robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Pt100 stats example moved to appendix A. Appendix A

Browse Source 
1st person pro-noun removal process applied.
Some formatting.
Just waiting for Andrews "10 hour" flight comments, and perhaps
some input from J Howse.
This commit is contained in:
Robin Clark 2013-09-14 09:42:19 +01:00
parent 4c0590e3cc
commit b2985404ae
6 changed files with 305 additions and 256 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
submission_thesis/CH2_FMEA/copy.tex
View File

@ -384,6 +384,7 @@ $$ fm(R) = \{ OPEN, SHORT \} . $$
%
The operational amplifier (op-amp) %is a differential amplifier and
is very widely used in nearly all fields of modern analogue electronics.
\fmmdglossOPAMP
%
Only one of two sources of information on {\bc} {\fms} being compared
has an entry specific to operational amplifiers (FMD-91).
@ -402,6 +403,7 @@ is applied to a typical op-amp designed for instrumentation and measurement, the
(see figure~\ref{fig:lm258}).
%
The results from both sources of {\fm} definition are then compared.
\fmmdglossOPAMP
\paragraph{Failure Modes of an Op-Amp according to FMD-91.}
\fmodegloss
@ -424,6 +426,7 @@ Each failure cause is examined in turn, and mapped to potential {\fms} suitable
investigations.
\paragraph{Op-Amp failure cause: Poor Die attach.}
\fmmdglossOPAMP
The symptom for this is given as a low slew rate.
%
This means that the op-amp will not react quickly to changes on its input terminals.
@ -476,7 +479,7 @@ are examined and from this its {\fms} are determined.
Collating the op-amp failure modes from table ~\ref{tbl:lm358} the same {\fms}
from FMD-91 are obtained---listed in equation~\ref{eqn:opampfms}---except for
$LOW\_SLEW$.
\fmmdglossOPAMP
%\paragraph{EN298: Open and shorted pin failure symptom determination technique}
@ -559,7 +562,7 @@ are assigned the following failure modes:
%
$$ fm(OPAMP) = \{ LOW, HIGH, NOOP, LOW\_SLEW \} . $$
%
\fmmdglossOPAMP
\subsection{Comparing the component failure mode sources: EN298 vs FMD-91}
@ -647,6 +650,7 @@ effect of this failure mode.
%
For instance it has been assumed that the resistor R1 going SHORT
will not affect the ADC, the Microprocessor or the UART.
\fmmdglossADC
%
%
%

10
submission_thesis/CH4_FMMD/copy.tex
View File

@ -136,11 +136,12 @@ two resistors; a circuit schematic for this is shown in figure \ref{fig:noninvam
%
The function of the resistors in this circuit is to set the amplifier gain.
%
\fmmdglossOPAMP
The resistors act as a potential divider---assuming the op-amp has high impedance---and
program the inverting input on the op-amp
to balance them against the positive input, giving the voltage gain ($G_v$)
defined by $ G_v = 1 + \frac{R2}{R1} $ at the output.
\fmmdglossOPAMP
\paragraph{Analysing the failure modes of the Potential Divider.}
\label{subsec:potdiv}
@ -359,6 +360,7 @@ as a building block for other {\fgs} in the same way that the base components $R
\label{sec:opamp_fms}
%\clearpage
Consider the op-amp as a {\bc}.
\fmmdglossOPAMP
%
According to
FMD-91~\cite{fmd91}[3-116] an op amp may have the following failure modes %(with assigned probabilities):
@ -409,6 +411,7 @@ These op-amp failure modes are represented on the DAG in figure~\ref{fig:op1dag}
%\paragraph{Modelling the OP amp with the potential divider.}
The op-amp and the {\dc} {\em PD} now % andrew heavily critised this sentence but it made sense to Chris and I
formed into a {\fg} to model the failure mode behaviour of the non-inverting amplifier.
\fmmdglossOPAMP
%
%piss have the failure modes of the {\dc} for the potential divider,
%so we do not need to go back and consider the individual resistor failure modes that defined its behaviour.
@ -429,7 +432,7 @@ as {\fcs} in table~\ref{tbl:ampfmea1}.
\centering % used for centering table
\begin{tabular}{||l|c|c|l||}
\hline \hline
%% FIDDLINGING HATAR HAVING TO REMOVE THE TERM FAILURE SCENARIO --- whats is this the fucking
%% FIDDLINGING HATAR HAVING TO REMOVE THE TERM FAILURE SCENARIO --- whats is this the
%%childrens version
%\textbf{Failure} & \textbf{Amplifier} & \textbf{Derived component} \\ %Symptom} \\
% \textbf{Scenario} & \textbf{Effect} & \textbf{Failure Modes} \\ %Description} \\
@ -679,6 +682,7 @@ defines a `part' thus
This definition %of a `part'
is useful, but consider parts, such as quad packaged op-amps:
in this case we have four op-amps on one chip.
\fmmdglossOPAMP
%
Using traditional FMEA methods~\cite{sccs}[p.34] each op-amp in the package would be considered
as a separate building block for a circuit.
@ -697,6 +701,7 @@ used as a starting bottom-up building block.
%This is a choice made by the analyst, often guided by the standards to which the analysis is being performed. % to.
