diff --git a/submission_thesis/CH2_FMEA/copy.tex b/submission_thesis/CH2_FMEA/copy.tex index 7ae73ca..ada0741 100644 --- a/submission_thesis/CH2_FMEA/copy.tex +++ b/submission_thesis/CH2_FMEA/copy.tex @@ -675,6 +675,8 @@ It would mean having to consider combinations of internal component failures as separate failure modes. This concept is discussed in sections~\ref{ch4:mutex} and~\ref{ch7:mutex}. % +\fmmdglossMUTEX +% In general, failure modes for simple components are mutually exclusive, but large and complex components (such as integrated circuits), especially where they contain separate modules, diff --git a/submission_thesis/CH4_FMMD/copy.tex b/submission_thesis/CH4_FMMD/copy.tex index 7fdf838..c73b62b 100644 --- a/submission_thesis/CH4_FMMD/copy.tex +++ b/submission_thesis/CH4_FMMD/copy.tex @@ -63,6 +63,7 @@ data structures required using UML class models. % This chapter defines the FMMD process and related concepts and calculations. FMMD is in essence a modularised variant of traditional FMEA~\cite{sccs}[pp.34-38]. +\fmmdgloss % %FMEA is a bottom-up, or forward search failure mode technique starting with %base component failure modes~\cite{safeware}[p.341]. @@ -73,6 +74,8 @@ In order to analyse from the bottom-up and apply a modular methodology, we need small groups of components that naturally work together to perform a simple function: we term these groups `{\fgs}'. % +\fmmdglossFG +% The components to include in a {\fg} are chosen by hand. %a human, the analyst. %We can represent the `Functional~Group' as a class. @@ -117,12 +120,15 @@ Once we have the failure mode behaviour of the {\fg}, we can determine its sympt We view these symptoms as the %derived failure modes of the {\fg}. % +\fmmdglossFG +\fmmdglossSYMPTOM %Or in other words That is, we can determine how the {\fg} can fail. As we now have a set of failure modes for the {\fg} we can treat it as a component. We can now consider the {\fg} as a `{\dc}' % sort of super component with its own set of failure modes. % +\fmmdglossDC % Rather than taking each component failure mode % and extrapolating top level or system failure symptoms from it, % small groups of components are collected into {\fgs} and analysed. @@ -158,6 +164,8 @@ That is, we take the traditional FMEA process and modularise it from the bottom- %into small manageable groups, and use the failure mode behaviour from them to create {\dcs} %to build higher level groups. In this way we can incrementally apply FMEA to an entire system. %, with documented reasoning stages. +\fmmdglossDC +\fmmdgloss % This has advantages of concentrating effort in where modules interact (interfaces), of @@ -617,6 +625,7 @@ Notice the many to one mapping from {\bc} failure modes to {\dc} failure mode; this is a typical effect of an FMMD analysis stage, and means that with each analysis stage we reduce the number of failure modes to consider. % +%\fmmdglossDC %This means that we can take multiple failure modes from {\fgs} components and resolve them %to failure modes of the {\fg}. % @@ -676,6 +685,7 @@ we represent the analysis with the DAG in figure \ref{fig:fg1adag}. We now have % can now create % formulate a {\dc} to represent this potential divider: we name this \textbf{PD}. +\fmmdglossDC This {\dc} will have two failure modes, $HighPD$ and $LowPD$. % HTR 05SEP2012 We use the symbol $\derivec$ to represent the process of taking the analysed % HTR 05SEP2012 {\fg} and creating from it a {\dc}. @@ -737,6 +747,7 @@ and low~slew~rate (lowslew) where the op-amp cannot react quickly to changes on % %\ifthenelse {\boolean{dag}} %{ +\fmodegloss % %\clearpage We can represent these failure modes on a DAG (see figure~\ref{fig:op1dag}). @@ -1015,8 +1026,11 @@ That is, we can trace failure mode effects from base component level to the top and vice versa. - - +\fmodegloss +\fmmdgloss +\fmmdglossFG +\fmmdglossDC +\fmmdglossSYMPTOM % \paragraph{Worked example. Effect on State explosion.