diff --git a/mybib.bib b/mybib.bib index 89b46de..14f4057 100644 --- a/mybib.bib +++ b/mybib.bib @@ -587,7 +587,8 @@ number={2}, @INPROCEEDINGS{FMEAmultiple653556, author={Price, C.J. and Taylor, N.S.}, -booktitle={Reliability and Maintainability Symposium, 1998. Proceedings., Annual}, title={FMEA for multiple failures}, +booktitle={Reliability and Maintainability Symposium, 1998. Proceedings., Annual}, +title={FMEA for multiple failures}, year={1998}, month={jan}, volume={}, diff --git a/submission_thesis/CH2_FMEA/copy.tex b/submission_thesis/CH2_FMEA/copy.tex index ea08881..0aabc4a 100644 --- a/submission_thesis/CH2_FMEA/copy.tex +++ b/submission_thesis/CH2_FMEA/copy.tex @@ -892,8 +892,13 @@ failures\footnote{Multiple simultaneous failures are taken to mean failures that Detection periods are typically determined for the process under control. For instance, for a flame detector in an industrial burner this is typically one second.~\cite{en298}}. % -Work has been performed using component failure statistics to -offer the more likely multiple failures~\cite{FMEAmultiple653556} for analysis. +Multiple failures may cause the same system level failure (i.e. two separate failures +could cause the same system failure, and in combination still cause the same failure), this +can be termed a common failure result. +% +Work has been performed using component failure statistics and logic to +offer selected---by virtue of statistical likelihood and common failure result reduction---multiple failures for analysis +and consideration by an investigating engineer~\cite{FMEAmultiple653556}. % %We now compound the multiple symptoms from one {\bc} {\fm} possibility %with the merging of Markov chains. @@ -906,7 +911,7 @@ meaning the additional failures might have to be analysed with respect to the ch %for the the results of an FMEA line of reasoning. Because multiple failures mean dealing with changed topologies the objective criteria is additionally complicated with the subjective -adding another layer of complication. +adding yet another layer of complication. % % Traditional FMEA has the translation from an objective to subjective @@ -1137,7 +1142,7 @@ is given in section~\ref{sec:resistortolerance}. \item \textbf{FMECA - Criticality} Emphasis on minimising the effect of critical systems failing; % Military/Space \item \textbf{FMEDA - Statistical Safety} Statistical analysis giving Safety Integrity Levels; \item \textbf{DFMEA - Design or Static/Theoretical} Approval of safety critical systems using FMEA and single or double failure prevention;% EN298/EN230/UL1998 - \item \textbf{SFMEA - Software FMEA --- only used in highly critical systems at present} + \item \textbf{SFMEA - Software FMEA} --- Usage not enforced by most current standards~\cite{en298,en230,en61508}. %only used in highly critical systems at present. \end{itemize} @@ -1566,8 +1571,18 @@ for each {\fm}, so that the entry can be more easily reviewed or revisited/audited. % than a traditional FMEA report. % Because FMEA is traditionally performed with one entry per component {\fm}, full reasoning descriptions -are rare. -This means that re-use, review and checking of traditional analysis must often be started from `cold'. +are rare. +% +Another effect on a one entry per failure mode model, is that the terminology +may be inconsistent. Failure symptoms, although being the same at a system level, may be +given different names in the same project. +% +These factors mean that re-use, review and checking of traditional analysis can often be started from `cold'. +% +Work has been performed to assist in incremental FMEA production by use of a software tool +which in conjunction with circuit simulation +and a database of component failure modes (providing consistency in terminology) +speeds up the FMEA process~\cite{incrementalfmea}. % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% diff --git a/submission_thesis/CH3_FMEA_criticism/copy.tex b/submission_thesis/CH3_FMEA_criticism/copy.tex index 70d691a..68a59a7 100644 --- a/submission_thesis/CH3_FMEA_criticism/copy.tex +++ b/submission_thesis/CH3_FMEA_criticism/copy.tex @@ -46,6 +46,7 @@ of the era when FMEA methodologies were invented. With FMEA it is very difficult to perform %impossibility of performing meaningful multiple failure analysis~\cite{FMEAmultiple653556,maikowski}. +% The main reasons for this are that in electronics, each failure can introduce a circuit topology change and state explosion means there can be extremely large numbers of double failures to check. @@ -225,7 +226,7 @@ This