Pt100 stats example moved to appendix A. Appendix A

1st person pro-noun removal process applied. Some formatting. Just waiting for Andrews "10 hour" flight comments, and perhaps some input from J Howse.
2013-09-14 09:42:19 +01:00 · 2013-09-14 09:42:19 +01:00 · b2985404ae
commit b2985404ae
parent 4c0590e3cc
6 changed files with 305 additions and 256 deletions
--- a/submission_thesis/CH2_FMEA/copy.tex
+++ b/submission_thesis/CH2_FMEA/copy.tex
@ -384,6 +384,7 @@ $$ fm(R) = \{ OPEN, SHORT \} . $$
 %
 The operational amplifier (op-amp) %is a differential amplifier and 
 is very widely used in nearly all fields of modern analogue electronics.
 \fmmdglossOPAMP
 %
 Only one of two sources of information on {\bc} {\fms} being compared
 has an entry specific to operational amplifiers (FMD-91).
@ -402,6 +403,7 @@ is applied to a typical op-amp designed for instrumentation and measurement, the
 (see figure~\ref{fig:lm258}).
 %
 The results from both sources of {\fm} definition are then compared.
 \fmmdglossOPAMP
 \paragraph{Failure Modes of an Op-Amp according to FMD-91.}
 \fmodegloss
@ -424,6 +426,7 @@ Each failure cause  is examined in turn, and mapped to potential {\fms} suitable
 investigations.
 \paragraph{Op-Amp failure cause: Poor Die attach.}
 \fmmdglossOPAMP
 The symptom for this is given as a low slew rate. 
 %
 This means that the op-amp will not react quickly to changes on its input terminals.
@ -476,7 +479,7 @@ are examined and from this its {\fms} are determined.
 Collating the op-amp failure modes from table ~\ref{tbl:lm358}  the same {\fms}
 from FMD-91 are obtained---listed in equation~\ref{eqn:opampfms}---except for
 $LOW\_SLEW$.
-
+\fmmdglossOPAMP
 %\paragraph{EN298: Open and shorted pin failure symptom determination technique}
@ -559,7 +562,7 @@ are assigned  the following failure modes:
 %
 $$ fm(OPAMP) = \{ LOW, HIGH, NOOP, LOW\_SLEW \} . $$
 %
-
+\fmmdglossOPAMP
 \subsection{Comparing the component failure mode sources: EN298 vs FMD-91}
@ -647,6 +650,7 @@ effect of this failure mode.
 %
 For instance it has been assumed that the resistor R1 going SHORT
 will not affect the ADC, the Microprocessor or the UART.
 \fmmdglossADC
 %
 %
 %
--- a/submission_thesis/CH4_FMMD/copy.tex
+++ b/submission_thesis/CH4_FMMD/copy.tex
@ -136,11 +136,12 @@ two resistors; a circuit schematic for this is shown in figure \ref{fig:noninvam
 %
 The function of the resistors in this circuit is to set the amplifier gain.
 %
 \fmmdglossOPAMP
 The resistors act as a potential divider---assuming the op-amp has high impedance---and 
 program the inverting input on the op-amp
 to balance them against the positive input, giving the voltage gain ($G_v$)
 defined by $ G_v = 1 + \frac{R2}{R1} $ at the output.
-
+\fmmdglossOPAMP
 \paragraph{Analysing the failure modes of the Potential Divider.}
 \label{subsec:potdiv}
@ -359,6 +360,7 @@ as a building block for other {\fgs} in the same way that the base components $R
 \label{sec:opamp_fms}
 %\clearpage
 Consider the op-amp as a {\bc}.
 \fmmdglossOPAMP
 %
 According to 
 FMD-91~\cite{fmd91}[3-116] an op amp may have the following failure modes %(with assigned probabilities):
@ -409,6 +411,7 @@ These op-amp failure modes are represented on the DAG in figure~\ref{fig:op1dag}
 %\paragraph{Modelling the OP amp with the potential divider.}
 The op-amp and the {\dc} {\em PD} now % andrew heavily critised this sentence but it made sense to Chris and I
 formed into a {\fg} to model the failure mode behaviour of the non-inverting amplifier.
 \fmmdglossOPAMP
 %
 %piss have the failure modes of the {\dc} for the potential divider, 
 %so we do not need to go back and consider the individual resistor failure modes that defined its behaviour.
@ -429,7 +432,7 @@ as {\fcs} in table~\ref{tbl:ampfmea1}.
 \centering % used for centering table
 \begin{tabular}{||l|c|c|l||}
 \hline \hline
-%% FIDDLINGING HATAR HAVING TO REMOVE THE TERM FAILURE SCENARIO --- whats is this the fucking
+%% FIDDLINGING HATAR HAVING TO REMOVE THE TERM FAILURE SCENARIO --- whats is this the 
 %%childrens version
 %\textbf{Failure}    & \textbf{Amplifier} &   \textbf{Derived component} \\ %Symptom}   \\
 % \textbf{Scenario} &  \textbf{Effect}      &   \textbf{Failure Modes} \\ %Description}   \\
@ -679,6 +682,7 @@ defines a `part' thus
 This definition %of a `part' 
 is useful, but consider   parts, such as quad packaged op-amps:
 in this case we have four op-amps on one chip. 
 \fmmdglossOPAMP
 %
 Using traditional  FMEA methods~\cite{sccs}[p.34] each op-amp in the package would be considered
 as a separate building block for a circuit. 
@ -697,6 +701,7 @@ used as a starting bottom-up building block.
 %This is a choice made by the analyst, often guided by the standards to which the analysis is being performed. % to. 
