diff --git a/submission_thesis/CH2_FMEA/copy.tex b/submission_thesis/CH2_FMEA/copy.tex index 4713695..f5a2b6f 100644 --- a/submission_thesis/CH2_FMEA/copy.tex +++ b/submission_thesis/CH2_FMEA/copy.tex @@ -154,6 +154,7 @@ In practice, this part of the process is guided by %%% PRACTICE NOUN Practice ma the particular standard which is being conformed to. %we are seeking to conform.% to. % +% Standards may differ in their definitions for the {\fms} of {\bcs}. The reasons for these differences are examined below using two example components. % @@ -182,6 +183,8 @@ The FMEA investigator needs to know what failure behaviour a component could exh % A large body of literature exists giving guidance for the determination of component {\fms}. % +An interesting discussion on semi-conductor failure modes may be found in~\cite{ehb}[Ch.44]. +% For this study FMD-91~\cite{fmd91} and the gas burner standard EN298~\cite{en298} are examined. %Some standards prescribe specific failure modes for generic component types. In EN298 failure modes for most generic component types are listed, or if not listed, @@ -1627,7 +1630,7 @@ These factors mean that re-use, review and checking of traditional analysis can Work has been performed to assist in incremental FMEA production by use of a software tool which in conjunction with circuit simulation and a database of component failure modes (providing consistency in terminology) -speeds up the FMEA process~\cite{incrementalfmea}. +speeds up the FMEA process and aids re-use~\cite{incrementalfmea}. % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% diff --git a/submission_thesis/CH3_FMEA_criticism/copy.tex b/submission_thesis/CH3_FMEA_criticism/copy.tex index 64c723a..941aaa9 100644 --- a/submission_thesis/CH3_FMEA_criticism/copy.tex +++ b/submission_thesis/CH3_FMEA_criticism/copy.tex @@ -102,6 +102,9 @@ the fundamental problem remains, that, with any changes to the component base in a system, it is very difficult to determine which FMEA test scenarios must be re-worked. % +With component failure mode databases, in conjunction with circuit simulation, work has been performed to address +this~\cite{incrementalfmea}. +% It is common in safety critical systems to have repeated circuit topologies. % For instance there may be several signal input and output @@ -308,7 +311,7 @@ For instance, an AVO-8 multi-meter circa 1970, uses only analogue electronics an using FMEA how component failures within it could affect readings. % A modern multi-meter will have a small dedicated micro-processor and sensing electronics, all on the same chip, -with firmware to read the user controls, and display results. % on an LCD. +with firmware to read the user controls and display results. % on an LCD. % For quality control, many safety critical processes require regular inspections and measurements of physical characteristics of materials and machinery. diff --git a/submission_thesis/CH4_FMMD/copy.tex b/submission_thesis/CH4_FMMD/copy.tex index 6011d48..ca9507e 100644 --- a/submission_thesis/CH4_FMMD/copy.tex +++ b/submission_thesis/CH4_FMMD/copy.tex @@ -59,7 +59,7 @@ All the failure modes of all the components within a {\fg} are collected. % %A flat set is a set containing just the failure modes and not sets of failure modes~\cite{joyofsets}[p.8]. % -Each component failure mode can considered as a `failure~scenario' or 'test~case' +Each component failure mode can be considered as a `failure~scenario' or 'test~case' to be applied to the {\fg}. % Each of these failure modes, and optionally combinations of them, are @@ -238,7 +238,7 @@ for it outputting a low voltage `LowPD'. % Andrew asked for this to be defined b % %\vbox{ From table \ref{tbl:pdfmea} it can be seen that the resistor -failures modes lead to some common symptoms of failure from the perspective of the {\fg}. +failure modes lead to some common symptoms of failure from the perspective of the {\fg}. %YOU FIDDLINGING FITTAS, TELL ME TO USE THE TERM SYMPTOM AND THEN TELL ME TO FIDDLINGING REMOVE IT A YEAR LATER> FITTAS %symptoms. %These common symptoms of failure are an important concept for FMMD. @@ -409,7 +409,7 @@ These op-amp failure modes are represented on the DAG in figure~\ref{fig:op1dag} %} %\clearpage %\paragraph{Modelling the OP amp with the potential divider.