robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

more werk... werk werk werk.

Browse Source
This commit is contained in:
Robin Clark 2013-02-01 11:49:06 +00:00
parent 7bcf4601db
commit 61dd574e87
5 changed files with 139 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
mybib.bib
View File

@ -226,7 +226,8 @@ ISSN={0149-144X}}
@INPROCEEDINGS{incrementalfmea,
author={Price, C.J.},
booktitle={Reliability and Maintainability Symposium, 1996 Proceedings. International Symposium on Product Quality and Integrity., Annual}, title={Effortless incremental design FMEA},
booktitle={Reliability and Maintainability Symposium, 1996 Proceedings. International Symposium on Product Quality and Integrity., Annual},
title={Effortless incremental design FMEA},
year={1996},
month={jan},
volume={},
@ -299,7 +300,8 @@ ISSN={},}
@INPROCEEDINGS{5754453,
author={Snooke, N. and Price, C.},
booktitle={Reliability and Maintainability Symposium (RAMS), 2011 Proceedings - Annual}, title={Model-driven automated software FMEA},
booktitle={Reliability and Maintainability Symposium (RAMS), 2011 Proceedings - Annual},
title={Model-driven automated software FMEA},
year={2011},
month={jan.},
volume={},
@ -406,6 +408,31 @@ Database
keywords = "fault-tolerance"
}
@INPROCEEDINGS{FMEAmultiple653556,
author={Price, C.J. and Taylor, N.S.},
booktitle={Reliability and Maintainability Symposium, 1998. Proceedings., Annual}, title={FMEA for multiple failures},
year={1998},
month={jan},
volume={},
number={},
pages={43 -47},
keywords={Analytical models;Automotive engineering;Circuit simulation;Circuit testing;Conferences;Design engineering;Failure analysis;Fires;Power engineering and energy;System analysis and design;automotive electronics;failure analysis;approximate failure rates;automotive electrical subsystems;components failure;failure mode and effects analysis;multiple failures;realistically complex subsystems;simulation;wash wipe circuit;},
doi={10.1109/RAMS.1998.653556},
ISSN={0149-144X},}
@INPROCEEDINGS{AutoFMEAfaultTree1281774,
author={Papadopoulos, Y. and Parker, D. and Grante, C.},
booktitle={High Assurance Systems Engineering, 2004. Proceedings. Eighth IEEE International Symposium on}, title={Automating the failure modes and effects analysis of safety critical systems},
year={2004},
month={march},
volume={},
number={},
pages={ 310 - 311},
keywords={Aerospace engineering;Aerospace industry;Aerospace safety;Automotive engineering;Cause effect analysis;Computer architecture;Data engineering;Failure analysis;Performance analysis;Software performance; data flow analysis; fault trees; safety-critical software; software architecture; software fault tolerance; FMEA; component failure modes; data flow; data transactions; failure effect analysis; failure mode analysis; fault simulation; fault tree analysis; safety critical systems; software design; software development; system models; system safety analysis; system topology;},
doi={10.1109/HASE.2004.1281774},
ISSN={1530-2059},}
@article{iso9001,
title = "ISO 9001 Quality",
journal = "British Standards Institute",

BIN
related_papers_books/automating_failure_modes_01281774.pdf Normal file
View File

Binary file not shown.