} @@ -1137,6 +1151,7 @@ Using traditional FMEA methods~\cite{sccs}[p.34] we would consider each op-amp as a separate building block for a circuit. For FMMD each of these four op-amps in the chip would be considered to be a separate {\bc}. % CAN WE FIND SUPPORT FOR THIS IN LITERATURE??? +\fmmdglossBC % We need to go further than the above definition of a part, and define % defining an atomic entity. % used as a building block. @@ -1179,7 +1194,9 @@ For instance a stereo amplifier separate/slave is a component. %The A whole sound system consists perhaps of the following components: CD-player, tuner, amplifier~separate, loudspeakers and ipod~interface. - + +\fmmdglossSYS +\fmmdglossSS %Thinking like this is a top~down analysis approach %and is the way in which FTA\cite{nucfta} analyses a System %and breaks it down. @@ -1187,6 +1204,9 @@ CD-player, tuner, amplifier~separate, loudspeakers and ipod~interface. Components can be composed of components, recursively down to the {\bcs}. % +\fmmdglossFG +\fmmdglossBC +% However each component will have a fault/failure behaviour and it should always be possible to obtain a set of failure modes @@ -1208,6 +1228,7 @@ a massive list of base~components, resistors, motors, user~switches, laser~diode Working from the bottom~up, we need to pick small collections of components that work together in some way. These collections are termed `{\fgs}'. +\fmmdglossFG % For instance, the circuitry that powers the laser diode to illuminate the CD might contain a handful of components, and as such would make a good candidate @@ -1223,6 +1244,10 @@ to perform a specific function. % When we have analysed the fault behaviour of a {\fg}, we can treat it as a `black~box'. % +\fmmdglossFG +\fmmdglossDC +% +% The {\fgs} fault behaviour will consist of a set of % failure modes caused by combinations of its component's failure modes. @@ -1240,6 +1265,10 @@ An outline of the FMMD process is itemised below: \item Create and name a derived component for the {\fg}, \item Assign the common failure modes from the {\fg} as the failure modes of the {\dc}. \end{itemize} +\fmmdglossFG +\fmmdglossDC +\fmmdgloss +\fmmdglossBC % The FMMD process is described in using formal definitions and algorithms in section~\ref{sec:symptomabs}. @@ -1290,12 +1319,16 @@ there is established literature for the failure modes for the system designer to (often with accompanying statistical failure rates)~\cite{mil1991,en298,fmd91}. % +\fmmdglossBC +% For instance, a simple resistor is generally considered to fail in two ways, it can go open circuit or it can short. % Electrical components have data-sheets associated with them. The data sheets supply detailed information on the component as supplied by the manufacturer. % +\fmodegloss +% Because they are written for system designers, and to an extent advertise the product, they rarely give %show %clearly detail the failure modes of the component. @@ -1337,6 +1370,8 @@ From this diagram we see that each component must have at least one failure mode To clearly show that the failure modes are mutually exclusive states, or unitary states associated with one component, each failure mode is referenced back to only one component. % +\fmmdglossMUTEX +% This constraint is discussed in detail in section~\ref{sec:unitarystate}. %%-%% MTTF STATS CHAPTER MAYBE ?? @@ -1383,9 +1418,13 @@ By `modularising a system' we mean recursively breaking it into smaller sections When modularising a system from the top~down, as in Fault Tree Analysis (FTA)~\cite{nasafta}\cite{nucfta} , it is common to term the modules identified as sub-systems. % +\fmmdglossFTA +\fmmdglossSS +% When modularising failure mode behaviour from the bottom up, it is more meaningful to call them `derived~components'. - - +% +\fmmdglossDC +% \section{Failure Modes in depth} @@ -1400,6 +1439,9 @@ We are not usually concerned with how the component has failed