robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Going through Andrew fish notes

Browse Source 
Looking at BC programs to calc unitary state values
This commit is contained in:
Robin Clark 2010-08-28 12:11:42 +01:00
parent c010d4bcf4
commit 8a59071d68
1 changed files with 85 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

142
component_failure_modes_definition/component_failure_modes_definition.tex
View File

@ -204,8 +204,7 @@ We can represent this using a UML diagram in figure \ref{fig:cfg}.
The symbol $\bowtie$ is used to indicate the analysis process that takes a The symbol $\bowtie$ is used to indicate the analysis process that takes a
functional group and converts it into a new component. functional group and converts it into a new component.
This can be expresed as This can be expresed as ` $ \bowtie ( FG ) \mapsto DerivedComponent $ '.
\[ \bowtie ( FG ) \mapsto DerivedComponent \].
\begin{figure}[h] \begin{figure}[h]
@ -221,17 +220,25 @@ This can be expresed as
The UML meta model in figure \ref{fig:cfg}, shows the relationships The UML meta model in figure \ref{fig:cfg}, shows the relationships
between the classes and sub-classes. between the classes and sub-classes.
Note that because we can use derived components to build functional groups,
this model intrinsically supports building a hierarchy.
%
In use we will build a hierarchy of In use we will build a hierarchy of
objects, with derived~components forming functional~groups, and creating objects, with derived~components forming functional~groups, and creating
derived components higher up in the structure. derived components higher up in the structure.
The level variable in each component, %
To keep track of the level in the hierarchy (i.e. how many stages of component
derivation `$\bowtie$' have lead to the current derived component)
we can add an attribute to the component data type.
This can be a natural number called the level variable $\alpha \in \mathbb{N}_0$.
The $\alpha$ level variable in each component,
indicates the position in the hierarchy. Base or parts~list components indicates the position in the hierarchy. Base or parts~list components
have a `level' of 0. have a `level' of $\alpha=0$.
% I do not know how to make this simpler % I do not know how to make this simpler
Derived~components take a level based on the highest level Derived~components take a level based on the highest level
component used to build the functional group it was derived from plus 1. component used to build the functional group it was derived from plus 1.
So a derived component built from base level or parts list components So a derived component built from base level or parts list components
would have a level of 1. would have an $\alpha$ value of 1.
%\clearpage %\clearpage
@ -254,37 +261,40 @@ would have a level of 1.
\subsection{Relationships between functional~groups and failure modes} \subsection{Relationships between functional~groups and failure modes}
Let the set of all possible components be $\mathcal{C}$ Let the set of all possible components be $\mathcal{C}$
and let the set of all possible failure modes be $\mathcal{F}$. and let the set of all possible failure modes be $\mathcal{F}$.
We can define a function $FM$ We can define a function $fm$ as equation \ref{eqn:fmset}.
\begin{equation} \begin{equation}
FM : \mathcal{C} \mapsto \mathcal{P}\mathcal{F} fm : \mathcal{C} \mapsto \mathcal{P}\mathcal{F}
\label{eqn:fmset}
\end{equation} \end{equation}
defined by, where C is a component and F is a set of failure modes. The is defined by equation \ref{eqn:fminstance}, where C is a component and F is a set of failure modes.
$$ FM ( C ) = F $$ \begin{equation}
fm ( C ) = F
\label{eqn:fminstance}
\end{equation}
\paragraph{Finding all failure modes within the functional group} \paragraph{Finding all failure modes within the functional group}
For FMMD failure mode analysis we need to consider the failure modes For FMMD failure mode analysis we need to consider the failure modes
from all the components in a functional~group as a flat set. from all the components in a functional~group as a flat set.
Consider the components in a functional group to be $C$ indexed by j thus $C_j$. Consider the components in a functional group to be $C_1...C_N$.
The flat set of failure modes we are after can be found by applying function $FM$ to all the components The flat set of failure modes $FSF$ we are after can be found by applying function $fm$ to all the components
in the functional~group and taking the union of them thus: in the functional~group and taking the union of them thus:
$$ FunctionalGroupAllFailureModes = \bigcup_{j \in \{1...n\}} FM(C_j) $$ $$ FSF = \bigcup_{j=1}^{N} FM(C_j) $$
We can actually overload the notation for the function FM We can actually overload the notation for the function $fm$ % FM
and define it for the set components within a functional group $FG$ (i.e. where $FG \subset \mathcal{C} $) thus: and define it for the set components within a functional group $\mathcal{FG}$ (i.e. where $\mathcal{FG} \subset \mathcal{C} $)
in equation \ref{eqn:fmoverload}.
\begin{equation} \begin{equation}
FM : FG \mapsto \mathcal{F} fm : \mathcal{FG} \mapsto \mathcal{F}
\label{eqn:fmoverload}
\end{equation} \end{equation}
@ -292,9 +302,11 @@ FM : FG \mapsto \mathcal{F}
\paragraph{Design Descision/Constraint} \paragraph{Design Descision/Constraint}
An important factor in defining a set of failure modes is that they An important factor in defining a set of failure modes is that they
should be as clearly defined as possible. should be represent the failure modes as simply and minimally as possible.
