lunchtime edit
This commit is contained in:
Robin Clark
parent
254168f341
commit
567096481c
@ -14,15 +14,15 @@ incremental and rigorous approach.
|
||||
%% What I have done
|
||||
%%
|
||||
The Four main static failure mode analysis methodologies were examined and
|
||||
in the context of newer European safety standards assessed.
|
||||
Some of the defeciencies in these methodologies lead to
|
||||
in the context of newer European safety standards, assessed.
|
||||
Some of the defeciencies identified in these methodologies lead to
|
||||
a wish list for a more ideal methodology.
|
||||
|
||||
%% What I have found
|
||||
%%
|
||||
From the wish list and considering some constraints determined from
|
||||
the evaluation of the four established methodologies, a new
|
||||
methodology is developed. The has been named Failure Mode Modular De-Composition (FMMD).
|
||||
methodology is developed and proposed. The has been named Failure Mode Modular De-Composition (FMMD).
|
||||
|
||||
%% Sell it
|
||||
%%
|
||||
@ -30,11 +30,13 @@ In addition to addressing the traditional weaknesses of
|
||||
Fault Tree Analysis (FTA), Fault Mode Effects Analysis (FMEA), Failure Mode Effects Criticallity Analysis (FMECA)
|
||||
and Failure Mode Effects and Diagnostic Analysis (FMEDA), FMMD provides the means to model multiple failure mode scenarios
|
||||
as specified in newer European Safety Standards \cite{en298}.
|
||||
The proposed methodology is bottom-up and
|
||||
modular, meaning that the results of analysed components may be re-used in other projects.}
|
||||
The proposed methodology is bottom-up and can guarantee to leave no component failure mode unhandled.
|
||||
It is also modular, meaning that the results of analysed components may be re-used in other projects.
|
||||
}
|
||||
{
|
||||
This chapter proposes a methodology for
|
||||
%%% CHAPTER INTO NEARLT THE SAME AS ABSTRACT
|
||||
|
||||
This chapter proposes a methodology for
|
||||
creating failure mode models of safety critical systems, which
|
||||
have a common notation
|
||||
for mechanical, electronic and software domains and apply an
|
||||
@ -43,24 +45,25 @@ incremental and rigorous approach.
|
||||
%% What I have done
|
||||
%%
|
||||
The Four main static failure mode analysis methodologies were examined and
|
||||
in in the context of newer European safety standards assessed.
|
||||
Some of the defeciencies in these methodologies lead to
|
||||
in the context of newer European safety standards, assessed.
|
||||
Some of the defeciencies identified in these methodologies lead to
|
||||
a wish list for a more ideal methodology.
|
||||
|
||||
%% What I have found
|
||||
%%
|
||||
From the wish list and considering some constraints determined from
|
||||
the evaluation of the four established methodologies, a new
|
||||
methodology is developed. The has been named Failure Mode Modular De-Composition (FMMD).
|
||||
methodology is developed and proposed. The has been named Failure Mode Modular De-Composition (FMMD).
|
||||
|
||||
%% Sell it
|
||||
%%
|
||||
In addition to addressing the traditional weaknesses of
|
||||
Fault Tree Analysis (FTA), Fault Mode Effects Analysis (FMEA), Faliue Mode Effects Criticallity Analysis (FMECA)
|
||||
Fault Tree Analysis (FTA), Fault Mode Effects Analysis (FMEA), Failure Mode Effects Criticallity Analysis (FMECA)
|
||||
and Failure Mode Effects and Diagnostic Analysis (FMEDA), FMMD provides the means to model multiple failure mode scenarios
|
||||
as specified in newer European Safety Standards \cite{en298}.
|
||||
The proposed methodology is bottom-up and
|
||||
modular, meaning that the results of analysed components may be re-used in other projects.
|
||||
The proposed methodology is bottom-up and can guarantee to leave no component failure mode unhandled.
|
||||
It is also modular, meaning that the results of analysed components may be re-used in other projects.
|
||||
|
||||
}
|
||||
|
||||
|
||||
@ -69,7 +72,7 @@ modular, meaning that the results of analysed components may be re-used in other
|
||||
|
||||
There are four methodologies in common use for failure mode modelling.
|
||||
These are FTA, FMEA, FMECA
|
||||
and FMEDA (a form of statistical analysis).
|
||||
and FMEDA (a form of statistical assessment).
|
||||
|
||||
These methodologies date from the 1940's onwards and have several draw backs and
|
||||
advantages that are discussed in the next section.
|
||||
@ -85,6 +88,7 @@ features such as the ability to analyse double
|
||||
failure mode scenarios, and to allow modular re-use
|
||||
of analysis.
|
||||
|
||||
%FMMD is an incremental bottom up FMEA process.
|
||||
The FMMD
|
||||
methodology presented here provides a more detailed and analytical
|
||||
modelling system which will create a more complete and detailed hierarchical failure mode model from which
|
||||
@ -106,7 +110,6 @@ chapter
|
||||
}
|
||||
presents the design considerations that determined
|
||||
the FMMD methodology.
