Going through Andrew fish notes
Looking at BC programs to calc unitary state values
This commit is contained in:
parent
c010d4bcf4
commit
8a59071d68
@ -204,8 +204,7 @@ We can represent this using a UML diagram in figure \ref{fig:cfg}.
|
||||
The symbol $\bowtie$ is used to indicate the analysis process that takes a
|
||||
functional group and converts it into a new component.
|
||||
|
||||
This can be expresed as
|
||||
\[ \bowtie ( FG ) \mapsto DerivedComponent \].
|
||||
This can be expresed as ` $ \bowtie ( FG ) \mapsto DerivedComponent $ '.
|
||||
|
||||
|
||||
\begin{figure}[h]
|
||||
@ -221,17 +220,25 @@ This can be expresed as
|
||||
|
||||
The UML meta model in figure \ref{fig:cfg}, shows the relationships
|
||||
between the classes and sub-classes.
|
||||
Note that because we can use derived components to build functional groups,
|
||||
this model intrinsically supports building a hierarchy.
|
||||
%
|
||||
In use we will build a hierarchy of
|
||||
objects, with derived~components forming functional~groups, and creating
|
||||
derived components higher up in the structure.
|
||||
The level variable in each component,
|
||||
%
|
||||
To keep track of the level in the hierarchy (i.e. how many stages of component
|
||||
derivation `$\bowtie$' have lead to the current derived component)
|
||||
we can add an attribute to the component data type.
|
||||
This can be a natural number called the level variable $\alpha \in \mathbb{N}_0$.
|
||||
The $\alpha$ level variable in each component,
|
||||
indicates the position in the hierarchy. Base or parts~list components
|
||||
have a `level' of 0.
|
||||
have a `level' of $\alpha=0$.
|
||||
% I do not know how to make this simpler
|
||||
Derived~components take a level based on the highest level
|
||||
component used to build the functional group it was derived from plus 1.
|
||||
So a derived component built from base level or parts list components
|
||||
would have a level of 1.
|
||||
would have an $\alpha$ value of 1.
|
||||
%\clearpage
|
||||
|
||||
|
||||
@ -254,37 +261,40 @@ would have a level of 1.
|
||||
|
||||
\subsection{Relationships between functional~groups and failure modes}
|
||||
|
||||
|
||||
|
||||
|
||||
Let the set of all possible components be $\mathcal{C}$
|
||||
and let the set of all possible failure modes be $\mathcal{F}$.
|
||||
|
||||
We can define a function $FM$
|
||||
We can define a function $fm$ as equation \ref{eqn:fmset}.
|
||||
|
||||
\begin{equation}
|
||||
FM : \mathcal{C} \mapsto \mathcal{P}\mathcal{F}
|
||||
fm : \mathcal{C} \mapsto \mathcal{P}\mathcal{F}
|
||||
\label{eqn:fmset}
|
||||
\end{equation}
|
||||
|
||||
defined by, where C is a component and F is a set of failure modes.
|
||||
The is defined by equation \ref{eqn:fminstance}, where C is a component and F is a set of failure modes.
|
||||
|
||||
$$ FM ( C ) = F $$
|
||||
\begin{equation}
|
||||
fm ( C ) = F
|
||||
\label{eqn:fminstance}
|
||||
\end{equation}
|
||||
|
||||
\paragraph{Finding all failure modes within the functional group}
|
||||
|
||||
For FMMD failure mode analysis we need to consider the failure modes
|
||||
from all the components in a functional~group as a flat set.
|
||||
Consider the components in a functional group to be $C$ indexed by j thus $C_j$.
|
||||
The flat set of failure modes we are after can be found by applying function $FM$ to all the components
|
||||
Consider the components in a functional group to be $C_1...C_N$.
|
||||
The flat set of failure modes $FSF$ we are after can be found by applying function $fm$ to all the components
|
||||
in the functional~group and taking the union of them thus:
|
||||
|
||||
$$ FunctionalGroupAllFailureModes = \bigcup_{j \in \{1...n\}} FM(C_j) $$
|
||||
$$ FSF = \bigcup_{j=1}^{N} FM(C_j) $$
|
||||
|
||||
We can actually overload the notation for the function FM
|
||||
and define it for the set components within a functional group $FG$ (i.e. where $FG \subset \mathcal{C} $) thus:
|
||||
We can actually overload the notation for the function $fm$ % FM
|
||||
and define it for the set components within a functional group $\mathcal{FG}$ (i.e. where $\mathcal{FG} \subset \mathcal{C} $)
|
||||
in equation \ref{eqn:fmoverload}.
