From 8bd0e5291a76980aef56481a0fe293c6b1ca5326 Mon Sep 17 00:00:00 2001 From: Robin Clark Date: Thu, 10 Feb 2011 15:11:26 +0000 Subject: [PATCH] lunchtime edit --- fmmdset/fmmdset.tex | 72 +++++++++++++++++--------- fmmdset/paper.tex | 2 + mybib.bib | 22 ++++++++ style.tex | 122 -------------------------------------------- thesis.tex | 2 + 5 files changed, 75 insertions(+), 145 deletions(-) diff --git a/fmmdset/fmmdset.tex b/fmmdset/fmmdset.tex index ce75cb4..fd0a299 100644 --- a/fmmdset/fmmdset.tex +++ b/fmmdset/fmmdset.tex @@ -5,32 +5,57 @@ \ifthenelse {\boolean{paper}} { \begin{abstract} -This paper describes -a methodology to analyse -safety critical designs from a failure mode perspective. -This paper concentrates on the hierarchical model: the analysis -phases (symtom abstraction) and {\fgs} are dealt with -in \cite{symptom_ex}. -The (Failure Mode Modular De-Composition) FMMD methodology provides -a rigorous method for creating a fault effects model of a system from the bottom up using {\bc} level fault modes. -Using symptom extraction, and taking {\fgs} of components, a fault behaviour -hierarchy is built, forming a fault model tree. -From the fault model trees, +This paper describes an incremental and modular approach to traditional FMEA +design analysis. + +%a methodology to analyse +%safety critical designs from a failure mode perspective. +%This paper concentrates on the hierarchical model: the analysis +%phases (symtom abstraction) and {\fgs} are dealt with +%in \cite{symptom_ex}. + +This methodology, Failure Mode Modular De-Composition (FMMD) provides +a rigorous method for creating a failure mode model of +a SYSTEM from the bottom up starting with {\bc} level failure modes. + +The FMMD process in outline is that, +components are collected into functional groups, which are analysed from a failure mode perspective, +and then a failure mode behaviour for each particular {\fg} is determined. +From this failure mode behaviour we can now treat the {\fg} +as a component or `black~box', with a known set of failure modes. +We can thus create a new component, a {\dc}, that we can use in place +of the functional group in our design. +% +By collecting {\dcs} into {\fgs} and analysing these into higher level {\dcs} a +hierarchy is naturally formed. This hierarchy is termed an `FMMD failure mode tree'. + +From the FMMD failure mode trees, modular re-usable sections of safety critical systems, -and accurate, statistical estimation for fault frequency can be derived automatically. -It provides the means to trace the causes of dangerous detected and dangerous undetected faults. -It provides the means to produce Minimal cut-sets, FTA diagrams and FMEDA models, from +%and accurate, statistical estimation for fault frequency can be derived/ +can be extracted automatically. +Thus FMMD supports re-use of analysed design sections. + +The failure mode relationships, when traced, are of the form of +a directed acyclic graph. SYSTEM or top level failure modes +can be traced back to the base components that can cause them. +This means that components that may cause more than one SYSTEM failure +are handled naturally by the FMMD methodology. + +FMMD provides the means to trace the causes of dangerous detected and dangerous undetected faults. +FMMD provides the means to produce cut-sets, minimal cut-sets, FTA diagrams, FMECA and FMEDA models, from a data model built by the FMMD methodology. -It has a common notation spanning mechanical, electrical and software failures, -and incorporating them into system models. It has been designed for small safety critical embedded +It has been designed for small safety critical embedded systems, but because of its modular and hierarchical nature, can be used to model larger systems. -It is intended to be used to formally prove systems to meet EN and UL standards, including and not