robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OK starting to get the new thesis structure

Browse Source 
actually producting pdf files.

In each chapter directory, copy.tex
is the source file for the chapter.
A makefile should exist in each of these
directories, and this when supplied the arg copy
will make all images form dia/gnuplot etc
This commit is contained in:
Your Name 2012-03-20 19:07:09 +00:00
parent f2a9530dab
commit 7671005fe3
29 changed files with 3402 additions and 770 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
old_thesis/component_failure_modes_definition/component_failure_modes_definition.tex
View File

@ -279,7 +279,7 @@ a signal may be lost.
We can map this failure cause to a failure symptom, and we can call it $LOW_{slew}$. We can map this failure cause to a failure symptom, and we can call it $LOW_{slew}$.
\paragraph{No Operation - over stress} \paragraph{No Operation - over stress}
Here the OP_AMP has been damaged, and the output may be held HIGH LOW, or may be effectively tri-stated Here the OP\_AMP has been damaged, and the output may be held HIGH LOW, or may be effectively tri-stated
, i.e. not able to drive circuitry in along the next stages of te signal path: we can call theis state NOOP (no Operation). , i.e. not able to drive circuitry in along the next stages of te signal path: we can call theis state NOOP (no Operation).
We can map this failure cause to three symptoms, $LOW$, $HIGH$, $NOOP$. We can map this failure cause to three symptoms, $LOW$, $HIGH$, $NOOP$.
@ -312,7 +312,7 @@ these conditions.
\begin{figure} \begin{figure}
\centering \centering
\includegraphics[width=200pt]{./lm258pinout.jpg} \includegraphics[width=200pt]{./component_failure_modes_definition/lm258pinout.jpg}
% lm258pinout.jpg: 478x348 pixel, 96dpi, 12.65x9.21 cm, bb=0 0 359 261 % lm258pinout.jpg: 478x348 pixel, 96dpi, 12.65x9.21 cm, bb=0 0 359 261
\caption{Pinout for an LM258 dual OP-AMP} \caption{Pinout for an LM258 dual OP-AMP}
\label{fig:lm258} \label{fig:lm258}

0
thesis_submission/CH5_Examples/lm258pinout.jpg → old_thesis/component_failure_modes_definition/lm258pinout.jpg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 19 KiB

After

Width:  |  Height:  |  Size: 19 KiB

0
thesis_submission/CH1_introduction/Makefile → submission_thesis/CH1_introduction/Makefile
View File

26
submission_thesis/CH1_introduction/copy.tex Normal file
View File

@ -0,0 +1,26 @@
\section{Copy dot tex}
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text

0
thesis_submission/CH1_introduction/millivoltsensor.kra → submission_thesis/CH1_introduction/millivoltsensor.kra
View File

0
thesis_submission/CH1_introduction/millivoltsensor.ps → submission_thesis/CH1_introduction/millivoltsensor.ps
View File

26
submission_thesis/CH2_FMEA/copy.tex Normal file
View File

@ -0,0 +1,26 @@
\section{Copy dot tex}
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text

26
submission_thesis/CH3_FMEA_criticism/copy.tex Normal file
View File

@ -0,0 +1,26 @@
\section{Copy dot tex}
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text

26
submission_thesis/CH4_FMMD/copy.tex Normal file
View File

@ -0,0 +1,26 @@
\section{Copy dot tex}
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text

19
thesis_submission/CH5_Examples/Makefile → submission_thesis/CH5_Examples/Makefile
View File

@ -5,15 +5,22 @@ PNG_DIA = circuit1_dag.png mvampcircuit.png pd.png invamp.png shared_component.p
%.png:%.dia %.png:%.dia
dia -t png $< dia -t png $<
echo " Chapter 5 DIA images generated"
pdf: $(PNG_DIA) pdf: $(PNG_DIA)
pdflatex copy pdflatex discussion_doc
acroread copy.pdf & acroread discussion_doc.pdf &
# this is the target used
# to make all images, dia gnuplot etc
#
copy: $(PNG_DIA)
echo "Chapter 5 sub make called"
bib: bib:
bibtex copy bibtex discussion_doc
#makeindex opamps.glo -s opamps.ist -t opamps.glg -o opamps.gls #makeindex opamps.glo -s opamps.ist -t opamps.glg -o opamps.gls

0
thesis_submission/CH5_Examples/circuit1001.png → submission_thesis/CH5_Examples/circuit1001.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 30 KiB

After

Width:  |  Height:  |  Size: 30 KiB

0
thesis_submission/CH5_Examples/circuit1_dag.png → submission_thesis/CH5_Examples/circuit1_dag.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 165 KiB

After

Width:  |  Height:  |  Size: 165 KiB

0
thesis_submission/CH5_Examples/circuit2002.png → submission_thesis/CH5_Examples/circuit2002.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 188 KiB

After

Width:  |  Height:  |  Size: 188 KiB

0
thesis_submission/CH5_Examples/circuit2002_FIVEPOLE.png → submission_thesis/CH5_Examples/circuit2002_FIVEPOLE.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 196 KiB

After

Width:  |  Height:  |  Size: 196 KiB

0
thesis_submission/CH5_Examples/circuit2002_LP1.png → submission_thesis/CH5_Examples/circuit2002_LP1.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 188 KiB

After

Width:  |  Height:  |  Size: 188 KiB

0
thesis_submission/CH5_Examples/circuit2h.png → submission_thesis/CH5_Examples/circuit2h.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 41 KiB

After

Width:  |  Height:  |  Size: 41 KiB

0
thesis_submission/CH5_Examples/circuit3003.png → submission_thesis/CH5_Examples/circuit3003.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 36 KiB

After

Width:  |  Height:  |  Size: 36 KiB

2200
submission_thesis/CH5_Examples/copy.tex Normal file
View File

File diff suppressed because it is too large Load Diff

0
thesis_submission/CH5_Examples/copy.tex → submission_thesis/CH5_Examples/discussion_doc.tex
View File

BIN
submission_thesis/CH5_Examples/lm258pinout.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 19 KiB

0
thesis_submission/CH5_Examples/non_inv_amp_fmea.png → submission_thesis/CH5_Examples/non_inv_amp_fmea.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 62 KiB

After

Width:  |  Height:  |  Size: 62 KiB

26
submission_thesis/CH6_Evaluation/copy.tex Normal file
View File

@ -0,0 +1,26 @@
\section{Copy dot tex}
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text

26
submission_thesis/CH7_Conculsion/copy.tex Normal file
View File

@ -0,0 +1,26 @@
\section{Copy dot tex}
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text
sample text

