From 78bbdb7b34206f36d021af6d03a45eb64af1412d Mon Sep 17 00:00:00 2001 From: Robin Clark Date: Sun, 15 Aug 2010 11:02:33 +0100 Subject: [PATCH] . --- Makefile | 6 + millivoltamp/millivoltamp.tex | 1608 +++++++++++++++++---------------- millivoltamp/paper.tex | 6 +- mybib.bib | 7 + 4 files changed, 825 insertions(+), 802 deletions(-) diff --git a/Makefile b/Makefile index a5270db..1f4ea18 100644 --- a/Makefile +++ b/Makefile @@ -10,3 +10,9 @@ pdf: bib: bibtex thesis pdf + + +puzzle: + pdflatex puzzle.tex + pdflatex puzzle.tex + okular puzzle.pdf diff --git a/millivoltamp/millivoltamp.tex b/millivoltamp/millivoltamp.tex index 8865be0..4eacd7d 100644 --- a/millivoltamp/millivoltamp.tex +++ b/millivoltamp/millivoltamp.tex @@ -1,9 +1,15 @@ -% -% Make the revision and doc number macro's then they are defined in one place +%% +%% Make the revision and doc number macro's then they are defined in one place \ifthenelse {\boolean{paper}} { \begin{abstract} -\paragraph{NOT WRITTEN YET USES PT100 DOC AS FRAME WORK: DO NOT READ} + +% +% +% do not ever try to put a paragraph in an abstract. Give incomprehensible +% error messages at the wrong line number. Just like old fortran. + +%\paragraph{NOT WRITTEN YET USES PT100 DOC AS FRAME WORK: DO NOT READ} This paper analyses the example ciruit with an added safety component, given in the introduction chapter. The analysis is performed using Propositional Logic @@ -19,815 +25,817 @@ from an FMEA perspective as a component itself, with a set of known failure mode { \section{Overview} -\paragraph{NOT WRITTEN YET USES PT100 DOC AS FRAME WORK: DO NOT READ} -The analysis is performed using Propositional Logic -diagrams to assist the reasoning process. -This chapter describes taking -the failure modes of the components, analysing the circuit using FMEA -and producing a failure mode model for the circuit as a whole. -Thus after the analysis the Milli Volt Amplifier circuit, may be viewed -from an FMEA perspective as a component itself, with a set of known failure modes. +%\paragraph{NOT WRITTEN YET USES PT100 DOC AS FRAME WORK: DO NOT READ} +%The analysis is performed using Propositional Logic +%diagrams to assist the reasoning process. +%This chapter describes taking +%the failure modes of the components, analysing the circuit using FMEA +%and producing a failure mode model for the circuit as a whole. +%Thus after the analysis the Milli Volt Amplifier circuit, may be viewed +%from an FMEA perspective as a component itself, with a set of known failure modes. } -%\begin{figure}[h] -% \centering -% \includegraphics[width=400pt,bb=0 0 714 180,keepaspectratio=true]{./milli volt amplifier/milli volt amplifier.jpg} -% % milli volt amplifier.jpg: 714x180 pixel, 72dpi, 25.19x6.35 cm, bb=0 0 714 180 -% \caption{Milli Volt Amplifier four wire circuit} -% \label{fig:milli volt amplifier} -%\end{figure} -% - -\section{General Description of Milli Volt Amplifier four wire circuit} - -The Milli Volt Amplifier four wire circuit uses two wires to supply small electrical current, -and returns two sense volages by the other two. -By measuring voltages -from sections of this circuit forming potential dividers, we can determine the -resistance of the platinum wire sensor. The resistance -of this is directly related to temperature, and may be determined by -look-up tables or a suitable polynomial expression. - - -%\begin{figure}[h] -% \centering -% \includegraphics[width=150pt,bb=0 0 273 483,keepaspectratio=true]{./milli volt amplifier/vrange.jpg} -% % milli volt amplifier.jpg: 714x180 pixel, 72dpi, 25.19x6.35 cm, bb=0 0 714 180 -% \caption{Milli Volt Amplifier expected voltage ranges} -% \label{fig:milli volt amplifiervrange} -%\end{figure} -% - -The voltage ranges we expect from this three stage potential divider\footnote{ -two stages are required for validation, a third stage is used to measure the current flowing -through the circuit to obtain accurate temperature readings} -are shown in figure \ref{fig:milli volt amplifiervrange}. Note that there is -an expected range for each reading, for a given temperature span. -Note that the low reading goes down as temperature increases, and the higher reading goes up. -For this reason the low reading will be referred to as {\em sense-} -and the higher as {\em sense+}. - -\subsection{Accuracy despite variable \\ resistance in cables} - -For electronic and accuracy reasons a four wire circuit is preferred -because of resistance in the cables. Resistance from the supply - causes a slight voltage -drop in the supply to the Milli Volt Amplifier. As no significant current -is carried by the two `sense' lines, the resistance back to the ADC -causes only a negligible voltage drop, and thus the four wire -configuration is more accurate\footnote{The increased accuracy is because the voltage measured, is the voltage across -the thermistor and not the voltage across the thermistor and current supply wire resistance.}. - -\subsection{Calculating Temperature from \\ the sense line voltages} - -The current flowing though the -whole circuit can be measured on the PCB by reading a third -sense voltage from one of the load resistors. Knowing the current flowing -through the circuit -and knowing the voltage drop over the Milli Volt Amplifier, we can calculate its -resistance by Ohms law $V=I.R$, $R=\frac{V}{I}$. -Thus a little loss of supply current due to resistance in the cables -does not impinge on accuracy. -The resistance to temperature conversion is achieved -through the published Milli Volt Amplifier tables\cite{eurothermtables}. -The standard voltage divider equations (see figure \ref{fig:vd} and -equation \ref{eqn:vd}) can be used to calculate -expected voltages for failure mode and temperature reading purposes. - -%\begin{figure}[h] -% \centering -% \includegraphics[width=100pt,bb=0 0 183 170,keepaspectratio=true]{./milli volt amplifier/voltage_divider.png} -% % voltage_divider.png: 183x170 pixel, 72dpi, 6.46x6.00 cm, bb=0 0 183 170 -% \caption{Voltage Divider} -% \label{fig:vd} -%\end{figure} -%%The looking at figure \ref{fig:vd} the standard voltage divider formula (equation \ref{eqn:vd}) is used. - -\begin{equation} -\label{eqn:vd} - V_{out} = V_{in}.\frac{Z2}{Z2+Z1} -\end{equation} - -\section{Safety case for 4 wire circuit} - -This sub-section looks at the behaviour of the Milli Volt Amplifier four wire circuit -for the effects of component failures. -All components have a set of known `failure modes'. -In other words we know that a given component can fail in several distinct ways. -Studies have been published which list common component types -and their sets of failure modes, often with MTTF statistics \cite{mil1991}. -Thus for each component, an analysis is made for each of its failure modes, -with respect to its effect on the -circuit. Each one of these scenarios is termed a `test case'. -The resultant circuit behaviour for each of these test cases is noted. -The worst case for this type of -analysis would be a fault that we cannot detect. -Where this occurs a circuit re-design is probably the only sensible course of action. - - - -\subsection{Single Fault FMEA Analysis \\ of Milli Volt Amplifier Four wire circuit} - -\label{fmea} -This circuit simply consists of three resistors. -Resistors according to the DOD Electronic component fault handbook -1991, fail by either going OPEN or SHORT circuit \cite{mil1991}. -%Should wires become disconnected these will have the same effect as -%given resistors going open. -For the purpose of this analyis; -$R_{1}$ is the \ohms{2k2} from 5V to the thermistor, -$R_3$ is the Milli Volt Amplifier thermistor and $R_{2}$ connects the thermistor to ground. - -We can define the terms `High Fault' and `Low Fault' here, with reference to figure -\ref{fig:milli volt amplifiervrange}. Should we get a reading outside the safe green zone -in the diagram we can consider this a fault. -Should the reading be above its expected range this is a `High Fault' -and if below a `Low Fault'. - -Table \ref{ptfmea} plays through the scenarios of each of the resistors failing -in both SHORT and OPEN failure modes, and hypothesises an error condition in the readings. -The range {0\oc} to {300\oc} will be analysed using potential divider equations to -determine out of range voltage limits in section \ref{ptbounds}. - -\begin{table}[ht] -\caption{Milli Volt Amplifier FMEA Single Faults} % title of Table -\centering % used for centering table -\begin{tabular}{||l|c|c|l|l||} -\hline \hline - \textbf{Test} & \textbf{Result} & \textbf{Result } & \textbf{General} \\ - \textbf{Case} & \textbf{sense +} & \textbf{sense -} & \textbf{Symtom Description} \\ -% R & wire & res + & res - & description -\hline -\hline - $R_1$ SHORT & High Fault & - & Value