From ba38bfe6c5ee0bcb5273f0aa99a5890d859d0f00 Mon Sep 17 00:00:00 2001 From: Robin Clark Date: Fri, 3 Dec 2010 11:04:58 +0000 Subject: [PATCH] .. --- fmmd_data_model/fmmd_data_model.tex | 207 +++++++++++++++++++++++--- fmmd_data_model/paper.tex | 1 + fmmd_design_aide/fmmd_design_aide.tex | 2 +- thesis.tex | 1 + 4 files changed, 190 insertions(+), 21 deletions(-) diff --git a/fmmd_data_model/fmmd_data_model.tex b/fmmd_data_model/fmmd_data_model.tex index 1d74865..66e0ebc 100644 --- a/fmmd_data_model/fmmd_data_model.tex +++ b/fmmd_data_model/fmmd_data_model.tex @@ -174,7 +174,7 @@ Graph (DAG). % \label{fig:cfg2fmmd_data} % \end{figure} -\pagebreak[4] +%\pagebreak[4] \subsection{Find Failure Modes} Consider the SYSTEM environment with its temperature range of ${{0}\oc}$ to ${{125}\oc}$. @@ -186,7 +186,7 @@ gives the following failure modes, $fm(K) =\{ K^0_a, K^0_b, K^0_d \}$. Were our system specified for a ${{0}\oc}$ to ${{80}\oc}$ range we could say $fm(K) =\{ K^0_a, K^0_b \}$. -\pagebreak[3] +%\pagebreak[3] \paragraph{Get the failure modes from the functional groups.} Applying the function $fm$ to our functional groups, with the SYSTEM environmental constraint applied to component type `K', yields @@ -408,7 +408,7 @@ We can represent $ C^1_1 $ as an addition to the DAG (see figure \ref{fig:dag1}) \label{fig:dag1} \end{figure} -\clearpage +%n\clearpage \subsection{ Creating Derived components from $FG^0_2$ and $FG^0_3$ } Applying the FMMD process for $FG^0_2$ and $FG^0_3$. @@ -703,10 +703,10 @@ This is shown in the DAG in figure \ref{fig:dag3}. -\clearpage +%\clearpage %\pagebreak[4] \subsection{Using Derived Components in Functional Groups} - +\label{dagexample} The DAG we have in figure \ref{fig:dag3} does not yet give us SYSTEM or `top~level' failure modes. We can apply $fm$ to the derived components and @@ -976,22 +976,24 @@ at low temperatures. What we have is an inhibit condition, in this case the temperature being in range makes the particular failure mode impossible. +%[regular polygon,regular polygon sides=9] \begin{figure} \centering \begin{tikzpicture}[shorten >=1pt,->,draw=black!50, node distance=\layersep] \tikzstyle{every pin edge}=[<-,shorten <=1pt] \tikzstyle{fmmde}=[circle,fill=black!25,minimum size=17pt,inner sep=0pt] - \tikzstyle{fmmdi}=[rectangle,fill=black!25,minimum size=17pt,inner sep=0pt] + \tikzstyle{fmmdi}=[regular polygon,regular polygon sides=6,fill=black!25,minimum size=17pt,inner sep=0pt] + %\tikzstyle{fmmdi}=[rectangle,fill=black!25,minimum size=17pt,inner sep=0pt] \tikzstyle{component}=[fmmde, fill=green!50]; \tikzstyle{failure}=[fmmde, fill=red!50]; \tikzstyle{symptom}=[fmmde, fill=blue!50]; - \tikzstyle{inhibit}=[fmmdi, fill=grey!20]; + \tikzstyle{inhibit}=[fmmdi, fill=black!20]; \tikzstyle{conjunction}=[fmmde, fill=red!20]; \tikzstyle{annot} = [text width=4em, text centered] \node[component] (C-1) at (0,-2) {$C^0_1$}; - \node[fmmdi] (I-1) at (\layersep,-2) {$ > 80\oc$}; + \node[inhibit] (I-1) at (\layersep,-2) {$ > 80\oc$}; \path (C-1) edge (I-1); \node[failure] (f) at (\layersep*2,-2) {$a$}; \path (I-1) edge (f); @@ -1004,7 +1006,7 @@ being in range makes the particular failure mode impossible. \subsection{Conjunction} -Failure conjuction is simply considering, at the {\fg} analysis stage +Failure conjunction is simply considering, at the {\fg} analysis stage the possibility of two components failing within the same timeframe. We could for instance, looking at a fuel train to a burner/chemical~reactor; consider both shutoff valves failing at the same time. @@ -1044,8 +1046,8 @@ simultaneous failures may have to be considered \cite{en298}. \end{tikzpicture} % End of code - \caption{DAG representing conjuction condition on failure modes $a \wedge b \wedge c$} - \label{fig:dagconjuction} + \caption{DAG representing conjunction condition on failure modes $a \wedge b \wedge c$} + \label{fig:dagconjunction} \end{figure} \subsection{Failure