...
This commit is contained in:
parent
18fbf8bc08
commit
526cee6384
@ -701,11 +701,15 @@ associated with the test cases, complete coverage would be verified.
|
|||||||
A sample space is defined as the set of all possible outcomes.
|
A sample space is defined as the set of all possible outcomes.
|
||||||
For a component in FMMD analysis, this set of all possible outcomes is its normal correct
|
For a component in FMMD analysis, this set of all possible outcomes is its normal correct
|
||||||
operating state and all its failure modes.
|
operating state and all its failure modes.
|
||||||
|
We are thus considering the failure modes as events in the sample space.
|
||||||
|
%
|
||||||
When dealing with failure modes, we are not interested in
|
When dealing with failure modes, we are not interested in
|
||||||
the state where the component is working perfectly or `OK' (i.e. operating with no error).
|
the state where the component is working perfectly or `OK' (i.e. operating with no error).
|
||||||
|
%
|
||||||
We are interested only in ways in which it can fail.
|
We are interested only in ways in which it can fail.
|
||||||
By definition while all components in a system are `working perfectly'
|
By definition while all components in a system are `working perfectly'
|
||||||
that system will not exhibit faulty behaviour.
|
that system will not exhibit faulty behaviour.
|
||||||
|
We can say that the OK state corresponds to the empty set.
|
||||||
Thus the statistical sample space $\Omega$ for a component or derived~component $C$ is
|
Thus the statistical sample space $\Omega$ for a component or derived~component $C$ is
|
||||||
%$$ \Omega = {OK, failure\_mode_{1},failure\_mode_{2},failure\_mode_{3} ... failure\_mode_{N} $$
|
%$$ \Omega = {OK, failure\_mode_{1},failure\_mode_{2},failure\_mode_{3} ... failure\_mode_{N} $$
|
||||||
$$ \Omega(C) = \{OK, failure\_mode_{1},failure\_mode_{2},failure\_mode_{3}, \ldots ,failure\_mode_{N}\} . $$
|
$$ \Omega(C) = \{OK, failure\_mode_{1},failure\_mode_{2},failure\_mode_{3}, \ldots ,failure\_mode_{N}\} . $$
|
||||||
@ -718,13 +722,19 @@ $ \Omega(C) = fm(C) \cup \{OK\} $).
|
|||||||
The $OK$ statistical case is the largest in probability, and is therefore
|
The $OK$ statistical case is the largest in probability, and is therefore
|
||||||
of interest when analysing systems from a statistical perspective.
|
of interest when analysing systems from a statistical perspective.
|
||||||
This is of interest for the application of conditional probability calculations
|
This is of interest for the application of conditional probability calculations
|
||||||
such as Bayes theorem~\cite{probstat}.
|
such as Bayes theorem~\cite{probstat};
|
||||||
|
|
||||||
|
The current failure modelling methodologies (FMEA, FMECA, FTA, FMEDA) all use Bayesian
|
||||||
|
statistics to justify their methodologies~\cite{nucfta}\cite{nasafta}.
|
||||||
|
That is to say, a base component or a sub-system failure
|
||||||
|
has a probability of causing given system level failures.
|
||||||
|
|
||||||
Another way to view this is to consider the failure modes of
|
Another way to view this is to consider the failure modes of
|
||||||
component, with the $OK$ state, as a universal set $\Omega$, where
|
component, with the $OK$ state, as a universal set $\Omega$, where
|
||||||
all sets within $\Omega$ are partitioned.
|
all sets within $\Omega$ are partitioned.
|
||||||
Figure \ref{fig:partitioncfm} shows a partitioned set representing
|
Figure \ref{fig:partitioncfm} shows a partitioned set representing
|
||||||
component failure modes $\{ B_1 ... B_8, OK \}$ obeying unitary state conditions.
|
component failure modes $\{ B_1 ... B_8, OK \}$ : partitioned sets
|
||||||
|
where the OK or empty set condition is included, obey unitary state conditions.