} -The op-amp and the {\dc} {\em PD} now % andrew heavily critised this sentence but it made sense to Chris and I +The op-amp and the {\dc} {\em PD} are now % andrew heavily critised this sentence but it made sense to Chris and I formed into a {\fg} to model the failure mode behaviour of the non-inverting amplifier. \fmmdglossOPAMP % @@ -934,21 +934,21 @@ as examples. \section{Fault Mode Analysis, top down or bottom up?} -Traditional static fault analysis methods work from the top down. +Traditional static fault analysis methods, such as FTA~\cite{nucfta,nasafta} work from the top down. They identify faults that can occur in a system, and then work down to see how they could be caused. % -Some apply statistical techniques to -determine the likelihood of component failures -causing specific system level errors. -% -For example the FMEA variant FMECA, uses -Bayes theorem~\cite{probstat}[p.170]~\cite{nucfta}[p.74] (the relation between a conditional probability and its reverse) -and is applied to specific failure modes in components and their probability of causing given system level errors. -\fmmdglossFMECA -Another top down methodology is to apply cost benefit analysis -to determine which faults are the highest priority to fix~\cite{bfmea}. -% +% Some apply statistical techniques to +% determine the likelihood of component failures +% causing specific system level errors. +% % +% For example the FMEA variant FMECA, uses +% Bayes theorem~\cite{probstat}[p.170]~\cite{nucfta}[p.74] (the relation between a conditional probability and its reverse) +% and is applied to specific failure modes in components and their probability of causing given system level errors. +% \fmmdglossFMECA +% Another top down methodology is to apply cost benefit analysis +% to determine which faults are the highest priority to fix~\cite{bfmea}. +% % %\fmmdglossFMEA \fmeagloss % @@ -958,7 +958,6 @@ models of safety critical systems from the bottom-up, starting where possible with known base~component failure~modes. % % -% An advantage of working from the bottom up is that it can be ensured that all component failure modes have been considered. % @@ -1124,7 +1123,7 @@ in quality systems~\cite{iso9001}. Having analysis reports increases the traceability---or documented paper trail---aiding understanding and maintainability for failure mode models. % -Also a detailed cause and effect model is useful for creating diagnostic schemas~\cite{dbamafta}. +Also a detailed cause and effect model is useful for creating diagnostic schemas~\cite{dbamafta,cbds}. @@ -1189,8 +1188,8 @@ are naturally mutually exclusive. % This also applies to {\dcs} produced in the FMMD process. % -In the FMMD process symptoms are are collected, i.e no component failure modes may be shared -by a symptom within a {\fg}, and therefore the failure modes of a {\dc} are mutually exclusive. +In the FMMD process common symptoms are are collected, i.e no component failure modes may be %shared +linked to more than one symptom and therefore the failure modes of a {\dc} are mutually exclusive. % Thus FMMD naturally produces {\dcs} with failure modes that are mutually exclusive. % @@ -1254,7 +1253,7 @@ described in greater detail in section~\ref{sec:determine_fms}). % % The FMMD model can also be used to derive information to assist in creating related models such as FTA~\cite{nucfta,nasafta}, -traditional FMEA, FMECA~\cite{safeware}[p.344], FMEDA~\cite{scsh}, diagnostics schemas~\cite{dbamafta} +traditional FMEA, FMECA~\cite{safeware}[p.344], FMEDA~\cite{scsh}, diagnostics schemas~\cite{cbds,dbamafta} and other failure mode analysis methodologies. % \fmmdglossFTA diff --git a/submission_thesis/CH5_Examples/copy.tex b/submission_thesis/CH5_Examples/copy.tex index 4faefcf..497a761 100644 --- a/submission_thesis/CH5_Examples/copy.tex +++ b/submission_thesis/CH5_Examples/copy.tex @@ -86,10 +86,10 @@ A threshold would be determined for an `$AMP_{LOW}$' failure symptom (i.e. the o %This configuration is interesting from methodology pers. There are two obvious ways in which this circuit can be modelled. % -One is to do this in two stages, by considering the gain resistors to be a potential divider +One is to do this in two stages, firstly by considering the gain resistors to be a potential divider and then combining it with the OPAMP failure mode model. % -The second is to place all three components in one {\fg}. +Secondly to place all three components in one {\fg}. Both approaches are followed in the next two sub-sections. % \clearpage @@ -821,7 +821,7 @@ results re-used for the next stage of analysis (see figure~\ref{fig:circuit2002_ A derived component is created to represent the Sallen Key low pass filter, called $SKLP$: % -$$ fm ( SKLP ) = \{ SKLPHigh, SKLPLow, SKLPIncorrect, SKLPnosignal . \} $$ +$$ fm ( SKLP ) = \{ SKLPHigh, SKLPLow, SKLPIncorrect, SKLPnosignal \} . $$ % % \clearpage @@ -1269,7 +1269,7 @@ having 24 failure modes to consider against each of the other seven {\dcs}. A finer grained approach produces more potentially re-usable {\dcs} and involved several stages with an overall lower reasoning distance. % -The lower reasoning distances, or complexity comparison figures are given in the metrics chapter~\ref{sec:chap7} +These reasoning distances, or complexity comparison figures are presented in the metrics chapter~\ref{sec:chap7} in section~\ref{sec:bubbaCC}. % This example demonstrates that the finer grained models @@ -1425,7 +1425,7 @@ This is an OpAmp in a signal buffer configuration and therefore simply has the failure modes of an Op-amp. % As it is performing one particular function -it can be considered as a {\dc} a High Impedance Signal Buffer (HISB). +it can be considered as a {\dc}, a High Impedance Signal Buffer (HISB). % This is analysed using FMMD in appendix~\ref{detail:HISB}. % @@ -1436,7 +1436,7 @@ $$fm(HISB) = \{HIGH, LOW, NOOP, LOW_{SLEW} \}.$$ % The integrator is implemented in analogue electronics, but the output from the D type flip flop is a digital signal. % -A conversion stage is required to interface these stages. +A conversion stage is required to interface these elements. % Digital level to analogue level conversion is performed by IC3 in conjunction with a potential divider formed by R3,R4. % @@ -1906,9 +1906,9 @@ As the Pt100 forms a potential divider with the \ohms{2k2} load resistors, the upper and lower readings are calculated thus: % % -$$ highreading = 5V.\frac{2k2+Pt100}{2k2+2k2+pt100} \; $$ +$$ sense+ = 5V.\frac{2k2+Pt100}{2k2+2k2+pt100} \; $$ and -$$ lowreading = 5V.\frac{2k2}{2k2+2k2+Pt100} \; .$$ +$$ sense- = 5V.\frac{2k2}{2k2+2k2+Pt100} \; .$$ % So by defining an acceptable measurement/temperature range, and ensuring the @@ -1921,11 +1921,11 @@ resistors in this circuit have failed. To convert these to twelve bit ADC (\adctw)\footnote{An {\adctw} with a 5V Vref is assumed for this example. Raw ADC counts would typically be used in software routines validating range/values in safety critical readings.} counts: % -$$ highreading = 2^{12}.\frac{2k2+Pt100}{2k2+2k2+pt100} $$ +$$ sense+ = 2^{12}.\frac{2k2+Pt100}{2k2+2k2+pt100} $$ % and % -$$ lowreading = 2^{12}.\frac{2k2}{2k2+2k2+Pt100} . $$ +$$ sense- = 2^{12}.\frac{2k2}{2k2+2k2+Pt100} . $$ % % \begin{table}[ht] diff --git a/submission_thesis/CH6_Software_Examples/software.tex b/submission_thesis/CH6_Software_Examples/software.tex index 2884794..689b970 100644 --- a/submission_thesis/CH6_Software_Examples/software.tex +++ b/submission_thesis/CH6_Software_Examples/software.tex @@ -251,8 +251,23 @@ value from the external equipment is read. \section{Simple Software Example: Reading a \ft input into software} -Consider a software function that reads a {\ft} input, and returns a value between 0 and 999 (i.e. per mil $\permil$) +Consider a software function that reads a {\ft} input, +and returns a value between 0 and 999 (i.e. per mil $\permil$) representing the current detected; plus an additional error indication flag. + +The {\ft} input circuitry used in the example and its related software, +are accepted practise and in common use, +and therefore its failure mode behaviour is well known and understood. +% +For this reason it is a good example to use for comparing the results from FMMD analysis +with known failure mode behaviour from the field/direct experience of engineers. +% +% The failure model is then discussed and compared with heuristic knowledge of {\ft} inputs, +% circuitry and software. +% Conclusions are then presented listing the benefits and +% draw-backs of analysing the hardware/software hybrid system using FMMD, +% and FMMD is compared with traditional HFMEA and SFMEA. + % From figure~\ref{fig:ftcontext} the {\ft} detection is via a \ohms{220} resistor and the voltage is read from an ADC into the software. % @@ -265,7 +280,7 @@ and $0.020A \times \ohms{220} = 4.4V$. % The acceptable voltage range\footnote{For the purpose of clarity resistor tolerance has been ignored. In a practical {\ft} reader resistor tolerance would be factored into the limits, or -`deadbands' of $\approx \half mA$ at either end of the range would be implemented.