From a6715889f059eb5ec46faf597bcb8f97b5dc2a01 Mon Sep 17 00:00:00 2001 From: "Robin P. Clark" Date: Tue, 17 Sep 2013 09:55:35 +0100 Subject: [PATCH 1/7] conclusion: prob of composition of standalone modules/{\fgs} --- submission_thesis/CH8_Conclusion/copy.tex | 44 +++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/submission_thesis/CH8_Conclusion/copy.tex b/submission_thesis/CH8_Conclusion/copy.tex index c2ceef6..eab3223 100644 --- a/submission_thesis/CH8_Conclusion/copy.tex +++ b/submission_thesis/CH8_Conclusion/copy.tex @@ -162,6 +162,50 @@ in a way that is compatible with FMEDA/EN61508. \fmmdglossFIT +\subsection{Composition of {\fgs}.} + +The choice of components for a {\fg} are that they are components that +work together to perform a pre-defined function. +% +The choice for {\fg} membership is made by the analyst. +% +The act of choosing component to comprise a {\fg} +raises questions about the circuit under investigation. +% +Ideally {\fgs} will be able to act as standalone modules. +% +An inverting amplifier configuration, or a low pass filter are good examples of these. +% +These have clear inputs and outputs, and are resilient to what they are connected to at +the output (in electronics terms they have high output impedance). +% +In defining members for {\fgs} he analyst is forced to consider the interfaces between elements +of circuitry to identify modules. +% +Consider the resistor capacitor low pass stage first looked at in example~\ref{sec:lp}. %\label{sec:lp} +% +This circuit element, while applying a filtering effect, has a low output impedance. +% +With a simple OpAmp buffer amplifier it becomes an effective, high impedance output, standalone module. +% +These two elements, the resistor capacitor low pass stage and the OpAmp +are good candidates therefore, for being considered as a standalone module, and thus a {\fg}. +% +However, different analysts may choose different {\fgs} +when analysing the same circuit. +% +This means that {\fgs} are not guaranteed to be unique. +% +This apparent anomaly is explored in the examples~\ref{sec:invamp},~\ref{sec:bubba} were different +structure of the FMMD hierarchy are used to analyse the same circuitry. +% +The same system level failure modes are obtained, but the more de-composed examples +offer better performance in terms of comparison complexity. +% +Further work may be required to apply justification for the choice of the membership in {\fgs}. +% +For software already written this problem does not exist as the choice of membership has already been made by the programmer. + % \subsection{Deriving FTA diagrams from FMMD models} \label{sec:fta} From add5adbbbe0829b1700ef9d3a35493c690c7474f Mon Sep 17 00:00:00 2001 From: "Robin P. Clark" Date: Tue, 17 Sep 2013 10:18:30 +0100 Subject: [PATCH 2/7] CH8 composition of {\fgs} --- submission_thesis/CH8_Conclusion/copy.tex | 30 +++++++++++++---------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/submission_thesis/CH8_Conclusion/copy.tex b/submission_thesis/CH8_Conclusion/copy.tex index eab3223..c1ee025 100644 --- a/submission_thesis/CH8_Conclusion/copy.tex +++ b/submission_thesis/CH8_Conclusion/copy.tex @@ -169,38 +169,42 @@ work together to perform a pre-defined function. % The choice for {\fg} membership is made by the analyst. % -The act of choosing component to comprise a {\fg} +The act of choosing components to form a {\fg} raises questions about the circuit under investigation. % Ideally {\fgs} will be able to act as standalone modules. % -An inverting amplifier configuration, or a low pass filter are good examples of these. +%That is they should perform their function in the context of teir use, but % -These have clear inputs and outputs, and are resilient to what they are connected to at +An inverting amplifier configuration, or a low pass filter