robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of dev:/home/robin/git/thesis

Browse Source
This commit is contained in:
Robin Clark 2012-09-08 13:57:03 +01:00
commit 7b0e42703d
1 changed files with 89 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

214
submission_thesis/CH4_FMMD/copy.tex
View File

@ -54,100 +54,53 @@
This chapter This chapter
starts with %starts with %an overview of current failure modelling techniques, and then starts with %starts with %an overview of current failure modelling techniques, and then
a worked example to introduce % using a worked example to introduce % using
the new methodology, a new methodology,
Failure Mode Modular De-composition (FMMD). Failure Mode Modular De-composition (FMMD).
This is followed by a discussion on the design of the FMMD methodology and then a This is followed by a discussion on the design of FMMD and then a
%an ontological %an ontological
description using UML class models. description and re-factoring process using UML class models.
% This chapter defines the FMMD process and related concepts and calculations. % This chapter defines the FMMD process and related concepts and calculations.
FMMD is in essence modularised FMEA. Rather than taking each component failure mode FMMD is in essence a modularised variant of traditional FMEA~\cite{sccs}[pp.34-38].
%
Rather than taking each component failure mode
and extrapolating top level or system failure symptoms from it, and extrapolating top level or system failure symptoms from it,
small groups of components are collected into {\fgs} and analysed. small groups of components are collected into {\fgs} and analysed.
%and then {\dcs} are used to represent the {\fgs}. %and then {\dcs} are used to represent the {\fgs}.
We analyse the {\fgs} in order to determine its the failure mode behaviour. We analyse each {\fg} in order to determine its failure mode behaviour.
%of the {\fg}. %of the {\fg}.
With the failure mode behaviour we can obtain a set of failure modes With the failure mode behaviour we can obtain a set of failure modes
for the {\fg}. We can then create a new theoretical component to represent the {\fg}. for the {\fg}.
%
Or in other words we determine how the {\fg}, as an entity can fail.
%
We can then create a new theoretical component to represent the {\fg}.
%
We call this a {\dc}. We call this a {\dc}.
This {\dc} may be used as though it were a component, and has a set of failure modes. %
We then use {\dcs} to then build further {\fgs} until a hierarchy of {\fgs} This {\dc} has a set of failure modes: we can thus treat it as a `higher~level' component.
%
Because a {\dc} has a set of failure modes we can use it in higher level {\fgs}
which in turn produce higher level {\dcs}.
%
We can then use these {\dcs} to build further {\fgs} until a hierarchy of {\fgs}
and {\dcs} has been built, converging to a final {\dc} and {\dcs} has been built, converging to a final {\dc}
at the top of the hierarchy. The final {\dcs} failure modes at the top of the hierarchy.
%
The failure modes of the final or top {\dc}
are the failure modes of the system under investigation. are the failure modes of the system under investigation.
% %
Or in other words we take the traditional FMEA~\cite{sccs}[pp.34-38] process, and modularise it from the bottom-up. Or in other words we take the traditional FMEA process, and modularise it from the bottom-up.
%We break down each stage of reasoning %We break down each stage of reasoning
%into small manageable groups, and use the failure mode behaviour from them to create {\dcs} %into small manageable groups, and use the failure mode behaviour from them to create {\dcs}
%to build higher level groups. %to build higher level groups.
In this way we can incrementally analyse an entire system. In this way we can incrementally analyse an entire system. %, with documented reasoning stages.
% %This has advantages of concentrating % %This has advantages of concentrating
% %effort in where modules interact, % %effort in where modules interact,
%A notation is then described to index and classify objects created in FMMD hierarchical models. %A notation is then described to index and classify objects created in FMMD hierarchical models.
% \subsection{Overview of current failure mode modelling techniques}
%
% We briefly analyse four current methodologies.
% Comprehensive overviews of these methodologies may be found
% in ~\cite{safeware,sccs,nasafta,nucfta,bfmea}.