%
Both op-amps and transistors have published statistical failure rates and yet an op-amp is constructed from transistors.
\fmmdglossOPAMP
%
However, a circuit designer would usually consider individual transistors and individual op-amps
as lowest level building blocks.
@ -1053,6 +1058,7 @@ components, {\dcs} may be used to form {\fgs}.
Consider the hierarchy from the example in figure~\ref{fig:eulerfmmd}. % ~\ref{fig:dc2}.
%
The lowest level in this hierarchy are the {\bcs}, the resistors and the op-amp.
\fmmdglossOPAMP
%
The resistors are collected into a {\fg}, and the ${PD}$ derived component created from its analysis, is shown enclosing R1 and R2. % above the {\fg}.
%

24
submission_thesis/CH5_Examples/copy.tex
View File

@ -21,7 +21,8 @@ hybrids.
this examines re-use of the potential divider {\dc} from section~\ref{subsec:potdiv}.
This amplifier is analysed twice, using different compositions of {\fgs}.
The two approaches, i.e. effects of choice of membership for {\fgs} are then discussed.
%
%\
fmmdglossOPAMP
\item Section~\ref{sec:diffamp} analyses a circuit where two op-amps are used
to create a differencing amplifier.
Building on the two approaches from section~\ref{sec:invamp}, re-use of the non-inverting amplifier {\dc} from section~\ref{sec:invamp}
@ -37,6 +38,7 @@ increasing test efficiency. This example also serves to show a deeper hierarchy
loop topology---using a `Bubba' oscillator---demonstrating how FMMD differs from fault diagnosis techniques.
%which uses
%four op-amp stages with supporting components.
\fmmdglossOPAMP
Two analysis strategies are employed, one using
initially identified {\fgs} and the second using a more complex hierarchy of %{\fgs} and
{\dcs} showing
@ -82,6 +84,7 @@ However,
$PD$ cannot be directly re-used, and not just because
the potential divider is floating i.e. that the polarity of
the R2 side of the potential divider is determined by the output from the op-amp.
\fmmdglossOPAMP
%
The circuit schematic stipulates that the input is positive.
%
@ -305,6 +308,7 @@ to traverse from system level or top failure modes to base component failure mod
%
\subsection{Second Approach: Inverting OpAmp analysing with three components in one larger {\fg}}
\label{subsec:invamp2}
%
The problem above is analysed without using an intermediate $INVPD$
derived component.
@ -368,6 +372,7 @@ The next stage analysed a {\fg} comprised of the INVPD and an OpAmp.
%
The second analysis (3 components) looked at the effects of each failure mode of each resistor
and the op-amp. % circuit.
\fmmdglossOPAMP
%
This meant more work for the analyst---that is
an increase in the complexity of the analysis---compared to
@ -396,7 +401,7 @@ For the unconstrained case, it is necessary to consider all three components as
\caption{Circuit 1}
\label{fig:circuit1}
\end{figure}
\fmmdglossOPAMP
The circuit in figure~\ref{fig:circuit1} amplifies the difference between
the input voltages $+V1$ and $+V2$.
@ -524,7 +529,7 @@ Common symptoms of failure are collected.
A derived component to represent the failure mode behaviour
of the differencing amplifier circuit (see figure~\ref{fig:circuit1}) is created:
$$ fm (DiffAMP) = \{DiffAMPLow, DiffAMPHigh, DiffAMP\_LP, DiffAMPIncorrect\} . $$
\fmmdglossOPAMP
The failure analysis performed is represented as a directed graph in figure~\ref{fig:circuit1_dag}.
%of the failure modes and derived components.
@ -669,11 +674,13 @@ Applying the $fm$ function yields: $$ fm(FirstOrderLP) = \{ LPnofilter,LPnosigna
\paragraph{Addition of Buffer Amplifier: First stage.}
%
The op-amp IC1 is being used simply as a buffer.
\fmmdglossOPAMP
%
By placing it between the stages %next stages
on the signal path the possibility of unwanted signal feedback is avoided.
%
The buffer is one of the simplest op-amp configurations.
\fmmdglossOPAMP
%
It has no other components, and a {\fg} is formed
from the $FirstOrderLP$ and the OpAmp component.
@ -784,6 +791,7 @@ As the signal has to pass through each block/stage
in order to be `five~pole' filtered, these three blocks are brought together to form a {\fg}.
%
This will give a failure mode model for the whole circuit.
\fmmdglossOPAMP
%
The Sallen Key stages can be indexed,
and these are marked on the circuit schematic in figure~\ref{fig:circuit2002_FIVEPOLE}.
@ -867,7 +875,7 @@ The FMMD hierarchy is shown in figure~\ref{fig:circuit2h}.
\label{tbl:fivepole}
\end{table}
%
% FUCKING HELL WEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
%
A {\dc} is created to represent the circuit in figure~\ref{fig:circuit2}, called
$FivePoleLP$: applying the $fm$ function (see table~\ref{tbl:fivepole})
yields $$fm(FivePoleLP) = \{ HIGH, LOW, FilterIncorrect, NO\_SIGNAL \}.$$
@ -880,6 +888,9 @@ is simple (as it is never inverted).
%
The circuit under analysis is -- as shown in the block diagram (see figure~\ref{fig:blockdiagramcircuit2}) --
three op-amp driven non-inverting low pass filter elements.