105
submission_thesis/CH5_Examples/copy.tex
View File

@ -64,6 +64,9 @@ by applying FMMD to a sigma delta ADC.
%shows FMMD analysing the sigma delta
%analogue to digital converter---again with a circular signal path---which operates on both
%analogue and digital signals.
\item Section~\ref{sec:Pt100} demonstrates FMMD being applied to commonly used Pt100
safety critical temperature sensor circuit, this is analysed for single and double failure modes.
\end{itemize}
@ -1845,7 +1848,7 @@ The \sd example, shows that FMMD can be applied to mixed digital and analogue ci
\clearpage
\section{Pt100 Analysis: FMMD and Mean Time to Failure (MTTF) statistics}
\section{Pt100 Analysis: FMMD and Double Failure Mode Analysis}
\label{sec:Pt100}
{
%This section
@ -1865,7 +1868,8 @@ The \sd example, shows that FMMD can be applied to mixed digital and analogue ci
For this example we look at an industry standard temperature measurement circuit,
the Pt100. The four wire Pt100 configuration commonly used well known safety critical circuit.
Applying FMMD lets us look at this circuit in a fresh light.
It also demonstrates FMMD coping with component parameter tolerances.
we analyse this for both single and double failures,
in addition it demonstrates FMMD coping with component parameter tolerances.
The circuit is described traditionally and then analysed using the FMMD methodology.
@ -2261,8 +2265,9 @@ read 5V. Both readings are outside the proscribed range.
\subsection{Summary of Analysis}
All six test cases have been analysed and the results agree with the hypothesis
put in table~\ref{ptfmea}. The PLD diagram, can now be used to collect the
symptoms. In this case there is a common and easily detected symptom for all these single
put in table~\ref{ptfmea}.
%The PLD diagram, can now be used to collect the symptoms.
In this case there is a common and easily detected symptom for all these single
resistor faults : Voltage out of range.
%
% A spider can be drawn on the PLD diagram to this effect.
@ -2284,7 +2289,7 @@ resistors in this circuit has failed.
}
\subsection{Derived Component : The Pt100 Circuit}
\subsection{Derived Component with one failure mode.}
The Pt100 circuit can now be treated as a component in its own right, and has one failure mode,
{\textbf OUT\_OF\_RANGE}. This is a single, detectable failure mode. The observability of a
fault condition is very good with this circuit. This should not be a surprise, as the four wire $Pt100$
@ -2314,22 +2319,26 @@ It can now be represented as a PLD see figure \ref{fig:Pt100_singlef}.
\section{Double failure analysis}
%\section{Double failure analysis}
%CITE PRICE MULTIPLE FAILURE PAPER.
%\clearpage
\section{ Pt100 Double Simultaneous Fault Analysis}
\label{sec:Pt100d}
In this section we examine the failure mode behaviour for all single
faults and double simultaneous faults.
This corresponds to the cardinality constrained powerset of one (see section~\ref{ccp}), of
the failure modes in the functional group.
All the single faults have already been proved in the last section.
For the next set of test cases, let us again hypothesise
the failure modes, and then examine each one in detail with
potential divider equation proofs.
In this section we examine the failure mode behaviour % for all single
%faults and
double simultaneous faults.
Traditional FMEA methodologies do not provide double failure analysis~\cite{safeware}[p.342]
