diff --git a/submission_thesis/CH5_Examples/bubba_euler_1.dia b/submission_thesis/CH5_Examples/bubba_euler_1.dia index 92ca9ae..f3c14b1 100644 Binary files a/submission_thesis/CH5_Examples/bubba_euler_1.dia and b/submission_thesis/CH5_Examples/bubba_euler_1.dia differ diff --git a/submission_thesis/CH5_Examples/copy.tex b/submission_thesis/CH5_Examples/copy.tex index 8e76434..4756789 100644 --- a/submission_thesis/CH5_Examples/copy.tex +++ b/submission_thesis/CH5_Examples/copy.tex @@ -20,7 +20,7 @@ hybrids. %using an op-amp and two resistors; this demonstrates re-use of a potential divider {\dc} from section~\ref{subsec:potdiv}. This amplifier is analysed twice, using different compositions of {\fgs}. -The two approaches, i.e. choice of membership for {\fgs}, are then discussed. +The two approaches, i.e. effects of choice of membership for {\fgs} are then discussed. % \item Section~\ref{sec:diffamp} analyses a circuit where two op-amps are used to create a differencing amplifier. @@ -31,7 +31,7 @@ not in the second. % \item Section~\ref{sec:fivepolelp} analyses a Sallen-Key based five pole low pass filter. It demonstrates re-use of the first Sallen-Key analysis, %encountered as a {\dc} -increasing test efficiency. This example also serves to show a deep hierarchy of {\dcs}. +increasing test efficiency. This example also serves to show a deeper hierarchy of {\dcs}. % \item Section~\ref{sec:bubba} shows FMMD applied to a loop topology---using a `Bubba' oscillator---demonstrating how FMMD differs from fault diagnosis techniques. @@ -266,7 +266,7 @@ and analyse it as such; see table~\ref{tbl:pdneg}. % We assume a valid range for the output value of this circuit. Thus negative or low voltages can be considered as LOW -and voltages higher than this range considered as HIGH. +and voltages higher than a given threshold considered as HIGH. % \begin{table}[h+] \caption{Inverted Potential divider: Single failure analysis} @@ -461,7 +461,8 @@ We can now express the failure modes for the {\dc} $INVAMP$ thus; $$ fm(INVAMP) = \{ HIGH, LOW, LOW PASS \} .$$ We can draw a DAG representing the failure mode behaviour of this amplifier (see figure~\ref{fig:invdag1}). Note that this allows us -to traverse from system level, or top failure modes to base component failure modes. +to trace failure symptoms back to causes, i.e. +to traverse from system level or top failure modes to base component failure modes. %%%%% 12DEC 2012 UP to here in notes from AF email. % \clearpage @@ -913,7 +914,7 @@ This FMMD analysis also revealed an undetectable failure mode, $DiffAMPIncorrec \begin{figure}[h] \centering - \includegraphics[width=200pt]{CH5_Examples/circuit2002.png} + \includegraphics[width=300pt]{CH5_Examples/circuit2002.png} % circuit2002.png: 575x331 pixel, 72dpi, 20.28x11.68 cm, bb=0 0 575 331 \caption{Five Pole Low Pass Filter, using two Sallen~Key stages and three op-amps. An example of FMMD applied to a multi-stage but linear signal path topology. } @@ -1038,9 +1039,10 @@ on the schematic as in figure~\ref{fig:circuit2002_LP1}. \begin{figure}[h] \centering - \includegraphics[width=200pt,keepaspectratio=true]{CH5_Examples/circuit2002_LP1.png} + \includegraphics[width=300pt,keepaspectratio=true]{CH5_Examples/circuit2002_LP1.png} % circuit2002_LP1.png: 575x331 pixel, 72dpi, 20.28x11.68 cm, bb=0 0 575 331 - \caption{Circuit showing {\fgs} modelled so far.} + \caption{Five Pole Sallen Key Filter: Circuit showing the first two {\fgs} modelled. + Shown as an Euler diagram super-imposed onto the electrical schematic.} % so far.