evening edit
This commit is contained in:
Robin Clark
parent
c032eef5e0
commit
4ac851a271
@ -16,33 +16,42 @@ of its failure mode behaviour.
|
||||
{
|
||||
\section{Introduction}
|
||||
This chapter
|
||||
describes how the FMMD methodology can be used to refine
|
||||
describes how the FMMD methodology can be used to examine
|
||||
safety critical designs and identify undetectable faults.
|
||||
Used in this way, its is a design aide, giving the user
|
||||
the possibility to model a system from the perspective
|
||||
the possibility to refine/correct a {\dc} from the perspective
|
||||
of its failure mode behaviour.
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
\section{How FMMD Analysis can reveal design flaws in failure mode detection }
|
||||
|
||||
A feature of FMMD analysis is symptom collection. Common symptoms are collected
|
||||
after analysis, and this means that the failure modes of the {\fg}
|
||||
are examined. The symptoms will be detectable (like a value of of range)
|
||||
A feature of FMMD analysis is the collection of components
|
||||
into a {\fg}, which is then analysed w.r.t. its failure mode behaviour.
|
||||
symptom collection.
|
||||
From the failure mode behaviour of the {\fg} common symptoms are collected.
|
||||
These common symptoms are in effect the failure mode behaviour of
|
||||
the {\fg} viewed as a single entity, or a `black box' component.
|
||||
From the analysis of the {\fg} we can created a {\dc}, where the failure modes
|
||||
are the symptoms of the {\fg} we derived it from.
|
||||
The symptoms will be detectable (like a value of of range)
|
||||
or undetectable (like a logic state or value being incorrect).
|
||||
The `undetectable' failure modes are the most worrying for thesafety critical designer.
|
||||
It is these that are, generally the ones that stand out as single
|
||||
failure modes. For instance, out of range values, we know we can cope with; they
|
||||
The `undetectable' failure modes are the most worrying for the safety critical designer.
|
||||
%It is these that are, generally the ones that stand out as single
|
||||
%failure modes.
|
||||
For instance, out of range values, we know we can cope with; they
|
||||
are an obvious error condition that will be detected by any modules
|
||||
using the {\fg}.
|
||||
i
|
||||
\subsection{iterative design}
|
||||
using the {\dc}. An undetecable failure mode will introduce
|
||||
errors into a SYSTEM.
|
||||
|
||||
\subsection{Iterative Design}
|
||||
|
||||
By applying FMMD analysis to a {\fg} we can determine which failure
|
||||
modes are detectable, and which are undetectable.
|
||||
We can then either modifiy the circuit and iteratively
|
||||
modes of a {\dc} are detectable, and which are undetectable.
|
||||
We can then either modify the circuit and iteratively
|
||||
apply FMMD to the design again, or we could add another {\fg}
|
||||
that specifically tests for the undetectable conditions.
|
||||
|
||||
@ -54,25 +63,79 @@ paper
|
||||
{
|
||||
chapter
|
||||
}
|
||||
describes a milli-volt amplifier, with an inbuilt safety\footnote{The `safety resistor also acts as a potential divider to provide a mill-volt offset}
|
||||
describes a milli-volt amplifier (see R18 in figure \ref{fig:mv1}), with an inbuilt safety\footnote{The `safety resistor' also acts
|
||||
as a potential divider to provide a mill-volt offset. An offset is often required to allow for negative readings form the
|
||||
milli-volt source being read}
|
||||
resistor. The circuit is analysed and it is found that all but one component failure modes
|
||||
are detectable.
|
||||
We then design a circuit to test for the `undetectable' failure mode
|
||||
and analyse this with FMMD.
|
||||
With both {\dcs} we then use them to form a {\fg} which we can call our `self testing milli-volt amplifier'.
|
||||
We then analsye the {\fg} and the resultant {\dc} failure modes descussed.
|
||||
We then analsye the {\fg} and the resultant {\dc} failure modes are discussed.
