Merge branch 'master' of dev:/home/robin/git/thesis
This commit is contained in:
Robin Clark
commit
bdf231d60b
@ -22,7 +22,7 @@ this examines re-use of the potential divider {\dc} from section~\ref{subsec:pot
|
||||
This amplifier is analysed twice, using different compositions of {\fgs}.
|
||||
The two approaches, i.e. effects of choice of membership for {\fgs} are then discussed.
|
||||
%\
|
||||
fmmdglossOPAMP
|
||||
\fmmdglossOPAMP
|
||||
\item Section~\ref{sec:diffamp} analyses a circuit where two op-amps are used
|
||||
to create a differencing amplifier.
|
||||
Building on the two approaches from section~\ref{sec:invamp}, re-use of the non-inverting amplifier {\dc} from section~\ref{sec:invamp}
|
||||
@ -45,7 +45,7 @@ initially identified {\fgs} and the second using a more complex hierarchy of %{\
|
||||
that a finer grained/more decomposed approach offers greater efficiency and re-use possibilities in future analysis tasks.
|
||||
%
|
||||
\item Section~\ref{sec:sigmadelta} demonstrates that FMMD can be applied to mixed analogue and digital circuitry
|
||||
by applying FMMD to a sigma delta ADC.
|
||||
by analysing a sigma delta ADC.
|
||||
%shows FMMD analysing the sigma delta
|
||||
%analogue to digital converter---again with a circular signal path---which operates on both
|
||||
%analogue and digital signals.
|
||||
@ -53,6 +53,11 @@ by applying FMMD to a sigma delta ADC.
|
||||
safety critical temperature sensor circuit, analysed for single and double failure mode scenarios.
|
||||
\end{itemize}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
\clearpage
|
||||
\section{Example Analysis: Inverting OPAMP}
|
||||
%
|
||||
@ -66,6 +71,19 @@ safety critical temperature sensor circuit, analysed for single and double failu
|
||||
\label{fig:invamp}
|
||||
\end{figure}
|
||||
%
|
||||
Figure~\ref{fig:invamp} shows a standard configuration inverting amplifier.
|
||||
A valid range for the output value of this circuit is assumed.
|
||||
%
|
||||
%Thus negative or low voltages can be considered as LOW
|
||||
%and voltages higher than a given threshold considered as HIGH.
|
||||
%
|
||||
Because the amplifier inverts and the input is guaranteed positive any
|
||||
output voltage above or equal to zero would be erroneous.
|
||||
%
|
||||
This would be an `$AMP_{HIGH}$' failure symptom.
|
||||
%
|
||||
A threshold would be determined for an `$AMP_{LOW}$' failure symptom (i.e. the output voltage more negative than expected). % error given the expected input range.
|
||||
%
|
||||
%This configuration is interesting from methodology pers.
|
||||
There are two obvious ways in which this circuit can be modelled.
|
||||
%
|
||||
@ -84,6 +102,7 @@ However,
|
||||
$PD$ cannot be directly re-used, and not just because
|
||||
the potential divider is floating i.e. that the polarity of
|
||||
the R2 side of the potential divider is determined by the output from the op-amp.
|
||||
%
|
||||
\fmmdglossOPAMP
|
||||
%
|
||||
The circuit schematic stipulates that the input is positive.
|
||||
@ -99,20 +118,16 @@ In normal operation then, this is an inverted potential divider.
|
||||
It must therefore be viewed as an inverted potential divider
|
||||
and analysed as such; see table~\ref{tbl:pdneg}.
|
||||
%
|
||||
A valid range for the output value of this circuit is assumed.
|
||||
%
|
||||
Thus negative or low voltages can be considered as LOW
|
||||
and voltages higher than a given threshold considered as HIGH.
|
||||
%
|
||||
\begin{table}[h+]
|
||||
\caption{Inverted Potential divider: Single failure analysis}
|
||||
\begin{tabular}{|| l | l | c | c | l ||} \hline
|
||||
\textbf{Failure Cause} & & \textbf{Inverted Pot Div Effect} & & \textbf{Symptom} \\
|
||||
\textbf{Failure Cause} & & \textbf{Inverted Pot Divider, $IPD$, Effect} & & \textbf{Symptom} \\
|
||||
\hline
|
||||
FC1: R1 SHORT & & $HIGH$ & & $PDHigh$ \\ \hline
|
||||
FC2: R1 OPEN & & $LOW$ & & $PDLow$ \\ \hline
|
||||
FC3: R2 SHORT & & $LOW$ & & $PDLow$ \\ \hline
|
||||
FC4: R2 OPEN & & $HIGH$ & & $PDHigh$ \\ \hline
|
||||
FC1: R1 SHORT & & $HIGH$ & & $IPDHigh$ \\ \hline
|
||||
FC2: R1 OPEN & & $LOW$ & & $IPDLow$ \\ \hline
|
||||
FC3: R2 SHORT & & $LOW$ & & $IPDLow$ \\ \hline
|
||||
FC4: R2 OPEN & & $HIGH$ & & $IPDHigh$ \\ \hline
|
||||
\hline
|
||||
\end{tabular}
|
||||
\label{tbl:pdneg}
|
||||
@ -145,8 +160,8 @@ and voltages higher than a given threshold considered as HIGH.