\fmmdglossOPAMP
%
%
%
It is not surprising therefore that they have very similar failure modes.
%
@ -934,7 +945,7 @@ amplifier.
%
These are named $INVAMP$, $PHS45$ and $NIBUFF$ respectively.
These {\fgs} are used to describe the circuit in block diagram form with arrows indicating the signal path, in figure~\ref{fig:bubbablock}.
\fmmdglossOPAMP
\begin{figure}[h]
\centering
\includegraphics[width=300pt,keepaspectratio=true]{CH5_Examples/bubba_oscillator_block_diagram.png}
@ -1282,6 +1293,7 @@ IC1,IC2 and IC3 are all OpAmps and have failure modes for this component type
(i.e. from section~\ref{sec:opamp_fms}):
%
$$ fm(OPAMP) = \{ HIGH, LOW, NOOP, LOW\_SLEW \}. $$
\fmmdglossOPAMP
%
The literature was examined for a failure model
for a D-type flip flop~\cite{fmd91}[3-105], and the CD4013B~\cite{cd4013} chosen.
@ -1342,6 +1354,7 @@ This prevents electrical loading, and thus interference with, the SUMJINT stage.
This is simply an op-amp
with the input connected to the +ve input and the -ve input grounded.
%
\fmmdglossOPAMP
This is an OpAmp in a signal buffer configuration
and therefore simply has the failure modes of an Op-amp.
%
@ -1375,6 +1388,7 @@ $$
%
IC3 is an op-amp and has the failure modes
$$fm(IC3) = \{ HIGH, LOW, NOOP, LOW\_SLEW \} . $$
\fmmdglossOPAMP
%
The digital signal is supplied to the non-inverting input.
The output is a voltage level in the analogue domain $-V$ or $+V$.

244
submission_thesis/CH8_Conclusion/copy.tex
View File

@ -37,7 +37,8 @@ both in the same circuit and other circuits
and potentially future projects as well.
Traditional FMEA methods have been applied to software, but analysis has always been performed separately from
the electronic FMEA~\cite{sfmeaa,sfmea}. %, and while modular kept strictly to a bottom-up approach.
the HFMEA~\cite{sfmeaa,sfmea}. %, and while modular kept strictly to a bottom-up approach.
\fmmdglossHFMEA
%
Using established concepts from contract programming~\cite{dbcbe} FMMD was extended to analyse software,
which facilitated a solution to the software/hardware interfacing problem~\cite{sfmeainterface}.
@ -109,10 +110,10 @@ These are presented below.
%
\fmmdgloss
\fmeagloss
An FMMD model has a data structure (described by UML diagrams, see figure~\ref{fig:cfg}), and by traversing an FMMD hierarchy
An FMMD model has a data structure (described by UML diagrams, see figure~\ref{fig:cfg}) and by traversing an FMMD hierarchy,
system level failures can be mapped back to {\bc} {\fms} (or combinations thereof).
%
Because these mappings can be determined reports in the traditional FMEA format (i.e. {\bc}~{\fm}~$\mapsto$~{system failure}) can be produced.
Because these mappings can be determined, reports in the traditional FMEA format (i.e. {\bc}~{\fm}~$\mapsto$~{system failure}) can be produced.
%
With the addition of {\bc} {\fm} statistics~\cite{mil1991} reliability predictions for system level failures can be provided.
%
@ -134,7 +135,7 @@ is examined in section~\ref{sec:fta}.
\subsection{Statistics: From base component failure modes to System level events/failures.}
\label{sec:bcstats}
Knowing the statistical likelihood of a component failing can give a good indication
Knowing the statistical likelihoods of a components failing can give a good indication
of the reliability of a system, or in the case of dangerous failures, the Safety Integrity Level
of a system.
%
@ -148,234 +149,19 @@ into its hierarchical model.
Because an FMMD model can be used to generate an FMEA report,
with additional {\bc} failure mode statistics
an FMEDA report can be produced.
%
FMMD has been applied to the Pt100 example in appendix~\ref{detailed:Pt100stats}.
%
This demonstrates FIT values being obtained for single and doubly sourced system failure modes
in a way that is compatible with FMEDA/EN61508.
%we can %therefore
%use FMMD to produce an FMEDA report.
\paragraph{Pt100 Example: Single Failures and statistical data.} %Mean Time to Failure}
\frategloss
From an earlier example, the model for the failure mode behaviour of the Pt100 circuit,
{\bc} {\fm} statistics are added to determine the probability of symptoms of failure.
%
The DOD electronic reliability of components
document MIL-HDBK-217F~\cite{mil1991} gives formulae for calculating
the
%$\frac{failures}{{10}^6}$
${failures}/{{10}^6}$ % looks better
in hours for a wide range of generic components
\footnote{These figures are based on components from the 1980's and MIL-HDBK-217F
can give conservative reliability figures when applied to
modern components}.
%
Using the MIL-HDBK-217F %~\cite{mil1991}
specifications for resistor and thermistor failure statistics, the reliability for the Pt100 example (see section~\ref{sec:Pt100}) is calculated below.
