analysed for both single and double failures, in addition it demonstrates FMMD coping with component parameter tolerances. % The circuit is described from a conventional safety perspective and then analysed using the FMMD methodology. @@ -1630,8 +1623,8 @@ The Pt100 four wire circuit uses two wires to supply a small electrical current, and returns two sense voltages by the other two. % By measuring voltages -from sections of this circuit forming potential dividers, we can determine the -resistance of the platinum wire sensor. +from sections of this circuit forming potential dividers, the +resistance of the platinum wire sensor can be determined. % The resistance of this is directly related to temperature, and may be determined by @@ -1647,7 +1640,7 @@ look-up tables~\cite{eurothermtables} or a suitable polynomial expression. \end{figure} % % -The voltage ranges we expect from this three stage potential divider\footnote{Two stages are required +The voltage ranges expected from this three stage potential divider\footnote{Two stages are required for validation, a third stage is used to measure the current flowing through the circuit to obtain accurate temperature readings.} are shown in figure \ref{fig:Pt100vrange}. @@ -1663,9 +1656,13 @@ and the higher as {\em sense+}. \paragraph{Accuracy despite variable resistance in cables.} For electronic and accuracy reasons, a four wire circuit is preferred -because of resistance in the cables. Resistance from the supply +because of resistance in the cables. +% +Resistance from the supply causes a slight voltage -drop in the supply to the $Pt100$. As no significant current +drop in the supply to the $Pt100$. +% +As no significant current is carried by the two `sense' lines, the resistance back to the ADC causes only a negligible voltage drop, and thus the four wire configuration is more accurate\footnote{The increased accuracy is because the voltage measured, is the voltage across @@ -1677,12 +1674,15 @@ The current flowing though the whole circuit can be measured on the PCB by reading a third sense voltage from one of the load resistors. Knowing the current flowing through the circuit -and knowing the voltage drop over the $Pt100$, we can calculate its -resistance by Ohms law $V=I.R$, $R=\frac{V}{I}$. -Thus a little loss of supply current due to resistance in the cables +and knowing the voltage drop over the $Pt100$, its +resistance is calculated by Ohms law $V=I.R$, $R=\frac{V}{I}$. +% +Thus a little loss of supply voltage due to resistance in the cables does not impinge on accuracy. +% The resistance to temperature conversion is achieved through the published $Pt100$ tables\cite{eurothermtables}. +% The standard voltage divider equations (see figure \ref{fig:vd} and equation \ref{eqn:vd}) can be used to calculate expected voltages for failure mode and temperature reading purposes. @@ -1738,16 +1738,20 @@ Resistors, are considered to fail by either going OPEN or SHORT (see section~\re %given resistors going open. For the purpose of this analyis; $R_{1}$ is the \ohms{2k2} from 5V to the thermistor, -$R_3$ is the Pt100 thermistor and $R_{2}$ connects the thermistor to ground. +$R_3$ is the Pt100 thermistor and $R_{2}$ \ohms{2k2} connects the thermistor to ground. -We can define the terms `High Fault' and `Low Fault' here, with reference to figure -\ref{fig:Pt100vrange}. Should we get a reading outside the safe green zone -in the diagram, we consider this a fault. +The terms `High Fault' and `Low Fault' are be defined here with reference to figure +\ref{fig:Pt100vrange}. +% +Should a reading be outside the safe green zone +in the diagram, it will be considered a fault. +% Should the reading be above its expected range, this is a `High Fault' and if below a `Low Fault'. - +% Table \ref{ptfmea} plays through the scenarios of each of the resistors failing in both SHORT and OPEN failure modes, and hypothesises an error condition in the readings. +% The range {0\oc} to {300\oc} will be analysed using potential divider equations to determine out of range voltage limits in section~\ref{sec:ptbounds}. @@ -1783,24 +1787,31 @@ and \ref{Pt100temp}. \paragraph{Consideration of Resistor Tolerance} \label{sec:resistortolerance} +% The separate sense lines ensure the voltage read over the Pt100 thermistor are not altered due to having to pass any significant current. +% The Pt100 element is a precision part and will be chosen for a specified accuracy/tolerance range. -One or other of the load resistors (the one we measure current over) should also +% +One or other of the load resistors (the one that current is measured over) should also be of this accuracy. The \ohms{2k2} loading resistors may be ordinary, in that they would have a good temperature co-efficient (typically $\leq \; 50(ppm)\Delta R \propto \Delta \oc $), and should be subjected to a narrow temperature range anyway, being mounted on a PCB. %\glossary{{PCB}{Printed Circuit Board}} +% To calculate the resistance of the Pt100 element % (and thus derive its temperature), -having the voltage over it, we now need the current. -Lets use, for the sake of example, $R_2$ to measure the current flowing in the temperature sensor loop. +having the voltage over it, the current flowing through it must be measured. +% +For the sake of example, let be used $R_2$ to measure the current flowing in the temperature sensor loop. +% As the voltage over $R_3$ is relative (a design feature to eliminate resistance effects of the cables), -we can calculate the current by reading -the voltage over the known resistor $R2$.