Out of Range Value \\ \hline -$R_1$ OPEN & Low Fault & Low Fault & Both values out of range \\ \hline - \hline -$R_3$ SHORT & Low Fault & High Fault & Both values out of range \\ \hline - $R_3$ OPEN & High Fault & Low Fault & Both values out of range \\ \hline -\hline -$R_2$ SHORT & - & Low Fault & Value Out of Range Value \\ - $R_2$ OPEN & High Fault & High Fault & Both values out of range \\ \hline -\hline -\end{tabular} -\label{ptfmea} -\end{table} - -From table \ref{ptfmea} it can be seen that any component failure in the circuit -should cause a common symptom, that of one or more of the values being `out of range'. -Temperature range calculations and detailed calculations -on the effects of each test case are found in section \ref{milli volt amplifierrange} -and \ref{milli volt amplifiertemp}. - - - -\subsection{Range and Amplifier Calculations} -\label{milli volt amplifiertemp} -Milli Volt Amplifier resistors are designed to -have a resistance of \ohms{100} at {0\oc} \cite{aoe},\cite{eurothermtables}. -A suitable `wider than to be expected range' was considered to be {0\oc} to {300\oc} -for a given application. -According to the Eurotherm Milli Volt Amplifier -tables \cite{eurothermtables}, this corresponded to the resistances \ohms{100} -and \ohms{212.02} respectively. From this the potential divider circuit can be -analysed and the maximum and minimum acceptable voltages determined. -These can be used as bounds results to apply the findings from the -Milli Volt Amplifier FMEA analysis in section \ref{fmea}. - -As the Milli Volt Amplifier forms a potential divider with the \ohms{2k2} load resistors, -the upper and lower readings can be calculated thus: - - -$$ highreading = 5V.\frac{2k2+milli volt amplifier}{2k2+2k2+milli volt amplifier} $$ -$$ lowreading = 5V.\frac{2k2}{2k2+2k2+milli volt amplifier} $$ -So by defining an acceptable measurement/temperature range, -and ensuring the -values are always within these bounds we can be confident that none of the -resistors in this circuit has failed. - -To convert these to twelve bit ADC (\adctw) counts: - -$$ highreading = 2^{12}.\frac{2k2+milli volt amplifier}{2k2+2k2+milli volt amplifier} $$ -$$ lowreading = 2^{12}.\frac{2k2}{2k2+2k2+milli volt amplifier} $$ - - -\begin{table}[ht] -\caption{Milli Volt Amplifier Maximum and Minimum Values} % title of Table -\centering % used for centering table -\begin{tabular}{||c|c|c|l|l||} -\hline \hline - \textbf{Temperature} & \textbf{Milli Volt Amplifier resistance} & -\textbf{Lower} & \textbf{Higher} & \textbf{Description} \\ -\hline -% {-100 \oc} & {\ohms{68.28}} & 2.46V & 2.53V & Boundary of \\ -% & & 2017\adctw & 2079\adctw & out of range LOW \\ \hline - {0 \oc} & {\ohms{100}} & 2.44V & 2.56V & Boundary of \\ - & & 2002\adctw & 2094\adctw & out of range LOW \\ \hline - {+300 \oc} & {\ohms{212.02}} & 2.38V & 2.62V & Boundary of \\ - & & 1954\adctw & 2142\adctw & out of range HIGH \\ \hline -\hline -\end{tabular} -\label{ptbounds} -\end{table} - -Table \ref{ptbounds} gives ranges that determine correct operation. In fact it can be shown that -for any single error (short or opening of any resistor) this bounds check -will detect it. - - -\section{Single Fault FMEA Analysis \\ of Milli Volt Amplifier Four wire circuit} - -\subsection{Single Fault Modes as PLD} - -The component~failure~modes in table \ref{ptfmea} can be represented as contours -on a PLD diagram. -Each test case, is defined by the contours that enclose -it. The test cases here deal with single faults only -and are thus enclosed by one contour each. - - -%\begin{figure}[h] -% \centering -% \includegraphics[width=400pt,bb=0 0 518 365,keepaspectratio=true]{./milli volt amplifier/milli volt amplifier_tc.jpg} -% % milli volt amplifier_tc.jpg: 518x365 pixel, 72dpi, 18.27x12.88 cm, bb=0 0 518 365 -% \caption{Milli Volt Amplifier Component Failure Modes} -% \label{fig:milli volt amplifier_tc} -%\end{figure} -% -%ating input Fault -This circuit supplies two results, the {\em sense+} and {\em sense-} voltage readings. -To establish the valid voltage ranges for these, and knowing our -valid temperature range for this example ({0\oc} .. {300\oc}) we can calculate -valid voltage reading ranges by using the standard voltage divider equation \ref{eqn:vd} -for the circuit shown in figure \ref{fig:vd}. % -%\begin{figure}[h] -% \centering -% \includegraphics[width=100pt,bb=0 0 183 170,keepaspectratio=true]{./milli volt amplifier/voltage_divider.png} -% % voltage_divider.png: 183x170 pixel, 72dpi, 6.46x6.00 cm, bb=0 0 183 170 -% \caption{Voltage Divider} -% \label{fig:vd} -%\end{figure} -%%The looking at figure \ref{fig:vd} the standard voltage divider formula (equation \ref{eqn:vd}) is used. +%%\begin{figure}[h] +%% \centering +%% \includegraphics[width=400pt,bb=0 0 714 180,keepaspectratio=true]{./milli volt amplifier/milli volt amplifier.jpg} +%% % milli volt amplifier.jpg: 714x180 pixel, 72dpi, 25.19x6.35 cm, bb=0 0 714 180 +%% \caption{Milli Volt Amplifier four wire circuit} +%% \label{fig:milli volt amplifier} +%%\end{figure} +%% +% +%\section{General Description of Milli Volt Amplifier four wire circuit} +% +%The Milli Volt Amplifier four wire circuit uses two wires to supply small electrical current, +%and returns two sense volages by the other two. +%By measuring voltages +%from sections of this circuit forming potential dividers, we can determine the +%resistance of the platinum wire sensor. The resistance +%of this is directly related to temperature, and may be determined by +%look-up tables or a suitable polynomial expression. +% +% +%%\begin{figure}[h] +%% \centering +%% \includegraphics[width=150pt,bb=0 0 273 483,keepaspectratio=true]{./milli volt amplifier/vrange.jpg} +%% % milli volt amplifier.jpg: 714x180 pixel, 72dpi, 25.19x6.35 cm, bb=0 0 714 180 +%% \caption{Milli Volt Amplifier expected voltage ranges} +%% \label{fig:milli volt amplifiervrange} +%%\end{figure} +%% +% +%The voltage ranges we expect from this three stage potential divider\footnote{ +%two stages are required for validation, a third stage is used to measure the current flowing +%through the circuit to obtain accurate temperature readings} +%are shown in figure \ref{fig:milli volt amplifiervrange}. Note that there is +%an expected range for each reading, for a given temperature span. +%Note that the low reading goes down as temperature increases, and the higher reading goes up. +%For this reason the low reading will be referred to as {\em sense-} +%and the higher as {\em sense+}. +% +%\subsection{Accuracy despite variable \\ resistance in cables} +% +%For electronic and accuracy reasons a four wire circuit is preferred +%because of resistance in the cables. Resistance from the supply +% causes a slight voltage +%drop in the supply to the Milli Volt Amplifier. As no significant current +%is carried by the two `sense' lines, the resistance back to the ADC +%causes only a negligible voltage drop, and thus the four wire +%configuration is more accurate\footnote{The increased accuracy is because the voltage measured, is the voltage across +%the thermistor and not the voltage across the thermistor and current supply wire resistance.}. +% +%\subsection{Calculating Temperature from \\ the sense line voltages} +% +%The current flowing though the +%whole circuit can be measured on the PCB by reading a third +%sense voltage from one of the load resistors. Knowing the current flowing +%through the circuit +%and knowing the voltage drop over the Milli Volt Amplifier, we can calculate its +%resistance by Ohms law $V=I.R$, $R=\frac{V}{I}$. +%Thus a little loss of supply current due to resistance in the cables +%does not impinge on accuracy. +%The resistance to temperature conversion is achieved +%through the published Milli Volt Amplifier tables\cite{eurothermtables}. +%The standard voltage divider equations (see figure \ref{fig:vd} and +%equation \ref{eqn:vd}) can be used to calculate +%expected voltages for failure mode and temperature reading purposes. +% +%%\begin{figure}[h] +%% \centering +%% \includegraphics[width=100pt,bb=0 0 183 170,keepaspectratio=true]{./milli volt amplifier/voltage_divider.png} +%% % voltage_divider.png: 183x170 pixel, 72dpi, 6.46x6.00 cm, bb=0 0 183 170 +%% \caption{Voltage Divider} +%% \label{fig:vd} +%%\end{figure} +%%%The looking at figure \ref{fig:vd} the standard voltage divider formula (equation \ref{eqn:vd}) is used. % %\begin{equation} %\label{eqn:vd} % V_{out} = V_{in}.