robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

evening edit

Browse Source
This commit is contained in:
Robin Clark 2010-10-07 19:33:13 +01:00
parent c032eef5e0
commit 4ac851a271
2 changed files with 80 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
fmmd_design_aide/fmmd_design_aide.tex
View File

@ -16,33 +16,42 @@ of its failure mode behaviour.
{ {
\section{Introduction} \section{Introduction}
This chapter This chapter
describes how the FMMD methodology can be used to refine describes how the FMMD methodology can be used to examine
safety critical designs and identify undetectable faults. safety critical designs and identify undetectable faults.
Used in this way, its is a design aide, giving the user Used in this way, its is a design aide, giving the user
the possibility to model a system from the perspective the possibility to refine/correct a {\dc} from the perspective
of its failure mode behaviour. of its failure mode behaviour.
} }
\section{How FMMD Analysis can reveal design flaws in failure mode detection } \section{How FMMD Analysis can reveal design flaws in failure mode detection }
A feature of FMMD analysis is symptom collection. Common symptoms are collected A feature of FMMD analysis is the collection of components
after analysis, and this means that the failure modes of the {\fg} into a {\fg}, which is then analysed w.r.t. its failure mode behaviour.
are examined. The symptoms will be detectable (like a value of of range) symptom collection.
From the failure mode behaviour of the {\fg} common symptoms are collected.
These common symptoms are in effect the failure mode behaviour of
the {\fg} viewed as a single entity, or a `black box' component.
From the analysis of the {\fg} we can created a {\dc}, where the failure modes
are the symptoms of the {\fg} we derived it from.
The symptoms will be detectable (like a value of of range)
or undetectable (like a logic state or value being incorrect). or undetectable (like a logic state or value being incorrect).
The `undetectable' failure modes are the most worrying for the safety critical designer. The `undetectable' failure modes are the most worrying for the safety critical designer.
It is these that are, generally the ones that stand out as single %It is these that are, generally the ones that stand out as single
failure modes. For instance, out of range values, we know we can cope with; they %failure modes.
For instance, out of range values, we know we can cope with; they
are an obvious error condition that will be detected by any modules are an obvious error condition that will be detected by any modules
using the {\fg}. using the {\dc}. An undetecable failure mode will introduce
i errors into a SYSTEM.
\subsection{iterative design}
\subsection{Iterative Design}
By applying FMMD analysis to a {\fg} we can determine which failure By applying FMMD analysis to a {\fg} we can determine which failure
modes are detectable, and which are undetectable. modes of a {\dc} are detectable, and which are undetectable.
We can then either modifiy the circuit and iteratively We can then either modify the circuit and iteratively
apply FMMD to the design again, or we could add another {\fg} apply FMMD to the design again, or we could add another {\fg}
that specifically tests for the undetectable conditions. that specifically tests for the undetectable conditions.
@ -54,25 +63,79 @@ paper
{ {
chapter chapter
} }
describes a milli-volt amplifier, with an inbuilt safety\footnote{The `safety resistor also acts as a potential divider to provide a mill-volt offset} describes a milli-volt amplifier (see R18 in figure \ref{fig:mv1}), with an inbuilt safety\footnote{The `safety resistor' also acts
as a potential divider to provide a mill-volt offset. An offset is often required to allow for negative readings form the
milli-volt source being read}
resistor. The circuit is analysed and it is found that all but one component failure modes resistor. The circuit is analysed and it is found that all but one component failure modes
