robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

J. Howse comments -> changes

Browse Source 
From meeting on 19NOV2010
This commit is contained in:
Robin Clark 2010-11-20 15:42:47 +00:00
parent ca2a421add
commit c479588161
4 changed files with 65 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
component_failure_modes_definition/cfg.dia
View File

Binary file not shown.

BIN
component_failure_modes_definition/cfg.jpg
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 22 KiB

After

Width:  |  Height:  |  Size: 20 KiB

82
component_failure_modes_definition/component_failure_modes_definition.tex
View File

@ -30,7 +30,15 @@ Mathematical constraints and definitions are made using set theory.
\section{Introduction} \section{Introduction}
This chapter describes the data types and concepts for the Failure Mode Modular De-composition (FMMD) method. This
\ifthenelse {\boolean{paper}}
{
paper
}
{
chapter
}
describes the data types and concepts for the Failure Mode Modular De-composition (FMMD) method.
When analysing a safety critical system using When analysing a safety critical system using
this methodology, we need clearly defined failure modes for this methodology, we need clearly defined failure modes for
all the components that are used to model the system. all the components that are used to model the system.
@ -43,7 +51,7 @@ build hierarchical bottom-up models of failure mode behaviour.
%When building a system from components, %When building a system from components,
%we should be able to find all known failure modes for each component. %we should be able to find all known failure modes for each component.
%For most common electrical and mechanical components, the failure modes %For most common electrical and mechanical components, the failure modes
%for a given type of part can be obtained from standard literature\cite{mil1991} %for a given type of part can be obtained from standard literature~\cite{mil1991}
%\cite{mech}. %The failure modes for a given component $K$ form a set $F$. %\cite{mech}. %The failure modes for a given component $K$ form a set $F$.
@ -62,8 +70,9 @@ build hierarchical bottom-up models of failure mode behaviour.
\label{fig:component} \label{fig:component}
\end{figure} \end{figure}
Let us first define a component. This is anything with which we use to build a Let us first define a component.
product or system. %This is anything with which we use to build a product or system.
This is anything we use to build a product or system.
It could be something quite complicated It could be something quite complicated
like an integrated microcontroller, or quite simple like the humble resistor. like an integrated microcontroller, or quite simple like the humble resistor.
We can define a We can define a
@ -72,7 +81,7 @@ a vendors' reference number.
What these components all have in common is that they can fail, and fail in What these components all have in common is that they can fail, and fail in
a number of well defined ways. For common components a number of well defined ways. For common components
there is established literature for the failure modes for the system designer to consider (often with accompanying statistical there is established literature for the failure modes for the system designer to consider (often with accompanying statistical
failure rates)\cite{mil1991}. For instance, a simple resistor is generally considered failure rates)~\cite{mil1991}. For instance, a simple resistor is generally considered
to fail in two ways, it can go open circuit or it can short. to fail in two ways, it can go open circuit or it can short.
Thus we can associate a set of faults to this component $ResistorFaultModes=\{OPEN, SHORT\}$. Thus we can associate a set of faults to this component $ResistorFaultModes=\{OPEN, SHORT\}$.
The UML diagram in figure The UML diagram in figure
@ -96,7 +105,7 @@ A product naturally consists of many components and these are traditionally
kept in a `parts list'. For a safety critical product this is usually a formal document kept in a `parts list'. For a safety critical product this is usually a formal document
and is used by quality inspectors to ensure the correct parts are being fitted. and is used by quality inspectors to ensure the correct parts are being fitted.
The parts list is shown for The parts list is shown for
completeness here, as people involved with PCB and electronics production, verification completeness here, as people involved with Printed Circuit Board (PCB) and electronics production, verification
and testing would want to know where it lies in the model. and testing would want to know where it lies in the model.
The parts list is not actively used in the FMMD method. The parts list is not actively used in the FMMD method.
For the UML diagram in figure \ref{fig:componentpl} the parts list is simply a collection of components. For the UML diagram in figure \ref{fig:componentpl} the parts list is simply a collection of components.
@ -119,7 +128,7 @@ we are concerned with here.}, and will
not require a vendor reference, but must be named locally in the FMMD model. not require a vendor reference, but must be named locally in the FMMD model.
