From 3b897e85d2125ebbf53f895fe2185852e73d6d40 Mon Sep 17 00:00:00 2001
From: Robin Clark <R.P.Clark@brighton.ac.uk>
Date: Mon, 8 Oct 2012 21:44:04 +0100
Subject: [PATCH] OK prob final version....

---
 .../System_safety_2012/fmmd_software_pres.tex | 39 ++++++++++---------
 1 file changed, 21 insertions(+), 18 deletions(-)

diff --git a/presentations/System_safety_2012/fmmd_software_pres.tex b/presentations/System_safety_2012/fmmd_software_pres.tex
index b8f6aec..4f3ed15 100644
--- a/presentations/System_safety_2012/fmmd_software_pres.tex
+++ b/presentations/System_safety_2012/fmmd_software_pres.tex
@@ -52,8 +52,8 @@
 \begin{frame}
 \frametitle{FMEA}
 We now talk about Failure Mode Effects Analysis, and the different ways it is applied.
-These techniques are discussed, and then
-a refinement(FMMD) is proposed, which is essentially a modularisation of the FMEA process.
+%These techniques are discussed, and then
+%a refinement(FMMD) is proposed, which is essentially a modularisation of the FMEA process.
 %
 
 \begin{itemize}
@@ -596,7 +596,7 @@ judged to be in critical sections of the product.
 
 \begin{itemize}
   \pause \item FMEA type methodologies were designed for simple electro-mechanical systems of the 1940's to 1960's.
-  \pause \item Reasoning Distance - component failure to system level symptom
+  \pause \item Reasoning Distance - component failure to system level symptom : \pause Software controlled systems have another layer of reasoning distance
   \pause \item State explosion - impossible to perform rigorously
   \pause \item Difficult to re-use previous analysis work
   \pause \item Very Difficult to model simultaneous failures.
@@ -617,8 +617,8 @@ judged to be in critical sections of the product.
   
    \pause \item State explosion  
   \pause \item  Rigorous (total coverage)
-   \pause \item Reasoning Traceable  
-   \pause \item Re-useable
+   \pause \item Reasoning Traceable  \pause ideally across disciplines \pause Mechanical \pause Electrical \pause Software
+   \pause \item Re-usable
  \pause \item Simultaneous failures
   %\pause \item  
 \end{itemize}
@@ -1071,7 +1071,7 @@ missed in an analysis.
   \pause \item SFMEA maps variable corruption for {\fms} ---
   \pause this means a large number of combinations ---  \pause automated SFMEA 
   \pause databases
-  \pause tracking the relationships between variable corruption 
+   tracking the relationships between variable corruption 
 and system failure modes
   %\pause \item %Because of the large number of combinations for considering all variables as corruptible
     % automated SFMEA 
@@ -1150,7 +1150,7 @@ in a clear and modular model.
 \end{figure}
 \begin{itemize}
   \pause \item Pre condition violations are analogous to component failure modes
-  \pause \item Post condition violations are analogous to symptoms of failure of the function \pause derived component failure modes
+  \pause \item Post condition violations are analogous to symptoms of failure of the function \pause i.e. the derived component failure modes
 \end{itemize}
 
 \end{frame}
@@ -1225,7 +1225,8 @@ General Failure behaviour of {\ft} signalling
  \pause
  Yourdon, afferent---transform---efferent data flow, in an embedded system our
  sensors---data processing/software---actuators.
- So the electronics are the bottom.
+ \pause
+ So the electronics are the below software in a modular hierarchy....
  
  
 \end{frame}
@@ -1350,9 +1351,9 @@ We must now look at the software.
  \caption{Context Diagram for {\ft} loop}
  \label{fig:ftcontext}
 \end{figure}
-We consider two software functions, $ fm(Read\_ADC) = \{ CHAN\_NO, VREF \} $ which is called by
-$ fm(read\_4\_20\_input) = \{ VRNGE \} .$ \pause
-As $Read\_ADC$ is the function called it is lower in the call tree hierarchy. \pause
+We consider two software functions, $Read\_ADC()$ which returns a value from the ADC, which is called by
+$  Read\_4\_20\_input()  .$ which returns a pro-mil value for the input. \pause
+As $Read\_ADC$ is the function called   it is lower in the call tree hierarchy. \pause
 We form a {\fg} with $CMATV$ and this software function.
 \end{frame}
 
@@ -1363,7 +1364,7 @@ We form a {\fg} with $CMATV$ and this software function.
  \frametitle{FMMD - Example integrated hardware/software system --- {\ft} input}
 \begin{figure}[h]
  \centering
- \includegraphics[width=120pt]{./read_adc.jpg}
+ \includegraphics[width=140pt]{./read_adc.jpg}
  % read_adc.jpg: 452x514 pixel, 96dpi, 11.96x13.60 cm, bb=0 0 339 386
  \caption{Software Function: \textbf{read\_ADC}}
  \label{fig:read_ADC()}
@@ -1426,6 +1427,7 @@ Pre-conditions
 We could term the failure modes of this function as
  \{ ADC\_TIMEOUT\_OCCURS, INCORRECT\_MUX\_CHAN, INCORRECT\_VREF \} 
 \pause
+\\
 We now create a {\fg} called RADC consisting of read\_ADC() and the hardware it interface directly with: CMATV.
 \end{frame}
 
@@ -1501,7 +1503,7 @@ We now create a {\fg} called RADC consisting of read\_ADC() and the hardware it
 \begin{frame}
  \begin{figure}[h]
  \centering
- \includegraphics[width=160pt]{./read_4_20_input.jpg}
+ \includegraphics[width=200pt]{./read_4_20_input.jpg}
  % read_4_20_input.jpg: 452x514 pixel, 96dpi, 11.96x13.60 cm, bb=0 0 339 386
  \caption{Read 4 to 20mA input function}
  \label{fig:read_4_20_input}
@@ -1524,7 +1526,7 @@ We now create a {\fg} called RADC consisting of read\_ADC() and the hardware it
 
 This function has one pre-condition, the voltage range ($0.88V \leftrightarrow 4.4V$)
 and one postcondition {\ft} current mapped to per-mil integer output.
-
+\pause
 We could term the failure mode of this function, voltage out of range,  as
  \{ VRNGE \}.
  
@@ -1548,7 +1550,7 @@ We could term the failure mode of this function, voltage out of range,  as
     1: $RI_{VRGE}$           &  voltage     &      $OUT\_OF\_$       \\  
                                 & outside range    &    $RANGE$             \\ \hline 
 
-     2: $RADC_{VV_ERR}$          &  voltage           &    $VAL\_ERR$          \\ 
+     2: $RADC_{VV\_ERR}$          &  voltage           &    $VAL\_ERR$          \\ 
                              &  incorrect         &                   \\    \hline   
 
  
@@ -1596,10 +1598,11 @@ $$fm(R420I) = \{OUT\_OF\_RANGE, VAL\_ERR\} .$$
  \pause \item Each {\fg} to {\dc} transition represents a documented
 reasoning stage. 
  \pause \item Unlike SFMEA software failure modes naturally link with hardware failure modes
- \pause \item Added efficiency benefits
- \pause \item Additionally, using FMMD we can determine a failure model for the hardware/software interface~\cite{sfmeainterface}.
+ \pause \item Added efficiency benefits\pause---smaller reasoning distances\pause---less checking for RFMEA
+ \pause \item Additionally, using FMMD we can determine a failure model for the hardware/software interface.%~\cite{sfmeainterface}.
 \end{itemize}
-
+\end{frame}
+\begin{frame}
 
 Questions ?
 %The FMMD method has been demonstrated using the industry standard {\ft}