|
||||||
Because the subsets of $\Omega$ are partitionned we can say these
|
Because the subsets of $\Omega$ are partitionned we can say these
|
||||||
failure modes are unitary state.
|
failure modes are unitary state.
|
||||||
|
|
||||||
|
|||||||
@ -272,12 +272,18 @@ not to rigorously detect all possible failures.
|
|||||||
Consequently it was not designed to guarantee to covering all component failure modes,
|
Consequently it was not designed to guarantee to covering all component failure modes,
|
||||||
and has no rigorous in-built safeguards to ensure coverage of all possible
|
and has no rigorous in-built safeguards to ensure coverage of all possible
|
||||||
system level outcomes.
|
system level outcomes.
|
||||||
|
Also each system level error (or undesireable event) requires its own FTA tree.
|
||||||
|
This increase the amount of work to do, and in the case of updates to
|
||||||
|
particular sub-systems, introduces the requirement to update every FTA
|
||||||
|
tree modelling that sub-system.
|
||||||
|
|
||||||
\subsubsection{ FTA weaknesses }
|
\subsubsection{ FTA weaknesses }
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item Complex component interaction effects are by definition modelled by FTA, but because of the top down approach, not all
|
\item Complex component interaction effects are by definition modelled by FTA, but because of the top down approach, not all
|
||||||
base component failure modes are guaranteed to be included in the model.
|
base component failure modes are guaranteed to be included in the model.
|
||||||
\item Possibility to miss environmental affects.
|
\item Possibility to miss environmental affects.
|
||||||
|
\item One FTA tree, per system failure mode. Thus there is not one model from which several FTA
|
||||||
|
trees can be derived. Maintainability and consistency cannot therefore be automatically checked.
|
||||||
\item No possibility to model base component level double failure modes.
|
\item No possibility to model base component level double failure modes.
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
|
|
||||||
|
|||||||
@ -64,10 +64,27 @@ Consequently it was not designed to guarantee to covering all component failure
|
|||||||
and has no rigorous in-built safeguards to ensure coverage of all possible
|
and has no rigorous in-built safeguards to ensure coverage of all possible
|
||||||
system level outcomes.
|
system level outcomes.
|
||||||
|
|
||||||
|
\paragraph{Outline of FTA Methodology}
|
||||||
|
FTA works by taking an undesireable event
|
||||||
|
(or SYSTEM level failure mode or TOP level failure)
|
||||||
|
and deciding top-down, what sub-systems it depends upon, and which
|
||||||
|
failure events of those sub-systems could cause the top level failure.
|
||||||
|
It then applies the same process to the sub-systems it identified
|
||||||
|
from the top level, identifying level level sub-systems and events.
|
||||||
|
It is not required to de-compose down to base component level.
|
||||||
|
|
||||||
|
\paragraph{One FTA Tree per System Level Failure Mode.}
|
||||||
|
This means that each system level error (or undesireable event) requires its own FTA tree.
|
||||||
|
This increases the amount of work to do, and in the case of updates to
|
||||||
|
particular sub-systems, introduces the requirement to update every FTA
|
||||||
|
tree modelling that sub-system.
|
||||||
|
|
||||||
\subsubsection{ FTA weaknesses }
|
\subsubsection{ FTA weaknesses }
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item Possibility to miss component failure modes.
|
\item Possibility to miss component failure modes.
|
||||||
\item Possibility to miss environmental affects.
|
\item Possibility to miss environmental affects.
|
||||||
|
\item One FTA tree, per system failure mode. Thus there is not one model from which several FTA
|
||||||
|
trees can be derived. Maintainability and consistency cannot therefore be automatically checked.
|
||||||
\item No possibility to model base component level double failure modes.
|
\item No possibility to model base component level double failure modes.