|
||||
|
||||
% Potential divider failure modes
|
||||
%
|
||||
\node[symptom] (PDHIGH) at (\layersep*2,-0.7) {$PD_{HIGH}$};
|
||||
\node[symptom] (PDLOW) at (\layersep*2,-2.2) {$PD_{LOW}$};
|
||||
\node[symptom] (PDHIGH) at (\layersep*2,-0.5) {$IPD_{HIGH}$};
|
||||
\node[symptom] (PDLOW) at (\layersep*2,-2.4) {$IPD_{LOW}$};
|
||||
|
||||
\path (R1OPEN) edge (PDLOW);
|
||||
\path (R2SHORT) edge (PDLOW);
|
||||
@ -156,16 +171,16 @@ and voltages higher than a given threshold considered as HIGH.
|
||||
|
||||
\end{tikzpicture}
|
||||
%
|
||||
\caption{Failure symptoms of the `Inverted Potential Divider' $INVPD$}
|
||||
\caption{Failure symptoms of the `Inverted Potential Divider' $IPD$}
|
||||
\label{fig:pdneg}
|
||||
\end{figure}
|
||||
%
|
||||
%
|
||||
A {\dc} can be formed from the analysis results in table~\ref{tbl:pdneg} %this,
|
||||
and called an inverted potential divider $INVPD$.
|
||||
and called an inverted potential divider ($IPD$).
|
||||
%
|
||||
The final stage of analysis for this amplifier, is made by
|
||||
by forming a {\fg} with the OpAmp and our new {\dc} $INVPD$.
|
||||
by forming a {\fg} with the OpAmp and the new {\dc} $IPD$.
|
||||
%
|
||||
\begin{table}[h+]
|
||||
\caption{Inverting Amplifier: Single failure analysis using the $PD$ {\dc}}
|
||||
@ -175,8 +190,8 @@ by forming a {\fg} with the OpAmp and our new {\dc} $INVPD$.
|
||||
\textbf{cause} & & \textbf{ } & & \textbf{Failure Mode} \\
|
||||
|
||||
\hline
|
||||
FC1: INVPD LOW & & NEGATIVE on -input & & $ HIGH $ \\
|
||||
FC2: INVPD HIGH & & Positive on -input & & $ LOW $ \\ \hline
|
||||
FC1: IPD LOW & & Negative on -input & & $ HIGH $ \\
|
||||
FC2: IPD HIGH & & Positive on -input & & $ LOW $ \\ \hline
|
||||
|
||||
FC5: AMP L\_DN & & $ INVAMP_{low} $ & & $ LOW $ \\
|
||||
|
||||
@ -191,6 +206,7 @@ by forming a {\fg} with the OpAmp and our new {\dc} $INVPD$.
|
||||
\end{table}
|
||||
%
|
||||
%
|
||||
\clearpage
|
||||
%%This gives the same results as the analysis from figure~\ref{fig:invampanalysis}.
|
||||
%
|
||||
%
|
||||
@ -256,8 +272,8 @@ by forming a {\fg} with the OpAmp and our new {\dc} $INVPD$.
|
||||
|
||||
% Potential divider failure modes
|
||||
%
|
||||
\node[symptom] (PDHIGH) at (\layersep*2,-6) {$PD_{HIGH}$};
|
||||
\node[symptom] (PDLOW) at (\layersep*2,-7.6) {$PD_{LOW}$};
|
||||
\node[symptom] (PDHIGH) at (\layersep*2,-5.8) {$IPD_{HIGH}$};
|
||||
\node[symptom] (PDLOW) at (\layersep*2,-8.1) {$IPD_{LOW}$};
|
||||
|
||||
|
||||
|
||||
@ -270,9 +286,9 @@ by forming a {\fg} with the OpAmp and our new {\dc} $INVPD$.
