OK prob final version....
This commit is contained in:
Robin Clark
parent
70292305a6
commit
3b897e85d2
@ -52,8 +52,8 @@
|
|||||||
\begin{frame}
|
\begin{frame}
|
||||||
\frametitle{FMEA}
|
\frametitle{FMEA}
|
||||||
We now talk about Failure Mode Effects Analysis, and the different ways it is applied.
|
We now talk about Failure Mode Effects Analysis, and the different ways it is applied.
|
||||||
These techniques are discussed, and then
|
%These techniques are discussed, and then
|
||||||
a refinement(FMMD) is proposed, which is essentially a modularisation of the FMEA process.
|
%a refinement(FMMD) is proposed, which is essentially a modularisation of the FMEA process.
|
||||||
%
|
%
|
||||||
|
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
@ -596,7 +596,7 @@ judged to be in critical sections of the product.
|
|||||||
|
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\pause \item FMEA type methodologies were designed for simple electro-mechanical systems of the 1940's to 1960's.
|
\pause \item FMEA type methodologies were designed for simple electro-mechanical systems of the 1940's to 1960's.
|
||||||
\pause \item Reasoning Distance - component failure to system level symptom
|
\pause \item Reasoning Distance - component failure to system level symptom : \pause Software controlled systems have another layer of reasoning distance
|
||||||
\pause \item State explosion - impossible to perform rigorously
|
\pause \item State explosion - impossible to perform rigorously
|
||||||
\pause \item Difficult to re-use previous analysis work
|
\pause \item Difficult to re-use previous analysis work
|
||||||
\pause \item Very Difficult to model simultaneous failures.
|
\pause \item Very Difficult to model simultaneous failures.
|
||||||
@ -617,8 +617,8 @@ judged to be in critical sections of the product.
|
|||||||
|
|
||||||
\pause \item State explosion
|
\pause \item State explosion
|
||||||
\pause \item Rigorous (total coverage)
|
\pause \item Rigorous (total coverage)
|
||||||
\pause \item Reasoning Traceable
|
\pause \item Reasoning Traceable \pause ideally across disciplines \pause Mechanical \pause Electrical \pause Software
|
||||||
\pause \item Re-useable
|
\pause \item Re-usable
|
||||||
\pause \item Simultaneous failures
|
\pause \item Simultaneous failures
|
||||||
%\pause \item
|
%\pause \item
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
@ -1071,7 +1071,7 @@ missed in an analysis.
|
|||||||
\pause \item SFMEA maps variable corruption for {\fms} ---
|
\pause \item SFMEA maps variable corruption for {\fms} ---
|
||||||
\pause this means a large number of combinations --- \pause automated SFMEA
|
\pause this means a large number of combinations --- \pause automated SFMEA
|
||||||
\pause databases
|
\pause databases
|
||||||
\pause tracking the relationships between variable corruption
|
tracking the relationships between variable corruption
|
||||||
and system failure modes
|
and system failure modes
|
||||||
%\pause \item %Because of the large number of combinations for considering all variables as corruptible
|
%\pause \item %Because of the large number of combinations for considering all variables as corruptible
|
||||||
% automated SFMEA
|
% automated SFMEA
|
||||||
@ -1150,7 +1150,7 @@ in a clear and modular model.
|
|||||||
\end{figure}
|
\end{figure}
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\pause \item Pre condition violations are analogous to component failure modes
|
\pause \item Pre condition violations are analogous to component failure modes
|
||||||
\pause \item Post condition violations are analogous to symptoms of failure of the function \pause derived component failure modes
|
\pause \item Post condition violations are analogous to symptoms of failure of the function \pause i.e. the derived component failure modes
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
|
|
||||||
\end{frame}
|
\end{frame}
|
||||||
@ -1225,7 +1225,8 @@ General Failure behaviour of {\ft} signalling
|
|||||||
\pause
|
\pause
|
||||||
Yourdon, afferent---transform---efferent data flow, in an embedded system our
|
Yourdon, afferent---transform---efferent data flow, in an embedded system our
|
||||||
sensors---data processing/software---actuators.
|
sensors---data processing/software---actuators.
|
||||||
So the electronics are the bottom.
|
\pause
|
||||||
|
So the electronics are the below software in a modular hierarchy....
|
||||||
|
|
||||||
|
|
||||||
\end{frame}
|
\end{frame}
|
||||||
@ -1350,9 +1351,9 @@ We must now look at the software.
|
|||||||
\caption{Context Diagram for {\ft} loop}
|
\caption{Context Diagram for {\ft} loop}
|
||||||
\label{fig:ftcontext}
|
\label{fig:ftcontext}
|
||||||
\end{figure}
|
\end{figure}
|
||||||
We consider two software functions, $ fm(Read\_ADC) = \{ CHAN\_NO, VREF \} $ which is called by
|
We consider two software functions, $Read\_ADC()$ which returns a value from the ADC, which is called by
|
||||||
$ fm(read\_4\_20\_input) = \{ VRNGE \} .$ \pause
|
$ Read\_4\_20\_input() .$ which returns a pro-mil value for the input. \pause
|
||||||
As $Read\_ADC$ is the function called it is lower in the call tree hierarchy. \pause
|
As $Read\_ADC$ is the function called it is lower in the call tree hierarchy. \pause
|
||||||
We form a {\fg} with $CMATV$ and this software function.
|
We form a {\fg} with $CMATV$ and this software function.