} \label{fig:circuit2002_LP1} \end{figure} @@ -1107,21 +1109,21 @@ As the signal has to pass through each block/stage in order to be `five~pole' filtered, we need to bring these three blocks together into a {\fg} in order to get a failure mode model for the whole circuit. We can index the Sallen Key stages, and these are marked on the circuit schematic in figure~\ref{fig:circuit2002_FIVEPOLE}. - +% \begin{figure}[h]+ \centering - \includegraphics[width=200pt]{CH5_Examples/circuit2002_FIVEPOLE.png} + \includegraphics[width=300pt]{CH5_Examples/circuit2002_FIVEPOLE.png} % circuit2002_FIVEPOLE.png: 575x331 pixel, 72dpi, 20.28x11.68 cm, bb=0 0 575 331 - \caption{Functional Groupings in Five Pole Low Pass Filter: shown as an Euler diagram super-imposed onto the electrical schematic.} + \caption{Functional Groupings in Five Pole Low Pass Filter. Shown as an Euler diagram super-imposed onto the electrical schematic.} \label{fig:circuit2002_FIVEPOLE} \end{figure} - +% \pagebreak[4] - +% So our final {\fg} will consist of the derived components $\{ LP1, SKLP_1, SKLP_2 \}$. We represent the desired FMMD hierarchy in figure~\ref{fig:circuit2h}. - - +% +% % HTR 20OCT2012 \begin{figure}[h]+ % HTR 20OCT2012 \centering % HTR 20OCT2012 \includegraphics[width=300pt]{CH5_Examples/circuit2h.png} @@ -1137,18 +1139,18 @@ We represent the desired FMMD hierarchy in figure~\ref{fig:circuit2h}. is an abstract version of figure~\ref{fig:circuit2002_FIVEPOLE}}. \label{fig:circuit2h} \end{figure} - +% %\pagebreak[4] - - - - - - - +% +% +% +% +% +% +% %$$ fm ( SKLP ) = \{ SKLPHigh, SKLPLow, SKLPIncorrect, SKLPnosignal \} $$ %$$ fm(LP1) = \{ LP1High, LP1Low, LP1ExtraLowPass, LP1NoLowPass \} $$ - +% \begin{table}[ht]+ \caption{Five Pole Low Pass Filter: Failure Mode Effects Analysis($FivePoleLP$): Single Faults} % title of Table \centering % used for centering table @@ -1185,43 +1187,39 @@ We represent the desired FMMD hierarchy in figure~\ref{fig:circuit2h}. \end{tabular} \label{tbl:fivepole} \end{table} - +% We now can create a {\dc} to represent the circuit in figure~\ref{fig:circuit2}, we call this $FivePoleLP$: applying the $fm$ function (see table~\ref{tbl:fivepole}) yields $$fm(FivePoleLP) = \{ HIGH, LOW, FilterIncorrect, NO\_SIGNAL \}.$$ - - +% +% %\pagebreak[4] - +% The failure modes for the low pass filters are very similar, and the propagation of the signal is simple (as it is never inverted). The circuit under analysis is -- as shown in the block diagram (see figure~\ref{fig:blockdiagramcircuit2}) -- three op-amp driven non-inverting low pass filter elements. It is not surprising therefore that they have very similar failure modes. From a safety point of view, the failure modes $LOW$, $HIGH$ and $NO\_SIGNAL$ -could be easily detected; the failure symptom $FilterIncorrect$ may be less observable. - +could be easily detected; the failure symptom $FilterIncorrect$ may be less detectable. +% \subsection{Conclusion} This example shows the analysis of a linear signal path circuit with three easily identifiable {\fgs} and re-use of the Sallen-Key {\dc}. - - - - - - - - - +% +% +% +% +% \clearpage % % BUBBAOSC % - +% \section{Quad Op-Amp Oscillator} \label{sec:bubba} - +% \begin{figure}[h] \centering - \includegraphics[width=200pt]{CH5_Examples/circuit3003.png} + \includegraphics[width=300pt]{CH5_Examples/circuit3003.png} % circuit3003.png: 503x326 pixel, 72dpi, 17.74x11.50 cm, bb=0 0 503 326 \caption{Circuit diagram for the Quad Op-Amp `Bubba' Oscillator} \label{fig:circuit3} @@ -1325,10 +1323,11 @@ Initially we use the first identified {\fgs} to create our model without further \subsection{FMMD Analysis using initially identified {\fgs}} \label{sec:bubba1} -Our {\fg} for this analysis can be expressed thus: +By indexing the re-used {\dcs} +the {\fg} for this analysis can be expressed thus: % %$$ G^1_0 = \{ PHS45^1_1, NIBUFF^0_1, PHS45^1_2, NIBUFF^0_2, PHS45^1_3, NIBUFF^0_3 