could this be the final edit
This commit is contained in:
Robin Clark
parent
b8b0ee7f0d
commit
5cfc3d70ec
@ -154,6 +154,7 @@ In practice, this part of the process is guided by %%% PRACTICE NOUN Practice ma
|
||||
the particular standard
|
||||
which is being conformed to. %we are seeking to conform.% to.
|
||||
%
|
||||
%
|
||||
Standards may differ in their definitions for the {\fms} of {\bcs}.
|
||||
The reasons for these differences are examined below using two example components.
|
||||
%
|
||||
@ -182,6 +183,8 @@ The FMEA investigator needs to know what failure behaviour a component could exh
|
||||
%
|
||||
A large body of literature exists giving guidance for the determination of component {\fms}.
|
||||
%
|
||||
An interesting discussion on semi-conductor failure modes may be found in~\cite{ehb}[Ch.44].
|
||||
%
|
||||
For this study FMD-91~\cite{fmd91} and the gas burner standard EN298~\cite{en298} are examined.
|
||||
%Some standards prescribe specific failure modes for generic component types.
|
||||
In EN298 failure modes for most generic component types are listed, or if not listed,
|
||||
@ -1627,7 +1630,7 @@ These factors mean that re-use, review and checking of traditional analysis can
|
||||
Work has been performed to assist in incremental FMEA production by use of a software tool
|
||||
which in conjunction with circuit simulation
|
||||
and a database of component failure modes (providing consistency in terminology)
|
||||
speeds up the FMEA process~\cite{incrementalfmea}.
|
||||
speeds up the FMEA process and aids re-use~\cite{incrementalfmea}.
|
||||
%
|
||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||
|
||||
@ -102,6 +102,9 @@ the fundamental problem remains, that, with any changes
|
||||
to the component base in a system, it is very difficult to
|
||||
determine which FMEA test scenarios must be re-worked.
|
||||
%
|
||||
With component failure mode databases, in conjunction with circuit simulation, work has been performed to address
|
||||
this~\cite{incrementalfmea}.
|
||||
%
|
||||
It is common in safety critical systems to have repeated circuit topologies.
|
||||
%
|
||||
For instance there may be several signal input and output
|
||||
@ -308,7 +311,7 @@ For instance, an AVO-8 multi-meter circa 1970, uses only analogue electronics an
|
||||
using FMEA how component failures within it could affect readings.
|
||||
%
|
||||
A modern multi-meter will have a small dedicated micro-processor and sensing electronics, all on the same chip,
|
||||
with firmware to read the user controls, and display results. % on an LCD.
|
||||
with firmware to read the user controls and display results. % on an LCD.
|
||||
%
|
||||
For quality control, many safety critical processes require regular inspections
|
||||
and measurements of physical characteristics of materials and machinery.
|
||||
|
||||
@ -59,7 +59,7 @@ All the failure modes of all the components within a {\fg} are collected.
|
||||
%
|
||||
%A flat set is a set containing just the failure modes and not sets of failure modes~\cite{joyofsets}[p.8].
|
||||
%
|
||||
Each component failure mode can considered as a `failure~scenario' or 'test~case'
|
||||
Each component failure mode can be considered as a `failure~scenario' or 'test~case'
|
||||
to be applied to the {\fg}.
|
||||
%
|
||||
Each of these failure modes, and optionally combinations of them, are
|
||||
@ -238,7 +238,7 @@ for it outputting a low voltage `LowPD'. % Andrew asked for this to be defined b
|
||||
%
|
||||
%\vbox{
|
||||
From table \ref{tbl:pdfmea} it can be seen that the resistor
|
||||
failures modes lead to some common symptoms of failure from the perspective of the {\fg}.
|
||||
failure modes lead to some common symptoms of failure from the perspective of the {\fg}.
|
||||
%YOU FIDDLINGING FITTAS, TELL ME TO USE THE TERM SYMPTOM AND THEN TELL ME TO FIDDLINGING REMOVE IT A YEAR LATER> FITTAS
|
||||
%symptoms.
