robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of dev:/home/robin/git/thesis

Browse Source
This commit is contained in:
Your Name 2012-04-03 14:43:22 +01:00
commit c7de24192b
1 changed files with 94 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

173
submission_thesis/CH5_Examples/copy.tex
View File

@ -11,7 +11,7 @@ driving concept behind FMMD is to modularise, from the bottom-up, failure mode e
Traditional FMEA takes part failure modes and then determines what effect each of these Traditional FMEA takes part failure modes and then determines what effect each of these
failure modes could have on the system under investigation. failure modes could have on the system under investigation.
Traditional FMEA, by looking at `part' level failure modes Traditional FMEA, by looking at `part' level failure modes,
involves what we could term a large `reasoning~distance'; that is to say involves what we could term a large `reasoning~distance'; that is to say
in a complex system, taking a particular failure mode, of a particular part in a complex system, taking a particular failure mode, of a particular part
and then trying to predict the outcome in the context of an entire system, is and then trying to predict the outcome in the context of an entire system, is
@ -37,10 +37,10 @@ If we start building {\fgs} from derived components we can start to build a modu
hierarchical failure mode model. Modularising FMEA should give benefits of reducing reasoning distance, hierarchical failure mode model. Modularising FMEA should give benefits of reducing reasoning distance,
allowing re-use of modules and reducing the number of by-hand analysis checks to consider. allowing re-use of modules and reducing the number of by-hand analysis checks to consider.
As any form of FMEA is a bottom-up process, we start with the lowest--or most base components/parts. As all forms of FMEA are bottom-up processes, we start with the lowest or most basic components/parts.
%and with their failure modes. %and with their failure modes.
It is worth defining clearly the term part here. It is worth defining clearly the term part here.
Geoffry Hall writing in space Craft Systems Engineering~\cite{scse}[p.619], defines it thus: Geoffry Hall writing in Space Craft Systems Engineering~\cite{scse}[p.619], defines it thus:
``{Part(definition)}---The Lowest level of assembly, beyond which further disassembly irrevocably destroys the item''. ``{Part(definition)}---The Lowest level of assembly, beyond which further disassembly irrevocably destroys the item''.
In the field of electronics a resistor, capacitor and op-amp would fit this definition of a `part'. In the field of electronics a resistor, capacitor and op-amp would fit this definition of a `part'.
Failure modes for part types can be found in the literature~\cite{fmd91}\cite{mil1991}. Failure modes for part types can be found in the literature~\cite{fmd91}\cite{mil1991}.
@ -62,10 +62,11 @@ Failure modes for part types can be found in the literature~\cite{fmd91}\cite{mi
\subsection{Determining the failure modes of components} \subsection{Determining the failure modes of components}
In order to apply any form of Failure Mode Effects Analysis (FMEA) we need to know the ways in which the components we are using can fail. In order to apply any form of Failure Mode Effects Analysis (FMEA) we need to know the ways in which the components we are using can fail.
Typically when choosing components for a design, we look at manufacturers data sheets, Typically when choosing components for a design, we look at manufacturers' data sheets,
which describe the environmental ranges and tolerances, and can indicate how a component may fail/behave which describe the environmental ranges and tolerances, and can indicate how a component may fail/behave
under certain conditions or environments. under certain conditions or environments.
How base components could fail internally, its not of interest to an FMEA investigation. %
How base components could fail internally, is not of interest to an FMEA investigation.
The FMEA investigator needs to know what failure behaviour a component may exhibit, or in other words, its The FMEA investigator needs to know what failure behaviour a component may exhibit, or in other words, its
modes of failure. modes of failure.
@ -86,7 +87,7 @@ component {\fms} suitable for use in FMEA.
A third document, MIL-1991~\cite{mil1991} often used alongside FMD-91, provides overall reliability statistics for A third document, MIL-1991~\cite{mil1991} often used alongside FMD-91, provides overall reliability statistics for
component types but does not detail specific failure modes. component types but does not detail specific failure modes.
Used in conjunction with FMD-91, we can determine statistics for the failure modes Used in conjunction with FMD-91, we can determine statistics for the failure modes
of component types. The FMEDA process from european standard EN61508~\cite{en61508} for instance, of component types. The FMEDA process from European standard EN61508~\cite{en61508} for instance,
requires statistics for Meantime to Failure (MTTF) requires statistics for Meantime to Failure (MTTF)
for all part failure modes. for all part failure modes.
@ -173,8 +174,8 @@ only requires that the failure mode OPEN be considered in FMEA analysis.
% %
For resistor types not specifically listed in EN298, the failure modes For resistor types not specifically listed in EN298, the failure modes
are considered to be either OPEN or SHORT. are considered to be either OPEN or SHORT.
The reason that parameter change is not considered for resistors chosen for an EN298 compliant system; is that they must be must be {\em downrated}, The reason that parameter change is not considered for resistors chosen for an EN298 compliant system, is that they must be must be {\em downrated}.
that is to say the power and voltage ratings of components must be calculated That is to say the power and voltage ratings of components must be calculated
for maximum possible exposure, with a 40\% margin of error. This ensures the resistors will not be overloaded, for maximum possible exposure, with a 40\% margin of error. This ensures the resistors will not be overloaded,
and thus subject to drift/parameter change. and thus subject to drift/parameter change.
@ -238,7 +239,7 @@ We can look at each failure cause in turn, and map it to potential {\fms}.
The symptom for this is given as a low slew rate. This means that the op-amp The symptom for this is given as a low slew rate. This means that the op-amp
will not react quickly to changes on its input terminals. will not react quickly to changes on its input terminals.
This is a failure symptom that may not be of concern in a slow responding system like an This is a failure symptom that may not be of concern in a slow responding system like an
instrumentation amplifier. However, where higher frequencies are being processed instrumentation amplifier. However, where higher frequencies are being processed,
a signal may be lost. a signal may be lost.
We can map this failure cause to a {\fm}, and we can call it $LOW_{slew}$. We can map this failure cause to a {\fm}, and we can call it $LOW_{slew}$.
@ -249,7 +250,7 @@ Here the OP\_AMP has been damaged, and the output may be held HIGH LOW, or may b
We can map this failure cause to three symptoms, $LOW$, $HIGH$, $NOOP$. We can map this failure cause to three symptoms, $LOW$, $HIGH$, $NOOP$.