limited to +FMMD was originally designed to aid formal proof for industrial burner systems, to meet EN and UL standards, including and not limited to EN298, EN61508, EN12067, EN230, UL1998. +FMMD has a common notation spanning mechanical, electrical and software domians. +Thus complete failure mode models can be produced for electro mechanical systems controlled +by a micro-processor. \end{abstract} } { -This chapter describes the Failure Mode Modular De-Composition (FMMD) +This \chappap describes the Failure Mode Modular De-Composition (FMMD) methodology to analyse safety critical designs from a failure mode perspective, with emphasis on building a hierarchical model, in an incremental and modular fashion. %Failure Mode Modular De-Composition (FMMD) @@ -46,7 +71,7 @@ It provides the means to produce Minimal cut-sets, FTA diagrams and FMEDA models a data model built by the FMMD methodology. It has a common notation spanning mechanical, electrical and software failures, and can integrate all three into the same system models. It has been designed for small safety critical embedded -systems, but because of its modular and hierarchical nature, can be used to model larger systems. +systems~\cite{Clark200519}, but because of its modular and hierarchical nature, can be used to model larger systems. It is intended to be used to formally prove systems to meet EN and UL standards, including and not limited to EN298, EN61508, EN12067, EN230, UL1998. } @@ -60,7 +85,7 @@ EN298, EN61508, EN12067, EN230, UL1998. The purpose of the FMMD methodology is to apply formal techniques to the assessment of safety critical designs, aiding in identifying detected and undetectable faults \footnote{Undetectable faults are faults which may occur but are not self~detected, or are impossible to detect by the system.}. -Formal methods are just beginning to be specified in some safety standards.\footnote{Formal methods +Formal methods are beginning to be specified in some safety standards.\footnote{Formal methods such as the Z notation appear as `highly recommended' techniques in the EN61508 standard\cite{en61508}, but apply only to software currently. Semi formal methods such as FMEDA are recomended for electronics.} However, some standards are now implying the handling of simultaneous faults which complicates the scenario based approvals that are @@ -155,7 +180,7 @@ together to form functional groups and create new {\dcs} at a higher abstraction level. \ifthenelse {\boolean{paper}} { -Reference the symptom abstraction paper here +%Reference the symptom abstraction paper here } { This analysis and symptom collection process is described in detail in the Symptom Extraction chapter (see section \ref{symptomex}). @@ -615,8 +640,9 @@ This is commonly referred to as a multi-channel safety critical system. Where there are 2 channels and one arbiter, the term 1oo2 is used (one out of two). The Ericsson AXE telephone exchange hardware is a 1oo2 system, and the arbiter (the AMD) can detect and switch control within on processor instruction. Should a hardware error -be detected,\footnote{Or in a test plant environment, more likely someone coming along and `borrowing' a cpu board from -your working exchange} the processor will switch to the redundant side without breaking any telephone calls +be detected,%\footnote{Or in a test plant environment, more likely someone coming along and `borrowing' a cpu board from +%your working exchange} +the processor will switch to the redundant side without breaking any telephone calls or any being set up. An alarm will be raised to inform that this has happened, but the performance impact to the 1oo2 system, is a one micro-processor instruction delay to the entire process. diff --git a/fmmdset/paper.tex b/fmmdset/paper.tex index 2740f19..0db6a51 100644 --- a/fmmdset/paper.tex +++ b/fmmdset/paper.tex @@ -9,6 +9,8 @@ \newboolean{paper} \setboolean{paper}{true} % boolvar=true or false +\newcommand{\chappap}{paper} + \input{../style} \begin{document} diff --git a/mybib.bib b/mybib.bib index 5d7ef17..8255810 100644 --- a/mybib.bib +++ b/mybib.bib @@ -4,6 +4,28 @@ % $Id: mybib.bib,v 1.3 2009/11/28 20:05:52 robin Exp $ +@article{Clark200519, + title = "Failure Mode Modular De-Composition Using Spider Diagrams", + journal = "Electronic Notes in Theoretical Computer Science", + volume = "134", + number = "", + pages = "19 - 31", + year = "2005", + note = "Proceedings of the First International Workshop on Euler Diagrams (Euler 2004)", + issn = "1571-0661", + doi = "DOI: 10.1016/j.entcs.2005.02.018", + url = "http://www.sciencedirect.com/science/article/B75H1-4G6XT71-3/2/0e3a47df2ec15bfba9f85feae81786e3", + author = "R.P. Clark", + keywords = "Failsafe", + keywords = "EN298", + keywords = "gas-safety", + keywords = "burner", + keywords = "control", + keywords = "fault", + keywords = "double-fault", + keywords = "single-fault", + keywords = "fault-tolerance" +} @ARTICLE{ftahistory, AUTHOR = "Clifton Ericsson", diff --git a/style.tex b/style.tex index f68d96b..947e190 100644 --- a/style.tex +++ b/style.tex @@ -1,37 +1,4 @@ % -%============= Definition of {asyoulikeit} page style ======================* -% -% Jonathan Burch This is the terse form - expanded, formatted, -% 20-Jan-1989 commented version in TEX$LATEX:ASYOULIKEIT.FULL -%% -%\catcode`\@=11\def\ps@asyoulikeit{\def\@oddhead{\hbox{}\lp@innerhead -%\lp@headfill\lp@middlehead\lp@headfill\lp@outerhead}\def\@evenhead -%{\hbox{}\lp@outerhead\lp@headfill\lp@middlehead\lp@headfill\lp@innerhead} -%\def\@oddfoot{\hbox{}\lp@innerfoot\lp@footfill\lp@middlefoot\lp@footfill -%\lp@outerfoot}\def\@evenfoot{\hbox{}\lp@outerfoot\lp@footfill\lp@middlefoot -%\lp@footfill\lp@innerfoot}\def\sectionmark##1{}\def\subsectionmark##1{}} -%\def\lp@innerhead{}\def\lp@middlehead{}\def\lp@outerhead{}\def\lp@innerfoot{} -%\def\lp@middlefoot{ {\thepage} }\def\lp@outerfoot{}\def\lp@headfill{\hfil} -%\def\lp@footfill{\hfil}\newcommand{\lp@linefill}{\leaders\hrule height 0.55ex -%depth -0.5ex\hfill}\newcommand{\innerhead}[1]{\def\lp@innerhead{#1}} -%\newcommand{\middlehead}[1]{\def\lp@middlehead{#1}}\newcommand{\outerhead}[1] -%{\def\lp@outerhead{#1}}\newcommand{\innerfoot}[1]{\def\lp@innerfoot{#1}} -%\newcommand{\middlefoot}[1]{\def\lp@middlefoot{#1}}\newcommand{\outerfoot}[1] -%{\def\lp@outerfoot{#1}}\newcommand{\lineheadfill}{\def\lp@headfill -%{\lp@linefill}}\newcommand{\linefootfill}{\def\lp@footfill{\lp@linefill}} -%\newcommand{\blankheadfill}{\def\lp@headfill{\hfill}}\newcommand -%{\blankfootfill}{\def\lp@footfill{\hfill}}\newcommand{\documentnumber}[1] -%{\def\lp@docno{#1}\outerhead{\lp@docno}}\def\lp@docno{}\def\@maketitlet -%{\newpage\null\vskip -14ex\hbox{}\hfill\lp@docno\vskip 13ex\begin{center} -%{\LARGE\@title\par}\vskip 1.5em{\large\lineskip .5em\begin{tabular}[t]{c} -%\@author\end{tabular}\par}\vskip 1em{\large\@date}\end{center}\par\vskip 3em} -%\def\abstract{\if@twocolumn\section*{Abstract}\else\small\begin{center} -%{\bf Abstract\vspace{-.5em}\vspace{0pt}}\end{center}\quotation\fi}\def -%\endabstract{\if@twocolumn\else\endquotation\fi}\ps@asyoulikeit\catcode`\@=12 -%% -%=========== End of {asyoulikeit} page style definition ====================* - -\DeclareSymbolFont{AMSb}{U}{msb}{m}{n} \DeclareMathSymbol{\N}{\mathbin}{AMSb}{"4E} \DeclareMathSymbol{\Z}{\mathbin}{AMSb}{"5A} \DeclareMathSymbol{\R}{\mathbin}{AMSb}{"52} @@ -48,24 +15,6 @@ \setlength{\textwidth}{160mm} \setlength{\textheight}{220mm} \setlength{\oddsidemargin}{0mm} \setlength{\evensidemargin}{0mm} % -% Local definitions -% ----------------- -%\newcommand{\eg}{{\it e.g.}} -%\newcommand{\etc}{{\it etc.}} -%\newcommand{\ie}{{\it i.e.}} -%\newcommand{\qv}{{\it q.v.}} -%\newcommand{\viz}{{\it viz.