|
||||
\section{An example: A Millivolt Amplifier}
|
||||
|
||||
\begin{figure}[h]
|
||||
\centering
|
||||
\includegraphics[width=200pt,bb=0 0 678 690,keepaspectratio=true]{./mv_opamp_circuit.png}
|
||||
% mv_opamp_circuit.png: 678x690 pixel, 72dpi, 23.92x24.34 cm, bb=0 0 678 690
|
||||
\caption{Milli-Volt Amplifier with Offset}
|
||||
\label{fig:mvamp}
|
||||
\caption{Milli-Volt Amplifier with Safety/Offset Resistor}
|
||||
\label{fig:mv1}
|
||||
\end{figure}
|
||||
|
||||
\subsection{Brief Circuit Description}
|
||||
|
||||
This circuit amplifies a milli-volt input by a gain of $\approx$ 184 ($\frac{150E3}{820}+1$).
|
||||
An offset is applied to the input by R18 and R22 forming a potential divider
|
||||
of $\frac{820}{2.2E6+820}$. Will 5V applied as Vcc this gives an input offset of 1.86mV.
|
||||
So the amplified offset is $\approx 342mV$. We can determine the output of the amplifier
|
||||
by subtracting this amount from the reading. We can also define an acceptable
|
||||
range for the readings. This would depend on the milli-volt source, and also on the
|
||||
detectability of the error volatges.
|
||||
|
||||
EXPAND
|
||||
|
||||
\section{FMMD Analysis}
|
||||
|
||||
|
||||
|
||||
|
||||
\begin{table}[h+]
|
||||
\caption{Milli Volt Amplifier // Single Fault FMMD} % title of Table
|
||||
\centering % used for centering table
|
||||
\begin{tabular}{||l|c|c|l|l||}
|
||||
\hline \hline
|
||||
\textbf{Test} & \textbf{Failure } & \textbf{Symptom } & \textbf{MTTF} \\
|
||||
\textbf{Case} & \textbf{mode} & \textbf{ } & \textbf{per $10^9$ hours of operation} \\
|
||||
% R & wire & res + & res - & description
|
||||
\hline
|
||||
\hline
|
||||
TC:1 $R18$ SHORT & Amp plus input high & Out of range & 1.38 \\ \hline
|
||||
TC:2 $R18$ OPEN & No Offset Voltage & Low reading & 12.42\\ \hline
|
||||
\hline
|
||||
TC:3 $R22$ SHORT & No offset voltage & Low reading & 1.38 \\ \hline
|
||||
TC:4 $R22$ OPEN & Amp plus high input & Out of Range & 1.38 \\ \hline
|
||||
\hline
|
||||
TC:5 $R26$ SHORT & No gain from amp & Out of Range & 1.38 \\
|
||||
TC:6 $R26$ OPEN & Very high amp gain & Out of Range & 12.42 \\ \hline
|
||||
\hline
|
||||
TC:5 $R30$ SHORT & Very high amp gain & Out of range & 1.38 \\
|
||||
TC:6 $R30$ OPEN & No gain from amp & Out of Range & 12.42 \\ \hline
|
||||
\hline
|
||||
TC:7 $OP\_AMP$ LATCH UP & high amp output & Out of range & 1.38 \\
|
||||
TC:8 $OP\_AMP$ LATCH DOWN & low amp output & Out of Range & 12.42 \\ \hline
|
||||
|
||||
\end{tabular}
|
||||
\label{tab:fmmdaide1}
|
||||
\end{table}
|
||||
|
||||
The table \ref{tab:fmmdaide1} shows two possible causes for an undetectable
|
||||
error, that of a low reading due to the loss of the offset millivolt signal.
|
||||
Typically this type of circuit would be used to read a thermocouple
|
||||
and this erro symptom, "LOW READING" would mean our plant could
|
||||
beleive that the temperature reading is lower than it actually is.
|
||||
To take an example from a K type thermocouple, the offset of 1.86mV
|
||||
from the potential divider represents about 46oC.
|
||||
|
||||
\subsection{Undetected Failure Mode: Incorrect Reading}
|
||||
|
||||
Although statistically, this failure is unlikely (get stats for R short FIT etc from pt100 doc)
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 13 KiB After Width: | Height: | Size: 9.6 KiB |
Loading…
Reference in New Issue
Block a user