9
submission_thesis/Makefile Normal file
View File

@ -0,0 +1,9 @@
all:
pdflatex thesis
acroread thesis.pdf
bib:
bibtex thesis

979
submission_thesis/glossary.sty Normal file
View File

@ -0,0 +1,979 @@
%%
%% This is file `glossary.sty',
%% generated with the docstrip utility.
%%
%% The original source files were:
%%
%% glossary.dtx (with options: `glossary.sty,package')
%% Copyright (C) 2006 Nicola Talbot, all rights reserved.
%% If you modify this file, you must change its name first.
%% You are NOT ALLOWED to distribute this file alone. You are NOT
%% ALLOWED to take money for the distribution or use of either this
%% file or a changed version, except for a nominal charge for copying
%% etc.
%% \CharacterTable
%% {Upper-case \A\B\C\D\E\F\G\H\I\J\K\L\M\N\O\P\Q\R\S\T\U\V\W\X\Y\Z
%% Lower-case \a\b\c\d\e\f\g\h\i\j\k\l\m\n\o\p\q\r\s\t\u\v\w\x\y\z
%% Digits \0\1\2\3\4\5\6\7\8\9
%% Exclamation \! Double quote \" Hash (number) \#
%% Dollar \$ Percent \% Ampersand \&
%% Acute accent \' Left paren \( Right paren \)
%% Asterisk \* Plus \+ Comma \,
%% Minus \- Point \. Solidus \/
%% Colon \: Semicolon \; Less than \<
%% Equals \= Greater than \> Question mark \?
%% Commercial at \@ Left bracket \[ Backslash \\
%% Right bracket \] Circumflex \^ Underscore \_
%% Grave accent \` Left brace \{ Vertical bar \|
%% Right brace \} Tilde \~}
\NeedsTeXFormat{LaTeX2e}
\ProvidesPackage{glossary}[2006/07/20 2.4 (NLCT)]
\RequirePackage{ifthen}
\RequirePackage{keyval}
\define@key{gloss}
{style}
{\ifthenelse{\equal{#1}{list} \or \equal{#1}{altlist}
\or \equal{#1}{super} \or \equal{#1}{long}}
{\def\gls@style{#1}}
{\PackageError{glossary}
{Unknown glossary style '#1'}
{Available styles are: list, altlist, super and long}}}
\define@key{gloss}
{header}[plain]{\ifthenelse{\equal{#1}{none} \or \equal{#1}{plain}}
{\def\gls@header{#1}}
{\PackageError{glossary}
{Unknown glossary style '#1'}
{Available styles are: none and plain}}}
\define@key{gloss}
{border}[plain]{\ifthenelse{\equal{#1}{none} \or \equal{#1}{plain}}
{\def\gls@border{#1}}
{\PackageError{glossary}
{Unknown glossary border '#1'}
{Available styles are: none and plain}}}
\newcount\gls@cols
\define@key{gloss}{cols}{\gls@cols=#1\relax
\ifthenelse{\gls@cols<2 \or \gls@cols>3}
{\PackageError{glossary}
{invalid number of columns}
{The cols option can only be 2 or 3}}
{}}
\define@key{gloss}
{number}
{\ifthenelse{\equal{#1}{none}}
{\def\gls@glossary@number{#1}}
{\@ifundefined{c@#1}{
\PackageError{glossary}
{Unknown glossary number style '#1'}
{You may either specify "none" or the name of a counter,
e.g. "section"}\def\gls@glossary@number{page}}{\def\gls@glossary@number{#1}}}}
\newif\ifgls@toc
\define@key{gloss}{toc}[true]{\ifthenelse{\equal{#1}{true}
\or \equal{#1}{false}}
{\csname gls@toc#1\endcsname}
{\PackageError{glossary}{Glossary option 'toc' is boolean}
{The value of 'toc' can only be set to 'true' or 'false'}}}
\newif\ifgls@hypertoc
\define@key{gloss}{hypertoc}[true]{%
\ifthenelse{\equal{#1}{true} \or \equal{#1}{false}}
{\csname gls@hypertoc#1\endcsname}
{\PackageError{glossary}{Glossary option 'hypertoc' is boolean}
{The value of 'hypertoc' can only be set to 'true' or 'false'}}}
\newif\ifgls@section
\define@key{gloss}{section}[true]{%
\ifthenelse{\equal{#1}{true} \or \equal{#1}{false}}
{\csname gls@section#1\endcsname}
{\PackageError{glossary}{Glossary option 'section' is boolean}
{The value of 'section' can only be set to 'true' or 'false'}}}
\gls@sectionfalse
\newif\ifglshyper
\newif\ifglshyperacronym
\define@key{gloss}{hyper}[true]{%
\ifthenelse{\equal{#1}{true} \or \equal{#1}{false}}
{\csname glshyper#1\endcsname\glshyperacronymtrue}
{\PackageError{glossary}{Glossary option 'hyper' is boolean}
{The value of 'hyper' can only be set to 'true' or 'false'}}}
\define@key{gloss}{hyperacronym}[true]{%
\ifthenelse{\equal{#1}{true} \or \equal{#1}{false}}
{\csname glshyperacronym#1\endcsname}
{\PackageError{glossary}{Glossary option 'hyperacronym' is boolean}
{The value of 'hyperacronym' can only be set to 'true' or 'false'}}}
\newif\ifglsacronym
\define@key{gloss}{acronym}[true]{%
\ifthenelse{\equal{#1}{true} \or \equal{#1}{false}}
{\setboolean{glsacronym}{#1}}{%
\PackageError{glossary}{Glossary option 'acronym' is boolean}{The
value of 'acronym' can only be set to 'true' or 'false'}}}
\newif\ifglsglobal
\define@key{gloss}{global}[true]{\ifthenelse{\equal{#1}{true}\or
\equal{#1}{false}}{\setboolean{glsglobal}{#1}}{%
\PackageError{glossary}{Glossary option 'global' is boolean}{The
value of 'global' can only be set to 'true' or 'false'}}}
\def\gls@style{long}
\def\gls@header{none}
\def\gls@border{none}
\def\gls@glossary@number{page}
\gls@cols=2\relax
\gls@tocfalse
\@ifundefined{hyperpage}{\glshyperfalse\glshyperacronymfalse}{%
\glshypertrue\glshyperacronymtrue}
\@ifundefined{hypertarget}{
\newcommand{\glosslabel}[2]{#2}%
\newcommand{\glossref}[2]{#2}%
}{%
\newcommand{\glosslabel}[2]{\hypertarget{#1}{#2}}%
\newcommand{\glossref}[2]{\hyperlink{#1}{#2}}
}
\@ifundefined{xspace}{%
\let\glsxspace\relax}{%
\let\glsxspace\xspace}
\let\glossaryalignment\relax
\newcommand{\glossarypackageoptions}[1]{\setkeys{gloss}{#1}}
\InputIfFileExists{glossary.cfg}{%
\typeout{Glossary configuration file loaded}}{%
\typeout{No configuration file glossary.cfg found}}
\renewcommand{\glossarypackageoptions}[1]{%
\PackageError{glossary}{Command \string\glossarypackageoptions
^^Jcan only be used in configuration file}{}}
\DeclareOption*{\edef\@pkg@ptions{\noexpand
\setkeys{gloss}{\CurrentOption}}
\ifthenelse{\equal{\CurrentOption}{}}{}{\@pkg@ptions}}
\ProcessOptions
\ifthenelse{\(\equal{\gls@style}{list} \or
\equal{\gls@style}{altlist}\) \and
\(\not\equal{\gls@header}{none} \or \not\equal{\gls@border}{none}
\or \gls@cols=3\)}
{\PackageError{glossary}{You can't have option 'style=list' or
'style=altlist' in combination with any of the other style
options}{The 'list' and 'altlist' options don't have a header,
border or number of columns option.}}
{}
\ifthenelse{\boolean{gls@hypertoc} \and \boolean{gls@toc}}{%
\PackageWarning{glossary}{Can't have both 'toc' and
'hypertoc', ignoring 'toc' option}
\ifgls@hypertoc\gls@tocfalse\fi}{}
\define@key{wrgloss}{name}{%
\def\@glo@n@me{#1}%
\@onelevel@sanitize\@glo@n@me%
\global\let\@glo@n@me\@glo@n@me}
\define@key{wrgloss}{description}{%
\def\@descr{#1}%
\@onelevel@sanitize\@descr}
\define@key{wrgloss}{sort}{%
\def\@s@rt{#1}%
\@onelevel@sanitize\@s@rt
\global\let\@s@rt\@s@rt}
\define@key{wrgloss}{format}{\def\@f@rm@t{#1}}
\define@key{wrgloss}{number}{\def\@glo@num{#1}}
\newcommand{\@@wrglossary}{}
\newcommand{\@glo@l@bel}{}
\newcommand{\@gls@glossary@type}{glo}
\renewcommand{\@wrglossary}[2][glossary]{\relax
\gdef\@glo@n@me{}\def\@descr{}\def\@s@rt{}\def\@f@rm@t{}%
\edef\@glo@num{\csname gls@#1@number\endcsname}\relax
\xdef\@pr@fix{\csname @gls@#1@type\endcsname}%
\setkeys{wrgloss}{#2}\relax
\ifthenelse{\equal{\@glo@num}{none}}{\def\@@glo@num{\thepage}}{%
\@ifundefined{c@\@glo@num}{\PackageError{glossary}{%
Not such counter '\@glo@num'}{The value of the 'number' key
must be the name of a counter or the word "none"}%
\def\@@glo@num{\thepage}}{%
\edef\@@glo@num{\csname the\@glo@num\endcsname}}}%
\ifthenelse{\equal{\@s@rt}{}}{\gdef\@s@rt{\@glo@n@me}}{}%
\ifthenelse{\equal{\@glo@l@bel}{}}{%
\gdef\@glo@l@bel{\@pr@fix:\@s@rt}}{}%
\ifthenelse{\equal{\@f@rm@t}{}}
{\expandafter\protected@write\csname @#1file\endcsname{}%
{\string\glossaryentry{\@s@rt @{%
\string\glosslabel{\@glo@l@bel}{\@glo@n@me}}\@descr
\string\relax|glsnumformat}{\@@glo@num}}}
{\ifthenelse{\equal{\@f@rm@t}{hyperrm} \or
\equal{\@f@rm@t}{hypersf} \or \equal{\@f@rm@t}{hypertt}
\or \equal{\@f@rm@t}{hypermd} \or \equal{\@f@rm@t}{hyperbf}
\or \equal{\@f@rm@t}{hyperit} \or \equal{\@f@rm@t}{hyperem}
\or \equal{\@f@rm@t}{hypersl} \or \equal{\@f@rm@t}{hyperup}
\or \equal{\@f@rm@t}{hypersc}}
{\expandafter\protected@write\csname @#1file\endcsname{}%
{\string\glossaryentry{\@s@rt @{%
\string\glosslabel{\@glo@l@bel}{\@glo@n@me}}\@descr
\string\relax|\@f@rm@t[\@glo@num]}{\@@glo@num}}}
{\expandafter\protected@write\csname @#1file\endcsname{}%
{\string\glossaryentry{\@s@rt @{%
\string\glosslabel{\@glo@l@bel}{\@glo@n@me}}\@descr
\string\relax|\@f@rm@t}{\@@glo@num}}}}\relax
\endgroup\@esphack
\@@wrglossary
}
\define@key{wrnsgloss}{name}{\def\@glo@n@me{#1}}
\define@key{wrnsgloss}{description}{\def\@descr{#1}}
\define@key{wrnsgloss}{sort}{\def\@s@rt{#1}}
\define@key{wrnsgloss}{format}{\def\@f@rm@t{#1}}
\define@key{wrnsgloss}{number}{\def\@glo@num{#1}}
\newcommand{\@gls@getn@me}[1]{%
\def\@glo@n@me{}\setkeys{wrnsgloss}{#1}%
}
\newcommand{\@gls@getdescr}[1]{%
\@bsphack\begingroup
\def\@descr{}%
\setkeys{wrgloss}{#1}%
\global\let\@glo@desc\@descr
\endgroup\@esphack
}
\newcommand{\xglossary}{\renewcommand{\@@wrglossary}[1]{%
\glossref{\@glo@l@bel}{##1}\renewcommand{\@@wrglossary}{}}%
\glossary}
\newcommand*{\@glo@label@list}{}
\toksdef\gls@ta=0 \toksdef\gls@tb=2
\newcommand{\@glo@label@addtolist}[1]{%
\gls@ta={{#1}}\gls@tb=\expandafter{\@glo@label@list}%