\paragraph{Shorted $V_+$ to $V_-$} \paragraph{Shorted $V_+$ to $V_-$}
Due to the high intrinsic gain of an op-amp, and the effect of offset currents Due to the high intrinsic gain of an op-amp, and the effect of offset currents,
this will force the output HIGH or LOW. this will force the output HIGH or LOW.
We map this failure cause to $HIGH$ or $LOW$. We map this failure cause to $HIGH$ or $LOW$.
@ -408,7 +409,7 @@ we are not interested in the components themselves, but in the ways in which the
A {\fg} is a collection of components that perform some simple task or function. A {\fg} is a collection of components that perform some simple task or function.
% %
In order to determine how a {\fg} can fail, In order to determine how a {\fg} can fail,
we need to consider all failure modes of its components. we need to consider all the failure modes of all its components.
% %
By analysing the fault behavior of a `{\fg}' with respect to all its components failure modes, By analysing the fault behavior of a `{\fg}' with respect to all its components failure modes,
we can determine its symptoms of failure. we can determine its symptoms of failure.
@ -452,8 +453,9 @@ a {\fg}. Our use of it as a building block corresponds to a {\dc}.
%as parts, parts which may now be combined to create new functional groups, %as parts, parts which may now be combined to create new functional groups,
%but as parts at a higher level of fault abstraction. %but as parts at a higher level of fault abstraction.
\paragraph{Building the Hierarchy.} \paragraph{Building the Hierarchy.}
Applying the same process with {\dcs} we can bring {\dcs} We can now apply the same process of building {\fgs} but with {\dcs} instead of {\bcs}.
together to form functional groups and create new {\dcs} We can bring {\dcs}
together to form functional groups and then create new {\dcs}
at even higher abstraction levels. Eventually we will have a hierarchy at even higher abstraction levels. Eventually we will have a hierarchy
that converges to one top level {\dc}. At this stage we have a complete failure that converges to one top level {\dc}. At this stage we have a complete failure
mode model of the system under investigation. mode model of the system under investigation.
@ -538,8 +540,8 @@ We can now create a {\dc} for the potential divider, $PD$.
$$ fm(PD) = \{ PDLow, PDHigh \}$$ $$ fm(PD) = \{ PDLow, PDHigh \}$$
Let use now consider the op-amp. According to Let us now consider the op-amp. According to
FMD-91~\cite{fmd91}[3-116] an op amp may have the following failure modes: FMD-91~\cite{fmd91}[3-116] an op-amp may have the following failure modes:
latchup(12.5\%), latchdown(6\%), nooperation(31.3\%), lowslewrate(50\%). latchup(12.5\%), latchdown(6\%), nooperation(31.3\%), lowslewrate(50\%).
@ -579,7 +581,7 @@ We can now form a {\fg} with $PD$ and $OPAMP$.
We can collect symptoms from the analysis and create a derived component We can collect symptoms from the analysis and create a derived component
to represent the non-inverting amplifier $NI\_AMP$. to represent the non-inverting amplifier $NI\_AMP$.
We now have can express the failure mode behaviour of this type of amplifier thus: We can now express the failure mode behaviour of this type of amplifier thus:
$$ fm(NIAMP) = \{ {lowpass}, {high}, {low} \}.$$ $$ fm(NIAMP) = \{ {lowpass}, {high}, {low} \}.$$
@ -608,7 +610,7 @@ Both approaches are followed in the next two sub-sections.
\subsection{Inverting OPAMP using a Potential Divider {\dc}} \subsection{Inverting OPAMP using a Potential Divider {\dc}}
We cannot simply re-use the $PD$ from section~\ref{potdivfmmd}---that potential divider would only be valid if the input signal were negative. We cannot simply re-use the $PD$ from section~\ref{potdivfmmd}---that potential divider would only be valid if the input signal were negative.
We want if possible to have detectable errors, HIGH and LOW failures are more observable than a more generic failure modes such as `OUTOFRANGE'. We want if possible to have detectable errors. HIGH and LOW failures are more observable than the more generic failure modes such as `OUTOFRANGE'.
If we can refine the operational states of the functional group, we can obtain clearer If we can refine the operational states of the functional group, we can obtain clearer
symptoms. symptoms.
If we consider the input will only be positive, we can invert the potential divider (see table~\ref{tbl:pdneg}). If we consider the input will only be positive, we can invert the potential divider (see table~\ref{tbl:pdneg}).
@ -629,7 +631,7 @@ If we consider the input will only be positive, we can invert the potential divi
We can form a {\dc} from this, and call it an inverted potential divider $INVPD$. We can form a {\dc} from this, and call it an inverted potential divider $INVPD$.
We can now form a {\fg} from the OPAMP and the $INVPD$ We can now form a {\fg} from the OP-AMP and the $INVPD$
\begin{table}[h+] \begin{table}[h+]
\caption{Inverting Amplifier: Single failure analysis} \caption{Inverting Amplifier: Single failure analysis}
@ -662,7 +664,7 @@ This gives the same results as the analysis from figure~\ref{fig:invampanalysis}
$$ fm(INVAMP) = \{ {lowpass}, {high}, {low} \}.$$ $$ fm(INVAMP) = \{ {lowpass}, {high}, {low} \}.$$
\subsection{Inverting OPAMP analysing with three components in one {\fg}} \subsection{Inverting OP-AMP analysing with three components in one {\fg}}
%We can use this for a more general case, because we can examine the %We can use this for a more general case, because we can examine the
%effects on the circuit for each operational case (i.e. input +ve %effects on the circuit for each operational case (i.e. input +ve
@ -804,7 +806,7 @@ We can now examine IC1 and PD as a functional group.
\subsection{Functional Group: Amplifier first stage} \subsection{Functional Group: Amplifier first stage}
Let use now consider the op-amp. According to Let use now consider the op-amp. According to
FMD-91~\cite{fmd91}[3-116] an op amp may have the following failure modes: FMD-91~\cite{fmd91}[3-116] an op-amp may have the following failure modes:
latchup(12.5\%), latchdown(6\%), nooperation(31.3\%), lowslewrate(50\%). latchup(12.5\%), latchdown(6\%), nooperation(31.3\%), lowslewrate(50\%).