It should not be possible, for instance for It should not be possible, for instance for
a component to have two or more failure modes active at once. a component to have two or more failure modes active at once.
Were this to be the case, we would have to consider additional combinations of
failure modes within the component.
Having a set of failure modes where $N$ modes could be active simultaneously Having a set of failure modes where $N$ modes could be active simultaneously
would mean having to consider an additional $2^N-1$ failure mode scenarios. would mean having to consider an additional $2^N-1$ failure mode scenarios.
Should a component be analysed and simultaneous failure mode cases exit, Should a component be analysed and simultaneous failure mode cases exit,
@ -302,38 +314,24 @@ the combinations could be represented by new failure modes, or
the component should be considered from a fresh perspective, the component should be considered from a fresh perspective,
perhaps considering it as several smaller components perhaps considering it as several smaller components
within one package. within one package.
This property, failure modes being mutually exclusive, is termed `unitary state failure modes'
in this study.
This corresponds to the `mutually exclusive' definition in
probability theory\cite{probstat}.
\begin{definition} \begin{definition}
A set of failure modes where only one fault mode A set of failure modes where only one failure mode
can be active at a time is termed a `unitary~state' failure mode set. can be active at one time is termed a `unitary~state' failure mode set.
%This is termed the $U$ set thoughout this study.
This corresponds to the `mutually exclusive' definition in
probability theory\cite{probstat}.
\end{definition} \end{definition}
Let the set of all possible components to be $\mathcal{C}$ Let the set of all possible components to be $\mathcal{C}$
and let the set of all possible failure modes be $\mathcal{F}$. and let the set of all possible failure modes be $\mathcal{F}$.
%
%We can define a function $FM$
%
%\begin{equation}
%FM : \mathcal{C} \mapsto \mathcal{F}
%\end{equation}
%
%defined by
%
%$$ FM ( C ) = F $$
%
%i.e. take a given component $C$ and return its set of failure modes $F$.
%
\begin{definition} \begin{definition}
We can define a set $\mathcal{U}$ which is a set of sets of failure modes, where We can define a set $\mathcal{U}$ which is a set of sets of failure modes, where
the component failure modes in each of its members are unitary~state. the component failure modes in each of its members are unitary~state.
Thus if the failure modes of $F$ are unitary~state, we can say $F \in \mathcal{U}$. Thus if the failure modes of a component $F$ are unitary~state, we can say $F \in \mathcal{U}$ is true.
\end{definition} \end{definition}
\section{Component failure modes:\\ Unitary State example} \section{Component failure modes:\\ Unitary State example}
@ -343,17 +341,17 @@ An example of a component with an obvious set of ``unitary~state'' failure mode
Electrical resistors can fail by going OPEN or SHORTED. Electrical resistors can fail by going OPEN or SHORTED.
For a given resistor R we can apply the For a given resistor R we can apply the
the function $FM$ to find its set of failure modes thus $ FM(R) = \{R_{SHORTED},R_{OPEN}\} $. the function $fm$ to find its set of failure modes thus $ fm(R) = \{R_{SHORTED},R_{OPEN}\} $.
A resistor cannot fail with both conditions open and short active at the same time! The conditions A resistor cannot fail with both conditions open and short active at the same time! The conditions
OPEN and SHORT are thus mutually exclusive. OPEN and SHORT are thus mutually exclusive.
Because of this, the failure mode set $F=FM(R)$ is `unitary~state'. Because of this, the failure mode set $F=fm(R)$ is `unitary~state'.
Thus because both fault modes cannot be active at the same time, the intersection of $ R_{SHORTED} $ and $ R_{OPEN} $ cannot exist. Thus because both fault modes cannot be active at the same time, the intersection of $ R_{SHORTED} $ and $ R_{OPEN} $ cannot exist.
$$ R_{SHORTED} \cap R_{OPEN} = \emptyset $$ $$ R_{SHORTED} \cap R_{OPEN} = \emptyset $$
therefore therefore
$$ FM(R) \in \mathcal{U} $$ $$ fm(R) \in \mathcal{U} $$
We can make this a general case by taking a set $F$ (where $f_1, f_2 \in F$) representing a collection We can make this a general case by taking a set $F$ (where $f_1, f_2 \in F$) representing a collection
@ -382,12 +380,39 @@ Note where there are more than two failure~modes,
by banning any pairs from being active at the same time, by banning any pairs from being active at the same time,
we have banned larger combinations as well. we have banned larger combinations as well.