%
% \paragraph{Fault Tree Analysis (FTA).}
% FTA~\cite{nasafta,nucfta} is a top down methodology in which a hierarchical diagram is drawn for
% each undesirable top level failure/event, presenting the conditions that must arise to cause
% the event.
% %
% It is suitable for large complicated systems with few undesirable top
% level failures and focuses on those events considered most important or most catastrophic.
% %
% Effects of duplication/redundancy of safety systems can be readily assessed.
% It uses notations that are readily understood by engineers
% (logic symbols borrowed from digital electronics and a fault hierarchy).
% However, it cannot guarantee to model all base component failures
% or be used to determine system level errors other than those modelled.
% %
% Each FTA diagram models one top level event.
% This creates duplication of modelled elements,
% and it is difficult to cross check between diagrams. It has limited
% support for environmental and operational states.
%
%
% \paragraph{Fault Mode Effects Analysis (FMEA)} is used principally to determine system reliability.
% It is bottom-up and starts with component failure modes, which
% lead to top level failure/events.
% Each top level failure is assessed by its cost to repair (or perceived criticality) and its estimated frequency. %, using a
% %failure mode ratio.
% A list of failures according to their cost to repair~\cite{bfmea}, or effect on system reliability is then calculated.
% It is easy to identify single component failure to system failure mappings
% and an estimate of product reliability can be calculated.
% %This can be viewed as a prioritised `to~fix' list.
% %
% It cannot focus on complex
% component interactions that cause system failure modes or determine potential
% problems from simultaneous failures. It does not consider changing environmental
% or operational states in sub-systems or components. It cannot model
% self-checking safety elements or other in-built safety features or
% analyse how particular components may fail.
%
%
% \paragraph{Failure Mode Effects Criticality Analysis (FMECA)} is a refinement of FMEA, using
% extra variables: the probability of a component failure mode occurring,
% the probability that this will cause a given top level failure, and the perceived
% criticality. It gives better estimations of product reliability/safety and the
% occurrence of particular system failure modes than FMEA but has similar deficiencies.
%
%
% \paragraph{Failure Modes, Effects and Diagnostic Analysis (FMEDA)} is a refinement of
% FMEA and FMECA and in addition models self-checking safety elements. It assigns two
% attributes to component failure modes: detectable/undetectable and safe/dangerous.
% Statistical measures about the system can be made and used to classify a
% safety integrity level. It allows designs with in-built safety features to be assessed.
% Otherwise, it has similar deficiencies to FMEA.
% However, it has limited support
% for environmental and operational states in sub-systems or components,
% via self checking statistical mitigation. FMEDA is the methodology associated with
% the safety integrity standard EN61508~\cite{en61508}.
%
% \subsection{Summary of Deficiencies in Current Methods} % \subsection{Summary of Deficiencies in Current Methods}
% %
% \paragraph{Top Down approach: FTA} The top down technique FTA, introduces the possibility of missing base component % \paragraph{Top Down approach: FTA} The top down technique FTA, introduces the possibility of missing base component
@ -470,15 +423,13 @@ In this way we can incrementally analyse an entire system.
\section{Worked Example: Non-Inverting Amplifier} \section{Worked Example: Non-Inverting Amplifier}
%% here bring in sys safety papaer from 2011 %% here bring in sys safety paper from 2011
%% %%
%% GARK BEGIN %% GARK BEGIN
To demonstrate the principles of FMMD, we use it to analyse a To demonstrate the principles of FMMD, we use it to analyse a
commonly used circuit, a non-inverting amplifier built from an op amp~\cite{aoe}[p.234] and two resistors, a circuit schematic for this is shown in figure \ref{fig:noninvamp}. commonly used circuit, a non-inverting amplifier built from an op amp~\cite{aoe}[p.234] and
two resistors, a circuit schematic for this is shown in figure \ref{fig:noninvamp}.
