diff --git a/fmmd_concept/fmmd_concept.tex b/fmmd_concept/fmmd_concept.tex index cfb4734..14f3879 100644 --- a/fmmd_concept/fmmd_concept.tex +++ b/fmmd_concept/fmmd_concept.tex @@ -14,15 +14,15 @@ incremental and rigorous approach. %% What I have done %% The Four main static failure mode analysis methodologies were examined and -in the context of newer European safety standards assessed. -Some of the defeciencies in these methodologies lead to +in the context of newer European safety standards, assessed. +Some of the defeciencies identified in these methodologies lead to a wish list for a more ideal methodology. %% What I have found %% From the wish list and considering some constraints determined from the evaluation of the four established methodologies, a new -methodology is developed. The has been named Failure Mode Modular De-Composition (FMMD). +methodology is developed and proposed. The has been named Failure Mode Modular De-Composition (FMMD). %% Sell it %% @@ -30,11 +30,13 @@ In addition to addressing the traditional weaknesses of Fault Tree Analysis (FTA), Fault Mode Effects Analysis (FMEA), Failure Mode Effects Criticallity Analysis (FMECA) and Failure Mode Effects and Diagnostic Analysis (FMEDA), FMMD provides the means to model multiple failure mode scenarios as specified in newer European Safety Standards \cite{en298}. -The proposed methodology is bottom-up and -modular, meaning that the results of analysed components may be re-used in other projects.} +The proposed methodology is bottom-up and can guarantee to leave no component failure mode unhandled. +It is also modular, meaning that the results of analysed components may be re-used in other projects. } { -This chapter proposes a methodology for + %%% CHAPTER INTO NEARLT THE SAME AS ABSTRACT + +This chapter proposes a methodology for creating failure mode models of safety critical systems, which have a common notation for mechanical, electronic and software domains and apply an @@ -43,24 +45,25 @@ incremental and rigorous approach. %% What I have done %% The Four main static failure mode analysis methodologies were examined and -in in the context of newer European safety standards assessed. -Some of the defeciencies in these methodologies lead to +in the context of newer European safety standards, assessed. +Some of the defeciencies identified in these methodologies lead to a wish list for a more ideal methodology. %% What I have found %% From the wish list and considering some constraints determined from the evaluation of the four established methodologies, a new -methodology is developed. The has been named Failure Mode Modular De-Composition (FMMD). +methodology is developed and proposed. The has been named Failure Mode Modular De-Composition (FMMD). %% Sell it %% In addition to addressing the traditional weaknesses of -Fault Tree Analysis (FTA), Fault Mode Effects Analysis (FMEA), Faliue Mode Effects Criticallity Analysis (FMECA) +Fault Tree Analysis (FTA), Fault Mode Effects Analysis (FMEA), Failure Mode Effects Criticallity Analysis (FMECA) and Failure Mode Effects and Diagnostic Analysis (FMEDA), FMMD provides the means to model multiple failure mode scenarios as specified in newer European Safety Standards \cite{en298}. -The proposed methodology is bottom-up and -modular, meaning that the results of analysed components may be re-used in other projects. +The proposed methodology is bottom-up and can guarantee to leave no component failure mode unhandled. +It is also modular, meaning that the results of analysed components may be re-used in other projects. + } @@ -69,7 +72,7 @@ modular, meaning that the results of analysed components may be re-used in other There are four methodologies in common use for failure mode modelling. These are FTA, FMEA, FMECA -and FMEDA (a form of statistical analysis). +and FMEDA (a form of statistical assessment). These methodologies date from the 1940's onwards and have several draw backs and advantages that are discussed in the next section. @@ -85,6 +88,7 @@ features such as the ability to analyse double failure mode scenarios, and to allow modular re-use of analysis. +%FMMD is an incremental bottom up FMEA process. The FMMD methodology presented here provides a more detailed and analytical modelling system which will create a more complete and detailed hierarchical failure mode model from which @@ -106,7 +110,6 @@ chapter } presents the design considerations that determined the FMMD methodology. -FMMD is an incremental bottom up FMEA process. It first briefly reviews the four traditional static failure mode analysis methodologies and lists their known weaknesses. A