\xdef\@glo@label@list{\the\gls@ta,\the\gls@tb}}
\newcommand*{\storeglosentry}[3][glossary]{%
\ifthenelse{\equal{#2}{*}}{%
\PackageError{glossary}{Glossary label '*' invalid}{You can't have
a glossary entry with a * as the label}}{%
\@ifundefined{glo@#2@entry}{%
\@glo@label@addtolist{#2}%
\expandafter\def\csname glo@#2@type\endcsname{#1}%
\expandafter\def\csname glo@#2@entry\endcsname{#3}%
\@gls@getn@me{#3}%
\expandafter\protected@edef\csname glo@#2@name\endcsname{\@glo@n@me}%
}{%
\PackageError{glossary}{Glossary entry '#2' already
defined}{There already exists a glossary entry with the label '#2'}}}%
}
\providecommand{\useglosentry}[2][\relax]{%
\ifthenelse{\equal{#2}{*}}{\@for\@glolab:=\@glo@label@list\do{%
\ifthenelse{\equal{\@glolab}{}}{}{\useglosentry[#1]{\@glolab}}}}{%
\@ifundefined{glo@#2@type}{%
\PackageError{glossary}{Glossary entry '#2' undefined}{You need
to define the entry using \string\storeglosentry\space before
using it.}}{{%
\edef\@glostype{\csname glo@#2@type\endcsname}%
\@glo@tb=\expandafter\expandafter\expandafter
{\csname glo@#2@entry\endcsname}%
\ifx#1\relax
\edef\@glo@cmd{\expandafter\noexpand
\csname\@glostype\endcsname{\the\@glo@tb}}%
\else
\edef\@glo@cmd{\expandafter\noexpand
\csname\@glostype\endcsname{\the\@glo@tb,#1}}%
\fi
\@glo@cmd
}}}}
\providecommand{\useGlosentry}[3][\relax]{%
\@ifundefined{glo@#2@type}{%
\PackageError{glossary}{Glossary entry '#2' undefined}{You need
to define the entry using \string\storeglosentry\space before
using it.}}{{%
\edef\@glostype{x\csname glo@#2@type\endcsname}%
\@glo@tb=\expandafter\expandafter\expandafter
{\csname glo@#2@entry\endcsname}%
\ifx#1\relax
\edef\@glo@cmd{\expandafter\noexpand
\csname\@glostype\endcsname{\the\@glo@tb}}%
\else
\edef\@glo@cmd{\expandafter\noexpand
\csname\@glostype\endcsname{\the\@glo@tb,#1}}%
\fi
\@glo@cmd{#3}%
}}}
\newcommand{\gls}[2][\relax]{%
\useGlosentry[#1]{#2}{%
\csname glo@#2@name\endcsname}}
\providecommand{\saveglosentry}[3][glossary]{%
\PackageWarning{glossary}{\string\saveglosentry\space is obsolete,
please use \string\storeglosentry\space instead}%
\expandafter\def\csname glo@#2@type\endcsname{#1}%
\expandafter\def\csname glo@#2@entry\endcsname{%
name={#2},description={#3}}}
\newcommand*{\@gls@setnumbering}[2][glossary]{%
\ifthenelse{\equal{#2}{none}}{%
\def\pagecompositor{-}
\expandafter\def\csname @#1@delimN\endcsname{}
\expandafter\def\csname @#1@delimR\endcsname{}
\expandafter\def\csname glsX#1Xnumformat\endcsname##1{}}{%
\ifthenelse{\equal{#2}{page}}{%
\def\pagecompositor{-}}{%
\def\pagecompositor{.}}
\expandafter\def\csname @#1@delimN\endcsname{, }
\expandafter\def\csname @#1@delimR\endcsname{--}
\ifglshyper
\expandafter\def\csname glsX#1Xnumformat\endcsname##1{%
\hyperrm[#2]{##1}}%
\else
\expandafter\def\csname glsX#1Xnumformat\endcsname##1{##1}\fi
}
}
\@gls@setnumbering{\gls@glossary@number}
\newcommand{\glsnumformat}[1]{%
\@ifundefined{\@glostype}{\def\@glostype{glossary}}{}%
\@ifundefined{glsX\@glostype Xnumformat}{%
\PackageError{glossary}{Glossary type '\@glostype' undefined}{}}{%
\csname glsX\@glostype Xnumformat\endcsname{#1}}}
\def\@glostype{glossary}
\newcommand{\delimN}{\csname @\@glostype @delimN\endcsname}
\newcommand{\delimR}{\csname @\@glostype @delimR\endcsname}
\newcommand{\gloitem}{\csname @\@glostype @gloitem\endcsname}
\newcommand{\gloskip}{\csname @\@glostype @gloskip\endcsname}
\newcommand{\delimT}{\glsafternum
\csname @\@glostype @delimT\endcsname}
\newcommand{\glodelim}{\csname @\@glostype @glodelim\endcsname
\glsbeforenum}
\newcommand{\glogroupSymbols}{}
\newcommand{\glogroupNumbers}{}
\newcommand{\glogroupA}{}
\newcommand{\glogroupB}{}
\newcommand{\glogroupC}{}
\newcommand{\glogroupD}{}
\newcommand{\glogroupE}{}
\newcommand{\glogroupF}{}
\newcommand{\glogroupG}{}
\newcommand{\glogroupH}{}
\newcommand{\glogroupI}{}
\newcommand{\glogroupJ}{}
\newcommand{\glogroupK}{}
\newcommand{\glogroupL}{}
\newcommand{\glogroupM}{}
\newcommand{\glogroupN}{}
\newcommand{\glogroupO}{}
\newcommand{\glogroupP}{}
\newcommand{\glogroupQ}{}
\newcommand{\glogroupR}{}
\newcommand{\glogroupS}{}
\newcommand{\glogroupT}{}
\newcommand{\glogroupU}{}
\newcommand{\glogroupV}{}
\newcommand{\glogroupW}{}
\newcommand{\glogroupX}{}
\newcommand{\glogroupY}{}
\newcommand{\glogroupZ}{}
\define@key{glossnum}{glsnumformat}{\def\@glsnumformat{#1}}
\define@key{glossnum}{type}{\def\@glsnumtype{#1}}
\define@key{glossnum}{delimN}{\def\@delimN{#1}}
\define@key{glossnum}{delimR}{\def\@delimR{#1}}
\define@key{glossnum}{delimT}{\def\@delimT{#1}}
\define@key{glossnum}{gloskip}{\def\@gloskip{#1}}
\define@key{glossnum}{glodelim}{\def\@glodelim{#1}}
\providecommand{\ignore}[1]{}
\newcommand{\setglossary}[1]{%
\def\@glsnumformat{}%
\def\@glsnumtype{glossary}%
\def\@delimN{@dontchange@}%
\def\@delimR{@dontchange@}%
\def\@delimT{@dontchange@}%
\def\@gloskip{@dontchange@}%
\def\@glodelim{@dontchange@}%
\setkeys{glossnum}{#1}\relax
\@ifundefined{print\@glsnumtype}{%
\PackageError{glossary}{Invalid glossary type '\@glsnumtype'}{%
Glossary type '\@glsnumtype' has not been defined}
}{%
\ifthenelse{\equal{\@glsnumformat}{}}{}{%
\expandafter\xdef\csname glsX\@glsnumtype Xnumformat\endcsname{%
\noexpand\csname\@glsnumformat\noexpand\endcsname}%
\ifthenelse{\equal{\@glsnumformat}{ignore}}{%
\expandafter\xdef\csname @\@glsnumtype @delimN\endcsname{}%
\expandafter\xdef\csname @\@glsnumtype @delimR\endcsname{}%
}{}%
}%
\ifthenelse{\equal{\@delimN}{@dontchange@}}{}{%
\expandafter\xdef\csname @\@glsnumtype @delimN\endcsname{%
\@delimN}}%
\ifthenelse{\equal{\@delimR}{@dontchange@}}{}{%
\expandafter\xdef\csname @\@glsnumtype @delimR\endcsname{%
\@delimR}}%
\ifthenelse{\equal{\@delimT}{@dontchange@}}{}{%
\expandafter\xdef\csname @\@glsnumtype @delimT\endcsname{%
\@delimT}}%
\ifthenelse{\equal{\@gloskip}{@dontchange@}}{}{%
\expandafter\xdef\csname @\@glsnumtype @gloskip\endcsname{%
\@gloskip}}%
\ifthenelse{\equal{\@glodelim}{@dontchange@}}{}{%
\expandafter\xdef\csname @\@glsnumtype @glodelim\endcsname{%
\@glodelim}%
}%
}}
\newcommand{\@gls@glossary@inext}{gls}
\newcommand\printglossary[1][glossary]{%
\def\@glostype{#1}%
\@ifundefined{#1name}{%
\renewcommand{\@glossaryname}{\glossaryname}}{%
\renewcommand{\@glossaryname}{\csname #1name\endcsname}}%
\@ifundefined{short#1name}{%
\renewcommand{\@shortglossaryname}{\@glossaryname}}{%
\renewcommand{\@shortglossaryname}{\csname short#1name\endcsname}}%
\expandafter\let\expandafter\gls@number\csname gls@#1@number\endcsname
\@input@{\jobname.\csname @gls@#1@inext\endcsname}}
\providecommand{\glossaryname}{Glossary}
\newcommand{\shortglossaryname}{\glossaryname}
\newcommand{\entryname}{Notation}
\newcommand{\descriptionname}{Description}
\newcommand{\istfilename}{\jobname.ist}
\def\@glossaryname{\glossaryname}
\def\@shortglossaryname{\shortglossaryname}
\newcommand{\@istfilename}[1]{}
\providecommand{\glossarytitle}{%
\@ifundefined{chapter}%
{%
\ifgls@hypertoc
\phantomsection
\@glosaddtoc{section}%
\section*{\@glossaryname}\relax
\else
\section*{\@glossaryname}\relax
\ifgls@toc\@glosaddtoc{section}\fi
\fi}%
{%
\ifthenelse{\boolean{gls@section}}%
{%
\ifgls@hypertoc
\phantomsection
\@glosaddtoc{section}%
\section*{\@glossaryname}\relax
\else
\section*{\@glossaryname}\relax
\ifgls@toc\@glosaddtoc{section}\fi
\fi}%
{%
\ifgls@hypertoc
\@ifundefined{if@twoside}{%
\clearpage}{%
\if@twoside
\@ifundefined{cleardoublepage}{\clearpage}{\cleardoublepage}%
\else
\clearpage
\fi}%
\phantomsection
\@glosaddtoc{chapter}%
\fi
\chapter*{\@glossaryname}\relax
\ifgls@toc\@glosaddtoc{chapter}\fi}}
\markboth{\@shortglossaryname}{\@shortglossaryname}%
}
\@ifundefined{theglossary}{%
\newenvironment{theglossary}{}{}}{%
\PackageWarning{glossary}{Redefining 'theglossary' environment}}
\renewenvironment{theglossary}{%
\glossarytitle
\glossarypreamble\@bef@reglos}{\@ftergl@s\glossarypostamble}
\newcommand{\glossarypreamble}{}
\newcommand{\glossarypostamble}{}
\newcommand{\@glosaddtoc}[1]{%
\addcontentsline{toc}{#1}{\@shortglossaryname}
}
\newif\ifgloitemfirst
\newcommand{\@bef@reglos}{\global\gloitemfirsttrue\beforeglossary}
\newcommand{\@ftergl@s}{\afterglossary\global\gloitemfirstfalse}
\newcommand{\glossaryalignment}{\relax}
\newcommand{\@gls@align@glossary}{}
\newcommand{\glosstail}{%
\@ifundefined{@gls@tail@\@glostype}{%
\PackageError{glossary}{No glossary tail defined for glossary
type '\@glostype'}{}}{%
\csname @gls@tail@\@glostype\endcsname}}
\newcommand{\@gls@tail@glossary}{}
\newcommand{\afterglossary}{%
\@ifundefined{@gls@afterglos@\@glostype}{%
\PackageError{glossary}{No after glossary defined for glossary
type '\@glostype'}{}}{%
\csname @gls@afterglos@\@glostype\endcsname}}
\newcommand{\beforeglossary}{%
\@ifundefined{@gls@beforeglos@\@glostype}{%
\PackageError{glossary}{No before glossary defined for glossary
type '\@glostype'}{}}{%
\csname @gls@beforeglos@\@glostype\endcsname}}
\newcommand{\@gls@beforeglos@glossary}{}
\newcommand{\@gls@afterglos@glossary}{}
\newcommand{\@glossary@glodelim}{}
\newcommand{\@glossary@delimT}{}
\newcommand{\glsafternum}{}
