robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Working through very carefully......

Browse Source
This commit is contained in:
Robin P. Clark 2012-09-05 08:11:13 +01:00
parent f8a7225623
commit e2eb19a8fc
1 changed files with 50 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

145
submission_thesis/CH4_FMMD/copy.tex
View File

@ -54,100 +54,53 @@
This chapter This chapter
starts with %starts with %an overview of current failure modelling techniques, and then starts with %starts with %an overview of current failure modelling techniques, and then
a worked example to introduce % using a worked example to introduce % using
the new methodology, a new methodology,
Failure Mode Modular De-composition (FMMD). Failure Mode Modular De-composition (FMMD).
This is followed by a discussion on the design of the FMMD methodology and then a This is followed by a discussion on the design of FMMD and then a
%an ontological %an ontological
description using UML class models. description and re-factoring process using UML class models.
% This chapter defines the FMMD process and related concepts and calculations. % This chapter defines the FMMD process and related concepts and calculations.
FMMD is in essence modularised FMEA. Rather than taking each component failure mode FMMD is in essence a modularised variant of traditional FMEA~\cite{sccs}[pp.34-38].
%
Rather than taking each component failure mode
and extrapolating top level or system failure symptoms from it, and extrapolating top level or system failure symptoms from it,
small groups of components are collected into {\fgs} and analysed. small groups of components are collected into {\fgs} and analysed.
%and then {\dcs} are used to represent the {\fgs}. %and then {\dcs} are used to represent the {\fgs}.
We analyse the {\fgs} in order to determine its the failure mode behaviour. We analyse each {\fg} in order to determine its failure mode behaviour.
%of the {\fg}. %of the {\fg}.
With the failure mode behaviour we can obtain a set of failure modes With the failure mode behaviour we can obtain a set of failure modes
for the {\fg}. We can then create a new theoretical component to represent the {\fg}. for the {\fg}.
%
Or in other words we determine how the {\fg}, as an entity can fail.
%
We can then create a new theoretical component to represent the {\fg}.
%
We call this a {\dc}. We call this a {\dc}.
This {\dc} may be used as though it were a component, and has a set of failure modes. %
We then use {\dcs} to then build further {\fgs} until a hierarchy of {\fgs} This {\dc} has a set of failure modes: we can thus treat it as a `higher~level' component.
%
Because a {\dc} has a set of failure modes we can use it in higher level {\fgs}
which in turn produce higher level {\dcs}.
%
We can then use {\dcs} to then build further {\fgs} until a hierarchy of {\fgs}
and {\dcs} has been built, converging to a final {\dc} and {\dcs} has been built, converging to a final {\dc}
at the top of the hierarchy. The final {\dcs} failure modes at the top of the hierarchy.
%
The failure modes of the final or top {\dc}
are the failure modes of the system under investigation. are the failure modes of the system under investigation.
% %
Or in other words we take the traditional FMEA~\cite{sccs}[pp.34-38] process, and modularise it from the bottom-up. Or in other words we take the traditional FMEA process, and modularise it from the bottom-up.
%We break down each stage of reasoning %We break down each stage of reasoning
%into small manageable groups, and use the failure mode behaviour from them to create {\dcs} %into small manageable groups, and use the failure mode behaviour from them to create {\dcs}
%to build higher level groups. %to build higher level groups.
In this way we can incrementally analyse an entire system. In this way we can incrementally analyse an entire system. %, with documented reasoning stages.
% %This has advantages of concentrating % %This has advantages of concentrating
% %effort in where modules interact, % %effort in where modules interact,
%A notation is then described to index and classify objects created in FMMD hierarchical models. %A notation is then described to index and classify objects created in FMMD hierarchical models.
% \subsection{Overview of current failure mode modelling techniques}
%
% We briefly analyse four current methodologies.
% Comprehensive overviews of these methodologies may be found
% in ~\cite{safeware,sccs,nasafta,nucfta,bfmea}.
%
% \paragraph{Fault Tree Analysis (FTA).}
% FTA~\cite{nasafta,nucfta} is a top down methodology in which a hierarchical diagram is drawn for
% each undesirable top level failure/event, presenting the conditions that must arise to cause
% the event.
% %
% It is suitable for large complicated systems with few undesirable top
% level failures and focuses on those events considered most important or most catastrophic.
