From f8a7225623cd07df53e70407ce4d67079d19fd95 Mon Sep 17 00:00:00 2001 From: "Robin P. Clark" Date: Tue, 4 Sep 2012 08:29:14 +0100 Subject: [PATCH 1/3] morning edit geddit --- submission_thesis/CH4_FMMD/copy.tex | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/submission_thesis/CH4_FMMD/copy.tex b/submission_thesis/CH4_FMMD/copy.tex index cb66df9..548f20b 100644 --- a/submission_thesis/CH4_FMMD/copy.tex +++ b/submission_thesis/CH4_FMMD/copy.tex @@ -474,11 +474,9 @@ In this way we can incrementally analyse an entire system. %% %% GARK BEGIN - - - To demonstrate the principles of FMMD, we use it to analyse a -commonly used circuit, a non-inverting amplifier built from an op amp~\cite{aoe}[p.234] and two resistors, a circuit schematic for this is shown in figure \ref{fig:noninvamp}. +commonly used circuit, a non-inverting amplifier built from an op amp~\cite{aoe}[p.234] and +two resistors, a circuit schematic for this is shown in figure \ref{fig:noninvamp}. % \begin{figure}[h+] \centering @@ -490,20 +488,24 @@ commonly used circuit, a non-inverting amplifier built from an op amp~\cite{aoe} \end{figure} % The function of the resistors in this circuit is to set the amplifier gain. -They operate as a potential divider, the resistors act as a potential divider --- assuming the op-amp has high impedance --- -and program the inverting input on the op-amp +The resistors act as a potential divider---assuming the op-amp has high impedance---and +program the inverting input on the op-amp to balance them against the positive input, giving the voltage gain ($G_v$) defined by $ G_v = 1 + \frac{R2}{R1} $ at the output. -\paragraph{Potential Divider.} +\paragraph{Analysing the failure modes of the Potential Divider.} \label{subsec:potdiv} -As the resistors work to provide a specific function, that of a potential divider, +As the resistors work to provide a clearly defined function, that of a potential divider, we can treat them as a collection of components with a specific functionality---which can be termed a `{\fg}'. This {\fg} has two members, $R1$ and $R2$. -Taken as an entity the potential divider can be viewed as a {\dc}. +% +The potential divider circuit can be considered as a component +that provides the function of splitting two voltages into three, +the third voltage being a ratio defined by the values of the resistors. +%Taken as an entity the potential divider can be viewed as a {\dc}. That is to say we can treat the potential divider, comprised of two resistors -to act as a component. +to act as a {\dc}. % Using the EN298 specification for resistor failure~\cite{en298}[App.A], we can assign failure modes of $OPEN$ and $SHORT$ to the resistors individually (assignment of failure modes From e2eb19a8fcdd525803bec7fcab2831d745ce0c69 Mon Sep 17 00:00:00 2001 From: "Robin P. Clark" Date: Wed, 5 Sep 2012 08:11:13 +0100 Subject: [PATCH 2/3] Working through very carefully...... --- submission_thesis/CH4_FMMD/copy.tex | 145 ++++++++++------------------ 1 file changed, 50 insertions(+), 95 deletions(-) diff --git a/submission_thesis/CH4_FMMD/copy.tex b/submission_thesis/CH4_FMMD/copy.tex index 548f20b..8cc776f 100644 --- a/submission_thesis/CH4_FMMD/copy.tex +++ b/submission_thesis/CH4_FMMD/copy.tex @@ -54,100 +54,53 @@ This chapter starts with %starts with %an overview of current failure modelling techniques, and then a worked example to introduce % using -the new methodology, +a new methodology, Failure Mode Modular De-composition (FMMD). -This is followed by a discussion on the design of the FMMD methodology and then a +This is followed by a discussion on the design of FMMD and then a %an ontological -description using UML class models. +description and re-factoring process using UML class models. % This chapter defines the FMMD process and related concepts and calculations. -FMMD is in essence modularised FMEA. Rather than taking each component failure mode +FMMD is in essence a modularised variant of traditional FMEA~\cite{sccs}[pp.34-38]. +% +Rather than taking each component failure mode and extrapolating top level or system failure symptoms from it, small groups of components are collected into {\fgs} and analysed. %and then {\dcs} are used to represent