From 8d39f0c3105cb9dbb0f402f18d7affeab77096e0 Mon Sep 17 00:00:00 2001
From: Robin Clark <R.P.Clark@brighton.ac.uk>
Date: Sat, 27 Oct 2012 16:48:37 +0100
Subject: [PATCH] Chapter 5 gone trhough a printout--edit on paper--update
 cycle.

---
 submission_thesis/CH5_Examples/Makefile      |   2 +-
 submission_thesis/CH5_Examples/copy.tex      | 197 +++++++++++--------
 submission_thesis/CH5_Examples/eulerswhw.dia | Bin 0 -> 1177 bytes
 3 files changed, 116 insertions(+), 83 deletions(-)
 create mode 100644 submission_thesis/CH5_Examples/eulerswhw.dia

diff --git a/submission_thesis/CH5_Examples/Makefile b/submission_thesis/CH5_Examples/Makefile
index c6c84ff..8c40b2f 100644
--- a/submission_thesis/CH5_Examples/Makefile
+++ b/submission_thesis/CH5_Examples/Makefile
@@ -6,7 +6,7 @@ PNG_DIA = blockdiagramcircuit2.png  bubba_oscillator_block_diagram.png  circuit1
 	pt100_tc.png         pt100_tc_sp.png      shared_component.png   stat_single.png    three_tree.png  \
 	tree_abstraction_levels.png   vrange.png sigma_delta_block.png ftcontext.png ct1.png hd.png         \
         sigdel1.png sdadc.png bubba_euler_1.png bubba_euler_2.png eulersd.png eulersdfinal.png              \
-	eulerfivepole.png
+	eulerfivepole.png eulerswhw.png
 
 
 
diff --git a/submission_thesis/CH5_Examples/copy.tex b/submission_thesis/CH5_Examples/copy.tex
index 885c623..1b10b77 100644
--- a/submission_thesis/CH5_Examples/copy.tex
+++ b/submission_thesis/CH5_Examples/copy.tex
@@ -26,17 +26,17 @@ a variety of typical embedded system components including analogue/digital and e
 %Each example has been chosen to demonstrate 
 %FMMD applied to 
 %
-The first section
-~\ref{sec:determine_fms} looks at how we determine failure mode sets for {\bcs} 
-(in the context of the safety standards
-we are using for our particular project).
+% % The first section
+% % ~\ref{sec:determine_fms} looks at how we determine failure mode sets for {\bcs} 
+% % (in the context of the safety standards
+% % we are using for our particular project).
 %
-This is followed by several example FMMD analyses, 
-the first analysing a common configuration of
+%This is followed by several example FMMD analyses, 
+The first applies FMMD to a common configuration of
 the inverting amplifier (see section~\ref{sec:invamp}) using 
-an op-amp and two resistors, which demonstrates how the re-use of the potential divider from section~\ref{subsec:potdiv}.
-The inverting amplifier is analysed again, but this time with different
-{\fgs}. The two approaches, i.e. choice of membership for {\fgs},  are then discussed.
+an op-amp and two resistors; this demonstrates how the re-use of the potential divider from section~\ref{subsec:potdiv}.
+The inverting amplifier is analysed again, but this time with a different
+composition of {\fgs}. The two approaches, i.e. choice of membership for {\fgs},  are then discussed.
 %~\ref{sec:chap4} 
 %can be re-used. %, but with provisos.
 %
@@ -44,19 +44,21 @@ The inverting amplifier is analysed again, but this time with different
 %(see section~\ref{sec:diffamp}) 
 Section~\ref{sec:diffamp} analyses a circuit where two op-amps are used 
 to create a differencing amplifier. 
-Building on the two approaches section~\ref{sec:invamp}, re-use of the potential divider {\dc}
+Building on the two approaches from section~\ref{sec:invamp}, re-use of the non-inverting amplifier {\dc} from section~\ref{sec:invamp}
 is discussed in the context of this circuit, 
 where its re-use is appropriate in the first stage and 
 not in the second.
 %
 Section~\ref{sec:fivepolelp} analyses a Sallen-Key based five pole low pass filter.
-This demonstrates FMMD being able to re-use the first Sallen-Key analysis, %encountered as a {\dc}
-thus saving time and effort for the analyst.
+This demonstrates re-use the first Sallen-Key analysis, %encountered as a {\dc}
+increasing test effeciency. %saving time and effort for the analyst.
 %
 Section~\ref{sec:bubba} shows FMMD applied to a circular circuit topology---the `Bubba' oscillator---which uses 
-four op-amp stages with supporting components.
+four op-amp stages with supporting components. Two analysis stategies are employed, one using
+initially identified {\fgs} and the second using a more complex hierarchy of {\fgs} and {\dcs}.
 %
-Section~\ref{sec:sigmadelta} shows FMMD analysing the sigma delta analogue to digital converter---again with a circular signal path---but which also operates on both 
+Section~\ref{sec:sigmadelta} shows FMMD analysing the sigma delta 
+analogue to digital converter---again with a circular signal path---which operates on both 
 analogue and digital signals.
 %
 % Moving Pt100 to metrics
@@ -604,11 +606,15 @@ Both approaches are followed in the next two sub-sections.
 
