turd polishing

submission_thesis/CH8_Conclusion/copy.tex

@@ -1,5 +1,7 @@
 \label{sec:chap8}
+%
 \fmeagloss
+%
 This study has examined the %processes and state of the art of the 
 four main FMEA variants.
 %
@@ -150,7 +152,7 @@ Because an FMMD model can be used to generate an FMEA report,
 with additional {\bc} failure mode statistics
 an FMEDA report can be produced.
 %
-FMMD has been applied to the Pt100 example in appendix~\ref{detailed:Pt100stats}.
+FMMD has been applied with component failure statistics to the Pt100 example in appendix~\ref{detailed:Pt100stats}.
 %
 This demonstrates FIT values being obtained for single and doubly sourced system failure modes
 in a way that is compatible with FMEDA/EN61508.
@@ -282,7 +284,7 @@ be factored into the UML model.
 An undesired condition may occur where it could be necessary to inhibit some action of the system.
 This is rather like a logical guard criterion. For instance in the gas burner standard EN298 it
 states that a flame detector must confirm that a pilot flame has been established before the main burner fuel can be applied.
-In FTA terms this would be an inhibit condition on the main fuel, i.e. PILOT\_NOT\_CONFIRMED.
+In FTA terms this would be an `inhibit' condition on the main fuel, i.e. PILOT\_NOT\_CONFIRMED.
 \fmmdglossFTA
 The nature of these three attributes is examined and decisions are made as how they should fit into the UML
 model for FMMD developed in section~\ref{sec:fmmd_uml}.
@@ -316,7 +318,7 @@ are also common conditions that are considered.
 These can be broadly termed operational states. %, and apply to the 
 %functional groups.
 %
-The UML class is most appropriate to hold a relationship
+The UML class most appropriate to hold a relationship
 to operational states must be chosen.
 %
 Consider for instance an electrical circuit that has a TEST line.
@@ -415,10 +417,10 @@ sub-system it could be difficult to know
 which parts of the FMEA analysis to
 re-visit. 
 %
-For instance, which components in the system should 
+For instance, which components in the system should the
 newly discovered failure mode be checked against?
 %
-This is linked to the concepts behind
+This concern is linked to the concepts behind
 the need for failure mode coverage against all components in the system, that provoked discussions
 leading to idealised XFMEA requirements (see section~\ref{sec:reasoningdistance}).
 %
@@ -454,7 +456,7 @@ thus it can be verified that all
 failure modes from the electronics module have been dealt
 with by the controlling software. 
 %
-If not, they would be an  un-handled error condition relating to the software/hardware interface.
+If not, this would be an  un-handled error condition relating to the software/hardware interface.
 %
 This again can be flagged using an automated tool.
 %
@@ -493,12 +495,13 @@ the Human Machine Interface~(HMI)~\cite{stranks2007human}.
 \paragraph{Objective and Subjective Reasoning in FMEA: Three Mile Island nuclear accident example.}
 An example of objective and subjective factors is demonstrated in the accident report on the 1979  Three Mile Island 
 nuclear accident~\cite{safeware}[App.D]. Here, a vent valve for the primary reactor coolant (pressurised water) became stuck open.
-This condition causes an objectively derived  failure mode --- `leakage~of~coolant' --- due to a stuck valve.
+This condition caused an objectively derived  failure mode --- `leakage~of~coolant' --- due to a stuck valve.
 %
 This, if recognised correctly by the operators, would have lead quickly to a  reactor shut-down and
 a maintenance procedure  to replace the valve.
 %
-The failure was not recognised in time however, and coolant was lost
+The failure was not recognised in time %however, 
+and coolant was lost
 until a partial meltdown of the reactor fuel occurred, with a resulting
 leak of radioactive material into the environment. 
 %
@@ -506,10 +509,11 @@ For the objective failure mode determined by
 FMEA, that of leakage of coolant,
 it would not be reasonable to expect this to go unchecked and unresolved for an extended period and cause such a critical failure.
 %
-The criticality level of that accident was therefore subjective. 
+The criticality level of that {\fm} %accident 
+was therefore subjective. 
 %
 It was not known how the operators
-would have reacted, and deficiencies in the Human Machine Interface (HMI) were not a factor in the failure analysis.
+would have reacted and deficiencies in the Human Machine Interface (HMI) were not a factor in the failure analysis.
 
 
 \paragraph{Further Work: Objective and Subjective Reasoning in FMEA.}
@@ -521,6 +525,7 @@ it is often required to next determine its level of criticality, or how serious
 %
 Two methodologies have started to consider this aspect, FMECA~\cite{fmeca} with its criticality and probability factors, and 
 FMEDA~\cite{en61508,fmeda} with its classification of dangerous and safe failures.
+%
 \fmmdglossFMEDA
 \fmmdglossFMECA
 %
@@ -530,7 +535,7 @@ Accurate models of objective failure modes, are seen by the author to be a pre-r
 for subjective assessment.
 %
 The scope of FMMD is the objective level only,
-but offers significant benefits in terms of accuracy and work savings.
+but offers significant benefits in terms of accuracy and labour savings.
 %
 It also offers integrated modelling of software and hardware.
 %