From 9c21afaffdac838ded80d94337e5fc2096821591 Mon Sep 17 00:00:00 2001 From: "Robin P. Clark" Date: Mon, 4 Feb 2013 09:51:21 +0000 Subject: [PATCH 1/6] CH3 changes were not commited. modbus ref added to mybib.bib --- mybib.bib | 21 ++++++++++++++ submission_thesis/CH3_FMEA_criticism/copy.tex | 28 +++++++++++++------ 2 files changed, 40 insertions(+), 9 deletions(-) diff --git a/mybib.bib b/mybib.bib index 29b5aa8..1eaf93e 100644 --- a/mybib.bib +++ b/mybib.bib @@ -27,6 +27,27 @@ +@TechReport{modbus, + author = {MODBUS.ORG}, + title = {MODBUS over serial line: Specification and implementation guide V1.0}, + institution = {MODBUS.ORG}, + year = {2002}, + key = {}, + OPTtype = {}, + OPTnumber = {}, + OPTaddress = {}, + OPTmonth = {}, + OPTnote = {}, + OPTannote = {}, + OPTurl = {}, + OPTdoi = {}, + issn = {V1.0}, + OPTlocalfile = {}, + OPTabstract = {}, +} + + + @INPROCEEDINGS{5488118, author={Pace, C. and Libertino, S. and Crupi, I. and Marino, A. and Lombardo, S. and Sala, E.D. and Capuano, G. and Lisiansky, M. and Roizin, Y.}, booktitle={Instrumentation and Measurement Technology Conference (I2MTC), 2010 IEEE}, title={Compact instrumentation for radiation tolerance test of flash memories in space environment}, diff --git a/submission_thesis/CH3_FMEA_criticism/copy.tex b/submission_thesis/CH3_FMEA_criticism/copy.tex index 885180b..478e72e 100644 --- a/submission_thesis/CH3_FMEA_criticism/copy.tex +++ b/submission_thesis/CH3_FMEA_criticism/copy.tex @@ -2,24 +2,34 @@ \section{Historical Origins of FMEA} \subsection{FMEA designed for simple electro-mechanical systems} -So its old and prob out of date +FMEA traces it roots to the 1940s when it was used to identify the most costly +failures arising from car mass-production~\cite{pfmea}. +It was later modified slightly to include severity of the top level failure (FMECA~\cite{fmeca}). +In the 1980s FMEA was extended again (FMEDA~\cite{fmeda}) to provide statistics +for predicting failure rates. +However a typical entry in each of the above methodologies, starts with a +particular component failure mode and associates it with a system---or top level---failure symptom. +This analysis philosophy has not changed since FMEA was first used. + \subsection{FMEA does not support modularity.} -It is a common practise in industry to buy in sub-systems, especially sensors. -Most sensor systems now are `smart', that is to say, they contain programatic elemnts -even if they supply analog signals. For instance a liquid level sensor that +It is a common practise in the process control industry to buy in sub-systems, typically sensors and actuators connected to an industrially hardened computer bus, i.e. CANbus~\cite{can,canspec}, modbus~\cite{modbus} etc. +Most sensor systems now are `smart', that is to say, they contain programmatic elements +even if their outputs are %they supply +analogue signals. For instance a liquid level sensor that supplies a {\ft} output, would have been typically have been implemented -in analog electronics before the 1980s. After that time, it would be common to use a micro-processor +in analogue electronics before the 1980s. After that time, it would be common to use a micro-processor based system to perform the functions of reading the sensor and converting it to a current (\ft) output. For the non-safety critical systems integrator this brings with it the advantages that come with using a digital system (increased accuracy, self checking and ease of -calibration etc). For a safety critical systems integrator this can be very problematic when it +calibration etc. ). For a safety critical systems integrator this can be very problematic when it comes to approvals. Even if the sensor manufacturer will let you see the internal workings and software we have a problem with tracing the FMEA reasoning through the sensor, through the sensors software and then though the system being integrated. This problem is compounded by the fact that traditional FMEA cannot integrate software into FMEA models~\cite{sfmea,safeware}. -\section{Reasoning