We can term `modularising a system', to mean recursively breaking it into smaller sections for analysis. We can term `modularising a system', to mean recursively breaking it into smaller sections for analysis.
When modularising a system from the top~down, as in Fault Tree Analysis\cite{nasafta}\cite{nucfta} (FTA) When modularising a system from the top~down, as in Fault Tree Analysis~\cite{nasafta}\cite{nucfta} (FTA),
it is common to term the modules identified as sub-systems. it is common to term the modules identified as sub-systems.
When building from the bottom up, it is more meaningful to call them `derived~components'. When building from the bottom up, it is more meaningful to call them `derived~components'.
@ -128,23 +137,23 @@ When building from the bottom up, it is more meaningful to call them `derived~co
%% Paragraph using failure modes to build from bottom up %% Paragraph using failure modes to build from bottom up
%% %%
\section{Fault Mode Analysis, \\ top down or bottom up?} \section{Fault Mode Analysis, top down or bottom up?}
Traditional static fault analysis methods work from the top down. Traditional static fault analysis methods work from the top down.
They identify faults that can occur in a system, and then work down They identify faults that can occur in a system, and then work down
to see how they could be caused. Some apply statistical techniques to to see how they could be caused. Some apply statistical techniques to
determine the likelihood of component failures determine the likelihood of component failures
causing specific system level errors. For example, Bayes theorem \ref{bayes}, the relation between a conditional probability and its inverse, causing specific system level errors. For example, Bayes theorem \ref{bayes}, the relation between a conditional probability and its reverse,
can be applied to specific failure modes in components and the probability of them causing given system level errors. can be applied to specific failure modes in components and the probability of them causing given system level errors.
Another top down methodology is to apply cost benefit analysis Another top down methodology is to apply cost benefit analysis
to determine which faults are the highest priority to fix\cite{bfmea}. to determine which faults are the highest priority to fix~\cite{bfmea}.
The aim of FMMD analysis is to produce complete failure The aim of FMMD analysis is to produce complete failure
models of safety critical systems from the bottom-up, models of safety critical systems from the bottom-up,
starting, where possible with known base~component failure~modes. starting, where possible with known base~component failure~modes.
An advantage of working from the bottom up is that we can ensure that An advantage of working from the bottom up is that we can ensure that
all component failure modes must be considered. A top down approach all component failure modes must be considered. A top down approach
can miss individual failure modes of components\cite{faa}[Ch.~9], can miss individual failure modes of components~\cite{faa}[Ch.~9],
especially where they are non obvious top-level faults. especially where they are non obvious top-level faults.
In order to analyse from the bottom-up, we need to take In order to analyse from the bottom-up, we need to take
@ -161,8 +170,12 @@ and from this determine the failure modes of all the components that belong to i
% expand 21sep2010 % expand 21sep2010
%The `{\fg}' as used by the analyst is a collection of component failures modes. %The `{\fg}' as used by the analyst is a collection of component failures modes.
The analysts interest is the ways in which the components within the {\fg} The analysts interest is the ways in which the components within the {\fg}
can fail. All the failure modes of all the components with an {\fg} are collected can fail. All the failure modes of all the components within an {\fg} are collected.
into a flat set of failure modes. As each component mode holds a set of failure modes, these set of sets of failure modes
is converted into
into a flat set
of failure modes
(i.e. a set containg just containg failure modes not sets of failure mosdes).
% %
Each of these failure modes, and optionally combinations of them, are Each of these failure modes, and optionally combinations of them, are
formed into `test cases' which are formed into `test cases' which are
@ -180,12 +193,19 @@ with its own set of failure modes.
The process for taking a {\fg}, considering The process for taking a {\fg}, considering
all the failure modes of all the components in the group, all the failure modes of all the components in the group,
and analysing it is called `symptom abstraction' and and analysing it is called `symptom abstraction'.
\ifthenelse {\boolean{paper}}
{
}
{
This
is dealt with in detail in chapter \ref{symptom_abstraction}. is dealt with in detail in chapter \ref{symptom_abstraction}.
}
% define difference between a \fg and a \dc % define difference between a \fg and a \dc