\frac{Z2}{Z2+Z1} %\end{equation} % - - -\subsection{Proof of Out of Range \\ Values for Failures} -\label{pt110range} -Using the temperature ranges defined above we can compare the voltages -we would get from the resistor failures to prove that they are -`out of range'. There are six test cases and each will be examined in turn. - -\subsubsection{ TC 1 : Voltages $R_1$ SHORT } -With milli volt amplifier at 0\oc -$$ highreading = 5V $$ -Since the highreading or sense+ is directly connected to the 5V rail, -both temperature readings will be 5V.. -$$ lowreading = 5V.\frac{2k2}{2k2+100\Omega} = 4.78V$$ -With milli volt amplifier at the high end of the temperature range 300\oc. -$$ highreading = 5V $$ -$$ lowreading = 5V.\frac{2k2}{2k2+212.02\Omega} = 4.56V$$ - -Thus with $R_1$ shorted both readings are outside the -proscribed range in table \ref{ptbounds}. - -\subsubsection{ TC 2 : Voltages $R_1$ OPEN } - -In this case the 5V rail is disconnected. All voltages read are 0V, and -therefore both readings are outside the -proscribed range in table \ref{ptbounds}. - - -\subsubsection{ TC 3 : Voltages $R_2$ SHORT } - -With milli volt amplifier at 0\oc -$$ lowreading = 0V $$ -Since the lowreading or sense- is directly connected to the 0V rail, -both temperature readings will be 0V. -$$ lowreading = 5V.\frac{100\Omega}{2k2+100\Omega} = 0.218V$$ -With milli volt amplifier at the high end of the temperature range 300\oc. -$$ highreading = 5V.\frac{212.02\Omega}{2k2+212.02\Omega} = 0.44V$$ - -Thus with $R_2$ shorted both readings are outside the -proscribed range in table \ref{ptbounds}. - -\subsubsection{ TC 4 : Voltages $R_2$ OPEN } -Here there is no potential divider operating and both sense lines -will read 5V, outside of the proscribed range. - - -\subsubsection{ TC 5 : Voltages $R_3$ SHORT } - -Here the potential divider is simply between -the two 2k2 load resistors. Thus it will read a nominal; -2.5V. - -Assuming the load resistors are -precision components, and then taking an absolute worst case of 1\% either way. - -$$ 5V.\frac{2k2*0.99}{2k2*1.01+2k2*0.99} = 2.475V $$ - -$$ 5V.\frac{2k2*1.01}{2k2*1.01+2k2*0.99} = 2.525V $$ - -These readings both lie outside the proscribed range. -Also the sense+ and sense- readings would have the same value. - -\subsubsection{ TC 6 : Voltages $R_3$ OPEN } - -Here the potential divider is broken. The sense- will read 0V and the sense+ will -read 5V. Both readings are outside the proscribed range. - -\subsection{Summary of Analysis} - -All six test cases have been analysed and the results agree with the hypothesis -put in Table \ref{ptfmea}. The PLD diagram, can now be used to collect the -symptoms. In this case there is a common and easily detected symptom for all these single -resistor faults : Voltage out of range. - -A spider can be drawn on the PLD diagram to this effect. - -In practical use, by defining an acceptable measurement/temperature range, -and ensuring the -values are always within these bounds we can be confident that none of the -resistors in this circuit has failed. - - -%\begin{figure}[h] -% \centering -% \includegraphics[width=400pt,bb=0 0 518 365,keepaspectratio=true]{./milli volt amplifier/milli volt amplifier_tc_sp.jpg} -% % milli volt amplifier_tc.jpg: 518x365 pixel, 72dpi, 18.27x12.88 cm, bb=0 0 518 365 -% \caption{Milli Volt Amplifier Component Failure Modes} -% \label{fig:milli volt amplifier_tc_sp} -%\end{figure} +%\section{Safety case for 4 wire circuit} % - -\subsection{Derived Component : The Milli Volt Amplifier Circuit} -The Milli Volt Amplifier circuit can now be treated as a component in its own right, and has one failure mode, -{\textbf OUT\_OF\_RANGE}. It can now be represnted as a PLD see figure \ref{fig:milli volt amplifier_singlef}. - -%\begin{figure}[h] -% \centering -% \includegraphics[width=100pt,bb=0 0 167 194,keepaspectratio=true]{./milli volt amplifier/milli volt amplifier_singlef.jpg} -% % milli volt amplifier_singlef.jpg: 167x194 pixel, 72dpi, 5.89x6.84 cm, bb=0 0 167 194 -% \caption{Milli Volt Amplifier Circuit Failure Modes : From Single Faults Analysis} -% \label{fig:milli volt amplifier_singlef} -%\end{figure} +%This sub-section looks at the behaviour of the Milli Volt Amplifier four wire circuit +%for the effects of component failures. +%All components have a set of known `failure modes'. +%In other words we know that a given component can fail in several distinct ways. +%Studies have been published which list common component types +%and their sets of failure modes, often with MTTF statistics \cite{mil1991}. +%Thus for each component, an analysis is made for each of its failure modes, +%with respect to its effect on the +%circuit. Each one of these scenarios is termed a `test case'. +%The resultant circuit behaviour for each of these test cases is noted. +%The worst case for this type of +%analysis would be a fault that we cannot detect. +%Where this occurs a circuit re-design is probably the only sensible course of action. % - -%From the single faults (cardinality constrained powerset of 1) analysis, we can now create -%a new derived component, the {\emmilli volt amplifiercircuit}. This has only \{ OUT\_OF\_RANGE \} -%as its single failure mode. - - -%Interestingly we can calculate the failure statistics for this circuit now. -%Mill 1991 gives resistor stats of ${10}^{11}$ times 6 (can we get special stats for milli volt amplifier) ??? -\clearpage -\subsection{Mean Time to Failure} - -Now that we have a model for the failure mode behaviour of the milli volt amplifier circuit -we can look at the statistics associated with each of the failure modes. - -The DOD electronic reliability of components -document MIL-HDBK-217F\cite{mil1992} gives formulae for calculating -the -%$\frac{failures}{{10}^6}$ -${failures}/{{10}^6}$ % looks better -in hours for a wide range of generic components -\footnote{These figures are based on components from the 1980's and MIL-HDBK-217F -can give conservative reliability figures when applied to -modern components}. - -Using the MIL-HDBK-217F\cite{mil1992} specifications for resistor and thermistor -failure statistics we calculate the reliability of this circuit. - - -\subsubsection{Resistor FIT Calculations} - -The formula for given in MIL-HDBK-217F\cite{mil1992}[9.2] for a generic fixed film non-power resistor -is reproduced in equation \ref{resistorfit}. The meanings -and values assigned to its co-efficients are described in table \ref{tab:resistor}. - -\begin{equation} -% fixed comp resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E -resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E - \label{resistorfit} -\end{equation} - -\begin{table}[ht] -\caption{Fixed film resistor Failure in time assessment} % title of Table -\centering % used for centering table -\begin{tabular}{||c|c|l||} -\hline \hline - \em{Parameter} & \em{Value} & \em{Comments} \\ - & & \\ \hline \hline - ${\lambda}_{b}$ & 0.00092 & stress/temp base failure rate $60^o$ C \\ \hline - %${\pi}_T$ & 4.2 & max temp of $60^o$ C\\ \hline - ${\pi}_R$ & 1.0 & Resistance range $< 0.1M\Omega$\\ \hline - ${\pi}_Q$ & 15.0 & Non-Mil spec component\\ \hline - ${\pi}_E$ & 1.0 & benign ground environment\\ \hline - -\hline \hline -\end{tabular} -\label{tab:resistor} -\end{table} - -Applying equation \ref{resistorfit} with the parameters from table \ref{tab:resistor} -give the following failures in ${10}^6$ hours: - -\begin{equation} - 0.00092 \times 1.0 \times 15.0 \times 1.0 = 0.0138 \;{failures}/{{10}^{6} Hours} - \label{eqn:resistor} -\end{equation} - -While MIL-HDBK-217F gives MTTF for a wide range of common components, -it does not specify how the components will fail (in this case OPEN or SHORT). {Some standards, notably EN298 only consider resistors failing in OPEN mode}. -FMD-97 gives 27\% OPEN and 3\% SHORTED, for resistors under certain electrical and environmental stresses. This example -compromises and uses a 90:10 ratio, for resistor failure. -Thus for this example resistors are expected to fail OPEN in 90\% of cases and SHORTED -in the other 10\%. -A standard fixed film resistor, for use in a benign environment, non military spec at -temperatures up to 60\oc is given a probability of 13.8 failures per billion ($10^9$) -hours of operation (see equation \ref{eqn:resistor}). -This figure is referred to as a FIT\footnote{FIT values are measured as the number of -failures per Billion (${10}^9$) hours of operation, (roughly 114,000 years). The smaller the -FIT number the more reliable the fault~mode} Failure in time. - -The formula given for a thermistor in MIL-HDBK-217F\cite{mil1992}[9.8] is reproduced in -equation \ref{thermistorfit}. The variable meanings and values are described in table \ref{tab:thermistor}. - -\begin{equation} -% fixed comp resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E -resistor{\lambda}_p = {\lambda}_{b}{\pi}_Q{\pi}_E - \label{thermistorfit} -\end{equation} - -\begin{table}[ht] -\caption{Bead type Thermistor Failure in time assessment} % title of Table -\centering % used for centering table -\begin{tabular}{||c|c|l||} -\hline \hline - \em{Parameter} & \em{Value} & \em{Comments} \\ - & & \\ \hline \hline - ${\lambda}_{b}$ & 0.021 & stress/temp base failure rate bead thermistor \\ \hline - %${\pi}_T$ & 4.2 & max temp of $60^o$ C\\ \hline - %${\pi}_R$ & 1.0 & Resistance range $< 0.1M\Omega$\\ \hline - ${\pi}_Q$ & 15.0 & Non-Mil spec component\\ \hline - ${\pi}_E$ & 1.0 & benign ground environment\\ \hline - -\hline \hline -\end{tabular} -\label{tab:thermistor} -\end{table} - - -\begin{equation} - 0.021 \times 1.0 \times 15.0 \times 1.0 = 0.315 \; {failures}/{{10}^{6} Hours} - \label{eqn:thermistor} -\end{equation} - - -Thus thermistor, bead type, non military spec is given a FIT of 315.0 - -Using the RIAC finding we can draw up the following table (table \ref{tab:stat_single}), -showing the FIT values for all faults considered. - - - -\begin{table}[h+] -\caption{Milli Volt Amplifier FMEA Single // Fault Statistics} % title of Table -\centering % used for centering table -\begin{tabular}{||l|c|c|l|l||} -\hline \hline - \textbf{Test} & \textbf{Result} & \textbf{Result } & \textbf{MTTF} \\ - \textbf{Case} & \textbf{sense +} & \textbf{sense -} & \textbf{per $10^9$ hours of operation} \\ -% R & wire & res + & res - & description -\hline -\hline -TC:1 $R_1$ SHORT & High Fault & - & 1.38 \\ \hline -TC:2 $R_1$ OPEN & Low Fault & Low Fault & 12.42\\ \hline - \hline -TC:3 $R_3$ SHORT & Low Fault & High Fault & 31.5 \\ \hline -TC:4 $R_3$ OPEN & High Fault & Low Fault & 283.5 \\ \hline -\hline -TC:5 $R_2$ SHORT & - & Low Fault & 1.38 \\ -TC:6 $R_2$ OPEN & High Fault & High Fault & 12.42 \\ \hline -\hline -\end{tabular} -\label{tab:stat_single} -\end{table} - -The FIT for the circuit as a whole is the sum of MTTF values for all the -test cases. The Milli Volt Amplifier circuit here has a FIT of 342.6. This is a MTTF of -about 360 years per circuit. - -A Probablistic tree can now be drawn, with a FIT value for the Milli Volt Amplifier -circuit and FIT values for all the component fault modes that it was calculated from. -We can see from this that that the most likely fault is the thermistor going OPEN. -This circuit is around 10 times more likely to fail in this way than in any other. -Were we to need a more reliable temperature sensor this would probably -be the fault~mode we would scrutinise first. - - -%\begin{figure}[h+] -% \centering -% \includegraphics[width=400pt,bb=0 0 856 327,keepaspectratio=true]{./milli volt amplifier/stat_single.jpg} -% % stat_single.jpg: 856x327 pixel, 72dpi, 30.20x11.54 cm, bb=0 0 856 327 -% \caption{Probablistic Fault Tree : Milli Volt Amplifier Single Faults} -% \label{fig:stat_single} -%\end{figure} - - -The Milli Volt Amplifier analysis presents a simple result for single faults. -The next analysis phase looks at how the circuit will behave under double simultaneous failure -conditions. - -\clearpage -\section{ Milli Volt Amplifier Double Simultaneous \\ Fault Analysis} - -In this section we examine the failure mode behaviour for all single -faults and double simultaneous faults. -This corresponds to the cardinality constrained powerset of -the failure modes in the functional group. -All the single faults have already been proved in the last section. -For the next set of test cases, let us again hypothesise -the failure modes, and then examine each one in detail with -potential divider equation proofs. - -Table \ref{tab:ptfmea2} lists all the combinations of double -faults and then hypothesises how the functional~group will react -under those conditions. - -\begin{table}[ht] -\caption{Milli Volt Amplifier FMEA Double Faults} % title of Table -\centering % used for centering table -\begin{tabular}{||l|l|c|c|l|l||} -\hline \hline - \textbf{TC} &\textbf{Test} & \textbf{Result} & \textbf{Result } & \textbf{General} \\ - \textbf{number} &\textbf{Case} & \textbf{sense +} & \textbf{sense -} & \textbf{Symtom Description} \\ -% R & wire & res + & res - & description -\hline -\hline - TC 7: & $R_1$ OPEN $R_2$ OPEN & Floating input Fault & Floating input Fault & Unknown value readings \\ \hline - TC 8: & $R_1$ OPEN $R_2$ SHORT & low & low & Both out of range \\ \hline -\hline - TC 9: & $R_1$ OPEN $R_3$ OPEN & high & low & Both out of Range \\ \hline - TC 10: & $R_1$ OPEN $R_3$ SHORT & low & low & Both out of range \\ \hline -\hline - - TC 11: & $R_1$ SHORT $R_2$ OPEN & high & high & Both out of range \\ \hline -TC 12: & $R_1$ SHORT $R_2$ SHORT & high & low & Both out of range \\ \hline -\hline - TC 13: & $R_1$ SHORT $R_3$ OPEN & high & low & Both out of Range \\ \hline -TC 14: & $R_1$ SHORT $R_3$ SHORT & high & high & Both out of range \\ \hline - -\hline - TC 15: & $R_2$ OPEN $R_3$ SHORT & high & Floating input Fault & sense+ out of range \\ \hline -TC 16: & $R_2$ OPEN $R_3$ SHORT & high & high & Both out of Range \\ \hline -TC 17: & $R_2$ SHORT $R_3$ OPEN & high & low & Both out of Range \\ \hline -TC 18: & $R_2$ SHORT $R_3$ SHORT & low & low & Both out of Range \\ \hline -\hline -\end{tabular} -\label{tab:ptfmea2} -\end{table} - -\subsection{Verifying complete coverage for a \\ cardinality constrained powerset of 2} - - - -It is important to check that we have covered all possible double fault combinations. -We can use the equation \ref{eqn:correctedccps2} -\ifthenelse {\boolean{paper}} -{ -from the definitions paper -\ref{pap:compdef} -, -reproduced below to verify this. - -\indent{ - where: - \begin{itemize} - \item The set $SU$ represents the components in the functional~group, where all components are guaranteed to have unitary state failure modes. - \item The indexed set $C_j$ represents all components in set $SU$. - \item The function $FM$ takes a component as an argument and returns its set of failure modes. - \item $cc$ is the cardinality constraint, here 2 as we are interested in double and single faults. - \end{itemize} -} -\begin{equation} - |{\mathcal{P}_{cc}SU}| = {\sum^{k}_{1..cc} \frac{|{SU}|!}{k!(|{SU}| - k)!}} -- \sum^{p}_{2..cc}{{\sum^{j}_{j \in J} \frac{|FM({C_j})|!}{p!(|FM({C_j})| - p)!}} } - \label{eqn:correctedccps2} -\end{equation} - -} -{ -\begin{equation} - |{\mathcal{P}_{cc}SU}| = {\sum^{k}_{1..cc} \frac{|{SU}|!}{k!(|{SU}| - k)!}} -- \sum^{p}_{2..cc}{{\sum^{j}_{j \in J} \frac{|FM({C_j})|!}{p!(|FM({C_j})| - p)!}} } - %\label{eqn:correctedccps2} -\end{equation} -} - - -$|FM(C_j)|$ will always be 2 here, as all the components are resistors and have two failure modes. - % -% Factorial of zero is one ! You can only arrange an empty set one way ! - -Populating this equation with $|SU| = 6$ and $|FM(C_j)|$ = 2. -%is always 2 for this circuit, as all the components are resistors and have two failure modes. - -\begin{equation} - |{\mathcal{P}_{2}SU}| = {\sum^{k}_{1..2} \frac{6!}{k!(6 - k)!}} -- \sum^{p}_{2..2}{{\sum^{j}_{1..3} \frac{2!}{p!(2 - p)!}} } - %\label{eqn:correctedccps2} -\end{equation} - -$|{\mathcal{P}_{2}SU}|$ is the number of valid combinations of faults to check -under the conditions of unitary state failure modes for the components (a resistor cannot fail by being shorted and open at the same time). - -Expanding the sumations - - -$$ NoOfTestCasesToCheck = \frac{6!}{1!(6-1)!} + \frac{6!}{2!(6-2)!} - \Big( \frac{2!}{2!(2 - 2)!} + \frac{2!}{2!(2 - 2)!} + \frac{2!}{2!(2 - 2)!} \Big) $$ - -$$ NoOfTestCasesToCheck = 6 + 15 - ( 1 + 1 + 1 ) = 18 $$ - -As the test case are all different and are of the correct cardinalities (6 single faults and (15-3) double) -we can be confident that we have looked at all `double combinations', of the possible faults -in the milli volt amplifier circuit. The next task is to investigate -these test cases in more detail to prove the failure mode hypothesis set out in table \ref{tab:ptfmea2}. - - -\subsection{Proof of Double Faults Hypothesis } - -\subsubsection{ TC 7 : Voltages $R_1$ OPEN $R_2$ OPEN } -\label{milli volt amplifier:bothfloating} -This double fault mode produces an interesting symptom. -Both sense lines are floating. -We cannot know what the {\adctw} readings on them will be. -In practise these would probably float to low values -but for the purpose of a safety critical analysis -all we can say is the values are `floating' and `unknown'. -This is an interesting case, because it is, at this stage an undetectable -fault that must be handled. - - -\subsubsection{ TC 8 : Voltages $R_1$ OPEN $R_2$ SHORT } - -This cuts the supply from Vcc. Both sense lines will be at zero. -Thus both values will be out of range. - - -\subsubsection{ TC 9 : Voltages $R_1$ OPEN $R_3$ OPEN } - -Sense- will be floating. -Sense+ will be tied to Vcc and will thus be out of range. - -\subsubsection{ TC 10 : Voltages $R_1$ OPEN $R_3$ SHORT } - -This shorts ground to the -both of the sense lines. -Both