\newcommand{\glsbeforenum}{}
\newcommand{\@glossary@gloskip}{}
\newcommand{\@glossary@gloitem}[1]{#1}
\newcommand{\gls@setlist}[1][glossary]{%
\expandafter\def\csname @gls@beforeglos@#1\endcsname{%
\begin{description}}%
\expandafter\def\csname @gls@afterglos@#1\endcsname{%
\end{description}}%
\expandafter\def\csname @#1@gloskip\endcsname{\indexspace}%
\ifthenelse{\equal{\csname gls@#1@number\endcsname}{none}}{%
\expandafter\def\csname @#1@glodelim\endcsname{}}{%
\expandafter\def\csname @#1@glodelim\endcsname{, }}%
\expandafter\def\csname @#1@gloitem\endcsname##1{\item[##1]}%
\expandafter\def\csname @#1@delimT\endcsname{}
}
\newcommand{\gls@setaltlist}[1][glossary]{%
\expandafter\def\csname @gls@beforeglos@#1\endcsname{%
\begin{description}}%
\expandafter\def\csname @gls@afterglos@#1\endcsname{%
\end{description}}%
\expandafter\def\csname @#1@gloskip\endcsname{\indexspace}%
\expandafter\def\csname @#1@gloitem\endcsname##1{%
\item[##1]\mbox{}\nopagebreak\par\nopagebreak}%
\expandafter\def\csname @#1@glodelim\endcsname{ }%
\expandafter\def\csname @#1@delimT\endcsname{}
}
\ifthenelse{\equal{\gls@style}{super}}{
\IfFileExists{supertab.sty}{\RequirePackage{supertab}}
{\IfFileExists{supertabular.sty}{\RequirePackage{supertabular}}
{\PackageError{glossary}{Option "super" chosen, but can't find
"supertab" package}{If you want the "super" option, you have to have
the "supertab" package installed.}}}}
{\RequirePackage{longtable}}
\newlength{\descriptionwidth}
\setlength{\descriptionwidth}{0.6\linewidth}
\newcommand{\@glossaryheader}{%
\@ifundefined{glossaryheader}{\csname @\@glostype @header\endcsname}
{\glossaryheader}%
\@ifundefined{glossarysubheader}{}{\glossarysubheader}%
}
\newcommand{\gls@setheader}[1][glossary]{%
\ifthenelse{\equal{\gls@header}{none}}%
{%
\ifthenelse{\equal{\gls@border}{none}}
{\expandafter\def\csname @#1@header\endcsname{}%
}{\expandafter\def\csname @#1@header\endcsname{\hline}}%
}{%
\ifnum\gls@cols=2\relax
\ifthenelse{\equal{\gls@border}{none}}
{%
\expandafter\def\csname @#1@header\endcsname{%
\bfseries\entryname & \bfseries \descriptionname\\}}%
{%
\expandafter\def\csname @#1@header\endcsname{%
\hline\bfseries\entryname & \bfseries\descriptionname
\\\hline\hline}}%
\else
\ifthenelse{\equal{\gls@border}{none}}
{%
\expandafter\def\csname @#1@header\endcsname{%
\bfseries\entryname & \bfseries \descriptionname &
\bfseries \glspageheader \\}}%
{%
\expandafter\def\csname @#1@header\endcsname{%
\hline\bfseries\entryname &\bfseries\descriptionname &
\bfseries \glspageheader \\\hline\hline}}%
\fi
}}
\newcommand*{\glspageheader}{}
\newcommand{\gls@setalignment}[1][glossary]{%
\ifthenelse{\equal{\gls@border}{none}}
{
\ifnum\gls@cols=2\relax
\expandafter\def\csname @gls@align@#1\endcsname{%
@{\hspace{\tabcolsep}\bfseries}lp{\descriptionwidth}}
\else
\expandafter\def\csname @gls@align@#1\endcsname{%
@{\hspace{\tabcolsep}\bfseries}lp{\descriptionwidth}l}
\fi
\expandafter\def\csname @gls@tail@#1\endcsname{}%
}{%
\ifnum\gls@cols=2\relax
\expandafter\def\csname @gls@align@#1\endcsname{%
|@{\hspace{\tabcolsep}\bfseries
}lp{\descriptionwidth}|}
\else
\expandafter\def\csname @gls@align@#1\endcsname{%
|@{\hspace{\tabcolsep}\bfseries
}lp{\descriptionwidth}l|}
\fi
\expandafter\def\csname @gls@tail@#1\endcsname{\hline}%
}%
\expandafter\def\csname @#1@delimT\endcsname{\\}
\ifnum\gls@cols=2\relax
\expandafter\def\csname @#1@gloskip\endcsname{& \\}%
\ifthenelse{\equal{\csname gls@#1@number\endcsname}{none}}{%
\expandafter\def\csname @#1@glodelim\endcsname{}}{%
\expandafter\def\csname @#1@glodelim\endcsname{, }}%
\else
\expandafter\def\csname @#1@gloskip\endcsname{& & \\}%
\expandafter\def\csname @#1@glodelim\endcsname{& }%
\fi
\expandafter\def\csname @#1@gloitem\endcsname##1{##1 &}%
}
\newcommand{\@st@rtglostable}[2]{%
\gls@ta={\begin{#1}}\gls@tb=\expandafter{#2}%
\edef\@st@rtglost@ble{\the\gls@ta{\the\gls@tb}}
\@st@rtglost@ble}
\newcommand{\gls@setsuper}[1][glossary]{%
\gls@setalignment[#1]%
\gls@setheader[#1]%
\expandafter\def\csname @gls@beforeglos@#1\endcsname{%
\tablehead{\@glossaryheader}\tabletail{\glosstail}%
\if\glossaryalignment\relax
\expandafter\let\expandafter\@glossaryalignment
\csname @gls@align@#1\endcsname
\else
\let\@glossaryalignment\glossaryalignment
\fi
\@st@rtglostable{supertabular}\@glossaryalignment}
\expandafter\def\csname @gls@afterglos@#1\endcsname{%
\end{supertabular}}%
}
\newcommand{\gls@setlong}[1][glossary]{%
\gls@setalignment[#1]%
\gls@setheader[#1]%
\expandafter\def\csname @gls@beforeglos@#1\endcsname{%
\if\relax\glossaryalignment
\expandafter\let\expandafter\@glossaryalignment
\csname @gls@align@#1\endcsname
\else
\let\@glossaryalignment\glossaryalignment
\fi
\@st@rtglostable{longtable}{\@glossaryalignment}
\@glossaryheader\endhead\glosstail\endfoot}
\expandafter\def\csname @gls@afterglos@#1\endcsname{%
\end{longtable}}%
}
\newcommand{\@setglossarystyle}[1][glossary]{%
\@ifundefined{gls@set\gls@style}{%
\PackageError{glossary}{Glossary style '\gls@style' undefined}{}}{%
\ifthenelse{\equal{\gls@number}{}}{}{%
\expandafter\edef\csname gls@#1@number\endcsname{\gls@number}%
\@gls@setnumbering[#1]{\gls@number}%
}%
\csname gls@set\gls@style\endcsname[#1]}}
\let\gls@number\gls@glossary@number
\@setglossarystyle
\define@key{glosstyle}
{style}
{\ifthenelse{\equal{#1}{list} \or \equal{#1}{altlist}
\or \equal{#1}{super} \or \equal{#1}{long}}
{\def\gls@style{#1}}
{\PackageError{glossary}
{Unknown glossary style '#1'}
{Available styles are: list, altlist, super and long}}}
\define@key{glosstyle}
{header}[plain]{\ifthenelse{\equal{#1}{none} \or \equal{#1}{plain}}
{\def\gls@header{#1}}
{\PackageError{glossary}
{Unknown glossary style '#1'}
{Available styles are: none and plain}}}
\define@key{glosstyle}
{border}[plain]{\ifthenelse{\equal{#1}{none} \or \equal{#1}{plain}}
{\def\gls@border{#1}}
{\PackageError{glossary}
{Unknown glossary border '#1'}
{Available styles are: none and plain}}}
\define@key{glosstyle}{cols}{\gls@cols=#1\relax
\ifthenelse{\gls@cols<2 \or \gls@cols>3}
{\PackageError{glossary}
{invalid number of columns}
{The cols option can only be 2 or 3}}
{}}
\define@key{glosstyle}
{number}
{\ifthenelse{\equal{#1}{none}}
{\def\gls@number{#1}}
{\@ifundefined{c@#1}{
\PackageError{glossary}
{Unknown glossary number style '#1'}
{You may either specify "none" or the name of a counter,
e.g. "section"}\def\gls@number{page}}{\def\gls@number{#1}}}}
\newcommand{\setglossarystyle}[2][glossary]{%
\def\gls@number{}%
\setkeys{glosstyle}{#2}%
\@setglossarystyle[#1]%
}
\ifthenelse{\equal{\gls@glossary@number}{none} \and \gls@cols<3}{%
\renewcommand{\@glossary@glodelim}{}}{}
\newif\ifist
\let\noist=\istfalse
\if@filesw\isttrue\else\istfalse\fi
\newwrite\istfile
\catcode`\%11\relax
\newcommand{\writeist}{
\protected@write\@auxout{}{\protect\@istfilename{\istfilename}}
\openout\istfile=\istfilename
\write\istfile{% makeindex style file created by LaTeX for document "\jobname" on \the\year-\the\month-\the\day}
\write\istfile{keyword "\string\\glossaryentry"}
\write\istfile{preamble "\string\\begin{theglossary}"}
\write\istfile{postamble "\string\n\string\\end{theglossary}\string\n"}
\write\istfile{group_skip "\string\\gloskip "}
\write\istfile{item_0 "\string\n\string\n\string\\gloitem "}
\write\istfile{delim_0 "\string\n\string\\glodelim "}
\write\istfile{page_compositor "\pagecompositor"}
\write\istfile{delim_n "\string\\delimN "}
\write\istfile{delim_r "\string\\delimR "}
\write\istfile{delim_t "\string\\delimT "}
\write\istfile{headings_flag 1}
\write\istfile{heading_prefix "\string\\glogroup"}
\write\istfile{symhead_positive "Symbols"}
\write\istfile{numhead_positive "Numbers"}
\closeout\istfile
}
\catcode`\%14\relax
\renewcommand{\makeglossary}{
\newwrite\@glossaryfile
\immediate\openout\@glossaryfile=\jobname.glo
\renewcommand{\glossary}[1][]{\gdef\@glo@l@bel{##1}%
\@bsphack \begingroup \@wrglossary }
\typeout {Writing glossary file \jobname .glo }
\let \makeglossary \@empty
\ifist\writeist\fi
\noist}
\renewcommand{\glossary}[1][]{%
\@bsphack\begingroup\@sanitize\@index}
\newcommand{\newglossarytype}[4][glg]{
\@ifundefined{#2}{%
\protected@write\@auxout{}{\@newglossarytype[#1]{#2}{#3}{#4}}%
\def\@glstype{#2}\def\@glsout{#3}\def\@glsin{#4}%
\expandafter\edef\csname gls@\@glstype @number\endcsname{%
\gls@glossary@number}%
\expandafter\gdef\csname glsX\@glstype Xnumformat\endcsname{%
\glsXglossaryXnumformat}%
\expandafter\gdef\csname @\@glstype @delimN\endcsname{%
\@glossary@delimN}%
\expandafter\gdef\csname @\@glstype @delimR\endcsname{%
\@glossary@delimR}%
\expandafter\gdef\csname @gls@\@glstype @inext\endcsname{#4}%
\expandafter\def\csname @gls@#2@type\endcsname{#4}%
\expandafter\edef\csname make\@glstype\endcsname{%
\noexpand\@m@kegl@ss{\@glstype}{\@glsout}}
\expandafter\edef\csname \@glstype\endcsname{%
\noexpand\@gl@ss@ary{\@glstype}}
\expandafter\edef\csname x\@glstype\endcsname{%
\noexpand\@Gl@ss@ary{\@glstype}}
\@namedef{print\@glstype}{%
\printglossary[#2]}%
}{\PackageError{glossary}{Command
\expandafter\string\csname #2\endcsname \space already defined}{%