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
|
|
||||||
@ -88,7 +105,7 @@ Consider an unused feature failing.}. Muliplying these
|
|||||||
together,
|
together,
|
||||||
gives a risk probability number (RPN), given by $RPN = S \times O \times D$.
|
gives a risk probability number (RPN), given by $RPN = S \times O \times D$.
|
||||||
This gives in effect
|
This gives in effect
|
||||||
a prioritised `todo list', with higher $RPN$ values being the most urgent.
|
a prioritised `to~do~list', with higher $RPN$ values being the most urgent.
|
||||||
|
|
||||||
|
|
||||||
\subsubsection{ FMEA weaknesses }
|
\subsubsection{ FMEA weaknesses }
|
||||||
@ -592,18 +609,26 @@ thus
|
|||||||
P(S|B) = \frac{P(S) P(B|S)} {P(B)} .
|
P(S|B) = \frac{P(S) P(B|S)} {P(B)} .
|
||||||
\end{equation}
|
\end{equation}
|
||||||
|
|
||||||
Equation \ref{eqn:bayes1} means, given the event $B$ what is the probability it was caused by $S$.
|
|
||||||
Because we are interested in what base component failure modes could have caused $S$
|
|
||||||
we need to re-arrange this
|
|
||||||
|
|
||||||
\begin{equation}
|
This equation gives us the probability that if event B has occurred, of
|
||||||
\label{eqn:bayes2}
|
the event S occurring.
|
||||||
P(B|S) = \frac{P(B) P(S|B)} {P(S)} .
|
In the context of failure mode analysis, the event B would
|
||||||
\end{equation}
|
be the occurance of a component failure mode, and S would be a system level error.
|
||||||
|
%
|
||||||
|
|
||||||
Equation \ref{eqn:bayes2} can be read as given the system failure mode $S$
|
%Equation \ref{eqn:bayes1} means, given the event $B$ what is the probability it was caused by $S$.
|
||||||
|
%Because we are interested in what base component failure modes could have caused $S$
|
||||||
|
%we need to re-arrange this
|
||||||
|
|
||||||
Typically a system level failure will have a number of possible causes, or base component failure
|
%\begin{equation}
|
||||||
|
%\label{eqn:bayes2}
|
||||||
|
% P(B|S) = \frac{P(B) P(S|B)} {P(S)} .
|
||||||
|
%\end{equation}
|
||||||
|
%
|
||||||
|
%Equation \ref{eqn:bayes2} can be read as given the system failure mode $S$
|
||||||
|
|
||||||
|
Typically a system level failure will have a number of possible causes,
|
||||||
|
or base component failure
|
||||||
modes. Some base component failure modes may not be able to cause given system failures.
|
modes. Some base component failure modes may not be able to cause given system failures.
|
||||||
We can represent the the base component failure modes as a partioned set~\cite{nucfta}[fig VI-7], and overlay
|
We can represent the the base component failure modes as a partioned set~\cite{nucfta}[fig VI-7], and overlay
|
||||||
a given system failure mode on it.
|
a given system failure mode on it.
|
||||||
@ -654,8 +679,10 @@ will cause the system level error $S_k$
|
|||||||
%Prob $B_n$ caused $S_k$ is the prob $S_k$ caused by $B_n$ divided by prob of $B_n$
|
%Prob $B_n$ caused $S_k$ is the prob $S_k$ caused by $B_n$ divided by prob of $B_n$
|
||||||
|
|
||||||
$$
|
$$
|
||||||
% P(S_k|B_n) = \frac{P(S_k) \; P(B_n | S_k) }{P(B_n)} alternate form of no use to MEEEEEE
|
P(S_k|B_n) = \frac{P(S_k) \; P(B_n | S_k) }{P(B_n)}
|
||||||
P(B_n|S_k) = \frac{P(B_n) \; P(S_k | B_n) }{P(S_k)}
|
|
||||||
|
%alternate form of no use to MEEEEEE
|
||||||
|
%P(B_n|S_k) = \frac{P(B_n) \; P(S_k | B_n) }{P(S_k)}
|
||||||
$$
|
$$
|
||||||
|
|
||||||
For example were we to have a component that has a failure mode $B_n$ with an MTTF of $10^{-7}$ hours
|
For example were we to have a component that has a failure mode $B_n$ with an MTTF of $10^{-7}$ hours
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user