@ -858,7 +860,7 @@ The first amplifier was grounded and received as input `+V1' (presumably
a positive voltage). a positive voltage).
This means the junction of R1 R3 is always +ve. This means the junction of R1 R3 is always +ve.
This means the input voltage `+V2' could be lower than this. This means the input voltage `+V2' could be lower than this.
This means R3 R4 is not a potential divider with R4 being on the positive side. This means R3 R4 is not a potential divider, with R4 being on the positive side.
It could be on either polarity (i.e. the other way around R4 could be the negative side). It could be on either polarity (i.e. the other way around R4 could be the negative side).
Here it is more intuitive to model the resistors not as a potential divider, but individually. Here it is more intuitive to model the resistors not as a potential divider, but individually.
%This means we are either going to %This means we are either going to
@ -922,7 +924,7 @@ two derived components of the type $NI\_AMP$ and $SEC\_AMP$.
\hline \hline
\hline \hline
TC1: $NI\_AMP$ AMPHigh & opamp 2 driven high & & DiffAMPLow \\ TC1: $NI\_AMP$ AMPHigh & opamp 2 driven high & & DiffAMPLow \\
TC2: $NI\_AMP$ AMPLow & opamp 2 fdriven low & & DiffAMPHigh \\ TC2: $NI\_AMP$ AMPLow & opamp 2 driven low & & DiffAMPHigh \\
TC3: $NI\_AMP$ LowPass & opamp 2 driven with lag & & DiffAMP\_LP \\ \hline TC3: $NI\_AMP$ LowPass & opamp 2 driven with lag & & DiffAMP\_LP \\ \hline
TC4: $SEC\_AMP$ AMPHigh & Diff amplifier high & & DiffAMPHigh\\ TC4: $SEC\_AMP$ AMPHigh & Diff amplifier high & & DiffAMPHigh\\
TC5: $SEC\_AMP$ AMPLow & Diff amplifier low & & DiffAMPLow \\ TC5: $SEC\_AMP$ AMPLow & Diff amplifier low & & DiffAMPLow \\
@ -967,7 +969,7 @@ The {\fm} $DiffAMPIncorrect$ may seem like a vague {\fm}---however, this {\fm} i
in fault finding terminology~\cite{garrett}~\cite{mawokinski} this {\fm} is said to be unobservable, and in EN61508 in fault finding terminology~\cite{garrett}~\cite{mawokinski} this {\fm} is said to be unobservable, and in EN61508
terminology is called an undetectable fault. terminology is called an undetectable fault.
Were this failure to have safety implications this FMMD analysis will have revealed Were this failure to have safety implications this FMMD analysis will have revealed
the un-observability and a prompt a re-design of this the un-observability and prompt re-design of this
circuit\footnote{A typical way to solve an un-observability such as this is circuit\footnote{A typical way to solve an un-observability such as this is
to periodically switch test signals in place of the input signal} to periodically switch test signals in place of the input signal}
. .
@ -999,7 +1001,7 @@ Thus we can analyse the first Sallen~Key low pass filter and re-use the results.
\centering \centering
\includegraphics[width=400pt,keepaspectratio=true]{CH5_Examples/blockdiagramcircuit2.png} \includegraphics[width=400pt,keepaspectratio=true]{CH5_Examples/blockdiagramcircuit2.png}
% blockdiagramcircuit2.png: 689x83 pixel, 72dpi, 24.31x2.93 cm, bb=0 0 689 83 % blockdiagramcircuit2.png: 689x83 pixel, 72dpi, 24.31x2.93 cm, bb=0 0 689 83
\caption{Signal Flow though the five pole low pass filter} \caption{Signal Flow through the five pole low pass filter}
\label{fig:blockdiagramcircuit2} \label{fig:blockdiagramcircuit2}
\end{figure} \end{figure}
@ -1010,7 +1012,7 @@ We begin with the first order low pass filter formed by $R10$ and $C10$.
% %
This configuration (or {\fg}) is very commonly This configuration (or {\fg}) is very commonly
used in electronics to remove unwanted high frequencies/interference used in electronics to remove unwanted high frequencies/interference
form a signal; Here it is being used as a first stage of from a signal; Here it is being used as a first stage of
a more sophisticated low pass filter. a more sophisticated low pass filter.
% %
R10 and C10 act as a potential divider, with the crucial difference between a purely resistive potential divider being R10 and C10 act as a potential divider, with the crucial difference between a purely resistive potential divider being
@ -1048,11 +1050,11 @@ called $FirstOrderLP$. Applying the $fm$ function yields $$ fm(FirstOrderLP) = \
\paragraph{Addition of Buffer Amplifier: First stage.} \paragraph{Addition of Buffer Amplifier: First stage.}
The opamp IC1 is being used simply as a buffer. By placing it between the next stages The op-amp IC1 is being used simply as a buffer. By placing it between the next stages
on the signal path we remove the possibility of unwanted signal feedback. on the signal path, we remove the possibility of unwanted signal feedback.
The buffer is one of the simplest op-amp configurations. The buffer is one of the simplest op-amp configurations.
It has no other components, and so we can now form a {\fg} It has no other components, and so we can now form a {\fg}
from the $FirstOrderLP$ and the OPAMP component. from the $FirstOrderLP$ and the OP-AMP component.
\begin{table}[ht] \begin{table}[ht]
\caption{First Stage LP1: Failure Mode Effects Analysis: Single Faults} % title of Table \caption{First Stage LP1: Failure Mode Effects Analysis: Single Faults} % title of Table
@ -1085,7 +1087,7 @@ We can create a derived component for it, lets call it $LP1$.
$$ fm(LP1) = \{ LP1High, LP1Low, LP1filterincorrect, LP1nosignal \} $$ $$ fm(LP1) = \{ LP1High, LP1Low, LP1filterincorrect, LP1nosignal \} $$
In terms terms of the circuit we have modelled the functional groups $FirstOrderLP$, and In terms of the circuit, we have modelled the functional groups $FirstOrderLP$, and
$LP1$. We can represent these on the circuit diagram by drawing contours around the components $LP1$. We can represent these on the circuit diagram by drawing contours around the components
on the schematic as in figure~\ref{fig:circuit2002_LP1}. on the schematic as in figure~\ref{fig:circuit2002_LP1}.