 %
 Both op-amps and transistors have published statistical failure rates and yet an op-amp is constructed from transistors.
 \fmmdglossOPAMP
 %
 However, a  circuit designer would usually consider individual transistors and individual op-amps
 as lowest level building blocks.
@ -1053,6 +1058,7 @@ components, {\dcs} may be used to form {\fgs}.
 Consider the hierarchy from the example in figure~\ref{fig:eulerfmmd}. % ~\ref{fig:dc2}.
 %
 The lowest level in this hierarchy are the {\bcs}, the resistors and the op-amp.
 \fmmdglossOPAMP
 %
 The resistors are collected into a {\fg}, and the ${PD}$ derived component created from its analysis, is shown enclosing R1 and R2. % above the {\fg}.
 %
--- a/submission_thesis/CH5_Examples/copy.tex
+++ b/submission_thesis/CH5_Examples/copy.tex
@ -21,7 +21,8 @@ hybrids.
 this examines re-use of the potential divider {\dc} from section~\ref{subsec:potdiv}.
 This amplifier is analysed twice, using different compositions of {\fgs}. 
 The two approaches, i.e. effects of choice of membership for {\fgs} are then discussed.
-%
+%\
 fmmdglossOPAMP
 \item Section~\ref{sec:diffamp} analyses a circuit where two op-amps are used 
 to create a differencing amplifier. 
 Building on the two approaches from section~\ref{sec:invamp}, re-use of the non-inverting amplifier {\dc} from section~\ref{sec:invamp}
@ -37,6 +38,7 @@ increasing test efficiency. This example also serves to show a deeper hierarchy
 loop topology---using a `Bubba' oscillator---demonstrating how FMMD differs from fault diagnosis techniques.
 %which uses 
 %four op-amp stages with supporting components. 
 \fmmdglossOPAMP
 Two analysis strategies are employed, one using
 initially identified {\fgs} and the second using a more complex hierarchy of %{\fgs} and 
 {\dcs} showing
@ -82,6 +84,7 @@ However,
 $PD$ cannot be directly re-used, and  not just because
 the potential divider is floating i.e. that the polarity of
 the R2 side of the potential divider is determined by the output from the op-amp.
 \fmmdglossOPAMP
 %
 The circuit schematic stipulates that the input is positive.
 %
@ -305,6 +308,7 @@ to traverse from system level or top failure modes to base component failure mod
 %
 \subsection{Second Approach: Inverting OpAmp analysing with three components in one larger {\fg}}
 \label{subsec:invamp2}
 %
 The problem above is analysed without using an intermediate $INVPD$
 derived component. 
@ -368,6 +372,7 @@ The next stage analysed a {\fg} comprised of the INVPD and an OpAmp.
 %
 The second analysis (3 components) looked at the effects of each failure mode of each resistor
 and the op-amp. % circuit. 
 \fmmdglossOPAMP
 %
 This meant more work for the analyst---that is
 an increase in the complexity of the analysis---compared to 
@ -396,7 +401,7 @@ For the unconstrained case, it is necessary to consider all three components as
 \caption{Circuit 1}
 \label{fig:circuit1}
 \end{figure}
-
+\fmmdglossOPAMP
 The circuit in figure~\ref{fig:circuit1} amplifies the difference between 
 the input voltages $+V1$ and $+V2$.
@ -524,7 +529,7 @@ Common symptoms of failure are collected.
 A derived component to represent the failure mode behaviour 
 of the differencing amplifier circuit (see figure~\ref{fig:circuit1}) is created:
 $$ fm (DiffAMP) = \{DiffAMPLow, DiffAMPHigh,  DiffAMP\_LP,  DiffAMPIncorrect\} . $$
-
+\fmmdglossOPAMP
 The failure analysis performed is represented as a directed graph in figure~\ref{fig:circuit1_dag}.
 %of the failure modes and derived components.
@ -669,11 +674,13 @@ Applying the $fm$ function yields: $$ fm(FirstOrderLP) = \{ LPnofilter,LPnosigna
 \paragraph{Addition of Buffer Amplifier: First stage.}
 %
 The op-amp IC1 is being used simply as a buffer. 
 \fmmdglossOPAMP
 %
 By placing it between the stages %next stages
 on the signal path the possibility of unwanted signal feedback is avoided.
 %
 The buffer is one of the simplest op-amp configurations.
 \fmmdglossOPAMP
 %
 It has no other components, and a {\fg} is formed
 from the $FirstOrderLP$ and the OpAmp component.
@ -784,6 +791,7 @@ As the signal has to pass through each block/stage
 in order to be `five~pole' filtered, these three blocks are brought together to form a {\fg}.
 %
 This will give a failure mode model for the whole circuit.
 \fmmdglossOPAMP
 %
 The Sallen Key stages can be indexed, 
 and these are marked on the circuit schematic in figure~\ref{fig:circuit2002_FIVEPOLE}.
@ -867,7 +875,7 @@ The FMMD hierarchy is shown in figure~\ref{fig:circuit2h}.
 \label{tbl:fivepole}
 \end{table}
 %
-% FUCKING HELL WEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
+%  
 A {\dc} is created  to represent the circuit in figure~\ref{fig:circuit2}, called
 $FivePoleLP$: applying the $fm$ function (see table~\ref{tbl:fivepole}) 
 yields $$fm(FivePoleLP) = \{ HIGH, LOW,  FilterIncorrect,  NO\_SIGNAL \}.$$
@ -880,6 +888,9 @@ is simple (as it is never inverted).
 %
 The circuit under analysis is -- as shown in the block diagram (see figure~\ref{fig:blockdiagramcircuit2}) --
 three op-amp driven non-inverting low pass filter elements. 
