robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lunchtime edit

Browse Source
This commit is contained in:
Robin Clark 2010-11-09 14:02:24 +00:00
parent 254168f341
commit 567096481c
2 changed files with 41 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
fmmd_concept/fmmd_concept.tex
View File

@ -14,15 +14,15 @@ incremental and rigorous approach.
%% What I have done %% What I have done
%% %%
The Four main static failure mode analysis methodologies were examined and The Four main static failure mode analysis methodologies were examined and
in the context of newer European safety standards assessed. in the context of newer European safety standards, assessed.
Some of the defeciencies in these methodologies lead to Some of the defeciencies identified in these methodologies lead to
a wish list for a more ideal methodology. a wish list for a more ideal methodology.
%% What I have found %% What I have found
%% %%
From the wish list and considering some constraints determined from From the wish list and considering some constraints determined from
the evaluation of the four established methodologies, a new the evaluation of the four established methodologies, a new
methodology is developed. The has been named Failure Mode Modular De-Composition (FMMD). methodology is developed and proposed. The has been named Failure Mode Modular De-Composition (FMMD).
%% Sell it %% Sell it
%% %%
@ -30,11 +30,13 @@ In addition to addressing the traditional weaknesses of
Fault Tree Analysis (FTA), Fault Mode Effects Analysis (FMEA), Failure Mode Effects Criticallity Analysis (FMECA) Fault Tree Analysis (FTA), Fault Mode Effects Analysis (FMEA), Failure Mode Effects Criticallity Analysis (FMECA)
and Failure Mode Effects and Diagnostic Analysis (FMEDA), FMMD provides the means to model multiple failure mode scenarios and Failure Mode Effects and Diagnostic Analysis (FMEDA), FMMD provides the means to model multiple failure mode scenarios
as specified in newer European Safety Standards \cite{en298}. as specified in newer European Safety Standards \cite{en298}.
The proposed methodology is bottom-up and The proposed methodology is bottom-up and can guarantee to leave no component failure mode unhandled.
modular, meaning that the results of analysed components may be re-used in other projects.} It is also modular, meaning that the results of analysed components may be re-used in other projects.
} }
{ {
This chapter proposes a methodology for %%% CHAPTER INTO NEARLT THE SAME AS ABSTRACT
This chapter proposes a methodology for
creating failure mode models of safety critical systems, which creating failure mode models of safety critical systems, which
have a common notation have a common notation
for mechanical, electronic and software domains and apply an for mechanical, electronic and software domains and apply an
@ -43,24 +45,25 @@ incremental and rigorous approach.
%% What I have done %% What I have done
%% %%
The Four main static failure mode analysis methodologies were examined and The Four main static failure mode analysis methodologies were examined and
in in the context of newer European safety standards assessed. in the context of newer European safety standards, assessed.
Some of the defeciencies in these methodologies lead to Some of the defeciencies identified in these methodologies lead to
a wish list for a more ideal methodology. a wish list for a more ideal methodology.
%% What I have found %% What I have found
%% %%
From the wish list and considering some constraints determined from From the wish list and considering some constraints determined from
the evaluation of the four established methodologies, a new the evaluation of the four established methodologies, a new
methodology is developed. The has been named Failure Mode Modular De-Composition (FMMD). methodology is developed and proposed. The has been named Failure Mode Modular De-Composition (FMMD).
%% Sell it %% Sell it
%% %%
In addition to addressing the traditional weaknesses of In addition to addressing the traditional weaknesses of
Fault Tree Analysis (FTA), Fault Mode Effects Analysis (FMEA), Faliue Mode Effects Criticallity Analysis (FMECA) Fault Tree Analysis (FTA), Fault Mode Effects Analysis (FMEA), Failure Mode Effects Criticallity Analysis (FMECA)
and Failure Mode Effects and Diagnostic Analysis (FMEDA), FMMD provides the means to model multiple failure mode scenarios and Failure Mode Effects and Diagnostic Analysis (FMEDA), FMMD provides the means to model multiple failure mode scenarios
as specified in newer European Safety Standards \cite{en298}. as specified in newer European Safety Standards \cite{en298}.
The proposed methodology is bottom-up and The proposed methodology is bottom-up and can guarantee to leave no component failure mode unhandled.
modular, meaning that the results of analysed components may be re-used in other projects. It is also modular, meaning that the results of analysed components may be re-used in other projects.
} }
@ -69,7 +72,7 @@ modular, meaning that the results of analysed components may be re-used in other
There are four methodologies in common use for failure mode modelling. There are four methodologies in common use for failure mode modelling.
These are FTA, FMEA, FMECA These are FTA, FMEA, FMECA
and FMEDA (a form of statistical analysis). and FMEDA (a form of statistical assessment).
These methodologies date from the 1940's onwards and have several draw backs and These methodologies date from the 1940's onwards and have several draw backs and
advantages that are discussed in the next section. advantages that are discussed in the next section.
@ -85,6 +88,7 @@ features such as the ability to analyse double
failure mode scenarios, and to allow modular re-use failure mode scenarios, and to allow modular re-use
of analysis. of analysis.
%FMMD is an incremental bottom up FMEA process.
The FMMD The FMMD
methodology presented here provides a more detailed and analytical methodology presented here provides a more detailed and analytical
modelling system which will create a more complete and detailed hierarchical failure mode model from which modelling system which will create a more complete and detailed hierarchical failure mode model from which
@ -106,7 +110,6 @@ chapter
} }
presents the design considerations that determined presents the design considerations that determined
the FMMD methodology. the FMMD methodology.
FMMD is an incremental bottom up FMEA process.
It first briefly reviews the four traditional It first briefly reviews the four traditional
static failure mode analysis methodologies and static failure mode analysis methodologies and
lists their known weaknesses. A wish list is then drawn up lists their known weaknesses. A wish list is then drawn up
