now doing this at work, Friday id PhD afternoon though

mybib.bib

@@ -587,7 +587,8 @@ number={2},
 
 @INPROCEEDINGS{FMEAmultiple653556,
 author={Price, C.J. and Taylor, N.S.},
-booktitle={Reliability and Maintainability Symposium, 1998. Proceedings., Annual}, title={FMEA for multiple failures},
+booktitle={Reliability and Maintainability Symposium, 1998. Proceedings., Annual}, 
+title={FMEA for multiple failures},
 year={1998},
 month={jan},
 volume={},

submission_thesis/CH2_FMEA/copy.tex

@@ -892,8 +892,13 @@ failures\footnote{Multiple simultaneous failures are taken to mean failures that
 Detection periods are typically determined for the process under control. For instance, for a flame detector in an industrial burner this
 is typically one second.~\cite{en298}}. 
 %
-Work has been performed using component failure statistics to
-offer the more likely multiple failures~\cite{FMEAmultiple653556} for analysis.
+Multiple failures may cause the same system level failure (i.e. two separate failures
+could cause the same system failure, and in combination still cause the same failure), this
+can be termed a common failure result.
+%
+Work has been performed using component failure statistics and logic to
+offer selected---by virtue of statistical likelihood and common failure result reduction---multiple failures for analysis
+and consideration by an investigating engineer~\cite{FMEAmultiple653556}.
 %
 %We now compound the multiple symptoms from one {\bc} {\fm} possibility
 %with the merging of Markov chains.
@@ -906,7 +911,7 @@ meaning the additional failures might have to be analysed with respect to the ch
 %for the the results of an FMEA line of reasoning.
 Because multiple failures mean dealing with changed topologies
 the objective criteria is additionally complicated with the subjective
-adding another layer of complication.
+adding yet another layer of complication.
 %
 %
 Traditional FMEA has the translation from an objective to subjective 
@@ -1137,7 +1142,7 @@ is given in section~\ref{sec:resistortolerance}.
     \item \textbf{FMECA - Criticality}  Emphasis on minimising the effect of critical systems failing; % Military/Space
     \item \textbf{FMEDA - Statistical Safety} Statistical analysis giving Safety Integrity Levels;
    \item \textbf{DFMEA - Design or Static/Theoretical}  Approval of safety critical systems using FMEA and single or double failure prevention;%  EN298/EN230/UL1998
-   \item \textbf{SFMEA - Software FMEA --- only used in highly critical systems at present}
+   \item \textbf{SFMEA - Software FMEA} --- Usage not enforced by most current standards~\cite{en298,en230,en61508}. %only used in highly critical systems at present.
 \end{itemize}
 
 
@@ -1567,7 +1572,17 @@ so that the entry can be more easily reviewed or revisited/audited. % than a tra
 %
 Because FMEA is traditionally performed with one entry per component {\fm}, full reasoning descriptions
 are rare. 
-This means that re-use, review and checking of traditional analysis must often be started from `cold'.
+%
+Another effect on a one entry per failure mode model, is that the terminology
+may be inconsistent. Failure symptoms, although being the same at a system level, may be
+given different names in the same project.
+%
+These factors mean that re-use, review and checking of traditional analysis can often be started from `cold'.
+%
+Work has been performed to assist in incremental FMEA production by use of a software  tool
+which in conjunction with circuit simulation
+and a database of component failure modes (providing consistency in terminology)
+speeds up the FMEA process~\cite{incrementalfmea}.
 %
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

submission_thesis/CH3_FMEA_criticism/copy.tex

@@ -46,6 +46,7 @@ of the era when FMEA methodologies were invented.
 With FMEA it is very difficult to perform %impossibility of performing 
 meaningful
 multiple failure analysis~\cite{FMEAmultiple653556,maikowski}.
+%
 The main reasons for this are that in electronics, each failure
 can introduce a circuit topology change and state explosion
 means there can be  extremely large numbers of double failures to check. 
@@ -225,7 +226,7 @@ This property is examined in section~\ref{sec:theoreticalperfmodel}.
 A comparison complexity order, or reasoning distance, of $O(N^2)$
 could be seen as desirable in an automated process such as a search algorithm, 
 but here it is a time consuming manual process which 
-demands experienced and highly qualified personnel.
+demands experienced and highly qualified personnel~\cite{automatingFMEA1281774}.
 %
 It is therefore desirable to reduce this order further.
 