 \fmmdglossOPAMP
 %
 %
 %
 It is not surprising therefore that they have very similar failure modes.
 %
@ -934,7 +945,7 @@ amplifier.
 %
 These are named  $INVAMP$, $PHS45$ and $NIBUFF$ respectively.
 These {\fgs} are used to describe the circuit in block diagram form with arrows indicating the signal path, in figure~\ref{fig:bubbablock}.
-
+\fmmdglossOPAMP
 \begin{figure}[h]
 \centering
 \includegraphics[width=300pt,keepaspectratio=true]{CH5_Examples/bubba_oscillator_block_diagram.png}
@ -1282,6 +1293,7 @@ IC1,IC2 and IC3 are all OpAmps and have failure modes for this component type
 (i.e. from section~\ref{sec:opamp_fms}):
 %
 $$ fm(OPAMP) = \{ HIGH, LOW, NOOP, LOW\_SLEW \}. $$
 \fmmdglossOPAMP
 %
 The literature was examined for a failure model 
 for a D-type flip flop~\cite{fmd91}[3-105], and the CD4013B~\cite{cd4013} chosen.
@ -1342,6 +1354,7 @@ This prevents electrical loading, and thus interference with, the SUMJINT stage.
 This is simply an op-amp 
 with the input connected to the +ve input and the -ve input grounded.
 %
 \fmmdglossOPAMP
 This is an OpAmp in a signal buffer configuration
 and therefore simply has the failure modes of an Op-amp.
 %
@ -1375,6 +1388,7 @@ $$
 %
 IC3 is an op-amp and has the failure modes 
 $$fm(IC3) = \{ HIGH, LOW, NOOP, LOW\_SLEW \} . $$
 \fmmdglossOPAMP
 %
 The digital signal is supplied to the non-inverting input.
 The output is a voltage level in the analogue domain $-V$ or $+V$.
--- a/submission_thesis/CH8_Conclusion/copy.tex
+++ b/submission_thesis/CH8_Conclusion/copy.tex
@ -37,7 +37,8 @@ both in the same circuit and other circuits
 and potentially future projects as well.
 Traditional FMEA methods have been applied to software, but analysis has always been performed separately from 
-the electronic FMEA~\cite{sfmeaa,sfmea}. %, and while modular kept strictly to a bottom-up approach.
+the HFMEA~\cite{sfmeaa,sfmea}. %, and while modular kept strictly to a bottom-up approach.
 \fmmdglossHFMEA
 %
 Using established concepts from contract programming~\cite{dbcbe}  FMMD was extended to analyse software,
 which facilitated a solution to the software/hardware interfacing problem~\cite{sfmeainterface}.
@ -109,10 +110,10 @@ These are presented below.
 %
 \fmmdgloss
 \fmeagloss
-An FMMD model has a data structure (described by UML diagrams, see figure~\ref{fig:cfg}), and by traversing an FMMD hierarchy
+An FMMD model has a data structure (described by UML diagrams, see figure~\ref{fig:cfg}) and by traversing an FMMD hierarchy,
 system level failures can be mapped back to {\bc} {\fms} (or combinations thereof).
 %
-Because these mappings  can be determined reports in the traditional FMEA format (i.e. {\bc}~{\fm}~$\mapsto$~{system failure}) can be produced.
+Because these mappings can be determined, reports in the traditional FMEA format (i.e. {\bc}~{\fm}~$\mapsto$~{system failure}) can be produced.
 %
 With the addition of {\bc} {\fm} statistics~\cite{mil1991} reliability predictions for system level failures can be provided.
 %
@ -134,7 +135,7 @@ is examined in section~\ref{sec:fta}.
 \subsection{Statistics: From base component failure modes to System level events/failures.}
 \label{sec:bcstats}
-Knowing the statistical likelihood of a component failing can give a good indication
+Knowing the statistical likelihoods of a components failing can give a good indication
 of the reliability of a system, or in the case of dangerous failures, the Safety Integrity Level 
 of a system.
 %
@ -148,234 +149,19 @@ into its hierarchical model.
 Because an FMMD model can be used to generate an FMEA report, 
 with additional {\bc} failure mode statistics
 an FMEDA report can be produced.
 %
 FMMD has been applied to the Pt100 example in appendix~\ref{detailed:Pt100stats}.
 %
 This demonstrates FIT values being obtained for single and doubly sourced system failure modes
 in a way that is compatible with FMEDA/EN61508.
 %we can %therefore 
 %use FMMD to produce an FMEDA report.
 \paragraph{Pt100 Example: Single Failures and statistical data.} %Mean Time to Failure}
 \frategloss
 From an earlier example, the model for the failure mode behaviour of the Pt100 circuit,
 {\bc} {\fm} statistics are added to  determine the probability of symptoms of failure.
 %
 The DOD electronic reliability of components
 document  MIL-HDBK-217F~\cite{mil1991} gives formulae for calculating
 the
 %$\frac{failures}{{10}^6}$
 ${failures}/{{10}^6}$ % looks better
 in hours for a wide range of generic components
 \footnote{These figures are based on components from the 1980's and MIL-HDBK-217F
 can give conservative reliability figures when applied to
 modern components}. 
 %
 Using the MIL-HDBK-217F %~\cite{mil1991}  
 specifications for resistor and thermistor failure statistics, the reliability for the Pt100 example (see section~\ref{sec:Pt100}) is calculated below.
 %
 %
 \paragraph{Resistor FIT Calculations.}
 %
 The formula given in MIL-HDBK-217F\cite{mil1991}[9.2] for a generic fixed film non-power resistor
 is reproduced in equation \ref{resistorfit}. The meanings 
 and values assigned to its co-efficients are described in table \ref{tab:resistor}.