\footnote{To calculate the resistance of the Pt100 we need the current flowing though it. -We can determine this via Ohms law applied to $R_2$, $V=IR$, $I=\frac{V}{R_2}$, -and then using $I$, we can calculate $R_{3} = \frac{V_{R3}}{I}$.} +the current can be calculated by reading +the voltage over the known resistor +$R2$.\footnote{To calculate the resistance of the Pt100 we need the current flowing though it. +This can be determined via Ohms law applied to $R_2$, $V=IR$, $I=\frac{V}{R_2}$, +and then using $I$, with $I$, $R_{3} = \frac{V_{R3}}{I}$.} As these calculations are performed by Ohms law, which is linear, the accuracy of the reading will be determined by the accuracy of $R_2$ and $R_{3}$. %It is reasonable to @@ -1810,31 +1821,39 @@ will be determined by the accuracy of $R_2$ and $R_{3}$. \label{Pt100temp} $Pt100$ resistors are designed to have a resistance of \ohms{100} at {0\oc} \cite{aoe},\cite{eurothermtables}. +% A suitable `wider than to be expected range' was considered to be {0\oc} to {300\oc} -for a given application. +for a given application. +% According to the Eurotherm Pt100 tables \cite{eurothermtables}, this corresponded to the resistances \ohms{100} -and \ohms{212.02} respectively. From this the potential divider circuit can be +and \ohms{212.02} respectively. +% +From this the potential divider circuit can be analysed and the maximum and minimum acceptable voltages determined. +% These can be used as bounds results to apply the findings from the -Pt100 FMEA analysis in section\ref{sec:Pt100floating}. %\ref{fmea}. +Pt100 FMEA analysis in section~\ref{sec:Pt100floating}. %\ref{fmea}. % As the Pt100 forms a potential divider with the \ohms{2k2} load resistors, -the upper and lower readings can be calculated thus: +the upper and lower readings are calculated thus: % % $$ highreading = 5V.\frac{2k2+Pt100}{2k2+2k2+pt100} $$ $$ lowreading = 5V.\frac{2k2}{2k2+2k2+Pt100} $$ +% So by defining an acceptable measurement/temperature range, and ensuring the -values are always within these bounds, we can be confident that none of the -resistors in this circuit has failed. +values are always within these bounds, there is confidence that none of the +resistors in this circuit have failed. +% % \label{sec:ptbounds} % To convert these to twelve bit ADC (\adctw) counts: % $$ highreading = 2^{12}.\frac{2k2+Pt100}{2k2+2k2+pt100} $$ +% $$ lowreading = 2^{12}.\frac{2k2}{2k2+2k2+Pt100} $$ % % @@ -1919,9 +1938,10 @@ and are thus enclosed by one contour each. % %ating input Fault This circuit supplies two results, the {\em sense+} and {\em sense-} voltage readings. +% To establish the valid voltage ranges for these, and knowing our -valid temperature range for this example ({0\oc} .. {300\oc}) we can calculate -valid voltage reading ranges by using the standard voltage divider equation \ref{eqn:vd} +valid temperature range for this example ({0\oc} .. {300\oc}) +valid voltage reading ranges can be calculated by using the standard voltage divider equation \ref{eqn:vd} for the circuit shown in figure \ref{fig:vd}. % % @@ -1929,12 +1949,15 @@ for the circuit shown in figure \ref{fig:vd}. % \paragraph{Proof of Out of Range Values for Failures} \label{pt110range} -Using the temperature ranges defined above we can compare the voltages -we would get from the resistor failures to prove that they are -`out~of~range'. There are six test cases and each will be examined in turn. +% +Using the temperature ranges defined above the voltages can be compared; +resistor failures would cause +`out~of~range' voltages. +% +There are six test cases and each will be examined in turn. % \subparagraph{ TC 1 : Voltages $R_1$ SHORT } -With Pt100 at 0\oc +With Pt100 at 0\oc: $$ highreading = 5V $$ Since the highreading or sense+ is directly connected to the 5V rail, both temperature readings will be 5V.. @@ -1955,7 +1978,7 @@ proscribed range in table \ref{ptbounds}. % \paragraph{ TC 3 : Voltages $R_2$ SHORT } % -With Pt100 at 0\oc +With Pt100 at 0\oc: $$ lowreading = 0V $$ Since the lowreading or sense- is directly connected to the 0V rail, both temperature readings will be 0V. @@ -2004,8 +2027,8 @@ resistor faults---that of---`voltage~out~of~range'. % In practical use, by defining an acceptable measurement/temperature range, and ensuring the -values are always within these bounds, we can be confident that none of the -resistors in this circuit has failed. +values are always within these bounds, there is confidence that none of the +resistors in this circuit have