|
||||
|
||||
\begin{equation}
|
||||
FM : FG \mapsto \mathcal{F}
|
||||
fm : \mathcal{FG} \mapsto \mathcal{F}
|
||||
\label{eqn:fmoverload}
|
||||
\end{equation}
|
||||
|
||||
|
||||
@ -292,9 +302,11 @@ FM : FG \mapsto \mathcal{F}
|
||||
|
||||
\paragraph{Design Descision/Constraint}
|
||||
An important factor in defining a set of failure modes is that they
|
||||
should be as clearly defined as possible.
|
||||
should be represent the failure modes as simply and minimally as possible.
|
||||
It should not be possible, for instance for
|
||||
a component to have two or more failure modes active at once.
|
||||
Were this to be the case, we would have to consider additional combinations of
|
||||
failure modes within the component.
|
||||
Having a set of failure modes where $N$ modes could be active simultaneously
|
||||
would mean having to consider an additional $2^N-1$ failure mode scenarios.
|
||||
Should a component be analysed and simultaneous failure mode cases exit,
|
||||
@ -302,38 +314,24 @@ the combinations could be represented by new failure modes, or
|
||||
the component should be considered from a fresh perspective,
|
||||
perhaps considering it as several smaller components
|
||||
within one package.
|
||||
|
||||
|
||||
|
||||
This property, failure modes being mutually exclusive, is termed `unitary state failure modes'
|
||||
in this study.
|
||||
This corresponds to the `mutually exclusive' definition in
|
||||
probability theory\cite{probstat}.
|
||||
|
||||
|
||||
\begin{definition}
|
||||
A set of failure modes where only one fault mode
|
||||
can be active at a time is termed a `unitary~state' failure mode set.
|
||||
%This is termed the $U$ set thoughout this study.
|
||||
This corresponds to the `mutually exclusive' definition in
|
||||
probability theory\cite{probstat}.
|
||||
A set of failure modes where only one failure mode
|
||||
can be active at one time is termed a `unitary~state' failure mode set.
|
||||
\end{definition}
|
||||
|
||||
Let the set of all possible components to be $\mathcal{C}$
|
||||
and let the set of all possible failure modes be $\mathcal{F}$.
|
||||
%
|
||||
%We can define a function $FM$
|
||||
%
|
||||
%\begin{equation}
|
||||
%FM : \mathcal{C} \mapsto \mathcal{F}
|
||||
%\end{equation}
|
||||
%
|
||||
%defined by
|
||||
%
|
||||
%$$ FM ( C ) = F $$
|
||||
%
|
||||
%i.e. take a given component $C$ and return its set of failure modes $F$.
|
||||
%
|
||||
|
||||
\begin{definition}
|
||||
We can define a set $\mathcal{U}$ which is a set of sets of failure modes, where
|
||||
the component failure modes in each of its members are unitary~state.
|
||||
Thus if the failure modes of $F$ are unitary~state, we can say $F \in \mathcal{U}$.
|
||||
Thus if the failure modes of a component $F$ are unitary~state, we can say $F \in \mathcal{U}$ is true.
|
||||
\end{definition}
|
||||
|
||||
\section{Component failure modes:\\ Unitary State example}
|
||||
@ -343,17 +341,17 @@ An example of a component with an obvious set of ``unitary~state'' failure mode
|
||||
Electrical resistors can fail by going OPEN or SHORTED.
|
||||
|
||||
For a given resistor R we can apply the
|
||||
the function $FM$ to find its set of failure modes thus $ FM(R) = \{R_{SHORTED},R_{OPEN}\} $.
|
||||
the function $fm$ to find its set of failure modes thus $ fm(R) = \{R_{SHORTED},R_{OPEN}\} $.
|
||||
A resistor cannot fail with both conditions open and short active at the same time! The conditions
|
||||
OPEN and SHORT are thus mutually exclusive.
|
||||
Because of this, the failure mode set $F=FM(R)$ is `unitary~state'.
|
||||
Because of this, the failure mode set $F=fm(R)$ is `unitary~state'.
|
||||
|
||||
|
||||
Thus because both fault modes cannot be active at the same time, the intersection of $ R_{SHORTED} $ and $ R_{OPEN} $ cannot exist.