 \fmmdglossFIT
 \fmodegloss
 %
 \begin{equation}
 % fixed comp resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E
 resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E
 \label{resistorfit}
 \end{equation}
 \begin{table}[ht]
 \caption{Fixed film resistor Failure In Time (FIT) assessment.} % title of Table
 \centering % used for centering table
 \begin{tabular}{||c|c|l||}
 \hline \hline
 \em{Parameter}      &  \em{Value}    &   \em{Comments} \\
                     &                &      \\ \hline \hline
 ${\lambda}_{b}$ &  0.00092        & stress/temp base failure rate  $60^o$ C  \\   \hline
 %${\pi}_T$ &  4.2         & max temp of $60^o$ C\\ \hline
 ${\pi}_R$ &  1.0         & Resistance range $< 0.1M\Omega$\\ \hline
 ${\pi}_Q$ &  15.0         & Non-Mil spec component\\ \hline
 ${\pi}_E$ &  1.0         & benign ground environment\\ \hline
 \hline \hline
 \end{tabular}
 \label{tab:resistor}
 \end{table}
 \frategloss
 Applying equation \ref{resistorfit} with the parameters from table \ref{tab:resistor}
 give the following failures in ${10}^6$ hours:
 \begin{equation}
 0.00092 \times 1.0 \times 15.0 \times 1.0 = 0.0138  \;{failures}/{{10}^{6} Hours}
 \label{eqn:resistor}
 \end{equation}
 While MIL-HDBK-217F gives MTTF for a wide range of common components,
 it does not specify how the components will fail (in this case OPEN or SHORT). 
 %
 Some standards, notably EN298 only consider most types of resistor as failing in OPEN mode.
 %FMD-97 gives 27\% OPEN and 3\% SHORTED, for resistors under certain electrical and environmental stresses. 
 % FMD-91 gives parameter change as a third failure mode, luvvverly 08FEB2011
 This example 
 compromises and uses a 9:1 OPEN:SHORT ratio, for resistor failure. 
 %
 Thus for this example resistors are expected to fail OPEN in 90\% of cases and SHORTED 
 in the other 10\%.
 A standard fixed film resistor, for use in a benign environment, non military specification at
 temperatures up to {60\oc} is given a probability of 13.8 failures per billion ($10^9$)
 hours of operation (see equation \ref{eqn:resistor}). 
 In EN61508 terminology, this figure is referred to as a Failure in Time FIT\footnote{FIT values are measured as the number of 
 failures per Billion (${10}^9$) hours of operation, (roughly 114,000 years). The smaller the 
 FIT number the more reliable the component.}.
 %
 The formula given for a thermistor in  MIL-HDBK-217F\cite{mil1991}[9.8] is reproduced in
 equation \ref{thermistorfit}. The variable meanings and values are described in table \ref{tab:thermistor}.
 %
 \begin{equation}
 % fixed comp resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E
 resistor{\lambda}_p = {\lambda}_{b}{\pi}_Q{\pi}_E
 \label{thermistorfit}
 \end{equation}
 %
 \begin{table}[ht]
 \caption{Bead type Thermistor Failure in time assessment} % title of Table
 \centering % used for centering table
 \begin{tabular}{||c|c|l||}
 \hline \hline
 \em{Parameter}      &  \em{Value}    &   \em{Comments} \\
                     &                &      \\ \hline \hline
 ${\lambda}_{b}$ &  0.021        & stress/temp base failure rate bead thermistor \\   \hline
 %${\pi}_T$ &  4.2         & max temp of $60^o$ C\\ \hline
 %${\pi}_R$ &  1.0         & Resistance range $< 0.1M\Omega$\\ \hline
 ${\pi}_Q$ &  15.0         & Non-Mil spec component\\ \hline
 ${\pi}_E$ &  1.0         & benign ground environment\\ \hline
 \hline \hline
 \end{tabular}
 \label{tab:thermistor}
 \end{table}
 %
 \begin{equation}
 0.021 \times 1.0 \times 15.0 \times 1.0 = 0.315 \; {failures}/{{10}^{6} Hours}
 \label{eqn:thermistor}
 \end{equation}
 %
 Thus thermistor, bead type, `non~military~spec' is given a FIT of 315.0.
 %
 \frategloss
 Using the RIAC finding the following (table~\ref{tab:stat_single}) can be created which
 presents the FIT values for all single failure modes.
 %\glossary{name={FIT}, description={Failure in Time (FIT). The number of times a particular failure is expected to occur in a $10^{9}$ hour time period.}}
 \fmmdglossFIT
 %
 \begin{table}[h+]
 \caption{Pt100 FMEA Single // Fault Statistics} % title of Table
 \centering % used for centering table
 \begin{tabular}{||l|c|c|l|l||}
 \hline \hline
 \textbf{Test} & \textbf{Result} & \textbf{Result } & \textbf{MTTF}   \\
 \textbf{Case} &  \textbf{sense +} & \textbf{sense -} & \textbf{per $10^9$ hours of operation}   \\
 %   R         &    wire        & res +         & res -    & description
 \hline
 \hline
 TC:1 $R_1$ SHORT    &  High Fault        &  -       &  1.38  \\ \hline
 TC:2 $R_1$  OPEN     &  Low Fault         & Low Fault     &  12.42\\ \hline
 \hline
 TC:3 $R_3$  SHORT    &  Low Fault          & High Fault      & 31.5  \\ \hline
 TC:4 $R_3$  OPEN     &  High Fault         & Low  Fault    &   283.5 \\ \hline
 \hline
 TC:5 $R_2$ SHORT     &  -         &  Low Fault   &  1.38  \\  
 TC:6 $R_2$ OPEN     &  High Fault         & High Fault     & 12.42 \\ \hline
 \hline
 \end{tabular} 
 \label{tab:stat_single}
 \end{table}
 %
 \frategloss
 %
 The FIT for the circuit as a whole is the sum of MTTF values for all the 
 test cases. The Pt100 circuit here has a  FIT of 342.6. This is a MTTF of
 about $\approx 360$ years per circuit.