are good examples of these: +they have clear inputs and outputs, and are resilient to what they are connected to at the output (in electronics terms they have high output impedance). % -In defining members for {\fgs} he analyst is forced to consider the interfaces between elements -of circuitry to identify modules. +In defining members for {\fgs} the analyst is forced to consider the interfaces between elements +of circuitry to identify modules. +% +This is to prevent undue influence on them from circuitry +they may be connected to. % Consider the resistor capacitor low pass stage first looked at in example~\ref{sec:lp}. %\label{sec:lp} % This circuit element, while applying a filtering effect, has a low output impedance. % -With a simple OpAmp buffer amplifier it becomes an effective, high impedance output, standalone module. -% -These two elements, the resistor capacitor low pass stage and the OpAmp -are good candidates therefore, for being considered as a standalone module, and thus a {\fg}. +With a simple OpAmp buffer amplifier on its output stage, it becomes an effective high impedance output standalone module. % +The resistor/capacitor low pass stage and the OpAmp +are good candidates therefore for being considered as a standalone module, and thus a {\fg}. + However, different analysts may choose different {\fgs} when analysing the same circuit. % This means that {\fgs} are not guaranteed to be unique. % -This apparent anomaly is explored in the examples~\ref{sec:invamp},~\ref{sec:bubba} were different -structure of the FMMD hierarchy are used to analyse the same circuitry. +This apparent anomaly is explored in the examples~\ref{sec:invamp},~\ref{sec:bubba} where different +structures of the FMMD hierarchy were used to analyse the same circuitry. % -The same system level failure modes are obtained, but the more de-composed examples -offer better performance in terms of comparison complexity. +The same system level failure modes were obtained, but the more de-composed examples +offered better performance in terms of comparison complexity. % Further work may be required to apply justification for the choice of the membership in {\fgs}. % From 7c1eae867f9c9cc8260b5289527f713c2755cff0 Mon Sep 17 00:00:00 2001 From: "Robin P. Clark" Date: Tue, 17 Sep 2013 10:45:01 +0100 Subject: [PATCH 3/7] typos --- submission_thesis/CH8_Conclusion/copy.tex | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/submission_thesis/CH8_Conclusion/copy.tex b/submission_thesis/CH8_Conclusion/copy.tex index c1ee025..cd18629 100644 --- a/submission_thesis/CH8_Conclusion/copy.tex +++ b/submission_thesis/CH8_Conclusion/copy.tex @@ -164,10 +164,11 @@ in a way that is compatible with FMEDA/EN61508. \subsection{Composition of {\fgs}.} -The choice of components for a {\fg} are that they are components that -work together to perform a pre-defined function. +%The choice of components for a {\fg} are that they are components that +%work together to perform a pre-defined function.work together to perform a pre-defined function. +The members of a {\fg} are chosen to be components that work together to perform a specific function. % -The choice for {\fg} membership is made by the analyst. +The choice of {\fg} membership is made by the analyst. % The act of choosing components to form a {\fg} raises questions about the circuit under investigation. @@ -178,19 +179,20 @@ Ideally {\fgs} will be able to act as standalone modules. % An inverting amplifier configuration, or a low pass filter are good examples of these: they have clear inputs and outputs, and are resilient to what they are connected to at -the output (in electronics terms they have high output impedance). +the output (in electronics terms they have low output impedance). % In defining members for {\fgs} the analyst is forced to consider