failed. % \ifthenelse{\boolean{pld}} { @@ -2056,15 +2079,14 @@ It can now be represented as a PLD see figure \ref{fig:Pt100_singlef}. %\clearpage \section{ Pt100 Double Simultaneous Fault Analysis} \label{sec:Pt100d} -In this section we examine the failure mode behaviour % for all single -%faults and -double simultaneous faults. +In this section the failure mode behaviour for the Pt100 is examined for double failures. +% Traditional FMEA methodologies do not provide double failure analysis~\cite{safeware}[p.342] and double failure analysis for FMEA is a subject of current research~\cite{FMEAmultiple653556,automatingFMEA1281774}. %Well, %This corresponds to the cardinality constrained powerset of one (see section~\ref{ccp}), of %the failure modes in the functional group. -All the single faults have been analysed in the last section. +All the single failures have been analysed in the last section. %For the next set of test cases, let us again hypothesise %the failure modes, and then examine each one in detail with %potential divider equation proofs. @@ -2115,11 +2137,11 @@ TC 18: & $R_2$ SHORT $R_3$ SHORT & low & low & Both out of Rang This double fault mode produces an interesting symptom. Both sense lines are floating. % -We cannot know what the {\adctw} readings on them will be. +The {\adctw} readings on them cannot be predicted. % In practise these would probably float to low or high values but for the purpose of a safety critical analysis, -all we can say is that the values are `floating' and `unknown'. +all that can be stated is that the values are `floating' and `unknown'. % This is an interesting case, because it is, at this stage an undetectable %---or unobservable--- fault. @@ -2199,8 +2221,9 @@ Both values will be out of range. { \subsection{Double Faults Represented on a PLD Diagram} % -We can show the test cases on a diagram with the double faults residing on regions +The test cases are shown on a diagram with the double faults residing on regions corresponding to overlapping contours see figure \ref{fig:plddouble}. +% Thus $TC\_18$ will be enclosed by the $R2\_SHORT$ contour and the $R3\_SHORT$ contour. % % @@ -2212,7 +2235,7 @@ Thus $TC\_18$ will be enclosed by the $R2\_SHORT$ contour and the $R3\_SHORT$ co \label{fig:plddouble} \end{figure} % -We use equation \ref{eqn:correctedccps2} to verify complete coverage for +Equation \ref{eqn:correctedccps2} is used to verify complete coverage for a given cardinality constraint is not visually obvious. % From the diagram it is easy to verify @@ -2224,16 +2247,20 @@ not that all for a given cardinality constraint have been included. % \paragraph{Symptom Extraction} % -We can now examine the results of the test case analysis and apply symptom abstraction. -In all the test case results we have at least one out of range value, except for +The results of the test case analysis can now be examined and symptom abstraction applied. +% +In all the test case results there is at least one out of range value, except for $TC\_7$ -which has two unknown values/floating readings. We can collect all the faults, except $TC\_7$, +which has two unknown values/floating readings. +% +All the faults, except $TC\_7$, are aggregated into the symptom $OUT\_OF\_RANGE$. +% As a symptom $TC\_7$ could be described as $FLOATING$. % \ifthenelse{\boolean{pld}} { -We can thus draw a PLD diagram representing the +A PLD diagram can be drawn representing the failure modes of this functional~group, the Pt100 circuit from the perspective of double simultaneous failures, in figure \ref{fig:Pt100_doublef}. % @@ -2268,62 +2295,13 @@ It can now be represented as a PLD see figure \ref{fig:Pt100_doublef}. { } % -% -% -% The resistors R1, R2 form a summing junction -% to the negative input of IC1. -% Using the earlier definition for resistor failure modes, -% $fm(R)= \{OPEN, SHORT\}$, we analyse the summing junction -% in table~\ref{tbl:sumjunct} below. -% -% \begin{table}[h+] -% \caption{Summing Junction: Failure Mode Effects Analysis: Single Faults} % title of Table -% \label{tbl:sumjunct} -% -% \begin{tabular}{|| l | l | c | c | l ||} \hline -% \textbf{Failure Scenario} & & \textbf{Summing} & & \textbf{Symptom} \\ -% & & \textbf{Junction} & & \\ -% \hline -% FS1: R1 SHORT & & R1 input dominates & & $R1\_IN\_DOM$ \\ \hline -% FS2: R1 OPEN & & R2 input dominates & & $R2\_IN\_DOM$ \\ \hline -% FS3: R2 SHORT & & R2 input dominates & & $R2\_IN\_DOM$ \\ \hline -% FS4: R2 OPEN & & R1 input dominates & & $R1\_IN\_DOM$ \\ \hline -% -% \hline -% -% \end{tabular} -% \end{table} -% % PHS45 -% -% This summing junction fails with two symptoms. We create a {\dc} called $SUMJUNCT$ and we can state, -% $$fm(SUMJUNCT) = \{ R1\_IN\_DOM, R2\_IN\_DOM \} $$. -% -% -%The D type flip flop -% -%\subsection{FMMD Process applied to $\Sigma \Delta $ADC}. -% -%T%he block diagram in figure~\ref{fig -% -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - - - - - - - - - - - - - - - - - - - +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \ No newline at end of file