Mode Conjuction Conditions represented in the DAG} @@ -1096,20 +1098,185 @@ Show how FMMD makes this tracable % clear the page if its a paper to keep the diagram out of the references \ifthenelse {\boolean{paper}} { -\clearpage +%\clearpage } { } -\section{Current Static Failure Mode Methodologies} -\ifthenelse {\boolean{paper}} -{ -paper -} -{ -chapter -} +\pagebreak[3] +\section{Failure inhibition and conjunction} + +\subsection{Inhibition} +Failure inhibition is where a failure can only become active given a pre-condition. +A component suseptible to a given temperature range +making a failure mode a possibility is an inhibit condition. + +For instance in electronics, a semi-conductor may begin to +fail at an eleveted temperature range. +Or in mechanical engineering a rubber seal may become brittle and leak +at low temperatures. + +What we have is an inhibit condition, in this case the temperature +being in range makes the particular failure mode impossible. + +The component $K$ in the DAG example (see section \ref{dagexample}), has +a failure mode $d$ that is only present at an elevated temperature +range, and has been considered as a static failure possibility in that model. + +Where dynamic modelling of environmental conditions is required, inhibit gates +need be used in the model. + + +Inhibit conditions are part of the FTA methodology.%\cite{nucfta}[IV-9]. +To ensure that FMMD can produce FTA models, support for inhibit gates has been included. +Both the NASA \cite{nasafta} and the U.S. Nuclear regulatory commission\cite{nucfta}[IV-9] use +a hexagon as a symbol for an inhibit gate in thier FTA documentation. That notation has been carried forward into FMMD. +%[regular polygon,regular polygon sides=7] + +% \begin{figure} +% \centering +% \begin{tikzpicture}[shorten >=1pt,->,draw=black!50, node distance=\layersep] +% \tikzstyle{every pin edge}=[<-,shorten <=1pt] +% \tikzstyle{fmmde}=[circle,fill=black!25,minimum size=17pt,inner sep=0pt] +% %\tikzstyle{fmmdi}=[rectangle,fill=black!25,minimum size=17pt,inner sep=0pt] +% \tikzstyle{fmmdi}=[regular polygon,regular polygon sides=6],fill=black!25,minimum size=17pt,inner sep=0pt] +% \tikzstyle{component}=[fmmde, fill=green!50]; +% \tikzstyle{failure}=[fmmde, fill=red!50]; +% \tikzstyle{symptom}=[fmmde, fill=blue!50]; +% \tikzstyle{inhibit}=[fmmdi, fill=black!20]; +% \tikzstyle{conjunction}=[fmmde, fill=red!20]; +% \tikzstyle{annot} = [text width=4em, text centered] +% +% \node[component] (C-1) at (0,-2) {$C^0_1$}; +% \node[fmmdi] (I-1) at (\layersep,-2) {$ > 80\oc$}; +% \path (C-1) edge (I-1); +% \node[failure] (f) at (\layersep*2,-2) {$a$}; +% \path (I-1) edge (f); +% +% \end{tikzpicture} +% % End of code +% \caption{DAG representing inhibit condition ($ > 80\oc$) on failure mode $a$} +% \label{fig:daginhibit} +%\end{figure} + +We can also use a failure mode as an inhibit condition. +For instance if we have a failure mode $C^0_{1a}$ that when active +makes failure mode $C^0_{1b}$ possible we can link +them using an inhibit gate as shown in figure \ref{fig:inhibitf2}. + + + + \begin{figure} + \centering + \begin{tikzpicture}[shorten >=1pt,->,draw=black!50, node distance=\layersep] + \tikzstyle{every pin edge}=[<-,shorten <=1pt] + \tikzstyle{fmmde}=[circle,fill=black!25,minimum size=17pt,inner sep=0pt] + %\tikzstyle{fmmdi}=[rectangle,fill=black!25,minimum size=17pt,inner sep=0pt] + \tikzstyle{fmmdi}=[regular polygon,regular polygon sides=6],fill=black!25,minimum size=17pt,inner sep=0pt] + \tikzstyle{component}=[fmmde, fill=green!50]; + \tikzstyle{failure}=[fmmde, fill=red!50]; + \tikzstyle{symptom}=[fmmde, fill=blue!50]; + \tikzstyle{inhibit}=[fmmdi, fill=blue!20]; + \tikzstyle{conjunction}=[fmmde, fill=red!20]; + \tikzstyle{annot} = [text width=4em, text centered] + + \node[component] (C-1) at (0,-2) {$C^0_1$}; + \node[component] (C-2) at (0,-5) {$C^0_1$}; + + \node[failure] (c1a) at (\layersep*2,-2) {$a$}; + + \node[failure] (c2a) at (\layersep*2,-5) {$b$}; + \node[failure] (c2b) at (\layersep*2,-4) {$a$}; + + \path (C-2) edge (c2a); + \path (C-2) edge (c2b); + + \node[inhibit] (I-1) at (\layersep,-2) {Inhibit}; + \path (C-1) edge (I-1); + \path (c2b) edge (I-1); + + \path (I-1) edge (c1a); + + + \end{tikzpicture} + % End of code + \caption{DAG representing inhibit of failure mode $C_{2b}$ on another failure mode $C_{1a}$} + \label{fig:daginhibit2} +\end{figure} + + + + + +\subsection{Conjunction} + +Failure conjunction is simply considering, at the {\fg} analysis stage +the possibility of two components failing within the same timeframe. +We could for instance, looking at a fuel train to a burner/chemical~reactor; +consider both shutoff valves failing at the same time. + +For high levels of safety or reliability, in critical sub-systems, all possible double +simultaneous failures may have to be considered \cite{en298}. + + + \begin{figure} + \centering + \begin{tikzpicture}[shorten >=1pt,->,draw=black!50, node distance=\layersep] + \tikzstyle{every pin edge}=[<-,shorten <=1pt] + \tikzstyle{fmmde}=[circle,fill=black!25,minimum size=17pt,inner sep=0pt] + %\tikzstyle{fmmdi}=[rectangle,fill=black!25,minimum size=17pt,inner sep=0pt] + \tikzstyle{fmmdi}=[regular polygon,regular polygon sides=6],fill=black!25,minimum size=17pt,inner sep=0pt] + \tikzstyle{component}=[fmmde, fill=green!50]; + \tikzstyle{failure}=[fmmde, fill=red!50]; + \tikzstyle{symptom}=[fmmde, fill=blue!50]; + \tikzstyle{inhibit}=[fmmdi, fill=grey!40]; + \tikzstyle{conjunction}=[fmmde, fill=red!40]; + \tikzstyle{annot} = [text width=4em, text centered] + + \node[component] (C-1) at (0,-2) {$C^0_1$}; + + \node[failure] (C-1a) at (\layersep,-1) {a}; + \node[failure] (C-1b) at (\layersep,-2) {b}; + \node[failure] (C-1c) at (\layersep,-3) {c}; + + \path (C-1) edge (C-1a); + \path (C-1) edge (C-1b); + \path (C-1) edge (C-1c); + + \node[conjunction, right of=C-1b] (CJ) {$\&$}; + + \path (C-1a) edge (CJ); + \path (C-1b) edge (CJ); + \path (C-1c) edge (CJ); + + \end{tikzpicture} + % End of code + \caption{DAG representing conjunction condition on failure modes $a \wedge b \wedge c$} + \label{fig:dagconjunction} +\end{figure} + +\subsection{Failure Mode Conjuction Conditions represented in the DAG} + +White filled node with an \& in it. + +\subsection{Inhibit Conditions represented in the DAG} + +Inhibit node type. Octagon (to follow example from FTA). + +a -> OCT + +inhibitcond-- + + +%\section{Current Static Failure Mode Methodologies} +%\ifthenelse {\boolean{paper}} +%{ +%paper +%} +%{ +%chapter +%} diff --git a/fmmd_data_model/paper.tex b/fmmd_data_model/paper.tex index b9e042a..dd4cdb7 100644 --- a/fmmd_data_model/paper.tex +++ b/fmmd_data_model/paper.tex @@ -7,6 +7,7 @@ \input{../style} \usepackage{ifthen} \usepackage{lastpage} +\usetikzlibrary{shapes,snakes} \newboolean{paper} \setboolean{paper}{true} % boolvar=true or false diff --git a/fmmd_design_aide/fmmd_design_aide.tex b/fmmd_design_aide/fmmd_design_aide.tex index 277bf55..a44b2b3 100644 --- a/fmmd_design_aide/fmmd_design_aide.tex +++ b/fmmd_design_aide/fmmd_design_aide.tex @@ -77,7 +77,7 @@ The `undetectable' failure modes undertsandably, are the most worrying for the s EN61058, the statistically based European Norm, using ratios of detected and undetected system failure modes to classify the sytems safety levels and describes sub-clasifications -for detected and undetected failure modes \cite{EN61508}. +for detected and undetected failure modes \cite{en61508}. %It is these that are, generally the ones that stand out as single %failure modes. diff --git a/thesis.tex b/thesis.tex index 8fc1a4c..c729520 100644 --- a/thesis.tex +++ b/thesis.tex @@ -3,6 +3,7 @@ \usepackage{graphicx} \usepackage{fancyhdr} \usepackage{tikz} +\usetikzlibrary{shapes,snakes} \usepackage{subfigure} \usepackage{amsfonts,amsmath,amsthm} \usepackage{algorithm}