|
||||
|
||||
|
||||
|
||||
\node[symptom] (AMPHIGH) at (\layersep*3.4,-3) {$AMP_{HIGH}$};
|
||||
\node[symptom] (AMPLOW) at (\layersep*3.4,-5) {$AMP_{LOW}$};
|
||||
\node[symptom] (AMPLP) at (\layersep*3.4,-7) {$LOWPASS$};
|
||||
\node[symptom] (AMPHIGH) at (\layersep*4.4,-3) {$AMP_{HIGH}$};
|
||||
\node[symptom] (AMPLOW) at (\layersep*4.4,-5) {$AMP_{LOW}$};
|
||||
\node[symptom] (AMPLP) at (\layersep*4.4,-7) {$LOWPASS$};
|
||||
|
||||
\path (PDLOW) edge (AMPHIGH);
|
||||
\path (OPAMPLU) edge (AMPHIGH);
|
||||
@ -295,25 +311,26 @@ by forming a {\fg} with the OpAmp and our new {\dc} $INVPD$.
|
||||
Failure modes for the {\dc} $INVAMP$ can be expressed thus;
|
||||
%% $$ fm(INVAMP) = \{ {lowpass}, {high}, {low} \}.$$
|
||||
$$ fm(INVAMP) = \{ HIGH, LOW, LOW PASS \} .$$
|
||||
|
||||
% \clearpage
|
||||
A DAG is drawn representing the failure mode behaviour of
|
||||
this amplifier (see figure~\ref{fig:invdag1}).
|
||||
%
|
||||
Note that this allows us
|
||||
to trace failure symptoms back to causes, i.e.
|
||||
Note that this allows failure symptoms to be traced back to causes, i.e.
|
||||
to traverse from system level or top failure modes to base component failure modes.
|
||||
%%%%% 12DEC 2012 UP to here in notes from AF email.
|
||||
%
|
||||
\clearpage
|
||||
%
|
||||
\clearpage
|
||||
\subsection{Second Approach: Inverting OpAmp analysing with three components in one larger {\fg}}
|
||||
\label{subsec:invamp2}
|
||||
|
||||
%
|
||||
The problem above is analysed without using an intermediate $INVPD$
|
||||
The problem above is analysed without using an intermediate $IPD$
|
||||
derived component.
|
||||
%
|
||||
If the input voltage was not constrained to being positive this one stage analysis would be necessary.
|
||||
%
|
||||
%
|
||||
This concern is re-visited in the differencing amplifier example in the next section.
|
||||
%We can view the failure mode mode produced with FMMD as a DAG
|
||||
%in figure~\ref{fig:
|
||||
@ -336,13 +353,13 @@ This concern is re-visited in the differencing amplifier example in the next sec
|
||||
\textbf{cause} & & \textbf{ } & & \textbf{Failure Mode} \\
|
||||
|
||||
\hline
|
||||
FS1: R1 SHORT & & NEGATIVE out of range & & $ HIGH $ \\
|
||||
FS1: R1 SHORT & & -ve in high gain & & $ LOW $ \\
|
||||
% FS1: R1 SHORT -ve in & & POSITIVE out of range & & $ OUT OF RANGE $ \\ \hline
|
||||
|
||||
FS2: R1 OPEN & & zero output & & $ LOW $ \\ \hline
|
||||
FS2: R1 OPEN & & zero volt follower & & $ HIGH $ \\ \hline
|
||||
% FS2: R1 OPEN -ve in & & zero output & & $ ZERO OUTPUT $ \\ \hline
|
||||
|
||||
FS3: R2 SHORT & & $INVAMP_{nogain} $ & & $ LOW $ \\
|
||||
FS3: R2 SHORT & & $INVAMP_{unitygain} $ & & $ HIGH $ \\
|
||||
% FS3: R2 SHORT -ve in & & $INVAMP_{nogain} $ & & $ NO GAIN $ \\ \hline
|
||||
|
||||
FS4: R2 OPEN & & NEGATIVE out of range $ $ & & $ LOW$ \\ \hline
|
||||
@ -359,16 +376,16 @@ This concern is re-visited in the differencing amplifier example in the next sec
|
||||
\label{tbl:invamp}
|
||||
\end{table}
|
||||
|
||||
\clearpage
|
||||
%\clearpage
|
||||
|
||||
\subsection{Comparison between the two approaches}
|
||||
\label{sec:invampcc}
|
||||
The first analysis used two FMMD stages.
|
||||
%
|
||||
The first stage analysed an inverted potential divider %, analyses its failure modes,
|
||||
giving the {\dc} (INVPD).
|
||||
giving the {\dc} (IPD).
|
||||
%
|
||||
The next stage analysed a {\fg} comprised of the INVPD and an OpAmp.