You can't call your new glossary type '#2' because there already
exists a command with this name}}%
\@@n@wglostype}
\newcommand{\@@n@wglostype}[1][]{%
\setglossarystyle[\@glstype]{#1}}
\newcommand{\@newglossarytype}[4][glg]{}
\newcommand\@m@kegl@ss[2]{%
\expandafter\newwrite\csname @#1file\endcsname
\expandafter\immediate\expandafter
\openout\csname @#1file\endcsname=\jobname.#2
\typeout {Writing #1 file \jobname .#2 }
\expandafter\let \csname make#1\endcsname \@empty
\ifist\writeist\fi
\expandafter\def\csname the#1num\endcsname{\thepage}
\noist
}
\newcommand\@gl@ss@ary[2][]{\@ifundefined{@#2file}{%
\@bsphack\begingroup\@sanitize \@index}{%
\gdef\@glo@l@bel{#1}%
\@bsphack \begingroup \@wrglossary[#2]}}
\newcommand{\@Gl@ss@ary}{%
\renewcommand{\@@wrglossary}[1]{%
\glossref{\@glo@l@bel}{##1}\renewcommand{\@@wrglossary}{}}%
\@gl@ss@ary}
\@onlypreamble{\newglossarytype}
\newcommand\@acrnmsh{}
\newcommand\@sacrnmsh{}
\newcommand\@acrnmln{}
\newcommand\@acrnmcmd{}
\newcommand\@acrnmgls{}
\newcommand\@acrnmins{}
\toksdef\@glo@tb=2
\newcommand{\@acr@list}{}
\newcommand{\@acr@addtolist}[1]{\edef\@glo@ta{#1}%
\ifthenelse{\equal{\@acr@list}{}}{%
\edef\@acr@list{\@glo@ta}}{%
\@glo@tb=\expandafter{\@acr@list}%
\edef\@acr@list{\the\@glo@tb,\@glo@ta}}}
\newcommand{\@acronymnamefmt}{\glolong\ (\gloshort)}
\newcommand{\setacronymnamefmt}[1]{\def\@acronymnamefmt{#1}}
\newcommand{\@acronymdescfmt}{\glodesc}
\newcommand{\setacronymdescfmt}[1]{\def\@acronymdescfmt{#1}}
\newcommand{\acronymfont}[1]{#1}
\newcommand{\newacronym}[4][]{%
\ifthenelse{\equal{#1}{}}{\renewcommand\@acrnmcmd{#2}}{%
\renewcommand\@acrnmcmd{#1}}
\@ifundefined{\@acrnmcmd}{%
\expandafter\newcommand\csname\@acrnmcmd short\endcsname{%
#2\protect\glsxspace}
\expandafter\newcommand\csname\@acrnmcmd @nx@short\endcsname{#2}
\expandafter\newcommand\csname\@acrnmcmd long\endcsname{%
#3\protect\glsxspace}
\expandafter\newcommand\csname\@acrnmcmd @nx@long\endcsname{#3}
\def\@acrn@entry{#4}%
{%
\expandafter\@gls@getdescr\expandafter{\@acrn@entry}%
\let\glodesc\@glo@desc%
\def\glolong{#3}%
\@onelevel@sanitize\glolong
\def\gloshort{\noexpand\acronymfont{#2}}%
\@onelevel@sanitize\gloshort
\expandafter\protected@xdef\expandafter\@acrnamefmt{\@acronymnamefmt}
\expandafter\protected@xdef\expandafter\@acrdesc{\@acronymdescfmt}
}%
\@acr@addtolist{\@acrnmcmd}
\@glo@tb=\expandafter{\@acrn@entry}%
\protected@edef\@acr@glsentry{name={\@acrnamefmt},%
format=glsnumformat,sort={\@acrnmcmd},\the\@glo@tb,%
description={\@acrdesc}}%
\@glo@tb=\expandafter{\@acr@glsentry}%
\newboolean{\@acrnmcmd first}\setboolean{\@acrnmcmd first}{true}
\expandafter\protected@edef\csname \@acrnmcmd\endcsname{%
\noexpand\@ifstar{\csname @s@\@acrnmcmd\endcsname}{%
\csname @\@acrnmcmd\endcsname}}
\ifglshyperacronym % hyperlinks
\expandafter\protected@edef\csname @\@acrnmcmd\endcsname{%
\noexpand\ifthenelse{\noexpand\boolean{\@acrnmcmd first}}{%
\csname\@acrnmcmd @nx@long\endcsname\noexpand\@acrnmins\
(\noexpand\xacronym{\the\@glo@tb}{%
\noexpand\acronymfont{\csname\@acrnmcmd @nx@short\endcsname}%
})\noexpand\unsetacronym{\@acrnmcmd}%
}{\noexpand\xacronym{\the\@glo@tb}{%
\noexpand\acronymfont{\csname\@acrnmcmd @nx@short\endcsname}%
\noexpand\@acrnmins}}\noexpand\glsxspace}
\expandafter\protected@edef\csname @s@\@acrnmcmd\endcsname{%
\noexpand\ifthenelse{\noexpand\boolean{\@acrnmcmd first}}{%
\noexpand\expandafter\noexpand\MakeUppercase
\csname\@acrnmcmd @nx@long\endcsname\noexpand\@acrnmins\
(\noexpand\xacronym{\the\@glo@tb}{%
\noexpand\acronymfont{\csname\@acrnmcmd @nx@short\endcsname}%
})%
\noexpand\unsetacronym{\@acrnmcmd}}{%
\noexpand\xacronym{\the\@glo@tb}{%
\noexpand\acronymfont{\noexpand\expandafter\noexpand\MakeUppercase
\csname\@acrnmcmd @nx@short\endcsname}%
\noexpand\@acrnmins}}\noexpand\glsxspace}
\else % no hyperlinks
\expandafter\protected@edef\csname @\@acrnmcmd\endcsname{%
\noexpand\ifthenelse{\noexpand\boolean{\@acrnmcmd first}}{%
\csname\@acrnmcmd @nx@long\endcsname\noexpand\@acrnmins\
(\noexpand\acronym{\the\@glo@tb}{%
\noexpand\acronymfont{\csname\@acrnmcmd @nx@short\endcsname}%
})\noexpand\unsetacronym{\@acrnmcmd}%
}{\noexpand\acronym{\the\@glo@tb}{%
\noexpand\acronymfont{\csname\@acrnmcmd @nx@short\endcsname}%
\noexpand\@acrnmins}}%
\noexpand\glsxspace}
\expandafter\protected@edef\csname @s@\@acrnmcmd\endcsname{%
\noexpand\ifthenelse{\noexpand\boolean{\@acrnmcmd first}}{%
\noexpand\expandafter
\noexpand\MakeUppercase
\csname\@acrnmcmd @nx@long\endcsname\noexpand\@acrnmins\
(\noexpand\acronym{\the\@glo@tb}{%
\noexpand\acronymfont{\csname\@acrnmcmd @nx@short\endcsname}%
})%
\noexpand\unsetacronym{\@acrnmcmd}}{%
\noexpand\acronym{\the\@glo@tb}{%
\noexpand\acronymfont{\noexpand\expandafter\noexpand\MakeUppercase
\csname\@acrnmcmd @nx@short\endcsname}%
\noexpand\@acrnmins}}\noexpand\glsxspace}
\fi
}{%
\PackageError{glossary}{Command '\expandafter\string
\csname\@acrnmcmd\endcsname' already defined}{%
The command name specified by \string\newacronym already exists.}}}
\newcommand{\useacronym}{\@ifstar\@suseacronym\@useacronym}
\newcommand{\@suseacronym}[2][]{{\let\glsxspace\relax
\def\@acrnmins{#1}\csname @s@#2\endcsname}%
\setboolean{#2first}{false}}
\newcommand{\@useacronym}[2][]{{\let\glsxspace\relax
\def\@acrnmins{#1}\csname @#2\endcsname}%
\setboolean{#2first}{false}}
\newcommand{\acrln}{\@ifstar\@sacrln\@acrln}
\newcommand{\@acrln}[1]{\@ifundefined{#1long}{%
\PackageError{glossary}{Acronym '#1' has not been defined}{}}{%
\csname#1@nx@long\endcsname}}
\newcommand{\@sacrln}[1]{\@ifundefined{#1long}{%
\PackageError{glossary}{Acronym '#1' has not been defined}{}}{%
\expandafter\expandafter\expandafter
\MakeUppercase\csname#1@nx@long\endcsname}}
\newcommand{\acrsh}{\@ifstar\@sacrsh\@acrsh}
\newcommand{\@acrsh}[1]{\@ifundefined{#1short}{%
\PackageError{glossary}{Acronym '#1' has not been defined}{}}{%
\acronymfont{\csname#1@nx@short\endcsname}}}
\newcommand{\@sacrsh}[1]{\@ifundefined{#1short}{%
\PackageError{glossary}{Acronym '#1' has not been defined}{}}{%
\acronymfont{\expandafter\expandafter\expandafter
\MakeUppercase\csname#1@nx@short\endcsname}}}
\newcommand{\ifacronymfirstuse}[3]{%
\@ifundefined{if#1first}{%
\PackageError{glossary}{Acronym '#1' not defined}{}}{%
\ifthenelse{\boolean{#1first}}{#2}{#3}}}
\newcommand{\resetacronym}[1]{%
\@ifundefined{if#1first}{%
\PackageError{glossary}{Acronym '#1' not defined}{}}{%
\ifglsglobal
\expandafter\global\csname #1firsttrue\endcsname
\else
\setboolean{#1first}{true}%
\fi}}
\newcommand{\unsetacronym}[1]{%
\@ifundefined{if#1first}{%
\PackageError{glossary}{Acronym '#1' not defined}{}}{%
\ifglsglobal
\expandafter\global\csname #1firstfalse\endcsname
\else
\setboolean{#1first}{false}%
\fi}}
\newcommand{\resetallacronyms}{%
\@for\@acr:=\@acr@list\do{\resetacronym{\@acr}}}
\newcommand{\unsetallacronyms}{%
\@for\@acr:=\@acr@list\do{\unsetacronym{\@acr}}}
\ifglsacronym
\newglossarytype[alg]{acronym}{acr}{acn}
\providecommand{\acronymname}{List of Acronyms}
\else
\let\acronym=\glossary
\let\xacronym=\xglossary
\fi
\ifglshyper
\def\glshyper#1#2{\@glshyper{#1}#2\delimR \delimR \\}
\def\@glshyper#1#2\delimR #3\delimR #4\\{%
\ifx\\#3\\%
\@delimNhyper{#1}{#2}%
\else
\@ifundefined{hyperlink}{#2\delimR #3}{%
\hyperlink{#1.#2}{#2}\delimR \hyperlink{#1.#3}{#3}}%
\fi
}
\def\@delimNhyper#1#2{\@@delimNhyper{#1}#2\delimN \delimN\\}
\def\@@delimNhyper#1#2\delimN #3\delimN #4\\{%
\ifx\\#3\\%
\@ifundefined{hyperlink}{#2}{\hyperlink{#1.#2}{#2}}%
\else
\@ifundefined{hyperlink}{#2\delimN #3}{%
\hyperlink{#1.#2}{#2}\delimN \hyperlink{#1.#3}{#3}}%
\fi
}
\newcommand\glshyperpage[1]{\glshyper{page}{#1}}
\newcommand\glshypersection[1]{\glshyper{section}{#1}}
\@ifundefined{chapter}
{}
{\let\@gls@old@chapter\@chapter
\def\@chapter[#1]#2{\@gls@old@chapter[{#1}]{#2}%
\@ifundefined{hyperdef}{}{\hyperdef{section}{\thesection}{}}}}
\providecommand\hyperrm[2][\gls@number]{%
\textrm{\glshyper{#1}{#2}}}
\providecommand\hypersf[2][\gls@number]{%
\textsf{\glshyper{#1}{#2}}}
\providecommand\hypertt[2][\gls@number]{%
\texttt{\glshyper{#1}{#2}}}
\providecommand\hyperbf[2][\gls@number]{%
\textbf{\glshyper{#1}{#2}}}
\providecommand\hyperit[2][\gls@number]{%
\textit{\glshyper{#1}{#2}}}
\providecommand\hyperem[2][\gls@number]{%
\emph{\glshyper{#1}{#2}}}
\providecommand\hyperup[2][\gls@number]{%
\textup{\glshyper{#1}{#2}}}
\providecommand\hypersl[2][\gls@number]{%
\textsl{\glshyper{#1}{#2}}}
\providecommand\hypersc[2][\gls@number]{%
\textsc{\glshyper{#1}{#2}}}
\providecommand\hypermd[2][\gls@number]{%
\textmd{\glshyper{#1}{#2}}}
\else
\providecommand\hyperrm[2][]{\textrm{#2}}
\providecommand\hypersf[2][]{\textsf{#2}}
\providecommand\hypertt[2][]{\texttt{#2}}
\providecommand\hypermd[2][]{\textmd{#2}}
\providecommand\hyperbf[2][]{\textbf{#2}}
\providecommand\hyperit[2][]{\textit{#2}}
\providecommand\hypersl[2][]{\textsl{#2}}
\providecommand\hyperup[2][]{\textup{#2}}
\providecommand\hypersc[2][]{\textsc{#2}}
\providecommand\hyperem[2][]{\emph{#2}}
\fi
\endinput
%%
%% End of file `glossary.sty'.

