From 712fcb335663e778682eac97c2bfed3f69faf2e9 Mon Sep 17 00:00:00 2001 From: Robin Clark Date: Sat, 16 Mar 2013 12:19:01 +0000 Subject: [PATCH] JMC pr --- submission_thesis/CH2_FMEA/copy.tex | 7 ++++++- .../CH6_Software_Examples/software.tex | 19 +++++++++++-------- submission_thesis/CH7_Evaluation/copy.tex | 13 +++++++------ 3 files changed, 24 insertions(+), 15 deletions(-) diff --git a/submission_thesis/CH2_FMEA/copy.tex b/submission_thesis/CH2_FMEA/copy.tex index 20716dc..28be3c8 100644 --- a/submission_thesis/CH2_FMEA/copy.tex +++ b/submission_thesis/CH2_FMEA/copy.tex @@ -544,6 +544,8 @@ there is usually a clear afferent to transform to efferent path. % That is, there is an input, some processing and an output. % +We define the signal path as the components used to process the signal. +% Some circuits have feedback loops or even circular signal paths, but it is normal for a signal path to exist. % @@ -584,7 +586,10 @@ of the component exhibiting the {\fm} under investigation. % Also, whether following the effects through the signal path {\em only} is acceptable, and instead looking at its effect on all other components in the system is necessary, -is a matter for debate, and is examined in section~\ref{sec:xfmea}. +is a matter for debate. +In practise, it is a compromise between the amount of time/money that can be spent +on analysis relative to the criticality of the project. +Metrics from measuring the amount of work to undertake for FMEA are examined in section~\ref{sec:xfmea}. \paragraph{Single component failure mode to system failure relation.} diff --git a/submission_thesis/CH6_Software_Examples/software.tex b/submission_thesis/CH6_Software_Examples/software.tex index 057385e..ff16ad5 100644 --- a/submission_thesis/CH6_Software_Examples/software.tex +++ b/submission_thesis/CH6_Software_Examples/software.tex @@ -7,6 +7,7 @@ \label{sec:elecsw} In this chapter we show that FMMD can be applied to both software and electronics enabling us to build complete failure models of typical modern safety critical systems. +% With modular FMEA i.e. FMMD %(FMMD) we have the concepts of failure~modes of components, {\fgs} and symptoms of failure. % for a functional group. @@ -227,7 +228,7 @@ value from the external equipment. Consider a software function that reads a {\ft} input, and returns a value between 0 and 999 (i.e. per mil $\permil$) -representing the current detected with an additional error indication flag . +representing the current detected with an additional error indication flag. % Let us assume the {\ft} detection is via a \ohms{220} resistor, and that we read a voltage from an ADC into the software. @@ -244,7 +245,8 @@ is therefore $$(V \ge 0.88) \wedge (V \le 4.4) \; .$$ -This voltage range forms our input requirement and can be considered as an invariant condition (i.e. both a pre-condition and a postcondition +This voltage range forms our input requirement and can be considered as an invariant condition +(i.e. both a pre-condition and a postcondition; for the system to be operating correctly the voltage should be within the above bounds). % We can now examine a software function that performs a conversion from the voltage read to @@ -586,7 +588,7 @@ $$ fm(RADC) = \{ VV\_ERR, HIGH, LOW \} .$$ \paragraph{Functional Group - Software - voltage to per mil - VTPM } This function sits on top of the $RADC$ {\dc} determined above. -We look at the pre-conditions for the function $read\_4\_20\_input$ , % which we can call $RI$ +We look at the pre-conditions for the function $read\_4\_20\_input$, % which we can call $RI$ to determine its {\fms}. Its pre-condition is, {\em /* require: input from ADC to be between 0.88 and 4.4 volts */}. We can map this violation of the pre-condition, to the {\fm} VRNGE; %As this function has one pre-condition @@ -792,7 +794,7 @@ start with a structured analysis `Yourdon' context diagram~\cite{Yourdon:1989:MS \end{figure} Using figure~\ref{fig:context_diagram_PID} we review the system in terms of its data flow, starting -with the data sources ( the Pt100 inputs) and the data sinks (the heater output and the LED indicators). +with the data sources (the Pt100 inputs) and the data sinks (the heater output and the LED indicators). % We have two voltage inputs (see section~\ref{sec:Pt100}) from the Pt100 temperature sensor. For the Pt100 sensor, we will need to read the voltages it outputs and for this @@ -915,7 +917,7 @@ The internal timer in use is a register which when read returns an incremented time value. Using two's complement mathematics, by subtracting the time we last read it, we can calculate the interval -between readings (assuming the timer has not wrapped around more then once). +between readings (assuming the timer has not wrapped around more than once). We can say that a timer can fail by incrementing its value at an incorrect rate, or can stop incrementing. $$ fm(TIMER) = \{ STOPPED, INCORRECT\_INTERVAL \}$$ @@ -961,7 +963,7 @@ Identified Software Components: \item --- output\_control (which sets the PWM hardware according to the PID demand value) \end{itemize} With the call tree structure defined (see figure~\ref{fig:context_calltree}), we can now analyse these -components from the bottom-up, starting with the afferent flow, the reading in of the temperature and its conversion +components from the bottom-up, starting with the afferent flow, the reading of the temperature and its conversion to a PID calculated heater output demand. \subsubsection{Afferent flow FMMD analysis, Pt100, temperature, set point error, PID output demand.