From 3d1bb83b25c1f8c71d76c0d2d68db2f67b7714a2 Mon Sep 17 00:00:00 2001 From: Robin Clark Date: Mon, 17 Jan 2011 18:37:31 +0000 Subject: [PATCH] Evening edit after work... --- fmmd_concept/fmmd_concept.tex | 54 +++++++++++++++++++---------------- 1 file changed, 30 insertions(+), 24 deletions(-) diff --git a/fmmd_concept/fmmd_concept.tex b/fmmd_concept/fmmd_concept.tex index f94e9dd..a31ef63 100644 --- a/fmmd_concept/fmmd_concept.tex +++ b/fmmd_concept/fmmd_concept.tex @@ -98,7 +98,7 @@ of analysis. The FMMD methodology provides a detailed, hierarchical, incremental and analytical modelling system which will create a failure mode model from which -the data models from FTA, FMEA, FMECA and FMEDA % (the statistical approach) +the data models for FTA, FMEA, FMECA and FMEDA % (the statistical approach) can be derived. % if required. An FMMD model is effectively a super set of all the four traditional models. @@ -106,10 +106,10 @@ It also focuses on component interaction within the model, something not formally considered in the four established methodologies. % In addition it applies rigorous checking in all the analysis stages -ensuring that all component failure modes must be considered in the model. +ensuring that \textbf{all} component failure modes must be considered in the model. % -\paragraph{FMMD Process outline.} +\paragraph{FMMD process outline.} This methodology has been named Failure Mode Modular De-composition (FMMD) because it decomposes a SYSTEM into a hierarchy of modules or {\dc}s. This @@ -123,7 +123,7 @@ chapter presents the design considerations that motivated and provided the specification for the FMMD methodology. % -It first reviews the four traditional +Firstly it briefly reviews the four traditional static failure mode analysis methodologies and lists their known weaknesses. A wish list is then drawn up addressing these weaknesses and adding some extra requirements. @@ -146,7 +146,8 @@ at higher levels of analysis, until we have a complete hierarchy representing the failure behaviour of the SYSTEM. % Because all the failure modes of all the components -are held in a computer program, we can determine if the model is complete +are held in a computer program, we can determine if the model has complete coverage +for component failure modes (i.e. all component failure modes have been included in the model). @@ -214,15 +215,16 @@ Or we may have a mechanical device that has a different failure mode behaviour for say, different ambient pressures or temperatures. If $E$ is the number of applied states or environmental conditions to consider -in a system, the job of the bottom-up analyst is presented with an +in a system, and $A$ the number of applied states, +the job of the bottom-up analyst is presented with two additional %cross product -factor, -$(N-1) \times N \times K \times E$. +factors, +$(N-1) \times N \times K \times E \times A$. If we put some typical very small embedded system numbers\footnote{these figures would be typical of a very simple temperature controller, with a micro-controller sensor -and heater circuit.} into this, say $N=100$, $K=2.5$ and $E=10$ -we have $99 \times 100 \times 2.5 \times 10 = 247500 $. -To look in detail at a quarter of a million test cases is obviously impractical. +and heater circuit.} into this, say $N=100$, $K=2.5$, $A=2$, and $E=10$ +we have $99 \times 100 \times 2.5 \times 10 \times 2 = 495000 $. +To look in detail at a half of a million test cases is obviously impractical. If we were to consider multiple simultaneous failure modes, we have yet another cross product of checks to be performed. @@ -306,7 +308,7 @@ Consider an unused feature failing.}. Muliplying these together, gives a risk probability number (RPN), given by $RPN = S \times O \times D$. This gives in effect -a prioritised `todo list', with higher $RPN$ values being the most urgent. +a prioritised `to~do~list', with higher $RPN$ values being the most urgent. \subsubsection{ FMEA weaknesses } @@ -379,7 +381,7 @@ makes the factor less statistically reliable. Failure Modes, Effects, and Diagnostic Analysis (FMEDA) % This is a process that takes all the components in a system, -and using the failure modes of those components; the investigating engineer +and using the failure modes of those components, the investigating engineer ties them to possible SYSTEM level events/failure modes. % This technique @@ -727,8 +729,12 @@ to SYSTEM level errors. The problem with this is that the base component failure mode under investigation, are not rigorously examined in relation to functionally adjacent components. % -Thus there is the `possibility to miss failure mode effects -at the much higher SYSTEM level' criticism of the FTA, FMEDA and FMECA methodologies. +If failures modes could be collected and simplified somehow +at each stage in a hierarchy of {\fgs}, the functionally adjacent +ideal would be met, and as we progress up the hierarchy the number +of failure modes should decrease. +%Thus there is the `possibility to miss failure mode effects +%at the much higher SYSTEM level' criticism of the FTA, FMEDA and FMECA methodologies. %%% %%% OK Got up to here Lunchtime edit 06DEC2010............. @@ -807,7 +813,7 @@ In this way as we build the hierarchy, we naturally abstract the failure mode behaviour, but can check that all failure modes in the hierarchy have been considered and tied to causing symptoms. -\paragraph{Design Decision: Derived components can be determined from functional groups} +\paragraph{Design Decision: Derived components must be determined from functional groups.} The symptoms obtained from analysing a {\fg} will be used as the `failure~modes' of its corresponding {\dc}. @@ -839,7 +845,7 @@ With the results from the test cases we will now have the ways in which the We can refine this further, by grouping the common symptoms, or results that are the same failure {\wrt} the {\fg}. % -We can now treat the {\fg} as a component, and call it a {\dc}, in other words, a sub-system with a known set of failure modes. +We can now treat the {\fg} as a component, and create a corresponding {\dc}: in other words, a `sub-system' with a known set of failure modes. % We can now create a new/{\dc} and assign it these common symptoms as its failure modes. @@ -847,7 +853,7 @@ as its failure modes. This {\dc} can be used to build higher level {\fg}s, and this will naturally form a hierarchy. This hierarchy can be extended until it encompasses -an entire system. +an entire SYSTEM. % It can be considered complete when all failure modes from all components are included in the model @@ -902,7 +908,7 @@ A derived component when created must always have a greater $\alpha$ value than of the components included in the {\fg} from which it was derived. -\paragraph{Natural Reduction in number of failure modes with abstraction level} +\paragraph{Natural Reduction in number of failure modes with abstraction level.} % Because common symptoms are being collected, as we build the tree upward the number of failure modes decreases (or exceptionally stays the same) @@ -1128,11 +1134,6 @@ at each FMMD stage. Where appropriate, multiple simultaneous failures can be modelled by introducing test~cases where the conjunction of failure modes is considered. -\subsubsection {Inhibit Conditions} -Some failure modes only occur when another failure has occurred, or -due to an environmental condition reaching a critical value. This is specifically -dealt with using the FTA methodology~\cite{nucfta}[IV 9]. -An example FTA inhibit gate is shown in figure \ref{fig:inhibitconcept}. \begin{figure} \centering @@ -1173,6 +1174,11 @@ An example FTA inhibit gate is shown in figure \ref{fig:inhibitconcept}. \label{fig:inhibitconcept} \end{figure} +\subsubsection {Inhibit Conditions} +Some failure modes only occur when another failure has occurred, or +due to an environmental condition reaching a critical value. This is specifically +dealt with using the FTA methodology~\cite{nucfta}[IV 9]. +An example FTA inhibit gate is shown in figure \ref{fig:inhibitconcept}. \paragraph{Static or Dynamic Modelling of Inhibit} If the model is static we can consider the conditional failure, at a lower probability of occurring (i.e. the probability