A {\fg} is a collection of components, a {\dc} is a new `theorectical' A {\fg} is a collection of components, a {\dc} is a new `theorectical'
component which has a set of failure modes, which component which has a set of failure modes, which
correspond to the failure modes of the {\fg} is was derived from. correspond to the failure modes of the {\fg} it was derived from.
We could consider a {\fg} as a black box, or component We could consider a {\fg} as a black box, or component
to use, and in this case it would have a set of failure modes. to use, and in this case it would have a set of failure modes.
Looking at the {\fg} in this way is seeing it as a {\dc}. Looking at the {\fg} in this way is seeing it as a {\dc}.
@ -206,13 +226,13 @@ these `derived~failure~modes'.
We thus have a `new' component, or system building block, but with a known and traceable We thus have a `new' component, or system building block, but with a known and traceable
fault behaviour. fault behaviour.
The UML representation shows a `functional group' having a one to one relationship with a derived~component, The UML representation (in figure \ref{fig:cfg}) shows a `functional group' having a one to one relationship with a derived~component.
which we represent in the UML diagram in figure \ref{fig:cfg}.
The symbol $\bowtie$ is used to indicate the analysis process that takes a The symbol $\bowtie$ is used to indicate the analysis process that takes a
functional group and converts it into a new component. functional group and converts it into a new component.
This can be expresed as $ \bowtie ( FG ) \rightarrow DerivedComponent $ . with $\mathcal{FG}$ represeting the set of all functional groups, and $\mathcal{DC}$ the set of all derived components,
this can be expresed as $ \bowtie : \mathcal{FG} \rightarrow \mathcal{DC} $ .
\begin{figure}[h] \begin{figure}[h]
@ -224,7 +244,7 @@ This can be expresed as $ \bowtie ( FG ) \rightarrow DerivedComponent $ .
\end{figure} \end{figure}
\subsection{Keeping track of the derived \\ components position in the hierarchy} \subsection{Keeping track of the derived components position in the hierarchy}
The UML meta model in figure \ref{fig:cfg}, shows the relationships The UML meta model in figure \ref{fig:cfg}, shows the relationships
between the classes and sub-classes. between the classes and sub-classes.
@ -306,7 +326,7 @@ fm : \mathcal{FG} \rightarrow \mathcal{F}
\end{equation} \end{equation}
\section{Unitary State Component \\ Failure Mode sets} \section{Unitary State Component Failure Mode sets}
\paragraph{Design Descision/Constraint} \paragraph{Design Descision/Constraint}
An important factor in defining a set of failure modes is that they An important factor in defining a set of failure modes is that they
@ -325,7 +345,7 @@ within one package.
This property, failure modes being mutually exclusive, is termed `unitary state failure modes' This property, failure modes being mutually exclusive, is termed `unitary state failure modes'
in this study. in this study.
This corresponds to the `mutually exclusive' definition in This corresponds to the `mutually exclusive' definition in
probability theory \cite{probstat}. probability theory~\cite{probstat}.
\begin{definition} \begin{definition}
@ -342,7 +362,7 @@ the component failure modes in each of its members are unitary~state.
Thus if the failure modes of a component $F$ are unitary~state, we can say $F \in \mathcal{U}$ is true. Thus if the failure modes of a component $F$ are unitary~state, we can say $F \in \mathcal{U}$ is true.
\end{definition} \end{definition}
\section{Component failure modes:\\ Unitary State example} \section{Component failure modes: Unitary State example}
An example of a component with an obvious set of ``unitary~state'' failure modes is the electrical resistor. An example of a component with an obvious set of ``unitary~state'' failure modes is the electrical resistor.
@ -397,7 +417,7 @@ with several modules that could all fail simultaneously, a process
of reduction into smaller theoretical components will have to be made of reduction into smaller theoretical components will have to be made
\footnote{A modern microcontroller will typically have several modules, which are configured to operate on \footnote{A modern microcontroller will typically have several modules, which are configured to operate on
pre-assigned pins on the device. Typically voltage inputs (\adcten / \adctw), digital input and outputs, pre-assigned pins on the device. Typically voltage inputs (\adcten / \adctw), digital input and outputs,
PWM (pulse width modulation), UARTs and other modules will be found on simple cheap microcontrollers \cite{pic18f2523}}. PWM (pulse width modulation), UARTs and other modules will be found on simple cheap microcontrollers~\cite{pic18f2523}}.
For instance the voltage reading functions which consist For instance the voltage reading functions which consist
of an ADC multiplexer and ADC can be considered to be components of an ADC multiplexer and ADC can be considered to be components
inside the microcontroller package. inside the microcontroller package.
@ -410,14 +430,14 @@ in a {\fg} impractical due to the sheer size of the task.