%
%
\paragraph{Resistor FIT Calculations.}
%
The formula given in MIL-HDBK-217F\cite{mil1991}[9.2] for a generic fixed film non-power resistor
is reproduced in equation \ref{resistorfit}. The meanings
and values assigned to its co-efficients are described in table \ref{tab:resistor}.
\fmmdglossFIT
\fmodegloss
%
\begin{equation}
% fixed comp resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E
resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E
\label{resistorfit}
\end{equation}
\begin{table}[ht]
\caption{Fixed film resistor Failure In Time (FIT) assessment.} % title of Table
\centering % used for centering table
\begin{tabular}{||c|c|l||}
\hline \hline
\em{Parameter} & \em{Value} & \em{Comments} \\
& & \\ \hline \hline
${\lambda}_{b}$ & 0.00092 & stress/temp base failure rate $60^o$ C \\ \hline
%${\pi}_T$ & 4.2 & max temp of $60^o$ C\\ \hline
${\pi}_R$ & 1.0 & Resistance range $< 0.1M\Omega$\\ \hline
${\pi}_Q$ & 15.0 & Non-Mil spec component\\ \hline
${\pi}_E$ & 1.0 & benign ground environment\\ \hline
\hline \hline
\end{tabular}
\label{tab:resistor}
\end{table}
\frategloss
Applying equation \ref{resistorfit} with the parameters from table \ref{tab:resistor}
give the following failures in ${10}^6$ hours:
\begin{equation}
0.00092 \times 1.0 \times 15.0 \times 1.0 = 0.0138 \;{failures}/{{10}^{6} Hours}
\label{eqn:resistor}
\end{equation}
While MIL-HDBK-217F gives MTTF for a wide range of common components,
it does not specify how the components will fail (in this case OPEN or SHORT).
%
Some standards, notably EN298 only consider most types of resistor as failing in OPEN mode.
%FMD-97 gives 27\% OPEN and 3\% SHORTED, for resistors under certain electrical and environmental stresses.
% FMD-91 gives parameter change as a third failure mode, luvvverly 08FEB2011
This example
compromises and uses a 9:1 OPEN:SHORT ratio, for resistor failure.
%
Thus for this example resistors are expected to fail OPEN in 90\% of cases and SHORTED
in the other 10\%.
A standard fixed film resistor, for use in a benign environment, non military specification at
temperatures up to {60\oc} is given a probability of 13.8 failures per billion ($10^9$)
hours of operation (see equation \ref{eqn:resistor}).
In EN61508 terminology, this figure is referred to as a Failure in Time FIT\footnote{FIT values are measured as the number of
failures per Billion (${10}^9$) hours of operation, (roughly 114,000 years). The smaller the
FIT number the more reliable the component.}.
%
The formula given for a thermistor in MIL-HDBK-217F\cite{mil1991}[9.8] is reproduced in
equation \ref{thermistorfit}. The variable meanings and values are described in table \ref{tab:thermistor}.
%
\begin{equation}
% fixed comp resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E
resistor{\lambda}_p = {\lambda}_{b}{\pi}_Q{\pi}_E
\label{thermistorfit}
\end{equation}
%
\begin{table}[ht]
\caption{Bead type Thermistor Failure in time assessment} % title of Table
\centering % used for centering table
\begin{tabular}{||c|c|l||}
\hline \hline
\em{Parameter} & \em{Value} & \em{Comments} \\
& & \\ \hline \hline
${\lambda}_{b}$ & 0.021 & stress/temp base failure rate bead thermistor \\ \hline
%${\pi}_T$ & 4.2 & max temp of $60^o$ C\\ \hline
%${\pi}_R$ & 1.0 & Resistance range $< 0.1M\Omega$\\ \hline
${\pi}_Q$ & 15.0 & Non-Mil spec component\\ \hline
${\pi}_E$ & 1.0 & benign ground environment\\ \hline
\hline \hline
\end{tabular}
\label{tab:thermistor}
\end{table}
%
\begin{equation}
0.021 \times 1.0 \times 15.0 \times 1.0 = 0.315 \; {failures}/{{10}^{6} Hours}
\label{eqn:thermistor}
\end{equation}
%
Thus thermistor, bead type, `non~military~spec' is given a FIT of 315.0.
%
\frategloss
Using the RIAC finding the following (table~\ref{tab:stat_single}) can be created which
presents the FIT values for all single failure modes.
%\glossary{name={FIT}, description={Failure in Time (FIT). The number of times a particular failure is expected to occur in a $10^{9}$ hour time period.}}
\fmmdglossFIT
%
\begin{table}[h+]
\caption{Pt100 FMEA Single // Fault Statistics} % title of Table
\centering % used for centering table
\begin{tabular}{||l|c|c|l|l||}
\hline \hline
\textbf{Test} & \textbf{Result} & \textbf{Result } & \textbf{MTTF} \\
\textbf{Case} & \textbf{sense +} & \textbf{sense -} & \textbf{per $10^9$ hours of operation} \\
% R & wire & res + & res - & description
\hline
\hline
TC:1 $R_1$ SHORT & High Fault & - & 1.38 \\ \hline
TC:2 $R_1$ OPEN & Low Fault & Low Fault & 12.42\\ \hline
\hline
TC:3 $R_3$ SHORT & Low Fault & High Fault & 31.5 \\ \hline
TC:4 $R_3$ OPEN & High Fault & Low Fault & 283.5 \\ \hline
\hline
TC:5 $R_2$ SHORT & - & Low Fault & 1.38 \\
TC:6 $R_2$ OPEN & High Fault & High Fault & 12.42 \\ \hline
\hline
\end{tabular}
\label{tab:stat_single}
\end{table}
%
\frategloss
%
The FIT for the circuit as a whole is the sum of MTTF values for all the
test cases. The Pt100 circuit here has a FIT of 342.6. This is a MTTF of
about $\approx 360$ years per circuit.