}} -%\newcommand{\degs}[1]{$#1^\circ$} % Degrees symbol -%\newcommand{\mins}[1]{$#1^{\scriptsize\prime}$} % Minutes symbol -%\newcommand{\secs}[1]{$#1^{\scriptsize\prime\prime}$} % Seconds symbol -%\newcommand{\key}[1]{\fbox{\sc#1}} % Box for keys -%\newcommand{\?}{\_\hspace{0.115em}} % Proper spacing for -% % underscore -%\newcommand{\rev}{PA5} -%\newcommand{\etcdoc}{ HR222975 } -%\newcommand{\wlc}{{Water~Level~Controller~Unit}} -%\newcommand{\ft}{{\em 4 $\rightarrow$ 20mA } } -%\newcommand{\tds}{TDS Daughterboard} \newcommand{\oc}{\ensuremath{^{o}{C}}} \newcommand{\adctw}{{${\mathcal{ADC}}_{12}$}} \newcommand{\adcten}{{${\mathcal{ADC}}_{10}$}} @@ -90,64 +39,6 @@ failure mode of the component or sub-system}}} \newcommand{\frategloss}{\glossary{name={failure rate}, description={The number of failure within a population (of size N), divided by N over a given time interval}}} \newcommand{\pecgloss}{\glossary{name={PEC},description={A Programmable Electronic controller, will typically consist of sensors and actuators interfaced electronically, with some firmware/software component in overall control}}} - -%----- Display example text (#1) in typewriter font - -%\newcommand{\example}[1]{\\ \smallskip\hspace{1in}{\tt #1}\hfil\\ -% \smallskip\noindent} -% -%----- Enclose text (#2) in ruled box of given thickness (#1) - -%\def\boxit#1#2{\vbox{\hrule height #1pt\hbox{\vrule width #1pt\hskip 5pt -% \vbox{\vskip 5pt #2 \vskip 5pt}\hskip 5pt -% \vrule width #1pt}\hrule height #1pt}} -% -%----- Display boxed warning text (#1) - -%\def\warning#1{\bigskip -% \setbox1=\vbox{\tolerance=5000\parfillskip=0pt -% \hsize=3in\noindent#1} -% \centerline{\boxit{1.0}{\box1}} -% \bigskip} - -%----- Definitions to aid display of help text -% (modelled on \item and \itemitem) - -%\def\helpindent#1{\setbox2=\hbox to\parindent{{\it #1}\hfil} -% \indent\llap{\box2}\ignorespaces} -%\def\helpitem{\parindent=70pt\par\hang\helpindent} -%\def\helpitemitem{\parindent=70pt\par\indent \parindent=80pt -%\hangindent2\parindent \helpindent} -% -%----- Tables and footnotes to tables -% -%\newcommand{\spacerA}{\rule{0mm}{4mm}} -%\newcommand{\spacerB}{\rule[-2mm]{0mm}{5mm}} -%\footnotesep=5mm -%\renewcommand{\footnoterule}{{\small Notes:}} - -%% Robin 01AUG2008 -%% - -%\newcounter{examplec} -%\newcounter{definitionc} -%\newcounter{summaryc} - -%\@addtoreset{examplec}{chapter}\renewcommand\theexamplec{\thechapter.arabic{examplec}} -%\@addtoreset{definitionc}{chapter} -%\@addtoreset{summaryc}{chapter} - -%\renewcommand\examplec{\arabic{examplec}} - -%\newenvironment{example} -%{ -% \stepcounter{examplec} \vspace{10pt} \normalfont\bfseries Example:\normalfont\[{\arabic{chapter}.\arabic{examplec}}\] -% \normalfont \begin{quote}}{\end{quote}\par} -%\newenvironment{definition} -%\newenvironment{example} -%{ -% \stepcounter{examplec} \vspace{10pt} \normalfont\bfseries Example:\normalfont\[{\arabic{chapter}.\arabic{examplec}}\] -% \normalfont \begin{quote}}{\end{quote}\par} \usepackage{amsthm} \newtheorem{example}{Example:} @@ -167,16 +58,3 @@ failure mode of the component or sub-system}}} \newcommand{\Complex} {{\mathbb C}} \newcommand{\Rational} {{\mathbb Q}} % -%\newenvironment{example} -%{ \stepcounter{examplec} \vspace{10pt} \normalfont\bfseries Example:(\arabic{chapter}.\arabic{examplec}) -% \normalfont \begin{quote}}{\end{quote}\par} - -% -%\newenvironment{definition} -%{ \stepcounter{definitionc} \vspace{10pt} \normalfont\bfseries Definition:(\arabic{chapter}.\arabic{definitionc}) -% \normalfont \begin{quote}}{\end{quote}\par} -% -%\newenvironment{summary} -%{ \vspace{10pt} \normalfont\bfseries Summary: -% \normalfont \begin{quote}}{\end{quote}\par} -% diff --git a/thesis.tex b/thesis.tex index ea03be4..272b23e 100644 --- a/thesis.tex +++ b/thesis.tex @@ -26,6 +26,8 @@ \fancyhf{} \cfoot{Page \thepage} +\newcommand{\chappap}{chapter} + \input{titlepage/titlepage} \clearpage