robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Evening edit after work...

Browse Source
This commit is contained in:
Robin Clark 2011-01-17 18:37:31 +00:00
parent 554f584203
commit 3d1bb83b25
1 changed files with 30 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
fmmd_concept/fmmd_concept.tex
View File

@ -98,7 +98,7 @@ of analysis.
The FMMD
methodology provides a detailed, hierarchical, incremental and analytical
modelling system which will create a failure mode model from which
the data models from FTA, FMEA, FMECA and FMEDA % (the statistical approach)
the data models for FTA, FMEA, FMECA and FMEDA % (the statistical approach)
can be
derived. % if required.
An FMMD model is effectively a super set of all the four traditional models.
@ -106,10 +106,10 @@ It also focuses on component interaction within the model,
something not formally considered in the four established methodologies.
%
In addition it applies rigorous checking in all the analysis stages
ensuring that all component failure modes must be considered in the model.
ensuring that \textbf{all} component failure modes must be considered in the model.
%
\paragraph{FMMD Process outline.}
\paragraph{FMMD process outline.}
This methodology has been named Failure Mode Modular De-composition (FMMD)
because it decomposes a SYSTEM into a hierarchy of modules or {\dc}s.
This
@ -123,7 +123,7 @@ chapter
presents the design considerations that motivated and provided the specification for
the FMMD methodology.
%
It first reviews the four traditional
Firstly it briefly reviews the four traditional
static failure mode analysis methodologies and
lists their known weaknesses. A wish list is then drawn up
addressing these weaknesses and adding some extra requirements.
@ -146,7 +146,8 @@ at higher levels of analysis, until we have a complete
hierarchy representing the failure behaviour of the SYSTEM.
%
Because all the failure modes of all the components
are held in a computer program, we can determine if the model is complete
are held in a computer program, we can determine if the model has complete coverage
for component failure modes
(i.e. all component failure modes have been included in the model).
@ -214,15 +215,16 @@ Or we may have a mechanical device that has a different
failure mode behaviour for say, different ambient pressures or temperatures.
If $E$ is the number of applied states or environmental conditions to consider
in a system, the job of the bottom-up analyst is presented with an
in a system, and $A$ the number of applied states,
the job of the bottom-up analyst is presented with two
additional %cross product
factor,
$(N-1) \times N \times K \times E$.
factors,
$(N-1) \times N \times K \times E \times A$.
If we put some typical very small embedded system numbers\footnote{these figures would
be typical of a very simple temperature controller, with a micro-controller sensor
and heater circuit.} into this, say $N=100$, $K=2.5$ and $E=10$
we have $99 \times 100 \times 2.5 \times 10 = 247500 $.
To look in detail at a quarter of a million test cases is obviously impractical.
and heater circuit.} into this, say $N=100$, $K=2.5$, $A=2$, and $E=10$
we have $99 \times 100 \times 2.5 \times 10 \times 2 = 495000 $.
To look in detail at a half of a million test cases is obviously impractical.
If we were to consider multiple simultaneous failure modes,
we have yet another cross product of checks to be performed.
@ -306,7 +308,7 @@ Consider an unused feature failing.}. Muliplying these
together,
gives a risk probability number (RPN), given by $RPN = S \times O \times D$.
This gives in effect
a prioritised `todo list', with higher $RPN$ values being the most urgent.
a prioritised `to~do~list', with higher $RPN$ values being the most urgent.
\subsubsection{ FMEA weaknesses }
@ -379,7 +381,7 @@ makes the factor less statistically reliable.
Failure Modes, Effects, and Diagnostic Analysis (FMEDA)
% This
is a process that takes all the components in a system,
and using the failure modes of those components; the investigating engineer
and using the failure modes of those components, the investigating engineer
ties them to possible SYSTEM level events/failure modes.
%
This technique
@ -727,8 +729,12 @@ to SYSTEM level errors.
The problem with this is that the base component failure mode under investigation,
are not rigorously examined in relation to functionally adjacent components.
%
Thus there is the `possibility to miss failure mode effects
at the much higher SYSTEM level' criticism of the FTA, FMEDA and FMECA methodologies.
If failures modes could be collected and simplified somehow
at each stage in a hierarchy of {\fgs}, the functionally adjacent
ideal would be met, and as we progress up the hierarchy the number
of failure modes should decrease.
%Thus there is the `possibility to miss failure mode effects
%at the much higher SYSTEM level' criticism of the FTA, FMEDA and FMECA methodologies.
%%%
%%% OK Got up to here Lunchtime edit 06DEC2010.............
@ -807,7 +813,7 @@ In this way as we build the hierarchy, we naturally abstract the
failure mode behaviour, but can check that all failure modes in
the hierarchy have been considered and tied to causing symptoms.
\paragraph{Design Decision: Derived components can be determined from functional groups}
\paragraph{Design Decision: Derived components must be determined from functional groups.}
The symptoms obtained from analysing a {\fg} will be used as the `failure~modes'
of its corresponding {\dc}.
@ -839,7 +845,7 @@ With the results from the test cases we will now have the ways in which the
We can refine this further, by grouping the common symptoms, or results that
are the same failure {\wrt} the {\fg}.
%
We can now treat the {\fg} as a component, and call it a {\dc}, in other words, a sub-system with a known set of failure modes.
We can now treat the {\fg} as a component, and create a corresponding {\dc}: in other words, a `sub-system' with a known set of failure modes.
%
We can now create a new/{\dc} and assign it these common symptoms
as its failure modes.
@ -847,7 +853,7 @@ as its failure modes.
This {\dc} can be used to build higher level
{\fg}s, and this will naturally form a hierarchy.
This hierarchy can be extended until it encompasses
an entire system.
an entire SYSTEM.
%
It can be considered complete when
all failure modes from all components are included in the model
@ -902,7 +908,7 @@ A derived component when created must always have a greater $\alpha$ value than
of the components included in the {\fg} from which it was derived.
\paragraph{Natural Reduction in number of failure modes with abstraction level}
\paragraph{Natural Reduction in number of failure modes with abstraction level.}
%
Because common symptoms are being collected, as we build the tree upward
the number of failure modes decreases (or exceptionally stays the same)
@ -1128,11 +1134,6 @@ at each FMMD stage.
Where appropriate, multiple simultaneous failures can be modelled by
introducing test~cases where the conjunction of failure modes is considered.
\subsubsection {Inhibit Conditions}
Some failure modes only occur when another failure has occurred, or
due to an environmental condition reaching a critical value. This is specifically
dealt with using the FTA methodology~\cite{nucfta}[IV 9].
An example FTA inhibit gate is shown in figure \ref{fig:inhibitconcept}.
\begin{figure}
\centering
@ -1173,6 +1174,11 @@ An example FTA inhibit gate is shown in figure \ref{fig:inhibitconcept}.
\label{fig:inhibitconcept}
\end{figure}
\subsubsection {Inhibit Conditions}
Some failure modes only occur when another failure has occurred, or
due to an environmental condition reaching a critical value. This is specifically
dealt with using the FTA methodology~\cite{nucfta}[IV 9].
An example FTA inhibit gate is shown in figure \ref{fig:inhibitconcept}.
\paragraph{Static or Dynamic Modelling of Inhibit}
If the model is static we can consider the conditional failure,
at a lower probability of occurring (i.e. the probability