the interfaces between elements of circuitry to identify modules. % -This is to prevent undue influence on them from circuitry -they may be connected to. +The aim is to prevent undue influence on modules identified from circuitry +they are/may be connected to. % Consider the resistor capacitor low pass stage first looked at in example~\ref{sec:lp}. %\label{sec:lp} % -This circuit element, while applying a filtering effect, has a low output impedance. +This circuit element, while applying a filtering effect, has a high output impedance. % -With a simple OpAmp buffer amplifier on its output stage, it becomes an effective high impedance output standalone module. +With a simple OpAmp buffer amplifier on its output stage, it becomes an effective low impedance output standalone module\footnote{A well behaved, or ideal electronics `module' will +have a high impedance input (i.e. it will not overload and affect any driving stages) and a low output impedance (i.e. it will drive an electrical load at the output without being affected its-self).}. % The resistor/capacitor low pass stage and the OpAmp are good candidates therefore for being considered as a standalone module, and thus a {\fg}. @@ -206,7 +208,7 @@ structures of the FMMD hierarchy were used to analyse the same circuitry. The same system level failure modes were obtained, but the more de-composed examples offered better performance in terms of comparison complexity. % -Further work may be required to apply justification for the choice of the membership in {\fgs}. +Further work may be required to apply justification for the choice of membership in {\fgs}. % For software already written this problem does not exist as the choice of membership has already been made by the programmer. From 33918aca848e68e314f5ba9b3619662c90b296ec Mon Sep 17 00:00:00 2001 From: "Robin P. Clark" Date: Tue, 17 Sep 2013 10:52:41 +0100 Subject: [PATCH 4/7] dropbox in make --- submission_thesis/Makefile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/submission_thesis/Makefile b/submission_thesis/Makefile index 1a603ef..bf01061 100644 --- a/submission_thesis/Makefile +++ b/submission_thesis/Makefile @@ -3,6 +3,12 @@ all: copy bib thesis +dropbox: + pdflatex thesis + makeindex thesis.glo -s thesis.ist -t thesis.glg -o thesis.gls + cp thesis.pdf /home/robin/Dropbox/Robin_PhD_folder/thesis + acroread thesis.pdf || evince thesis.pdf + thesis: pdflatex thesis makeindex thesis.glo -s thesis.ist -t thesis.glg -o thesis.gls From 082f3a513c13b2ab20f2a7ce28fd3323625efccc Mon Sep 17 00:00:00 2001 From: "Robin P. Clark" Date: Tue, 17 Sep 2013 11:46:53 +0100 Subject: [PATCH 5/7] c garret comment --- submission_thesis/CH5_Examples/copy.tex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/submission_thesis/CH5_Examples/copy.tex b/submission_thesis/CH5_Examples/copy.tex index 269d909..b3ac068 100644 --- a/submission_thesis/CH5_Examples/copy.tex +++ b/submission_thesis/CH5_Examples/copy.tex @@ -45,7 +45,7 @@ initially identified {\fgs} and the second using a more complex hierarchy of %{\ that a finer grained/more decomposed approach offers greater efficiency and re-use possibilities in future analysis tasks. % \item Section~\ref{sec:sigmadelta} demonstrates that FMMD can be applied to mixed analogue and digital circuitry -by applying FMMD to a sigma delta ADC. +by analysing a sigma delta ADC. %shows FMMD analysing the sigma delta %analogue to digital converter---again with a circular signal path---which operates on both %analogue and digital signals. From 2bb15b2dbe79abeae2e832786d4f150258d02ce2 Mon Sep 17 00:00:00 2001 From: "Robin P. Clark" Date: Tue, 17 Sep 2013 13:28:27 +0100 Subject: [PATCH 6/7] chris noticed erro in first c5 example. gone trhough this carefully. he made an error too --- submission_thesis/CH5_Examples/copy.tex | 65 ++++++++++++++----------- 1 file changed, 37 insertions(+), 28 deletions(-) diff --git a/submission_thesis/CH5_Examples/copy.tex b/submission_thesis/CH5_Examples/copy.tex index b3ac068..9b9385e 100644 --- a/submission_thesis/CH5_Examples/copy.tex +++ b/submission_thesis/CH5_Examples/copy.tex @@ -84,6 +84,7 @@ However, $PD$ cannot be directly re-used, and not just because the potential divider is floating i.e. that the polarity of the R2 side of the potential divider is determined by the output from the op-amp. +% \fmmdglossOPAMP % The circuit schematic stipulates that the input is positive. @@ -101,18 +102,25 @@ and analysed as such; see table~\ref{tbl:pdneg}. % A valid range for the output value of this circuit is assumed. % -Thus negative or low voltages can be considered as LOW -and voltages higher than a given threshold considered as HIGH. +%Thus negative or low voltages can be considered as LOW +%and voltages higher than a given threshold considered as HIGH. +% +Because the amplifier inverts and the input is guaranteed positive any +output voltage above or equal to zero would be erroneous. +% +This would be an $AMP_{HIGH}$ failure symptom. +% +A threshold would be determined for an $AMP_{LOW}$ failure symptom (i.e. the output voltage more negative than expected). % error given the expected input range. % \begin{table}[h+] \caption{Inverted Potential divider: Single failure analysis} \begin{tabular}{|| l | l | c | c | l ||} \hline - \textbf{Failure Cause} & & \textbf{Inverted Pot Div Effect} & & \textbf{Symptom} \\ + \textbf{Failure Cause} & & \textbf{Inverted Pot Divider, $IPD$, Effect} & & \textbf{Symptom} \\ \hline - FC1: R1 SHORT & & $HIGH$ & & $PDHigh$ \\ \hline - FC2: R1 OPEN & & $LOW$ & & $PDLow$ \\ \hline - FC3: R2 SHORT & & $LOW$ & & $PDLow$ \\ \hline - FC4: R2 OPEN & & $HIGH$ & & $PDHigh$ \\ \hline + FC1: R1 SHORT & & $HIGH$ & & $IPDHigh$ \\ \hline + FC2: R1 OPEN & & $LOW$ & & $IPDLow$ \\ \hline + FC3: R2 SHORT & & $LOW$ & & $IPDLow$ \\ \hline + FC4: R2 OPEN & & $HIGH$ & & $IPDHigh$ \\ \hline \hline \end{tabular} \label{tbl:pdneg} @@ -145,8 +153,8 @@ and voltages higher than a given threshold considered as HIGH. % Potential divider failure modes % - \node[symptom] (PDHIGH) at (\layersep*2,-0.7) {$PD_{HIGH}$}; - \node[symptom] (PDLOW) at (\layersep*2,-2.2) {$PD_{LOW}$}; + \node[symptom] (PDHIGH) at (\layersep*2,-0.5) {$IPD_{HIGH}$}; + \node[symptom] (PDLOW) at (\layersep*2,-2.4) {$IPD_{LOW}$}; \path (R1OPEN) edge (PDLOW); \path (R2SHORT) edge (PDLOW); @@ -156,16 +164,16 @@ and voltages higher than a given threshold considered as HIGH. \end{tikzpicture} % - \caption{Failure symptoms of the `Inverted Potential Divider' $INVPD$} + \caption{Failure symptoms of the `Inverted Potential Divider' $IPD$} \label{fig:pdneg} \end{figure} % % A {\dc} can be formed from the analysis results in table~\ref{tbl:pdneg} %this, -and called an inverted potential divider $INVPD$. +and called an inverted potential divider ($IPD$). % The final stage of analysis for this amplifier, is made by -by forming a {\fg} with the OpAmp and our new {\dc} $INVPD$. +by forming a {\fg} with the OpAmp and the new {\dc} $IPD$. % \begin{table}[h+] \caption{Inverting Amplifier: Single failure analysis using the $PD$ {\dc}} @@ -175,8 +183,8 @@ by forming a {\fg} with the OpAmp and our new {\dc} $INVPD$. \textbf{cause} & & \textbf{ } & & \textbf{Failure Mode} \\ \hline - FC1: INVPD LOW & & NEGATIVE on -input & & $ HIGH $ \\ - FC2: INVPD HIGH & & Positive on -input & & $ LOW $ \\ \hline + FC1: IPD LOW & & Negative on -input & & $ HIGH $ \\ + FC2: IPD HIGH & & Positive on -input & & $ LOW $ \\ \hline FC5: AMP L\_DN & & $ INVAMP_{low} $ & & $ LOW $ \\ @@ -256,8 +264,8 @@ by forming a {\fg} with the OpAmp and our new {\dc} $INVPD$. % Potential divider failure modes % - \node[symptom] (PDHIGH) at (\layersep*2,-6) {$PD_{HIGH}$}; - \node[symptom] (PDLOW) at (\layersep*2,-7.6) {$PD_{LOW}$}; + \node[symptom] (PDHIGH) at (\layersep*2,-5.8) {$IPD_{HIGH}$}; + \node[symptom] (PDLOW) at (\layersep*2,-8.1) {$IPD_{LOW}$}; @@ -270,9 +278,9 @@ by forming a {\fg} with the OpAmp and our new {\dc} $INVPD$. - \node[symptom] (AMPHIGH) at (\layersep*3.4,-3) {$AMP_{HIGH}$}; - \node[symptom] (AMPLOW) at (\layersep*3.4,-5) {$AMP_{LOW}$}; - \node[symptom] (AMPLP) at (\layersep*3.4,-7) {$LOWPASS$}; + \node[symptom] (AMPHIGH) at (\layersep*4.4,-3) {$AMP_{HIGH}$}; + \node[symptom] (AMPLOW) at (\layersep*4.4,-5) {$AMP_{LOW}$}; + \node[symptom] (AMPLP) at (\layersep*4.4,-7) {$LOWPASS$}; \path (PDLOW) edge (AMPHIGH); \path (OPAMPLU) edge (AMPHIGH); @@ -299,8 +307,7 @@ Failure modes for the {\dc} $INVAMP$ can be expressed thus; A DAG is drawn representing the failure mode behaviour of this amplifier (see figure~\ref{fig:invdag1}). % -Note that this allows us -to trace failure symptoms back to causes, i.e. +Note that this allows failure symptoms to be traced back to causes, i.e. to traverse from system level or top failure modes to base component failure modes. %%%%% 12DEC 2012 UP to here in notes from AF email. % @@ -310,10 +317,12 @@ to traverse from system level or top failure modes to base component failure mod \label{subsec:invamp2} % -The problem above is analysed without using an intermediate $INVPD$ +The problem above is analysed without using an intermediate $IPD$ derived component. % If the input voltage was not constrained to being positive this one stage analysis would be necessary. +% +% This concern is re-visited in the differencing amplifier example in the next section. %We can view the failure mode mode produced with FMMD as a DAG %in figure~\ref{fig: @@ -336,13 +345,13 @@ This concern is re-visited in the differencing amplifier example in the next sec \textbf{cause} & & \textbf{ } & & \textbf{Failure Mode} \\ \hline - FS1: R1 SHORT & & NEGATIVE out of range & & $ HIGH $ \\ + FS1: R1 SHORT & & -ve in high gain & & $ LOW $ \\ % FS1: R1 SHORT -ve in & & POSITIVE out of range & & $ OUT OF RANGE $ \\ \hline - FS2: R1 OPEN & & zero output & & $ LOW $ \\ \hline + FS2: R1 OPEN & & zero volt follower & & $ HIGH $ \\ \hline % FS2: R1 OPEN -ve in & & zero output & & $ ZERO OUTPUT $ \\ \hline - FS3: R2 SHORT & & $INVAMP_{nogain} $ & & $ LOW $ \\ + FS3: R2 SHORT & & $INVAMP_{unitygain} $ & & $ HIGH $ \\ % FS3: R2 SHORT -ve in & & $INVAMP_{nogain} $ & & $ NO GAIN $ \\ \hline FS4: R2 OPEN & & NEGATIVE out of range $ $ & & $ LOW$ \\ \hline @@ -366,9 +375,9 @@ This concern is re-visited in the differencing amplifier example in the next sec The first analysis used two FMMD stages. % The first stage analysed an inverted potential divider %, analyses its failure modes, -giving the {\dc} (INVPD). +giving the {\dc} (IPD). % -The next stage analysed a {\fg} comprised of the INVPD and an OpAmp. +The next stage analysed a {\fg} comprised of the IPD and an OpAmp. % The second analysis (3 components) looked at the effects of each failure mode of each resistor and the op-amp. % circuit. @@ -1338,7 +1347,7 @@ This can be the first {\fg} and it is analysed in table~\ref{detail:SUMJINT}: %{ % $$FG = \{R1, R2, IC1, C1 \} .$$ % -That is, the failure modes (see FMMD analysis at~\ref{detail:SUMJINT}) of our new {\dc} +That is, the failure modes (see FMMD analysis at~\ref{detail:SUMJINT}) of the new {\dc} $SUMJINT$ are $$\{ V_{in} DOM, V_{fb} DOM, NO\_INTEGRATION, HIGH, LOW \} .