0
thesis_submission/mybib.bib → submission_thesis/mybib.bib
View File

43
submission_thesis/titlepage/titlepage.tex Normal file
View File

@ -0,0 +1,43 @@
% Title page
% ----------
%
%\middlefoot{ } % No page number on title page
\begin{center}
\pagenumbering{roman} % Lower case roman page numbers
{\LARGE \bf Failure Mode Modular De-Composition }
\vspace{2.15in}
{ \bf A mathematical methodology to model and analyse safety critical integrated mechanical/electronic/software systems }
\vspace{1.15in}
{\LARGE \bf Brighton University }
\vspace{0.3in}
{\bf PhD Thesis}
\vspace{1.0in}
{\large Version 1.0 \today }
\vspace{0.2in}
{\large Author : R.P. Clark - 2010 }
\end{center}
\vspace{1.0in}
\begin{verbatim}
Robin Clark
68 Vale Avenue,
Brighton,
East Sussex
\end{verbatim}
%

0
thesis_submission/vmgbibliography.bib → submission_thesis/vmgbibliography.bib
View File

762
thesis_submission/CH1_introduction/copy.tex
View File

@ -1,762 +0,0 @@
%
% Structure to introduction
%
%
% Application Area - safety critical controllers - define safety critical - describe
% approval processes - describe static testing
%
% Now start looking at the philosophy of making PEC's
% safer. Describe what can and cannot be done.
%
% Point out errors in currently used techniques.
% Bottom-up vs. top down discussion
%
% No current common notation for static testing that models both software and hardware
%
% How a new methodology should plug these gaps
%
%
\section{Introduction}
%% $$ \int_{0\-}^{\infty} f(t).e^{-s.t}.dt \; | \; s \in \mathcal{C}$$
\paragraph{Scope of thesis}
This thesis describes the application of, a common notation mathematical notation to
describe the design of safety critical systems/PEC's from the perspective of failure modes.
The initial motivation for this study was to create a system
applicable to industrial burner controllers\footnote{Burner Controllers cover the disciplines of
combustion, high pressure steam and hot water, mechanical control, electronics and embedded software.}.
The methodology developed was designed to cope with
both the deterministic\footnote{Deterministic failure mode analysis, traces failure mode effects at the SYSTEM level to lower level causes in components or sub-systems.} and probablistic approaches
\footnote{Probabilistic failure mode analysis tries to determine the probability of given SYSTEM failure modes, and from these
can determine an overall failure rate, in terms of probability of failure on demand, or failure in time (or Mean Time to Failure (MTTF).}.
\glossary{name={safety critical},description={A safety critical system is one in which its failure may result in death or serious injury to humans, an environmental catastrophe or severe loss or damage}}
\fmodegloss
\pecgloss
\paragraph{Initial Perspective for thesis}
My initial work on this area~\cite{robin-paper2004} was to use Euler/Spider~\cite{spider}
diagrams to represent failure modes. Euler circles represented failure modes, the feet of the spiders represented test cases
(i.e. instances of the failure mode occurring for examination),
and could therefore model multiple failure modes
and the spiders (or joining lines) represented the symptom abstraction process.
A spider thus determined a common symptom which was caused by one or mode component failure modes.
% At the 6 year point in this part time PhD I was finally appointed an electrical engineer.
% and the process of writing a paper for presentation as a result of this
% di-graphs instead were chosen.
As a by-product of writing a paper~\cite{iet2011}, it became apparent
that we could
%it was decided to
restrict the scope of the thesis to modularising FMEA
processes, and to restrict the examples examined to the domain of electronics only.
\footnote{Because FMEA deals with failure modes, in a static context---and all base components, whether mechanical, electrical
or software always have sets of failure modes associated with them---it should
be possible to apply it across all domains, and thus model integrated mechanical/electrical/software systems.}
The initial motivation to use spider diagrams, was that they presented a formal
language in an intuitive and easy to use visual representation.
Work on represnting failure modes, test cases and symptoms of failure
has been placed in appendix~\ref{spiderfmmd}.
\paragraph{Safety Critical Controllers, knowledge and culture sub-disiplines}
The maturing of the application of the programmable electronic controller (PEC)
for a wide range safety critical applications, has led to a fragmentation of sub-disciplines
which speak imperfectly to one another.
This is because
the main three engineering disciplines, Electrical, Software and Mechanical Engineering
produced equipment that was interfaced a a later time.
Just as electronic circuitry becomes more integrated, and sub-domains
of electrical engineering (analog and digital for instance) are commonly found along-side on the same chip,
so modern PEC's are becoming more and more integrated and now typically encompass
input from the three engineering disciplines\footnote{Consider an aircraft, this involves expert knowledge from
Software, Electronic and Mechanical Engineering and requires a high degree of safety validation}.
Additional disiplines are defined by application area of the PEC. All of these sub-disciplines
are in turn split into even finer units.
The practitioners of these fields tend to view a PEC in different ways.
Discoveries and culture in one field diffuse only slowly into the consciousness of a specialist in another.
Too often, one discipline's unproven assumptions or working methods, are treated as firm boundary conditions
for an overlapping field.
For failure mode analysis a common notation, across disciplines is a very desirable and potentially useful
tool.
\paragraph{Safety Assessment/analysis of PEC's}
\glossary{name={safety assessment},description={A critical appraisal, typically following legal or formal guidelines, which will encompass design, and failure effects analysis}}
For a anyone responsible for ensuring or proving the safety of a PEC must be able
to understand the process being controlled, the mechanical and electrical
sensors and actuators and the software. Not only must the
safety engineer understand more than four potential disciplines, he/she
must be able to trace failure modes of components to SYSTEM levels failure modes,
and classify these according to their criticality.
\paragraph{Desire to introduce formal methods to static failure mode analysis}
There has been much work introducing formal methods into
the requirements and validation phases of electromechanical systems.
Apart from the ability to check, precisely, that what ha been
build behaves correctly and as requested, the process
of formal specification ensures that all important details are analysed
and looked at in detail.
It is an aim of this project to bring formal methods to
static failure mode analysis. This means being able to account for every base
component failure mode in a model, and to be able to represent
mechanical, electrical and software components in a single failure mode model.
\paragraph{Desirability of a common failure mode notation}
Having a common failure mode notation across all disciplines in a project
would allow all the specialists to prepare failure mode
analysis and then bring them together to model the PEC.
\paragraph{Visual form of the notation}
The visual notation developed was initially designed for electronic fault modelling.
This notation deals with failure modes of components using concepts derived from
Euler and Spider diagrams.
However, as the notation dealt with generic failure modes, it was realised that it could be applied to
mechanical and software domains as well.
This changed the target for the study slightly to encompass these three domains in a common notation.
\paragraph{PEC's: Legal and Insurance Issues}
In most safety critical industries the operators of plant have to demonstrate a through consideration of safety.
There is also usually a differentiation between the manufacturers
and the the plant operators.
The manufacturers have to ensure
that the device is adequately safe for use in its operational context.
This usually means conforming to device specific standards~\footnote{in Europe, conformance to European Norms (EN) are legal requirements
for specific types of controllers, and in the USA conformance to Underwriters Laboratories (UL) standards
are usually a minimum requirement to take out insurance}, and offering training
of operators.
Operators of safety critical plant are concerned with maintenance and legal obligations for
periodic safety checks (both legal and insurance driven).
\section{Background}
I completed an MSc in Software engineering in 2004 at Brighton University while working for
an Engineering firm as an embedded `C' programmer.
The firm specialise in industrial burner controllers.
Industrial Burners are potentially very dangerous industrial plant.
They are generally left running unattended for long periods.
They are subject to stringent safety regulations and
must conform to specific `EN' standards.
For a non-safety critical product one can merely comply with the standards, and `self~certify' by applying a CE mark sticker.
Safety critical products are categorised and listed. These require
certification by an independent and `competent body' recognised under European law.
The certification process typically involves stress testing with repeated operation cycles
over a specified a range of temperatures, electrical stress testing with high voltage interference,
power supply voltage ranges with surges and dips, electro static discharge testing, and
EMC (Electro Magnetic Compatibility). A significant part
of this process however, is `static testing'. This involves looking at the design of the products,
from the perspective of environmental stresses, natural input fault conditions\footnote{For instance in a burner controller, the gas supply pressure reducing},
components failing, and the effects on safety this could have.
Some static testing involves checking that the germane `EN' standards have
been complied with\footnote{for instance protection levels of an enclosure for the device, or down rating of electrical components}.
Failure Mode Effects Analysis (FMEA) was also applied. This involved
looking in detail at selected critical sections of the product and proposing
component failure scenarios.
For each failure scenario proposed either a satisfactory
answer was required, or a counter proposal to change the design to cope with
a theoretical component failure eventuality.
FMEA was time consuming, and being directed by
experts undoubtedly ironed out many potential safety faults before the product saw
light of day.
However it was quickly apparent that only a small proportion
of component~failure modes was considered\footnote{The small proportion of components chosen for approvals FMEA
were generally those in critical sections of the PEC}. Also there was no formalism.
The component~failure~modes investigated were not analysed within
any rigorous or mathematically proven framework.
\subsection{ Blanket Risk Reduction Approach }
The suite of tests applied for a certified product amount to a `blanket' approach.
That is to say that by applying electrical, repeated operations, and environmental
stress testing it is hoped that the majority of latent faults are discovered.
The FMEA and static testing only looked at the most obviously safety critical
aspects, and a small minority of the total component base for a product.
Systemic faults, or mistakes are missed by this form of static testing.
\subsection{Possibility of applying mathematical techniques to FMEA}
My MSc project was a diagram editor for Constraint diagrams.
I wanted to apply constraint diagram techniques to FMEA
and began thinking about how this could be done. One
obvious factor was that a typical safety critical system could
have more than 1000 component parts. Each component
would typically have several failure modes.
Trying to apply a rigorous methodology on an entire product
was going to be impractical. To do this with complete coverage
each component failure mode would have to have been checked against
the other thousand or so components for influence, and then
a determination of the effects on the system would have had to have been
made. Thus millions of checks would have to have been performed, and
as FMEA is an `expert only' time consuming technique, this idea was
obviously impractical. Note that most of the checks made would be redundant.
Most components affect the performance of a few that they are placed to work with
to perform some particular low-level function.
\paragraph{Top down Approach}
A top down approach has several potential problems.
By its nature it means that at the start of the process
a set of system or top level faults or undesirable outcomes are defined.
It then must break the system down into modules and
decide which of these can contribute to a system level fault mode.
Potentially failure modes, be they from components or the interaction
between modules can be missed. A disturbing example of this
is the NASA space shuttle in 1986, which missed the fault mode of an O
ring. This was made even worse, by the fact that the `O' ring had a specified temperature
range where the probability of this fault occurring was dramatically raised when below
the temperature range. This was a known and documented feature of a safety critical component
and it was ignored in the safety analysis.
\paragraph{Bottom-up Approach}