 %
 A probabilistic tree can now be drawn, with a FIT value for the Pt100
 circuit and FIT values for all the component fault modes from which  it was calculated.
 %
 From this it can be seen that  the most likely fault is the thermistor going OPEN.
 %
 This circuit is around 10 times more likely to fail in this way than in any other.
 %
 If  a more reliable temperature sensor was required, this would probably 
 be the fault~mode   scrutinised first.
 %
 \frategloss
 %
 \begin{figure}[h+]
 \centering
 \includegraphics[width=400pt,bb=0 0 856 327,keepaspectratio=true]{./CH5_Examples/stat_single.png}
 % stat_single.jpg: 856x327 pixel, 72dpi, 30.20x11.54 cm, bb=0 0 856 327
 \caption{Probablistic Fault Tree : Pt100 Single Faults}
 \label{fig:stat_single}
 \end{figure}
 %
 The Pt100 analysis presents a simple result for single faults. 
 The next analysis phase looks at how the circuit will behave under double simultaneous failure
 conditions.
 %
 %
 \paragraph{Pt100 Example: Double Failures and statistical data.}
 Because double simultaneous failure analysis can be performed under FMMD
 failure rate statistics for double failures can also be determined.
 %
 \frategloss
 % 
 %%
 %% Need to talk abou the `detection time'
 %% or `Safety Relevant Validation Time' ref can book
 %% EN61508 gives detection calculations to reduce
 %% statistical impacts of failures.
 %%
 %
 Considering the failure modes to be statistically independent  
 the FIT values for all the combinations of
 failures in the electronic examples from chapter~\ref{sec:chap5} in table~\ref{tab:ptfmea2} can be calculated. 
 %
 The failure mode of most concern, the undetectable {\textbf{FLOATING}} condition,
 requires that resistors $R_1$ and $R_2$ both fail.
 %
 Multiplying the MTTF probabilities for these types of resistor failing gives the MTTF for both failing.
 %
 The FIT value of 12.42 corresponds to $12.42 \times {10}^{-9}$ failures per hour. 
 %
 Squaring this gives $ 154.3 \times {10}^{-18} $.
 %
 This is an astronomically small MTTF, and so small that it would
 probably fall below a threshold to sensibly consider.
 %
 However, it is very interesting from a failure analysis perspective,
 because an undetectable fault  (at least at this
 level in the FMMD hierarchy) has been revealed. 
 %
 This means that should it be required to cope with
 this fault, a new way of detecting this
 condition must be engineered, perhaps in higher levels of the system/FMMD hierarchy.
 %
 \paragraph{MTTF statistics and FMMD hierarchies.}
 %
 In a large FMMD model, system/top level failures can be traced
 down to {\bc} {\fms}. 
 %
 To determine the MTTF probability
 for a system level failure,   
 the MTTF statistics are added for all its possible causes.
 %
 Thus even for large FMMD models accurate
 statistics for electronic sourced failures can be calculated.
 %
 %\glossary{name={FIT}, description={Failure in Time (FIT). The number of times a particular failure is expected to occur in a $10^{9}$ hour time period. Associated with continuous demand systems under EN61508~\cite{en61508}}}
 %
 \frategloss
 \fmmdglossFIT
 %
 \subsection{Deriving FTA diagrams from FMMD models}
 \label{sec:fta}
@ -613,7 +399,7 @@ thus it can be verified that all
 failure modes from the electronics module have been dealt
 with by the controlling software. 
 %
-If not, they would be an  un-handled error condition relating to the software hardware interface.
+If not, they would be an  un-handled error condition relating to the software/hardware interface.
 %
 This again can be flagged using an automated tool.
 %
--- a/submission_thesis/appendixes/detailed_analysis.tex
+++ b/submission_thesis/appendixes/detailed_analysis.tex
@ -99,8 +99,8 @@ FMEA study of a resistor and capacitor in use as a phase changer.
