robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

started on intro

Browse Source
This commit is contained in:
Robin Clark 2012-12-22 14:29:09 +00:00
parent f553e20864
commit ce5543b206
2 changed files with 47 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
mybib.bib
View File

@ -72,11 +72,18 @@ ISSN={Doi:10.1145/2330667.2330683},}
@BOOK{scsh, @BOOK{scsh,
AUTHOR = "D. Smith", AUTHOR = "D. Smith",
TITLE = "Safety Critical Stystems Handbook, 3rd Ed. ISBN 978-0-08-096781-3", TITLE = "Safety Critical Systems Handbook, 3rd Ed. ISBN 978-0-08-096781-3",
PUBLISHER = "Butterworth HeinemannH", PUBLISHER = "Butterworth HeinemannH",
YEAR = "2011" YEAR = "2011"
} }
@BOOK{fpodsadsp,
AUTHOR = "Robert D Strum and Donald E. Kirk",
TITLE = "First Principles of discrete Systems and Digital Signal Processing ISBN 0-201-09518-1",
PUBLISHER = "Addison-Wesley",
YEAR = "1988"
}
@ARTICLE{embedsfmea, @ARTICLE{embedsfmea,
AUTHOR = "Peter L. Goddard", AUTHOR = "Peter L. Goddard",
TITLE = "Validating The Safety of Embedded Real-Time Control Systems using FMEA", TITLE = "Validating The Safety of Embedded Real-Time Control Systems using FMEA",

40
submission_thesis/CH1_introduction/copy.tex
View File

@ -30,9 +30,47 @@ firstly looking at electronic circuits and then at electronic/software hybrid sy
} }
\section{Introduction} \section{Introduction}
The motivation for this study came form two sources, one academic and the other
practical. I had recently completed an
Msc and my project was to create an Euler/Spider Diagram editor in Java.
This editor allowed the user to draw Euler/Spider diagrams, and could then
represent these as abstract---or mathematical---definitions.
At work, writing embedded `C' and assembly language code for safety critical
industrial burners, we were faced with a new and daunting requirement.
Conformance to the latest European standard, EN298. It appeared to ask for the impossible,
not only did it require the usual safety measures (self checking of ROM and RAM, watchdog processors with separate clock sources, EMC
triple fail safe control of valves), it had one new clause in it, that had far reaching consequences.
It stated that in the event of a failure, where the controller had gone into a `lockout~state'--- a state where the controller
applies all possible safety measures to stop fuel entering the burner---it could not become dangerous should another fault occur.
In short this meant we had to be able to deal with double failures.
Any of the components that could, in failing create a dangerous state, were already
documented and approved using failure mode effects analysis (FMEA). This new requirement
effectively meant that any all combinations of component failures were
now required to be analysed. This, from a state explosion problem alone,
meant that it was going to be virtually impossible to perform.
%
Following the concept of de-composing a problem, and thus simplifying the state explosion---using the thinking behind
the fast Fourier transform (FFT)~\cite{fpodsadsp}[Ch.8], which takes a complex intermeshed series of real and imaginary number calculations
and by de-composing them simplifies the problem.
My reasoning was that were I to analyse the problem in small modules, from the bottom-up following the FFT example, I could apply
checking for all double failure scenarios.
Once these first modules were analysed, I now call them {\fgs}, I could determine the symptoms of failure for them
Using the symptoms of failure, I could now treat these modules as components, now called {\dcs}, and use them to build higher level
modules. I could apply double simultaneous failure mode checking, because the number of components
in each module/{\fg} was quite small---thus avoiding state explosion problems, but I could apply
double checking all the way up the hierarchy. In fact this meant, as a by-product that many multiple as well as double
failures would be analysed.
Msc project Euler/Spider Diagram editor --- Euler/Spider Diagrams
Euler/Spider Diagrams
could be used to model failure modes in components. could be used to model failure modes in components.
Contours could represent failure modes, and the spider diagram
`existential~points' instances of failure modes.
By drawing a spider collecting existential points, a common failure symptom could
be determined and from this a new diagram generated automatically, to represent the {\dc}.
Each spider represented a derived failure mode.
These concepts were presented at the ``Euler~2004''~\cite{Clark200519} conference at Brighton University.
--- 2005 paper --- need for static analysis because of --- 2005 paper --- need for static analysis because of
high reliability of modern safety critical systems. high reliability of modern safety critical systems.