%
A probabilistic tree can now be drawn, with a FIT value for the Pt100
circuit and FIT values for all the component fault modes from which it was calculated.
%
From this it can be seen that the most likely fault is the thermistor going OPEN.
%
This circuit is around 10 times more likely to fail in this way than in any other.
%
If a more reliable temperature sensor was required, this would probably
be the fault~mode scrutinised first.
%
\frategloss
%
\begin{figure}[h+]
\centering
\includegraphics[width=400pt,bb=0 0 856 327,keepaspectratio=true]{./CH5_Examples/stat_single.png}
% stat_single.jpg: 856x327 pixel, 72dpi, 30.20x11.54 cm, bb=0 0 856 327
\caption{Probablistic Fault Tree : Pt100 Single Faults}
\label{fig:stat_single}
\end{figure}
%
The Pt100 analysis presents a simple result for single faults.
The next analysis phase looks at how the circuit will behave under double simultaneous failure
conditions.
%
%
\paragraph{Pt100 Example: Double Failures and statistical data.}
Because double simultaneous failure analysis can be performed under FMMD
failure rate statistics for double failures can also be determined.
%
\frategloss
%
%%
%% Need to talk abou the `detection time'
%% or `Safety Relevant Validation Time' ref can book
%% EN61508 gives detection calculations to reduce
%% statistical impacts of failures.
%%
%
Considering the failure modes to be statistically independent
the FIT values for all the combinations of
failures in the electronic examples from chapter~\ref{sec:chap5} in table~\ref{tab:ptfmea2} can be calculated.
%
The failure mode of most concern, the undetectable {\textbf{FLOATING}} condition,
requires that resistors $R_1$ and $R_2$ both fail.
%
Multiplying the MTTF probabilities for these types of resistor failing gives the MTTF for both failing.
%
The FIT value of 12.42 corresponds to $12.42 \times {10}^{-9}$ failures per hour.
%
Squaring this gives $ 154.3 \times {10}^{-18} $.
%
This is an astronomically small MTTF, and so small that it would
probably fall below a threshold to sensibly consider.
%
However, it is very interesting from a failure analysis perspective,
because an undetectable fault (at least at this
level in the FMMD hierarchy) has been revealed.
%
This means that should it be required to cope with
this fault, a new way of detecting this
condition must be engineered, perhaps in higher levels of the system/FMMD hierarchy.
%
\paragraph{MTTF statistics and FMMD hierarchies.}
%
In a large FMMD model, system/top level failures can be traced
down to {\bc} {\fms}.
%
To determine the MTTF probability
for a system level failure,
the MTTF statistics are added for all its possible causes.
%
Thus even for large FMMD models accurate
statistics for electronic sourced failures can be calculated.
%
%\glossary{name={FIT}, description={Failure in Time (FIT). The number of times a particular failure is expected to occur in a $10^{9}$ hour time period. Associated with continuous demand systems under EN61508~\cite{en61508}}}
%
\frategloss
\fmmdglossFIT
%
\subsection{Deriving FTA diagrams from FMMD models}
\label{sec:fta}
@ -613,7 +399,7 @@ thus it can be verified that all
failure modes from the electronics module have been dealt
with by the controlling software.
%
If not, they would be an un-handled error condition relating to the software hardware interface.
If not, they would be an un-handled error condition relating to the software/hardware interface.
%
This again can be flagged using an automated tool.
%

263
submission_thesis/appendixes/detailed_analysis.tex
View File

@ -99,8 +99,8 @@ FMEA study of a resistor and capacitor in use as a phase changer.