 \end{tabular}
 \end{table}  
-Collecting symptoms from table~\ref{tbl:bubbalargefg} we can show that for single failure modes, applying $fm$ to the bubba oscillator 
+Collecting symptoms from table~\ref{tbl:bubbalargefg} it can be shown that for single failure modes, applying $fm$ to the bubba oscillator 
-returns three failure modes,
+gives three failure modes:
 %
 $$ fm(BubbaOscillator) = \{ NO_{osc}, HI_{fosc}\} . $$ %, LO_{fosc} \} . $$
@ -140,7 +140,7 @@ $$ fm(BubbaOscillator) = \{ NO_{osc}, HI_{fosc}\} . $$ %, LO_{fosc} \} . $$
 \end{table} 
-collecting symptoms from table~\ref{tbl:buff45}, we can create a derived component $BUFF45$ which has the following failure modes:
+collecting symptoms from table~\ref{tbl:buff45}, a derived component $BUFF45$ is created which has the following failure modes:
 $$
 fm (BUFF45) = \{  0\_phaseshift, NO\_signal .\} % 90\_phaseshift,
 $$
@ -186,7 +186,7 @@ $$
 \end{table} 
 %
 %
-Collecting symptoms from table~\ref{tbl:phs135buffered}, we can create a derived component $PHS135BUFFERED$ which has the following failure modes:
+Collecting symptoms from table~\ref{tbl:phs135buffered}, a derived component $PHS135BUFFERED$ is created  which has the following failure modes:
 $$
 fm (PHS135BUFFERED) = \{ 90\_phaseshift,  NO\_signal .\} % 180\_phaseshift,
 $$
@ -222,7 +222,7 @@ $$
 \end{tabular}
 \end{table} 
 %
-Applying FMMD we create a derived component $PHS225AMP$ which has the following failure modes:
+Applying FMMD a derived component $PHS225AMP$ is created which has the following failure modes:
 $$
 fm (PHS225AMP) = \{ 180\_phaseshift,  NO\_signal .\} % 270\_phaseshift,
 $$
@ -260,7 +260,7 @@ $$
 \end{tabular}
 \end{table} 
 %
-Collecting symptoms from table~\ref{tbl:bubba2}, we can create a derived component $BUBBAOSC$ which has the following failure modes:
+Collecting symptoms from table~\ref{tbl:bubba2}, a derived component $BUBBAOSC$ is created  which has the following failure modes:
 $$
 fm (BUBBAOSC) = \{  HI_{osc}, NO\_signal .\} %  LO_{fosc},
 $$
@ -307,7 +307,7 @@ $$
 \end{tabular}
 \end{table}
 Collecting the {\dc} failure modes of 
-$SUMJINT$ we obtain $$\{ V_{in} DOM, V_{fb} DOM,  NO\_INTEGRATION,  HIGH, LOW  \} .$$
+$SUMJINT$ gives $$\{ V_{in} DOM, V_{fb} DOM,  NO\_INTEGRATION,  HIGH, LOW  \} .$$
 \clearpage
@ -362,7 +362,7 @@ $SUMJINT$ we obtain $$\{ V_{in} DOM, V_{fb} DOM,  NO\_INTEGRATION,  HIGH, LOW  \
 \end{tabular}
 \end{table} 
-We collect the symptoms of failure $\{ LOW, HIGH,  LOW\_{SLEW}  \}$.
+The symptoms of failure, i.e. $\{ LOW, HIGH,  LOW\_{SLEW}  \}$ are collected.
 \clearpage
@ -392,7 +392,7 @@ We collect the symptoms of failure $\{ LOW, HIGH,  LOW\_{SLEW}  \}$.
 \end{tabular}
 \end{table} 
-We collect the symptoms of failure $\{ LOW, STOPPED  \}$.
+The symptoms of failure i.e. $\{ LOW, STOPPED  \}$ are collected.
 \clearpage
@ -425,7 +425,7 @@ We collect the symptoms of failure $\{ LOW, STOPPED  \}$.
 \end{tabular}
 \end{table} 
-We now collect the symptoms of failure $\{  OUTPUT STUCK  ,  REDUCED\_INTEGRATION \}$, and create a {\dc}
+The symptoms of failure $\{  OUTPUT STUCK  ,  REDUCED\_INTEGRATION \}$ collected , a {\dc} created
 called $BISJ$.
 \clearpage
@ -459,8 +459,8 @@ called $BISJ$.
 \end{tabular}
 \end{table} 
-We now collect symptoms $\{OUTPUT STUCK, LOW\_SLEW\}$ and create a {\dc} %at the third level of symptom abstraction
+Symptoms of failure are collected $\{OUTPUT STUCK, LOW\_SLEW\}$ and a {\dc} %at the third level of symptom abstraction
-called $FFB$.
+called $FFB$ created.
 \clearpage
 \subsection{FMMD Analysis of  \sd  : SDADC}
@ -490,11 +490,11 @@ called $FFB$.
 \end{tabular}
 \end{table} 
 %\clearpage
-We now collect the symptoms for the \sd 
+The symptoms for the \sd are collected 
 $$ \; \{OUTPUT\_OUT\_OF\_RANGE, OUTPUT\_INCORRECT\}.$$
-We can now create a {\dc} to represent the analogue to digital converter, $SDADC$.
+A {\dc} is created to represent the failure behaviour of the  analogue to digital converter, $SDADC$.
 $$fm(SSDADC) = \{OUTPUT\_OUT\_OF\_RANGE, OUTPUT\_INCORRECT\}$$
-
+\fmmdglossADC
 \clearpage
@ -541,6 +541,7 @@ FMMD analysis tables from chapter~\ref{sec:chap6}.
 \end{tabular}
 \end{table}
 }
 \fmmdglossADC
 \clearpage
 \subsection{ Get\_Temperature: Failure Mode Effects Analysis }
@ -829,7 +830,237 @@ FMMD analysis tables from chapter~\ref{sec:chap6}.
 }
 \clearpage
-\subsection{Gnuplot script for hypothetical XFMEA FMMD reasoning distance comparision}
+
 \subsection{Statistics and FMMD: Pt100 example for single and double failures}
 \label{detailed:Pt100stats}
 \paragraph{Pt100: Single Failures and statistical data.} %Mean Time to Failure}
 \frategloss
 From an earlier example, the model for the failure mode behaviour of the Pt100 circuit,
 {\bc} {\fm} statistics are added to  determine the probability of symptoms of failure.
 %
 The DOD electronic reliability of components
 document  MIL-HDBK-217F~\cite{mil1991} gives formulae for calculating
 the
 %$\frac{failures}{{10}^6}$
 ${failures}/{{10}^6}$ % looks better
 in hours for a wide range of generic components
 \footnote{These figures are based on components from the 1980's and MIL-HDBK-217F
 can give conservative reliability figures when applied to
 modern components}. 