property is examined in section~\ref{sec:theoreticalperfmodel}. A comparison complexity order, or reasoning distance, of $O(N^2)$ could be seen as desirable in an automated process such as a search algorithm, but here it is a time consuming manual process which -demands experienced and highly qualified personnel. +demands experienced and highly qualified personnel~\cite{automatingFMEA1281774}. % It is therefore desirable to reduce this order further. @@ -258,7 +259,9 @@ Work has been performed using databases to track the relationships between variables and system failure modes~\cite{procsfmeadb}, to %work has been performed to introduce automation into the FMEA process~\cite{appswfmea} and to provide code analysis -automation~\cite{modelsfmea}. Although the SFMEA and hardware FMEAs are performed separately, +automation~\cite{modelsfmea}. +% +Although the SFMEA and hardware FMEAs are performed separately, some schools of thought aim for Fault Tree Analysis (FTA)~\cite{nasafta,nucfta} (top down - deductive) and FMEA (bottom-up inductive) to be performed on the same system to provide insight into the @@ -268,11 +271,17 @@ Subtle problems in embedded software are often due to interrupt contention causi corruption of variables: automated tools to aid the detection of this are becoming available~\cite{concurrency_c_tool}. % +Work has been performed to parse software, and to map source code statements as edges +and variables as nodes, to form directed acyclic graphs~\cite{sfmea}, where failure mode propagation +can be traced. +% Although current software FMEA techniques should give a better picture of the failure mode behaviour, they are by no means a rigorous approach to tracing errors that may occur in hardware being followed through to the top (and therefore ultimately controlling) layer of software. % +That is they do not offer an integrated software hardware failure mode model. +% With the increasing use of micro-controllers in place of much analogue electronics for most new designs of electronic product, the poor software integration capabilities of FMEA are now being seen as deficiencies. @@ -509,8 +518,10 @@ getting too complicated for meaningful analysis using FMEA. % \subsection{FMEA Criticism: Conclusions.} +% FMEA is a useful tool for basic safety --- it provides statistics on safety where field data is impractical --- and is good with single failure modes linked to top level events. +% FMEA has become part of the safety critical and safety certification industries. % SFMEA is in its infancy, and there are corresponding gaps in @@ -529,7 +540,7 @@ with a one step analysis stage. % \begin{itemize} % \item Impossible to integrate Software and hardware models, % \item State explosion problem exacerbated by increasing complexity due to density of modern electronics, -% \item Impossible to consider all multiple component failure modes~\cite{FMEAmultiple653556} +% \item Impossible to consider all multiple component failure modes~\cite{FMEAmultbbbiple653556} % \end{itemize} % %\subsection{FMEA - Better Methodology - Wish List} diff --git a/submission_thesis/appendixes/detailed_analysis.tex b/submission_thesis/appendixes/detailed_analysis.tex index 3c8c73e..b379f8d 100644 --- a/submission_thesis/appendixes/detailed_analysis.tex +++ b/submission_thesis/appendixes/detailed_analysis.tex @@ -2,7 +2,7 @@ \chapter{Detailed FMMD analyses} For clarity the detailed workings of the FMMD analysis stages in many of the examples -in chapter 5 have been moved here for reference. +in chapters ~\ref{sec:chap5}~and~\ref{sec:chap6} have been moved here for reference. \section{Bubba Oscillator FMMD analyses} @@ -105,7 +105,7 @@ $$ \end{tabular} \end{table} -Collecting symptoms from table~\ref{tbl:bubbalargefg}, the {\dc} $ BubbaOscillator $ is created with the following failure modes: +Collecting symptoms from table~\ref{tbl:bubbalargefg}, the {\dc} $ BubbaOscillator $ is created with the following failure modes: $$ fm(BubbaOscillator) = \{ NO_{osc}, HI_{fosc} \} . $$ @@ -124,7 +124,7 @@ $$ \begin{table}[h+] \caption{BUFF45: Failure Mode Effects Analysis} % title of Table \label{tbl:buff45} - +\centering \begin{tabular}{|| l | l | c | c | l ||} \hline %\textbf{Failure Scenario} & & \textbf{BUFF45} & & \textbf{Symptom} \\ % & & & & \\ @@ -132,8 +132,8 @@ $$ \textbf{cause} & & \textbf{Effect} & & \\ \hline - FS1: $PHS45_1$ $0\_phaseshift$ & & phase shift low & & $0\_phaseshift$ \\ - FS2: $PHS45_1$ $no\_signal$ & & signal lost & & $NO_{signal}$ \\ \hline + FS1: $PHS45_1$ $0\_phaseshift$ & & no phase shift & & $0\_phaseshift$ \\ + FS2: $PHS45_1$ $no\_signal$ & & signal lost & & $NO_{signal}$ \\ \hline %FS3: $PHS45_1$ $90\_phaseshift$ & & phase shift high & & $90\_phaseshift$ \\ \hline FS3: $NIBUFF_1$ $L_{up}$ & & output high & & $NO_{signal}$ \\ @@ -237,7 +237,7 @@ $$ Collecting symptoms from table~\ref{tbl:phs225amp}, the {\dc} $PHS225AMP $ is created with the following failure modes: $$ - fm() = \{ 180\_phaseshift, NO\_signal \} . + fm(PHS225AMP) = \{ 180\_phaseshift, NO\_signal \} . $$ \clearpage @@ -349,7 +349,7 @@ $$ FS1: $IC2$ $HIGH$ & & output perm. high & & HIGH \\ FS2: $IC2$ $LOW$ & & output perm. low & & LOW \\ FS3: $IC2$ $NOOP$ & & no current to output & & $NOOP$ \\ - FS4: $IC2$ $LOW\_SLEW$ & & delay signal & & $LOW\_{SLEW}$ \\ \hline + FS4: $IC2$ $LOW\_SLEW$ & & delayed signal & & $LOW\_{SLEW}$ \\ \hline \end{tabular} \end{table} % \hline @@ -382,7 +382,7 @@ $$ \hline \hline FS1: $PD $ $HIGH$ & & output perm. low & & LOW \\ - FS2: $PD $ $LOW$ & & output perm. low & & HIGH \\ \hline + FS2: $PD $ $LOW$ & & output perm. high & & HIGH \\ \hline \hline FS3: $IC3$ $HIGH$ & & output perm. high & & HIGH \\ @@ -815,13 +815,8 @@ $$ - - - - \subsection{ LEDOutput: Failure Mode Effects Analysis } - - +% { \tiny \begin{table}[h+] @@ -1017,14 +1012,14 @@ Some standards, notably EN298 only consider most types of resistor as failing in %FMD-97 gives 27\% OPEN and 3\% SHORTED, for resistors under certain electrical and environmental stresses. % FMD-91 gives parameter change as a third failure mode, luvvverly 08FEB2011 This example -compromises and uses a 9:1 OPEN:SHORT ratio, for resistor failure. +compromises and uses a 9:1 OPEN:SHORT ratio for resistor failure. % Thus for this example resistors are expected to fail OPEN in 90\% of cases and SHORTED in the other 10\%. A standard fixed film resistor, for use in a benign environment, non military specification at temperatures up to {60\oc} is given a probability of 13.8 failures per billion ($10^9$) hours of operation (see equation \ref{eqn:resistor}). -In EN61508 terminology, this figure is referred to as a Failure in Time FIT\footnote{FIT values are measured as the number of +In EN61508 terminology, this figure is referred to as a Failure in Time (FIT)\footnote{FIT values are measured as the number of failures per Billion (${10}^9$) hours of operation, (roughly 114,000 years). The smaller the FIT number the more reliable the component.}. % @@ -1065,7 +1060,7 @@ Thus thermistor, bead type, `non~military~spec' is given a FIT of 315.0. \frategloss %Using the RIAC finding the following (table~\ref{tab:stat_single}) can be created which %presents the FIT values for all single failure modes. -Using the above table~\ref{tab:stat_single} is presented which lists the FIT values for all single failure modes. +Using the above; table~\ref{tab:stat_single} is presented which lists the FIT values for all single failure modes. %\glossary{name={FIT}, description={Failure in Time (FIT). The number of times a particular failure is expected to occur in a $10^{9}$ hour time period.}} \fmmdglossFIT % @@ -1087,6 +1082,7 @@ TC:4 $R_3$ OPEN & High Fault & Low Fault & 283.5 \\ \hline \hline TC:5 $R_2$ SHORT & - & Low Fault & 1.38 \\ TC:6 $R_2$ OPEN & High Fault & High Fault & 12.42 \\ \hline +TC:6 $R_2$ OPEN & High Fault & High Fault & 12.42 \\ \hline \hline \end{tabular} \label{tab:stat_single} @@ -1098,8 +1094,9 @@ The FIT for the circuit as a whole is the sum of MTTF values for all the test cases. The Pt100 circuit here has a FIT of 342.6. This is an MTTF of about $\approx 360$ years per circuit. % -A probabilistic tree can now be drawn, with a FIT value for the overall Pt100 -circuit and FIT values for all its component fault modes. % from which it was calculated. +A probabilistic tree can now be drawn, see figure~\ref{fig:stat_single}, with a FIT value for the overall Pt100 +circuit and +FIT values for all its component fault modes. % from which it was calculated. % From this it can be seen that the most likely fault is the thermistor going OPEN. % @@ -1145,7 +1142,7 @@ failures in the electronic examples from chapter~\ref{sec:chap5} in table~\ref{t The failure mode of most concern, the undetectable {\textbf{FLOATING}} condition, requires that resistors $R_1$ and $R_2$ both fail. % -Multiplying the MTTF probabilities for these types of resistor failing gives the MTTF for both failing. +Multiplying the MTTF probabilities for these types of resistor failing gives the MTTF for both failing simultaneously. % The FIT value of 12.42 corresponds to $12.42 \times {10}^{-9}$ failures per hour. %