@ -1233,7 +1235,7 @@ $FivePoleLP$ and applying the $fm$ function to it (see table~\ref{tbl:fivepole})
The failure modes for the low pass filters are very similar, and the propogation of the signal The failure modes for the low pass filters are very similar, and the propogation of the signal
is simple (as it is never inverted). The circuit under analysis is -- as shown in the block diagram (see figure~\ref{fig:blockdiagramcircuit2}) -- is simple (as it is never inverted). The circuit under analysis is -- as shown in the block diagram (see figure~\ref{fig:blockdiagramcircuit2}) --
three opamp driven non-inverting low pass filter elements; It is not suprising therefore that they have very similar failure modes. three op-amp driven non-inverting low pass filter elements; It is not suprising therefore that they have very similar failure modes.
From a safety point of view, the failure modes $LOW$, $HIGH$ and $NO\_SIGNAL$ From a safety point of view, the failure modes $LOW$, $HIGH$ and $NO\_SIGNAL$
could be easily detected; the failure symptom $FilterIncorrect$ may be less observable. could be easily detected; the failure symptom $FilterIncorrect$ may be less observable.
@ -1268,7 +1270,7 @@ If we were to analyse this circuit using traditional FMEA (i.e. without modulari
We now create FMMD models and compare the complexity of FMMD and FMEA. We now create FMMD models and compare the complexity of FMMD and FMEA.
We start the FMMD process by determining {\fgs}. We start the FMMD process by determining {\fgs}.
We initially identify three types functional groups, an inverting amplifier (analysed in section~\ref{fig:invamp}), We initially identify three types of functional groups, an inverting amplifier (analysed in section~\ref{fig:invamp}),
a 45 degree phase shifter (a {$10k\Omega$} resistor and a $10nF$ capacitor) and a non-inverting buffer a 45 degree phase shifter (a {$10k\Omega$} resistor and a $10nF$ capacitor) and a non-inverting buffer
amplifier. We can name these $INVAMP$, $PHS45$ and $NIBUFF$ respectively. amplifier. We can name these $INVAMP$, $PHS45$ and $NIBUFF$ respectively.
We can use these {\fgs} to describe the circuit in block diagram form with arrows indicating the signal path, in figure~\ref{fig:bubbablock}. We can use these {\fgs} to describe the circuit in block diagram form with arrows indicating the signal path, in figure~\ref{fig:bubbablock}.
@ -1332,7 +1334,7 @@ We use the failure modes for an op-amp~\cite{fmd91}[p.3-116] to represent this g
% GARK % GARK
$$ fm(NIBUFF) = fm(OPAMP) = \{L\_{up}, L\_{dn}, Noop, L\_slew \} $$ $$ fm(NIBUFF) = fm(OPAMP) = \{L\_{up}, L\_{dn}, Noop, L\_slew \} $$
Because we obtain the failure modes for $NIBUFF$ from the literature Because we obtain the failure modes for $NIBUFF$ from the literature,
its comparison complexity is zero. its comparison complexity is zero.
$$ CC(NIBUFF) = 0 $$ $$ CC(NIBUFF) = 0 $$
%\subsection{Forming a functional group from the PHS45 and NIBUFF.} %\subsection{Forming a functional group from the PHS45 and NIBUFF.}
@ -1748,7 +1750,7 @@ T%he block diagram in figure~\ref{fig
\clearpage \clearpage
\section{PT100 Analysis: Double failures and MTTF statistics} \section{Pt100 Analysis: Double failures and MTTF statistics}
{ {
This section This section
% shows a practical example of % shows a practical example of
@ -1764,14 +1766,14 @@ demonstrates FMMDs ability to model multiple {\fms}, and shows
For this example we look at an industry standard temperature measurement circuit, For this example we look at an industry standard temperature measurement circuit,
the PT100. the Pt100.
The circuit is described and then analysed using the FMMD methodology. The circuit is described and then analysed using the FMMD methodology.
%A derived component, representing this circuit is then presented. %A derived component, representing this circuit is then presented.
The PT100, or platinum wire \ohms{100} sensor is The Pt100, or platinum wire \ohms{100} sensor is
a widely used industrial temperature sensor that is a widely used industrial temperature sensor that is
slowly replacing the use of thermocouples in many slowly replacing the use of thermocouples in many
industrial applications below 600\oc, due to high accuracy\cite{aoe}. industrial applications below 600\oc, due to high accuracy\cite{aoe}.
@ -1792,7 +1794,7 @@ diagrams to assist the reasoning process.
This chapter describes taking This chapter describes taking
the failure modes of the components, analysing the circuit using FMEA the failure modes of the components, analysing the circuit using FMEA
and producing a failure mode model for the circuit as a whole. and producing a failure mode model for the circuit as a whole.
Thus after the analysis the PT100 temperature sensing circuit, may be viewed Thus after the analysis the Pt100 temperature sensing circuit, may be viewed
from an FMEA perspective as a component itself, with a set of known failure modes. from an FMEA perspective as a component itself, with a set of known failure modes.
} }
@ -1805,9 +1807,9 @@ from an FMEA perspective as a component itself, with a set of known failure mode
\end{figure} \end{figure}
\subsection{General Description of PT100 four wire circuit} \subsection{General Description of Pt100 four wire circuit}
The PT100 four wire circuit uses two wires to supply small electrical current, The Pt100 four wire circuit uses two wires to supply a small electrical current,
and returns two sense voltages by the other two. and returns two sense voltages by the other two.
By measuring voltages By measuring voltages
from sections of this circuit forming potential dividers, we can determine the from sections of this circuit forming potential dividers, we can determine the
@ -1836,10 +1838,10 @@ and the higher as {\em sense+}.