 %
 Using the MIL-HDBK-217F %~\cite{mil1991}  
 specifications for resistor and thermistor failure statistics, the reliability for the Pt100 example (see section~\ref{sec:Pt100}) is calculated below.
 %
 %
 \paragraph{Resistor FIT Calculations.}
 %
 The formula given in MIL-HDBK-217F\cite{mil1991}[9.2] for a generic fixed film non-power resistor
 is reproduced in equation \ref{resistorfit}. The meanings 
 and values assigned to its co-efficients are described in table \ref{tab:resistor}.
 \fmmdglossFIT
 \fmodegloss
 %
 \begin{equation}
 % fixed comp resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E
 resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E
 \label{resistorfit}
 \end{equation}
 \begin{table}[ht]
 \caption{Fixed film resistor Failure In Time (FIT) assessment.} % title of Table
 \centering % used for centering table
 \begin{tabular}{||c|c|l||}
 \hline \hline
 \em{Parameter}      &  \em{Value}    &   \em{Comments} \\
                     &                &      \\ \hline \hline
 ${\lambda}_{b}$ &  0.00092        & stress/temp base failure rate  $60^o$ C  \\   \hline
 %${\pi}_T$ &  4.2         & max temp of $60^o$ C\\ \hline
 ${\pi}_R$ &  1.0         & Resistance range $< 0.1M\Omega$\\ \hline
 ${\pi}_Q$ &  15.0         & Non-Mil spec component\\ \hline
 ${\pi}_E$ &  1.0         & benign ground environment\\ \hline
 \hline \hline
 \end{tabular}
 \label{tab:resistor}
 \end{table}
 \frategloss
 Applying equation \ref{resistorfit} with the parameters from table \ref{tab:resistor}
 give the following failures in ${10}^6$ hours:
 \begin{equation}
 0.00092 \times 1.0 \times 15.0 \times 1.0 = 0.0138  \;{failures}/{{10}^{6} Hours}
 \label{eqn:resistor}
 \end{equation}
 While MIL-HDBK-217F gives MTTF for a wide range of common components,
 it does not specify how the components will fail (in this case OPEN or SHORT). 
 %
 Some standards, notably EN298 only consider most types of resistor as failing in OPEN mode.
 %FMD-97 gives 27\% OPEN and 3\% SHORTED, for resistors under certain electrical and environmental stresses. 
 % FMD-91 gives parameter change as a third failure mode, luvvverly 08FEB2011
 This example 
 compromises and uses a 9:1 OPEN:SHORT ratio, for resistor failure. 
 %
 Thus for this example resistors are expected to fail OPEN in 90\% of cases and SHORTED 
 in the other 10\%.
 A standard fixed film resistor, for use in a benign environment, non military specification at
 temperatures up to {60\oc} is given a probability of 13.8 failures per billion ($10^9$)
 hours of operation (see equation \ref{eqn:resistor}). 
 In EN61508 terminology, this figure is referred to as a Failure in Time FIT\footnote{FIT values are measured as the number of 
 failures per Billion (${10}^9$) hours of operation, (roughly 114,000 years). The smaller the 
 FIT number the more reliable the component.}.
 %
 The formula given for a thermistor in  MIL-HDBK-217F\cite{mil1991}[9.8] is reproduced in
 equation \ref{thermistorfit}. The variable meanings and values are described in table \ref{tab:thermistor}.
 %
 \begin{equation}
 % fixed comp resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E
 resistor{\lambda}_p = {\lambda}_{b}{\pi}_Q{\pi}_E
 \label{thermistorfit}
 \end{equation}
 %
 \begin{table}[ht]
 \caption{Bead type Thermistor Failure in time assessment} % title of Table
 \centering % used for centering table
 \begin{tabular}{||c|c|l||}
 \hline \hline
 \em{Parameter}      &  \em{Value}    &   \em{Comments} \\
                     &                &      \\ \hline \hline
 ${\lambda}_{b}$ &  0.021        & stress/temp base failure rate bead thermistor \\   \hline
 %${\pi}_T$ &  4.2         & max temp of $60^o$ C\\ \hline
 %${\pi}_R$ &  1.0         & Resistance range $< 0.1M\Omega$\\ \hline
 ${\pi}_Q$ &  15.0         & Non-Mil spec component\\ \hline
 ${\pi}_E$ &  1.0         & benign ground environment\\ \hline
 \hline \hline
 \end{tabular}
 \label{tab:thermistor}
 \end{table}
 %
 \begin{equation}
 0.021 \times 1.0 \times 15.0 \times 1.0 = 0.315 \; {failures}/{{10}^{6} Hours}
 \label{eqn:thermistor}
 \end{equation}
 %
 Thus thermistor, bead type, `non~military~spec' is given a FIT of 315.0.
 %
 \frategloss
 Using the RIAC finding the following (table~\ref{tab:stat_single}) can be created which
 presents the FIT values for all single failure modes.