|
||||
|
||||
$$ R_{SHORTED} \cap R_{OPEN} = \emptyset $$
|
||||
therefore
|
||||
$$ FM(R) \in \mathcal{U} $$
|
||||
$$ fm(R) \in \mathcal{U} $$
|
||||
|
||||
|
||||
We can make this a general case by taking a set $F$ (where $f_1, f_2 \in F$) representing a collection
|
||||
@ -382,12 +380,39 @@ Note where there are more than two failure~modes,
|
||||
by banning any pairs from being active at the same time,
|
||||
we have banned larger combinations as well.
|
||||
|
||||
\subsection{Design Rule: Unitary State}
|
||||
|
||||
All components must have unitary state failure modes to be used with the FMMD methodology.
|
||||
Where a complex component is used, for instance a microcontroller
|
||||
with several modules that could all fail simultaneously, a process
|
||||
of reduction into smaller theoretical components will have to be made
|
||||
\footnote{A modern microcontroller will typically have several modules, which are configurged to operate on
|
||||
pre-assigned pins on the device. Typically voltage inputs (\adcten / \adctw), digital input and outputs,
|
||||
PWM (pulse width modulation), UARTs and other modules will be found on simple cheap microcontrollers\cite{pic18f2523}}.
|
||||
For instance the voltage reading functions which consist
|
||||
of an ADC multiplexer and ADC can be considered to be components
|
||||
inside the microcontroller package.
|
||||
The microcontroller thuis becomes a collection of smaller components
|
||||
the can be analysed separately.
|
||||
\paragraph{Reason for Constraint} Were this constraint to not be applied
|
||||
each component could not have $N$ failure modes to consider but potentially
|
||||
$2^N$. This would make the job of analysing the failure modes
|
||||
in a {\fg} impractical due to the sheer size of the task.
|
||||
|
||||
%%- Need some refs here because that is the way gastec treat the ADC on microcontroller on the servos
|
||||
|
||||
\section{Handling Simultaneous \\ Component Faults}
|
||||
|
||||
For some integrity levels of static analysis, there is a need to consider not only single
|
||||
failure modes in isolation, but cases where more then one failure mode may occur
|
||||
simultaneously.
|
||||
It is an implied requirement of EN298\cite{en298} for instance to consider double simultaneous faults.
|
||||
Note that the `unitary state' conditions apply to failure modes within a component.
|
||||
The scenarios presented here are where two or more components fail simultaneously.
|
||||
It is an implied requirement of EN298\cite{en298} for instance to
|
||||
consider double simultaneous faults\footnote{This is under the conditions
|
||||
of LOCKOUT in an industrial burner controller that has detected one fault already.
|
||||
However, from the perspective of static failure mode analysis, this amounts
|
||||
to dealing with double simultaneous failure modes.}.
|
||||
To generalise, we may need to consider $N$ simultaneous
|
||||
failure modes when analysing a functional group. This involves finding
|
||||
all combinations of failures modes of size $N$ and less.
|
||||
@ -413,12 +438,12 @@ The powerset of S:
|
||||
$$ \mathcal{P} S = \{ \emptyset, \{a,b,c\}, \{a,b\},\{b,c\},\{c,a\},\{a\},\{b\},\{c\} \} $$
|
||||
|
||||
|
||||
$\mathcal{P}_{2} S $ means all subsets of S where the cardinality of the subsets is
|
||||
$\mathcal{P}_{2} S $ means all non-empty subsets of S where the cardinality of the subsets is
|
||||
less than or equal to 2 or less.
|
||||
|
||||
$$ \mathcal{P}_{2} S = \{ \{a,b\},\{b,c\},\{c,a\},\{a\},\{b\},\{c\} \} $$
|
||||
|
||||
Note that $\mathcal{P}_{1} S $ for this example is:
|
||||
Note that $\mathcal{P}_{1} S $ (non-empty subsets where cardinality $\leq 1$) for this example is:
|
||||
|
||||
$$ \mathcal{P}_{1} S = \{ \{a\},\{b\},\{c\} \} $$
|
||||
|
||||
@ -426,9 +451,12 @@ $$ \mathcal{P}_{1} S = \{ \{a\},\{b\},\{c\} \} $$
|
||||
|
||||
A $k$ combination is a subset with $k$ elements.