% %
\begin{figure}[h+] \begin{figure}[h+]
\centering \centering
@ -490,20 +441,24 @@ commonly used circuit, a non-inverting amplifier built from an op amp~\cite{aoe}
\end{figure} \end{figure}
% %
The function of the resistors in this circuit is to set the amplifier gain. The function of the resistors in this circuit is to set the amplifier gain.
They operate as a potential divider, the resistors act as a potential divider --- assuming the op-amp has high impedance --- The resistors act as a potential divider---assuming the op-amp has high impedance---and
and program the inverting input on the op-amp program the inverting input on the op-amp
to balance them against the positive input, giving the voltage gain ($G_v$) to balance them against the positive input, giving the voltage gain ($G_v$)
defined by $ G_v = 1 + \frac{R2}{R1} $ at the output. defined by $ G_v = 1 + \frac{R2}{R1} $ at the output.
\paragraph{Potential Divider.} \paragraph{Analysing the failure modes of the Potential Divider.}
\label{subsec:potdiv} \label{subsec:potdiv}
As the resistors work to provide a specific function, that of a potential divider, As the resistors work to provide a clearly defined function, that of a potential divider,
we can treat them as a collection of components with a specific functionality---which can be termed a `{\fg}'. we can treat them as a collection of components with a specific functionality---which can be termed a `{\fg}'.
This {\fg} has two members, $R1$ and $R2$. This {\fg} has two members, $R1$ and $R2$.
Taken as an entity the potential divider can be viewed as a {\dc}. %
The potential divider circuit can be considered as a component
that provides the function of splitting two voltages into three,
the third voltage being a ratio defined by the values of the resistors.
%Taken as an entity the potential divider can be viewed as a {\dc}.
That is to say we can treat the potential divider, comprised of two resistors That is to say we can treat the potential divider, comprised of two resistors
to act as a component. to act as a {\dc}.
% %
Using the EN298 specification for resistor failure~\cite{en298}[App.A], Using the EN298 specification for resistor failure~\cite{en298}[App.A],
we can assign failure modes of $OPEN$ and $SHORT$ to the resistors individually (assignment of failure modes we can assign failure modes of $OPEN$ and $SHORT$ to the resistors individually (assignment of failure modes
@ -533,22 +488,24 @@ We represent a resistor and its failure modes as a directed acyclic graph (DAG)
Thus $R1$ has failure modes $\{R1_{OPEN}, R1_{SHORT}\}$ and $R2$ has failure modes $\{R2_{OPEN}, R2_{SHORT}\}$. Thus $R1$ has failure modes $\{R1_{OPEN}, R1_{SHORT}\}$ and $R2$ has failure modes $\{R2_{OPEN}, R2_{SHORT}\}$.
% %
We look at each of these base component failure modes, We look at each of these base component failure modes,
and determine how they affect the operation of the potential divider. and determine how they affect the operation of the potential~divider.
%Each failure mode scenario we look at will be given a test case number, %Each failure mode scenario we look at will be given a test case number,
%which is represented on the diagram, with an asterisk marking %which is represented on the diagram, with an asterisk marking
%which failure modes is modelling (see figure \ref{fig:fg1a}). %which failure modes is modelling (see figure \ref{fig:fg1a}).
% %
Each resistor failure mode is a potential {\fc} in the potential~divider.
%%For this example we look at single failure modes only. %%For this example we look at single failure modes only.
For each failure mode in our {\fg} `potential~divider', For each failure mode in our {\fg} potential~divider
we can assign a %{\fc} we can assign a {\fc}
number (see table \ref{tbl:pdfmea}). number (see table \ref{tbl:pdfmea}).
%
Each {\fc} is analysed to determine the symptom of failure in Each {\fc} is analysed to determine the symptom of failure in
the potential dividers' operation. For instance the potential~dividers' operation. For instance
if resistor $R_1$ were to become open, then the potential~divider would not be grounded and the if resistor $R_1$ were to become open, then the potential~divider would not be grounded and the
voltage output from it would float high (+ve). voltage output from it would float high (+ve).