values thuis out of range. - -\subsubsection{ TC 11 : Voltages $R_1$ SHORT $R_2$ OPEN } - -This shorts both sense lines to Vcc. -Both values will be out of range. - - -\subsubsection{ TC 12 : Voltages $R_1$ SHORT $R_2$ SHORT } - -This shorts the sense+ to Vcc and the sense- to ground. -Both values will be out of range. - - - - - - - - - -\subsubsection{ TC 13 : Voltages $R_1$ SHORT $R_3$ OPEN } - -This shorts the sense+ to Vcc and the sense- to ground. -Both values will be out of range. - -\subsubsection{ TC 14 : Voltages $R_1$ SHORT $R_3$ SHORT } - -This shorts the sense+ and sense- to Vcc. -Both values will be out of range. - -\subsubsection{ TC 15 : Voltages $R_2$ OPEN $R_3$ OPEN } - -This shorts the sense+ to Vcc and causes sense- to float. -The sense+ value will be out of range. - - -\subsubsection{ TC 16 : Voltages $R_2$ OPEN $R_3$ SHORT } - -This shorts the sense+ and sense- to Vcc. -Both values will be out of range. - - - - - -\subsubsection{ TC 17 : Voltages $R_2$ SHORT $R_3$ OPEN } - -This shorts the sense- to Ground. -The sense- value will be out of range. - - -\subsubsection{ TC 18 : Voltages $R_2$ SHORT $R_3$ SHORT } - -This shorts the sense+ and sense- to Vcc. -Both values will be out of range. - -\clearpage -\subsection{Double Faults Represented on a PLD Diagram} - -We can show the test cases on a diagram with the double faults residing on regions -corresponding to overlapping contours see figure \ref{fig:plddouble}. -Thus $TC\_18$ will be enclosed by the $R2\_SHORT$ contour and the $R3\_SHORT$ contour. - - -%\begin{figure}[h] -% \centering -% \includegraphics[width=450pt,bb=0 0 730 641,keepaspectratio=true]{milli volt amplifier/plddouble.jpg} -% % plddouble.jpg: 730x641 pixel, 72dpi, 25.75x22.61 cm, bb=0 0 730 641 -% \caption{Milli Volt Amplifier Double Simultaneous Faults} -% \label{fig:plddouble} -%\end{figure} - -The usefulnes of equation \ref{eqn:correctedccps2} is apparent. From the diagram it is easy to verify -the number of failure modes considered for each test case, but complete coverage for -a given cardinality constraint is not visually obvious. - -\subsubsection{Symptom Extraction} - -We can now examine the results of the test case analysis and apply symptom abstraction. -In all the test case results we have at least one an out of range value, except for -$TC\_7$ -which has two unknown values/floating readings. We can collect all the faults, except $TC\_7$, -into the symptom $OUT\_OF\_RANGE$. -As a symptom $TC\_7$ could be described as $FLOATING$. We can thus draw a PLD diagram representing the -failure modes of this functional~group, the milli volt amplifier circuit from the perspective of double simultaneous failures, -in figure \ref{fig:dubsim}. - - -%\begin{figure}[h] -% \centering -% \includegraphics[width=450pt,bb=0 0 730 641,keepaspectratio=true]{milli volt amplifier/plddoublesymptom.jpg} -% % plddouble.jpg: 730x641 pixel, 72dpi, 25.75x22.61 cm, bb=0 0 730 641 -% \caption{Milli Volt Amplifier Double Simultaneous Faults} -% \label{fig:plddoublesymptom} -%\end{figure} - - -\clearpage -\subsection{Derived Component : The Milli Volt Amplifier Circuit} -The Milli Volt Amplifier circuit again, can now be treated as a component in its own right, and has two failure modes, -{\textbf{OUT\_OF\_RANGE}} and {\textbf{FLOATING}}. -It can now be represented as a PLD see figure \ref{fig:milli volt amplifier_doublef}. - -%\begin{figure}[h] -% \centering -% \includegraphics[width=100pt,bb=0 0 167 194,keepaspectratio=true]{./milli volt amplifier/milli volt amplifier_doublef.jpg} -% % milli volt amplifier_singlef.jpg: 167x194 pixel, 72dpi, 5.89x6.84 cm, bb=0 0 167 194 -% \caption{Milli Volt Amplifier Circuit Failure Modes : From Double Faults Analysis} -% \label{fig:milli volt amplifier_doublef} -%\end{figure} - -\subsection{Statistics} - +% +%\subsection{Single Fault FMEA Analysis \\ of Milli Volt Amplifier Four wire circuit} +% +%\label{fmea} +%This circuit simply consists of three resistors. +%Resistors according to the DOD Electronic component fault handbook +%1991, fail by either going OPEN or SHORT circuit \cite{mil1991}. +%%Should wires become disconnected these will have the same effect as +%%given resistors going open. +%For the purpose of this analyis; +%$R_{1}$ is the \ohms{2k2} from 5V to the thermistor, +%$R_3$ is the Milli Volt Amplifier thermistor and $R_{2}$ connects the thermistor to ground. +% +%We can define the terms `High Fault' and `Low Fault' here, with reference to figure +%\ref{fig:milli volt amplifiervrange}. Should we get a reading outside the safe green zone +%in the diagram we can consider this a fault. +%Should the reading be above its expected range this is a `High Fault' +%and if below a `Low Fault'. +% +%Table \ref{ptfmea} plays through the scenarios of each of the resistors failing +%in both SHORT and OPEN failure modes, and hypothesises an error condition in the readings. +%The range {0\oc} to {300\oc} will be analysed using potential divider equations to +%determine out of range voltage limits in section \ref{ptbounds}. +% +%\begin{table}[ht] +%\caption{Milli Volt Amplifier FMEA Single Faults} % title of Table +%\centering % used for centering table +%\begin{tabular}{||l|c|c|l|l||} +%\hline \hline +% \textbf{Test} & \textbf{Result} & \textbf{Result } & \textbf{General} \\ +% \textbf{Case} & \textbf{sense +} & \textbf{sense -} & \textbf{Symtom Description} \\ +%% R & wire & res + & res - & description +%\hline +%\hline +% $R_1$ SHORT & High Fault & - & Value Out of Range Value \\ \hline +%$R_1$ OPEN & Low Fault & Low Fault & Both values out of range \\ \hline +% \hline +%$R_3$ SHORT & Low Fault & High Fault & Both values out of range \\ \hline +% $R_3$ OPEN & High Fault & Low Fault & Both values out of range \\ \hline +%\hline +%$R_2$ SHORT & - & Low Fault & Value Out of Range Value \\ +% $R_2$ OPEN & High Fault & High Fault & Both values out of range \\ \hline +%\hline +%\end{tabular} +%\label{ptfmea} +%\end{table} +% +%From table \ref{ptfmea} it can be seen that any component failure in the circuit +%should cause a common symptom, that of one or more of the values being `out of range'. +%Temperature range calculations and detailed calculations +%on the effects of each test case are found in section \ref{milli volt amplifierrange} +%and \ref{milli volt amplifiertemp}. +% +% +% +%\subsection{Range and Amplifier Calculations} +%\label{milli volt amplifiertemp} +%Milli Volt Amplifier resistors are designed to +%have a resistance of \ohms{100} at {0\oc} \cite{aoe},\cite{eurothermtables}. +%A suitable `wider than to be expected range' was considered to be {0\oc} to {300\oc} +%for a given application. +%According to the Eurotherm Milli Volt Amplifier +%tables \cite{eurothermtables}, this corresponded to the resistances \ohms{100} +%and \ohms{212.02} respectively. From this the potential divider circuit can be +%analysed and the maximum and minimum acceptable voltages determined. +%These can be used as bounds results to apply the findings from the +%Milli Volt Amplifier FMEA analysis in section \ref{fmea}. +% +%As the Milli Volt Amplifier forms a potential divider with the \ohms{2k2} load resistors, +%the upper and lower readings can be calculated thus: +% +% +%$$ highreading = 5V.\frac{2k2+milli volt amplifier}{2k2+2k2+milli volt amplifier} $$ +%$$ lowreading = 5V.\frac{2k2}{2k2+2k2+milli volt amplifier} $$ +%So by defining an acceptable measurement/temperature range, +%and ensuring the +%values are always within these bounds we can be confident that none of the +%resistors in this circuit has failed. +% +%To convert these to twelve bit ADC (\adctw) counts: +% +%$$ highreading = 2^{12}.\frac{2k2+milli volt amplifier}{2k2+2k2+milli volt amplifier} $$ +%$$ lowreading = 2^{12}.