\paragraph{Accuracy despite variable resistance in cables} \paragraph{Accuracy despite variable resistance in cables}
For electronic and accuracy reasons a four wire circuit is preferred For electronic and accuracy reasons, a four wire circuit is preferred
because of resistance in the cables. Resistance from the supply because of resistance in the cables. Resistance from the supply
causes a slight voltage causes a slight voltage
drop in the supply to the PT100. As no significant current drop in the supply to the Pt100. As no significant current
is carried by the two `sense' lines, the resistance back to the ADC is carried by the two `sense' lines, the resistance back to the ADC
causes only a negligible voltage drop, and thus the four wire causes only a negligible voltage drop, and thus the four wire
configuration is more accurate\footnote{The increased accuracy is because the voltage measured, is the voltage across configuration is more accurate\footnote{The increased accuracy is because the voltage measured, is the voltage across
@ -1856,7 +1858,7 @@ resistance by Ohms law $V=I.R$, $R=\frac{V}{I}$.
Thus a little loss of supply current due to resistance in the cables Thus a little loss of supply current due to resistance in the cables
does not impinge on accuracy. does not impinge on accuracy.
The resistance to temperature conversion is achieved The resistance to temperature conversion is achieved
through the published PT100 tables\cite{eurothermtables}. through the published Pt100 tables\cite{eurothermtables}.
The standard voltage divider equations (see figure \ref{fig:vd} and The standard voltage divider equations (see figure \ref{fig:vd} and
equation \ref{eqn:vd}) can be used to calculate equation \ref{eqn:vd}) can be used to calculate
expected voltages for failure mode and temperature reading purposes. expected voltages for failure mode and temperature reading purposes.
@ -1893,10 +1895,10 @@ Where this occurs a circuit re-design is probably the only sensible course of ac
\fmodegloss \fmodegloss
\paragraph{Single Fault FMEA Analysis of PT100 Four wire circuit} \paragraph{Single Fault FMEA Analysis of Pt100 Four wire circuit}
\label{fmea} \label{fmea}
The PT100 circuit consists of three resistors, two `current~supply' The PTt00 circuit consists of three resistors, two `current~supply'
wires and two `sensor' wires. wires and two `sensor' wires.
Resistors according to the European Standard EN298:2003~\cite{en298}[App.A] Resistors according to the European Standard EN298:2003~\cite{en298}[App.A]
, are considered to fail by either going OPEN or SHORT circuit\footnote{EN298:2003~\cite{en298} also requires that components are downrated, , are considered to fail by either going OPEN or SHORT circuit\footnote{EN298:2003~\cite{en298} also requires that components are downrated,
@ -1919,7 +1921,7 @@ The range {0\oc} to {300\oc} will be analysed using potential divider equations
determine out of range voltage limits in section \ref{ptbounds}. determine out of range voltage limits in section \ref{ptbounds}.
\begin{table}[ht] \begin{table}[ht]
\caption{PT100 FMEA Single Faults} % title of Table \caption{Pt100 FMEA Single Faults} % title of Table
\centering % used for centering table \centering % used for centering table
\begin{tabular}{||l|c|c|l|l||} \begin{tabular}{||l|c|c|l|l||}
\hline \hline \hline \hline
@ -1973,18 +1975,18 @@ and \ref{pt100temp}.
\paragraph{Range and PT100 Calculations} \paragraph{Range and PT100 Calculations}
\label{pt100temp} \label{pt100temp}
PT100 resistors are designed to Pt100 resistors are designed to
have a resistance of \ohms{100} at {0\oc} \cite{aoe},\cite{eurothermtables}. have a resistance of \ohms{100} at {0\oc} \cite{aoe},\cite{eurothermtables}.
A suitable `wider than to be expected range' was considered to be {0\oc} to {300\oc} A suitable `wider than to be expected range' was considered to be {0\oc} to {300\oc}
for a given application. for a given application.
According to the Eurotherm PT100 According to the Eurotherm Pt100
tables \cite{eurothermtables}, this corresponded to the resistances \ohms{100} tables \cite{eurothermtables}, this corresponded to the resistances \ohms{100}
and \ohms{212.02} respectively. From this the potential divider circuit can be and \ohms{212.02} respectively. From this the potential divider circuit can be
analysed and the maximum and minimum acceptable voltages determined. analysed and the maximum and minimum acceptable voltages determined.
These can be used as bounds results to apply the findings from the These can be used as bounds results to apply the findings from the
PT100 FMEA analysis in section \ref{fmea}. Pt100 FMEA analysis in section \ref{fmea}.
As the PT100 forms a potential divider with the \ohms{2k2} load resistors, As the Pt100 forms a potential divider with the \ohms{2k2} load resistors,
the upper and lower readings can be calculated thus: the upper and lower readings can be calculated thus:
@ -1992,7 +1994,7 @@ $$ highreading = 5V.\frac{2k2+pt100}{2k2+2k2+pt100} $$
$$ lowreading = 5V.\frac{2k2}{2k2+2k2+pt100} $$ $$ lowreading = 5V.\frac{2k2}{2k2+2k2+pt100} $$
So by defining an acceptable measurement/temperature range, So by defining an acceptable measurement/temperature range,
and ensuring the and ensuring the
values are always within these bounds we can be confident that none of the values are always within these bounds, we can be confident that none of the
resistors in this circuit has failed. resistors in this circuit has failed.
To convert these to twelve bit ADC (\adctw) counts: To convert these to twelve bit ADC (\adctw) counts:
@ -2002,11 +2004,11 @@ $$ lowreading = 2^{12}.\frac{2k2}{2k2+2k2+pt100} $$
\begin{table}[ht] \begin{table}[ht]
\caption{PT100 Maximum and Minimum Values} % title of Table \caption{Pt100 Maximum and Minimum Values} % title of Table
\centering % used for centering table \centering % used for centering table
\begin{tabular}{||c|c|c|l|l||} \begin{tabular}{||c|c|c|l|l||}
\hline \hline \hline \hline
\textbf{Temperature} & \textbf{PT100 resistance} & \textbf{Temperature} & \textbf{Pt100 resistance} &
\textbf{Lower} & \textbf{Higher} & \textbf{Description} \\ \textbf{Lower} & \textbf{Higher} & \textbf{Description} \\
\hline \hline
% {-100 \oc} & {\ohms{68.28}} & 2.46V & 2.53V & Boundary of \\ % {-100 \oc} & {\ohms{68.28}} & 2.46V & 2.53V & Boundary of \\
@ -2028,25 +2030,25 @@ will detect it.