 \subsection{First Approach: Inverting OPAMP using a Potential Divider {\dc}}
 
-We cannot simply re-use the $PD$ from section~\ref{subsec:potdiv}---that potential divider would only be valid if the  input signal were negative.
-We want if possible to have detectable errors. HIGH and LOW failures are more observable  than the more generic failure modes such as `OUTOFRANGE'.
-If we can refine the operational states of the functional group, we can obtain clearer
-symptoms.
-If we consider the input will only be positive, we can invert the potential divider (see table~\ref{tbl:pdneg}).
+We cannot simply re-use the $PD$ from section~\ref{subsec:potdiv}, not simply because
+the potential divider is inverted, but, in addition the 
+output feedback forms a current balance with the input signal. %---that potential divider would only be valid if the  input signal were negative.
+%We want if possible to have detectable errors. 
+%HIGH and LOW failures are more observable  than the more generic failure modes such as `OUTOFRANGE'.
+%If we can refine the operational states of the functional group, we can obtain clearer
+%symptoms.
+Were the input to be guaranteed % the input will only be 
+positive, we could the potential divider (see table~\ref{tbl:pdneg}).
 
 \begin{table}[h+]
 \caption{Inverted Potential divider: Single failure analysis}
@@ -909,7 +915,7 @@ the input voltages $+V1$ and $+V2$.
 The circuit is configured so that both inputs use the non-inverting, 
 and thus high impedance inputs, meaning that they will not 
 electrically over-load and/or unduly influence
-the sensors supplying the voltage signals used for measurement.
+the sensors or circuitry supplying the voltage signals used for measurement.
 It would be desirable to represent this circuit as a {\dc} called say $DiffAMP$.
 We begin by identifying functional groups from the components in the circuit.
 
@@ -1135,7 +1141,7 @@ $$ fm(SEC\_AMP) = \{ AMPHigh, AMPLow, LowPass, AMPIncorrectOutput \} .$$
 %the derived component for $NI\_AMP$
 
 \pagebreak[4]
-\subsection{Modelling the circuit}
+\subsection{Finishing stage of the $DiffAmp$ Analysis}
 
 For the final stage of this we can create a functional group consisting of
 two derived components of the type $NI\_AMP$ and $SEC\_AMP$.
@@ -1155,9 +1161,9 @@ two derived components of the type $NI\_AMP$ and $SEC\_AMP$.
 %   R         &    wire        & res +         & res -    & description
 \hline
 \hline
- TC1: $NI\_AMP$ AMPHigh          &  opamp 2 driven high               & DiffAMPLow \\ 
- TC2: $NI\_AMP$  AMPLow          &  opamp 2 driven low                &  DiffAMPHigh \\  
- TC3: $NI\_AMP$ LowPass          &  opamp 2 driven with lag           &  DiffAMP\_LP \\  \hline 
+ TC1: $NI\_AMP$ AMPHigh          &  IC2 output driven high               & DiffAMPLow \\ 
+ TC2: $NI\_AMP$  AMPLow          &  IC2 output driven low                &  DiffAMPHigh \\  
+ TC3: $NI\_AMP$ LowPass          &  IC2 output with lag           &  DiffAMP\_LP \\  \hline 
  TC4: $SEC\_AMP$ AMPHigh         &  Diff amplifier high               &   DiffAMPHigh\\  
  TC5: $SEC\_AMP$ AMPLow          &  Diff amplifier low                &  DiffAMPLow \\  
  TC6: $SEC\_AMP$ LowPass         &  Diff amplifier lag/lowpass        &  DiffAMP\_LP \\  
@@ -1170,10 +1176,8 @@ two derived components of the type $NI\_AMP$ and $SEC\_AMP$.
 