|
||||
%These common symptoms of failure are an important concept for FMMD.
|
||||
@ -409,7 +409,7 @@ These op-amp failure modes are represented on the DAG in figure~\ref{fig:op1dag}
|
||||
%}
|
||||
%\clearpage
|
||||
%\paragraph{Modelling the OP amp with the potential divider.}
|
||||
The op-amp and the {\dc} {\em PD} now % andrew heavily critised this sentence but it made sense to Chris and I
|
||||
The op-amp and the {\dc} {\em PD} are now % andrew heavily critised this sentence but it made sense to Chris and I
|
||||
formed into a {\fg} to model the failure mode behaviour of the non-inverting amplifier.
|
||||
\fmmdglossOPAMP
|
||||
%
|
||||
@ -934,21 +934,21 @@ as examples.
|
||||
|
||||
\section{Fault Mode Analysis, top down or bottom up?}
|
||||
|
||||
Traditional static fault analysis methods work from the top down.
|
||||
Traditional static fault analysis methods, such as FTA~\cite{nucfta,nasafta} work from the top down.
|
||||
They identify faults that can occur in a system, and then work down
|
||||
to see how they could be caused.
|
||||
%
|
||||
Some apply statistical techniques to
|
||||
determine the likelihood of component failures
|
||||
causing specific system level errors.
|
||||
%
|
||||
For example the FMEA variant FMECA, uses
|
||||
Bayes theorem~\cite{probstat}[p.170]~\cite{nucfta}[p.74] (the relation between a conditional probability and its reverse)
|
||||
and is applied to specific failure modes in components and their probability of causing given system level errors.
|
||||
\fmmdglossFMECA
|
||||
Another top down methodology is to apply cost benefit analysis
|
||||
to determine which faults are the highest priority to fix~\cite{bfmea}.
|
||||
%
|
||||
% Some apply statistical techniques to
|
||||
% determine the likelihood of component failures
|
||||
% causing specific system level errors.
|
||||
% %
|
||||
% For example the FMEA variant FMECA, uses
|
||||
% Bayes theorem~\cite{probstat}[p.170]~\cite{nucfta}[p.74] (the relation between a conditional probability and its reverse)
|
||||
% and is applied to specific failure modes in components and their probability of causing given system level errors.
|
||||
% \fmmdglossFMECA
|
||||
% Another top down methodology is to apply cost benefit analysis
|
||||
% to determine which faults are the highest priority to fix~\cite{bfmea}.
|
||||
% %
|
||||
%\fmmdglossFMEA
|
||||
\fmeagloss
|
||||
%
|
||||
@ -958,7 +958,6 @@ models of safety critical systems from the bottom-up,
|
||||
starting where possible with known base~component failure~modes.
|
||||
%
|
||||
%
|
||||
%
|
||||
An advantage of working from the bottom up is that it can be ensured that
|
||||
all component failure modes have been considered.
|
||||
%
|
||||
@ -1124,7 +1123,7 @@ in quality systems~\cite{iso9001}.
|
||||
Having analysis reports increases the traceability---or documented paper trail---aiding understanding
|
||||
and maintainability for failure mode models.
|
||||
%
|
||||
Also a detailed cause and effect model is useful for creating diagnostic schemas~\cite{dbamafta}.
|
||||
Also a detailed cause and effect model is useful for creating diagnostic schemas~\cite{dbamafta,cbds}.
|
||||
|
||||
|
||||
|
||||
@ -1189,8 +1188,8 @@ are naturally mutually exclusive.
|
||||
%
|
||||
This also applies to {\dcs} produced in the FMMD process.
|
||||
%
|
||||
In the FMMD process symptoms are are collected, i.e no component failure modes may be shared
|
||||
by a symptom within a {\fg}, and therefore the failure modes of a {\dc} are mutually exclusive.
|
||||
In the FMMD process common symptoms are are collected, i.e no component failure modes may be %shared
|
||||
linked to more than one symptom and therefore the failure modes of a {\dc} are mutually exclusive.