\paragraph{Consideration of Resistor Tolerance.} \paragraph{Consideration of Resistor Tolerance.}
% %
The separate sense lines ensure the voltage read over the PT100 thermistor is not The separate sense lines ensure the voltage read over the Pt100 thermistor is not
altered by to having to pass any significant current. The current is supplied altered by to having to pass any significant current. The current is supplied
by separate wires and the resistance in those are effectively cancelled by separate wires and the resistance in those are effectively cancelled
out by considering the voltage reading over $R_3$ to be relative. out by considering the voltage reading over $R_3$ to be relative.
% %
The PT100 element is a precision part and will be chosen for a specified accuracy/tolerance range. The Pt100 element is a precision part and will be chosen for a specified accuracy/tolerance range.
One or other of the load resistors (the one we measure current over) should One or other of the load resistors (the one we measure current over) should
be of a specified accuracy. be of a specified accuracy.
% %
The \ohms{2k2} loading resistors should have a good temperature co-effecient The \ohms{2k2} loading resistors should have a good temperature co-effecient
(i.e. $\leq \; 50(ppm)\Delta R \propto \Delta \oc $). (i.e. $\leq \; 50(ppm)\Delta R \propto \Delta \oc $).
% %
To calculate the resistance of the PT100 element % (and thus derive its temperature), To calculate the resistance of the Pt100 element % (and thus derive its temperature),
knowing $V_{R3}$ we now need the current flowing in the temperature sensor loop. knowing $V_{R3}$ we now need the current flowing in the temperature sensor loop.
% %
Lets use, for the sake of example $R_2$ to measure the current. Lets use, for the sake of example $R_2$ to measure the current.
% %
We can calculate the current $I$, by reading We can calculate the current $I$, by reading
the voltage over the known resistor $R_2$ and using ohms law\footnote{To calculate the resistance of the PT100 we need the current flowing though it. the voltage over the known resistor $R_2$ and using ohms law\footnote{To calculate the resistance of the Pt100 we need the current flowing though it.
We can determine this via ohms law applied to $R_2$, $V=IR$, $I=\frac{V}{R_2}$, We can determine this via ohms law applied to $R_2$, $V=IR$, $I=\frac{V}{R_2}$,
and then using $I$, we can calculate $R_{3} = \frac{V_{3}}{I}$.} and then use ohms law again to calculate and then using $I$, we can calculate $R_{3} = \frac{V_{3}}{I}$.} and then use ohms law again to calculate
the resistance of $R_3$. the resistance of $R_3$.
@ -2073,7 +2075,7 @@ and are thus enclosed by one contour each.
\centering \centering
\includegraphics[width=400pt,bb=0 0 518 365,keepaspectratio=true]{./CH5_Examples/pt100_tc.png} \includegraphics[width=400pt,bb=0 0 518 365,keepaspectratio=true]{./CH5_Examples/pt100_tc.png}
% pt100_tc.jpg: 518x365 pixel, 72dpi, 18.27x12.88 cm, bb=0 0 518 365 % pt100_tc.jpg: 518x365 pixel, 72dpi, 18.27x12.88 cm, bb=0 0 518 365
\caption{PT100 Component Failure Modes} \caption{Pt100 Component Failure Modes}
\label{fig:pt100_tc} \label{fig:pt100_tc}
\end{figure} \end{figure}
} % \ifthenelse {\boolean{pld}} } % \ifthenelse {\boolean{pld}}
@ -2095,12 +2097,12 @@ we would get from the resistor failures to prove that they are
`out of range'. There are six test cases and each will be examined in turn. `out of range'. There are six test cases and each will be examined in turn.
\subparagraph{ TC 1 : Voltages $R_1$ SHORT } \subparagraph{ TC 1 : Voltages $R_1$ SHORT }
With pt100 at 0\oc With Pt100 at 0\oc
$$ highreading = 5V $$ $$ highreading = 5V $$
Since the highreading or sense+ is directly connected to the 5V rail, Since the highreading or sense+ is directly connected to the 5V rail,
both temperature readings will be 5V.. both temperature readings will be 5V..
$$ lowreading = 5V.\frac{2k2}{2k2+100\Omega} = 4.78V$$ $$ lowreading = 5V.\frac{2k2}{2k2+100\Omega} = 4.78V$$
With pt100 at the high end of the temperature range 300\oc. With Pt100 at the high end of the temperature range 300\oc.
$$ highreading = 5V $$ $$ highreading = 5V $$
$$ lowreading = 5V.\frac{2k2}{2k2+212.02\Omega} = 4.56V$$ $$ lowreading = 5V.\frac{2k2}{2k2+212.02\Omega} = 4.56V$$
@ -2116,12 +2118,12 @@ proscribed range in table \ref{ptbounds}.
\paragraph{ TC 3 : Voltages $R_2$ SHORT } \paragraph{ TC 3 : Voltages $R_2$ SHORT }
With pt100 at 0\oc With Pt100 at 0\oc
$$ lowreading = 0V $$ $$ lowreading = 0V $$
Since the lowreading or sense- is directly connected to the 0V rail, Since the lowreading or sense- is directly connected to the 0V rail,
both temperature readings will be 0V. both temperature readings will be 0V.
$$ lowreading = 5V.\frac{100\Omega}{2k2+100\Omega} = 0.218V$$ $$ lowreading = 5V.\frac{100\Omega}{2k2+100\Omega} = 0.218V$$
With pt100 at the high end of the temperature range 300\oc. With Pt100 at the high end of the temperature range 300\oc.
$$ highreading = 5V.\frac{212.02\Omega}{2k2+212.02\Omega} = 0.44V$$ $$ highreading = 5V.\frac{212.02\Omega}{2k2+212.02\Omega} = 0.44V$$
Thus with $R_2$ shorted both readings are outside the Thus with $R_2$ shorted both readings are outside the
@ -2167,7 +2169,8 @@ and ensuring the
values are always within these bounds we can be confident that none of the values are always within these bounds we can be confident that none of the
resistors in this circuit has failed. resistors in this circuit has failed.
