robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Working of Safety 2011 Birmingham conference paper

Browse Source
This commit is contained in:
Robin Clark 2011-05-29 14:52:09 +01:00
parent bce141f161
commit 64e9d38464
5 changed files with 183 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
fmmd_concept/template-_abstract_submitted.odt → fmmd_concept/System_safety_2011/abstract_as_accepted.odt
View File

BIN
fmmd_concept/System_safety_2011/full-paper-template-system-safety-1.pdf Normal file
View File

Binary file not shown.

167
fmmd_concept/System_safety_2011/submission.tex Normal file
View File

@ -0,0 +1,167 @@
\documentclass[twocolumn]{article}
%\documentclass[a4paper,10pt]{report}
\usepackage{graphicx}
\usepackage{fancyhdr}
\usepackage{tikz}
\usetikzlibrary{shapes,snakes}
\usepackage{amsfonts,amsmath,amsthm}
%\input{../style}
\usepackage{ifthen}
\usepackage{lastpage}
\newboolean{paper}
\setboolean{paper}{true} % boolvar=true or false
%\newtheorem{definition}{Definition:}
\begin{document}
\pagestyle{fancy}
\fancyhf{}
%\renewcommand{\chaptermark}[1]{\markboth{ \emph{#1}}{}}
\fancyhead[LO]{}
\fancyhead[RE]{\leftmark}
%\fancyfoot[LE,RO]{\thepage}
\cfoot{Page \thepage\ of \pageref{LastPage}}
\rfoot{\today}
\lhead{Developing a rigorous bottom-up modular static failure mode modelling methodology}
%\outerhead{{\small\bf Developing a rigorous bottom-up modular static failure mode modelling methodology}}
%\innerfoot{{\small\bf R.P. Clark } }
% numbers at outer edges
\pagenumbering{arabic} % Arabic page numbers hereafter
\author{R.P.Clark}
\title{Developing a rigorous bottom-up modular static failure mode modelling methodology}
\maketitle
\abstract{
This paper proposes a methodology for
creating failure mode models of safety critical systems, which
has a common notation
for mechanical, electronic and software domains and applies an
incremental and rigorous approach.
The four main static failure mode analysis methodologies were examined and
in the context of newer European safety standards, assessed.
Some of the deficiencies identified in these methodologies led to
a wish list for a more rigorous methodology.
%%
%% What I have found
%%
From the wish list
%and considering some constraints determined from
%the evaluation of the four established methodologies,
a new
methodology is developed and proposed.
This has been named Failure Mode Modular De-Composition (FMMD).
%% Sell it
%%
In addition to addressing the traditional weaknesses of
Fault Tree Analysis (FTA), Fault Mode Effects Analysis (FMEA), Failure Mode Effects Criticality Analysis (FMECA)
and Failure Mode Effects and Diagnostic Analysis (FMEDA), FMMD provides the means to model multiple failure mode scenarios
as specified in newer European Safety Standards \cite{en298}.
The proposed methodology is bottom-up and can guarantee to leave no component failure mode un-handled.
It is also modular, meaning that the results of analysed components may be re-used in other projects.
}
\section{Introduction}
The certification process of safety critical products for European and
other international standards often involve environmental stress,
endurance and EMC testing. Theoretical, or 'static testing',
is often also required to highlight modifications that must be made to
improve the product safety, or identify theoretical weaknesses in the design.
This paper proposes a new theoretical methodology for creating failure mode models of safety critical systems.
It has a common notation for mechanical, electronic and software domains and is modular and hierarchical.
These properties provide advantages in rigour and efficiency when compared to current methodologies.
Current methodologies We briefly analyse the four current methodologies:
Fault Tree Analysis (FTA) is a top down methodology in which a diagram is drawn for
each undesirable top level event, presenting the conditions that must arise to cause
the event. It is suitable for large complicated systems with few undesirable top
level events and focuses on those events considered most important or most catastrophic.
Effects of duplication/redundancy of safety systems can be readily assessed.
It uses notations that are readily understood by engineers.
However, it cannot guarantee to model all base component failure modes
or be used to determine system level errors other than those modelled.
Each diagram is a separate model, creating duplication of modelled elements,
and there is no facility to cross check between diagrams. It has limited
support for environmental and operational states.
Fault Mode Effects Analysis (FMEA) is used principally in manufacturing.