\subsection{Design Rule: Unitary State}
All components must have unitary state failure modes to be used with the FMMD methodology.
Where a complex component is used, for instance a microcontroller
with several modules that could all fail simultaneously, a process
of reduction into smaller theoretical components will have to be made
\footnote{A modern microcontroller will typically have several modules, which are configurged to operate on
pre-assigned pins on the device. Typically voltage inputs (\adcten / \adctw), digital input and outputs,
PWM (pulse width modulation), UARTs and other modules will be found on simple cheap microcontrollers\cite{pic18f2523}}.
For instance the voltage reading functions which consist
of an ADC multiplexer and ADC can be considered to be components
inside the microcontroller package.
The microcontroller thuis becomes a collection of smaller components
the can be analysed separately.
\paragraph{Reason for Constraint} Were this constraint to not be applied
each component could not have $N$ failure modes to consider but potentially
$2^N$. This would make the job of analysing the failure modes
in a {\fg} impractical due to the sheer size of the task.
%%- Need some refs here because that is the way gastec treat the ADC on microcontroller on the servos
\section{Handling Simultaneous \\ Component Faults} \section{Handling Simultaneous \\ Component Faults}
For some integrity levels of static analysis, there is a need to consider not only single For some integrity levels of static analysis, there is a need to consider not only single
failure modes in isolation, but cases where more then one failure mode may occur failure modes in isolation, but cases where more then one failure mode may occur
simultaneously. simultaneously.
It is an implied requirement of EN298\cite{en298} for instance to consider double simultaneous faults. Note that the `unitary state' conditions apply to failure modes within a component.
The scenarios presented here are where two or more components fail simultaneously.
It is an implied requirement of EN298\cite{en298} for instance to
consider double simultaneous faults\footnote{This is under the conditions
of LOCKOUT in an industrial burner controller that has detected one fault already.
However, from the perspective of static failure mode analysis, this amounts
to dealing with double simultaneous failure modes.}.
To generalise, we may need to consider $N$ simultaneous To generalise, we may need to consider $N$ simultaneous
failure modes when analysing a functional group. This involves finding failure modes when analysing a functional group. This involves finding
all combinations of failures modes of size $N$ and less. all combinations of failures modes of size $N$ and less.
@ -413,12 +438,12 @@ The powerset of S:
$$ \mathcal{P} S = \{ \emptyset, \{a,b,c\}, \{a,b\},\{b,c\},\{c,a\},\{a\},\{b\},\{c\} \} $$ $$ \mathcal{P} S = \{ \emptyset, \{a,b,c\}, \{a,b\},\{b,c\},\{c,a\},\{a\},\{b\},\{c\} \} $$
$\mathcal{P}_{2} S $ means all subsets of S where the cardinality of the subsets is $\mathcal{P}_{2} S $ means all non-empty subsets of S where the cardinality of the subsets is
less than or equal to 2 or less. less than or equal to 2 or less.
$$ \mathcal{P}_{2} S = \{ \{a,b\},\{b,c\},\{c,a\},\{a\},\{b\},\{c\} \} $$ $$ \mathcal{P}_{2} S = \{ \{a,b\},\{b,c\},\{c,a\},\{a\},\{b\},\{c\} \} $$
Note that $\mathcal{P}_{1} S $ for this example is: Note that $\mathcal{P}_{1} S $ (non-empty subsets where cardinality $\leq 1$) for this example is:
$$ \mathcal{P}_{1} S = \{ \{a\},\{b\},\{c\} \} $$ $$ \mathcal{P}_{1} S = \{ \{a\},\{b\},\{c\} \} $$
@ -426,9 +451,12 @@ $$ \mathcal{P}_{1} S = \{ \{a\},\{b\},\{c\} \} $$
A $k$ combination is a subset with $k$ elements. A $k$ combination is a subset with $k$ elements.