} +`dead-bands' of $\approx \half mA$ at either end of the range would be implemented.} is therefore $$(V \ge 0.88) \wedge (V \le 4.4) \; .$$ diff --git a/submission_thesis/CH7_Evaluation/copy.tex b/submission_thesis/CH7_Evaluation/copy.tex index 2856916..7bcee7b 100644 --- a/submission_thesis/CH7_Evaluation/copy.tex +++ b/submission_thesis/CH7_Evaluation/copy.tex @@ -545,8 +545,9 @@ compared to the DFT algorithm. %\clearpage \section{Complexity Comparison applied to FMMD electronic circuits analysed in chapter~\ref{sec:chap5}.} -All the FMMD examples in chapters \ref{sec:chap5} -and \ref{sec:chap6} showed a marked reduction in comparison +All the FMMD examples in chapter \ref{sec:chap5} +%and \ref{sec:chap6} +showed a marked reduction in comparison complexity compared to {\XFMEA}. % worst case figures. % To calculate {\XFMEA} the comparison complexity equation~\ref{eqn:CC} is used. diff --git a/submission_thesis/CH8_Conclusion/copy.tex b/submission_thesis/CH8_Conclusion/copy.tex index 7fc352b..9856c7e 100644 --- a/submission_thesis/CH8_Conclusion/copy.tex +++ b/submission_thesis/CH8_Conclusion/copy.tex @@ -45,7 +45,7 @@ the HFMEA~\cite{sfmeaa,sfmea}. %, and while modular kept strictly to a bottom-up Using established concepts from contract programming~\cite{dbcbe} FMMD was extended to analyse software, which facilitated a solution to the software/hardware interfacing problem~\cite{sfmeainterface}. % -Two examples of mixed software and hardware systems were analysed as integrated FMMD models +Two examples of hybrid software/hardware systems were analysed as integrated FMMD models as proof of concept. The first example in chapter~\ref{sec:chap6}, was presented to the System Safety IET conference in 2012~\cite{syssafe2012}. % @@ -430,7 +430,7 @@ leading to idealised XFMEA requirements (see section~\ref{sec:reasoningdistance} Using FMMD only those modules in the hierarchy above the component with the new failure mode need be re-visited. % -The failure mode DAGs (see section~\ref{sec:chap4}) can be traced to determine exactly which +The failure mode DAGs (see chapter~\ref{sec:chap4}) can be traced to determine exactly which {\fgs} exist in the hierarchy above the affected {\bcs}. % This means that with FMMD the re-work task can be precisely defined. @@ -515,6 +515,15 @@ was therefore subjective. It was not known how the operators would have reacted and deficiencies in the Human Machine Interface (HMI) were not a factor in the failure analysis. +\paragraph{Creation of a software FMMD tool.} +% +A software tool could be created with an extendible library/database of +base and derived components. +% +This tool could guide the user through the analysis and hierarchy construction processes +and use the constraints and algorithms defined in appendix~\ref{sec:algorithmfmmd} and +the UML diagram developed (see figure\ref{fig:cfg}) +for verification of the process and models produced. \paragraph{Further Work: Objective and Subjective Reasoning in FMEA.} % diff --git a/submission_thesis/colophon/copy.tex b/submission_thesis/colophon/copy.tex index 4ba7e1c..62a5ae2 100644 --- a/submission_thesis/colophon/copy.tex +++ b/submission_thesis/colophon/copy.tex @@ -147,7 +147,6 @@ Dated % Supervisors did not warn me this was required. % I found out by reading the OU ``how to get a PhD'' book in the bath, and then wading through the Brighton University % regulations where it is stated on page 14 of a 30+ page document filled with mostly n/a regulations to me. -% Ho HUM. No wonder these shits have trouble working in the real world. % % @@ -159,7 +158,7 @@ standards typically demand environmental stress, endurance and electro magnetic % Theoretical, or `static~testing' also a requirement. % -Failure Mode effects Analysis (FMEA) is a tool used for static testing. +Failure Mode Effects Analysis (FMEA) is a tool used for static testing. FMEA is a bottom-up technique that aims to assess the effects of all component failure modes in a system. %