 
 
-Collecting the symptoms, we can determine the failure modes for this circuit, $\{DiffAMPLow, DiffAMPHigh,  DiffAMP\_LP, DiffAMPIncorrect \}$.
-
-
-We now create a derived component to represent the circuit in figure~\ref{fig:circuit1}.
+Collecting symptoms we determine the failure modes for this circuit, %$\{DiffAMPLow, DiffAMPHigh,  DiffAMP\_LP, DiffAMPIncorrect \}$.
+and create a derived component to represent the circuit in figure~\ref{fig:circuit1}.
 
 $$ fm (DiffAMP) = \{DiffAMPLow, DiffAMPHigh,  DiffAMP\_LP,  DiffAMPIncorrect\} $$
 
@@ -1185,7 +1189,7 @@ Using this we can trace any top level fault back to
 a component failure mode that could have caused it\footnote{ In fact we can 
 re-construct an FTA diagram from the information in this graph.
 We merely have to choose a top level event and work down using $XOR$ gates.}.
-
+%
 This circuit performs poorly from a safety point of view.
 Its failure modes could be indistinguishable from valid readings (especially
 when it becomes a V2 follower). 
@@ -1199,13 +1203,13 @@ when it becomes a V2 follower).
 \end{figure}
 
 The {\fm} $DiffAMPIncorrect$ may seem like a vague {\fm}---however, this {\fm} is  impossible to detect in this circuit---
-in fault finding terminology~\cite{garrett}~\cite{maikowski} this {\fm} is said to be unobservable, and in EN61508
+in fault finding terminology~\cite{garrett}~\cite{maikowski} this {\fm} is said to be unobservable, and in EN61508~\cite{en61508}
 terminology is called an undetectable fault.
 %
-Were this failure to have safety implications this FMMD analysis will have revealed
+Were this failure to have safety implications, this FMMD analysis will have revealed
 the un-observability and would likely prompt re-design of this 
 circuit\footnote{A typical way to solve an un-observability such as this is 
-to periodically switch in test signals in place of the input signal.}
+to periodically switch in test signals in place of the input signal.}.
 
 
 \clearpage
@@ -1248,15 +1252,17 @@ We begin with the first order low pass filter formed by $R10$ and $C10$.
 %
 This configuration (or {\fg}) is very commonly
 used in electronics to remove unwanted high frequencies/interference
-from a signal; Here it is being used as a first stage of
+from a signal; here it is being used as a first stage of
 a more sophisticated low pass filter.
 %
 R10 and C10 act as a potential divider, with the crucial difference between a purely resistive potential divider being
 that the impedance of the capacitor is lower for higher frequencies.
+%
 Thus higher frequencies are attenuated at the point that we
 read its output signal. 
+%
 However, from a failure mode perspective we can analyse it in a very similar way
-to a potential divider (see section~\ref{potdivfmmd}).
+to a potential divider (see section~\ref{subsec:potdiv}).
 Capacitors generally fail OPEN but some types fail OPEN and SHORT.
 We will consider the worst case two failure mode model for this analysis.
 We analyse the first order low pass filter in table~\ref{tbl:firstorderlp}.\\
@@ -1285,7 +1291,7 @@ We analyse the first order low pass filter in table~\ref{tbl:firstorderlp}.\\
 \end{table}  
 
 
-We can collect the symptoms $\{ LPnofilter,LPnosignal  \}$ and create a derived component
+We collect the symptoms $\{ LPnofilter,LPnosignal  \}$ and create a derived component
 called $FirstOrderLP$. Applying the $fm$ function yields $$ fm(FirstOrderLP) = \{ LPnofilter,LPnosignal  \}.$$
 
 \paragraph{Addition of Buffer Amplifier: First stage.}
@@ -1346,7 +1352,7 @@ on the schematic as in figure~\ref{fig:circuit2002_LP1}.
 \paragraph{Second order Sallen Key Low Pass Filter.}
 The next two filters in the signal path are R1,R2,C2,C1,IC2 and R3,R4,C4,C3,IC3.
 From a failure mode perspective these are identical.
-We can analyse the first one and then re-use these results for the second.
+We can analyse the first one and then re-use these results for the second (see figure~\ref{fig:circuit2002_FIVEPOLE}).
 
 \begin{table}[ht]
 \caption{Sallen Key Low Pass Filter SKLP: Failure Mode Effects Analysis: Single Faults} % title of Table
@@ -1572,10 +1578,10 @@ Our functional group for the phase shifter consists of a resistor and a capacito
  \textbf{cause}   &   \textbf{Effect}                & \textbf{Failure Mode}          \\
                       
                \hline
-     FS1: R  SHORT    &   0 degree's of phase shift      &    $0\_phaseshift$           \\ \hline
-     %                      90 degree's of phase shift   &  &    $90\_phaseshift$           \\ \hline
+     FS1: R  SHORT    &   0 degree's of phase shift      &    $0\_phaseshift$  \\        
+     %                      90 degree's of phase shift   &  &    $90\_phaseshift$         
      FS2: R  OPEN     &    No Signal                     &    $nosignal$           \\ \hline
-     FS3: C  SHORT    &    Grounded,No Signal            &    $nosignal$           \\ \hline
+     FS3: C  SHORT    &    Grounded,No Signal            &    $nosignal$           \\ 
      FS4: C  OPEN     &    0 degree's of phase shift     &    $0\_phaseshift$           \\ \hline
 
 \hline
@@ -1650,7 +1656,7 @@ or in Euler diagram format as in figure~\ref{fig:bubbaeuler1}.
 