|
||||
%
|
||||
Thus FMMD naturally produces {\dcs} with failure modes that are mutually exclusive.
|
||||
%
|
||||
@ -1254,7 +1253,7 @@ described in greater detail in section~\ref{sec:determine_fms}).
|
||||
% %
|
||||
The FMMD model can also be used to derive information
|
||||
to assist in creating related models such as FTA~\cite{nucfta,nasafta},
|
||||
traditional FMEA, FMECA~\cite{safeware}[p.344], FMEDA~\cite{scsh}, diagnostics schemas~\cite{dbamafta}
|
||||
traditional FMEA, FMECA~\cite{safeware}[p.344], FMEDA~\cite{scsh}, diagnostics schemas~\cite{cbds,dbamafta}
|
||||
and other failure mode analysis methodologies.
|
||||
%
|
||||
\fmmdglossFTA
|
||||
|
||||
@ -86,10 +86,10 @@ A threshold would be determined for an `$AMP_{LOW}$' failure symptom (i.e. the o
|
||||
%This configuration is interesting from methodology pers.
|
||||
There are two obvious ways in which this circuit can be modelled.
|
||||
%
|
||||
One is to do this in two stages, by considering the gain resistors to be a potential divider
|
||||
One is to do this in two stages, firstly by considering the gain resistors to be a potential divider
|
||||
and then combining it with the OPAMP failure mode model.
|
||||
%
|
||||
The second is to place all three components in one {\fg}.
|
||||
Secondly to place all three components in one {\fg}.
|
||||
Both approaches are followed in the next two sub-sections.
|
||||
%
|
||||
\clearpage
|
||||
@ -821,7 +821,7 @@ results re-used for the next stage of analysis (see figure~\ref{fig:circuit2002_
|
||||
|
||||
A derived component is created to represent the Sallen Key low pass filter, called $SKLP$:
|
||||
%
|
||||
$$ fm ( SKLP ) = \{ SKLPHigh, SKLPLow, SKLPIncorrect, SKLPnosignal . \} $$
|
||||
$$ fm ( SKLP ) = \{ SKLPHigh, SKLPLow, SKLPIncorrect, SKLPnosignal \} . $$
|
||||
%
|
||||
%
|
||||
\clearpage
|
||||
@ -1269,7 +1269,7 @@ having 24 failure modes to consider against each of the other seven {\dcs}.
|
||||
A finer grained approach produces more potentially re-usable {\dcs} and
|
||||
involved several stages with an overall lower reasoning distance.
|
||||
%
|
||||
The lower reasoning distances, or complexity comparison figures are given in the metrics chapter~\ref{sec:chap7}
|
||||
These reasoning distances, or complexity comparison figures are presented in the metrics chapter~\ref{sec:chap7}
|
||||
in section~\ref{sec:bubbaCC}.
|
||||
%
|
||||
This example demonstrates that the finer grained models
|
||||
@ -1425,7 +1425,7 @@ This is an OpAmp in a signal buffer configuration
|
||||
and therefore simply has the failure modes of an Op-amp.
|
||||
%
|
||||
As it is performing one particular function
|
||||
it can be considered as a {\dc} a High Impedance Signal Buffer (HISB).
|
||||
it can be considered as a {\dc}, a High Impedance Signal Buffer (HISB).
|
||||
%
|
||||
This is analysed using FMMD in appendix~\ref{detail:HISB}.
|
||||
%
|
||||
@ -1436,7 +1436,7 @@ $$fm(HISB) = \{HIGH, LOW, NOOP, LOW_{SLEW} \}.$$
|
||||
%
|
||||
The integrator is implemented in analogue electronics, but the output from the D type flip flop is a digital signal.
|
||||
%
|
||||
A conversion stage is required to interface these stages.
|
||||
A conversion stage is required to interface these elements.
|
||||
%
|
||||
Digital level to analogue level conversion is performed by IC3 in conjunction with a potential divider formed by R3,R4.