PHS45^1_4, INVAMP^1_0 \} ,$$ -$$ G = \{ PHS45, NIBUFF, PHS45, NIBUFF, PHS45, NIBUFF PHS45, INVAMP \} ,$$ +$$ G = \{ PHS45_1, NIBUFF_1, PHS45_2, NIBUFF_2, PHS45_3, NIBUFF_3, PHS45_4, INVAMP \} ,$$ or in Euler diagram format as in figure~\ref{fig:bubbaeuler1}. % HTR 23SEP2012 \begin{figure}[h+] % HTR 23SEP2012 \centering @@ -1566,7 +1565,7 @@ The following example is used to demonstrate FMMD analysis of a mixed analogue a % \begin{figure}[h] \centering - \includegraphics[width=300pt,keepaspectratio=true]{./CH5_Examples/sigma_delta_block.png} + \includegraphics[width=350pt,keepaspectratio=true]{./CH5_Examples/sigma_delta_block.png} % sigma_delta_block.png: 828x367 pixel, 72dpi, 29.21x12.95 cm, bb=0 0 828 367 \caption{Electrical signal path Block diagram: \sd} % Analogue to Digital Converter } \label{fig:sigmadeltablock} @@ -1643,12 +1642,12 @@ The feedback voltage for the ADC is supplied via $R1$, we term this voltage as $ %The input voltage is supplied via $R2$ and we term this voltage as $V_{in}$. $R2$ and $R1$ form a summing junction to IC1: they balance the integrator provided by the capacitor C1 and the opamp IC1. -This can be our first {\fg} and we analyse it in table~\ref{detail:SUMJINT}%{tbl:sumjint}. +This can be our first {\fg} and we analyse it in table~\ref{detail:SUMJINT}: %{tbl:sumjint}. %For the symptoms, we have to think in terms of the effect %on its performance as a summing junction and not be %distracted by the integrator formed by $C_1$ and $IC1$. % -$$FG = \{R1, R2, IC1, C1 \}$$ +$$FG = \{R1, R2, IC1, C1 \} .$$ That is, the failure modes (see FMMD analysis at~\ref{detail:SUMJINT}) of our new {\dc} $SUMJINT$ are $$\{ V_{in} DOM, V_{fb} DOM, NO\_INTEGRATION, HIGH, LOW \} .$$ @@ -1662,20 +1661,24 @@ This presents a high impedance to the circuit driving it. This prevents electrical loading, and thus interference with, the SUMJINT stage. This is simply an op-amp with the input connected to the +ve input and the -ve input grounded. -It therefore has the failure modes of an Op-amp. - +%% \end{table} +% +% +This is an OpAmp in a signal buffer configuration +and therefore simply has the failure modes of an Op-amp. +% % % \end{tabular} -% \end{table} -This is an OpAmp in a signal buffer configuration. +% +% As it is performing one particular function we may consider it as a derived component, that of a High Impedance Signal Buffer (HISB). This is analysed using FMMD in section~\ref{detail:HISB}. % -We create the {\dc} $HISB$ and its failure modes may be stated as $$fm(HISB) = \{HIGH, LOW, NOOP, LOW_{SLEW} \}.$$ +We create the {\dc} $HISB$ and its failure modes may be stated as: $$fm(HISB) = \{HIGH, LOW, NOOP, LOW_{SLEW} \}.$$ \subsubsection{Digital level to analogue level conversion ($DL2AL$).} -The integrator is implemented in digital electronics, but the output from the D type flip flop is a digital signal. +The integrator is implemented in analogue electronics, but the output from the D type flip flop is a digital signal. A conversion stage is required to interface these stages. Digital level to analogue level conversion is performed by IC3 in conjunction with a potential divider formed by R3,R4. The potential divider provides a mid rail reference voltage @@ -1714,27 +1717,27 @@ $$ fm (DL2AL) = \{ LOW, HIGH, LOW\_{SLEW} \} $$ The digital element of the {\sd}, is a `one~bit~memory', or D type flip flop. This buffers the feedback result and provides the output bit stream. -We create a {\fg} from the CLOCK and IC4 to model this digital buffer. - -$$FG = \{ IC4, CLOCK \}$$ - - +We create a {\fg} from the CLOCK and IC4 to model this digital buffer, +% +$$FG = \{ IC4, CLOCK \} . $$ +% +% %% DIGBUF --- Digital Buffer - +% We now analyse this {\fg} (see