internally. % What we need to know are the symptoms of failure. +% +\fmmdglossSYMPTOM +% With these symptoms, we can trace their effects through the system under investigation and finally determine top-level failure events. % outcomes. % @@ -1432,9 +1474,13 @@ causing specific system level errors. For example the FMEA variant FMECA, uses Bayes theorem~\cite{probstat}[p.170]~\cite{nucfta}[p.74] (the relation between a conditional probability and its reverse) and is applied to specific failure modes in components and their probability of causing given system level errors. +\fmmdglossFMECA Another top down methodology is to apply cost benefit analysis to determine which faults are the highest priority to fix~\cite{bfmea}. % +%\fmmdglossFMEA +\fmeagloss +% The aim of FMMD analysis is to produce complete\footnote{Completeness dependent upon the completeness/correctness of the {\fms} supplied by the germane standard for our {\bcs}.} failure models of safety critical systems from the bottom-up, @@ -1445,10 +1491,12 @@ starting where possible with known base~component failure~modes. An advantage of working from the bottom up is that we can ensure that all component failure modes must be considered. % -A top down approach +A top down approach (such as FTA) can miss individual failure modes of components~\cite{faa}[Ch.~9], especially where there are non-obvious top-level faults. - +% +\fmmdglossFTA +% \subsection{From functional group to newly derived component} @@ -1458,8 +1506,8 @@ all the failure modes of all the components in the group and collecting symptoms of failure, is termed `symptom abstraction'. % This is dealt with in detail using an algorithmic description, in appendix \ref{sec:algorithmfmmd}. - - +\fmmdglossFG +\fmmdglossDC % % define difference between a \fg and a \dc % A {\fg} is a collection of components. A {\dc} is a new `theoretical' % component which has a set of failure modes, @@ -2228,6 +2276,8 @@ by a symptom within a {\fg}, and therefore the failure modes of a {\dc} are mutu % Thus FMMD naturally produces {\dcs} with failure modes that are mutually exclusive. % +\fmmdglossMUTEX +% This property is examined in more detail in section~\ref{ch7:mutex}. \paragraph{Objective and contextual/subjective failure symptoms.} @@ -2246,6 +2296,7 @@ mode could be considered in the context of all other components in the system--- With FMMD, because the {\fgs} have small numbers of components in them, we can easily apply XFMEA within the {\fgs}. % This issue addressed formally in section~\ref{sec:cc}. +\fmmdgloss \paragraph{Uses of the FMMD failure mode model.} % @@ -2263,4 +2314,10 @@ described in greater detail in section~\ref{sec:determine_fms}). We can also use the FMMD model to derive information to assist in creating related models such as FTA~\cite{nucfta,nasafta}, traditional FMEA, FMECA~\cite{safeware}[p.344], FMEDA~\cite{scsh}, diagnostics schemas~\cite{dbamafta} -and other failure mode analysis methodologies. \ No newline at end of file +and other failure mode analysis methodologies. +\fmmdglossFTA +\fmmdglossFMECA +\fmmdglossFMEDA +\fmmdgloss +%\fmmdglossFMEA +\fmeagloss \ No newline at end of file diff --git a/submission_thesis/CH7_Evaluation/copy.tex b/submission_thesis/CH7_Evaluation/copy.tex index 5f76ace..b0114d9 100644 --- a/submission_thesis/CH7_Evaluation/copy.tex +++ b/submission_thesis/CH7_Evaluation/copy.tex @@ -738,6 +738,9 @@ are level shifted, adding to the complication of analysing it for failures. \paragraph{Design Decision/Constraint} An important factor in defining a set of failure modes is that they should represent the failure modes as simply and minimally as possible. +% +\fmmdglossMUTEX +% It should not be possible, for instance, for a component to have two or more failure modes active at once. Were this to be the case, we would have to consider additional combinations of @@ -798,7 +801,7 @@ Because of this, the failure mode set $F=fm(R)$ is `unitary~state'. %therefore %$ fm(R) \in \mathcal{U} $. These concepts are expanded in section~\ref{sec:usprob}. - +\fmmdglossMUTEX We can make this a general case by taking a set $F$ (with $f_1, f_2 \in F$) representing a collection @@ -854,6 +857,8 @@ For instance, the voltage reading functions which consist of a multiplexer and ADC---which must work together to channel readings--- could be considered to be components inside the micro-controller package. % +\fmmdglossMUTEX +% The micro-controller thus becomes a collection of smaller components that can be analysed separately~\footnote{It is common for the signal paths in a safety critical product to be traced, and when entering a complex diff --git a/submission_thesis/style.tex b/submission_thesis/style.tex index d7926c1..3d1185d 100644 --- a/submission_thesis/style.tex +++ b/submission_thesis/style.tex @@ -78,41 +78,95 @@ %\fmodegloss -\newcommand{\fmmdglossSYS}{\glossary{name={system}, description={A product designed to work as a coherent entity}}} -\newcommand{\fmmdglossSS}{\glossary{name={sub-system}, description={A part of a system, sub-systems may contain sub-systems and so-on}}} -\newcommand{\fmmdglossDC}{\glossary{name={{\dc}}, description={A theoretical component, derived from a collection of components (which may be derived components themselves)}}} -\newcommand{\fmmdglossFG}{\glossary{name={{\fg}}, description={A collection of sub-systems and/or components that interact to perform a specific function}}} -\newcommand{\fmmdglossSYMPTOM}{\glossary{name={symptom}, description={A failure mode of a {\fg}, caused by a combination of its component failure modes}}} -\newcommand{\fmmdglossBC}{\glossary{name={base component}, description={Any bought in component, or lowest level module/or part}}} +\newcommand{\fmmdglossSYS}{\glossary{name={system}, description={ +A product designed to work as a coherent entity}}} +\newcommand{\fmmdglossSS}{\glossary{name={sub-system}, description={ +A part of a system, sub-systems may contain sub-systems and so-on}}} +\newcommand{\fmmdglossDC}{\glossary{name={{\dc}}, description={ +A theoretical component, derived from a collection of components (which may be derived components themselves)}}} + +\newcommand{\fmmdglossFG}{\glossary{name={{\fg}}, description={ +A collection of sub-systems and/or components that interact to perform a specific function}}} + +\newcommand{\fmmdglossSYMPTOM}{\glossary{name={symptom}, description={ +A failure mode of a {\fg}, caused by a combination of its component failure modes}}} + +\newcommand{\fmmdglossBC}{\glossary{name={{\bc}}, description={ +Any bought in component, or lowest level module/or part}}} %\newcommand{\fmmdglossFIT}{\glossary{name={FIT},description={Failure in Time (FIT). The statistical likelihood of failure mode occurring within a $10^9$ hour period.}} -\newcommand{\fmmdglossFIT}{\glossary{name={FIT}, description={Failure in Time (FIT). The number of times a particular -failure is expected to occur within a $10^{9}$ hour time period.}}} +\newcommand{\fmmdglossFIT}{\glossary{name={FIT}, description={ +Failure in Time (FIT). The number of times a particular +failure is expected to occur within a $10^{9}$ hour time period}}} \newcommand{\fmmdglossHFMEA}{\glossary{name={HFMEA},description={ -Hardware FMEA. FMEA applied to hardware i.e. mechanical or electrical equipment.}}} +Hardware FMEA. FMEA applied to hardware i.e. mechanical or electrical equipment}}} \newcommand{\fmmdglossSFMEA}{\glossary{name={SFMEA},description={ -Software FMEA. FMEA techniques applied to software. }}} +Software FMEA (SFMEA). FMEA techniques applied to software}}} \newcommand{\fmmdglossXFMEA}{\glossary{name={XFMEA},description={ -Exhaustive FMEA. Applying FMEA exhaustively means checking each failure mode +Exhaustive FMEA (XFMEA). Applying FMEA exhaustively means checking each failure mode for effects on all components in a given system. }}} -\newcommand{\fmmdglossDFMEA}{\glossary{name={DFMEA},description={Design FMEA. FMEA applied in design stages of a product. Used as a discussion method to reveal safety weakness and improve built in safety.