Each defect is assessed by its cost to repair and its frequency, using a
failure mode ratio. A list of failures and their cost is generated.
It is easy to identify single component failure to system failure scenarios
and an estimate of product reliability can be calculated. It cannot focus on
component interactions that cause system failure modes or determine potential
problems from simultaneous failure modes. It does not consider environmental
or operational states in sub-systems or components. It cannot model
self-checking safety elements or other in-built safety features or
analyse how particular components may fail.
Failure Mode Criticality Analysis (FMECA) is a refinement of FMEA, using
two extra variables: the probability of a component failure mode occurring
and the probability that this will cause a top level failure, and the perceived
criticality. It gives better estimations of product reliability/safety and the
occurrence of particular system failure modes than FMEA but has similar deficiencies.
Failure Modes, Effects and Diagnostic Analysis (FMEDA) is a refinement of
FMEA and FMECA and models self-checking safety elements. It assigns two
attributes to component failure modes: detectable/undetectable and safe/dangerous.
Statistical measures about the system can be made and used to classify a
safety integrity level. It allows designs with in-built safety features to be assessed.
Otherwise, it has similar deficiencies to FMEA but has limited support
for environmental and operational states in sub-systems or components,
via self checking statistical mitigation.
Requirements for an improved methodology The deficiencies identified in the
current methodologies are used to establish criteria for an improved methodology.
It must include all component failure modes and therefore should be bottom-up,
starting with individual component failure modes. Components should be broken
down into small functional groups to enable the examination of the effect of a
component failure mode on the other components in the group.
Development of the new methodology An ontology is developed of
failure modes and their relationship to environmental factors,
operational states and the hierarchical nature inherent in product design,
defining the relationships between the system as a whole, components,
failure modes, operational and environmental states. The ontology is used
to determine the nature of a hierarchy modelling the system, and to which
entities, various conditions/procedures are germane. From the ontology,
we determine that environmental effects relate to components, and
operational states to functional groups. A functional group can be
analysed with respect to its component failure modes, operational
states and environmental conditions and from this a set of failures
modes, or symptoms for the functional group can be determined. A functional group
can be treated as a derived component. Derived components can be
used to build functional groups at a higher level. In this manner we
can build a hierarchical model with each layer consisting of
components derived from the functional groups of derived components.
From the ontology, a set of rules for simplifying the failure
modes (collecting them into common symptoms) as we traverse up the
hierarchy is developed. The hierarchical model can have layers added
until it converges to a top level single functional group. On collecting
symptoms from this, we are left with the top level, or system level, failure modes.
The model is presented in a diagrammatic notation that has been
designed to be intuitive and understandable. It uses well tested
visual techniques to represent the elements of the model and their
relationships. Software support for the development of models in this
notation has been designed and proof-of-concept tools have been implemented.
This new approach is called
Failure Mode Modular De-Composition (FMMD) and is designed
to be a superset of the current four approaches, that is to say,
from an FMMD model, we should be able to
derive models that the other four methodologies would have been
able to create. As this approach is modular, many of the results of
analysed components may be re-used in other projects, so
test efficiency is improved.
FMMD is based on generic failure modes, so it is not constrained to a
particular field. It can be applied to mechanical, electrical or software domains.
It can therefore be used to analyse systems comprised of electrical,
mechanical and software elements in one integrated model.
%
\bibliographystyle{plain}
\bibliography{../vmgbibliography,../mybib}
\today
\end{document}