section~\ref{detail:DIGBUF}). %in table~\ref{tbl:digbuf}. - - -We can now derive a new component to represent the digital buffer and call it $DIGBUF$. - - -$$ fm (DIGBUF) = \{ LOW, STOPPED \} $$ - - +% +% +We can now derive a new component to represent the digital buffer and call it $DIGBUF$, . +% +% +$$ fm (DIGBUF) = \{ LOW, STOPPED \} . $$ +% +% %%% END DIGBUF - +% \subsection{First {\fgs} analysed} - +% We have analysed the initial {\fgs} and have created our first {\dcs}. %and can now take stock of the situation %and see what is now required. @@ -1752,11 +1755,11 @@ These {\dcs} follow the signal path shown in figure~\ref{fig:sigmadeltablock}. We now use these {\dcs} to create higher level {\fgs}. %to represent the failure mode %behaviour of the $\Sigma \Delta ADC$. -We represent this -in the Euler diagram in figure~\ref{fig:eulersd}. -The next stage is to create {\fgs} from these initial {\dcs} -and make a complete failure mode for the {\sd}. - +We represent these in the Euler diagram in figure~\ref{fig:eulersd}. +% +They are later used to create {\fgs} to %from these initial {\dcs} +make a complete failure mode for the {\sd}. +% \begin{figure}[h] \centering \includegraphics[width=400pt]{./CH5_Examples/eulersd.png} @@ -1764,7 +1767,7 @@ and make a complete failure mode for the {\sd}. \caption{Euler diagram showing the initial {\dcs} used to model the $\Sigma \Delta ADC$} \label{fig:eulersd} \end{figure} - +% % % \begin{figure}[h+] % \centering @@ -1773,14 +1776,14 @@ and make a complete failure mode for the {\sd}. % \caption{First stage of FMMD analysis: Sigma delta Converter} % \label{fig:sigdel1} % \end{figure} - - +% +% %\clearpage - - - +% +% +% \subsubsection{Buffered Integrating Summing Junction (BISJ): {\fg} of $HISB$ and $SUMJINT$} - +% We now form a {\fg} with the two derived components $HISB$ and $SUMJINT$. This forms a buffered integrating summing junction. We analyse this using FMMD (see section~\ref{detail:BISJ}). @@ -1792,31 +1795,28 @@ Using the $fm$ function we define the failure modes of our derived component BISJ thus: % $$ fm(BISJ) = \{ OUTPUT STUCK , REDUCED\_INTEGRATION \} . $$ - - - - - - - - +% +% +% +% +% \subsubsection{Flip Flop Buffer (FFB): {\fg} of $DL2AL$ and $DIGBUF$} - +% %$$ fm (DL2AL^2) = \{ LOW, HIGH, LOW\_SLEW \} $$ %$$ fm ( CD4013B) = \{ HIGH, LOW, NOOP \} $$ - +% The {\fg} formed by $DIGBUF$ and $DL2AL$ takes the flip flop clocked and buffered value, and outputs it at analogue voltage levels for the summing junction. - +% $ FG = \{ DIGBUF, DL2AL \} $ - +% We analyse the buffered flip flop circuitry (see table~\ref{detail:FFB}) and create a {\dc} $FFB$, -where $$fm (FFB) = \{OUTPUT STUCK, LOW\_SLEW\}$$. +where $$fm (FFB) = \{OUTPUT STUCK, LOW\_SLEW\} .$$ %\clearpage \subsection{Final, top level {\fg} for sigma delta Converter} - - +% +% We now have two {\dcs}, $FFB$ and $BISJ$. These together represent all base components within this circuit. We form a final {\fg} with these: @@ -1827,10 +1827,10 @@ We analyse the buffered {\sd} circuit using FMMD (see section~\ref{detail:SDADC} % FFB^3 $\{OUTPUT STUCK, LOW\_SLEW\}$ % BISJ^2 $\{ OUTPUT STUCK , REDUCED\_INTEGRATION \}$ % -We now have a {\dc} $SDADC$ which provides a failure mode model for the \sd. -$$fm(SSDADC) = \{OUTPUT\_OUT\_OF\_RANGE, OUTPUT\_INCORRECT\}$$ +We now have a {\dc} $SDADC$ which provides a failure mode model for the \sd: +$$fm(SSDADC) = \{OUTPUT\_OUT\_OF\_RANGE, OUTPUT\_INCORRECT\} . $$ We now show the final {\dc} hierarchy in figure~\ref{fig:eulersdfinal}. - +% \begin{figure}[h] \centering \includegraphics[width=400pt]{./CH5_Examples/eulersdfinal.png} @@ -1845,7 +1845,7 @@ We now show the final {\dc} hierarchy in figure~\ref{fig:eulersdfinal}. % \caption{FMMD Analysis