The number of $k$ combinations (each of size $k$) from a set $S$ The number of $k$ combinations (each of size $k$) from a set $S$
with $n$ elements (size $n$) is the binomial coefficient with $n$ elements (size $n$) is the binomial coefficient\cite{probstat} shown in equation \ref{bico}.
$$ C^n_k = {n \choose k} = \frac{n!}{k!(n-k)!}$$ \begin{equation}
C^n_k = {n \choose k} = \frac{n!}{k!(n-k)!}
\label{bico}
\end{equation}
To find the number of elements in a cardinality constrained subset S with up to $cc$ elements To find the number of elements in a cardinality constrained subset S with up to $cc$ elements
in each combination sub-set, in each combination sub-set,
@ -468,12 +496,12 @@ $|{n \choose 2}|$ and $|{n \choose 3}|$ for each component in the functional~gro
\subsubsection{Example: Two Component functional group \\ cardinality Constraint of 2} \subsubsection{Example: Two Component functional group \\ cardinality Constraint of 2}
For example: were we to have a simple functional group with two components R and T, of which For example: were we to have a simple functional group with two components R and T, of which
$$FM(R) = \{R_o, R_s\}$$ and $$FM(T) = \{T_o, T_s, T_h\}$$. $$fm(R) = \{R_o, R_s\}$$ and $$fm(T) = \{T_o, T_s, T_h\}$$.
This means that the functional~group $FG=\{R,T\}$ will have a component failure mode set This means that the functional~group $FG=\{R,T\}$ will have a component failure mode set
of $FM(FG) = \{R_o, R_s, T_o, T_s, T_h\}$ of $fm(FG) = \{R_o, R_s, T_o, T_s, T_h\}$
For a cardinality constrained powerset of 2, because there are 5 error modes ( $|FM(FG)|=5$), For a cardinality constrained powerset of 2, because there are 5 error modes ( $|fm(FG)|=5$),
applying equation \ref{eqn:ccps} gives :- applying equation \ref{eqn:ccps} gives :-
$$\frac{5!}{1!(5-1)!} + \frac{5!}{2!(5-2)!} = 15$$ $$\frac{5!}{1!(5-1)!} + \frac{5!}{2!(5-2)!} = 15$$
@ -487,12 +515,12 @@ For component R there is only one internal component fault that cannot exist
$R_o \wedge R_s$. As a combination ${2 \choose 2} = 1$. For the component $T$ which has $R_o \wedge R_s$. As a combination ${2 \choose 2} = 1$. For the component $T$ which has
three fault modes ${3 \choose 2} = 3$. three fault modes ${3 \choose 2} = 3$.
Thus for $cc == 2$, under the conditions of unitary state failure modes in the components $R$ and $T$, we must subtract $(3+1)$. Thus for $cc == 2$, under the conditions of unitary state failure modes in the components $R$ and $T$, we must subtract $(3+1)$.
The number of combinations to check is thus 11, $|\mathcal{P}_{2}(FM(FG))| = 11$, for this example and this can be verified The number of combinations to check is thus 11, $|\mathcal{P}_{2}(fm(FG))| = 11$, for this example and this can be verified
by listing all the required combinations: by listing all the required combinations:
$$ \mathcal{P}_{2}(FM(FG)) = \{ $$ \mathcal{P}_{2}(fm(FG)) = \{
\{R_o T_o\}, \{R_o T_s\}, \{R_o T_h\}, \{R_s T_o\}, \{R_s T_s\}, \{R_s T_h\}, \{R_o \}, \{R_s \}, \{T_o \}, \{T_s \}, \{T_h \} \{R_o T_o\}, \{R_o T_s\}, \{R_o T_h\}, \{R_s T_o\}, \{R_s T_s\}, \{R_s T_h\}, \{R_o \}, \{R_s \}, \{T_o \}, \{T_s \}, \{T_h \}
\} \}
$$ $$
@ -521,13 +549,13 @@ where :
\item Let $C$ be a set of components (indexed by $j \in J$) \item Let $C$ be a set of components (indexed by $j \in J$)
that are members of the functional group $FG$ that are members of the functional group $FG$
i.e. $ \forall j \in J | C_j \in FG $ i.e. $ \forall j \in J | C_j \in FG $
\item Let $|FM({C}_{j})|$ \item Let $|fm({C}_{j})|$
indicate the number of mutually exclusive fault modes of each component indicate the number of mutually exclusive fault modes of each component
\item Let $FM(FG)$ be the collection of all failure modes \item Let $fm(FG)$ be the collection of all failure modes
from all the components in the functional group. from all the components in the functional group.
\item Let $SU$ be a set of failure modes from the functional group, \item Let $SU$ be a set of failure modes from the functional group,
where all contributing components $C_j$ where all contributing components $C_j$
are guaranteed to be `unitary state' i.e. $(SU = FM(FG)) \wedge (\forall j \in J | FM(C_j) \in \mathcal{U}) $ are guaranteed to be `unitary state' i.e. $(SU = fm(FG)) \wedge (\forall j \in J | fm(C_j) \in \mathcal{U}) $
\end{itemize} \end{itemize}
%} %}