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
@ -1363,7 +1364,7 @@ We form a {\fg} with $CMATV$ and this software function.
|
|||||||
\frametitle{FMMD - Example integrated hardware/software system --- {\ft} input}
|
\frametitle{FMMD - Example integrated hardware/software system --- {\ft} input}
|
||||||
\begin{figure}[h]
|
\begin{figure}[h]
|
||||||
\centering
|
\centering
|
||||||
\includegraphics[width=120pt]{./read_adc.jpg}
|
\includegraphics[width=140pt]{./read_adc.jpg}
|
||||||
% read_adc.jpg: 452x514 pixel, 96dpi, 11.96x13.60 cm, bb=0 0 339 386
|
% read_adc.jpg: 452x514 pixel, 96dpi, 11.96x13.60 cm, bb=0 0 339 386
|
||||||
\caption{Software Function: \textbf{read\_ADC}}
|
\caption{Software Function: \textbf{read\_ADC}}
|
||||||
\label{fig:read_ADC()}
|
\label{fig:read_ADC()}
|
||||||
@ -1426,6 +1427,7 @@ Pre-conditions
|
|||||||
We could term the failure modes of this function as
|
We could term the failure modes of this function as
|
||||||
\{ ADC\_TIMEOUT\_OCCURS, INCORRECT\_MUX\_CHAN, INCORRECT\_VREF \}
|
\{ ADC\_TIMEOUT\_OCCURS, INCORRECT\_MUX\_CHAN, INCORRECT\_VREF \}
|
||||||
\pause
|
\pause
|
||||||
|
\\
|
||||||
We now create a {\fg} called RADC consisting of read\_ADC() and the hardware it interface directly with: CMATV.
|
We now create a {\fg} called RADC consisting of read\_ADC() and the hardware it interface directly with: CMATV.
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
@ -1501,7 +1503,7 @@ We now create a {\fg} called RADC consisting of read\_ADC() and the hardware it
|
|||||||
\begin{frame}
|
\begin{frame}
|
||||||
\begin{figure}[h]
|
\begin{figure}[h]
|
||||||
\centering
|
\centering
|
||||||
\includegraphics[width=160pt]{./read_4_20_input.jpg}
|
\includegraphics[width=200pt]{./read_4_20_input.jpg}
|
||||||
% read_4_20_input.jpg: 452x514 pixel, 96dpi, 11.96x13.60 cm, bb=0 0 339 386
|
% read_4_20_input.jpg: 452x514 pixel, 96dpi, 11.96x13.60 cm, bb=0 0 339 386
|
||||||
\caption{Read 4 to 20mA input function}
|
\caption{Read 4 to 20mA input function}
|
||||||
\label{fig:read_4_20_input}
|
\label{fig:read_4_20_input}
|
||||||
@ -1524,7 +1526,7 @@ We now create a {\fg} called RADC consisting of read\_ADC() and the hardware it
|
|||||||
|
|
||||||
This function has one pre-condition, the voltage range ($0.88V \leftrightarrow 4.4V$)
|
This function has one pre-condition, the voltage range ($0.88V \leftrightarrow 4.4V$)
|
||||||
and one postcondition {\ft} current mapped to per-mil integer output.
|
and one postcondition {\ft} current mapped to per-mil integer output.
|
||||||
|
\pause
|
||||||
We could term the failure mode of this function, voltage out of range, as
|
We could term the failure mode of this function, voltage out of range, as
|
||||||
\{ VRNGE \}.
|
\{ VRNGE \}.
|
||||||
|
|
||||||
@ -1548,7 +1550,7 @@ We could term the failure mode of this function, voltage out of range, as
|
|||||||
1: $RI_{VRGE}$ & voltage & $OUT\_OF\_$ \\
|
1: $RI_{VRGE}$ & voltage & $OUT\_OF\_$ \\
|
||||||
& outside range & $RANGE$ \\ \hline
|
& outside range & $RANGE$ \\ \hline
|
||||||
|
|
||||||
2: $RADC_{VV_ERR}$ & voltage & $VAL\_ERR$ \\
|
2: $RADC_{VV\_ERR}$ & voltage & $VAL\_ERR$ \\
|
||||||
& incorrect & \\ \hline
|
& incorrect & \\ \hline
|
||||||
|
|
||||||
|
|
||||||
@ -1596,10 +1598,11 @@ $$fm(R420I) = \{OUT\_OF\_RANGE, VAL\_ERR\} .$$
|
|||||||
\pause \item Each {\fg} to {\dc} transition represents a documented
|
\pause \item Each {\fg} to {\dc} transition represents a documented
|
||||||
reasoning stage.
|
reasoning stage.
|
||||||
\pause \item Unlike SFMEA software failure modes naturally link with hardware failure modes
|
\pause \item Unlike SFMEA software failure modes naturally link with hardware failure modes
|
||||||
\pause \item Added efficiency benefits
|
\pause \item Added efficiency benefits\pause---smaller reasoning distances\pause---less checking for RFMEA
|
||||||
\pause \item Additionally, using FMMD we can determine a failure model for the hardware/software interface~\cite{sfmeainterface}.
|
\pause \item Additionally, using FMMD we can determine a failure model for the hardware/software interface.%~\cite{sfmeainterface}.
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
|
\end{frame}
|
||||||
|
\begin{frame}
|
||||||
|
|
||||||
Questions ?
|
Questions ?
|
||||||
%The FMMD method has been demonstrated using the industry standard {\ft}
|
%The FMMD method has been demonstrated using the industry standard {\ft}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user