% %
% Effects of duplication/redundancy of safety systems can be readily assessed.
% It uses notations that are readily understood by engineers
% (logic symbols borrowed from digital electronics and a fault hierarchy).
% However, it cannot guarantee to model all base component failures
% or be used to determine system level errors other than those modelled.
% %
% Each FTA diagram models one top level event.
% This creates duplication of modelled elements,
% and it is difficult to cross check between diagrams. It has limited
% support for environmental and operational states.
%
%
% \paragraph{Fault Mode Effects Analysis (FMEA)} is used principally to determine system reliability.
% It is bottom-up and starts with component failure modes, which
% lead to top level failure/events.
% Each top level failure is assessed by its cost to repair (or perceived criticality) and its estimated frequency. %, using a
% %failure mode ratio.
% A list of failures according to their cost to repair~\cite{bfmea}, or effect on system reliability is then calculated.
% It is easy to identify single component failure to system failure mappings
% and an estimate of product reliability can be calculated.
% %This can be viewed as a prioritised `to~fix' list.
% %
% It cannot focus on complex
% component interactions that cause system failure modes or determine potential
% problems from simultaneous failures. It does not consider changing environmental
% or operational states in sub-systems or components. It cannot model
% self-checking safety elements or other in-built safety features or
% analyse how particular components may fail.
%
%
% \paragraph{Failure Mode Effects Criticality Analysis (FMECA)} is a refinement of FMEA, using
% extra variables: the probability of a component failure mode occurring,
% the probability that this will cause a given top level failure, and the perceived
% criticality. It gives better estimations of product reliability/safety and the
% occurrence of particular system failure modes than FMEA but has similar deficiencies.
%
%
% \paragraph{Failure Modes, Effects and Diagnostic Analysis (FMEDA)} is a refinement of
% FMEA and FMECA and in addition models self-checking safety elements. It assigns two
% attributes to component failure modes: detectable/undetectable and safe/dangerous.
% Statistical measures about the system can be made and used to classify a
% safety integrity level. It allows designs with in-built safety features to be assessed.
% Otherwise, it has similar deficiencies to FMEA.
% However, it has limited support
% for environmental and operational states in sub-systems or components,
% via self checking statistical mitigation. FMEDA is the methodology associated with
% the safety integrity standard EN61508~\cite{en61508}.
%
% \subsection{Summary of Deficiencies in Current Methods} % \subsection{Summary of Deficiencies in Current Methods}
% %
% \paragraph{Top Down approach: FTA} The top down technique FTA, introduces the possibility of missing base component % \paragraph{Top Down approach: FTA} The top down technique FTA, introduces the possibility of missing base component
@ -470,7 +423,7 @@ In this way we can incrementally analyse an entire system.
\section{Worked Example: Non-Inverting Amplifier} \section{Worked Example: Non-Inverting Amplifier}
%% here bring in sys safety papaer from 2011 %% here bring in sys safety paper from 2011
%% %%
%% GARK BEGIN %% GARK BEGIN
@ -535,22 +488,24 @@ We represent a resistor and its failure modes as a directed acyclic graph (DAG)
Thus $R1$ has failure modes $\{R1_{OPEN}, R1_{SHORT}\}$ and $R2$ has failure modes $\{R2_{OPEN}, R2_{SHORT}\}$. Thus $R1$ has failure modes $\{R1_{OPEN}, R1_{SHORT}\}$ and $R2$ has failure modes $\{R2_{OPEN}, R2_{SHORT}\}$.
% %
We look at each of these base component failure modes, We look at each of these base component failure modes,
and determine how they affect the operation of the potential divider. and determine how they affect the operation of the potential~divider.
%Each failure mode scenario we look at will be given a test case number, %Each failure mode scenario we look at will be given a test case number,
%which is represented on the diagram, with an asterisk marking %which is represented on the diagram, with an asterisk marking
%which failure modes is modelling (see figure \ref{fig:fg1a}). %which failure modes is modelling (see figure \ref{fig:fg1a}).
% %
Each resistor failure mode is a potential {\fc} in the potential~divider.
%%For this example we look at single failure modes only. %%For this example we look at single failure modes only.
For each failure mode in our {\fg} `potential~divider', For each failure mode in our {\fg} potential~divider
we can assign a %{\fc} we can assign a {\fc}
number (see table \ref{tbl:pdfmea}). number (see table \ref{tbl:pdfmea}).