Distance} -\section{Comparison Complexity} + + +\section{Reasoning Distance used to measure Comparison Complexity} @@ -44,7 +54,7 @@ This problem is compounded by the fact that traditional FMEA cannot integrate so \subsection{FMEA - Better Methodology - Wish List} -\subsection{FMEA - Better Metodology - Wish List} +\subsection{FMEA - Better Methodology - Wish List} \begin{itemize} From a1b1cdf05e2cc9aa976538f16ede9d2c794dd474 Mon Sep 17 00:00:00 2001 From: "Robin P. Clark" Date: Mon, 4 Feb 2013 09:56:35 +0000 Subject: [PATCH 2/6] .. --- submission_thesis/appendixes/algorithmic.tex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/submission_thesis/appendixes/algorithmic.tex b/submission_thesis/appendixes/algorithmic.tex index dd0a7be..f7979e9 100644 --- a/submission_thesis/appendixes/algorithmic.tex +++ b/submission_thesis/appendixes/algorithmic.tex @@ -4,7 +4,7 @@ \label{sec:algorithmfmmd} This section decribes the algorithm for performing one step of -FMMD analysis +FMMD analysis i.e. analysing a {\fg} and determining from it a {\dc}. Algorithms using set theory describe the process. It begins with an overview of the FMMD process, and then contrasts and compares it From 565f986ac2c8e02779d745cc66cfceaddff918ff Mon Sep 17 00:00:00 2001 From: Robin Clark Date: Thu, 7 Feb 2013 09:43:53 +0000 Subject: [PATCH 3/6] SSH seems broken to ETC. Causes great annoyance when syncing to GIT --- submission_thesis/CH5_Examples/copy.tex | 28 ++++++------- submission_thesis/CH6_Evaluation/copy.tex | 41 +++++++++++--------- submission_thesis/appendixes/algorithmic.tex | 2 +- 3 files changed, 38 insertions(+), 33 deletions(-) diff --git a/submission_thesis/CH5_Examples/copy.tex b/submission_thesis/CH5_Examples/copy.tex index b2f8b0e..f7cdb33 100644 --- a/submission_thesis/CH5_Examples/copy.tex +++ b/submission_thesis/CH5_Examples/copy.tex @@ -33,7 +33,7 @@ a variety of typical embedded system components including analogue/digital and e % %This is followed by several example FMMD analyses, \begin{itemize} - \item The first example applies FMMD to an operational amplifier inverting amplifier (see section~\ref{sec:invamp}); + \item The first example applies FMMD to an operational-amplifier inverting amplifier (see section~\ref{sec:invamp}); %using an op-amp and two resistors; this demonstrates re-use of a potential divider {\dc} from section~\ref{subsec:potdiv}. This amplifier is analysed twice, using different compositions of {\fgs}. @@ -64,7 +64,7 @@ by applying FMMD to a sigma delta ADC. %shows FMMD analysing the sigma delta %analogue to digital converter---again with a circular signal path---which operates on both %analogue and digital signals. -\item Section~\ref{sec:Pt100} demonstrates FMMD being applied to commonly used Pt100 +\item Section~\ref{sec:Pt100} demonstrates FMMD being applied to a commonly used Pt100 safety critical temperature sensor circuit, this is analysed for single and double failure modes. @@ -257,7 +257,7 @@ safety critical temperature sensor circuit, this is analysed for single and doub \end{figure} %This configuration is interesting from methodology pers. -There are two obvious ways in which we can model this circuit: +There are two obvious ways in which we can model this circuit. One is to do this in two stages, by considering the gain resistors to be a potential divider and then combining it with the OPAMP failure mode model. The second is to place all three components in one {\fg}. @@ -269,7 +269,7 @@ Ideally we would like to re-use {\dcs} from the $PD$ from section~\ref{subsec:po looks a good candidate for this. % However, -we cannot directly re-use $PD$ , and not just because +we cannot directly re-use $PD$, and not just because the potential divider is floating i.e. that the polarity of the R2 side of the potential divider is determined by the output from the op-amp. % @@ -777,7 +777,7 @@ $$ fm(NI\_AMP) = \{ AMPHigh, AMPLow, LowPass \} .