and double failure analysis for FMEA is a subject of current research~\cite{FMEAmultiple653556,AutoFMEAfaultTree1281774}.
%This corresponds to the cardinality constrained powerset of one (see section~\ref{ccp}), of
%the failure modes in the functional group.
All the single faults have been analysed in the last section.
%For the next set of test cases, let us again hypothesise
%the failure modes, and then examine each one in detail with
%potential divider equation proofs.
%
Table \ref{tab:ptfmea2} lists all the combinations of double
faults and then hypothesises how the functional~group will react
under those conditions.
@ -2367,74 +2376,6 @@ TC 18: & $R_2$ SHORT $R_3$ SHORT & low & low & Both out of Rang
\label{tab:ptfmea2}
\end{table}
\subsection{Verifying complete coverage for a cardinality constrained powerset of 2}
\fmodegloss
It is important to check that we have covered all possible double fault combinations.
We can use the equation \ref{eqn:correctedccps2}
\ifthenelse {\boolean{paper}}
{
from the definitions paper
\ref{pap:compdef}
,
reproduced below to verify this.
\indent{
where:
\begin{itemize}
\item The set $SU$ represents the components in the functional~group, where all components are guaranteed to have unitary state failure modes.
\item The indexed set $C_j$ represents all components in set $SU$.
\item The function $FM$ takes a component as an argument and returns its set of failure modes.
\item $cc$ is the cardinality constraint, here 2 as we are interested in double and single faults.
\end{itemize}
}
\begin{equation}
|{\mathcal{P}_{cc}SU}| = {\sum^{k}_{1..cc} \frac{|{SU}|!}{k!(|{SU}| - k)!}}
- {{\sum^{j}_{j \in J} \frac{|FM({C_j})|!}{2!(|FM({C_j})| - 2)!}} }
\label{eqn:correctedccps2}
\end{equation}
}
{
\begin{equation}
|{\mathcal{P}_{cc}SU}| = {\sum^{cc}_{k=1} \frac{|{SU}|!}{k!(|{SU}| - k)!}}
- {{\sum^{j}_{j \in J} \frac{|FM({C_j})|!}{2!(|FM({C_j})| - 2)!}} }
%\label{eqn:correctedccps2}
\end{equation}
}
$|FM(C_j)|$ will always be 2 here, as all the components are resistors and have two failure modes.
%
% Factorial of zero is one ! You can only arrange an empty set one way !
Populating this equation with $|SU| = 6$ and $|FM(C_j)|$ = 2.
%is always 2 for this circuit, as all the components are resistors and have two failure modes.
\begin{equation}
|{\mathcal{P}_{2}SU}| = {\sum^{k}_{1..2} \frac{6!}{k!(6 - k)!}}
- {{\sum^{j}_{1..3} \frac{2!}{p!(2 - p)!}} }
%\label{eqn:correctedccps2}
\end{equation}
$|{\mathcal{P}_{2}SU}|$ is the number of valid combinations of faults to check
under the conditions of unitary state failure modes for the components (a resistor cannot fail by being shorted and open at the same time).
Expanding the sumations
$$ NoOfTestCasesToCheck = \frac{6!}{1!(6-1)!} + \frac{6!}{2!(6-2)!} - \Big( \frac{2!}{2!(2 - 2)!} + \frac{2!}{2!(2 - 2)!} + \frac{2!}{2!(2 - 2)!} \Big) $$
$$ NoOfTestCasesToCheck = 6 + 15 - ( 1 + 1 + 1 ) = 18 $$
As the test cases are all different and are of the correct cardinalities (6 single faults and (15-3) double)
we can be confident that we have looked at all `double combinations' of the possible faults
in the Pt100 circuit. The next task is to investigate
these test cases in more detail to prove the failure mode hypothesis set out in table \ref{tab:ptfmea2}.
%\paragraph{Proof of Double Faults Hypothesis}