the {\fgs}. -We analyse the {\fgs} in order to determine its the failure mode behaviour. +We analyse each {\fg} in order to determine its failure mode behaviour. %of the {\fg}. With the failure mode behaviour we can obtain a set of failure modes -for the {\fg}. We can then create a new theoretical component to represent the {\fg}. +for the {\fg}. +% +Or in other words we determine how the {\fg}, as an entity can fail. +% +We can then create a new theoretical component to represent the {\fg}. +% We call this a {\dc}. -This {\dc} may be used as though it were a component, and has a set of failure modes. -We then use {\dcs} to then build further {\fgs} until a hierarchy of {\fgs} +% +This {\dc} has a set of failure modes: we can thus treat it as a `higher~level' component. +% +Because a {\dc} has a set of failure modes we can use it in higher level {\fgs} +which in turn produce higher level {\dcs}. +% +We can then use {\dcs} to then build further {\fgs} until a hierarchy of {\fgs} and {\dcs} has been built, converging to a final {\dc} -at the top of the hierarchy. The final {\dcs} failure modes +at the top of the hierarchy. +% +The failure modes of the final or top {\dc} are the failure modes of the system under investigation. % -Or in other words we take the traditional FMEA~\cite{sccs}[pp.34-38] process, and modularise it from the bottom-up. +Or in other words we take the traditional FMEA process, and modularise it from the bottom-up. %We break down each stage of reasoning %into small manageable groups, and use the failure mode behaviour from them to create {\dcs} %to build higher level groups. -In this way we can incrementally analyse an entire system. +In this way we can incrementally analyse an entire system. %, with documented reasoning stages. % %This has advantages of concentrating % %effort in where modules interact, %A notation is then described to index and classify objects created in FMMD hierarchical models. -% \subsection{Overview of current failure mode modelling techniques} -% -% We briefly analyse four current methodologies. -% Comprehensive overviews of these methodologies may be found -% in ~\cite{safeware,sccs,nasafta,nucfta,bfmea}. -% -% \paragraph{Fault Tree Analysis (FTA).} -% FTA~\cite{nasafta,nucfta} is a top down methodology in which a hierarchical diagram is drawn for -% each undesirable top level failure/event, presenting the conditions that must arise to cause -% the event. -% % -% It is suitable for large complicated systems with few undesirable top -% level failures and focuses on those events considered most important or most catastrophic. -% % -% Effects of duplication/redundancy of safety systems can be readily assessed. -% It uses notations that are readily understood by engineers -% (logic symbols borrowed from digital electronics and a fault hierarchy). -% However, it cannot guarantee to model all base component failures -% or be used to determine system level errors other than those modelled. -% % -% Each FTA diagram models one top level event. -% This creates duplication of modelled elements, -% and it is difficult to cross check between diagrams. It has limited -% support for environmental and operational states. -% -% -% \paragraph{Fault Mode Effects Analysis (FMEA)} is used principally to determine system reliability. -% It is bottom-up and starts with component failure modes, which -% lead to top level failure/events. -% Each top level failure is assessed by its cost to repair (or perceived criticality) and its estimated frequency. %, using a -% %failure mode ratio. -% A list of failures according to their cost to repair~\cite{bfmea}, or effect on system reliability is then calculated. -% It is easy to identify single component failure to system failure mappings -% and an estimate of product reliability can be calculated. -% %This can be viewed as a prioritised `to~fix' list. -% % -% It cannot focus on complex -% component interactions that cause system failure modes or determine potential -% problems from simultaneous failures. It does not consider changing environmental -% or operational states in sub-systems or components. It cannot model -% self-checking safety elements or other in-built safety features or -% analyse how particular components may fail. -% -% -% \paragraph{Failure Mode Effects Criticality Analysis (FMECA)} is a refinement of FMEA, using -% extra variables: the probability of a component failure mode occurring, -% the probability that this will cause a given top level failure, and the perceived -% criticality. It gives better estimations of product reliability/safety and the -% occurrence of particular system failure modes than FMEA but has similar deficiencies. -% -% -% \paragraph{Failure Modes, Effects and Diagnostic Analysis (FMEDA)} is a refinement of -% FMEA and FMECA and in addition models self-checking safety elements. It assigns two -% attributes to component failure modes: detectable/undetectable and safe/dangerous. -% Statistical measures about the system can be made and used to classify a -% safety integrity level. It allows designs with in-built safety features to be assessed. -% Otherwise, it has similar deficiencies to FMEA. -% However, it has limited support -% for environmental and operational states in sub-systems or components, -% via self checking statistical mitigation. FMEDA is the methodology associated with -% the safety integrity standard EN61508~\cite{en61508}. -% + % \subsection{Summary of Deficiencies in Current Methods} % % \paragraph{Top Down approach: FTA} The top down technique FTA, introduces the possibility of missing base component @@ -470,7 +423,7 @@ In this way we can incrementally analyse an entire system. \section{Worked Example: Non-Inverting Amplifier} -%% here bring in sys safety papaer from 2011 +%% here bring in sys safety paper from 2011 %% %% GARK BEGIN @@ -535,22 +488,24 @@ We represent a resistor and its failure modes as a directed acyclic graph (DAG) Thus $R1$ has failure modes $\{R1_{OPEN}, R1_{SHORT}\}$ and $R2$ has failure modes $\{R2_{OPEN}, R2_{SHORT}\}$. % We look at each of these base component failure modes, -and determine how they affect the operation of the potential divider. +and determine how they affect the operation of the potential~divider. %Each failure mode scenario we look at will be given a test case number, %which is represented on the diagram, with an asterisk marking %which failure modes is modelling (see figure \ref{fig:fg1a}). % +Each resistor failure mode is a potential {\fc} in the potential~divider. %%For this example we look at single failure modes only. -For each failure mode in our {\fg} `potential~divider', -we can assign a %{\fc} +For each failure mode in our {\fg} potential~divider +we can assign a {\fc} number (see table \ref{tbl:pdfmea}). +% Each {\fc} is analysed to determine the symptom of failure in -the potential dividers' operation. For instance +the potential~dividers' operation. For instance if resistor $R_1$ were to become open, then the potential~divider would not be grounded and the voltage output from it would float high (+ve). -This would mean the symptom of the failed potential divider would be voltage high output. +This would mean the symptom of the failed potential~divider would be voltage high output. % -The failure symptom of a high potential divider output is termed `HighPD', and +The failure symptom of a high potential~divider output is termed `HighPD', and for it outputting a low voltage `LowPD'. % Andrew asked for this to be defined before the table. ... %We can now consider the {\fg} %as a component in its own right, and its symptoms as its failure modes. @@ -644,14 +599,14 @@ This is represented in the DAG in figure \ref{fig:fg1adag}. We can now create % formulate -a `derived component' to represent this potential divider: +a {\dc} to represent this potential divider: we name this \textbf{PD}. -This {\dc} will have two failure modes. -We use the symbol $\derivec$ to represent the process of taking the analysed -{\fg} and creating from it a {\dc}. -The creation of the {\dc} \textbf{PD} is represented as a -hierarchy diagram in figure~\ref{fig:dc1}. -We represent the {\dc} \textbf{PD}, as a DAG in figure \ref{fig:dc1dag}. +This {\dc} will have two failure modes, $PD_{HIGH}$ and $PD_{LOW}$. +% HTR 05SEP2012 We use the symbol $\derivec$ to represent the process of taking the analysed +% HTR 05SEP2012 {\fg} and creating from it a {\dc}. +% HTR 