\frac{2k2}{2k2+2k2+milli volt amplifier} $$ +% +% +%\begin{table}[ht] +%\caption{Milli Volt Amplifier Maximum and Minimum Values} % title of Table +%\centering % used for centering table +%\begin{tabular}{||c|c|c|l|l||} +%\hline \hline +% \textbf{Temperature} & \textbf{Milli Volt Amplifier resistance} & +%\textbf{Lower} & \textbf{Higher} & \textbf{Description} \\ +%\hline +%% {-100 \oc} & {\ohms{68.28}} & 2.46V & 2.53V & Boundary of \\ +%% & & 2017\adctw & 2079\adctw & out of range LOW \\ \hline +% {0 \oc} & {\ohms{100}} & 2.44V & 2.56V & Boundary of \\ +% & & 2002\adctw & 2094\adctw & out of range LOW \\ \hline +% {+300 \oc} & {\ohms{212.02}} & 2.38V & 2.62V & Boundary of \\ +% & & 1954\adctw & 2142\adctw & out of range HIGH \\ \hline +%\hline +%\end{tabular} +%\label{ptbounds} +%\end{table} +% +%Table \ref{ptbounds} gives ranges that determine correct operation. In fact it can be shown that +%for any single error (short or opening of any resistor) this bounds check +%will detect it. +% +% +%\section{Single Fault FMEA Analysis \\ of Milli Volt Amplifier Four wire circuit} +% +%\subsection{Single Fault Modes as PLD} +% +%The component~failure~modes in table \ref{ptfmea} can be represented as contours +%on a PLD diagram. +%Each test case, is defined by the contours that enclose +%it. The test cases here deal with single faults only +%and are thus enclosed by one contour each. +% +% +%%\begin{figure}[h] +%% \centering +%% \includegraphics[width=400pt,bb=0 0 518 365,keepaspectratio=true]{./milli volt amplifier/milli volt amplifier_tc.jpg} +%% % milli volt amplifier_tc.jpg: 518x365 pixel, 72dpi, 18.27x12.88 cm, bb=0 0 518 365 +%% \caption{Milli Volt Amplifier Component Failure Modes} +%% \label{fig:milli volt amplifier_tc} +%%\end{figure} %% -%% Need to talk abou the `detection time' -%% or `Safety Relevant Validation Time' ref can book -%% EN61508 gives detection calculations to reduce -%% statistical impacts of failures. +%%ating input Fault +%This circuit supplies two results, the {\em sense+} and {\em sense-} voltage readings. +%To establish the valid voltage ranges for these, and knowing our +%valid temperature range for this example ({0\oc} .. {300\oc}) we can calculate +%valid voltage reading ranges by using the standard voltage divider equation \ref{eqn:vd} +%for the circuit shown in figure \ref{fig:vd}. +% %% - -If we consider the failure modes to be statistically independent we can calculate -the FIT values for all the failures. The failure mode of concern, the undetectable {\textbf{FLOATING}} condition -requires that resistors $R_1$ and $R_2$ fail. We can multiply the MTTF -together and find an MTTF for both failing. The FIT value of 12.42 corresponds to -$12.42 \times {10}^{-9}$ failures per hour. Squaring this gives $ 154.3 \times {10}^{-18} $. -This is an astronomically small MTTF, and so small that it would -probably fall below a threshold to sensibly consider. -However, it is very interesting from a failure analysis perspective, -because here we have found a fault that we cannot detect at this -level. This means that should we wish to cope with -this fault, we need to devise a way of detecting this -condition in higher levels of the system. - - - -\vspace{20pt} - -%typeset in {\Huge \LaTeX} \today +%%\begin{figure}[h] +%% \centering +%% \includegraphics[width=100pt,bb=0 0 183 170,keepaspectratio=true]{./milli volt amplifier/voltage_divider.png} +%% % voltage_divider.png: 183x170 pixel, 72dpi, 6.46x6.00 cm, bb=0 0 183 170 +%% \caption{Voltage Divider} +%% \label{fig:vd} +%%\end{figure} +%%%The looking at figure \ref{fig:vd} the standard voltage divider formula (equation \ref{eqn:vd}) is used. +%% +%%\begin{equation} +%%\label{eqn:vd} +%% V_{out} = V_{in}.\frac{Z2}{Z2+Z1} +%%\end{equation} +%% +% +% +%\subsection{Proof of Out of Range \\ Values for Failures} +%\label{pt110range} +%Using the temperature ranges defined above we can compare the voltages +%we would get from the resistor failures to prove that they are +%`out of range'. There are six test cases and each will be examined in turn. +% +%\subsubsection{ TC 1 : Voltages $R_1$ SHORT } +%With milli volt amplifier at 0\oc +%$$ highreading = 5V $$ +%Since the highreading or sense+ is directly connected to the 5V rail, +%both temperature readings will be 5V.. +%$$ lowreading = 5V.\frac{2k2}{2k2+100\Omega} = 4.78V$$ +%With milli volt amplifier at the high end of the temperature range 300\oc. +%$$ highreading = 5V $$ +%$$ lowreading = 5V.\frac{2k2}{2k2+212.02\Omega} = 4.56V$$ +% +%Thus with $R_1$ shorted both readings are outside the +%proscribed range in table \ref{ptbounds}. +% +%\subsubsection{ TC 2 : Voltages $R_1$ OPEN } +% +%In this case the 5V rail is disconnected. All voltages read are 0V, and +%therefore both readings are outside the +%proscribed range in table \ref{ptbounds}. +% +% +%\subsubsection{ TC 3 : Voltages $R_2$ SHORT } +% +%With milli volt amplifier at 0\oc +%$$ lowreading = 0V $$ +%Since the lowreading or sense- is directly connected to the 0V rail, +%both temperature readings will be 0V. +%$$ lowreading = 5V.\frac{100\Omega}{2k2+100\Omega} = 0.218V$$ +%With milli volt amplifier at the high end of the temperature range 300\oc. +%$$ highreading = 5V.\frac{212.02\Omega}{2k2+212.02\Omega} = 0.44V$$ +% +%Thus with $R_2$ shorted both readings are outside the +%proscribed range in table \ref{ptbounds}. +% +%\subsubsection{ TC 4 : Voltages $R_2$ OPEN } +%Here there is no potential divider operating and both sense lines +%will read 5V, outside of the proscribed range. +% +% +%\subsubsection{ TC 5 : Voltages $R_3$ SHORT } +% +%Here the potential divider is simply between +%the two 2k2 load resistors. Thus it will read a nominal; +%2.5V. +% +%Assuming the load resistors are +%precision components, and then taking an absolute worst case of 1\% either way. +% +%$$ 5V.\frac{2k2*0.99}{2k2*1.01+2k2*0.99} = 2.475V $$ +% +%$$ 5V.\frac{2k2*1.01}{2k2*1.01+2k2*0.99} = 2.525V $$ +% +%These readings both lie outside the proscribed range. +%Also the sense+ and sense- readings would have the same value. +% +%\subsubsection{ TC 6 : Voltages $R_3$ OPEN } +% +%Here the potential divider is broken. The sense- will read 0V and the sense+ will +%read 5V. Both readings are outside the proscribed range. +% +%\subsection{Summary of Analysis} +% +%All six test cases have been analysed and the results agree with the hypothesis +%put in Table \ref{ptfmea}. The PLD diagram, can now be used to collect the +%symptoms. In this case there is a common and easily detected symptom for all these single +%resistor faults : Voltage out of range. +% +%A spider can be drawn on the PLD diagram to this effect. +% +%In practical use, by defining an acceptable measurement/temperature range, +%and ensuring the +%values are always within these bounds we can be confident that none of the +%resistors in this circuit has failed. +% +% +%%\begin{figure}[h] +%% \centering +%% \includegraphics[width=400pt,bb=0 0 518 365,keepaspectratio=true]{./milli volt amplifier/milli volt amplifier_tc_sp.jpg} +%% % milli volt amplifier_tc.jpg: 518x365 pixel, 72dpi, 18.27x12.88 cm, bb=0 0 518 365 +%% \caption{Milli Volt Amplifier Component Failure Modes} +%% \label{fig:milli volt amplifier_tc_sp} +%%\end{figure} +%% +% +%\subsection{Derived Component : The Milli Volt Amplifier Circuit} +%The Milli Volt Amplifier circuit can now be treated as a component in its own right, and has one failure mode, +%{\textbf OUT\_OF\_RANGE}. It can now be represnted as a PLD see figure \ref{fig:milli volt amplifier_singlef}. +% +%%\begin{figure}[h] +%% \centering +%% \includegraphics[width=100pt,bb=0 0 167 194,keepaspectratio=true]{./milli volt amplifier/milli volt amplifier_singlef.jpg} +%% % milli volt amplifier_singlef.jpg: 167x194 pixel, 72dpi, 5.89x6.84 cm, bb=0 0 167 194 +%% \caption{Milli Volt Amplifier Circuit Failure Modes : From Single Faults Analysis} +%% \label{fig:milli volt amplifier_singlef} +%%\end{figure} +%% +% +%%From the single faults (cardinality constrained powerset of 1) analysis, we can now create +%%a new derived component, the {\emmilli volt amplifiercircuit}. This has only \{ OUT\_OF\_RANGE \} +%%as its single failure mode. +% +% +%%Interestingly we can calculate the failure statistics for this circuit now. +%%Mill 1991 gives resistor stats of ${10}^{11}$ times 6 (can we get special stats for milli volt amplifier) ??? +%\clearpage +%\subsection{Mean Time to Failure} +% +%Now that we have a model for the failure mode behaviour of the milli volt amplifier circuit +%we can look at the statistics associated with each of the failure modes. +% +%The DOD electronic reliability of components +%document MIL-HDBK-217F\cite{mil1992} gives formulae for calculating +%the +%%$\frac{failures}{{10}^6}$ +%${failures}/{{10}^6}$ % looks better +%in hours for a wide range of generic components +%\footnote{These figures are based on components from the 1980's and MIL-HDBK-217F +%can give conservative reliability figures when applied to +%modern components}. +% +%Using the MIL-HDBK-217F\cite{mil1992} specifications for resistor and thermistor +%failure statistics we calculate the reliability of this circuit. +% +% +%\subsubsection{Resistor FIT Calculations} +% +%The formula for given in MIL-HDBK-217F\cite{mil1992}[9.2] for a generic fixed film non-power resistor +%is reproduced in equation \ref{resistorfit}. The meanings +%and values assigned to its co-efficients are described in table \ref{tab:resistor}. +% +%\begin{equation} +%% fixed comp resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E +%resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E +% \label{resistorfit} +%\end{equation} +% +%\begin{table}[ht] +%\caption{Fixed film resistor Failure in time