 
      FS1: $PHS45_1$  $0\_phaseshift$        &  &  osc frequency high               &  &   $HI_{fosc}$          \\  
-     FS2: $PHS45_1$  $no\_signal$            &  &  signal lost                      &  &   $NO_{osc}$          \\  
+     FS2: $PHS45_1$  $no\_signal$            &  &  signal lost                      &  &   $NO_{osc}$          \\  \hline 
     % FS3: $PHS45_1$  $90\_phaseshift$         &  &  osc frequency low                &  &   $LO_{fosc}$          \\  \hline 
 
      FS3: $NIBUFF_1$  $L_{up}$      &  &  output high No Oscillation &  &    $NO_{osc}$           \\  
@@ -1669,7 +1675,7 @@ or in Euler diagram format as in figure~\ref{fig:bubbaeuler1}.
      FS12: $NIBUFF_2$  $L_{slew}$    &  &  signal lost                &  &   $NO_{osc}$          \\  \hline 
 
     FS13: $PHS45_3$  $0\_phaseshift$        &  &  osc frequency high               &  &   $HI_{fosc}$          \\  
-     FS14: $PHS45_3$  $no\_signal$            &  &  signal lost                      &  &   $NO_{osc}$          \\  
+     FS14: $PHS45_3$  $no\_signal$            &  &  signal lost                      &  &   $NO_{osc}$          \\  \hline 
    %  FS17: $PHS45_3$  $90\_phaseshift$         &  &  osc frequency low                &  &   $LO_{fosc}$          \\  \hline 
 
      FS15: $NIBUFF_3$  $L_{up}$      &  &  output high No Oscillation &  &    $NO_{osc}$           \\  
@@ -1678,7 +1684,7 @@ or in Euler diagram format as in figure~\ref{fig:bubbaeuler1}.
      FS18: $NIBUFF_3$  $L_{slew}$    &  &  signal lost                &  &   $NO_{osc}$          \\  \hline 
 
     FS19: $PHS45_4$  $0\_phaseshift$        &  &  osc frequency high               &  &   $HI_{fosc}$          \\  
-     FS20: $PHS45_4$  $no\_signal$            &  &  signal lost                      &  &   $NO_{osc}$          \\  
+     FS20: $PHS45_4$  $no\_signal$            &  &  signal lost                      &  &   $NO_{osc}$          \\  \hline 
   %   FS24: $PHS45_4$  $90\_phaseshift$         &  &  osc frequency low                &  &   $LO_{fosc}$          \\  \hline 
 
      FS21: $INVAMP$  $OUTOFRANGE$             &  &  signal lost                      &  &   $NO_{osc}$          \\  
@@ -1746,20 +1752,36 @@ We should be able to determine smaller {\fgs} and refine the model further.
  \label{fig:bubbaeuler2}
 \end{figure}
 
+\paragraph{Outline of finer grained FMMD analysis of the Bubba oscillator}
 %
-We take the pre-analysed $NIBUFF$ and $PHS45$
-{\dcs} into a {\fg} giving the {\dc} $BUFF45$.
- $BUFF45$ is a {\dc} representing an actively buffered $45^{\circ}$ phase shifter.
-and with those three, form a $PHS135BUFFERED$ 
-functional group.
-$PHS135BUFFERED$ is a {\dc} representing an actively buffered $135^{\circ}$ phase shifter.
+We use the pre-analysed $NIBUFF$ and $PHS45$
+{\dcs} to form a {\fg}, analysed in table~\ref{tbl:buff45}, giving the
+{\dc} $BUFF45$.
 %
-A PHS45 {\dc} and an  inverting amplifier\footnote{Inverting amplifiers always apply a $180^{\circ}$ phase shift.}, 
+Thus, $BUFF45$ is a {\dc} representing an actively buffered $45^{\circ}$ phase shifter.
+%
+From the block circuit diagram (figure~\ref{fig:circuit3}), we see that there are three 
+$45^{\circ}$ phase shifter circuits in series. Together these apply a $135^{\circ}$ phase shift to the signal.
+%
+We use this property to model a higher level {\dc}, that of a 135 degree phase shifter.
+%
+The three $BUFF45$ {\dcs} form a 
+functional group which is analysed in table~\ref{tbl:phs135buffered}.
+The result of this analysis is the {\dc}
+$PHS135BUFFERED$ which represents an actively buffered $135^{\circ}$ phase shifter.
+%
+
+
+\paragraph{Analysis details  of the finer grained FMMD analysis of the Bubba oscillator}
+
+A PHS45 {\dc} and an  inverting amplifier\footnote{Inverting amplifiers apply a $180^{\circ}$ phase shift to a signal regardless of its frequency.}, 
 form a {\fg}
-providing an amplified $225^{\circ}$ phase shift, which we can call $PHS225AMP$.
+providing an amplified $225^{\circ}$ phase shift, analysed in table~\ref{tbl:phs225amp}
+resulting in the {\dc} $PHS225AMP$.
 %
 %---with the remaining $PHS45$ and the $INVAMP$ (re-used from section~\ref{sec:invamp})in a second group $PHS225AMP$---
-Finally we can merge $PHS135BUFFERED$ and  $PHS225AMP$ in a final stage (see figure~{fig:bubbaeuler2}) % \ref{fig:poss2finalbubba})
+Finally we form a final {\fg} with $PHS135BUFFERED$ and  $PHS225AMP$,
+%in a final stage (see figure~{fig:bubbaeuler2}) % \ref{fig:poss2finalbubba})
 %
 %We can take a more modular approach by creating two intermediate functional groups, a buffered $45^{\circ}$ phase shifter (BUFF45)
 %we can combine three $BUFF45$'s to make 
@@ -1784,7 +1806,7 @@ Finally we can merge $PHS135BUFFERED$ and  $PHS225AMP$ in a final stage (see fig
  