}}} -\newcommand{\fmmdglossPFMEA}{\glossary{name={PFMEA},description={Production FMEA. FMEA applied applied for cost benefit analysis typically used in mass production.}}} -\newcommand{\fmmdglossSFTA}{\glossary{name={SFTA},description={Software Fault Tree Analysis (SFTA): top down failure investigation applied to software.}}} -\newcommand{\fmmdglossFTA}{\glossary{name={FTA},description={Fault Tree Analysis (FTA). A top down failure analysis technique which starts with undesirable top level events and works downwards to putative causes.}}} -\newcommand{\fmmdglossFMEDA}{\glossary{name={FMEDA},description={Failure Mode Effects and Diagnostic Analysis (FMEDA). An extended FMEA technique which provides for diagnostic mitigation and has a final statistical safety level as a result.}}} -\newcommand{\fmmdglossFMECA}{\glossary{name={FMECA},description={Failure Mode Effects and Criticality Analysis (FMECA). An extended FMEA technique which is used to order the severity or criticality of top level events/symptoms.}}} -\newcommand{\fmmdglossFS}{\glossary{name={forward~search},description={Failure analysis where the start points are base component failure modes and the result is system level failure/symptom.}}} -\newcommand{\fmmdglossBS}{\glossary{name={backward~search},description={Failure analysis where the start points are system level failure/symptom and the results are lower level putative causes.}}} -\newcommand{\fmmdglossINHIBIT}{\glossary{name={inhibit},description={A guard on a process such that if a condition is not met, the process may not continue.}}} -\newcommand{\fmmdglossSIGPATH}{\glossary{name={signal~path},description={The components (software or hardware) and connections that a particular signal or value is derived from in a system.}}} -\newcommand{\fmmdglossRD}{\glossary{name={reasoning~distance},description={A reasoning distance is the number of stages of logic and reasoning, counted by the number of components examined, used to map a failure cause to its potential outcomes.}}} -\newcommand{\fmmdglossOBS}{\glossary{name={observability}, description={If it cannot be detected that a failure has occurred it is termed unobservable or undetectable.}}} +\newcommand{\fmmdglossDFMEA}{\glossary{name={DFMEA},description={ +Design FMEA. FMEA applied in design stages of a product. +Can be used as a discussion/brain~storming method to +reveal safety weakness and improve built in safety}}} + +\newcommand{\fmmdglossPFMEA}{\glossary{name={PFMEA},description={ +Production FMEA (PFMEA). +FMEA applied for cost benefit analysis typically used in mass production}}} + +\newcommand{\fmmdglossSFTA}{\glossary{name={SFTA},description={ +Software Fault Tree Analysis (SFTA): +top down failure investigation applied to software}}} + + +\newcommand{\fmmdglossMUTEX}{\glossary{name={mutually~exclusive},description={ +Mutual exclusivity applied to component failure modes +means that for each component it is ensured that +only one of its failure modes may be active at any given time}}} + + +\newcommand{\fmmdglossFTA}{\glossary{name={FTA},description={ +Fault Tree Analysis (FTA). +A top down failure analysis technique which starts with undesirable +top level events, and using symbols from digital logic builds +a tree, working downwards to putative causes.