\end{tabular}
\end{table}
Collecting symptoms from table~\ref{tbl:bubbalargefg} we can show that for single failure modes, applying $fm$ to the bubba oscillator
returns three failure modes,
Collecting symptoms from table~\ref{tbl:bubbalargefg} it can be shown that for single failure modes, applying $fm$ to the bubba oscillator
gives three failure modes:
%
$$ fm(BubbaOscillator) = \{ NO_{osc}, HI_{fosc}\} . $$ %, LO_{fosc} \} . $$
@ -140,7 +140,7 @@ $$ fm(BubbaOscillator) = \{ NO_{osc}, HI_{fosc}\} . $$ %, LO_{fosc} \} . $$
\end{table}
collecting symptoms from table~\ref{tbl:buff45}, we can create a derived component $BUFF45$ which has the following failure modes:
collecting symptoms from table~\ref{tbl:buff45}, a derived component $BUFF45$ is created which has the following failure modes:
$$
fm (BUFF45) = \{ 0\_phaseshift, NO\_signal .\} % 90\_phaseshift,
$$
@ -186,7 +186,7 @@ $$
\end{table}
%
%
Collecting symptoms from table~\ref{tbl:phs135buffered}, we can create a derived component $PHS135BUFFERED$ which has the following failure modes:
Collecting symptoms from table~\ref{tbl:phs135buffered}, a derived component $PHS135BUFFERED$ is created which has the following failure modes:
$$
fm (PHS135BUFFERED) = \{ 90\_phaseshift, NO\_signal .\} % 180\_phaseshift,
$$
@ -222,7 +222,7 @@ $$
\end{tabular}
\end{table}
%
Applying FMMD we create a derived component $PHS225AMP$ which has the following failure modes:
Applying FMMD a derived component $PHS225AMP$ is created which has the following failure modes:
$$
fm (PHS225AMP) = \{ 180\_phaseshift, NO\_signal .\} % 270\_phaseshift,
$$
@ -260,7 +260,7 @@ $$
\end{tabular}
\end{table}
%
Collecting symptoms from table~\ref{tbl:bubba2}, we can create a derived component $BUBBAOSC$ which has the following failure modes:
Collecting symptoms from table~\ref{tbl:bubba2}, a derived component $BUBBAOSC$ is created which has the following failure modes:
$$
fm (BUBBAOSC) = \{ HI_{osc}, NO\_signal .\} % LO_{fosc},
$$
@ -307,7 +307,7 @@ $$
\end{tabular}
\end{table}
Collecting the {\dc} failure modes of
$SUMJINT$ we obtain $$\{ V_{in} DOM, V_{fb} DOM, NO\_INTEGRATION, HIGH, LOW \} .$$
$SUMJINT$ gives $$\{ V_{in} DOM, V_{fb} DOM, NO\_INTEGRATION, HIGH, LOW \} .$$
\clearpage
@ -362,7 +362,7 @@ $SUMJINT$ we obtain $$\{ V_{in} DOM, V_{fb} DOM, NO\_INTEGRATION, HIGH, LOW \
\end{tabular}
\end{table}
We collect the symptoms of failure $\{ LOW, HIGH, LOW\_{SLEW} \}$.
The symptoms of failure, i.e. $\{ LOW, HIGH, LOW\_{SLEW} \}$ are collected.
\clearpage
@ -392,7 +392,7 @@ We collect the symptoms of failure $\{ LOW, HIGH, LOW\_{SLEW} \}$.
\end{tabular}
\end{table}
We collect the symptoms of failure $\{ LOW, STOPPED \}$.
The symptoms of failure i.e. $\{ LOW, STOPPED \}$ are collected.
\clearpage
@ -425,7 +425,7 @@ We collect the symptoms of failure $\{ LOW, STOPPED \}$.
\end{tabular}
\end{table}
We now collect the symptoms of failure $\{ OUTPUT STUCK , REDUCED\_INTEGRATION \}$, and create a {\dc}
The symptoms of failure $\{ OUTPUT STUCK , REDUCED\_INTEGRATION \}$ collected , a {\dc} created
called $BISJ$.
\clearpage
@ -459,8 +459,8 @@ called $BISJ$.
\end{tabular}
\end{table}
We now collect symptoms $\{OUTPUT STUCK, LOW\_SLEW\}$ and create a {\dc} %at the third level of symptom abstraction
called $FFB$.
Symptoms of failure are collected $\{OUTPUT STUCK, LOW\_SLEW\}$ and a {\dc} %at the third level of symptom abstraction
called $FFB$ created.
\clearpage
\subsection{FMMD Analysis of \sd : SDADC}
@ -490,11 +490,11 @@ called $FFB$.
\end{tabular}
\end{table}
%\clearpage
We now collect the symptoms for the \sd
The symptoms for the \sd are collected
$$ \; \{OUTPUT\_OUT\_OF\_RANGE, OUTPUT\_INCORRECT\}.$$
We can now create a {\dc} to represent the analogue to digital converter, $SDADC$.
A {\dc} is created to represent the failure behaviour of the analogue to digital converter, $SDADC$.
$$fm(SSDADC) = \{OUTPUT\_OUT\_OF\_RANGE, OUTPUT\_INCORRECT\}$$
\fmmdglossADC
\clearpage
@ -541,6 +541,7 @@ FMMD analysis tables from chapter~\ref{sec:chap6}.
\end{tabular}
\end{table}
}
\fmmdglossADC
\clearpage
\subsection{ Get\_Temperature: Failure Mode Effects Analysis }
@ -829,7 +830,237 @@ FMMD analysis tables from chapter~\ref{sec:chap6}.
}
\clearpage
\subsection{Gnuplot script for hypothetical XFMEA FMMD reasoning distance comparision}
\subsection{Statistics and FMMD: Pt100 example for single and double failures}
\label{detailed:Pt100stats}
\paragraph{Pt100: Single Failures and statistical data.} %Mean Time to Failure}
\frategloss
From an earlier example, the model for the failure mode behaviour of the Pt100 circuit,
{\bc} {\fm} statistics are added to determine the probability of symptoms of failure.
%
The DOD electronic reliability of components
document MIL-HDBK-217F~\cite{mil1991} gives formulae for calculating
the
%$\frac{failures}{{10}^6}$
${failures}/{{10}^6}$ % looks better
in hours for a wide range of generic components
\footnote{These figures are based on components from the 1980's and MIL-HDBK-217F
can give conservative reliability figures when applied to
modern components}.
