robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reasoning distance concept added

Browse Source
This commit is contained in:
Robin Clark 2011-05-29 23:24:58 +01:00
parent 469b8b6f8f
commit 6ec06b5223
1 changed files with 27 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
fmmd_concept/System_safety_2011/submission.tex
View File

@ -65,8 +65,8 @@ failure mode of the component or sub-system}}}
\abstract{ \abstract{
The certification process of safety critical products for European and The certification process of safety critical products for European and
other international standards often involve environmental stress, other international standards often involve environmental stress,
endurance and EMC testing. Theoretical, or 'static testing', endurance and Electro Magnetic Compatibility (EMC) testing. Theoretical, or 'static testing',
is often also required to highlight modifications that must be made to is often also required. In general this will reveal modifications that must be made to
improve the product safety, or identify theoretical weaknesses in the design. improve the product safety, or identify theoretical weaknesses in the design.
This paper proposes a new theoretical methodology for creating failure mode models of safety critical systems. This paper proposes a new theoretical methodology for creating failure mode models of safety critical systems.
It has a common notation for mechanical, electronic and software domains and is modular and hierarchical. It has a common notation for mechanical, electronic and software domains and is modular and hierarchical.
@ -158,7 +158,7 @@ via self checking statistical mitigation.
\paragraph{Top Down approach} The top down technique FTA, introduces the possibility of missing base component \paragraph{Top Down approach} The top down technique FTA, introduces the possibility of missing base component
level failure modes~\cite{faa}[Ch.9]. Also one FTA treee is drawn for each top level level failure modes~\cite{faa}[Ch.9]. Also one FTA treee is drawn for each top level
event, leading to repreated work, with limitied ability for cross checking. event, leading to repreated work, with limitied ability for cross checking/model validation.
\paragraph{State Explosion problem} \paragraph{State Explosion problem}
The bottom -up techniques all suffer from a problem of state explosion. The bottom -up techniques all suffer from a problem of state explosion.
@ -187,11 +187,22 @@ To look in detail at a half of a million test cases is obviously impractical.
% current methodologies are used to establish criteria for an improved methodology. % current methodologies are used to establish criteria for an improved methodology.
\paragraph{Reasoning distance - complexity and reachability} \paragraph{Reasoning distance - complexity and reachability}
Tracing a component level failure up to a top level event, without rigour involving state explosion, involves Tracing a component level failure up to a top level event, without the rigour accompanying state explosion, involves
working heuistically. A base component failure will typically working heuristically. A base component failure will typically
be concepually removed by several stages from a top level event. be conceptually removed by several stages from a top level event.
The reasoning distance can be determined by the number of components The `reasoning~distance' $R_D$ can be calculated by summing the number of components
involved, multiplied by the number of failure modes in each component,
that must interact to reach the top level event. that must interact to reach the top level event.
Where $C$ represents the set of components in a failure mode causation chain,
$c$ represents a component and
the function $fn$ returns the number of failure modes for a given component, equation
\ref{eqn:complexity}, returns a value representing the complexity
from the base component failure to the SYSTEM level event.
\begin{equation}
R_D = \sum_{i=1}^{|C|} {fn(c)} %\; where \; c \in C
\label{eqn:complexity}
\end{equation}
% could have a chapter on this. % could have a chapter on this.
% take a circuit or system and follow all the interactions % take a circuit or system and follow all the interactions
% to the components that cause the system level event. % to the components that cause the system level event.
@ -202,21 +213,24 @@ SYSTEM level failure mode.
It could be possible to identify one top level event asssociated with It could be possible to identify one top level event asssociated with
a {\bcfm} and not investigate other possibilities. a {\bcfm} and not investigate other possibilities.
\section{Requirements for a new static faiilure mode Analysis methodology} \section{Requirements for a new static failure mode Analysis methodology}
A new methodology must ensure that it represents all component failure modes and it therefore should be bottom-up, A new methodology must ensure that it represents all component failure modes and it therefore should be bottom-up,
starting with individual component failure modes. starting with individual component failure modes.
In order to control the state explosion problem, the process must be modular In order to control the state explosion problem, the process must be modular
and deal with small groups of components. and deal with small groups of components. The design process follows this
rationale, sub-systems are build to perform often basic functions from base components.
We can term these small groups {\fgs}.
Components should be collected
Components should be broken into small functional groups to enable the examination of the effect of a
down into small functional groups to enable the examination of the effect of a
component failure mode on the other components in the group. component failure mode on the other components in the group.
The functional group can now be considered as `derived component' with a known set Once we have the failure modes, or symptoms of failure of a {\fg}
it can now be considered as `derived component' with a known set
of failure symptoms. We can use this `derived component' to build higher level of failure symptoms. We can use this `derived component' to build higher level
functional groups. functional groups.
This helps with the reasoning distance problem, This helps with the reasoning distance problem,
because we can trace failure modes back through complex interactions and have a structure to because we can trace failure modes back through complex interactions and have a structure to
base our reasoning on, at each stage. base our reasoning on, at each stage.