diff --git a/submission_thesis/CH1_introduction/copy.tex b/submission_thesis/CH1_introduction/copy.tex index 60c8f59..4076916 100644 --- a/submission_thesis/CH1_introduction/copy.tex +++ b/submission_thesis/CH1_introduction/copy.tex @@ -14,7 +14,7 @@ Blanket measures, RAM ROM checks, EMC, electrical and environmental stress testi \subsection{Practical limitations of testing for certification vs. rigorous approach} State explosion problem considering a failure mode of a given component against -all other components in the system i.e. an exponential (2^N) order of processing resource rather than a ploynomial i.e. N^2. +all other components in the system i.e. an exponential ($2^N$) order of processing resource rather than a polynomial i.e. $N^2$. Impossible to perform double simultaneous failure analysis (as demanded by EN298~\cite{en298}). diff --git a/submission_thesis/CH5_Examples/Makefile b/submission_thesis/CH5_Examples/Makefile index 9d7ef40..9670a12 100644 --- a/submission_thesis/CH5_Examples/Makefile +++ b/submission_thesis/CH5_Examples/Makefile @@ -7,7 +7,7 @@ PNG_DIA = blockdiagramcircuit2.png bubba_oscillator_block_diagram.png circuit1 tree_abstraction_levels.png vrange.png sigma_delta_block.png ftcontext.png ct1.png hd.png \ sigdel1.png sdadc.png bubba_euler_1.png bubba_euler_2.png eulersd.png eulersdfinal.png \ eulerfivepole.png eulerswhw.png context_diagram_PID.png context_diagram2_PID.png context_software.png \ - context_calltree.png euler_afferent_PID.png + context_calltree.png euler_afferent_PID.png euler_heater_output.png euler_led_output.png diff --git a/submission_thesis/CH5_Examples/euler_heater_output.dia b/submission_thesis/CH5_Examples/euler_heater_output.dia new file mode 100644 index 0000000..b68b9f7 Binary files /dev/null and b/submission_thesis/CH5_Examples/euler_heater_output.dia differ diff --git a/submission_thesis/CH5_Examples/euler_led_output.dia b/submission_thesis/CH5_Examples/euler_led_output.dia new file mode 100644 index 0000000..e4a28a1 Binary files /dev/null and b/submission_thesis/CH5_Examples/euler_led_output.dia differ diff --git a/submission_thesis/CH5_Examples/software.tex b/submission_thesis/CH5_Examples/software.tex index e3ff6c7..9f12d4e 100644 --- a/submission_thesis/CH5_Examples/software.tex +++ b/submission_thesis/CH5_Examples/software.tex @@ -821,6 +821,7 @@ Identified electronic components: \item Pt100 --- Pt100 Temperature sensor, as analysed in section~\ref{sec:Pt100}. \item PWM --- Internal micro controller pulse width modulation module \item micro-controller --- the medium for running the software + \item setLEDs --- Set status indication LEDs via GPIO \end{itemize} @@ -882,8 +883,10 @@ Identified Software Components: \item --- output\_control (which sets the PWM hardware according to the PID demand value) \end{itemize} With the call tree structure defined (see figure~\ref{fig:context_calltree}), we can now analyse these -components from the bottom-up, starting with the electronics. +components from the bottom-up, starting with the afferent flow, the reading in of the temperature and its conversion +to a PID calculated heater output demand. +\subsubsection{Afferent flow FMMD analysis , Pt100, temperature, set point error, PID output demand.} We start with the afferent flow from the Pt100. %with the software, and consider the hardware elements %used (if any) by each software function. @@ -1118,6 +1121,181 @@ We have now modelled the the software call tree for the afferent flow, we repre Two call tree branches remain. The LED indication branch and the PWM/heater output. +\subsubsection{Efferent flow, PID demand value to PWM output} + +The monitor function calls the output\_control function with the PID demand. +The output\_control function then sets the PWM hardware register, which causes the mark space output of the PWM module to +apply the demanded power. We form a {\fg} with the Heating element, a PWM module and the output\_control function to model this branch +of the efferent flow. We apply FMMD analysis to this {\fg} in table~\ref{tbl:heateroutput}. +For the output\_control function, we have a pre-condition that the PWM module is +configured and working, and has the correct clock frequency. + A second pre-condition is that the heating