@@ -258,7 +259,9 @@ Work has been performed using databases
 to track the relationships between variables 
 and system failure modes~\cite{procsfmeadb}, to %work has been performed to 
 introduce automation into the FMEA process~\cite{appswfmea} and to provide code analysis
-automation~\cite{modelsfmea}. Although the SFMEA and hardware FMEAs are performed separately,
+automation~\cite{modelsfmea}. 
+%
+Although the SFMEA and hardware FMEAs are performed separately,
 some schools of thought aim for Fault Tree Analysis (FTA)~\cite{nasafta,nucfta} (top down - deductive) 
 and FMEA (bottom-up inductive)
 to be performed on the same system to provide insight into the
@@ -268,11 +271,17 @@ Subtle problems in embedded software are often due to interrupt contention causi
 corruption of variables: automated tools to aid the detection of this
 are becoming available~\cite{concurrency_c_tool}.
 %
+Work has been performed to  parse software, and to map source code statements as edges
+and variables as nodes, to form directed acyclic graphs~\cite{sfmea}, where failure mode propagation
+can be traced.
+%
 Although current software FMEA techniques
 should give a better picture of the failure mode behaviour, 
 they are by no means a rigorous approach to tracing errors that may occur in hardware being followed
 through to the top (and therefore ultimately controlling) layer of software.
 %
+That is they do not offer an integrated software hardware failure mode model.
+%
 With the increasing use of micro-controllers in place of much analogue electronics
 for most new designs of electronic product, the poor software integration capabilities of FMEA
 are now being seen as deficiencies. 
@@ -509,8 +518,10 @@ getting too complicated for meaningful analysis using FMEA.
 %
 
 \subsection{FMEA Criticism: Conclusions.}
+%
 FMEA is a useful tool for basic safety --- it provides statistics on safety where field data is impractical ---
 and is good with single failure modes linked to top level events. 
+%
 FMEA has become part of the safety critical and safety certification industries.
 %
 SFMEA is in its infancy, and there are corresponding gaps in  
@@ -529,7 +540,7 @@ with a one step analysis stage.
 % \begin{itemize}
 %  \item Impossible to integrate Software and hardware models,
 %  \item State explosion problem exacerbated by increasing complexity due to density of modern electronics,
-%  \item Impossible to consider all multiple component failure modes~\cite{FMEAmultiple653556}
+%  \item Impossible to consider all multiple component failure modes~\cite{FMEAmultbbbiple653556}
 % \end{itemize}
 %
 %\subsection{FMEA - Better Methodology - Wish List}

submission_thesis/appendixes/detailed_analysis.tex

@@ -2,7 +2,7 @@
 \chapter{Detailed FMMD analyses}
 
 For clarity the detailed workings of the FMMD analysis stages in many of the examples
-in chapter 5 have been moved here for reference.
+in chapters ~\ref{sec:chap5}~and~\ref{sec:chap6}  have been moved here for reference.
 
 \section{Bubba Oscillator FMMD analyses}
 
@@ -124,7 +124,7 @@ $$
 \begin{table}[h+]
 \caption{BUFF45: Failure Mode Effects Analysis} % title of Table
 \label{tbl:buff45}
-
+\centering
 \begin{tabular}{|| l | l | c | c | l ||} \hline
  %\textbf{Failure Scenario} & &  \textbf{BUFF45}         &   & \textbf{Symptom}          \\ 
  %                          & &                          &   &                           \\
@@ -132,7 +132,7 @@ $$
  \textbf{cause}   & &  \textbf{Effect}             &   &          \\
  
                \hline
-     FS1: $PHS45_1$  $0\_phaseshift$        &  &  phase shift low              &  &   $0\_phaseshift$       \\  
+     FS1: $PHS45_1$  $0\_phaseshift$        &  &  no phase shift        &  &   $0\_phaseshift$       \\  
      FS2: $PHS45_1$  $no\_signal$            &  &  signal lost                  &  &   $NO_{signal}$          \\  \hline 
      %FS3: $PHS45_1$  $90\_phaseshift$         &  &  phase shift high                &  &    $90\_phaseshift$          \\  \hline 
 
@@ -237,7 +237,7 @@ $$
 
 Collecting symptoms from table~\ref{tbl:phs225amp}, the {\dc} $PHS225AMP $ is created with the following failure modes:
 $$    
-    fm() = \{  180\_phaseshift,  NO\_signal   \} .
+    fm(PHS225AMP) = \{  180\_phaseshift,  NO\_signal   \} .
 $$
 \clearpage
 
@@ -349,7 +349,7 @@ $$
   FS1: $IC2$  $HIGH$        &  &    output perm. high            &  &   HIGH                 \\    
   FS2: $IC2$  $LOW$         &  &    output perm. low            &  &   LOW                 \\    
   FS3: $IC2$  $NOOP$        &  &    no current to output            &  &    $NOOP$            \\  
-  FS4: $IC2$  $LOW\_SLEW$   &  &   delay signal             &  &      $LOW\_{SLEW}$               \\ \hline 
+  FS4: $IC2$  $LOW\_SLEW$   &  &   delayed signal             &  &      $LOW\_{SLEW}$               \\ \hline 
 \end{tabular}
 \end{table} 
 % \hline
@@ -382,7 +382,7 @@ $$
                                 