hierarchy for the {\sd}} % \label{fig:sdadc} % \end{figure} - +% %\clearpage % ] % into @@ -1866,9 +1866,11 @@ We now show the final {\dc} hierarchy in figure~\ref{fig:eulersdfinal}. % and IC3. % The output from this is sent to the summing integrator as the signal summed with the input. \subsection{Conclusion} -The {\sd} example, shows that FMMD can be applied to mixed digital and analogue circuitry. - - +The {\sd} example, shows that FMMD can be applied to mixed digital and analogue circuitry: +which means the analogue/digital interface is also achieved. This +leads onto interfacing to software and digital~systems in the next chapter. +% +% %\clearpage \section{Pt100 Analysis: FMMD and Double Failure Mode Analysis} \label{sec:Pt100} @@ -1897,7 +1899,7 @@ Applying FMMD lets us look at this circuit in a fresh light. We analyse this for both single and double failures, in addition it demonstrates FMMD coping with component parameter tolerances. % -The circuit is described traditionally and then analysed using the FMMD methodology. +The circuit is described from a conventional safety perspective and then analysed using the FMMD methodology. %A derived component, representing this circuit is then presented. @@ -2017,24 +2019,32 @@ expected voltages for failure mode and temperature reading purposes. V_{out} = V_{in}.\frac{Z2}{Z2+Z1} \end{equation} -\subsection{Safety case for 4 wire circuit} - -This sub-section looks at the behaviour of the $Pt100$ four wire circuit -for the effects of component failures. -All components have a set of known `failure modes'. -In other words we know that a given component can fail in several distinct ways. -Studies have been published which list common component types -and their sets of failure modes~\cite{fmd91}, often with MTTF statistics~\cite{mil1991}. -Thus for each component, an analysis is made for each of its failure modes, -with respect to its effect on the -circuit. Each one of these scenarios is termed a `test case'. -The resultant circuit behaviour for each of these test cases is noted. -The worst case for this type of -analysis would be a fault that we cannot detect. -Where this occurs a circuit re-design is probably the only sensible course of action. - +\subsection{Safety case for 4 wire circuit: Detailed calculations} +% +The following analysis of the Pt100 circuit +firstly presents an FMEA analysis which is then supported by +detail and calculations of the type that would be submitted to an approval agency. +% +Detailed potential divider calculations and the effect of component tolerances +are factored for each test case in the FMEA table~\ref{sec:singlePt100FMEA}. +The next section~\ref{sec:Pt100d}, extends this analysis for double failure scenarios. +%{sec:Pt100d} +% This sub-section looks at the behaviour of the $Pt100$ four wire circuit +% for the effects of component failures. +% All components have a set of known `failure modes'. +% In other words we know that a given component can fail in several distinct ways. +% Studies have been published which list common component types +% and their sets of failure modes~\cite{fmd91}, often with MTTF statistics~\cite{mil1991}. +% Thus for each component, an analysis is made for each of its failure modes, +% with respect to its effect on the +% circuit. Each one of these scenarios is termed a `test case'. +% The resultant circuit behaviour for each of these test cases is noted. +% The worst case for this type of +% analysis would be a fault that we cannot detect. +% Where this occurs a circuit re-design is probably the only sensible course of action. +% \fmodegloss - +% \paragraph{Single Fault FMEA Analysis of $Pt100$ Four wire circuit.} \label{sec:singlePt100FMEA} %\label{fmea}