are detectable. are detectable.
We then design a circuit to test for the `undetectable' failure mode We then design a circuit to test for the `undetectable' failure mode
and analyse this with FMMD. and analyse this with FMMD.
With both {\dcs} we then use them to form a {\fg} which we can call our `self testing milli-volt amplifier'. With both {\dcs} we then use them to form a {\fg} which we can call our `self testing milli-volt amplifier'.
We then analsye the {\fg} and the resultant {\dc} failure modes descussed. We then analsye the {\fg} and the resultant {\dc} failure modes are discussed.
\section{An example: A Millivolt Amplifier} \section{An example: A Millivolt Amplifier}
\begin{figure}[h] \begin{figure}[h]
\centering \centering
\includegraphics[width=200pt,bb=0 0 678 690,keepaspectratio=true]{./mv_opamp_circuit.png} \includegraphics[width=200pt,bb=0 0 678 690,keepaspectratio=true]{./mv_opamp_circuit.png}
% mv_opamp_circuit.png: 678x690 pixel, 72dpi, 23.92x24.34 cm, bb=0 0 678 690 % mv_opamp_circuit.png: 678x690 pixel, 72dpi, 23.92x24.34 cm, bb=0 0 678 690
\caption{Milli-Volt Amplifier with Offset} \caption{Milli-Volt Amplifier with Safety/Offset Resistor}
\label{fig:mvamp} \label{fig:mv1}
\end{figure} \end{figure}
\subsection{Brief Circuit Description}
This circuit amplifies a milli-volt input by a gain of $\approx$ 184 ($\frac{150E3}{820}+1$).
An offset is applied to the input by R18 and R22 forming a potential divider
of $\frac{820}{2.2E6+820}$. Will 5V applied as Vcc this gives an input offset of 1.86mV.
So the amplified offset is $\approx 342mV$. We can determine the output of the amplifier
by subtracting this amount from the reading. We can also define an acceptable
range for the readings. This would depend on the milli-volt source, and also on the
detectability of the error volatges.
EXPAND
\section{FMMD Analysis} \section{FMMD Analysis}
\begin{table}[h+]
\caption{Milli Volt Amplifier // Single Fault FMMD} % title of Table
\centering % used for centering table
\begin{tabular}{||l|c|c|l|l||}
\hline \hline
\textbf{Test} & \textbf{Failure } & \textbf{Symptom } & \textbf{MTTF} \\
\textbf{Case} & \textbf{mode} & \textbf{ } & \textbf{per $10^9$ hours of operation} \\
% R & wire & res + & res - & description
\hline
\hline
TC:1 $R18$ SHORT & Amp plus input high & Out of range & 1.38 \\ \hline
TC:2 $R18$ OPEN & No Offset Voltage & Low reading & 12.42\\ \hline
\hline
TC:3 $R22$ SHORT & No offset voltage & Low reading & 1.38 \\ \hline
TC:4 $R22$ OPEN & Amp plus high input & Out of Range & 1.38 \\ \hline
\hline
TC:5 $R26$ SHORT & No gain from amp & Out of Range & 1.38 \\
TC:6 $R26$ OPEN & Very high amp gain & Out of Range & 12.42 \\ \hline
\hline
TC:5 $R30$ SHORT & Very high amp gain & Out of range & 1.38 \\
TC:6 $R30$ OPEN & No gain from amp & Out of Range & 12.42 \\ \hline
\hline
TC:7 $OP\_AMP$ LATCH UP & high amp output & Out of range & 1.38 \\
TC:8 $OP\_AMP$ LATCH DOWN & low amp output & Out of Range & 12.42 \\ \hline
\end{tabular}
\label{tab:fmmdaide1}
\end{table}
The table \ref{tab:fmmdaide1} shows two possible causes for an undetectable
error, that of a low reading due to the loss of the offset millivolt signal.
Typically this type of circuit would be used to read a thermocouple
and this erro symptom, "LOW READING" would mean our plant could
beleive that the temperature reading is lower than it actually is.
To take an example from a K type thermocouple, the offset of 1.86mV
from the potential divider represents about 46oC.
\subsection{Undetected Failure Mode: Incorrect Reading} \subsection{Undetected Failure Mode: Incorrect Reading}
Although statistically, this failure is unlikely (get stats for R short FIT etc from pt100 doc) Although statistically, this failure is unlikely (get stats for R short FIT etc from pt100 doc)

BIN
fmmd_design_aide/mv_opamp_circuit.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 13 KiB

After

Width:  |  Height:  |  Size: 9.6 KiB