A bottom-up approach looked impractical at first due to the sheer number
of component failure modes in a typical system.
However were this bottom-up approach to be modular, (reducing the order of cross checking), and build a hierarchal
of modules rising up until all components are covered, we
can model an entire complex system.
This is the core concept behind this study.
By working from the bottom up, at the lowest level taking the
smallest functional~groups of components
and analysing these, we can obtain a set of failure modes
for the functional~groups. We can then treat these
as `higher level' components and combine them
to form new `functional~groups'.
In this way all failure modes from all components must be at the very least considered.
Also a hierarchy is formed when the top level errors are formed
naturally from the lower levels of analysis.
Unlike a top~down analysis, we cannot miss a top level fault condition.
\paragraph{Repeated Circuitry Sub-Systems}
In all safety critical real time systems the author has worked with
all have repeated sections of hardware.
for instance self checking digital inputs, analog inputs, sections of circuitry to
generate {\ft} loops, micro-processors with watchdog~\cite{embupsys}[pp.81] secondary
circuity.
In other words spending time on analysing these lower level sub-systems
seems worthwhile, since they will be used in many designs, and are often
repeated within a SYSTEM
(and thus the analysis results may be re-used).
In general terms we can describe
these circuitry sub-systems
as collections of components or smaller sub-systems, that interact to perform a given function.
We can call these collections {\fg}s.
In these `safety critical' circuitry sections, especially ones claiming to
be self-checking, the actual level of safety depends upon not
just the MTTF/reliability of the components, but the
{\fg}s reaction to a component failure
within the ciruit.
That is to say how the circuit section or {\fg}
reacts to component failures within it.
We may find for instance that the circuit reacts to most component failure modes
in ways that we can detect that there has been a failure.
Some can component failure modes in the {\fg} can lead to serious errors, such as an incorrect reading
that we cannot immediately detect.
%
We will, if these specific component
failures occur, not know and feed incorrect data into our system.
%
Figure \ref{fig:millivolt} shows a typical industrial
circuit to measure and amplify millivolt signals.
It will detect a disconnected Milli-volt source (the most common
failure, and usually due to wiring faults) and some other internal component failures.
It can however provide an incorrect (slightly low reading) if
one of two resistors fail in particular ways.
% Although statistically unlikely, in a very critical system
% this may have to be considered.
To the author, it seems that paying attention
to the way {\fg}s of components interact and proving
a safety case for them is a very important aspect
of detecting `undetected failures' in safety critical product design.
\paragraph{Multi-disipline} Most safety critical systems are composed of mechanical, electrical and
computing elements. A tragic example of the mechanical and electrical elements
interfacing to a computer is found in the THERAC25 x-ray dosage machine.
With no common notation to integrate the safety analysis between the electrical/mechanical and computing
domains, synchronisation errors occurred that were in some cases fatal.
The interfacing between the hardware and software for the THERAC-25 was not considered
in the design phase.
Niel Story in the formal methods chapter of "safety critical computer systems"
describes the different formal languages suitable for hardware and software and
bemaons the fact that no single language is suitable for for such a broad range of tasks \cite{sccs}[pp. 287].
\paragraph{Requirements for a rigorous FMEA process}
It was determined that any process to apply
FMEA in rigorous and complete (in terms of complete component coverage) had to be
a bottom~up process to eliminate the possibility of missing component failure modes.
It also had to naturally converge to a failure model of the system.
It had to take potentially thousands of component failure modes and simplify
these into system level errors.
To analyse the large number of component failure modes, and resolve these to perhaps a handful
of system failure modes, would require
a process of modularisation from the bottom~up.
\begin{list}{$*$}{}
\item The analysis process must be `bottom~up'
\item The process must be modular and hierarchical
\item The process must be multi-discipline and must be able to represent hardware, electronics and software
\end{list}
\section{Safety Critical Systems}
\glossary{name={safety critical},description={A safety critical system is one in which its failure may result in death or serious injury to humans, an environmental catastrophe or severe loss or damage}}
%
%How safe is "safe"?
%The word "safety" is too general—it really doesn't mean anything definitive. Therefore, we use terms such as safety-related and safety-critical.
%
%A safety-related device provides or ensures safety. It is required for machines/vehicles, which cause bodily harm or death to human being when they fail. A safe state can be defined (in other words, safety-related). In case of a buzz saw, this could be a motor that seizes all movements immediately. The seizure of movement makes the machine safe at that moment. IEC 61508 defines the likelihood of failures of this mechanism, the Safety Integrity Levels (SIL). SIL 3 is defined as the likelihood of failing less than 10-7% per hour. This is a necessary level of safety integrity for products such as lifts, where several people's lives are endangered. The buzz saw is likely to require SIL 2 only, it endangers just one person.
%
%Safety-critical is a different matter. To understand safety-critical imagine a plane in flight: it is not "safe" to make all movement stop since that would make the plane crash. A safe state for a plane is in the hangar, but this is not an option when you're in flight. Other means of ensuring safety must be found. One method used in maritime applications is the "CANopen flying master" principle, which uses redundancy to prevent failure. For the above example an SIL 4, meaning likelihood of failing less than 10-8% per hour is necessary. This is also true for nuclear power station control systems, among other examples.
%
\subsection{General description of a Safety Critical System}
A safety critical system is one in which lives may depend upon it or
it has the potential to become dangerous\cite{sccs}.
%(/usr/share/texmf-texlive/tex/latex/amsmath/amstext.sty)
%An industrial burner is typical of plant that is potentially dangerous.
%An incorrect air/fuel mixture can be explosive.
%Medical electronics for automatically dispensing drugs or maintaining
%life support are examples of systems that lives depend upon.
\subsection{Two approaches : Probabilistic, and Deterministic}
There are two main philosophies applied to safety critical systems certification.
\paragraph{Probablistic safety Measures}
One is a general number of acceptable failures per hour\footnote{The common metric is Failure in Time (FIT) values - failures per ${10}^{9}$
hours of operation} of operation or
a given statistical failure on demand.
This is the probablistic approach and is embodied in the European Standard
EN61508 \cite{en61508} (international standard IOC1508).
\glossary{name={deterministic},description={Deterministic in the context of failure mode analysis, traces the causes of SYSTEM level events to base level component failure modes}}
\glossary{name={probablistic},description={Probablistic in the context of failure mode analysis, traces the probability of base level failure modes causing of SYSTEM level events/failure modes}}
\fmodegloss
\paragraph{Deterministic safety Measures}
The second philosophy, applied to application specific standards, is to investigate
components for sub-systems in the critical safety path and to look at component failure modes
and ensure that they cannot cause dangerous faults.
%With the application specific standards detail
%specific to the process are
The simplest deterministic safety measure is to require that no single component failure
mode can cause a dangerous error.
This philosophy is first mentioned in aircraft safety operation reseach (WWII)
studies. Here potential single faults (usually mechanical) were traced to
catastrophic failures \cite{boffin}.
EN298, the European Gas burner standard, goes further than this
and requires that no two single component faults may cause
a dangerous condition.
%
% \begin{example}
% \label{exa1}
% Test example
% \end{example}
%
% And that is example~\ref{exa1}
\subsection{Overview of regulation of safety Critical systems}
Reference chapter dealing specifically with this but given a quick overview.
\subsubsection{Overview system analysis philosophies }
- General safety standards
- specific safety standards
\subsubsection{Overview of current testing and certification}
Ref chapter specifically on this but give an overview now
A modern industrial burner has mechanical, electronic and software
elements, that are all safety critical. That is to say
unhanded failures could create dangerous faults.
%To add to these problems
%Operators are often under pressure to keep them running. An boiler supplying
%heat to a large greenhouse complex could ruin crops
%should it go off-line. Similarly a production line relying on heat or steam
%can be very expensive in production down-time should it fail.
%This places extra responsibility on the burner controller.
%
%
% This needs to become a chapter
%\subsection{Mechanical components}
%describe the mechanical parts - gas valves damper s
%electronic and software
%give a diagram of how it all fits A
%together with a
%\subsection{electronic Components}
%
%\subsection{Software/Firmware Components}
%
%
%\subsection{A high level Fault Hierarchy for an Industrial Burner}
%
%This section shows the component level, leading up higher and higher in the abstraction level
%to the software levels and finally a top level abstract level. If the system has been
%designed correctly no `undetected faults' should be present here.
%
\section{An Outline of the FMMD Technique}
{\fmmdgloss}
%\glossary{name={FMMD},description={Failure Mode Modular De-Composition}}
The FMMD methodology takes a bottom up approach to
the design of an integrated system.
%
Each component is assigned a well defined set of failure modes.
The system under inspection is then searched for functional groups of components that
perform simple well defined tasks.
These functional groups are analysed with respect to the failure modes of the
components.
%
The `functional group', after analysis, has its own set of derived
failure modes.
\fmodegloss
%
The number of derived failure modes will be
less than or equal to the sum of the failure modes of all its components.
%
%
A `derived' set of failure modes, is at a higher abstraction level.
%
Thus we can now treat our `functional group' as a component in its own right,
with its own set of failure~modes. We can create
a `derived component' and assign it the derived failure modes as analysed from the `functional group'.
%
Derived Components may now be used as building blocks, to model the system at
ever higher levels of abstraction, building a hierarchy until the top level is reached.
%
Any unhandled faults will appear at this top level and will be `un-resolved'.
A formal description of this process is dealt with in Chapter \ref{fmmddefinition}.
%
%
%This principally focuses
%on simple control systems for maintaining temperature
%and for industrial burners. It is hoped that a general mathematical
%framework is created that can be applied to other fields of safety critical engineering.
\subsection{Automated Systems and Safety}
Automated systems, as opposed to manual ones are now the norm
in the home and in industry.
%
Automated systems have long been recognised as being more efficient and
more accurate than a human operator, and the reason for automating a process
can now be more likely to be cost savings due to better efficiency
than a not paying a salary to a human operator \ref{burnereffency}.
%
For instance
early automated systems were mechanical, with cams and levers simulating
control functions.
%
A typical control function could be the
fuel air mixture profile curves over a the firing range.
%
Because fuels vary slightly in calorific value, and air density changes with the weather, no optimal tuning can be optional.
In fact for aesthetic reasons (not wanting smoke to appear at the flue)
the tuning was often air rich, causing air to be heated and
unnecessarily passed through the burner, leading to direct loss of energy.
An automated system analysing the combustion gases and automatically
adjusting the fuel air mix can get the efficiencies very close to theoretical levels.
As the automation takes over more and more functions from the human operator it also takes on more responsibility.
A classic example of an automated system failing, is the therac-25.
This was an X-ray/electron~beam dosage machine, that, due to software errors
caused the deaths of several patients and injured more during the 1980's.
The Therac-25 was a designed from a manual system, which had checks and interlocks,
and was subsequently computerised. Software safety interlock problems were the primary causes of the radiation
overdoses.
\cite{safeware}[App. A]
Any new safety critical analysis methodology should