                \hline
      FS1: $PHS45_1$  $0\_phaseshift$        &  &  phase shift low              &  &   $0\_phaseshift$       \\  
-     FS2: $PHS45_1$  $no\_signal$            &  &  signal lost                      &  &   $NO_{signal}$          \\  
+     FS2: $PHS45_1$  $no\_signal$            &  &  signal lost                      &  &   $NO_{signal}$          \\  \hline 
      %FS3: $PHS45_1$  $90\_phaseshift$         &  &  phase shift high                &  &    $90\_phaseshift$          \\  \hline 
 
      FS3: $NIBUFF_1$  $L_{up}$      &  &  output high   &  &    $NO_{signal}$           \\  
@@ -1820,15 +1842,15 @@ We can now combine three $BUFF45$ {\dcs} and create a $PHS135BUFFERED$ {\dc}.
                            
                \hline
      FS1: $PHS45_1$  $0\_phaseshift$        &  &  phase shift low              &  &   $90\_phaseshift$       \\  
-     FS2: $PHS45_1$  $no\_signal$            &  &  signal lost                      &  &   $NO_{signal}$          \\  
+     FS2: $PHS45_1$  $no\_signal$            &  &  signal lost                      &  &   $NO_{signal}$          \\  \hline 
     %FS3: $PHS45_1$  $90\_phaseshift$         &  &  phase shift high                &  &    $180\_phaseshift$          \\  \hline 
 
     FS3: $PHS45_2$  $0\_phaseshift$        &  &  phase shift low              &  &   $90\_phaseshift$       \\  
-     FS4: $PHS45_2$  $no\_signal$            &  &  signal lost                      &  &   $NO_{signal}$          \\  
+     FS4: $PHS45_2$  $no\_signal$            &  &  signal lost                      &  &   $NO_{signal}$          \\  \hline 
     % FS6: $PHS45_2$  $90\_phaseshift$         &  &  phase shift high                &  &    $180\_phaseshift$          \\  \hline 
 
         FS5: $PHS45_3$  $0\_phaseshift$        &  &  phase shift low              &  &   $90\_phaseshift$       \\  
-     FS6: $PHS45_3$  $no\_signal$            &  &  signal lost                      &  &   $NO_{signal}$          \\  
+     FS6: $PHS45_3$  $no\_signal$            &  &  signal lost                      &  &   $NO_{signal}$          \\  \hline 
     % FS9: $PHS45_3$  $90\_phaseshift$         &  &  phase shift high                &  &    $180\_phaseshift$          \\  \hline 
 
 
@@ -1864,7 +1886,7 @@ $INVAMP$,  providing  $180^{\circ}$ giving a total of $225^{\circ}$.
                                