|
||||
The next stage analysed a {\fg} comprised of the IPD and an OpAmp.
|
||||
%
|
||||
The second analysis (3 components) looked at the effects of each failure mode of each resistor
|
||||
and the op-amp. % circuit.
|
||||
@ -1338,7 +1355,7 @@ This can be the first {\fg} and it is analysed in table~\ref{detail:SUMJINT}: %{
|
||||
%
|
||||
$$FG = \{R1, R2, IC1, C1 \} .$$
|
||||
%
|
||||
That is, the failure modes (see FMMD analysis at~\ref{detail:SUMJINT}) of our new {\dc}
|
||||
That is, the failure modes (see FMMD analysis at~\ref{detail:SUMJINT}) of the new {\dc}
|
||||
$SUMJINT$ are $$\{ V_{in} DOM, V_{fb} DOM, NO\_INTEGRATION, HIGH, LOW \} .$$
|
||||
%
|
||||
%\clearpage
|
||||
|
||||
@ -162,6 +162,56 @@ in a way that is compatible with FMEDA/EN61508.
|
||||
\fmmdglossFIT
|
||||
|
||||
|
||||
\subsection{Composition of {\fgs}.}
|
||||
|
||||
%The choice of components for a {\fg} are that they are components that
|
||||
%work together to perform a pre-defined function.work together to perform a pre-defined function.
|
||||
The members of a {\fg} are chosen to be components that work together to perform a specific function.
|
||||
%
|
||||
The choice of {\fg} membership is made by the analyst.
|
||||
%
|
||||
The act of choosing components to form a {\fg}
|
||||
raises questions about the circuit under investigation.
|
||||
%
|
||||
Ideally {\fgs} will be able to act as standalone modules.
|
||||
%
|
||||
%That is they should perform their function in the context of teir use, but
|
||||
%
|
||||
An inverting amplifier configuration, or a low pass filter are good examples of these:
|
||||
they have clear inputs and outputs, and are resilient to what they are connected to at
|
||||
the output (in electronics terms they have low output impedance).
|
||||
%
|
||||
In defining members for {\fgs} the analyst is forced to consider the interfaces between elements
|
||||
of circuitry to identify modules.
|
||||
%
|
||||
The aim is to prevent undue influence on modules identified from circuitry
|
||||
they are/may be connected to.
|
||||
%
|
||||
Consider the resistor capacitor low pass stage first looked at in example~\ref{sec:lp}. %\label{sec:lp}
|
||||
%
|
||||
This circuit element, while applying a filtering effect, has a high output impedance.
|
||||
%
|
||||
With a simple OpAmp buffer amplifier on its output stage, it becomes an effective low impedance output standalone module\footnote{A well behaved, or ideal electronics `module' will
|
||||
have a high impedance input (i.e. it will not overload and affect any driving stages) and a low output impedance (i.e. it will drive an electrical load at the output without being affected its-self).}.
|
||||
%
|
||||
The resistor/capacitor low pass stage and the OpAmp
|
||||
are good candidates therefore for being considered as a standalone module, and thus a {\fg}.
|
||||
|
||||
However, different analysts may choose different {\fgs}
|
||||
when analysing the same circuit.
|
||||
%
|
||||
This means that {\fgs} are not guaranteed to be unique.
|
||||
%
|
||||
This apparent anomaly is explored in the examples~\ref{sec:invamp},~\ref{sec:bubba} where different
|
||||
structures of the FMMD hierarchy were used to analyse the same circuitry.
|
||||
%
|
||||
The same system level failure modes were obtained, but the more de-composed examples
|
||||
offered better performance in terms of comparison complexity.
|
||||
%
|
||||
Further work may be required to apply justification for the choice of membership in {\fgs}.
|
||||
%
|
||||
For software already written this problem does not exist as the choice of membership has already been made by the programmer.
|
||||
|
||||
%
|
||||
\subsection{Deriving FTA diagrams from FMMD models}
|
||||
\label{sec:fta}
|
||||
|
||||
@ -3,6 +3,12 @@
|
||||
|
||||
all: copy bib thesis
|
||||
|
||||
dropbox:
|
||||
pdflatex thesis
|
||||
makeindex thesis.glo -s thesis.ist -t thesis.glg -o thesis.gls
|
||||
cp thesis.pdf /home/robin/Dropbox/Robin_PhD_folder/thesis
|
||||
acroread thesis.pdf || evince thesis.pdf
|
||||
|
||||
thesis:
|
||||
pdflatex thesis
|
||||
makeindex thesis.glo -s thesis.ist -t thesis.glg -o thesis.gls
|
||||
|
||||
Loading…
Reference in New Issue
Block a user