assessment} % title of Table +%\centering % used for centering table +%\begin{tabular}{||c|c|l||} +%\hline \hline +% \em{Parameter} & \em{Value} & \em{Comments} \\ +% & & \\ \hline \hline +% ${\lambda}_{b}$ & 0.00092 & stress/temp base failure rate $60^o$ C \\ \hline +% %${\pi}_T$ & 4.2 & max temp of $60^o$ C\\ \hline +% ${\pi}_R$ & 1.0 & Resistance range $< 0.1M\Omega$\\ \hline +% ${\pi}_Q$ & 15.0 & Non-Mil spec component\\ \hline +% ${\pi}_E$ & 1.0 & benign ground environment\\ \hline +% +%\hline \hline +%\end{tabular} +%\label{tab:resistor} +%\end{table} +% +%Applying equation \ref{resistorfit} with the parameters from table \ref{tab:resistor} +%give the following failures in ${10}^6$ hours: +% +%\begin{equation} +% 0.00092 \times 1.0 \times 15.0 \times 1.0 = 0.0138 \;{failures}/{{10}^{6} Hours} +% \label{eqn:resistor} +%\end{equation} +% +%While MIL-HDBK-217F gives MTTF for a wide range of common components, +%it does not specify how the components will fail (in this case OPEN or SHORT). {Some standards, notably EN298 only consider resistors failing in OPEN mode}. +%FMD-97 gives 27\% OPEN and 3\% SHORTED, for resistors under certain electrical and environmental stresses. This example +%compromises and uses a 90:10 ratio, for resistor failure. +%Thus for this example resistors are expected to fail OPEN in 90\% of cases and SHORTED +%in the other 10\%. +%A standard fixed film resistor, for use in a benign environment, non military spec at +%temperatures up to 60\oc is given a probability of 13.8 failures per billion ($10^9$) +%hours of operation (see equation \ref{eqn:resistor}). +%This figure is referred to as a FIT\footnote{FIT values are measured as the number of +%failures per Billion (${10}^9$) hours of operation, (roughly 114,000 years). The smaller the +%FIT number the more reliable the fault~mode} Failure in time. +% +%The formula given for a thermistor in MIL-HDBK-217F\cite{mil1992}[9.8] is reproduced in +%equation \ref{thermistorfit}. The variable meanings and values are described in table \ref{tab:thermistor}. +% +%\begin{equation} +%% fixed comp resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E +%resistor{\lambda}_p = {\lambda}_{b}{\pi}_Q{\pi}_E +% \label{thermistorfit} +%\end{equation} +% +%\begin{table}[ht] +%\caption{Bead type Thermistor Failure in time assessment} % title of Table +%\centering % used for centering table +%\begin{tabular}{||c|c|l||} +%\hline \hline +% \em{Parameter} & \em{Value} & \em{Comments} \\ +% & & \\ \hline \hline +% ${\lambda}_{b}$ & 0.021 & stress/temp base failure rate bead thermistor \\ \hline +% %${\pi}_T$ & 4.2 & max temp of $60^o$ C\\ \hline +% %${\pi}_R$ & 1.0 & Resistance range $< 0.1M\Omega$\\ \hline +% ${\pi}_Q$ & 15.0 & Non-Mil spec component\\ \hline +% ${\pi}_E$ & 1.0 & benign ground environment\\ \hline +% +%\hline \hline +%\end{tabular} +%\label{tab:thermistor} +%\end{table} +% +% +%\begin{equation} +% 0.021 \times 1.0 \times 15.0 \times 1.0 = 0.315 \; {failures}/{{10}^{6} Hours} +% \label{eqn:thermistor} +%\end{equation} +% +% +%Thus thermistor, bead type, non military spec is given a FIT of 315.0 +% +%Using the RIAC finding we can draw up the following table (table \ref{tab:stat_single}), +%showing the FIT values for all faults considered. +% +% +% +%\begin{table}[h+] +%\caption{Milli Volt Amplifier FMEA Single // Fault Statistics} % title of Table +%\centering % used for centering table +%\begin{tabular}{||l|c|c|l|l||} +%\hline \hline +% \textbf{Test} & \textbf{Result} & \textbf{Result } & \textbf{MTTF} \\ +% \textbf{Case} & \textbf{sense +} & \textbf{sense -} & \textbf{per $10^9$ hours of operation} \\ +%% R & wire & res + & res - & description +%\hline +%\hline +%TC:1 $R_1$ SHORT & High Fault & - & 1.38 \\ \hline +%TC:2 $R_1$ OPEN & Low Fault & Low Fault & 12.42\\ \hline +% \hline +%TC:3 $R_3$ SHORT & Low Fault & High Fault & 31.5 \\ \hline +%TC:4 $R_3$ OPEN & High Fault & Low Fault & 283.5 \\ \hline +%\hline +%TC:5 $R_2$ SHORT & - & Low Fault & 1.38 \\ +%TC:6 $R_2$ OPEN & High Fault & High Fault & 12.42 \\ \hline +%\hline +%\end{tabular} +%\label{tab:stat_single} +%\end{table} +% +%The FIT for the circuit as a whole is the sum of MTTF values for all the +%test cases. The Milli Volt Amplifier circuit here has a FIT of 342.6. This is a MTTF of +%about 360 years per circuit. +% +%A Probablistic tree can now be drawn, with a FIT value for the Milli Volt Amplifier +%circuit and FIT values for all the component fault modes that it was calculated from. +%We can see from this that that the most likely fault is the thermistor going OPEN. +%This circuit is around 10 times more likely to fail in this way than in any other. +%Were we to need a more reliable temperature sensor this would probably +%be the fault~mode we would scrutinise first. +% +% +%%\begin{figure}[h+] +%% \centering +%% \includegraphics[width=400pt,bb=0 0 856 327,keepaspectratio=true]{./milli volt amplifier/stat_single.jpg} +%% % stat_single.jpg: 856x327 pixel, 72dpi, 30.20x11.54 cm, bb=0 0 856 327 +%% \caption{Probablistic Fault Tree : Milli Volt Amplifier Single Faults} +%% \label{fig:stat_single} +%%\end{figure} +% +% +%The Milli Volt Amplifier analysis presents a simple result for single faults. +%The next analysis phase looks at how the circuit will behave under double simultaneous failure +%conditions. +% +%\clearpage +%\section{ Milli Volt Amplifier Double Simultaneous \\ Fault Analysis} +% +%In this section we examine the failure mode behaviour for all single +%faults and double simultaneous faults. +%This corresponds to the cardinality constrained powerset of +%the failure modes in the functional group. +%All the single faults have already been proved in the last section. +%For the next set of test cases, let us again hypothesise +%the failure modes, and then examine each one in detail with +%potential divider equation proofs. +% +%Table \ref{tab:ptfmea2} lists all the combinations of double +%faults and then hypothesises how the functional~group will react +%under those conditions. +% +%\begin{table}[ht] +%\caption{Milli Volt Amplifier FMEA Double Faults} % title of Table +%\centering % used for centering table +%\begin{tabular}{||l|l|c|c|l|l||} +%\hline \hline +% \textbf{TC} &\textbf{Test} & \textbf{Result} & \textbf{Result } & \textbf{General} \\ +% \textbf{number} &\textbf{Case} & \textbf{sense +} & \textbf{sense -} & \textbf{Symtom Description} \\ +%% R & wire & res + & res - & description +%\hline +%\hline +% TC 7: & $R_1$ OPEN $R_2$ OPEN & Floating input Fault & Floating input Fault & Unknown value readings \\ \hline +% TC 8: & $R_1$ OPEN $R_2$ SHORT & low & low & Both out of range \\ \hline +%\hline +% TC 9: & $R_1$ OPEN $R_3$ OPEN & high & low & Both out of Range \\ \hline +% TC 10: & $R_1$ OPEN $R_3$ SHORT & low & low & Both out of range \\ \hline +%\hline +% +% TC 11: & $R_1$ SHORT $R_2$ OPEN & high & high & Both out of range \\ \hline +%TC 12: & $R_1$ SHORT $R_2$ SHORT & high & low & Both out of range \\ \hline +%\hline +% TC 13: & $R_1$ SHORT $R_3$ OPEN & high & low & Both out of Range \\ \hline +%TC 14: & $R_1$ SHORT $R_3$ SHORT & high & high & Both out of range \\ \hline +% +%\hline +% TC 15: & $R_2$ OPEN $R_3$ SHORT & high & Floating input Fault & sense+ out of range \\ \hline +%TC 16: & $R_2$ OPEN $R_3$ SHORT & high & high & Both out of Range \\ \hline +%TC 17: & $R_2$ SHORT $R_3$ OPEN & high & low & Both out of Range \\ \hline +%TC 18: & $R_2$ SHORT $R_3$ SHORT & low & low & Both out of Range \\ \hline +%\hline +%\end{tabular} +%\label{tab:ptfmea2} +%\end{table} +% +%\subsection{Verifying complete coverage for a \\ cardinality constrained powerset of 2} +% +% +% +%It is important to check that we have covered all possible double fault combinations. +%We can use the equation \ref{eqn:correctedccps2} +%\ifthenelse {\boolean{paper}} +%{ +%from the definitions paper +%\ref{pap:compdef} +%, +%reproduced below to verify this. +% +%\indent{ +% where: +% \begin{itemize} +% \item The set $SU$ represents the components in the functional~group, where all components are guaranteed to have unitary state failure modes. +% \item The indexed set $C_j$ represents all components in set $SU$. +% \item The function $FM$ takes a component as an argument and returns its set of failure modes. +% \item $cc$ is the cardinality constraint, here 2 as we are interested in double and single faults. +% \end{itemize} +%} +%\begin{equation} +% |{\mathcal{P}_{cc}SU}| = {\sum^{k}_{1..cc} \frac{|{SU}|!}{k!(|{SU}| - k)!}} +%- \sum^{p}_{2..cc}{{\sum^{j}_{j \in J} \frac{|FM({C_j})|!}{p!(|FM({C_j})| - p)!}} } +% \label{eqn:correctedccps2} +%\end{equation} +% +%} +%{ +%\begin{equation} +% |{\mathcal{P}_{cc}SU}| = {\sum^{k}_{1..cc} \frac{|{SU}|!}{k!(|{SU}| - k)!