                \hline
      FS1: $PHS45_1$  $0\_phaseshift$        &  &  phase shift low               &  &   $180\_phaseshift$       \\  
-     FS2: $PHS45_1$  $no\_signal$            &  &  signal lost                      &  &   $NO_{signal}$          \\  
+     FS2: $PHS45_1$  $no\_signal$            &  &  signal lost                      &  &   $NO_{signal}$          \\  \hline
     % FS3: $PHS45_1$  $90\_phaseshift$         &  &  phase shift high                &  &    $270\_phaseshift$          \\  \hline 
 
      FS3: $INVAMP$  $L_{up}$      &  &  output high   &  &    $NO_{signal}$           \\  
@@ -1968,7 +1990,7 @@ there are more {\dcs} and this increases the potential for re-use of pre-analyse
 The following example is used to demonstrate FMMD analysis of a mixed analogue and digital circuit (see figure~\ref{fig:sigmadelta}).
 \begin{figure}[h]
  \centering
- \includegraphics[width=200pt]{./CH5_Examples/circuit4004.png}
+ \includegraphics[width=300pt]{./CH5_Examples/circuit4004.png}
  % circuit4004.png: 562x389 pixel, 72dpi, 19.83x13.72 cm, bb=0 0 562 389
  \caption{Sigma Delta Analogue to Digital Converter}
  \label{fig:sigmadelta}
@@ -1980,7 +2002,7 @@ The following example is used to demonstrate FMMD analysis of a mixed analogue a
 %
 \begin{figure}[h]
  \centering
- \includegraphics[width=200pt,keepaspectratio=true]{./CH5_Examples/sigma_delta_block.png}
+ \includegraphics[width=300pt,keepaspectratio=true]{./CH5_Examples/sigma_delta_block.png}
  % sigma_delta_block.png: 828x367 pixel, 72dpi, 29.21x12.95 cm, bb=0 0 828 367
  \caption{Electrical signal path Block diagram: \sd} % Analogue to Digital Converter }
  \label{fig:sigmadeltablock}
@@ -2003,15 +2025,17 @@ The output of the integrator is converted to a digital level (by IC2)
 %which acts as a comparator, 
 and fed to the D type flip flop.
 %
-The output of the flip flop forms a bit pattern representing the value
-of the input voltage.
 %
-The output of the flip flop is also routed to the feedback.
-It is level converted to an analogue signal
+%
+The output of the flip flop is routed to the digital output and to the feedback loop.
+It must be level converted before being fed to the analogue feedback.
+It is level converted to an analogue signal by IC3.
 (i.e. a digital 0 becomes a -ve voltage and a digital 1 becomes a +ve voltage)
 and fed into the summing integrator completing the negative feedback loop.
 %
-In essence this implements an over-sampling analogue to digital converter~\cite{ehb}[pp.729-730].
+In essence this implements an over-sampling one bit analogue to digital converter~\cite{ehb}[pp.729-730].
+The output of the flip flop forms a bit pattern representing the value
+of the input voltage (i.e. the value of the sum of 1's and 0's is proportional to the voltage value at the input).
 
 \subsection{FMMD analysis of \sd }
 
@@ -2026,7 +2050,7 @@ IC1,2 and 3 are all OpAmps and we have failure modes from section~\ref{sec:opamp
 %
 $$ fm(OPAMP) = \{ HIGH, LOW, NOOP, LOW\_SLEW \} $$
 %
-We examine the literature for a failure model for the D-type flip flop~\cite{fmd91}[3-105], the CD4013B~\cite{cd4013Bds},
+We examine the literature for a failure model for the D-type flip flop~\cite{fmd91}[3-105], for example the CD4013B~\cite{cd4013Bds},
 and obtain its failure modes, which we can express using the $fm$ function:
 %%
 $$ fm ( CD4013B) = \{ HIGH, LOW, NOOP \} $$
@@ -2045,7 +2069,7 @@ $$ fm ( CLOCK ) = \{ STOPPED \} $$
 \subsection{Identifying initial {\fgs}}
 
 \subsubsection{Summing Junction  Integrator (SUMJINT)}
-We now need to choose {\fgs}. The most obvious way to find initial {\fgs} id
+We now need to choose {\fgs}. The most obvious way to find initial {\fgs} is
 to follow the signal path. The signal path is circular, but we can start
 with the input voltage, which is applied via $R2$, we term this voltage $V_{in}$.
 %
@@ -2279,8 +2303,8 @@ These are:
  \item SUMJINT --- A summing junction and integrator,
  \item HISB --- A High impedance buffer,
  \item DIGITALBUFF --- A one bit digital buffer,
- \item DL2AL --- A digital to analog level converter.
- \item DIGBUF --- A digital one bit buffer/memory
+ \item DL2AL --- A digital to analog level converter,
+ \item DIGBUF --- A digital one bit buffer/memory.
 \end{itemize}
 These {\dcs} follow the signal path shown in figure~\ref{fig:sigmadeltablock}.
 We now use these {\dcs} to create higher level  {\fgs}.
@@ -2323,7 +2347,7 @@ $$ FG  = \{ HISB, SUMJINT \} $$
  
 \begin{table}[h+]
 \caption{ $HISB , SUMJINT$ buffered integrating summing junction($BISJ$): Failure Mode Effects Analysis} % title of Table
-\label{tbl:DS2AS}
+\label{tbl:BISJ}
 
 \begin{tabular}{|| l | l | c | c | l ||} \hline
 % \textbf{Failure Scenario} & &  \textbf{failure result }         &   & \textbf{Symptom}          \\ 
@@ -2389,13 +2413,12 @@ We analyse the buffered flip flop circuitry in table~\ref{tbl:digbuf}.
                               