|
||||
The number of $k$ combinations (each of size $k$) from a set $S$
|
||||
with $n$ elements (size $n$) is the binomial coefficient
|
||||
with $n$ elements (size $n$) is the binomial coefficient\cite{probstat} shown in equation \ref{bico}.
|
||||
|
||||
$$ C^n_k = {n \choose k} = \frac{n!}{k!(n-k)!}$$
|
||||
\begin{equation}
|
||||
C^n_k = {n \choose k} = \frac{n!}{k!(n-k)!}
|
||||
\label{bico}
|
||||
\end{equation}
|
||||
|
||||
To find the number of elements in a cardinality constrained subset S with up to $cc$ elements
|
||||
in each combination sub-set,
|
||||
@ -468,12 +496,12 @@ $|{n \choose 2}|$ and $|{n \choose 3}|$ for each component in the functional~gro
|
||||
\subsubsection{Example: Two Component functional group \\ cardinality Constraint of 2}
|
||||
|
||||
For example: were we to have a simple functional group with two components R and T, of which
|
||||
$$FM(R) = \{R_o, R_s\}$$ and $$FM(T) = \{T_o, T_s, T_h\}$$.
|
||||
$$fm(R) = \{R_o, R_s\}$$ and $$fm(T) = \{T_o, T_s, T_h\}$$.
|
||||
|
||||
This means that the functional~group $FG=\{R,T\}$ will have a component failure mode set
|
||||
of $FM(FG) = \{R_o, R_s, T_o, T_s, T_h\}$
|
||||
of $fm(FG) = \{R_o, R_s, T_o, T_s, T_h\}$
|
||||
|
||||
For a cardinality constrained powerset of 2, because there are 5 error modes ( $|FM(FG)|=5$),
|
||||
For a cardinality constrained powerset of 2, because there are 5 error modes ( $|fm(FG)|=5$),
|
||||
applying equation \ref{eqn:ccps} gives :-
|
||||
|
||||
$$\frac{5!}{1!(5-1)!} + \frac{5!}{2!(5-2)!} = 15$$
|
||||
@ -487,12 +515,12 @@ For component R there is only one internal component fault that cannot exist
|
||||
$R_o \wedge R_s$. As a combination ${2 \choose 2} = 1$. For the component $T$ which has
|
||||
three fault modes ${3 \choose 2} = 3$.
|
||||
Thus for $cc == 2$, under the conditions of unitary state failure modes in the components $R$ and $T$, we must subtract $(3+1)$.
|
||||
The number of combinations to check is thus 11, $|\mathcal{P}_{2}(FM(FG))| = 11$, for this example and this can be verified
|
||||
The number of combinations to check is thus 11, $|\mathcal{P}_{2}(fm(FG))| = 11$, for this example and this can be verified
|
||||
by listing all the required combinations:
|
||||
|
||||
|
||||
|
||||
$$ \mathcal{P}_{2}(FM(FG)) = \{
|
||||
$$ \mathcal{P}_{2}(fm(FG)) = \{
|
||||
\{R_o T_o\}, \{R_o T_s\}, \{R_o T_h\}, \{R_s T_o\}, \{R_s T_s\}, \{R_s T_h\}, \{R_o \}, \{R_s \}, \{T_o \}, \{T_s \}, \{T_h \}
|
||||
\}
|
||||
$$
|
||||
@ -521,13 +549,13 @@ where :
|
||||
\item Let $C$ be a set of components (indexed by $j \in J$)
|
||||
that are members of the functional group $FG$
|
||||
i.e. $ \forall j \in J | C_j \in FG $
|
||||
\item Let $|FM({C}_{j})|$
|
||||
\item Let $|fm({C}_{j})|$
|
||||
indicate the number of mutually exclusive fault modes of each component
|
||||
\item Let $FM(FG)$ be the collection of all failure modes
|
||||
\item Let $fm(FG)$ be the collection of all failure modes
|
||||
from all the components in the functional group.
|
||||
\item Let $SU$ be a set of failure modes from the functional group,
|
||||
where all contributing components $C_j$
|
||||
are guaranteed to be `unitary state' i.e. $(SU = FM(FG)) \wedge (\forall j \in J | FM(C_j) \in \mathcal{U}) $
|
||||
are guaranteed to be `unitary state' i.e. $(SU = fm(FG)) \wedge (\forall j \in J | fm(C_j) \in \mathcal{U}) $
|
||||
\end{itemize}
|
||||
%}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user