element is connected and working. +The post condition is that is sets the correct value into the PWM register +to implement the PWM demand. + +{ +\tiny +\begin{table}[h+] +\caption{ HeaterOutput: Failure Mode Effects Analysis} % title of Table +\label{tbl:heateroutput} + +\begin{tabular}{|| l | c | l ||} \hline +% \textbf{Failure} & \textbf{failure} & \textbf{Symptom} \\ +% \textbf{Scenario} & \textbf{effect} & \textbf{RADC } \\ \hline + \hline + \textbf{Failure} & \textbf{Failure } & \textbf{Derived Component} \\ + \textbf{cause} & \textbf{Effect} & \textbf{Failure Mode} \\ + + + \hline + FC1: $ PWM stuck HIGH $ & pre-condition violated & HeaterOnFull \\ + & PWM module not working & \\ \hline + + + FC2: $ PWM stuck LOW $ & pre-condition violated & HeaterOff \\ + & PWM module not working & \\ \hline + + FC3: $ output\_control$ wrong value & The software supplies the wrong & HeaterOutputIncorrect \\ + & value to the PWM register & \\ \hline + + + FC4: HEATER $SHORT$ & heating element resistor & HeaterOff \\ + & SHORT no heating effect & \\ \hline + + + FC5: HEATER $OPEN $ & heating element resistor & HeaterOff \\ + & OPEN no heating effect & \\ \hline + +\end{tabular} +\end{table} +} + +We now create a {\dc} called HeaterOutput +with the following failure modes: +$$fm(HeaterOutput) = \{ HeaterOnFull, HeaterOff, HeaterOutputIncorrect \}$$ + + + +\begin{figure}[h] + \centering + \includegraphics[width=300pt]{./CH5_Examples/euler_heater_output.png} + % euler_heater_output.png: 392x141 pixel, 72dpi, 13.83x4.97 cm, bb=0 0 392 141 + \caption{Euler diagram showing HeaterOutput with its two hardware components, PWM and HEATER, and its software component output\_control.} + \label{fig:eulerheateroutput} +\end{figure} + + + + + + + + + + + + + + + + + + + + + + + + + + + +\subsubsection{Efferent flow: LED status LEDs} + +The status LEDS will be controlled by general purpose (GPIO) I/O pins. +We could have say, three LEDS one flashing with a human readable mark +space ratio representing the heater output, one flashing at a regular interval to +indicate the processor is alive and another flashing at an interval related to the temperature, +(to indicate if the temperature readings are within expected ranges). +Each LED should flash in normal operation, and any LED being permanently on or off +would indicate to the operator that an error had occurred. +The pre condition for this function is that the GPIO +is connected to working LEDS. +The post condition is that the function setLEDS, will supply correct indication by flashing the LEDs. +We form a {\fg} from the GPIO, the LEDs and the software function setLEDs. +We apply FMMD analysis to this {\fg} in table~\ref{tbl:ledoutput}. + +{ +\tiny +\begin{table}[h+] +\caption{ LEDOutput: Failure Mode Effects Analysis} % title of Table +\label{tbl:ledoutput} + +\begin{tabular}{|| l | c | l ||} \hline +% \textbf{Failure} & \textbf{failure} & \textbf{Symptom} \\ +% \textbf{Scenario} & \textbf{effect} & \textbf{RADC } \\ \hline + \hline + \textbf{Failure} & \textbf{Failure } & \textbf{Derived Component} \\ + \textbf{cause} & \textbf{Effect} & \textbf{Failure Mode} \\ + + + \hline + FC1: $ Temp LED fails $ & LED will not light & FailureIndicated \\ + & & \\ \hline + + + FC2: $ Processor LED fails $ & LED will not light & FailureIndicated \\ + & & \\ \hline + + FC3: $ PWM LED fails $ & LED will not light & FailureIndicated \\ + & & \\ \hline + + FC4: GPIO stuck HIGH & LED permanently OFF & FailureIndicated \\ \hline + + + FC5: GPIO stuck Low & LED permanently ON & FailureIndicated \\ \hline + + + FC6: Software SetLEDs & Incorrect Indication & IndicationError \\ + fails to set outputs correctly & Post condition failure & \\ \hline + + + +\end{tabular} +\end{table} +} + + + + +\begin{figure}[h] + \centering + \includegraphics[width=300pt]{./CH5_Examples/euler_led_output.png} + % euler_heater_output.png: 392x141 pixel, 72dpi, 13.83x4.97 cm, bb=0 0 392 141 + \caption{Euler diagram showing LEDOutput with its three LEDs and GPIO hardware elements, and its + and its software component setLEDS.} + \label{fig:eulerheateroutput} +\end{figure} + + + + + + + + + + + + + + + + + + + + %OK STOP AT PID and follow the other data flows until we are ready to bring them to the top: i.e. %