                            
                \hline \hline 
-  FS1: $DIGBUF$  $STOPPED$         &  &    output stuck             &  &    $OUTPUT STUCK$            \\    
-  FS2: $DIGBUF$  $LOW$             &  &    output stuck low             &  &    $OUTPUT STUCK$                  \\   
-            \\ \hline 
+  FS1: $DIGBUF$  $STOPPED$         &  &    output stuck          &  &    $OUTPUT STUCK$        \\    
+  FS2: $DIGBUF$  $LOW$             &  &    output stuck low      &  &    $OUTPUT STUCK$    \\ \hline 
 %\hline 
-  FS3: $DL2AL$  $LOW$              &  &     output perm. high    &  &     $OUTPUT STUCK$             \\    
-  FS4: $DL2AL$  $HIGH$             &  &     output perm. low     &  &     $OUTPUT STUCK$              \\   \hline 
-  FS5: $DL2AL$  $LOW\_SLEW$        &  &    no current drive      &  &     $LOW\_SLEW$             \\  
+  FS3: $DL2AL$  $LOW$              &  &     output perm. high    &  &     $OUTPUT STUCK$          \\    
+  FS4: $DL2AL$  $HIGH$             &  &     output perm. low     &  &     $OUTPUT STUCK$          \\ 
+  FS5: $DL2AL$  $LOW\_SLEW$        &  &    no current drive      &  &     $LOW\_SLEW$             \\    \hline 
   
  
 \hline
@@ -2607,14 +2630,15 @@ and the subsequent hierarchy. With software already written, that hierarchy is f
 
 Software written for safety critical systems is usually constrained to
 be modular~\cite{en61508}[3] and non recursive~\cite{misra}[15.2]. %{iec61511}.
-Because of this we can assume a direct call tree.  Functions call functions
+Because of this we can assume direct call trees~\footnote{A typical embedded system
+will have a run time call tree, and interrupt driven call tress}.  Functions call functions
 from the top down and eventually call the lowest level library or IO
 functions that interact with hardware/electronics.
 
 What is potentially difficult with a software function, is deciding  what
 its failure modes and symptoms are.
 With electronic components, we can use literature to point us to suitable sets of
-{\fms}~\cite{fmd91}~\cite{mil1991}~\cite{en298}.%~\cite{en61508}~\cite{en298}.
+{\fms}~\cite{fmd91}~\cite{mil1991}~\cite{en298}. %~\cite{en61508}~\cite{en298}.
 With software, only some library functions are well known and rigorously documented
 enough to have the equivalent of known failure modes.
 Most software is `bespoke'. We need a different strategy to
@@ -2674,7 +2698,8 @@ Should the driving electronics go wrong at the source end, it will usually
 supply far too little or far too much current, also making error conditions easy to detect.
 %
 At the receiving end, we only require one simple component to convert the 
-current signal into a voltage that we can read with an ADC: a resistor. % the humble resistor!
+current signal into a voltage that we can read with an AD---a resistor---given
+its properties defined by Ohms law. % the humble resistor!
 
 
 %BLOCK DIAGRAM HERE WITH FT CIRCUIT LOOP
@@ -3120,14 +3145,22 @@ $$fm(R420I) = \{OUT\_OF\_RANGE, VAL\_ERR\} .$$
 
 
 We can now represent the software/hardware FMMD analysis 
-as a hierarchical diagram, see figure~\ref{fig:hd}.
+as a hierarchical diagram, see figure~\ref{fig:eulerswhw}. % see figure~\ref{fig:hd}.
+
+% HTR 27OCT2012 % \begin{figure}[h]
+% HTR 27OCT2012 %  \centering
+% HTR 27OCT2012 %  \includegraphics[width=200pt]{./CH5_Examples/hd.png}
+% HTR 27OCT2012 %  % hd.png: 363x520 pixel, 72dpi, 12.81x18.34 cm, bb=0 0 363 520
+% HTR 27OCT2012 %  \caption{FMMD hierarchy with hardware and software elements}
+% HTR 27OCT2012 %  \label{fig:hd}
+% HTR 27OCT2012 % \end{figure}
 