20
invopamp/invopamp.tex
View File

@ -66,7 +66,7 @@ A standard non inverting op amp (from ``The Art of Electronics'' ~\cite{aoe}[pp
\begin{figure}[h]
\centering
\includegraphics[width=200pt,keepaspectratio=true]{./noninvopamp/noninv.png}
\includegraphics[width=200pt,keepaspectratio=true]{./invopamp/noninv.png}
% noninv.jpg: 341x186 pixel, 72dpi, 12.03x6.56 cm, bb=0 0 341 186
\caption{Standard non inverting amplifier configuration}
\label{fig:noninvamp}
@ -127,7 +127,7 @@ to represent each failure mode, taken from the components R1 and R2,
in the current balance/virtual ground, shown in figure \ref{fig:fg1}.
\begin{figure}[h]
\centering
\includegraphics[width=200pt,keepaspectratio=true]{./noninvopamp/fg1.png}
\includegraphics[width=200pt,keepaspectratio=true]{./invopamp/fg1.png}
% fg1.jpg: 430x271 pixel, 72dpi, 15.17x9.56 cm, bb=0 0 430 271
\caption{current balance/virtual ground `functional group' failure modes}
\label{fig:fg1}
@ -200,7 +200,7 @@ in table~\ref{pdfmea}.
\begin{figure}[h+]
\centering
\includegraphics[width=200pt,keepaspectratio=true]{./noninvopamp/fg1a.png}
\includegraphics[width=200pt,keepaspectratio=true]{./invopamp/fg1a.png}
% fg1a.jpg: 430x271 pixel, 72dpi, 15.17x9.56 cm, bb=0 0 430 271
\caption{current balance/virtual ground with test cases}
\label{fig:fg1a}
@ -303,7 +303,7 @@ We can represent the collection of these symptoms by drawing connecting lines be
the test cases and naming them (see figure \ref{fig:fg1b}).
\begin{figure}[h+]
\centering
\includegraphics[width=200pt,keepaspectratio=true]{./noninvopamp/fg1b.png}
\includegraphics[width=200pt,keepaspectratio=true]{./invopamp/fg1b.png}
% fg1b.jpg: 430x271 pixel, 72dpi, 15.17x9.56 cm, bb=0 0 430 271
\caption{Collection of current balance/virtual ground failure mode symptoms}
\label{fig:fg1b}
@ -319,7 +319,7 @@ We can use the symbol $\bowtie$ to represent taking the analysed
%We could represent it algebraically thus: $ \bowtie(PotDiv) =
\begin{figure}[h+]
\centering
\includegraphics[width=200pt,keepaspectratio=true]{./noninvopamp/dc1.png}
\includegraphics[width=200pt,keepaspectratio=true]{./invopamp/dc1.png}
% dc1.jpg: 430x619 pixel, 72dpi, 15.17x21.84 cm, bb=0 0 430 619
\caption{From functional group to derived component}
\label{fig:dc1}
@ -378,7 +378,7 @@ latchup(12.5\%), latchdown(6\%), nooperation(31.3\%), lowslewrate(50\%).
We can represent these failure modes on a diagram (see figure~\ref{fig:op1}).
\begin{figure}[h+]
\centering
\includegraphics[width=200pt,keepaspectratio=true]{./noninvopamp/op1.png}
\includegraphics[width=200pt,keepaspectratio=true]{./invopamp/op1.png}
% op1.jpg: 406x221 pixel, 72dpi, 14.32x7.80 cm, bb=0 0 406 221
\caption{Op Amp failure modes}
\label{fig:op1}
@ -438,7 +438,7 @@ from the current balance/virtual ground {\dc}, represented by figure~\ref{fig:fg
\begin{figure}[h+]
\centering
\includegraphics[width=200pt,keepaspectratio=true]{./noninvopamp/fgamp.png}
\includegraphics[width=200pt,keepaspectratio=true]{./invopamp/fgamp.png}
% fgamp.jpg: 430x330 pixel, 72dpi, 15.17x11.64 cm, bb=0 0 430 330
\caption{Amplifier Functional Group}
\label{fig:fgamp}
@ -450,7 +450,7 @@ regions) see figure~\ref{fig:fgampa}.
\begin{figure}[h+]
\centering
\includegraphics[width=200pt,keepaspectratio=true]{./noninvopamp/fgampa.png}
\includegraphics[width=200pt,keepaspectratio=true]{./invopamp/fgampa.png}
% fgampa.jpg: 430x330 pixel, 72dpi, 15.17x11.64 cm, bb=0 0 430 330 hno
\caption{Amplifier Functional Group with Test Cases}
\label{fig:fgampa}
@ -506,7 +506,7 @@ For this amplifier configuration we have three failure modes, $AMPHigh, AMPLow,
We can now derive a `component' to represent this amplifier configuration (see figure ~\ref{fig:noninvampa}).
\begin{figure}[h+]
\centering
\includegraphics[width=200pt,keepaspectratio=true]{./noninvopamp/noninvampa.png}
\includegraphics[width=200pt,keepaspectratio=true]{./invopamp/noninvampa.png}
% noninvampa.jpg: 436x720 pixel, 72dpi, 15.38x25.40 cm, bb=0 0 436 720
\caption{Non Inverting Amplifier Derived Component}
\label{fig:noninvampa}
@ -1023,4 +1023,4 @@ Software used to edit these diagrams, keeps the model in a directed acyclic grap
for this purpose.
\clearpage
%\end{document}
%\end{document}

6
thesis.tex
View File

@ -147,6 +147,12 @@
\typeout{ ---------------- non inv op amp}
\input{noninvopamp/noninvopamp}
\chapter{FMMD functional~groups to \\derived component example : Inverting Op-AMP}
\setboolean{dag}{false} % boolvar=true or false
\setboolean{pld}{true} % boolvar=true or false
\typeout{ ---------------- non inv op amp}
\input{invopamp/invopamp}
\chapter{FMMD functional~group to \\derived component example: `ON/OFF' Switch}
\typeout{ ---------------- switch1}
%\input{switch1/switch1}