%
Using the MIL-HDBK-217F %~\cite{mil1991}
specifications for resistor and thermistor failure statistics, the reliability for the Pt100 example (see section~\ref{sec:Pt100}) is calculated below.
%
%
\paragraph{Resistor FIT Calculations.}
%
The formula given in MIL-HDBK-217F\cite{mil1991}[9.2] for a generic fixed film non-power resistor
is reproduced in equation \ref{resistorfit}. The meanings
and values assigned to its co-efficients are described in table \ref{tab:resistor}.
\fmmdglossFIT
\fmodegloss
%
\begin{equation}
% fixed comp resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E
resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E
\label{resistorfit}
\end{equation}
\begin{table}[ht]
\caption{Fixed film resistor Failure In Time (FIT) assessment.} % title of Table
\centering % used for centering table
\begin{tabular}{||c|c|l||}
\hline \hline
\em{Parameter} & \em{Value} & \em{Comments} \\
& & \\ \hline \hline
${\lambda}_{b}$ & 0.00092 & stress/temp base failure rate $60^o$ C \\ \hline
%${\pi}_T$ & 4.2 & max temp of $60^o$ C\\ \hline
${\pi}_R$ & 1.0 & Resistance range $< 0.1M\Omega$\\ \hline
${\pi}_Q$ & 15.0 & Non-Mil spec component\\ \hline
${\pi}_E$ & 1.0 & benign ground environment\\ \hline
\hline \hline
\end{tabular}
\label{tab:resistor}
\end{table}
\frategloss
Applying equation \ref{resistorfit} with the parameters from table \ref{tab:resistor}
give the following failures in ${10}^6$ hours:
\begin{equation}
0.00092 \times 1.0 \times 15.0 \times 1.0 = 0.0138 \;{failures}/{{10}^{6} Hours}
\label{eqn:resistor}
\end{equation}
While MIL-HDBK-217F gives MTTF for a wide range of common components,
it does not specify how the components will fail (in this case OPEN or SHORT).
%
Some standards, notably EN298 only consider most types of resistor as failing in OPEN mode.
%FMD-97 gives 27\% OPEN and 3\% SHORTED, for resistors under certain electrical and environmental stresses.
% FMD-91 gives parameter change as a third failure mode, luvvverly 08FEB2011
This example
compromises and uses a 9:1 OPEN:SHORT ratio, for resistor failure.
%
Thus for this example resistors are expected to fail OPEN in 90\% of cases and SHORTED
in the other 10\%.
A standard fixed film resistor, for use in a benign environment, non military specification at
temperatures up to {60\oc} is given a probability of 13.8 failures per billion ($10^9$)
hours of operation (see equation \ref{eqn:resistor}).
In EN61508 terminology, this figure is referred to as a Failure in Time FIT\footnote{FIT values are measured as the number of
failures per Billion (${10}^9$) hours of operation, (roughly 114,000 years). The smaller the
FIT number the more reliable the component.}.
%
The formula given for a thermistor in MIL-HDBK-217F\cite{mil1991}[9.8] is reproduced in
equation \ref{thermistorfit}. The variable meanings and values are described in table \ref{tab:thermistor}.
%
\begin{equation}
% fixed comp resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E
resistor{\lambda}_p = {\lambda}_{b}{\pi}_Q{\pi}_E
\label{thermistorfit}
\end{equation}
%
\begin{table}[ht]
\caption{Bead type Thermistor Failure in time assessment} % title of Table
\centering % used for centering table
\begin{tabular}{||c|c|l||}
\hline \hline
\em{Parameter} & \em{Value} & \em{Comments} \\
& & \\ \hline \hline
${\lambda}_{b}$ & 0.021 & stress/temp base failure rate bead thermistor \\ \hline
%${\pi}_T$ & 4.2 & max temp of $60^o$ C\\ \hline
%${\pi}_R$ & 1.0 & Resistance range $< 0.1M\Omega$\\ \hline
${\pi}_Q$ & 15.0 & Non-Mil spec component\\ \hline
${\pi}_E$ & 1.0 & benign ground environment\\ \hline
\hline \hline
\end{tabular}
\label{tab:thermistor}
\end{table}
%
\begin{equation}
0.021 \times 1.0 \times 15.0 \times 1.0 = 0.315 \; {failures}/{{10}^{6} Hours}
\label{eqn:thermistor}
\end{equation}
%
Thus thermistor, bead type, `non~military~spec' is given a FIT of 315.0.
%
\frategloss
Using the RIAC finding the following (table~\ref{tab:stat_single}) can be created which
presents the FIT values for all single failure modes.