 \begin{figure}[h]
  \centering
- \includegraphics[width=200pt]{./CH5_Examples/hd.png}
- % hd.png: 363x520 pixel, 72dpi, 12.81x18.34 cm, bb=0 0 363 520
- \caption{FMMD hierarchy with hardware and software elements}
- \label{fig:hd}
+ \includegraphics[width=300pt]{./CH5_Examples/eulerswhw.png}
+ % eulerswhw.png: 510x344 pixel, 72dpi, 17.99x12.14 cm, bb=0 0 510 344
+ \caption{Euler diagram showing relationship between {\dcs} determined from electronics and software.}
+ \label{fig:eulerswhw}
 \end{figure}
 
 
diff --git a/submission_thesis/CH5_Examples/eulerswhw.dia b/submission_thesis/CH5_Examples/eulerswhw.dia
new file mode 100644
index 0000000000000000000000000000000000000000..6a9f771ef12341ae25463efef5614419c2b628d5
GIT binary patch
literal 1177
zcmV;K1ZMjmiwFP!000021MON{kDE9ceV<=}nAg;?4d&7`sis}6b{|$Nb!Yc=WP*oy
zOCSO#nY{G3ueme{1ag6pHY<=43G2&u{F&o(Y?BWk-{!uuVo}V)V5}klRfPr9(B*+Q
zR{wtf^_``DoIHGRIejlbUPR}L{6!EacVl%X#Nz#MxL&V;zlo^`BjEETh}rNP^?f>&
zK|^)&peXwZTq<bNmbX$NBJL~&Qvy0?W7VP4uU-@`16R$W^0;Z}hmo?P{#bo{O)qtr
zrx_OV9Lc?)9&;i_zt*RQ^0MtFsTV9Nr=2gtn9C5cSsaAa<Vn8wV)Ce11_j>a@kxKo
zx|BEUa#eM-7DUWx<niDTM~;o34Fm=j##jypu`L^#x{1Dz$>ng)ZQ=ae!bP`*<MGQP
zj6_7aID~Y<&}THrP(`$4&2i!>^(DoQmDQq(S1v?&qW`bdkIyL}Yu?VbOJ}YZargMd
zEkx90S#wv+Ufwzyt}OeeqwFglbH`^@z2||rTKdg((wCo3s@}Vww`4<>t=1k~ixEaH
zw+C;@T^669Suv(2(<~1go*MOX+_?jjHI>Xdh4ATyMS1#9JDXPW2b?R8LZ^bSzTfSQ
zN$C8`rXnx)FF^yBMy~Qs`4qmXyETYhfpB-M{t1hNRW45^lR9`XT8nT;DGlgkAip(I
z9)v>)se^EwGD0M4pn>PJ9ZCu^!a6X?07Hq|43GJ2{xS`t;Bb|2&9YLMR8S5}+lmPS
zn83XYx4@b)?#)C!m<gb6?_Fj?uy_`(Un-W5r@gUy9uIe<ZOmfSn#CmHmkI1HIZPy(
z5)g}wkOhnZvgPCNl*H|-I)}m<Km`Uvt3wJSpcSy7`TwCXZcSkum`2Jk8+FNI34<~k
z8zYQ?onT5L8=Vrlb!|PDJK^#(dlP$PMmd?a)?_vSkv1=7((01STNDhXCQFCJ$&F2#
z%Cbm?<HSO`6jS$D)02lnT<MVFOU)U@k%fKTE-?&56;jf!ywW-MH?l)Ch*c#Pn`8wl
zMJxO1Z_HmY!KZY8p?rA{4kk;*gn_^+P8g`S11&P}Y!)_wDsFd<oQXl$4v6~P3+Al)
zd9q+R&&Tpil*-M_Wm966cBwomc3shKB1n2$L6RE|Lr<B|rMYfVFd~V$LX^?ZHts=@
zo__h<Yf{&mR7u2MlkQNHNb5zCT!Uk&4{~2=c6#`d<LJP&Mv{L}PcR8K??972|MB$v
zPp?Xyuav5(*z3~ItV`7g5k_lSf*_$n^Ap<hL`kBgAR}xIFp`_LP7fg3)^yf!unCO)
z6I$Eo^85kGTJ|-fVPQ@fxhy(W8U!eZLAnhQGSCf9pG$8xJG6518dg4#kHp4Z8+n4F
zX(MC<Vkesmxydl^!N|Y#yNet7_yG@l7r#Fjx7sR_0W2~goxTv05E8*6BMk#>fHeR+
z_3(BTonzowE`JLKZg*+m=GIelXYCEVv4PuHFmQcfHD>U+_N@=(hmcYF>R8%$^5)_$
rURLNB{@&a74eYzj!rr`psCj4i>0i1g4~74HO&<OOMKW|M7cKw*62v#m

literal 0
HcmV?d00001