wish list is then drawn up @@ -152,20 +155,20 @@ As most accidents are unexpected and the causes unforseen \cite{safeware} it is fair to say that a top down approach is not guaranteed to predict all possible undesirable outcomes. It also can miss known component failure modes, by -simply not de-composing down to that level of detail. +simply not de-composing down to the base component failure mode level of detail. \paragraph{A general problem with bottom-up} With the bottom up techniques we have all the known component failure modes and the freedom to determine how each of these may affect the SYSTEM. We do have a real prolem though in determining how -the failure mode of one compoent will affect another working component +the failure mode of one component will affect another working component to cause an undesirable state. Because of the number of components our one failure mode may interact with is large, we cannot consider them all and human judgement is used to decide which interactions are important. Let N be the number of components in our system, and K be the average number of component failure modes -(ways in which the component can fail). The total number of base comp failure modes +(ways in which the component can fail). The total number of base component failure modes is $N \times K$. To examine the affect that one failure mode has on all the other components will be $(N-1) \times N \times K$, in effect a set cross product. @@ -218,9 +221,13 @@ of missing component failure modes \cite{faa}[Ch.9]. %a too high level of failure mode abstraction. FTA was invented for use on the minuteman nuclear defence missile systems in the early 1960s and was not designed as a rigorous -fault/failure mode methodology. It is more like a structure to +fault/failure mode methodology. +It was designed to look for disasterous top level hazards and +determine how they could be caused. +It is more like a structure to be applied when discussing the safety of a system, with a top down hierarchical -notation, that guides the analysis. This methodology was designed for +notation using logic symbols, that guides the analysis. +This methodology was designed for experienced engineers sitting around a large diagram and discussing the safety aspects. Also the nature of a large rocket with red wire, and remote detonation failsafes meant that the objective was to iron out common failures @@ -238,6 +245,7 @@ system level outcomes. \subsection { FMEA } + This is an early static analysis methodology, and concentrates on SYSTEM level errors which have been investigated. The investigation will typically point to a particular failure @@ -258,15 +266,24 @@ a prioritised `todo list', with higher the $RPN$ values being the most urgent. \item No possibility to model base component level double failure modes. \end{itemize} - +\paragrah{NOTE.} FMEA is sometimes used in its literal sense, that is to say +failure Mode effects Analysis, simply looking at a systems internal failure +modes and determing what may happen as a result. +FMEA described in this section is sometimes called `production FMEA'. \subsection{FMECA} Failure mode, effects, and criticality analysis (FMECDA) extends FMEA. This is a bottom up methodology, which takes component failure modes -and traces them to the SYSTEM level failures. The components -have reliability data and this can be used to predict the -failure statistics in the design stage \cite{mil1991}. +and traces them to the SYSTEM level failures. +% +Reliability data for components is used to predict the +failure statistics in the design stage. +A openly published source for the reliability of generic +electronic components was published by the DOD +in 1991 (MIL HDK 1991 \cite{mil1991}) and is a typical +source for MTFF data. +% It can do this using probability \footnote{for a given component failure mode there will be a $\beta$ value, the probability that the component failure mode will cause a given SYSTEM failure}. % diff --git a/introduction/introduction.tex b/introduction/introduction.tex index 53ab7db..36802d0 100644 --- a/introduction/introduction.tex +++ b/introduction/introduction.tex @@ -21,7 +21,7 @@ This changed the target for the study slightly to encompass these three domains \section{Background} I completed an MSc in Software engineering in 2004 at Brighton University while working for -an Engineering firm as a Software Engineer. +an Engineering firm as an embedded `C' programmer. The firm specialise in industrial burner controllers. Industrial Burners are potentially very dangerous industrial plant. They are generally left running unattended for long periods.