83
submission_thesis/CH6_Evaluation/copy.tex
View File

@ -169,13 +169,13 @@ equation~\ref{eqn:CC} becomes
An FMMD hierarchy consists of many {\fgs} which are subsets of $G$.
We define the set of all {\fgs} as $\mathcal{FG}$.
Using $FG$ to represent individual {\fgs} we %can therefore
state $$ \forall FG \in \mathcal{FG} | FG \subset \mathcal{G}$$.
state $$ \forall FG \in \mathcal{FG} | FG \subset \mathcal{G} .$$
FMMD analysis creates a hierarchy $H$ of {\fgs} where $H \subset \mathcal{FG}$.
%
We can define individual {\fgs} using $FG$ with an index to identify them and a superscript
to identify the hierarchy level. For instance a {\fg} containing base components only
---at the zeroth level of an FMMD hierarchy---would have the superscript 0, i.e. $FG^{0}$.
to identify the hierarchy level. For instance the first {\fg} in a hierarchy, containing base components only
i.e. at the zeroth level of an FMMD hierarchy, would have the superscript 0 and a subscript of 1, i.e. $FG^{0}_{1}$.
%$$
%Equation~\ref{eqn:rd} can also be expressed as
%
@ -709,6 +709,77 @@ would verify that a single or double simultaneous failures model has complete fa
By knowing how many test cases should be covered, and checking the cardinality
associated with the test cases, complete coverage would be verified.
\subsection{Example: Pt100 Verifying complete coverage for a cardinality constrained power-set of 2}
\fmodegloss
We use the Pt100 example in~\ref{sec:Pt100} which performs double failure mode FMMD analysis.
It is important to check that we have covered all possible double fault combinations.
We can use the equation \ref{eqn:correctedccps2}
\ifthenelse {\boolean{paper}}
{
from the definitions paper
\ref{pap:compdef}
,
reproduced below to verify this.
\indent{
where:
\begin{itemize}
\item The set $SU$ represents the components in the functional~group, where all components are guaranteed to have unitary state failure modes.
\item The indexed set $C_j$ represents all components in set $SU$.
\item The function $FM$ takes a component as an argument and returns its set of failure modes.
\item $cc$ is the cardinality constraint, here 2 as we are interested in double and single faults.
\end{itemize}
}
\begin{equation}
|{\mathcal{P}_{cc}SU}| = {\sum^{k}_{1..cc} \frac{|{SU}|!}{k!(|{SU}| - k)!}}
- {{\sum^{j}_{j \in J} \frac{|FM({C_j})|!}{2!(|FM({C_j})| - 2)!}} }
\label{eqn:correctedccps2}
\end{equation}
}
{
\begin{equation}
|{\mathcal{P}_{cc}SU}| = {\sum^{cc}_{k=1} \frac{|{SU}|!}{k!(|{SU}| - k)!}}
- {{\sum^{j}_{j \in J} \frac{|FM({C_j})|!}{2!(|FM({C_j})| - 2)!}} }
%\label{eqn:correctedccps2}
\end{equation}
}
$|FM(C_j)|$ will always be 2 here, as all the components are resistors and have two failure modes.
%
% Factorial of zero is one ! You can only arrange an empty set one way !
Populating this equation with $|SU| = 6$ and $|FM(C_j)|$ = 2.
%is always 2 for this circuit, as all the components are resistors and have two failure modes.
\begin{equation}
|{\mathcal{P}_{2}SU}| = {\sum^{k}_{1..2} \frac{6!}{k!(6 - k)!}}
- {{\sum^{j}_{1..3} \frac{2!}{p!(2 - p)!}} }
%\label{eqn:correctedccps2}
\end{equation}
$|{\mathcal{P}_{2}SU}|$ is the number of valid combinations of faults to check
under the conditions of unitary state failure modes for the components (a resistor cannot fail by being shorted and open at the same time).
Expanding the sumations
$$ NoOfTestCasesToCheck = \frac{6!}{1!(6-1)!} + \frac{6!}{2!(6-2)!} - \Big( \frac{2!}{2!(2 - 2)!} + \frac{2!}{2!(2 - 2)!} + \frac{2!}{2!(2 - 2)!} \Big) $$
$$ NoOfTestCasesToCheck = 6 + 15 - ( 1 + 1 + 1 ) = 18 $$
As the test cases are all different and are of the correct cardinalities (6 single faults and (15-3) double)
we can be confident that we have looked at all `double combinations' of the possible faults
in the Pt100 circuit.
%The next task is to investigate
%these test cases in more detail to prove the failure mode hypothesis set out in table \ref{tab:ptfmea2}.
%\paragraph{Multiple simultaneous failure modes disallowed combinations}
%The general case of equation \ref{eqn:correctedccps2}, involves not just dis-allowing pairs
%of failure modes within components, but also ensuring that combinations across components
@ -771,7 +842,7 @@ We are interested only in ways in which it can fail.
By definition, while all components in a system are `working~correctly',
that system will not exhibit faulty behaviour.
%
We can say that the OK state corresponds to the empty set.
%We can say that the OK state corresponds to the empty set.
%
Thus the statistical sample space $\Omega$ for a component or derived~component $C$ is
%$$ \Omega = {OK, failure\_mode_{1},failure\_mode_{2},failure\_mode_{3} ... failure\_mode_{N} $$
@ -784,6 +855,8 @@ $ \Omega(C) = fm(C) \cup \{OK\} $).
The $OK$ statistical case is the (usually) largest in probability, and is therefore
of interest when analysing systems from a statistical perspective.
For these examples the OK state is not represented area proportionately, but included
in the diagrams.
This is of interest for the application of conditional probability calculations
such as Bayes theorem~\cite{probstat}.

9
submission_thesis/appendixes/algorithmic.tex
View File

@ -2,10 +2,17 @@
\chapter{Algorithmic Description of FMMD}
%\label{sec:symptom_abstraction}
\label{sec:algorithmfmmd}
This section uses algorithms and set theory to describe the process for
This section decribes the algorithm for performing one step of
FMMD analysis
analysing a {\fg} and determining from it a {\dc}.
Algorithms using set theory describe the process.
It begins with an overview of the FMMD process, and then contrasts and compares it
to diagnostic analysis (fault finding).
This discussion is followed by justification for using a bottom-up, forward search
approach, along with modularisation.
A theoretical example of FMMD using set theory is given.
The algorithm for performing FMMD is then presented.
%
\section{FMMD as a process.}