%%- Need some refs here because that is the way gastec treat the ADC on microcontroller on the servos %%- Need some refs here because that is the way gastec treat the ADC on microcontroller on the servos
\section{Handling Simultaneous \\ Component Faults} \section{Handling Simultaneous Component Faults}
For some integrity levels of static analysis, there is a need to consider not only single For some integrity levels of static analysis, there is a need to consider not only single
failure modes in isolation, but cases where more then one failure mode may occur failure modes in isolation, but cases where more then one failure mode may occur
simultaneously. simultaneously.
Note that the `unitary state' conditions apply to failure modes within a component. Note that the `unitary state' conditions apply to failure modes within a component.
The scenarios presented here are where two or more components fail simultaneously. The scenarios presented here are where two or more components fail simultaneously.
It is an implied requirement of EN298 \cite{en298} for instance to It is an implied requirement of EN298~\cite{en298} for instance to
consider double simultaneous faults\footnote{This is under the conditions consider double simultaneous faults\footnote{This is under the conditions
of LOCKOUT in an industrial burner controller that has detected one fault already. of LOCKOUT in an industrial burner controller that has detected one fault already.
However, from the perspective of static failure mode analysis, this amounts However, from the perspective of static failure mode analysis, this amounts
@ -460,7 +480,7 @@ $$ \mathcal{P}_{1} S = \{ \{a\},\{b\},\{c\} \} $$
A $k$ combination is a subset with $k$ elements. A $k$ combination is a subset with $k$ elements.
The number of $k$ combinations (each of size $k$) from a set $S$ The number of $k$ combinations (each of size $k$) from a set $S$
with $n$ elements (size $n$) is the binomial coefficient \cite{probstat} shown in equation \ref{bico}. with $n$ elements (size $n$) is the binomial coefficient~\cite{probstat} shown in equation \ref{bico}.
\begin{equation} \begin{equation}
C^n_k = {n \choose k} = \frac{n!}{k!(n-k)!} C^n_k = {n \choose k} = \frac{n!}{k!(n-k)!}
@ -485,7 +505,7 @@ from $1$ to $cc$ thus
\subsection{Actual Number of combinations to check \\ with Unitary State Fault mode sets} \subsection{Actual Number of combinations to check with Unitary State Fault mode sets}
If all of the fault modes in $S$ were independent, If all of the fault modes in $S$ were independent,
the cardinality constrained powerset the cardinality constrained powerset
@ -502,7 +522,7 @@ For example, say
the cardinality constraint was 3, we would need to subtract both the cardinality constraint was 3, we would need to subtract both
$|{n \choose 2}|$ and $|{n \choose 3}|$ for each component in the functional~group. $|{n \choose 2}|$ and $|{n \choose 3}|$ for each component in the functional~group.
\subsubsection{Example: Two Component functional group \\ cardinality Constraint of 2} \subsubsection{Example: Two Component functional group cardinality Constraint of 2}
For example: suppose we have a simple functional group with two components R and T, of which For example: suppose we have a simple functional group with two components R and T, of which
$$fm(R) = \{R_o, R_s\}$$ and $$fm(T) = \{T_o, T_s, T_h\}$$. $$fm(R) = \{R_o, R_s\}$$ and $$fm(T) = \{T_o, T_s, T_h\}$$.
@ -545,7 +565,7 @@ $$
\pagebreak[1] \pagebreak[1]
\subsubsection{Establishing Formulae for unitary state failure mode \\ \subsubsection{Establishing Formulae for unitary state failure mode
cardinality calculation} cardinality calculation}
The cardinality constrained powerset in equation \ref{eqn:ccps}, can be modified for % corrected for The cardinality constrained powerset in equation \ref{eqn:ccps}, can be modified for % corrected for
@ -636,7 +656,7 @@ A recursive algorithm and proof is described in appendix \ref{chap:vennccps}.
%% %%
\pagebreak[1] \pagebreak[1]
\section{Component Failure Modes \\ and Statistical Sample Space} \section{Component Failure Modes and Statistical Sample Space}
%\paragraph{NOT WRITTEN YET PLEASE IGNORE} %\paragraph{NOT WRITTEN YET PLEASE IGNORE}
A sample space is defined as the set of all possible outcomes. A sample space is defined as the set of all possible outcomes.
For a component in FMMD analysis, this set of all possible outcomes is its normal correct For a component in FMMD analysis, this set of all possible outcomes is its normal correct
@ -656,7 +676,7 @@ $$ F = \Omega(C) \backslash \{OK\} $$
The $OK$ statistical case is the largest in probability, and is therefore The $OK$ statistical case is the largest in probability, and is therefore
of interest when analysing systems from a statistical perspective. of interest when analysing systems from a statistical perspective.
This is of interest for the application of conditional probability calculations This is of interest for the application of conditional probability calculations
such as Bayes theorem \cite{probstat}. such as Bayes theorem~\cite{probstat}.
%%- %%-