@ -152,20 +155,20 @@ As most accidents are unexpected and the causes unforseen \cite{safeware}
it is fair to say that a top down approach is not guaranteed to it is fair to say that a top down approach is not guaranteed to
predict all possible undesirable outcomes. predict all possible undesirable outcomes.
It also can miss known component failure modes, by It also can miss known component failure modes, by
simply not de-composing down to that level of detail. simply not de-composing down to the base component failure mode level of detail.
\paragraph{A general problem with bottom-up} \paragraph{A general problem with bottom-up}
With the bottom up techniques we have all the known component failure modes With the bottom up techniques we have all the known component failure modes
and the freedom to determine how each of these may affect the SYSTEM. and the freedom to determine how each of these may affect the SYSTEM.
We do have a real prolem though in determining how We do have a real prolem though in determining how
the failure mode of one compoent will affect another working component the failure mode of one component will affect another working component
to cause an undesirable state. Because of the number of components to cause an undesirable state. Because of the number of components
our one failure mode may interact with is large, our one failure mode may interact with is large,
we cannot consider them all and human judgement is used to we cannot consider them all and human judgement is used to
decide which interactions are important. decide which interactions are important.
Let N be the number of components in our system, and K be the average number of component failure modes Let N be the number of components in our system, and K be the average number of component failure modes
(ways in which the component can fail). The total number of base comp failure modes (ways in which the component can fail). The total number of base component failure modes
is $N \times K$. To examine the affect that one failure mode has on all the other components is $N \times K$. To examine the affect that one failure mode has on all the other components
will be $(N-1) \times N \times K$, in effect a set cross product. will be $(N-1) \times N \times K$, in effect a set cross product.
@ -218,9 +221,13 @@ of missing component failure modes \cite{faa}[Ch.9].
%a too high level of failure mode abstraction. %a too high level of failure mode abstraction.
FTA was invented for use on the minuteman nuclear defence missile FTA was invented for use on the minuteman nuclear defence missile
systems in the early 1960s and was not designed as a rigorous systems in the early 1960s and was not designed as a rigorous
fault/failure mode methodology. It is more like a structure to fault/failure mode methodology.
It was designed to look for disasterous top level hazards and
determine how they could be caused.
It is more like a structure to
be applied when discussing the safety of a system, with a top down hierarchical be applied when discussing the safety of a system, with a top down hierarchical
notation, that guides the analysis. This methodology was designed for notation using logic symbols, that guides the analysis.
This methodology was designed for
experienced engineers sitting around a large diagram and discussing the safety aspects. experienced engineers sitting around a large diagram and discussing the safety aspects.
Also the nature of a large rocket with red wire, and remote detonation Also the nature of a large rocket with red wire, and remote detonation
failsafes meant that the objective was to iron out common failures failsafes meant that the objective was to iron out common failures
@ -238,6 +245,7 @@ system level outcomes.
\subsection { FMEA } \subsection { FMEA }
This is an early static analysis methodology, and concentrates This is an early static analysis methodology, and concentrates
on SYSTEM level errors which have been investigated. on SYSTEM level errors which have been investigated.
The investigation will typically point to a particular failure The investigation will typically point to a particular failure
@ -258,15 +266,24 @@ a prioritised `todo list', with higher the $RPN$ values being the most urgent.
\item No possibility to model base component level double failure modes. \item No possibility to model base component level double failure modes.
\end{itemize} \end{itemize}
\paragrah{NOTE.} FMEA is sometimes used in its literal sense, that is to say
failure Mode effects Analysis, simply looking at a systems internal failure
modes and determing what may happen as a result.
FMEA described in this section is sometimes called `production FMEA'.
\subsection{FMECA} \subsection{FMECA}
Failure mode, effects, and criticality analysis (FMECDA) extends FMEA. Failure mode, effects, and criticality analysis (FMECDA) extends FMEA.
This is a bottom up methodology, which takes component failure modes This is a bottom up methodology, which takes component failure modes
and traces them to the SYSTEM level failures. The components and traces them to the SYSTEM level failures.
have reliability data and this can be used to predict the %
failure statistics in the design stage \cite{mil1991}. Reliability data for components is used to predict the
failure statistics in the design stage.
A openly published source for the reliability of generic
electronic components was published by the DOD
in 1991 (MIL HDK 1991 \cite{mil1991}) and is a typical
source for MTFF data.
%
It can do this using probability \footnote{for a given component failure mode there will be a $\beta$ value, the It can do this using probability \footnote{for a given component failure mode there will be a $\beta$ value, the
probability that the component failure mode will cause a given SYSTEM failure}. probability that the component failure mode will cause a given SYSTEM failure}.
% %

2
introduction/introduction.tex
View File

@ -21,7 +21,7 @@ This changed the target for the study slightly to encompass these three domains
\section{Background} \section{Background}
I completed an MSc in Software engineering in 2004 at Brighton University while working for I completed an MSc in Software engineering in 2004 at Brighton University while working for
an Engineering firm as a Software Engineer. an Engineering firm as an embedded `C' programmer.
The firm specialise in industrial burner controllers. The firm specialise in industrial burner controllers.
Industrial Burners are potentially very dangerous industrial plant. Industrial Burners are potentially very dangerous industrial plant.
They are generally left running unattended for long periods. They are generally left running unattended for long periods.