This would mean the symptom of the failed potential divider would be voltage high output. This would mean the symptom of the failed potential~divider would be voltage high output.
% %
The failure symptom of a high potential divider output is termed `HighPD', and The failure symptom of a high potential~divider output is termed `HighPD', and
for it outputting a low voltage `LowPD'. % Andrew asked for this to be defined before the table. ... for it outputting a low voltage `LowPD'. % Andrew asked for this to be defined before the table. ...
%We can now consider the {\fg} %We can now consider the {\fg}
%as a component in its own right, and its symptoms as its failure modes. %as a component in its own right, and its symptoms as its failure modes.
@ -625,8 +582,8 @@ This is represented in the DAG in figure \ref{fig:fg1adag}.
% Potential divider failure modes % Potential divider failure modes
% %
\node[symptom] (PDHIGH) at (\layersep*2,-1.0) {$PD_{HIGH}$}; \node[symptom] (PDHIGH) at (\layersep*2,-1.0) {HighPD};
\node[symptom] (PDLOW) at (\layersep*2,-3.0) {$PD_{LOW}$}; \node[symptom] (PDLOW) at (\layersep*2,-3.0) {LowPD};
\path (R1OPEN) edge (PDHIGH); \path (R1OPEN) edge (PDHIGH);
\path (R2SHORT) edge (PDHIGH); \path (R2SHORT) edge (PDHIGH);
@ -642,14 +599,14 @@ This is represented in the DAG in figure \ref{fig:fg1adag}.
We can now create % formulate We can now create % formulate
a `derived component' to represent this potential divider: a {\dc} to represent this potential divider:
we name this \textbf{PD}. we name this \textbf{PD}.
This {\dc} will have two failure modes. This {\dc} will have two failure modes, $HighPD$ and $LowPD$.
We use the symbol $\derivec$ to represent the process of taking the analysed % HTR 05SEP2012 We use the symbol $\derivec$ to represent the process of taking the analysed
{\fg} and creating from it a {\dc}. % HTR 05SEP2012 {\fg} and creating from it a {\dc}.
The creation of the {\dc} \textbf{PD} is represented as a % HTR 05SEP2012 The creation of the {\dc} \textbf{PD} is represented as a
hierarchy diagram in figure~\ref{fig:dc1}. % HTR 05SEP2012 hierarchy diagram in figure~\ref{fig:dc1}.
We represent the {\dc} \textbf{PD}, as a DAG in figure \ref{fig:dc1dag}. % HTR 05SEP2012 We represent the {\dc} \textbf{PD}, as a DAG in figure \ref{fig:dc1dag}.
%We could represent it algebraically thus: $ \derivec(PotDiv) = %We could represent it algebraically thus: $ \derivec(PotDiv) =
@ -823,8 +780,8 @@ as {\fcs} in table~\ref{tbl:ampfmea1}.
% \node[component, pin=left:Input \#\y] (I-\name) at (0,-\y) {}; % \node[component, pin=left:Input \#\y] (I-\name) at (0,-\y) {};
\node[component] (OPAMP) at (0,-1.8) {$OPAMP$}; \node[component] (OPAMP) at (0,-1.8) {$OPAMP$};
\node[component] (R1) at (0,-6) {$R_1$}; \node[component] (R1) at (0,-7) {$R_1$};
\node[component] (R2) at (0,-7.6) {$R_2$}; \node[component] (R2) at (0,-8.6) {$R_2$};
%\node[component] (C-3) at (0,-5) {$C^0_3$}; %\node[component] (C-3) at (0,-5) {$C^0_3$};
%\node[component] (K-4) at (0,-8) {$K^0_4$}; %\node[component] (K-4) at (0,-8) {$K^0_4$};
@ -841,11 +798,11 @@ as {\fcs} in table~\ref{tbl:ampfmea1}.