05SEP2012 The creation of the {\dc} \textbf{PD} is represented as a +% HTR 05SEP2012 hierarchy diagram in figure~\ref{fig:dc1}. +% HTR 05SEP2012 We represent the {\dc} \textbf{PD}, as a DAG in figure \ref{fig:dc1dag}. %We could represent it algebraically thus: $ \derivec(PotDiv) = @@ -825,8 +780,8 @@ as {\fcs} in table~\ref{tbl:ampfmea1}. % \node[component, pin=left:Input \#\y] (I-\name) at (0,-\y) {}; \node[component] (OPAMP) at (0,-1.8) {$OPAMP$}; - \node[component] (R1) at (0,-6) {$R_1$}; - \node[component] (R2) at (0,-7.6) {$R_2$}; + \node[component] (R1) at (0,-7) {$R_1$}; + \node[component] (R2) at (0,-8.6) {$R_2$}; %\node[component] (C-3) at (0,-5) {$C^0_3$}; %\node[component] (K-4) at (0,-8) {$K^0_4$}; @@ -843,11 +798,11 @@ as {\fcs} in table~\ref{tbl:ampfmea1}. \node[failure] (OPAMPNP) at (\layersep,-2.5) {noop}; \node[failure] (OPAMPLS) at (\layersep,-3.8) {lowslew}; - \node[failure] (R1SHORT) at (\layersep,-5.1) {$R1_{SHORT}$}; - \node[failure] (R1OPEN) at (\layersep,-6.4) {$R1_{OPEN}$}; + \node[failure] (R1SHORT) at (\layersep,-5.6) {$R1_{SHORT}$}; + \node[failure] (R1OPEN) at (\layersep,-7.4) {$R1_{OPEN}$}; - \node[failure] (R2SHORT) at (\layersep,-7.7) {$R2_{SHORT}$}; - \node[failure] (R2OPEN) at (\layersep,-9.0) {$R2_{OPEN}$}; + \node[failure] (R2SHORT) at (\layersep,-9.0) {$R2_{SHORT}$}; + \node[failure] (R2OPEN) at (\layersep,-11.0) {$R2_{OPEN}$}; @@ -871,8 +826,8 @@ as {\fcs} in table~\ref{tbl:ampfmea1}. % Potential divider failure modes % - \node[symptom] (PDHIGH) at (\layersep*2,-6) {$PD_{HIGH}$}; - \node[symptom] (PDLOW) at (\layersep*2,-7.6) {$PD_{LOW}$}; + \node[symptom] (PDHIGH) at (\layersep*2,-7) {$PD_{HIGH}$}; + \node[symptom] (PDLOW) at (\layersep*2,-8.6) {$PD_{LOW}$}; From e30ff224d7593543456cafb7dc1d169aaed0f73a Mon Sep 17 00:00:00 2001 From: "Robin P. Clark" Date: Wed, 5 Sep 2012 17:22:47 +0100 Subject: [PATCH 3/3] For meeting with AF 07SEP2012 --- submission_thesis/CH4_FMMD/copy.tex | 55 ++++++++++++++++------------- 1 file changed, 31 insertions(+), 24 deletions(-) diff --git a/submission_thesis/CH4_FMMD/copy.tex b/submission_thesis/CH4_FMMD/copy.tex index 8cc776f..b81aa9d 100644 --- a/submission_thesis/CH4_FMMD/copy.tex +++ b/submission_thesis/CH4_FMMD/copy.tex @@ -83,7 +83,7 @@ This {\dc} has a set of failure modes: we can thus treat it as a `higher~level' Because a {\dc} has a set of failure modes we can use it in higher level {\fgs} which in turn produce higher level {\dcs}. % -We can then use {\dcs} to then build further {\fgs} until a hierarchy of {\fgs} +We can then use these {\dcs} to build further {\fgs} until a hierarchy of {\fgs} and {\dcs} has been built, converging to a final {\dc} at the top of the hierarchy. % @@ -582,8 +582,8 @@ This is represented in the DAG in figure \ref{fig:fg1adag}. % Potential divider failure modes % - \node[symptom] (PDHIGH) at (\layersep*2,-1.0) {$PD_{HIGH}$}; - \node[symptom] (PDLOW) at (\layersep*2,-3.0) {$PD_{LOW}$}; + \node[symptom] (PDHIGH) at (\layersep*2,-1.0) {HighPD}; + \node[symptom] (PDLOW) at (\layersep*2,-3.0) {LowPD}; \path (R1OPEN) edge (PDHIGH); \path (R2SHORT) edge (PDHIGH); @@ -601,7 +601,7 @@ This is represented in the DAG in figure \ref{fig:fg1adag}. We can now create % formulate a {\dc} to represent this potential divider: we name this \textbf{PD}. -This {\dc} will have two failure modes, $PD_{HIGH}$ and $PD_{LOW}$. +This {\dc} will have two failure modes, $HighPD$ and $LowPD$. % HTR 05SEP2012 We use the symbol $\derivec$ to represent the process of taking the analysed % HTR 05SEP2012 {\fg} and creating from it a {\dc}. % HTR 05SEP2012 The creation of the {\dc} \textbf{PD} is represented as a @@ -826,8 +826,8 @@ as {\fcs} in table~\ref{tbl:ampfmea1}. % Potential divider failure modes % - \node[symptom] (PDHIGH) at (\layersep*2,-7) {$PD_{HIGH}$}; - \node[symptom] (PDLOW) at (\layersep*2,-8.6) {$PD_{LOW}$}; + \node[symptom] (PDHIGH) at (\layersep*2,-7) {HighPD}; + \node[symptom] (PDLOW) at (\layersep*2,-8.6) {LowPD}; @@ -891,30 +891,30 @@ as {\fcs} in table~\ref{tbl:ampfmea1}. %in hand (say milli-volt signal amplification). For this amplifier configuration we have three {\dc} failure modes; {\em AMP\_High, AMP\_Low, LowPass}. % see figure~\ref{fig:fgampb}. -This