From 5d5a67043b5ddef2e401e14b7179a8207a2a829c Mon Sep 17 00:00:00 2001 From: Robin Clark Date: Wed, 16 Mar 2011 10:01:07 +0000 Subject: [PATCH] . --- logic_diagram/logic_diagram.tex | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/logic_diagram/logic_diagram.tex b/logic_diagram/logic_diagram.tex index dd68b6b..3b3e99d 100644 --- a/logic_diagram/logic_diagram.tex +++ b/logic_diagram/logic_diagram.tex @@ -961,12 +961,15 @@ European Norm EN298~\cite{en298}[Sn.9] states that if a burner controller is in and has ordered a shutdown) a secondary fault cannot be allowed to put the equipment under control (the burner) into a dangerous state. To cover this rigorously, we must consider all faults that can lead to a LOCKOUT condition and then look for others that could put the system into a dangerous state after the LOCKOUT. -In practise, this would be a gigantic (as probably impossible task). +In practise, this would be a gigantic (and probably impossible task). What we can consider though, are all faults being double simultaneous in the FMMD methodology, because we need only look for the double failure modes within each functional group. Because we are looking for double failure modes within small groups the number of checks cross product factor is drastically reduced. -So drastically reduced that it makes it a practical possibility. +So drastically reduced, that it makes full failure more coverage +for double simultaneous failures, a practical possibility. +% Do we need an order of equation here ??? + \paragraph{Covering Double faults in a PLD Diagram} Because we are allowed to repeat contours in a PLD diagram, we can arrange them in a matrix like configuration as in figure \ref{fig:doublesim}.