\ifthenelse{\boolean{pld}}
{
\begin{figure}[h] \begin{figure}[h]
\centering \centering
\includegraphics[width=400pt,bb=0 0 518 365,keepaspectratio=true]{./CH5_Examples/pt100_tc_sp.png} \includegraphics[width=400pt,bb=0 0 518 365,keepaspectratio=true]{./CH5_Examples/pt100_tc_sp.png}
@ -2175,10 +2178,11 @@ resistors in this circuit has failed.
\caption{PT100 Component Failure Modes} \caption{PT100 Component Failure Modes}
\label{fig:pt100_tc_sp} \label{fig:pt100_tc_sp}
\end{figure} \end{figure}
}
\subsection{Derived Component : The PT100 Circuit} \subsection{Derived Component : The Pt100 Circuit}
The PT100 circuit can now be treated as a component in its own right, and has one failure mode, The Pt100 circuit can now be treated as a component in its own right, and has one failure mode,
{\textbf OUT\_OF\_RANGE}. {\textbf OUT\_OF\_RANGE}.
% %
\ifthenelse{\boolean{pld}} \ifthenelse{\boolean{pld}}
@ -2204,7 +2208,7 @@ It can now be represnted as a PLD see figure \ref{fig:pt100_singlef}.
%\clearpage %\clearpage
\subsection{Mean Time to Failure} \subsection{Mean Time to Failure}
Now that we have a model for the failure mode behaviour of the pt100 circuit Now that we have a model for the failure mode behaviour of the Pt100 circuit
we can look at the statistics associated with each of the failure modes. we can look at the statistics associated with each of the failure modes.
The DOD electronic reliability of components The DOD electronic reliability of components
@ -2272,7 +2276,7 @@ compromises and uses a 90:10 ratio, for resistor failure.
Thus for this example resistors are expected to fail OPEN in 90\% of cases and SHORTED Thus for this example resistors are expected to fail OPEN in 90\% of cases and SHORTED
in the other 10\%. in the other 10\%.
A standard fixed film resistor, for use in a benign environment, non military spec at A standard fixed film resistor, for use in a benign environment, non military spec at
temperatures up to 60\oc is given a probability of 13.8 failures per billion ($10^9$) temperatures up to {60\oc} is given a probability of 13.8 failures per billion ($10^9$)
hours of operation (see equation \ref{eqn:resistor}). hours of operation (see equation \ref{eqn:resistor}).
This figure is referred to as a FIT\footnote{FIT values are measured as the number of This figure is referred to as a FIT\footnote{FIT values are measured as the number of
failures per Billion (${10}^9$) hours of operation, (roughly 114,000 years). The smaller the failures per Billion (${10}^9$) hours of operation, (roughly 114,000 years). The smaller the
@ -2322,7 +2326,7 @@ showing the FIT values for all faults considered.
\begin{table}[h+] \begin{table}[h+]
\caption{PT100 FMEA Single // Fault Statistics} % title of Table \caption{Pt100 FMEA Single // Fault Statistics} % title of Table
\centering % used for centering table \centering % used for centering table
\begin{tabular}{||l|c|c|l|l||} \begin{tabular}{||l|c|c|l|l||}
\hline \hline \hline \hline
@ -2345,14 +2349,14 @@ TC:6 $R_2$ OPEN & High Fault & High Fault & 12.42 \\ \hline
\end{table} \end{table}
The FIT for the circuit as a whole is the sum of MTTF values for all the The FIT for the circuit as a whole is the sum of MTTF values for all the
test cases. The PT100 circuit here has a FIT of 342.6. This is a MTTF of test cases. The Pt100 circuit here has a FIT of 342.6. This is a MTTF of
about 360 years per circuit. about 360 years per circuit.
A probabilistic tree can now be drawn, with a FIT value for the PT100 A probabilistic tree can now be drawn, with a FIT value for the Pt100
circuit and FIT values for all the component fault modes that it was calculated from. circuit and FIT values for all the component fault modes from which it was calculated.
We can see from this that that the most likely fault is the thermistor going OPEN. We can see from this that the most likely fault is the thermistor going OPEN.
This circuit is around 10 times more likely to fail in this way than in any other. This circuit is around 10 times more likely to fail in this way than in any other.
Were we to need a more reliable temperature sensor this would probably Were we to need a more reliable temperature sensor, this would probably
be the fault~mode we would scrutinise first. be the fault~mode we would scrutinise first.
@ -2360,17 +2364,17 @@ be the fault~mode we would scrutinise first.
\centering \centering
\includegraphics[width=400pt,bb=0 0 856 327,keepaspectratio=true]{./CH5_Examples/stat_single.png} \includegraphics[width=400pt,bb=0 0 856 327,keepaspectratio=true]{./CH5_Examples/stat_single.png}
% stat_single.jpg: 856x327 pixel, 72dpi, 30.20x11.54 cm, bb=0 0 856 327 % stat_single.jpg: 856x327 pixel, 72dpi, 30.20x11.54 cm, bb=0 0 856 327
\caption{Probablistic Fault Tree : PT100 Single Faults} \caption{Probablistic Fault Tree : Pt100 Single Faults}
\label{fig:stat_single} \label{fig:stat_single}
\end{figure} \end{figure}
The PT100 analysis presents a simple result for single faults. The Pt100 analysis presents a simple result for single faults.
The next analysis phase looks at how the circuit will behave under double simultaneous failure The next analysis phase looks at how the circuit will behave under double simultaneous failure
conditions. conditions.
%\clearpage %\clearpage
\section{ PT100 Double Simultaneous Fault Analysis} \section{ Pt100 Double Simultaneous Fault Analysis}
In this section we examine the failure mode behaviour for all single In this section we examine the failure mode behaviour for all single
faults and double simultaneous faults. faults and double simultaneous faults.