} @@ -970,7 +972,8 @@ We start with the afferent flow from the Pt100. %used (if any) by each software function. Starting at the bottom, we form a {\fg} with the function read\_ADC and the Pt100. -This gives us a {\dc} which we call ReadPt100. +This gives us a {\dc} which we call +$ReadPt100$. % % @@ -1068,7 +1071,7 @@ $$ fm(PID) = \{ KnownControlValueErrorV, IncorrectControlErrorV \} .$$ -We have now modelled the the software call tree for the afferent flow, we represent this as an Euler diagram in figure~\ref{fig:euler_afferent_PID}. +We have now modelled the software call tree for the afferent flow; we represent this as an Euler diagram in figure~\ref{fig:euler_afferent_PID}. Two call tree branches remain. The LED indication branch and the PWM/heater output. diff --git a/submission_thesis/CH7_Evaluation/copy.tex b/submission_thesis/CH7_Evaluation/copy.tex index bce68cb..2cd2ec0 100644 --- a/submission_thesis/CH7_Evaluation/copy.tex +++ b/submission_thesis/CH7_Evaluation/copy.tex @@ -177,7 +177,7 @@ Comparison complexity, $CC$ for a group of components $G$, is given by % J Howse requires justification for the CC equation above 10MAR2013. % Equation~\ref{eqn:CC} says that for every failure mode in the group $G$, we must check it against all other -components in the group (except its-self). This gives us a count of the number of reasoning paths to perform {\XFMEA}. +components in the group (except itself). This gives us a count of the number of reasoning paths to perform {\XFMEA}. These reasoning distance concepts are discussed in section~\ref{sec:reasoningdistance}. % from CH3 % Equation~\ref{eqn:CC} can be simplified if we can determine the total number of @@ -206,7 +206,7 @@ $i$ for identification and a superscript for the $\alpha$~level (see section~\r % %--- %o identify the hierarchy. -For example the first {\fg} in a hierarchy, containing base components only +For example the first {\fg} in a hierarchy containing base components only i.e. at the zeroth level of an FMMD hierarchy where $\alpha=0$, would have the superscript 0 and a subscript of 1: $FG^{0}_{1}$. % The {\fg} representing the potential divider in section~\ref{sec:pd} @@ -282,7 +282,7 @@ Using traditional FMEA employing exhaustive checking ({\XFMEA}) we obtain $ 2 \times (3-1) + 2 \times (3-1) + 4 \times (3-1)$ = 16. Even with this very trivial example, we begin to see benefits of taking a modular approach to FMEA. -\paragraph{Complexity Comparison for an hypothetical 81 component system.} +\paragraph{Complexity Comparison for a hypothetical 81 component system.} %Even considering a $example$ A system, $example$, with just 81 components (with these components having 3 failure modes each) would, using equation~\ref{eqn:rd2} have an $CC$ of @@ -766,7 +766,8 @@ However, where a complex component is used, for instance a microcontroller with several modules that could all fail simultaneously, a process of reduction into smaller theoretical components will have to be made. We can term this `heuristic~de-composition'. -A modern micro-controller will typically have several modules, which are configured to operate on +% +A modern micro-controller will typically have several modules which are configured to operate on pre-assigned pins on the device. Typically voltage inputs (\adcten / \adctw), digital input and outputs, PWM (pulse width modulation), UARTs and other modules will be found on simple cheap microcontrollers~\cite{pic18f2523}. % @@ -782,7 +783,7 @@ is then applied to it.}. -\paragraph{Reason for FMMD unitary failure mode constraint.} Were this constraint not to be applied +\paragraph{Reason for FMMD unitary failure mode constraint.} Were this constraint not to be applied, each component would not contribute $N$ failure modes, % to consider but potentially $2^N$. @@ -897,7 +898,7 @@ For example, say the cardinality constraint was 3, we would need to subtract both $|{n \choose 2}|$ and $|{n \choose 3}|$ for each component in the functional~group. -\subsubsection{Example: Two Component functional group cardinality Constraint of 2} +\subsubsection{Example: Two Component functional group Cardinality Constraint of 2} For example: suppose we have a simple functional group with two components R and T, of which $$fm(R) = \{R_o, R_s\}$$ and $$fm(T) = \{T_o, T_s, T_h\}.$$