$$ -\subsection{The second Stage of the amplifier} +\subsection{The second stage of the amplifier} The second stage of this amplifier, following the signal path, is the amplifier consisting of $R3,R4$ and $IC2$. @@ -1301,7 +1301,7 @@ $$ fm (G_0) = \{ nosignal, 0\_phaseshift \} $$ %23SEP2012 \subsection{Non Inverting Buffer: NIBUFF.} -The non-inverting buffer {\fg}, is comprised of one component, an op-amp. +The non-inverting buffer {\fg} is comprised of one component, an op-amp. We use the failure modes for an op-amp~\cite{fmd91}[p.3-116] to represent this group. % GARK We can express the failure modes for the non-inverting buffer ($NIBUFF$) thus: @@ -1464,7 +1464,7 @@ we create a $PHS135BUFFERED$ {\dc}. The FMMD analysis may be viewed at section~\ % % The $PHS225AMP$ consists of a $PHS45$, providing $45^{\circ}$ of phase shift, and an -$INVAMP$, providing $180^{\circ}$ giving a total of $225^{\circ}$. +$INVAMP$, providing $180^{\circ}$ giving a total of $225^{\circ}$. Detailed FMMD analysis may be found in section~\ref{detail:PHS225AMP}. % @@ -1617,7 +1617,7 @@ and obtain its failure modes, which we can express using the $fm$ function: $$ fm ( CD4013B) = \{ HIGH, LOW, NOOP \} $$ % The resistors and capacitor failure modes we take from EN298~\cite{en298}[An.A]. -We express the failure modes for the resistors (R) and Capacitors (C) thus: +We express the failure modes for the resistors (R) and capacitors (C) thus: % $$ fm ( R ) = \{OPEN, SHORT\},$$ % @@ -1647,7 +1647,7 @@ This can be our first {\fg} and we analyse it in table~\ref{tbl:sumjint}. % $$FG = \{R1, R2, IC1, C1 \}$$ -That is the failure modes (see FMMD analysis at~\ref{detail:SUMJINT})of our new {\dc} +That is, the failure modes (see FMMD analysis at~\ref{detail:SUMJINT}) of our new {\dc} $SUMJINT$ are $$\{ V_{in} DOM, V_{fb} DOM, NO\_INTEGRATION, HIGH, LOW \} .$$ %\clearpage @@ -1885,9 +1885,9 @@ The \sd example, shows that FMMD can be applied to mixed digital and analogue ci %% STATS MOVED TO FUTURE WORK %% For this example we look at an industry standard temperature measurement circuit, -the Pt100. The four wire Pt100 configuration commonly used well known safety critical circuit. +the Pt100. The four wire Pt100 configuration is a commonly used and well known safety critical circuit. Applying FMMD lets us look at this circuit in a fresh light. -we analyse this for both single and double failures, +We analyse this for both single and double failures, in addition it demonstrates FMMD coping with component parameter tolerances. The circuit is described traditionally and then analysed using the FMMD methodology. @@ -1905,7 +1905,7 @@ industrial applications below 600\oc, due to high accuracy\cite{aoe}. FMMD is performed twice on this circuit firstly considering single faults only %(cardinality constrained powerset of 1) -and again, considering the +and secondly, considering the possibility of double faults. % (cardinality constrained powerset of 2). % % \ifthenelse {\boolean{pld}} @@ -2287,7 +2287,7 @@ All six test cases have been analysed and the results agree with the hypothesis put in table~\ref{ptfmea}. %The PLD diagram, can now be used to collect the symptoms. In this case there is a common and easily detected symptom for all these single -resistor faults : Voltage out of range. +resistor faults---that of---`voltage~out~of~range'. % % A spider can be drawn on the PLD diagram to this effect. % @@ -2469,7 +2469,7 @@ Both values will be out of range. \paragraph{ TC 17 : Voltages $R_2$ SHORT $R_3$ OPEN } -This shorts the sense- to Ground. +This shorts the sense- to ground. The sense- value will be out of range. diff --git a/submission_thesis/CH6_Evaluation/copy.tex b/submission_thesis/CH6_Evaluation/copy.tex index a91e051..3cdf98d 100644 --- a/submission_thesis/CH6_Evaluation/copy.tex +++ b/submission_thesis/CH6_Evaluation/copy.tex @@ -9,7 +9,7 @@ This chapter begins by defining a metric for the complexity of an FMEA analysis This concept is called `comparison~complexity' and is a means to assess the performance of FMMD against current FMEA methodologies. % -This metric is developed using set threory % formally +This metric is developed using set theory % formally and then formulae are presented for calculating the complexity of applying FMEA to a group of components. % @@ -218,7 +218,7 @@ we overload the comparison complexity thus: The potential divider discussed in section~\ref{subsec:potdiv} has four failure modes and two components and therefore has $CC$ of 4. $$CC(potdiv) = \sum_{n=1}^{2} |2| \times (|1|) = 4 $$ We combine the potential divider with an op-amp which has four failure modes -to form a {\fg} with two components one with four failure modes and the other (the potential divider) with two. +to form a {\fg} with two components, one with four failure modes and the other (the potential divider) with two. $$CC(invamp) = 2 \times 1 + 4 \times 1 = 6 $$ To analyse the inverting amplifier with FMMD we required 10 reasoning stages. Using RFMEA we obtain $ 2 \times (3-1) + 2 \times (3-1) + 4 \times (3-1)$ = 16. @@ -290,9 +290,10 @@ with equation~\ref{eqn:anscen}. The thinking behind equation~\ref{eqn:anscen}, is that for each level of analysis -- counting down from the top -- there are ${k}^{n}$ {\fgs} within each level; we need to apply RFMEA to each {\fg} on the level. -The number of checks to make for RFMEA is number of components $k$ multiplied by the number of failure modes $f$ +% +The number of checks to make for RFMEA, is the number of components $k$ multiplied by the number of failure modes $f$ checked against the remaining components in the {\fg} $(k-1)$. - +% If, for the sake of example, we fix the number of components in a {\fg} to three and the number of failure modes per component to three, an FMMD hierarchy would look like figure~\ref{fig:three_tree}. @@ -304,7 +305,8 @@ Using the diagram in figure~\ref{fig:three_tree}, we have three levels of analys Starting at the top, we have a {\fg} with three derived components, each of which has three failure modes. % -Thus the number of checks to make in the top level is $3^0\times3\times2\times3 = 18$. +Thus the number of checks to make in the top level is $3^0\times3\times2\times3 = 18$. +% On the level below that, we have three {\fgs} each with an identical number of checks, $3^1 \times 3 \times 2 \times 3 = 56$.%{\fg} % @@ -323,7 +325,7 @@ In order to get general equations with which to compare RFMEA with FMMD, we can re-write equation~\ref{eqn:CC} in terms of the number of levels in an FMMD hierarchy. % -The number of components in the system, is number of components +The number of components in the system, is the number of components in a {\fg} raised to the power of the level plus one. Thus we re-write equation~\ref{eqn:CC} as: @@ -372,7 +374,7 @@ $$ All the FMMD examples in chapters \ref{sec:chap5} and \ref{sec:chap6} showed a marked reduction in comparison complexity compared to the RFMEA worst case figures. -To calculate RFMEA Comparison complexity equation~\ref{eqn:CC} is used. +To calculate RFMEA comparison complexity equation~\ref{eqn:CC} is used. % % Complexity comparison vs. RFMEA for the first three examples @@ -652,7 +654,7 @@ $ fm(R) \in \mathcal{U} $. We can make this a general case by taking a set $F$ (with $f_1, f_2 \in F$) representing a collection of component failure modes. -We can define a boolean function {\ensuremath{\mathcal{ACTIVE}}} that returns +We can define a Boolean function {\ensuremath{\mathcal{ACTIVE}}} that returns whether a fault mode is active (true) or dormant (false). We can say that if any pair of fault modes is active at the same time, then the failure mode set is not @@ -703,8 +705,9 @@ is then applied to it.}. -\paragraph{Reason for Constraint.} Were this constraint to not be applied -each component would not contribute $N$ failure modes to consider but potentially +\paragraph{Reason for Constraint.