%\glossary{name={FIT}, description={Failure in Time (FIT). The number of times a particular failure is expected to occur in a $10^{9}$ hour time period.}}
\fmmdglossFIT
%
\begin{table}[h+]
\caption{Pt100 FMEA Single // Fault Statistics} % title of Table
\centering % used for centering table
\begin{tabular}{||l|c|c|l|l||}
\hline \hline
\textbf{Test} & \textbf{Result} & \textbf{Result } & \textbf{MTTF} \\
\textbf{Case} & \textbf{sense +} & \textbf{sense -} & \textbf{per $10^9$ hours of operation} \\
% R & wire & res + & res - & description
\hline
\hline
TC:1 $R_1$ SHORT & High Fault & - & 1.38 \\ \hline
TC:2 $R_1$ OPEN & Low Fault & Low Fault & 12.42\\ \hline
\hline
TC:3 $R_3$ SHORT & Low Fault & High Fault & 31.5 \\ \hline
TC:4 $R_3$ OPEN & High Fault & Low Fault & 283.5 \\ \hline
\hline
TC:5 $R_2$ SHORT & - & Low Fault & 1.38 \\
TC:6 $R_2$ OPEN & High Fault & High Fault & 12.42 \\ \hline
\hline
\end{tabular}
\label{tab:stat_single}
\end{table}
%
\frategloss
%
The FIT for the circuit as a whole is the sum of MTTF values for all the
test cases. The Pt100 circuit here has a FIT of 342.6. This is a MTTF of
about $\approx 360$ years per circuit.
%
A probabilistic tree can now be drawn, with a FIT value for the Pt100
circuit and FIT values for all the component fault modes from which it was calculated.
%
From this it can be seen that the most likely fault is the thermistor going OPEN.
%
This circuit is around 10 times more likely to fail in this way than in any other.
%
If a more reliable temperature sensor was required, this would probably
be the fault~mode scrutinised first.
%
\frategloss
%
\begin{figure}[h+]
\centering
\includegraphics[width=400pt,bb=0 0 856 327,keepaspectratio=true]{./CH5_Examples/stat_single.png}
% stat_single.jpg: 856x327 pixel, 72dpi, 30.20x11.54 cm, bb=0 0 856 327
\caption{Probablistic Fault Tree : Pt100 Single Faults}
\label{fig:stat_single}
\end{figure}
%
The Pt100 analysis presents a simple result for single faults.
The next analysis phase looks at how the circuit will behave under double simultaneous failure
conditions.
%
%
\paragraph{Pt100 Example: Double Failures and statistical data.}
Because double simultaneous failure analysis can be performed under FMMD
failure rate statistics for double failures can also be determined.
%
\frategloss
%
%%
%% Need to talk abou the `detection time'
%% or `Safety Relevant Validation Time' ref can book
%% EN61508 gives detection calculations to reduce
%% statistical impacts of failures.
%%
%
Considering the failure modes to be statistically independent
the FIT values for all the combinations of
failures in the electronic examples from chapter~\ref{sec:chap5} in table~\ref{tab:ptfmea2} can be calculated.
%
The failure mode of most concern, the undetectable {\textbf{FLOATING}} condition,
requires that resistors $R_1$ and $R_2$ both fail.
%
Multiplying the MTTF probabilities for these types of resistor failing gives the MTTF for both failing.
%
The FIT value of 12.42 corresponds to $12.42 \times {10}^{-9}$ failures per hour.
%
Squaring this gives $ 154.3 \times {10}^{-18} $.
%
This is an astronomically small MTTF, and so small that it would
probably fall below a threshold to sensibly consider.
%
However, it is very interesting from a failure analysis perspective,
because an undetectable fault (at least at this
level in the FMMD hierarchy) has been revealed.
%
This means that should it be required to cope with
this fault, a new way of detecting this
condition must be engineered, perhaps in higher levels of the system/FMMD hierarchy.
%
\paragraph{MTTF statistics and FMMD hierarchies.}
%
In a large FMMD model, system/top level failures can be traced
down to {\bc} {\fms}.
%
To determine the MTTF probability
for a system level failure,
the MTTF statistics are added for all its possible causes.
%
Thus even for large FMMD models accurate
statistics for electronic sourced failures can be calculated.
%
%\glossary{name={FIT}, description={Failure in Time (FIT). The number of times a particular failure is expected to occur in a $10^{9}$ hour time period. Associated with continuous demand systems under EN61508~\cite{en61508}}}
%
\frategloss
\fmmdglossFIT
\clearpage
\subsection{Gnuplot script for hypothetical XFMEA FMMD reasoning distance comparison}
\label{sec:gnuplotxfmeafmmdcomp}
\begin{verbatim}

12
submission_thesis/style.tex
View File

@ -81,8 +81,8 @@
%\fmodegloss
\newcommand{\fmmdglossADC}{\glossary{name={system}, description={
Analogue to digital converter}}}
\newcommand{\fmmdglossADC}{\glossary{name={ADC}, description={
Analogue to digital converter, a digital device to read voltages into a computer/micro-controller}}}
\newcommand{\fmmdglossSYS}{\glossary{name={system}, description={
@ -123,6 +123,14 @@ Design FMEA. FMEA applied in design stages of a product.
Can be used as a discussion/brain~storming method to
reveal safety weakness and improve built in safety}}}
\newcommand{\fmmdglossOPAMP}{\glossary{name={Op-Amp},description={
An Operational Amplifier is a differential input high gain voltage
amplifier typically implemented in an integrated circuit and is
commonly used a building block in analogue circuit design
}}}
\newcommand{\fmmdglossPFMEA}{\glossary{name={PFMEA},description={
Production FMEA (PFMEA).
FMEA applied for cost benefit analysis typically used in mass production}}}