}} +%- \sum^{p}_{2..cc}{{\sum^{j}_{j \in J} \frac{|FM({C_j})|!}{p!(|FM({C_j})| - p)!}} } +% %\label{eqn:correctedccps2} +%\end{equation} +%} +% +% +%$|FM(C_j)|$ will always be 2 here, as all the components are resistors and have two failure modes. +% +%% +%% Factorial of zero is one ! You can only arrange an empty set one way ! +% +%Populating this equation with $|SU| = 6$ and $|FM(C_j)|$ = 2. +%%is always 2 for this circuit, as all the components are resistors and have two failure modes. +% +%\begin{equation} +% |{\mathcal{P}_{2}SU}| = {\sum^{k}_{1..2} \frac{6!}{k!(6 - k)!}} +%- \sum^{p}_{2..2}{{\sum^{j}_{1..3} \frac{2!}{p!(2 - p)!}} } +% %\label{eqn:correctedccps2} +%\end{equation} +% +%$|{\mathcal{P}_{2}SU}|$ is the number of valid combinations of faults to check +%under the conditions of unitary state failure modes for the components (a resistor cannot fail by being shorted and open at the same time). +% +%Expanding the sumations +% +% +%$$ NoOfTestCasesToCheck = \frac{6!}{1!(6-1)!} + \frac{6!}{2!(6-2)!} - \Big( \frac{2!}{2!(2 - 2)!} + \frac{2!}{2!(2 - 2)!} + \frac{2!}{2!(2 - 2)!} \Big) $$ +% +%$$ NoOfTestCasesToCheck = 6 + 15 - ( 1 + 1 + 1 ) = 18 $$ +% +%As the test case are all different and are of the correct cardinalities (6 single faults and (15-3) double) +%we can be confident that we have looked at all `double combinations', of the possible faults +%in the milli volt amplifier circuit. The next task is to investigate +%these test cases in more detail to prove the failure mode hypothesis set out in table \ref{tab:ptfmea2}. +% +% +%\subsection{Proof of Double Faults Hypothesis } +% +%\subsubsection{ TC 7 : Voltages $R_1$ OPEN $R_2$ OPEN } +%\label{milli volt amplifier:bothfloating} +%This double fault mode produces an interesting symptom. +%Both sense lines are floating. +%We cannot know what the {\adctw} readings on them will be. +%In practise these would probably float to low values +%but for the purpose of a safety critical analysis +%all we can say is the values are `floating' and `unknown'. +%This is an interesting case, because it is, at this stage an undetectable +%fault that must be handled. +% +% +%\subsubsection{ TC 8 : Voltages $R_1$ OPEN $R_2$ SHORT } +% +%This cuts the supply from Vcc. Both sense lines will be at zero. +%Thus both values will be out of range. +% +% +%\subsubsection{ TC 9 : Voltages $R_1$ OPEN $R_3$ OPEN } +% +%Sense- will be floating. +%Sense+ will be tied to Vcc and will thus be out of range. +% +%\subsubsection{ TC 10 : Voltages $R_1$ OPEN $R_3$ SHORT } +% +%This shorts ground to the +%both of the sense lines. +%Both values thuis out of range. +% +%\subsubsection{ TC 11 : Voltages $R_1$ SHORT $R_2$ OPEN } +% +%This shorts both sense lines to Vcc. +%Both values will be out of range. +% +% +%\subsubsection{ TC 12 : Voltages $R_1$ SHORT $R_2$ SHORT } +% +%This shorts the sense+ to Vcc and the sense- to ground. +%Both values will be out of range. +% +% +% +% +% +% +% +% +% +%\subsubsection{ TC 13 : Voltages $R_1$ SHORT $R_3$ OPEN } +% +%This shorts the sense+ to Vcc and the sense- to ground. +%Both values will be out of range. +% +%\subsubsection{ TC 14 : Voltages $R_1$ SHORT $R_3$ SHORT } +% +%This shorts the sense+ and sense- to Vcc. +%Both values will be out of range. +% +%\subsubsection{ TC 15 : Voltages $R_2$ OPEN $R_3$ OPEN } +% +%This shorts the sense+ to Vcc and causes sense- to float. +%The sense+ value will be out of range. +% +% +%\subsubsection{ TC 16 : Voltages $R_2$ OPEN $R_3$ SHORT } +% +%This shorts the sense+ and sense- to Vcc. +%Both values will be out of range. +% +% +% +% +% +%\subsubsection{ TC 17 : Voltages $R_2$ SHORT $R_3$ OPEN } +% +%This shorts the sense- to Ground. +%The sense- value will be out of range. +% +% +%\subsubsection{ TC 18 : Voltages $R_2$ SHORT $R_3$ SHORT } +% +%This shorts the sense+ and sense- to Vcc. +%Both values will be out of range. +% +%\clearpage +%\subsection{Double Faults Represented on a PLD Diagram} +% +%We can show the test cases on a diagram with the double faults residing on regions +%corresponding to overlapping contours see figure \ref{fig:plddouble}. +%Thus $TC\_18$ will be enclosed by the $R2\_SHORT$ contour and the $R3\_SHORT$ contour. +% +% +%%\begin{figure}[h] +%% \centering +%% \includegraphics[width=450pt,bb=0 0 730 641,keepaspectratio=true]{milli volt amplifier/plddouble.jpg} +%% % plddouble.jpg: 730x641 pixel, 72dpi, 25.75x22.61 cm, bb=0 0 730 641 +%% \caption{Milli Volt Amplifier Double Simultaneous Faults} +%% \label{fig:plddouble} +%%\end{figure} +% +%The usefulnes of equation \ref{eqn:correctedccps2} is apparent. From the diagram it is easy to verify +%the number of failure modes considered for each test case, but complete coverage for +%a given cardinality constraint is not visually obvious. +% +%\subsubsection{Symptom Extraction} +% +%We can now examine the results of the test case analysis and apply symptom abstraction. +%In all the test case results we have at least one an out of range value, except for +%$TC\_7$ +%which has two unknown values/floating readings. We can collect all the faults, except $TC\_7$, +%into the symptom $OUT\_OF\_RANGE$. +%As a symptom $TC\_7$ could be described as $FLOATING$. We can thus draw a PLD diagram representing the +%failure modes of this functional~group, the milli volt amplifier circuit from the perspective of double simultaneous failures, +%in figure \ref{fig:dubsim}. +% +% +%%\begin{figure}[h] +%% \centering +%% \includegraphics[width=450pt,bb=0 0 730 641,keepaspectratio=true]{milli volt amplifier/plddoublesymptom.jpg} +%% % plddouble.jpg: 730x641 pixel, 72dpi, 25.75x22.61 cm, bb=0 0 730 641 +%% \caption{Milli Volt Amplifier Double Simultaneous Faults} +%% \label{fig:plddoublesymptom} +%%\end{figure} +% +% +%\clearpage +%\subsection{Derived Component : The Milli Volt Amplifier Circuit} +%The Milli Volt Amplifier circuit again, can now be treated as a component in its own right, and has two failure modes, +%{\textbf{OUT\_OF\_RANGE}} and {\textbf{FLOATING}}. +%It can now be represented as a PLD see figure \ref{fig:milli volt amplifier_doublef}. +% +%%\begin{figure}[h] +%% \centering +%% \includegraphics[width=100pt,bb=0 0 167 194,keepaspectratio=true]{./milli volt amplifier/milli volt amplifier_doublef.jpg} +%% % milli volt amplifier_singlef.jpg: 167x194 pixel, 72dpi, 5.89x6.84 cm, bb=0 0 167 194 +%% \caption{Milli Volt Amplifier Circuit Failure Modes : From Double Faults Analysis} +%% \label{fig:milli volt amplifier_doublef} +%%\end{figure} +% +%\subsection{Statistics} +% +%%% +%%% Need to talk abou the `detection time' +%%% or `Safety Relevant Validation Time' ref can book +%%% EN61508 gives detection calculations to reduce +%%% statistical impacts of failures. +%%% +% +%If we consider the failure modes to be statistically independent we can calculate +%the FIT values for all the failures. The failure mode of concern, the undetectable {\textbf{FLOATING}} condition +%requires that resistors $R_1$ and $R_2$ fail. We can multiply the MTTF +%together and find an MTTF for both failing. The FIT value of 12.42 corresponds to +%$12.42 \times {10}^{-9}$ failures per hour. Squaring this gives $ 154.3 \times {10}^{-18} $. +%This is an astronomically small MTTF, and so small that it would +%probably fall below a threshold to sensibly consider. +%However, it is very interesting from a failure analysis perspective, +%because here we have found a fault that we cannot detect at this +%level. This means that should we wish to cope with +%this fault, we need to devise a way of detecting this +%condition in higher levels of the system. +% +% +% +%\vspace{20pt} +% +%%typeset in {\Huge \LaTeX} \today diff --git a/millivoltamp/paper.tex b/millivoltamp/paper.tex index ca479af..f9e8e1d 100644 --- a/millivoltamp/paper.tex +++ b/millivoltamp/paper.tex @@ -4,13 +4,11 @@ \usepackage{fancyhdr} \usepackage{tikz} \usepackage{amsfonts,amsmath,amsthm} - \usepackage{ifthen} \newboolean{paper} \setboolean{paper}{true} % boolvar=true or false - \input{../style} %\newtheorem{definition}{Definition:} @@ -25,8 +23,12 @@ \author{R.P.Clark} \title{Milli-Volt Amplifier FMMD analysis} \maketitle +\typeout{ ---------------- about to include } + \input{millivoltamp_paper} +\typeout{ ---------------- after include } + \bibliographystyle{plain} \bibliography{../vmgbibliography,../mybib} diff --git a/mybib.bib b/mybib.bib index edca07f..1ca5c7b 100644 --- a/mybib.bib +++ b/mybib.bib @@ -169,6 +169,13 @@ year = "2003" } +@MISC{en60730, + author = "E N Standard", + title = "Automatic Electrical controls for household and similar use", + howpublished = "EN298", + year = "1994" +} + @MISC{en61508, author = "E N Standard", title = "Functional safety of electrical/electronic/programmable electronic safety related systems",