\node[failure] (OPAMPNP) at (\layersep,-2.5) {noop}; \node[failure] (OPAMPNP) at (\layersep,-2.5) {noop};
\node[failure] (OPAMPLS) at (\layersep,-3.8) {lowslew}; \node[failure] (OPAMPLS) at (\layersep,-3.8) {lowslew};
\node[failure] (R1SHORT) at (\layersep,-5.1) {$R1_{SHORT}$}; \node[failure] (R1SHORT) at (\layersep,-5.6) {$R1_{SHORT}$};
\node[failure] (R1OPEN) at (\layersep,-6.4) {$R1_{OPEN}$}; \node[failure] (R1OPEN) at (\layersep,-7.4) {$R1_{OPEN}$};
\node[failure] (R2SHORT) at (\layersep,-7.7) {$R2_{SHORT}$}; \node[failure] (R2SHORT) at (\layersep,-9.0) {$R2_{SHORT}$};
\node[failure] (R2OPEN) at (\layersep,-9.0) {$R2_{OPEN}$}; \node[failure] (R2OPEN) at (\layersep,-11.0) {$R2_{OPEN}$};
@ -869,8 +826,8 @@ as {\fcs} in table~\ref{tbl:ampfmea1}.
% Potential divider failure modes % Potential divider failure modes
% %
\node[symptom] (PDHIGH) at (\layersep*2,-6) {$PD_{HIGH}$}; \node[symptom] (PDHIGH) at (\layersep*2,-7) {HighPD};
\node[symptom] (PDLOW) at (\layersep*2,-7.6) {$PD_{LOW}$}; \node[symptom] (PDLOW) at (\layersep*2,-8.6) {LowPD};
@ -934,30 +891,30 @@ as {\fcs} in table~\ref{tbl:ampfmea1}.
%in hand (say milli-volt signal amplification). %in hand (say milli-volt signal amplification).
For this amplifier configuration we have three {\dc} failure modes; {\em AMP\_High, AMP\_Low, LowPass}. % see figure~\ref{fig:fgampb}. For this amplifier configuration we have three {\dc} failure modes; {\em AMP\_High, AMP\_Low, LowPass}. % see figure~\ref{fig:fgampb}.
This model now has two stages of analysis hierarchy, % HTR 05SEP2012 This model now has two stages of analysis hierarchy, as represented in figure~\ref{fig:dc2}.
as represented in figure~\ref{fig:dc2}.
From the analysis in table \ref{tbl:ampfmea1} we can create the {\dc} {\em NONINVAMP}, which From the analysis in table \ref{tbl:ampfmea1} we can create the {\dc} {\em NONINVAMP}, which
represents the failure mode behaviour of the non-inverting amplifier. represents the failure mode behaviour of the non-inverting amplifier.
\begin{figure}[h] % HTR 05SEP2012 \begin{figure}[h]
\centering % HTR 05SEP2012 % HTR 05SEP2012 \centering
\includegraphics[width=225pt]{./CH4_FMMD/dc2.png} % HTR 05SEP2012 \includegraphics[width=225pt]{./CH4_FMMD/dc2.png}
% dc2.png: 635x778 pixel, 72dpi, 22.40x27.45 cm, bb=0 0 635 778 % HTR 05SEP2012 % dc2.png: 635x778 pixel, 72dpi, 22.40x27.45 cm, bb=0 0 635 778
\caption{Hierarchy representing the two stage FMMD analysis % HTR 05SEP2012 \caption{Hierarchy representing the two stage FMMD analysis
(i.e. two `$\derivec$' processes taking {\fgs} and creating {\dcs}) for the non-inverting amplifier} % HTR 05SEP2012 (i.e. two `$\derivec$' processes taking {\fgs} and creating {\dcs}) for the non-inverting amplifier}
\label{fig:dc2} % HTR 05SEP2012 \label{fig:dc2}
\end{figure} % HTR 05SEP2012 \end{figure}
We can also represent the hierarchy as an Euler diagram, where the curves We can represent the hierarchy as an Euler diagram, where the curves
define the components and {\dcs} used to form the INVAMP model, see figure~\ref{fig:eulerfmmd}. define the components and {\dcs} used to form the INVAMP model, see figure~\ref{fig:eulerfmmd}.