@ -2386,7 +2390,7 @@ faults and then hypothesises how the functional~group will react
under those conditions. under those conditions.
\begin{table}[ht] \begin{table}[ht]
\caption{PT100 FMEA Double Faults} % title of Table \caption{Pt100 FMEA Double Faults} % title of Table
\centering % used for centering table \centering % used for centering table
\begin{tabular}{||l|l|c|c|l|l||} \begin{tabular}{||l|l|c|c|l|l||}
\hline \hline \hline \hline
@ -2482,7 +2486,7 @@ $$ NoOfTestCasesToCheck = \frac{6!}{1!(6-1)!} + \frac{6!}{2!(6-2)!} - \Big( \fra
$$ NoOfTestCasesToCheck = 6 + 15 - ( 1 + 1 + 1 ) = 18 $$ $$ NoOfTestCasesToCheck = 6 + 15 - ( 1 + 1 + 1 ) = 18 $$
As the test case are all different and are of the correct cardinalities (6 single faults and (15-3) double) As the test case are all different and are of the correct cardinalities (6 single faults and (15-3) double)
we can be confident that we have looked at all `double combinations', of the possible faults we can be confident that we have looked at all `double combinations' of the possible faults
in the pt100 circuit. The next task is to investigate in the pt100 circuit. The next task is to investigate
these test cases in more detail to prove the failure mode hypothesis set out in table \ref{tab:ptfmea2}. these test cases in more detail to prove the failure mode hypothesis set out in table \ref{tab:ptfmea2}.
@ -2494,6 +2498,7 @@ these test cases in more detail to prove the failure mode hypothesis set out in
This double fault mode produces an interesting symptom. This double fault mode produces an interesting symptom.
Both sense lines are floating. Both sense lines are floating.
We cannot know what the {\adctw} readings on them will be. We cannot know what the {\adctw} readings on them will be.
%
In practise these would probably float to low values In practise these would probably float to low values
but for the purpose of a safety critical analysis but for the purpose of a safety critical analysis
all we can say is the values are `floating' and `unknown'. all we can say is the values are `floating' and `unknown'.
@ -2514,9 +2519,9 @@ Sense+ will be tied to Vcc and will thus be out of range.
\paragraph{ TC 10 : Voltages $R_1$ OPEN $R_3$ SHORT } \paragraph{ TC 10 : Voltages $R_1$ OPEN $R_3$ SHORT }
This shorts ground to the This shorts ground to
both of the sense lines. both of the sense lines.
Both values thuis out of range. Both values will be out of range.
\paragraph{ TC 11 : Voltages $R_1$ SHORT $R_2$ OPEN } \paragraph{ TC 11 : Voltages $R_1$ SHORT $R_2$ OPEN }
@ -2581,7 +2586,7 @@ Thus $TC\_18$ will be enclosed by the $R2\_SHORT$ contour and the $R3\_SHORT$ co
\centering \centering
\includegraphics[width=450pt,bb=0 0 730 641,keepaspectratio=true]{./CH5_Examples/plddouble.png} \includegraphics[width=450pt,bb=0 0 730 641,keepaspectratio=true]{./CH5_Examples/plddouble.png}
% plddouble.jpg: 730x641 pixel, 72dpi, 25.75x22.61 cm, bb=0 0 730 641 % plddouble.jpg: 730x641 pixel, 72dpi, 25.75x22.61 cm, bb=0 0 730 641
\caption{PT100 Double Simultaneous Faults} \caption{Pt100 Double Simultaneous Faults}
\label{fig:plddouble} \label{fig:plddouble}
\end{figure} \end{figure}
@ -2607,14 +2612,14 @@ As a symptom $TC\_7$ could be described as $FLOATING$.
\ifthenelse{\boolean{pld}} \ifthenelse{\boolean{pld}}
{ {
We can thus draw a PLD diagram representing the We can thus draw a PLD diagram representing the
failure modes of this functional~group, the pt100 circuit from the perspective of double simultaneous failures, failure modes of this functional~group, the Pt100 circuit from the perspective of double simultaneous failures,
in figure \ref{fig:pt100_doublef}. in figure \ref{fig:pt100_doublef}.
\begin{figure}[h] \begin{figure}[h]
\centering \centering
\includegraphics[width=450pt,bb=0 0 730 641,keepaspectratio=true]{./CH5_Examples/plddoublesymptom.png} \includegraphics[width=450pt,bb=0 0 730 641,keepaspectratio=true]{./CH5_Examples/plddoublesymptom.png}
% plddouble.jpg: 730x641 pixel, 72dpi, 25.75x22.61 cm, bb=0 0 730 641 % plddouble.jpg: 730x641 pixel, 72dpi, 25.75x22.61 cm, bb=0 0 730 641
\caption{PT100 Double Simultaneous Faults} \caption{Pt100 Double Simultaneous Faults}
\label{fig:plddoublesymptom} \label{fig:plddoublesymptom}
\end{figure} \end{figure}
} %% \ifthenelse {\boolean{pld}} } %% \ifthenelse {\boolean{pld}}
@ -2622,8 +2627,8 @@ in figure \ref{fig:pt100_doublef}.
} }
%\clearpage %\clearpage
\subsection{Derived Component : The PT100 Circuit} \subsection{Derived Component : The Pt100 Circuit}
The PT100 circuit again, can now be treated as a component in its own right, and has two failure modes, The Pt100 circuit again, can now be treated as a component in its own right, and has two failure modes,
{\textbf{OUT\_OF\_RANGE}} and {\textbf{FLOATING}}. {\textbf{OUT\_OF\_RANGE}} and {\textbf{FLOATING}}.
\ifthenelse{\boolean{pld}} \ifthenelse{\boolean{pld}}
@ -2633,7 +2638,7 @@ It can now be represented as a PLD see figure \ref{fig:pt100_doublef}.
\centering \centering
\includegraphics[width=100pt,bb=0 0 167 194,keepaspectratio=true]{./CH5_Examples/pt100_doublef.png} \includegraphics[width=100pt,bb=0 0 167 194,keepaspectratio=true]{./CH5_Examples/pt100_doublef.png}
% pt100_singlef.jpg: 167x194 pixel, 72dpi, 5.89x6.84 cm, bb=0 0 167 194 % pt100_singlef.jpg: 167x194 pixel, 72dpi, 5.89x6.84 cm, bb=0 0 167 194
\caption{PT100 Circuit Failure Modes : From Double Faults Analysis} \caption{Pt100 Circuit Failure Modes : From Double Faults Analysis}
\label{fig:pt100_doublef} \label{fig:pt100_doublef}
\end{figure} \end{figure}
} % \ifthenelse {\boolean{pld}} } % \ifthenelse {\boolean{pld}}