robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Monday night second go at it

Browse Source
This commit is contained in:
Robin Clark 2010-11-15 19:45:31 +00:00
parent 7ed7388bfe
commit 66fcffa97e
1 changed files with 44 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
fmmd_concept/fmmd_concept.tex
View File

@ -75,13 +75,14 @@ There are four methodologies in common use for failure mode modelling.
These are FTA, FMEA, FMECA These are FTA, FMEA, FMECA
and FMEDA (a form of statistical assessment). and FMEDA (a form of statistical assessment).
These methodologies date from the 1940's onwards and have several draw backs and These methodologies date from the 1940's onwards, and were designed for
different application areas and reasons; all have draw backs and
advantages that are discussed in the next section. advantages that are discussed in the next section.
%In short %In short
%FTA, due to its top down nature, can overlook error conditions. FMEA and the Statistical Methods %FTA, due to its top down nature, can overlook error conditions. FMEA and the Statistical Methods
%lack precision in predicting failure modes at the SYSTEM level. %lack precision in predicting failure modes at the SYSTEM level.
\paragraph{FMMD outline.}
The Failure Mode Modular De-composition The Failure Mode Modular De-composition
(FMMD) aims to address the (FMMD) aims to address the
weaknesses in these methodoligies and to add weaknesses in these methodoligies and to add
@ -90,12 +91,15 @@ failure mode scenarios, and to allow modular re-use
of analysis. of analysis.
%FMMD is an incremental bottom up FMEA process. %FMMD is an incremental bottom up FMEA process.
%% TERRIBLE PARAGRAPH
The FMMD The FMMD
methodology presented here provides a more detailed and analytical methodology provides a detailed, hierarchical, incremental and analytical
modelling system which will create a more complete and detailed hierarchical failure mode model from which modelling system which will create a failure mode model from which
the data models from FTA, FMEA, FMECA and FMEDA (the statistical approach) can be the data models from FTA, FMEA, FMECA and FMEDA (the statistical approach) can be
derived if required. An FMMD model is therefore a super set of all these models. derived if required.
It also applies rigorous checking in all the analysis stages An FMMD model is effectively a super set of all the four traditional models.
It also focuses on component interaction within the model.
In addition it applies rigorous checking in all the analysis stages
ensuring that all component failure modes must be considered in the model. ensuring that all component failure modes must be considered in the model.
% %
@ -109,21 +113,22 @@ paper
{ {
chapter chapter
} }
presents the design considerations that determined presents the design considerations that motivated and provided the specification for
the FMMD methodology. the FMMD methodology.
It first briefly reviews the four traditional %
It first reviews the four traditional
static failure mode analysis methodologies and static failure mode analysis methodologies and
lists their known weaknesses. A wish list is then drawn up lists their known weaknesses. A wish list is then drawn up
addressing these weaknesses and adding some extra requirements. addressing these weaknesses and adding some extra requirements.
Using this wish list the philosophy for the new methodology Using this wish list the philosophy for the new methodology
is built up. is built up.
% %
FMMD works by working from the bottom up, taking small groups FMMD works from the bottom up, taking small groups
of components, {\fgs}, and then analysing how they can fail. of components, {\fgs}, and then analysing how they can fail.
This analysis is performed using FMEA from a micro rather than a macro perspective. This analysis is performed using FMEA from a micro rather than a macro perspective.
Thus instead of looking at component failure modes and determining how Thus instead of looking at component failure modes and determining how
they {\em may} cause a failure at SYSTEM level, we are looking at how they {\em may} cause a failure at SYSTEM level, we are looking at how
they {\em will} affect the {\fg}. they {\em will} affect the components local {\fg}.
When we know the failure modes of a {\fg} we can treat it as a `black box' When we know the failure modes of a {\fg} we can treat it as a `black box'
or {\dc}. With {\dc}s we can build {\fgs} or {\dc}. With {\dc}s we can build {\fgs}
at higher levels of analysis, until we have a complete at higher levels of analysis, until we have a complete
@ -149,24 +154,36 @@ are held in a computer program, we can determine if the model is complete
\subsection{General Comments on bottom-up and top down approaches} \subsection{General Comments on bottom-up and top down approaches}
\paragraph{A general defeciency in top-down systems analysis} \paragraph{A general defeciency in top-down systems analysis.}
With a top down approach the investigator has to determine With a top down approach the investigator has to determine
a set of undesirable outcomes or accidents. a set of undesirable outcomes or `accidents'.
As most accidents are unexpected and the causes unforseen \cite{safeware} As most accidents are unexpected and the causes unforseen \cite{safeware}
it is fair to say that a top down approach is not guaranteed to it is fair to say that a top down approach is not guaranteed to
predict all possible undesirable outcomes. predict all possible undesirable outcomes.