}}} + +\newcommand{\fmmdglossFMEDA}{\glossary{name={FMEDA},description={ +Failure Mode Effects and Diagnostic Analysis (FMEDA). +An extended FMEA technique which provides for diagnostic +mitigation and has a final statistical safety level as a result}}} + +\newcommand{\fmmdglossFMECA}{\glossary{name={FMECA},description={ +Failure Mode Effects and Criticality Analysis (FMECA). +An extended FMEA technique, based on Bayesian statistics, +which is used to order the severity or criticality of top level events/symptoms}}} + +\newcommand{\fmmdglossFS}{\glossary{name={forward~search},description={ +Failure analysis where the start points are base component failure modes and the result is system level failure/symptom. +Sometimes termed `bottom~up'}}} + +\newcommand{\fmmdglossBS}{\glossary{name={backward~search},description={ +Failure analysis where the start points are system level failure/symptom and the results are lower level putative causes. +Sometimes termed `top~down'}}} + +\newcommand{\fmmdglossINHIBIT}{\glossary{name={inhibit},description={ +A guard on a process such that if a condition is not met, the process may not continue}}} + +\newcommand{\fmmdglossSIGPATH}{\glossary{name={signal~path},description={ +The components (software or hardware) and connections from whi particular signal or value is derived from in a system}}} + +\newcommand{\fmmdglossRD}{\glossary{name={reasoning~distance},description={ +A reasoning distance is the number of stages of logic and reasoning, +counted by the number of components examined, used to map a failure cause to its potential outcomes}}} + +\newcommand{\fmmdglossOBS}{\glossary{name={observability}, description={ +If a failure mode cannot be detected it is termed unobservable or undetectable}}} \newcommand{\fmmdglossSMARTINSTRUMENT}{\glossary{name={smart~instrument}, description={ A smart instrument is one that uses software @@ -121,7 +175,7 @@ analogue electronics only~\cite{smart_instruments_1514209}.}}} \newcommand{\fmmdglossCONTRACTPROG}{\glossary{name={contract~programming}, description={ A software discipline whereby each function is assigned strict pre and post conditions -which define a formalised `contract' for how the function should behave.}}} +which define a formalised `contract' the function's behaviour}}} % %\newcommand{\fmmdglossRD}{\glossary{name={reasoning~distance}{yahda yahda ya}}} @@ -131,21 +185,27 @@ Failure Mode Modular De-Composition (FMMD). A bottom-up methodology for incremen failure mode models, using a procedure taking functional groups of components and creating derived components representing them, and in turn using the derived components to create higher level functional groups, and so on, -that are used to build a hierarchical failure mode model of a system}}} +%that are used to build a +building a hierarchical failure mode model}}} % of a system}}} -\newcommand{\fmodegloss}{\glossary{name={failure mode},description={The way in which a failure occurs. +\newcommand{\fmodegloss}{\glossary{name={failure mode},description={ % The way in which a failure occurs. A component or sub-system may fail in a number of ways, and each of these is a -failure mode of the component or sub-system.}}} +failure mode of that particular component type}}} \newcommand{\fmeagloss}{\glossary{name={FMEA}, description={ -Failure Mode and Effects analysis (FMEA) is a process where each failure mode of components in a given system, -is analysed to determine system level failures/symptoms.}}} +Failure Mode and Effects analysis (FMEA) is a process where each +{\bc} failure mode in a given system +is analysed to determine system level failures/symptoms}}} \newcommand{\frategloss}{\glossary{name={failure rate}, description={ -The number of failures within a population (of size N), divided by N over a given time interval}}} -\newcommand{\pecgloss}{\glossary{name={PEC},description={A Programmable Electronic controller, -will typically consist of sensors and actuators interfaced electronically, with some firmware/software component in overall control}}} +The number of failures expected over a given time interval}}} + + +\newcommand{\pecgloss}{\glossary{name={PEC},description={ +A Programmable Electronic controller, +will typically consist of sensors and actuators interfaced electronically, +with some firmware/software component in overall control}}} \usepackage{amsthm}