$$ % %\clearpage From 6b18adfcc3cf8f06b4ab0267d8e3d437d5c775b2 Mon Sep 17 00:00:00 2001 From: "Robin P. Clark" Date: Tue, 17 Sep 2013 13:48:34 +0100 Subject: [PATCH 7/7] jag vill har nagra kul saker.... --- submission_thesis/CH5_Examples/copy.tex | 38 +++++++++++++++---------- 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/submission_thesis/CH5_Examples/copy.tex b/submission_thesis/CH5_Examples/copy.tex index 9b9385e..cdb6b99 100644 --- a/submission_thesis/CH5_Examples/copy.tex +++ b/submission_thesis/CH5_Examples/copy.tex @@ -22,7 +22,7 @@ this examines re-use of the potential divider {\dc} from section~\ref{subsec:pot This amplifier is analysed twice, using different compositions of {\fgs}. The two approaches, i.e. effects of choice of membership for {\fgs} are then discussed. %\ -fmmdglossOPAMP +\fmmdglossOPAMP \item Section~\ref{sec:diffamp} analyses a circuit where two op-amps are used to create a differencing amplifier. Building on the two approaches from section~\ref{sec:invamp}, re-use of the non-inverting amplifier {\dc} from section~\ref{sec:invamp} @@ -53,6 +53,11 @@ by analysing a sigma delta ADC. safety critical temperature sensor circuit, analysed for single and double failure mode scenarios. \end{itemize} + + + + + \clearpage \section{Example Analysis: Inverting OPAMP} % @@ -66,6 +71,19 @@ safety critical temperature sensor circuit, analysed for single and double failu \label{fig:invamp} \end{figure} % +Figure~\ref{fig:invamp} shows a standard configuration inverting amplifier. +A valid range for the output value of this circuit is assumed. +% +%Thus negative or low voltages can be considered as LOW +%and voltages higher than a given threshold considered as HIGH. +% +Because the amplifier inverts and the input is guaranteed positive any +output voltage above or equal to zero would be erroneous. +% +This would be an `$AMP_{HIGH}$' failure symptom. +% +A threshold would be determined for an `$AMP_{LOW}$' failure symptom (i.e. the output voltage more negative than expected). % error given the expected input range. +% %This configuration is interesting from methodology pers. There are two obvious ways in which this circuit can be modelled. % @@ -100,17 +118,6 @@ In normal operation then, this is an inverted potential divider. It must therefore be viewed as an inverted potential divider and analysed as such; see table~\ref{tbl:pdneg}. % -A valid range for the output value of this circuit is assumed. -% -%Thus negative or low voltages can be considered as LOW -%and voltages higher than a given threshold considered as HIGH. -% -Because the amplifier inverts and the input is guaranteed positive any -output voltage above or equal to zero would be erroneous. -% -This would be an $AMP_{HIGH}$ failure symptom. -% -A threshold would be determined for an $AMP_{LOW}$ failure symptom (i.e. the output voltage more negative than expected). % error given the expected input range. % \begin{table}[h+] \caption{Inverted Potential divider: Single failure analysis} @@ -199,6 +206,7 @@ by forming a {\fg} with the OpAmp and the new {\dc} $IPD$. \end{table} % % +\clearpage %%This gives the same results as the analysis from figure~\ref{fig:invampanalysis}. % % @@ -303,7 +311,7 @@ by forming a {\fg} with the OpAmp and the new {\dc} $IPD$. Failure modes for the {\dc} $INVAMP$ can be expressed thus; %% $$ fm(INVAMP) = \{ {lowpass}, {high}, {low} \}.$$ $$ fm(INVAMP) = \{ HIGH, LOW, LOW PASS \} .$$ - +% \clearpage A DAG is drawn representing the failure mode behaviour of this amplifier (see figure~\ref{fig:invdag1}). % @@ -311,8 +319,8 @@ Note that this allows failure symptoms to be traced back to causes, i.e. to traverse from system level or top failure modes to base component failure modes. %%%%% 12DEC 2012 UP to here in notes from AF email. % -\clearpage % +\clearpage \subsection{Second Approach: Inverting OpAmp analysing with three components in one larger {\fg}} \label{subsec:invamp2} @@ -368,7 +376,7 @@ This concern is re-visited in the differencing amplifier example in the next sec \label{tbl:invamp} \end{table} -\clearpage +%\clearpage \subsection{Comparison between the two approaches} \label{sec:invampcc}