15
component_failure_modes_definition/paper.tex
View File

@ -4,6 +4,7 @@
\usepackage{fancyhdr} \usepackage{fancyhdr}
\usepackage{tikz} \usepackage{tikz}
\usepackage{amsfonts,amsmath,amsthm} \usepackage{amsfonts,amsmath,amsthm}
\usepackage{lastpage}
\usepackage{ifthen} \usepackage{ifthen}
\newboolean{paper} \newboolean{paper}
\setboolean{paper}{true} % boolvar=true or false \setboolean{paper}{true} % boolvar=true or false
@ -14,13 +15,21 @@
\begin{document} \begin{document}
\pagestyle{fancy} \pagestyle{fancy}
\fancyhf{}
%\renewcommand{\chaptermark}[1]{\markboth{ \emph{#1}}{}}
\fancyhead[LO]{}
\fancyhead[RE]{\leftmark}
%\fancyfoot[LE,RO]{\thepage}
\cfoot{Page \thepage\ of \pageref{LastPage}}
\rfoot{\today}
\lhead{Definitions, Components, Functional Groups and Unitary State Failure Mode Sets}
%\outerhead{{\small\bf Definitions, Components, Functional Groups and Unitary State Failure Mode Sets}} %\outerhead{{\small\bf Definitions, Components, Functional Groups and Unitary State Failure Mode Sets}}
%\innerfoot{{\small\bf R.P. Clark } } %\innerfoot{{\small\bf R.P. Clark } }
% numbers at outer edges % numbers at outer edges
\pagenumbering{arabic} % Arabic page numbers hereafter \pagenumbering{arabic} % Arabic page numbers hereafter
\author{R.P.Clark} \author{R.P.Clark}
\title{Definitions, Components, Functional Groups \\ and Unitary State Failure Mode Sets} \title{Definitions, Components, Functional Groups and Unitary State Failure Mode Sets}
\maketitle \maketitle
\input{component_failure_modes_definition_paper} \input{component_failure_modes_definition_paper}
@ -29,3 +38,7 @@
\today \today
\end{document} \end{document}
\begin{document}