|
||||
%
|
||||
@ -1906,9 +1906,9 @@ As the Pt100 forms a potential divider with the \ohms{2k2} load resistors,
|
||||
the upper and lower readings are calculated thus:
|
||||
%
|
||||
%
|
||||
$$ highreading = 5V.\frac{2k2+Pt100}{2k2+2k2+pt100} \; $$
|
||||
$$ sense+ = 5V.\frac{2k2+Pt100}{2k2+2k2+pt100} \; $$
|
||||
and
|
||||
$$ lowreading = 5V.\frac{2k2}{2k2+2k2+Pt100} \; .$$
|
||||
$$ sense- = 5V.\frac{2k2}{2k2+2k2+Pt100} \; .$$
|
||||
%
|
||||
So by defining an acceptable measurement/temperature range,
|
||||
and ensuring the
|
||||
@ -1921,11 +1921,11 @@ resistors in this circuit have failed.
|
||||
To convert these to twelve bit ADC (\adctw)\footnote{An {\adctw} with a 5V Vref is assumed for this example. Raw ADC counts
|
||||
would typically be used in software routines validating range/values in safety critical readings.} counts:
|
||||
%
|
||||
$$ highreading = 2^{12}.\frac{2k2+Pt100}{2k2+2k2+pt100} $$
|
||||
$$ sense+ = 2^{12}.\frac{2k2+Pt100}{2k2+2k2+pt100} $$
|
||||
%
|
||||
and
|
||||
%
|
||||
$$ lowreading = 2^{12}.\frac{2k2}{2k2+2k2+Pt100} . $$
|
||||
$$ sense- = 2^{12}.\frac{2k2}{2k2+2k2+Pt100} . $$
|
||||
%
|
||||
%
|
||||
\begin{table}[ht]
|
||||
|
||||
@ -251,8 +251,23 @@ value from the external equipment is read.
|
||||
\section{Simple Software Example: Reading a \ft input into software}
|
||||
|
||||
|
||||
Consider a software function that reads a {\ft} input, and returns a value between 0 and 999 (i.e. per mil $\permil$)
|
||||
Consider a software function that reads a {\ft} input,
|
||||
and returns a value between 0 and 999 (i.e. per mil $\permil$)
|
||||
representing the current detected; plus an additional error indication flag.
|
||||
|
||||
The {\ft} input circuitry used in the example and its related software,
|
||||
are accepted practise and in common use,
|
||||
and therefore its failure mode behaviour is well known and understood.
|
||||
%
|
||||
For this reason it is a good example to use for comparing the results from FMMD analysis
|
||||
with known failure mode behaviour from the field/direct experience of engineers.
|
||||
%
|
||||
% The failure model is then discussed and compared with heuristic knowledge of {\ft} inputs,
|
||||
% circuitry and software.
|
||||
% Conclusions are then presented listing the benefits and
|
||||
% draw-backs of analysing the hardware/software hybrid system using FMMD,
|
||||
% and FMMD is compared with traditional HFMEA and SFMEA.
|
||||
|
||||
%
|
||||
From figure~\ref{fig:ftcontext} the {\ft} detection is via a \ohms{220} resistor and the voltage is read from an ADC into the software.
|
||||
%
|
||||
@ -265,7 +280,7 @@ and $0.020A \times \ohms{220} = 4.4V$.
|
||||
%
|
||||
The acceptable voltage range\footnote{For the purpose of clarity resistor tolerance has been ignored.
|
||||
In a practical {\ft} reader resistor tolerance would be factored into the limits, or
|
||||
`deadbands' of $\approx \half mA$ at either end of the range would be implemented.}
|
||||
`dead-bands' of $\approx \half mA$ at either end of the range would be implemented.}
|
||||
is therefore
|
||||
|
||||
$$(V \ge 0.88) \wedge (V \le 4.4) \; .$$
|
||||
|
||||
@ -545,8 +545,9 @@ compared to the DFT algorithm.