\begin{figure}[h] \begin{figure}[h]
\centering \centering
\includegraphics[width=300pt]{./CH4_FMMD/eulerfmmd.png} \includegraphics[width=300pt]{./CH4_FMMD/eulerfmmd.png}
% eulerfmmd.png: 413x207 pixel, 72dpi, 14.57x7.30 cm, bb=0 0 413 207 % eulerfmmd.png: 413x207 pixel, 72dpi, 14.57x7.30 cm, bb=0 0 413 207
\caption{FMMD analysis of the INVAMP represented as an Euler diagram, showing the relationships between base and derived components.} \caption{FMMD analysis of the INVAMP represented as an Euler diagram, showing how
the components have been grouped into {\fgs} and then used as {\dcs} to build the analysis hierarchy.}
\label{fig:eulerfmmd} \label{fig:eulerfmmd}
\end{figure} \end{figure}
@ -970,7 +927,9 @@ down to the base component failure modes, %leaves of the tree (the leaves being
and thus determine all possible causes for and thus determine all possible causes for
the three high level symptoms, i.e. the failure~modes of the non-inverting amplifier {\dc} {\em INVAMP}. the three high level symptoms, i.e. the failure~modes of the non-inverting amplifier {\dc} {\em INVAMP}.
Knowing all possible causes for a top level event/failure~mode Knowing all possible causes for a top level event/failure~mode
is extremely useful. Were the top level event to be classified as catastrophic for instance, is extremely useful.
%
Were a particular top level event to be classified as catastrophic for instance,
we could use this information we could use this information
to strengthen components that could cause that particular top level event/failure. to strengthen components that could cause that particular top level event/failure.
% %
@ -1498,10 +1457,10 @@ The UML meta model above (see figure~\ref{fig:cfg}) describes a hierarchical str
This is because, as {\dcs} inherit the properties of This is because, as {\dcs} inherit the properties of
components, {\dcs} may be used to form {\fgs}. components, {\dcs} may be used to form {\fgs}.
% %
Consider the hierarchy from the example in figure~\ref{fig:dc2}. Consider the hierarchy from the example in figure~\ref{fig:eulerfmmd}. % ~\ref{fig:dc2}.
The lowest level in this hierarchy are the {\bcs}, the resistors and the op-amp. The lowest level in this hierarchy are the {\bcs}, the resistors and the op-amp.
% %
The resistors are collected into a {\fg}, and the ${PD}$ derived component created from its analysis, is shown above the {\fg}. The resistors are collected into a {\fg}, and the ${PD}$ derived component created from its analysis, is shown enclosing R1 and R2. % above the {\fg}.
% %
As this derived component inherits the properties of a component, we may use As this derived component inherits the properties of a component, we may use
it in {\fg} higher in the hierarchy. it in {\fg} higher in the hierarchy.
@ -1511,9 +1470,14 @@ with the op-amp.
% %
This {\fg} is now analysed and a {\dc} created to This {\fg} is now analysed and a {\dc} created to
represent the failure mode behaviour of the {\em INVAMP}. represent the failure mode behaviour of the {\em INVAMP}.
An analysis report is generated for each {\fg} to {\dc} %
process\footnote{By having an analysis report report for each analysis stage, i.e. {fg} to {\dc}, An analysis report is generated as part of the {\fg} to {\dc}
we increase the tracability in the reasoning applied to to the FMEA process.}. process. %\footnote
{By having an analysis report report for each analysis stage, i.e. {\fg} to {\dc},
we add traceability to the reasoning applied to to the FMEA process.}
%
Traditional FMEA has one large reasoning stage, that of component failure mode
directly to system level failure.
% %
We may now use the {\em INVAMP} {\dc} in even higher level {\fgs}. We may now use the {\em INVAMP} {\dc} in even higher level {\fgs}.