diff --git a/submission_thesis/CH2_FMEA/copy.tex b/submission_thesis/CH2_FMEA/copy.tex index 2699a33..2eaccba 100644 --- a/submission_thesis/CH2_FMEA/copy.tex +++ b/submission_thesis/CH2_FMEA/copy.tex @@ -1221,7 +1221,6 @@ comply with a given SIL level} % title of Table FMEDA is a modern extension of FMEA, in that it recognises the effect of self checking features on safety, and provides detailed recommendations for computer/software architecture. % -It has a simple final result, a Safety Integrity Level (SIL) from 1 to 4 (where 4 is safest). % These SIL levels are broadly linked to the concept of an acceptance of probability of dangerous failures against time, as shown in table~\ref{tbl:sil_levels}. @@ -1231,13 +1230,29 @@ type standards (EN61508/IOC5108). The end result of an EN61508 analysis is an % provides a statistical overall `level~of~safety' known as a Safety Integrity level (SIL), for a system. % +It has a simple final result, a Safety Integrity Level (SIL) from 1 to 4 (where 4 is safest). +% %There are currently four SIL `levels', one to four, with four being the highest level. % It allows diagnostic mitigation for self checking circuitry. % + SIL levels are intended to -classify the statistical safety of installed and commissioned plant: +classify the statistical safety of installed plant: salesmen’s terms such as a `SIL~3~sensor' or other `device' given a SIL level, are meaningless. +% +SIL analysis is concerned with `safety~loops', not individual modules. +% +In control engineering terms, the safety~loop is the complete +path from sensors to signal~processing to actuators for a given function +in the plant. +% +This entire loop must be designed to detect and deal with any hazards +and have measures in place to reduce their affects. +% +In EN61508 terminology, a safety~loop is known as a safety instrumented function (SIF). +% + % % for four levels of %safety integrity, referred to as Safety Integrity Levels (SIL). @@ -1247,7 +1262,7 @@ FMEDA requires %does force the analyst to consider all hardware components in a system by requiring that an MTTF value is assigned for each base component failure~mode; the MTTF may be statistically mitigated (improved) -if it can be shown that self-checking will detect failure modes. +if it can be shown that self-checking will detect its failure modes. % The MTTF value for each component {\fm} is denoted using the symbol `$\lambda$'. % diff --git a/submission_thesis/CH5_Examples/copy.tex b/submission_thesis/CH5_Examples/copy.tex index caa380c..c0c358f 100644 --- a/submission_thesis/CH5_Examples/copy.tex +++ b/submission_thesis/CH5_Examples/copy.tex @@ -59,15 +59,15 @@ loop topology---using a `Bubba' oscillator---demonstrating how FMMD differs from Two analysis strategies are employed, one using initially identified {\fgs} and the second using a more complex hierarchy of %{\fgs} and {\dcs} showing -that a finer grained/more decomposed approach offers more re-use possibilities in future analysis tasks. +that a finer grained/more decomposed approach offers greater efficiency and re-use possibilities in future analysis tasks. % -\item Section~\ref{sec:sigmadelta} demonstrates FMMD can be applied to mixed analogue and digital circuitry +\item Section~\ref{sec:sigmadelta} demonstrates that FMMD can be applied to mixed analogue and digital circuitry by applying FMMD to a sigma delta ADC. %shows FMMD analysing the sigma delta %analogue to digital converter---again with a circular signal path---which operates on both %analogue and digital signals. \item Section~\ref{sec:Pt100} demonstrates FMMD being applied to a commonly used Pt100 -safety critical temperature sensor circuit, this is analysed for single and double failure modes. +safety critical temperature sensor circuit, this is analysed for single and then double failure modes. \end{itemize}