Need to ensure all postconditions of every function

come up in the FMMD analysis tables

submission_thesis/CH1_introduction/copy.tex

@@ -14,7 +14,7 @@ Blanket measures, RAM ROM checks, EMC, electrical and environmental stress testi
 \subsection{Practical limitations of testing for certification vs. rigorous approach}
 
 State explosion problem considering a failure mode of a given component against
-all other components in the system i.e. an exponential (2^N) order of processing resource rather than a ploynomial i.e. N^2.
+all other components in the system i.e. an exponential ($2^N$) order of processing resource rather than a polynomial i.e. $N^2$.
 
 Impossible to perform double simultaneous failure analysis (as demanded by EN298~\cite{en298}).
 

submission_thesis/CH5_Examples/Makefile

@@ -7,7 +7,7 @@ PNG_DIA = blockdiagramcircuit2.png  bubba_oscillator_block_diagram.png  circuit1
 	tree_abstraction_levels.png   vrange.png sigma_delta_block.png ftcontext.png ct1.png hd.png         \
         sigdel1.png sdadc.png bubba_euler_1.png bubba_euler_2.png eulersd.png eulersdfinal.png              \
 	eulerfivepole.png eulerswhw.png context_diagram_PID.png context_diagram2_PID.png context_software.png \
-	context_calltree.png euler_afferent_PID.png
+	context_calltree.png euler_afferent_PID.png euler_heater_output.png euler_led_output.png
 
 
 

submission_thesis/CH5_Examples/software.tex

@@ -821,6 +821,7 @@ Identified electronic components:
  \item Pt100 --- Pt100 Temperature sensor, as analysed in section~\ref{sec:Pt100}.
  \item PWM --- Internal micro controller pulse width modulation module
  \item micro-controller --- the medium for running the software
+ \item setLEDs --- Set status indication LEDs via GPIO
 \end{itemize}
 
 
@@ -882,8 +883,10 @@ Identified Software Components:
  \item --- output\_control (which sets the PWM hardware according to the PID demand value)
 \end{itemize}
 With the call tree structure defined (see figure~\ref{fig:context_calltree}), we can now analyse these 
-components from the bottom-up, starting with the electronics.
+components from the bottom-up, starting with the afferent flow, the reading in of the temperature and its conversion
+to a PID calculated heater output demand.
 
+\subsubsection{Afferent flow FMMD analysis , Pt100, temperature, set point error, PID output demand.}
 We start with the afferent flow from the Pt100.
 %with the software, and consider the hardware elements
 %used (if any) by each software function.
@@ -1118,6 +1121,181 @@ We have now modelled the the software call tree for the afferent  flow, we repre
 Two call tree branches remain. The LED indication branch and the 
 PWM/heater output.
 