                \hline \hline 
   FS1: $PD $  $HIGH$        &  &    output perm. low            &  &  LOW               \\    
-  FS2: $PD $  $LOW$         &  &    output perm. low            &  &   HIGH                \\   \hline 
+  FS2: $PD $  $LOW$         &  &    output perm. high            &  &   HIGH                \\   \hline 
   
 \hline 
   FS3: $IC3$  $HIGH$        &  &     output perm. high             &  &      HIGH              \\    
@@ -815,13 +815,8 @@ $$
 
 
 
-
-
-
-
 \subsection{ LEDOutput: Failure Mode Effects Analysis }
-
-
+%
 {
 \tiny
 \begin{table}[h+]
@@ -1017,14 +1012,14 @@ Some standards, notably EN298 only consider most types of resistor as failing in
 %FMD-97 gives 27\% OPEN and 3\% SHORTED, for resistors under certain electrical and environmental stresses. 
 % FMD-91 gives parameter change as a third failure mode, luvvverly 08FEB2011
 This example 
-compromises and uses a 9:1 OPEN:SHORT ratio, for resistor failure. 
+compromises and uses a 9:1 OPEN:SHORT ratio for resistor failure. 
 %
 Thus for this example resistors are expected to fail OPEN in 90\% of cases and SHORTED 
 in the other 10\%.
 A standard fixed film resistor, for use in a benign environment, non military specification at
 temperatures up to {60\oc} is given a probability of 13.8 failures per billion ($10^9$)
 hours of operation (see equation \ref{eqn:resistor}). 
-In EN61508 terminology, this figure is referred to as a Failure in Time FIT\footnote{FIT values are measured as the number of 
+In EN61508 terminology, this figure is referred to as a Failure in Time (FIT)\footnote{FIT values are measured as the number of 
 failures per Billion (${10}^9$) hours of operation, (roughly 114,000 years). The smaller the 
 FIT number the more reliable the component.}.
 %
@@ -1065,7 +1060,7 @@ Thus thermistor, bead type, `non~military~spec' is given a FIT of 315.0.
 \frategloss
 %Using the RIAC finding the following (table~\ref{tab:stat_single}) can be created which
 %presents the FIT values for all single failure modes.
-Using the above table~\ref{tab:stat_single} is presented which lists the FIT values for all single failure modes.
+Using the above; table~\ref{tab:stat_single} is presented which lists the FIT values for all single failure modes.
 %\glossary{name={FIT}, description={Failure in Time (FIT). The number of times a particular failure is expected to occur in a $10^{9}$ hour time period.}}
 \fmmdglossFIT
 %
@@ -1087,6 +1082,7 @@ TC:4 $R_3$  OPEN     &  High Fault         & Low  Fault    &   283.5 \\ \hline
 \hline
 TC:5 $R_2$ SHORT     &  -         &  Low Fault   &  1.38  \\  
 TC:6 $R_2$ OPEN     &  High Fault         & High Fault     & 12.42 \\ \hline
+TC:6 $R_2$ OPEN     &  High Fault         & High Fault     & 12.42 \\ \hline
 \hline
 \end{tabular} 
 \label{tab:stat_single}
@@ -1098,8 +1094,9 @@ The FIT for the circuit as a whole is the sum of MTTF values for all the
 test cases. The Pt100 circuit here has a  FIT of 342.6. This is an MTTF of
 about $\approx 360$ years per circuit.
 %
-A probabilistic tree can now be drawn, with a FIT value for the overall Pt100
-circuit and FIT values for all its component fault modes. % from which  it was calculated.
+A probabilistic tree can now be drawn, see figure~\ref{fig:stat_single}, with a FIT value for the overall Pt100
+circuit and 
+FIT values for all its component fault modes. % from which  it was calculated.
 %
 From this it can be seen that  the most likely fault is the thermistor going OPEN.
 %
@@ -1145,7 +1142,7 @@ failures in the electronic examples from chapter~\ref{sec:chap5} in table~\ref{t
 The failure mode of most concern, the undetectable {\textbf{FLOATING}} condition,
 requires that resistors $R_1$ and $R_2$ both fail.
 %
-Multiplying the MTTF probabilities for these types of resistor failing gives the MTTF for both failing.
+Multiplying the MTTF probabilities for these types of resistor failing gives the MTTF for both failing simultaneously.
 %
 The FIT value of 12.42 corresponds to $12.42 \times {10}^{-9}$ failures per hour. 
 %