} Were this constraint not to be applied +each component would not contribute $N$ failure modes, % to consider +but potentially $2^N$. % This would make the job of analysing the failure modes @@ -715,7 +718,7 @@ in a {\fg} impractical due to the sheer size of the task. \section{Handling Simultaneous Component Faults} For some integrity levels of static analysis, there is a need to consider not only single -failure modes in isolation, but cases where more then one failure mode may occur +failure modes in isolation, but cases where more than one failure mode may occur simultaneously. % Note that the `unitary state' conditions apply to failure modes within a component. @@ -1057,7 +1060,7 @@ $ \Omega(C) = fm(C) \cup \{OK\} $). The $OK$ statistical case is the (usually) largest in probability, and is therefore of interest when analysing systems from a statistical perspective. -For these examples the OK state is not represented area proportionately, but included +For these examples, the OK state is not represented area proportionately, but included in the diagrams. This is of interest for the application of conditional probability calculations such as Bayes theorem~\cite{probstat}. @@ -1072,7 +1075,7 @@ Another way to view this is to consider the failure modes of a component, with the $OK$ state, as a universal set $\Omega$, where all sets within $\Omega$ are partitioned. Figure \ref{fig:partitioncfm} shows a partitioned set representing -component failure modes $\{ B_1 ... B_8, OK \}$ : partitioned sets +component failure modes $\{ B_1 ... B_8, OK \}$: partitioned sets where the OK or empty set condition is included, obey unitary state conditions. Because the subsets of $\Omega$ are partitioned, we can say these failure modes are unitary state. @@ -1119,7 +1122,7 @@ of the failure modes as new failure modes. We can model this using an Euler diagram representation of an example component with three failure modes\footnote{OK is really the empty set, but the term OK is more meaningful in the context of component failure modes} $\{ B_1, B_2, B_3, OK \}$ see figure \ref{fig:combco}. - +% For the purpose of example let us consider $\{ B_2, B_3 \}$ to be intrinsically mutually exclusive, but $B_1$ to be independent. This means the we have the possibility of two new combinations @@ -1137,8 +1140,8 @@ as shaded sections of figure \ref{fig:combco2}. -We can calculate the probabilities for the shaded areas -assuming the failure modes are statistically independent +We can calculate the probabilities for the shaded areas, +assuming the failure modes are statistically independent, by multiplying the probabilities of the members of the intersection. We can use the function $P$ to return the probability of a failure mode, or combination thereof. @@ -1209,14 +1212,16 @@ in the power-supply {\fg}. Because the capacitor has two potential failure modes (EN298), this raises another issue for FMMD. A de-coupling capacitor going $OPEN$ might not be considered relevant to a power-supply module (but there might be additional noise on its output rails). -But in {\fg} terms the power supply, now has a new symptom that of $INTERFERENCE$. +% +But in {\fg} terms, the power supply now has a new symptom that of $INTERFERENCE$. % Some logic chips are more susceptible to $INTERFERENCE$ than others. A logic chip with de-coupling capacitor failing, may operate correctly but interfere with other chips in the circuit. % There is no reason why the de-coupling capacitors -could not be included {\em in the {\fg} they would intuitively be associated with as well}.% poss split infinitive +could not be included % {\em in the {\fg} they would intuitively be associated with as well}.% poss split infinitive +in {\fgs} that they would not intuitively be associated with. % This allows for the general principle of a component failure affecting more than one {\fg} in a circuit. This allows functional groups to share components where necessary. diff --git a/submission_thesis/appendixes/algorithmic.tex b/submission_thesis/appendixes/algorithmic.tex index f7979e9..dd0a7be 100644 --- a/submission_thesis/appendixes/algorithmic.tex +++ b/submission_thesis/appendixes/algorithmic.tex @@ -4,7 +4,7 @@ \label{sec:algorithmfmmd} This section decribes the algorithm for performing one step of -FMMD analysis i.e. +FMMD analysis analysing a {\fg} and determining from it a {\dc}. Algorithms