|
||||
FMMD is an incremental bottom up FMEA process.
|
||||
It first briefly reviews the four traditional
|
||||
static failure mode analysis methodologies and
|
||||
lists their known weaknesses. A wish list is then drawn up
|
||||
@ -152,20 +155,20 @@ As most accidents are unexpected and the causes unforseen \cite{safeware}
|
||||
it is fair to say that a top down approach is not guaranteed to
|
||||
predict all possible undesirable outcomes.
|
||||
It also can miss known component failure modes, by
|
||||
simply not de-composing down to that level of detail.
|
||||
simply not de-composing down to the base component failure mode level of detail.
|
||||
|
||||
\paragraph{A general problem with bottom-up}
|
||||
With the bottom up techniques we have all the known component failure modes
|
||||
and the freedom to determine how each of these may affect the SYSTEM.
|
||||
We do have a real prolem though in determining how
|
||||
the failure mode of one compoent will affect another working component
|
||||
the failure mode of one component will affect another working component
|
||||
to cause an undesirable state. Because of the number of components
|
||||
our one failure mode may interact with is large,
|
||||
we cannot consider them all and human judgement is used to
|
||||
decide which interactions are important.
|
||||
|
||||
Let N be the number of components in our system, and K be the average number of component failure modes
|
||||
(ways in which the component can fail). The total number of base comp failure modes
|
||||
(ways in which the component can fail). The total number of base component failure modes
|
||||
is $N \times K$. To examine the affect that one failure mode has on all the other components
|
||||
will be $(N-1) \times N \times K$, in effect a set cross product.
|
||||
|
||||
@ -218,9 +221,13 @@ of missing component failure modes \cite{faa}[Ch.9].
|
||||
%a too high level of failure mode abstraction.
|
||||
FTA was invented for use on the minuteman nuclear defence missile
|
||||
systems in the early 1960s and was not designed as a rigorous
|
||||
fault/failure mode methodology. It is more like a structure to
|
||||
fault/failure mode methodology.
|
||||
It was designed to look for disasterous top level hazards and
|
||||
determine how they could be caused.
|
||||
It is more like a structure to
|
||||
be applied when discussing the safety of a system, with a top down hierarchical
|
||||
notation, that guides the analysis. This methodology was designed for
|
||||
notation using logic symbols, that guides the analysis.
|
||||
This methodology was designed for
|
||||
experienced engineers sitting around a large diagram and discussing the safety aspects.
|
||||
Also the nature of a large rocket with red wire, and remote detonation
|
||||
failsafes meant that the objective was to iron out common failures
|
||||
@ -238,6 +245,7 @@ system level outcomes.
|
||||
|
||||
\subsection { FMEA }
|
||||
|
||||
|
||||
This is an early static analysis methodology, and concentrates
|
||||
on SYSTEM level errors which have been investigated.
|
||||
The investigation will typically point to a particular failure
|
||||
@ -258,15 +266,24 @@ a prioritised `todo list', with higher the $RPN$ values being the most urgent.
|
||||
\item No possibility to model base component level double failure modes.
|
||||
\end{itemize}
|
||||
|
||||
|
||||
\paragrah{NOTE.} FMEA is sometimes used in its literal sense, that is to say
|
||||
failure Mode effects Analysis, simply looking at a systems internal failure
|
||||
modes and determing what may happen as a result.
|
||||
FMEA described in this section is sometimes called `production FMEA'.
|
||||
|
||||
\subsection{FMECA}
|
||||
|
||||
Failure mode, effects, and criticality analysis (FMECDA) extends FMEA.
|
||||
This is a bottom up methodology, which takes component failure modes
|
||||
and traces them to the SYSTEM level failures. The components
|
||||
have reliability data and this can be used to predict the
|
||||
failure statistics in the design stage \cite{mil1991}.
|
||||
and traces them to the SYSTEM level failures.
|
||||
%
|
||||
Reliability data for components is used to predict the
|
||||
failure statistics in the design stage.
|
||||
A openly published source for the reliability of generic
|
||||
electronic components was published by the DOD
|
||||
in 1991 (MIL HDK 1991 \cite{mil1991}) and is a typical
|
||||
source for MTFF data.
|
||||
%
|
||||
It can do this using probability \footnote{for a given component failure mode there will be a $\beta$ value, the
|
||||
probability that the component failure mode will cause a given SYSTEM failure}.
|
||||
%
|
||||
|
||||
@ -21,7 +21,7 @@ This changed the target for the study slightly to encompass these three domains
|
||||
\section{Background}
|
||||
|
||||
I completed an MSc in Software engineering in 2004 at Brighton University while working for
|
||||
an Engineering firm as a Software Engineer.
|
||||
an Engineering firm as an embedded `C' programmer.
|
||||
The firm specialise in industrial burner controllers.
|
||||
Industrial Burners are potentially very dangerous industrial plant.
|
||||
They are generally left running unattended for long periods.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user