|
||||
%\clearpage
|
||||
\section{Complexity Comparison applied to FMMD electronic circuits analysed in chapter~\ref{sec:chap5}.}
|
||||
|
||||
All the FMMD examples in chapters \ref{sec:chap5}
|
||||
and \ref{sec:chap6} showed a marked reduction in comparison
|
||||
All the FMMD examples in chapter \ref{sec:chap5}
|
||||
%and \ref{sec:chap6}
|
||||
showed a marked reduction in comparison
|
||||
complexity compared to {\XFMEA}. % worst case figures.
|
||||
%
|
||||
To calculate {\XFMEA} the comparison complexity equation~\ref{eqn:CC} is used.
|
||||
|
||||
@ -45,7 +45,7 @@ the HFMEA~\cite{sfmeaa,sfmea}. %, and while modular kept strictly to a bottom-up
|
||||
Using established concepts from contract programming~\cite{dbcbe} FMMD was extended to analyse software,
|
||||
which facilitated a solution to the software/hardware interfacing problem~\cite{sfmeainterface}.
|
||||
%
|
||||
Two examples of mixed software and hardware systems were analysed as integrated FMMD models
|
||||
Two examples of hybrid software/hardware systems were analysed as integrated FMMD models
|
||||
as proof of concept. The first example in chapter~\ref{sec:chap6}, was
|
||||
presented to the System Safety IET conference in 2012~\cite{syssafe2012}.
|
||||
%
|
||||
@ -430,7 +430,7 @@ leading to idealised XFMEA requirements (see section~\ref{sec:reasoningdistance}
|
||||
Using FMMD only those modules in the hierarchy above the
|
||||
component with the new failure mode need be re-visited.
|
||||
%
|
||||
The failure mode DAGs (see section~\ref{sec:chap4}) can be traced to determine exactly which
|
||||
The failure mode DAGs (see chapter~\ref{sec:chap4}) can be traced to determine exactly which
|
||||
{\fgs} exist in the hierarchy above the affected {\bcs}.
|
||||
%
|
||||
This means that with FMMD the re-work task can be precisely defined.
|
||||
@ -515,6 +515,15 @@ was therefore subjective.
|
||||
It was not known how the operators
|
||||
would have reacted and deficiencies in the Human Machine Interface (HMI) were not a factor in the failure analysis.
|
||||
|
||||
\paragraph{Creation of a software FMMD tool.}
|
||||
%
|
||||
A software tool could be created with an extendible library/database of
|
||||
base and derived components.
|
||||
%
|
||||
This tool could guide the user through the analysis and hierarchy construction processes
|
||||
and use the constraints and algorithms defined in appendix~\ref{sec:algorithmfmmd} and
|
||||
the UML diagram developed (see figure\ref{fig:cfg})
|
||||
for verification of the process and models produced.
|
||||
|
||||
\paragraph{Further Work: Objective and Subjective Reasoning in FMEA.}
|
||||
%
|
||||
|
||||
@ -147,7 +147,6 @@ Dated
|
||||
% Supervisors did not warn me this was required.
|
||||
% I found out by reading the OU ``how to get a PhD'' book in the bath, and then wading through the Brighton University
|
||||
% regulations where it is stated on page 14 of a 30+ page document filled with mostly n/a regulations to me.
|
||||
% Ho HUM. No wonder these shits have trouble working in the real world.
|
||||
%
|
||||
%
|
||||
|
||||
@ -159,7 +158,7 @@ standards typically demand environmental stress, endurance and electro magnetic
|
||||
%
|
||||
Theoretical, or `static~testing' also a requirement.
|
||||
%
|
||||
Failure Mode effects Analysis (FMEA) is a tool used for static testing.
|
||||
Failure Mode Effects Analysis (FMEA) is a tool used for static testing.
|
||||
FMEA is a bottom-up technique that aims to assess the effects
|
||||
of all component failure modes in a system.
|
||||
%
|
||||
|
||||
Loading…
Reference in New Issue
Block a user