using set theory describe the process. It begins with an overview of the FMMD process, and then contrasts and compares it From 78ed0aafce3ff14d384cf51172725b918555b2f8 Mon Sep 17 00:00:00 2001 From: "Robin P. Clark" Date: Thu, 7 Feb 2013 10:18:59 +0000 Subject: [PATCH 4/6] Alpha level link up to chapter 4 --- submission_thesis/CH6_Evaluation/copy.tex | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/submission_thesis/CH6_Evaluation/copy.tex b/submission_thesis/CH6_Evaluation/copy.tex index 3cdf98d..5bd9a60 100644 --- a/submission_thesis/CH6_Evaluation/copy.tex +++ b/submission_thesis/CH6_Evaluation/copy.tex @@ -173,8 +173,9 @@ state $$ \forall FG \in \mathcal{FG} | FG \subset \mathcal{G} .$$ FMMD analysis creates a hierarchy $H$ of {\fgs} where $H \subset \mathcal{FG}$. % -We can define individual {\fgs} using $FG$ with an index to identify them and a superscript -to identify the hierarchy level. For instance the first {\fg} in a hierarchy, containing base components only +We can define individual {\fgs} using $FG^{\alpha}_{i}$ with an index, $i$ for identification and a superscript --- or $\alpha$~level (see section~\ref{sec:alpha}) --- +to identify the hierarchy. +For instance the first {\fg} in a hierarchy, containing base components only i.e. at the zeroth level of an FMMD hierarchy, would have the superscript 0 and a subscript of 1, i.e. $FG^{0}_{1}$. %$$ %Equation~\ref{eqn:rd} can also be expressed as From 9eef6be0e42bfb968dba583b37e530ab55861fca Mon Sep 17 00:00:00 2001 From: "Robin P. Clark" Date: Thu, 7 Feb 2013 10:20:28 +0000 Subject: [PATCH 5/6] . --- submission_thesis/CH6_Evaluation/copy.tex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/submission_thesis/CH6_Evaluation/copy.tex b/submission_thesis/CH6_Evaluation/copy.tex index 5bd9a60..fa1e89a 100644 --- a/submission_thesis/CH6_Evaluation/copy.tex +++ b/submission_thesis/CH6_Evaluation/copy.tex @@ -173,7 +173,7 @@ state $$ \forall FG \in \mathcal{FG} | FG \subset \mathcal{G} .$$ FMMD analysis creates a hierarchy $H$ of {\fgs} where $H \subset \mathcal{FG}$. % -We can define individual {\fgs} using $FG^{\alpha}_{i}$ with an index, $i$ for identification and a superscript --- or $\alpha$~level (see section~\ref{sec:alpha}) --- +We can define individual {\fgs} using $FG^{\alpha}_{i}$ with an index, $i$ for identification and a superscript --- i.e. the $\alpha$~level (see section~\ref{sec:alpha}) --- to identify the hierarchy. For instance the first {\fg} in a hierarchy, containing base components only i.e. at the zeroth level of an FMMD hierarchy, would have the superscript 0 and a subscript of 1, i.e. $FG^{0}_{1}$. From f06c31d4b8bf158428d572134d4ca7c25e74a9c1 Mon Sep 17 00:00:00 2001 From: "Robin P. Clark" Date: Thu, 7 Feb 2013 10:26:18 +0000 Subject: [PATCH 6/6] . --- submission_thesis/CH6_Evaluation/copy.tex | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/submission_thesis/CH6_Evaluation/copy.tex b/submission_thesis/CH6_Evaluation/copy.tex index fa1e89a..20a712a 100644 --- a/submission_thesis/CH6_Evaluation/copy.tex +++ b/submission_thesis/CH6_Evaluation/copy.tex @@ -173,10 +173,11 @@ state $$ \forall FG \in \mathcal{FG} | FG \subset \mathcal{G} .$$ FMMD analysis creates a hierarchy $H$ of {\fgs} where $H \subset \mathcal{FG}$. % -We can define individual {\fgs} using $FG^{\alpha}_{i}$ with an index, $i$ for identification and a superscript --- i.e. the $\alpha$~level (see section~\ref{sec:alpha}) --- -to identify the hierarchy. +We can define individual {\fgs} using $FG^{\alpha}_{i}$ with an index, $i$ for identification and a superscript for the $\alpha$~level (see section~\ref{sec:alpha}). +%--- +%o identify the hierarchy. For instance the first {\fg} in a hierarchy, containing base components only -i.e. at the zeroth level of an FMMD hierarchy, would have the superscript 0 and a subscript of 1, i.e. $FG^{0}_{1}$. +i.e. at the zeroth level of an FMMD hierarchy where $\alpha=0$, would have the superscript 0 and a subscript of 1: $FG^{0}_{1}$. %$$ %Equation~\ref{eqn:rd} can also be expressed as %