 %\glossary{name={FIT}, description={Failure in Time (FIT). The number of times a particular failure is expected to occur in a $10^{9}$ hour time period.}}
 \fmmdglossFIT
 %
 \begin{table}[h+]
 \caption{Pt100 FMEA Single // Fault Statistics} % title of Table
 \centering % used for centering table
 \begin{tabular}{||l|c|c|l|l||}
 \hline \hline
 \textbf{Test} & \textbf{Result} & \textbf{Result } & \textbf{MTTF}   \\
 \textbf{Case} &  \textbf{sense +} & \textbf{sense -} & \textbf{per $10^9$ hours of operation}   \\
 %   R         &    wire        & res +         & res -    & description
 \hline
 \hline
 TC:1 $R_1$ SHORT    &  High Fault        &  -       &  1.38  \\ \hline
 TC:2 $R_1$  OPEN     &  Low Fault         & Low Fault     &  12.42\\ \hline
 \hline
 TC:3 $R_3$  SHORT    &  Low Fault          & High Fault      & 31.5  \\ \hline
 TC:4 $R_3$  OPEN     &  High Fault         & Low  Fault    &   283.5 \\ \hline
 \hline
 TC:5 $R_2$ SHORT     &  -         &  Low Fault   &  1.38  \\  
 TC:6 $R_2$ OPEN     &  High Fault         & High Fault     & 12.42 \\ \hline
 \hline
 \end{tabular} 
 \label{tab:stat_single}
 \end{table}
 %
 \frategloss
 %
 The FIT for the circuit as a whole is the sum of MTTF values for all the 
 test cases. The Pt100 circuit here has a  FIT of 342.6. This is a MTTF of
 about $\approx 360$ years per circuit.
 %
 A probabilistic tree can now be drawn, with a FIT value for the Pt100
 circuit and FIT values for all the component fault modes from which  it was calculated.
 %
 From this it can be seen that  the most likely fault is the thermistor going OPEN.
 %
 This circuit is around 10 times more likely to fail in this way than in any other.
 %
 If  a more reliable temperature sensor was required, this would probably 
 be the fault~mode   scrutinised first.
 %
 \frategloss
 %
 \begin{figure}[h+]
 \centering
 \includegraphics[width=400pt,bb=0 0 856 327,keepaspectratio=true]{./CH5_Examples/stat_single.png}
 % stat_single.jpg: 856x327 pixel, 72dpi, 30.20x11.54 cm, bb=0 0 856 327
 \caption{Probablistic Fault Tree : Pt100 Single Faults}
 \label{fig:stat_single}
 \end{figure}
 %
 The Pt100 analysis presents a simple result for single faults. 
 The next analysis phase looks at how the circuit will behave under double simultaneous failure
 conditions.
 %
 %
 \paragraph{Pt100 Example: Double Failures and statistical data.}
 Because double simultaneous failure analysis can be performed under FMMD
 failure rate statistics for double failures can also be determined.
 %
 \frategloss
 % 
 %%
 %% Need to talk abou the `detection time'
 %% or `Safety Relevant Validation Time' ref can book
 %% EN61508 gives detection calculations to reduce
 %% statistical impacts of failures.
 %%
 %
 Considering the failure modes to be statistically independent  
 the FIT values for all the combinations of
 failures in the electronic examples from chapter~\ref{sec:chap5} in table~\ref{tab:ptfmea2} can be calculated. 
 %
 The failure mode of most concern, the undetectable {\textbf{FLOATING}} condition,
 requires that resistors $R_1$ and $R_2$ both fail.
 %
 Multiplying the MTTF probabilities for these types of resistor failing gives the MTTF for both failing.
 %
 The FIT value of 12.42 corresponds to $12.42 \times {10}^{-9}$ failures per hour. 
 %
 Squaring this gives $ 154.3 \times {10}^{-18} $.
 %
 This is an astronomically small MTTF, and so small that it would
 probably fall below a threshold to sensibly consider.
 %
 However, it is very interesting from a failure analysis perspective,
 because an undetectable fault  (at least at this
 level in the FMMD hierarchy) has been revealed. 
 %
 This means that should it be required to cope with
 this fault, a new way of detecting this
 condition must be engineered, perhaps in higher levels of the system/FMMD hierarchy.
 %
 \paragraph{MTTF statistics and FMMD hierarchies.}
 %
 In a large FMMD model, system/top level failures can be traced
 down to {\bc} {\fms}. 
 %
 To determine the MTTF probability
 for a system level failure,   
 the MTTF statistics are added for all its possible causes.
 %
 Thus even for large FMMD models accurate
 statistics for electronic sourced failures can be calculated.
 %
 %\glossary{name={FIT}, description={Failure in Time (FIT). The number of times a particular failure is expected to occur in a $10^{9}$ hour time period. Associated with continuous demand systems under EN61508~\cite{en61508}}}
 %
 \frategloss
 \fmmdglossFIT
 \clearpage
 \subsection{Gnuplot script for hypothetical XFMEA FMMD reasoning distance comparison}
 \label{sec:gnuplotxfmeafmmdcomp}
 \begin{verbatim}
--- a/submission_thesis/style.tex
+++ b/submission_thesis/style.tex
@ -81,8 +81,8 @@
 %\fmodegloss
-\newcommand{\fmmdglossADC}{\glossary{name={system}, description={
+\newcommand{\fmmdglossADC}{\glossary{name={ADC}, description={
-Analogue to digital converter}}}
+Analogue to digital converter, a digital device to read voltages into a computer/micro-controller}}}
 \newcommand{\fmmdglossSYS}{\glossary{name={system}, description={
@ -123,6 +123,14 @@ Design FMEA. FMEA applied in design stages of a product.
 Can be used as a discussion/brain~storming method to 
 reveal safety weakness and improve built in safety}}}
 \newcommand{\fmmdglossOPAMP}{\glossary{name={Op-Amp},description={
 An Operational Amplifier is a differential input high gain voltage
 amplifier typically implemented in an integrated circuit and is 
 commonly used a building block in analogue circuit design
 }}}
 \newcommand{\fmmdglossPFMEA}{\glossary{name={PFMEA},description={
 Production FMEA (PFMEA). 
 FMEA applied for cost benefit analysis typically used in mass production}}}