It also can miss known component failure modes, by It also can miss known component failure modes, by
simply not de-composing down to the base component failure mode level of detail. simply not de-composing down to the base component failure level of detail.
\paragraph{A general problem with bottom-up} \paragraph{A general problem with bottom-up}
With the bottom up techniques we have all the known component failure modes With the bottom up techniques we have all the known component failure modes
and the freedom to determine how each of these may affect the SYSTEM. and the freedom to determine how each of these may affect the SYSTEM.
We do have a real prolem though in determining how %
the failure mode of one component will affect another working component A problem with this is that a component typically
to cause an undesirable state. Because of the number of components interacts in a complex way with several other functionally
our one failure mode may interact with is large, adjacent components
we cannot consider them all and human judgement is used to %
decide which interactions are important. To take a component failure mode and then attempt to tie that
to a SYSTEM level outcome is very difficult.
%
The difficulty lies in
%
%Because of
the number of components
our one failure mode may interact with is large.
%
We cannot consider all the components in the SYSTEM
when looking at a single failure mode,
and human judgement must be used to
decide which interactions could be important.
Let N be the number of components in our system, and K be the average number of component failure modes Let N be the number of components in our system, and K be the average number of component failure modes
(ways in which the component can fail). The total number of base component failure modes (ways in which the component can fail). The total number of base component failure modes
@ -197,12 +214,13 @@ the equation reads $(N-2) \times (N-1) \times N \times K \times E$.
The bottom-up methodologies FMEA, FMECA and FMEDA take single failure modes and link them The bottom-up methodologies FMEA, FMECA and FMEDA take single failure modes and link them
to SYSTEM level failure modes. Because of the astronomical number of possible interactions, to SYSTEM level failure modes. Because of the astronomical number of possible interactions,
some valid ones are in danger of being missed, we can term this analysis a `leap of faith' from the some valid ones are in danger of being missed, we can term this analysis as a `leap~of~faith'
component failure mode to the SYSTEM level. (i.e. leaping from from the
component failure mode to the SYSTEM level).
\paragraph{Ideal static failure mode methodology} \paragraph{Ideal static failure mode methodology.}
An ideal static failure mode methodology would build a failure mode model An ideal static failure mode methodology would build a failure mode model
from which the traditional four models could be derived. from which the traditional four models could be derived.
It would address the short-comings in the other methodologies, and It would address the short-comings in the other methodologies, and
@ -331,14 +349,11 @@ The following gives an outline of the procedure.
he Statistical Analysis method is used from two perspectives, he Statistical Analysis method is used from two perspectives,
Probability of Failure on Demand (PFD), and Probability of Failure Probability of Failure on Demand (PFD), and Probability of Failure
in continuous Operation, Failure in Time (FIT). in continuous Operation, Failure in Time (FIT).
\paragraph{Failure in Time (FIT)}. \paragraph{Failure in Time (FIT).} Continuous operation is measured in failures per billion ($10^9$) hours of operation.
Continuous operation is measured in failures per billion ($10^9$) hours of operation.
For a continuously running nuclear powerstation For a continuously running nuclear powerstation
we would be interested in its operational FIT values. we would be interested in its operational FIT values.
\paragraph{Probability of Failure on Demand (PFD)}. \paragraph{Probability of Failure on Demand (PFD).} For instance with the anti-lock system on a automobile braking
For instance with the anti-lock system on a automobile braking
system, we would be interested in PFD. system, we would be interested in PFD.
That is to say the ratio of it failing That is to say the ratio of it failing
to succeeding on demand. to succeeding on demand.
@ -474,7 +489,7 @@ model can be implemented on a spreadsheet, where each component
has a calculated risk, a fault detection time (if any), an estimated risk importance has a calculated risk, a fault detection time (if any), an estimated risk importance
and other factors such as de-rating and environmental stress. and other factors such as de-rating and environmental stress.
With one component failure mode per row, With one component failure mode per row,
all the statistical factors for SIL rating can be produced. all the statistical factors for SIL rating can be produced\footnote{A SIL rating will apply to an installed plant, i.e. A complete SYSTEM. SIL ratings for individual components or sub-systems are meaningless, and the nearest equivalent would be the FIT/PFD and SFF and diagnostic coverage figures}.
@ -602,7 +617,7 @@ this methodology must start at the bottom, with base component failure modes.
In this way automated checking can be applied to all component failure modes In this way automated checking can be applied to all component failure modes
to ensure none have been inadvertently excluded from the process. to ensure none have been inadvertently excluded from the process.
\paragraph{Problem with functional group hierarchy} \paragraph{Problem with functional group hierarchy.}
A hierarchy of functional grouping, leading to a system model A hierarchy of functional grouping, leading to a system model
still leaves us with the problem of the number of component failure modes. still leaves us with the problem of the number of component failure modes.
The base components will typically have several failure modes each. The base components will typically have several failure modes each.