+\subsubsection{Efferent flow, PID demand value to PWM output}
+
+The monitor function calls the output\_control function with the PID demand.
+The output\_control function then sets the PWM hardware register, which causes the mark space output of the PWM module to
+apply the demanded power. We form a {\fg} with the  Heating element, a PWM module and the output\_control function to model this branch
+of the efferent flow. We apply FMMD analysis to this {\fg} in table~\ref{tbl:heateroutput}.
+For the output\_control function, we have a pre-condition that the PWM module is 
+configured and working, and has the correct clock frequency.
+ A second pre-condition is that the heating element is connected and working.
+The post condition is that is sets the correct value into the PWM register
+to implement the PWM demand.
+
+{
+\tiny
+\begin{table}[h+]
+\caption{ HeaterOutput: Failure Mode Effects Analysis} % title of Table
+\label{tbl:heateroutput}
+
+\begin{tabular}{|| l   | c |   l ||} \hline
+% \textbf{Failure}   &  \textbf{failure}     & \textbf{Symptom}          \\ 
+% \textbf{Scenario}  &  \textbf{effect}      &     \textbf{RADC }                     \\ \hline 
+ \hline 
+ \textbf{Failure} &  \textbf{Failure }         & \textbf{Derived Component}          \\ 
+ \textbf{cause}   &   \textbf{Effect}                & \textbf{Failure Mode}          \\
+  
+ 
+               \hline
+     FC1: $ PWM stuck HIGH $      &   pre-condition violated        & HeaterOnFull         \\  
+                                         &  PWM module not working        &                 \\  \hline    
+                                       
+                                         
+       FC2: $ PWM stuck LOW $           &  pre-condition violated          &  HeaterOff               \\  
+                                        &  PWM module not working                   &                 \\  \hline    
+                                        
+          FC3: $ output\_control$ wrong value            & The software supplies the wrong          &  HeaterOutputIncorrect               \\  
+                                        &  value to the PWM register                   &                 \\  \hline 
+                                        
+                                        
+      FC4:  HEATER $SHORT$               &  heating element resistor         & HeaterOff        \\  
+                                         &  SHORT no heating effect      &                 \\  \hline    
+                                       
+                                         
+       FC5:  HEATER $OPEN  $           &  heating element resistor          &  HeaterOff               \\  
+                                        & OPEN no heating effect                  &                 \\  \hline                             
+     
+\end{tabular}
+\end{table}
+}
+
+We now create a {\dc} called HeaterOutput
+with the following failure modes:
+$$fm(HeaterOutput) = \{ HeaterOnFull, HeaterOff, HeaterOutputIncorrect \}$$
+
+
+
+\begin{figure}[h]
+ \centering
+ \includegraphics[width=300pt]{./CH5_Examples/euler_heater_output.png}
+ % euler_heater_output.png: 392x141 pixel, 72dpi, 13.83x4.97 cm, bb=0 0 392 141
+ \caption{Euler diagram showing HeaterOutput with its two hardware components, PWM and HEATER, and its software component output\_control.}
+ \label{fig:eulerheateroutput}
+\end{figure}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+\subsubsection{Efferent flow: LED status LEDs}
+
+The status LEDS will be controlled by general purpose (GPIO) I/O pins.
+We could have say, three LEDS one flashing with a human readable mark 
+space ratio representing the heater output, one flashing at a regular interval to
+indicate the processor is alive and another flashing at an interval related to the temperature,
+(to indicate if the temperature readings are within expected ranges).
+Each LED should flash in normal operation, and any LED being permanently on or off
+would indicate to the operator that an error had occurred.
+The pre condition for this function is that the GPIO
+is connected to working LEDS.
+The post condition is that the function setLEDS,  will supply correct indication by flashing the LEDs.
+We form a {\fg} from the GPIO, the LEDs and the software function setLEDs.
+We apply FMMD analysis to this {\fg} in table~\ref{tbl:ledoutput}.
+
+{
+\tiny
+\begin{table}[h+]
+\caption{ LEDOutput: Failure Mode Effects Analysis} % title of Table
+\label{tbl:ledoutput}
+
+\begin{tabular}{|| l   | c |   l ||} \hline
+% \textbf{Failure}   &  \textbf{failure}     & \textbf{Symptom}          \\ 
+% \textbf{Scenario}  &  \textbf{effect}      &     \textbf{RADC }                     \\ \hline 
+ \hline 
+ \textbf{Failure} &  \textbf{Failure }         & \textbf{Derived Component}          \\ 
+ \textbf{cause}   &   \textbf{Effect}                & \textbf{Failure Mode}          \\
+  
+ 
+               \hline
+     FC1: $ Temp LED fails $      &   LED will not light       & FailureIndicated         \\  
+                                  &                            &                 \\  \hline    
+                                       
+                                         
+       FC2: $ Processor LED fails $           &   LED will not light          &  FailureIndicated               \\  
+                                              &                               &                 \\  \hline    
+                                        
+          FC3: $ PWM LED fails $           &  LED will not light         &  FailureIndicated               \\  
+                                          &                              &                 \\  \hline
+                                          
+           FC4:  GPIO stuck HIGH & LED permanently OFF &   FailureIndicated    \\ \hline
+           
+ 
+           FC5: GPIO stuck Low  & LED permanently ON &   FailureIndicated    \\ \hline
+           
+           
+            FC6:  Software SetLEDs                 &  Incorrect Indication        &  IndicationError               \\  
+                  fails to set outputs correctly   &   Post condition failure     &                 \\  \hline                                             
+  
+                                        
+                                        
+\end{tabular}
+\end{table}
+}
+
+
+
+
+\begin{figure}[h]
+ \centering
+ \includegraphics[width=300pt]{./CH5_Examples/euler_led_output.png}
+ % euler_heater_output.png: 392x141 pixel, 72dpi, 13.83x4.97 cm, bb=0 0 392 141
+ \caption{Euler diagram showing LEDOutput with its three LEDs and GPIO hardware elements, and its 
+ and its software component setLEDS.}
+ \label{fig:eulerheateroutput}
+\end{figure}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 
 %OK STOP AT PID and follow the other data flows until we are ready to bring them to the top: i.e. 
 %