model now has two stages of analysis hierarchy, -as represented in figure~\ref{fig:dc2}. +% HTR 05SEP2012 This model now has two stages of analysis hierarchy, as represented in figure~\ref{fig:dc2}. From the analysis in table \ref{tbl:ampfmea1} we can create the {\dc} {\em NONINVAMP}, which represents the failure mode behaviour of the non-inverting amplifier. -\begin{figure}[h] - \centering - \includegraphics[width=225pt]{./CH4_FMMD/dc2.png} - % dc2.png: 635x778 pixel, 72dpi, 22.40x27.45 cm, bb=0 0 635 778 - \caption{Hierarchy representing the two stage FMMD analysis - (i.e. two `$\derivec$' processes taking {\fgs} and creating {\dcs}) for the non-inverting amplifier} - \label{fig:dc2} -\end{figure} +% HTR 05SEP2012 \begin{figure}[h] +% HTR 05SEP2012 % HTR 05SEP2012 \centering +% HTR 05SEP2012 \includegraphics[width=225pt]{./CH4_FMMD/dc2.png} +% HTR 05SEP2012 % dc2.png: 635x778 pixel, 72dpi, 22.40x27.45 cm, bb=0 0 635 778 +% HTR 05SEP2012 \caption{Hierarchy representing the two stage FMMD analysis +% HTR 05SEP2012 (i.e. two `$\derivec$' processes taking {\fgs} and creating {\dcs}) for the non-inverting amplifier} +% HTR 05SEP2012 \label{fig:dc2} +% HTR 05SEP2012 \end{figure} -We can also represent the hierarchy as an Euler diagram, where the curves +We can represent the hierarchy as an Euler diagram, where the curves define the components and {\dcs} used to form the INVAMP model, see figure~\ref{fig:eulerfmmd}. \begin{figure}[h] \centering \includegraphics[width=300pt]{./CH4_FMMD/eulerfmmd.png} % eulerfmmd.png: 413x207 pixel, 72dpi, 14.57x7.30 cm, bb=0 0 413 207 - \caption{FMMD analysis of the INVAMP represented as an Euler diagram, showing the relationships between base and derived components.} + \caption{FMMD analysis of the INVAMP represented as an Euler diagram, showing how +the components have been grouped into {\fgs} and then used as {\dcs} to build the analysis hierarchy.} \label{fig:eulerfmmd} \end{figure} @@ -927,7 +927,9 @@ down to the base component failure modes, %leaves of the tree (the leaves being and thus determine all possible causes for the three high level symptoms, i.e. the failure~modes of the non-inverting amplifier {\dc} {\em INVAMP}. Knowing all possible causes for a top level event/failure~mode -is extremely useful. Were the top level event to be classified as catastrophic for instance, +is extremely useful. +% +Were a particular top level event to be classified as catastrophic for instance, we could use this information to strengthen components that could cause that particular top level event/failure. % @@ -1455,10 +1457,10 @@ The UML meta model above (see figure~\ref{fig:cfg}) describes a hierarchical str This is because, as {\dcs} inherit the properties of components, {\dcs} may be used to form {\fgs}. % -Consider the hierarchy from the example in figure~\ref{fig:dc2}. +Consider the hierarchy from the example in figure~\ref{fig:eulerfmmd}. % ~\ref{fig:dc2}. The lowest level in this hierarchy are the {\bcs}, the resistors and the op-amp. % -The resistors are collected into a {\fg}, and the ${PD}$ derived component created from its analysis, is shown above the {\fg}. +The resistors are collected into a {\fg}, and the ${PD}$ derived component created from its analysis, is shown enclosing R1 and R2. % above the {\fg}. % As this derived component inherits the properties of a component, we may use it in {\fg} higher in the hierarchy. @@ -1468,9 +1470,14 @@ with the op-amp. % This {\fg} is now analysed and a {\dc} created to represent the failure mode behaviour of the {\em INVAMP}. -An analysis report is generated for each {\fg} to {\dc} -process\footnote{By having an analysis report report for each analysis stage, i.e. {fg} to {\dc}, -we increase the tracability in the reasoning applied to to the FMEA process.}. +% +An analysis report is generated as part of the {\fg} to {\dc} +process. %\footnote +{By having an analysis report report for each analysis stage, i.e. {\fg} to {\dc}, +we add traceability to the reasoning applied to to the FMEA process.} +% +Traditional FMEA has one large reasoning stage, that of component failure mode +directly to system level failure. % We may now use the {\em INVAMP} {\dc} in even higher level {\fgs}.