be able to model software, electrical and hardware faults using
a common notation.
Ideally the tool should be automated so that it can
seamlessly analyse the entire system, and apply
rigorous checking to ensure that no
fault conditions are missed.
% http://en.wikipedia.org/wiki/Autopilot
\paragraph{Importance of self checking}
To take an example of an Aircraft Autopilot, simple early devices\footnote{from the 1920's simple aircraft autopilots were in service},
prevented the aircraft straying from a compass bearing and kept it flying straight and level.
Were they to fail the pilot would notice quite quickly
and resume manual control of the bearing.
Modern autopilots control all aspects of flight including the engines, take off and landing phases.
The automated system do not have the
common sense of a human pilot; and if fed the incorrect sensory information
can make horrendous mistakes. This means that simply reading sensors and applying control
corrections cannot be enough.
Checking for error conditions must also be incorporated.
Equipment can also develop an internal faults, and strategies
must be in-place to firstly recognise internal faults,
and then cope with them in the safest possible way.
\begin{figure}[h]
\centering
\includegraphics[width=300pt,keepaspectratio=true]{introduction/mv_opamp_circuit.png}
% mv_opamp_circuit.png: 577x479 pixel, 72dpi, 20.35x16.90 cm, bb=0 0 577 479
\caption{Milli-Volt Amplifier with added Safety Resistor (R18)}
\label{fig:millivolt}
\end{figure}
% \begin{figure}[h]
% \centering
% \includegraphics[width=300pt,bb=0 0 678 690,keepaspectratio=true]{introduction/mv_opamp_circuit.png}
% % mv_opamp_circuit.png: 678x690 pixel, 72dpi, 23.92x24.34 cm, bb=0 0 678 690
% \caption{Milli-volt amplifier with added safety Resistor}
% \label{fig:millivolt}
% \end{figure}
%
% %5
% \begin{figure}
% \vskip 7cm
% \special{psfile=introduction/millivoltsensor.ps hoffset=0 voffset=0 hscale=35 vscale=35 }\caption[Milli-Volt Sensor with safety resistor]{
% Milli-Volt Sensor with safety resistor
% \label{fig:millivolt}}
% \end{figure}
\paragraph{Component added to detect errors}
The op-amp in the circuit in figure \ref{fig:millivolt}, supplies a gain of $\approx 184$ \footnote{
applying formula for non-inverting op-amp gain\cite{aoe} $\frac{150 \times 10^3}{820}+ 1 \approx 184$ }.
The safety case here is that
any amplified signal between a range say, of 0.5 and 4 volts on the ADC will be considered in range.
This means that between 3mV and 21mV on the input correctly amplified
can be measured.\footnote{this would be a typical thermocouple amplifier circuit where milli-volt signals
are produced by the Seebeck effect\cite{aoe}}
Should the sensor become disconnected the input will drift up due to the safety resistor $R18$.
This will cause the opamp to supply its maximum voltage, telling the system the sensor reading is invalid.
Should the sensor become shorted, the input will fall below 3mV and the op amp will
supply a voltage below 0.5. Note that the sensor breaking and becoming open, or
becoming disconnected is the `Raison d'être' of this safety addition.
This circuit would typically be used to amplify a thermocouple, which typically
fails by going open circuit.
It {\em does}
detect several other failure modes of this circuit and a full analysis is given in appendix \ref{mvamp}.
\fmodegloss
% Note C14 shorting is potentially v dangerous could lead to a high output by the opamp being seen as a
% low temperature.
%
\paragraph{Self Checking}
This introduces a level of self checking into the system.
Admittedly this is the simplest failure mode scenario (that the
sensor is not wired correctly or has become disconnected).
%
This safety resistor has a side effect, it also checks for internal errors
that could occur in this circuit.
Should the input resistor $R22$ go OPEN this would be detected.
Should the gain resistors $R30$ or $R26$ go OPEN or SHORT a fault condition will be detected.
%
\paragraph{Not rigorous, but tested by time}
This is a typical example of an industry standard circuit that has been
thought through, and in practise works and detects most commonly encountered failure modes.
But it is not rigorous: it does not take into account every failure
mode of every component in it.
However it does lead on to an important concept of three main states of a safety critical system.
%
\paragraph{Working, safe fault mode, dangerous fault mode}
We can say that a safety critical system may be said to have three distinct
overall states.
Operating normally, operating in a safe mode with a fault, and operating
dangerously with a fault.
%
The main role of the system designers of safety critical equipment should be
to reduce the possibility of this last condition.
% Software plays a critical role in almost every aspect facet of our daily lives - from , to driving our cars, to working in our offices.
% Some of these systems are safety-critical.
% Failure of software could cause catastrophic consequences for human life.
% Imagine the antilock brake system (ABS) in your car.
% A software failure here could render the ABS inoperable at a time when you need it most.
% For these types of safety-critical systems, having guidelines that define processes and
% objectives for the creation of software that focus on software quality, or the ability
% to use software that has been developed under this scrutiny, has tremendous value
% for developers of safety-critical systems.
\section{Motivation for developing a formal methodology}
A feature of some newer safety critical systems standards,
including the gas burner standard EN298~\cite{en298}[Section 9]
is to demand,
at the very least that single failures of hardware
or software cannot
create an unsafe condition in operational plant. Further to this
a second fault introduced, must not cause an unsafe state, due
to the combination of both faults.
\vskip 0.3cm
This sounds like an entirely reasonable requirement. But to rigorously
check the effect a particular component fault has on the system,
we could check its effect on all other components.
Should a diode in the power supply fail in a particular way, by perhaps
introducing a ripple voltage, we should have to look at all components
in the system to see how they will be affected.
%However consider a typical
%small system with perhaps 1000 components each
%with an average of say 5 failure modes.
Thus, to ensure complete coverage, each of the effects of
the failure modes must be applied
to all the other components.
Each component must be checked against the
failure modes of all other components in the system.
Mathematically with components as 'c' and failure modes as 'Fm'.
\equation
\label{crossprodsingle}
checks = \{ \; (Fm,c) \; \mid \; \stackrel{\wedge}{c} \; \neq \; c \}
\endequation
Where demands
are made for resilience against two
simultaneous failures this effectively squares the number of checks to make.
\equation
\label{crossproddouble}
doublechecks = \{ \; (Fm_{1},Fm_{2},c) \; \mid \\ \; c_{1} \; \neq \; c_{2} \; \wedge \; Fm_{1} \neq Fm_{2} \; \}
\endequation
If we consider a system which has a total of
$N$ failure modes (see equation \ref{crossprodsingle}) this would mean checking a maximum of
\equation
NumberOfChecks = \frac{N ( N-1 )}{2}
\endequation
for individual component failures and their effects on other components when they fail.
For a very small system with say 1000 failure modes this would demand a potential of 500,000
checks for any automated checking process.
\vskip 0.3cm
European legislation\cite{en298} directs that a system must be able to react to two component failures
and not go into a dangerous state.
\vskip 0.3cm
This raises an interesting problem from the point of view of formal modelling. Here we have a binary cross product of all components
(see equation \ref{crossproddouble}).
This increases the number of checks greatly. Given that the binary cross product is $ (N^{2} - N)/2 $ and has to be checked against the remaining
$(N-2)$ components.
\equation
\label{numberofchecks}
NumberOfchecks = \frac{(N^{2} - N) ( N - 2)}{2}
\endequation
Thus for a 1000 failure mode system, roughly a half billion possible checks would be required for the double simultaneous failure scenario.
This astronomical number of potential combinations, has made formal analysis of this
type of system, up until now, impractical. Fault simulators %\cite{sim}
are commonly used for the gas certification process. Thus to
manually check this number of combinations of faults is in practise impossible.
A technique of modularising, or breaking down the problem is clearly necessary.
\section{Famous Examples of disasters caused by missed component errors}
\subsection{Challenger Disaster}
One question that anyone developing a safety critical analysis design tool
could do well to answer, is how the methodology would cope with known previous disasters.
The Challenger disaster is a good example, and was well documented and investigated~\cite{challenger}.
The problem lay in a seal that had an operating temperature range.
On the day of the launch the temperature of this seal was out of range.
A bottom up safety approach would have revealed this as a fault.
The FTA in use by NASA and the US Nuclear regulatory commission
allows for environmental considerations such as temperature\cite{nasafta}\cite{nucfta}.
But because of the top down nature of the FTA technique, the safety designer must be aware of
the environmental constraints of all component parts in order to use this correctly.
This element of FTA is discussed in \ref{surveysc}
\subsection{Therac 25}
The therac-25 was a computer controlled radiation therapy machine, which
overdosed 6 people between 1985 and 1987.
An earlier computerised version of the therac-25 (the therac-20) used the same software but kept the
hardware interlocks from the previous manual operation machines. The hardware interlocks
on the therac-20 functioned correctly and the faulty software in it caused no accidents.
A safety study for the device, using Fault Tree Analysis % \cite{nucfta}
carried out in 1983
excluded the software \cite{safeware}[App. A].
\section{Practical problems in using formal methods}
%% Here need more detail of what therac 25 was and roughly how it failed
%% with refs to nancy
%% and then highlight the fact that the safety analysis did not integrate software and hardware domains.
\subsection{Problems with Natural Language}
Written natural language descriptions can not only be ambiguous or easy to misinterpret, it
is also not possible to apply mathematical checking to them.
A mathematical model on the other hand can be checked for
obvious faults, such as tautologies and contradictions, but also
intermediate results can be extracted and these checked.
Mathematical modeling of systems is not new, the Z language
has been used to model physical and software systems\cite{ince}. However this is not widely
understood or studied even in engineering and scientific circles.
Graphical techniques for representing the mathematics for
specifying systems, developed at Brighton and Kent university
have been used and extended by this author to create a methodology
for modelling complex safety critical systems, using diagrams.
This project uses a modified form of Euler diagram used to represent propositional logic.
%The propositional logic is used to analyse system components.
\section{Determining Component Failure Modes}
\subsection{Electrical}
Generic component failure modes for common electrical parts can be found in MIL1991.
Most modern electrical components have associated data sheets. Usually these do not explicitly list
failure modes.
% watch out for log axis in graphs !
\subsection{Mechanical}
Find refs
\subsection{Software}
Software must run on a microprocessor/micro-controller, and these devices have a known set of failure modes.
The most common of these are RAM and ROM failures, but bugs in particular machine instructions
can also exist.
These can be checked for periodically.
Software bugs are unpredictable.
However there are techniques to validate software.
These include monitoring the program timings (with watchdogs~\cite{embupsys}[pp.81] and internal checking)
applying validation checks (such as independent functions to validate correct operation).
\subsection{Environmentally determined failures}
Some systems and components are guaranteed to work within certain environmental constraints,
temperature being the most typical. Very often what happens to the system outside that range is not defined.
\section{Project Goals}
\begin{itemize}
\item To create a Bottom up FMEA technique that permits a connected hierarchy to be
built representing the fault behaviour of a system.
\item To create a procedure where no component failure mode can be accidentally ignored.
\item To create a user friendly formal common visual notation to represent fault modes
in Software, Electronic and Mechanical sub-systems.
\item To formally define this visual language in concrete and abstract domains.
\item To prove that the derived~components used to build the hierarchies
provide traceable fault handling from component level to the
highest abstract system 'top level'.
\item To formally define the hierarchies and procedure for building them.
\item To produce a software tool to aid in the drawing of diagrams and
ensuring that all fault modes are addressed.
\item to provide a data model that can be used as a source for deterministic and probabilistic failure mode analysis reports.
\item To allow the possibility of MTTF calculation for statistical
reliability/safety calculations.
\end{itemize}