%
Each {\fc} is analysed to determine the symptom of failure in Each {\fc} is analysed to determine the symptom of failure in
the potential dividers' operation. For instance the potential~dividers' operation. For instance
if resistor $R_1$ were to become open, then the potential~divider would not be grounded and the if resistor $R_1$ were to become open, then the potential~divider would not be grounded and the
voltage output from it would float high (+ve). voltage output from it would float high (+ve).
This would mean the symptom of the failed potential divider would be voltage high output. This would mean the symptom of the failed potential~divider would be voltage high output.
% %
The failure symptom of a high potential divider output is termed `HighPD', and The failure symptom of a high potential~divider output is termed `HighPD', and
for it outputting a low voltage `LowPD'. % Andrew asked for this to be defined before the table. ... for it outputting a low voltage `LowPD'. % Andrew asked for this to be defined before the table. ...
%We can now consider the {\fg} %We can now consider the {\fg}
%as a component in its own right, and its symptoms as its failure modes. %as a component in its own right, and its symptoms as its failure modes.
@ -644,14 +599,14 @@ This is represented in the DAG in figure \ref{fig:fg1adag}.
We can now create % formulate We can now create % formulate
a `derived component' to represent this potential divider: a {\dc} to represent this potential divider:
we name this \textbf{PD}. we name this \textbf{PD}.
This {\dc} will have two failure modes. This {\dc} will have two failure modes, $PD_{HIGH}$ and $PD_{LOW}$.
We use the symbol $\derivec$ to represent the process of taking the analysed % HTR 05SEP2012 We use the symbol $\derivec$ to represent the process of taking the analysed
{\fg} and creating from it a {\dc}. % HTR 05SEP2012 {\fg} and creating from it a {\dc}.
The creation of the {\dc} \textbf{PD} is represented as a % HTR 05SEP2012 The creation of the {\dc} \textbf{PD} is represented as a
hierarchy diagram in figure~\ref{fig:dc1}. % HTR 05SEP2012 hierarchy diagram in figure~\ref{fig:dc1}.
We represent the {\dc} \textbf{PD}, as a DAG in figure \ref{fig:dc1dag}. % HTR 05SEP2012 We represent the {\dc} \textbf{PD}, as a DAG in figure \ref{fig:dc1dag}.
%We could represent it algebraically thus: $ \derivec(PotDiv) = %We could represent it algebraically thus: $ \derivec(PotDiv) =
@ -825,8 +780,8 @@ as {\fcs} in table~\ref{tbl:ampfmea1}.
% \node[component, pin=left:Input \#\y] (I-\name) at (0,-\y) {}; % \node[component, pin=left:Input \#\y] (I-\name) at (0,-\y) {};
\node[component] (OPAMP) at (0,-1.8) {$OPAMP$}; \node[component] (OPAMP) at (0,-1.8) {$OPAMP$};
\node[component] (R1) at (0,-6) {$R_1$}; \node[component] (R1) at (0,-7) {$R_1$};
\node[component] (R2) at (0,-7.6) {$R_2$}; \node[component] (R2) at (0,-8.6) {$R_2$};
%\node[component] (C-3) at (0,-5) {$C^0_3$}; %\node[component] (C-3) at (0,-5) {$C^0_3$};
%\node[component] (K-4) at (0,-8) {$K^0_4$}; %\node[component] (K-4) at (0,-8) {$K^0_4$};
@ -843,11 +798,11 @@ as {\fcs} in table~\ref{tbl:ampfmea1}.
\node[failure] (OPAMPNP) at (\layersep,-2.5) {noop}; \node[failure] (OPAMPNP) at (\layersep,-2.5) {noop};
\node[failure] (OPAMPLS) at (\layersep,-3.8) {lowslew}; \node[failure] (OPAMPLS) at (\layersep,-3.8) {lowslew};
\node[failure] (R1SHORT) at (\layersep,-5.1) {$R1_{SHORT}$}; \node[failure] (R1SHORT) at (\layersep,-5.6) {$R1_{SHORT}$};
\node[failure] (R1OPEN) at (\layersep,-6.4) {$R1_{OPEN}$}; \node[failure] (R1OPEN) at (\layersep,-7.4) {$R1_{OPEN}$};
\node[failure] (R2SHORT) at (\layersep,-7.7) {$R2_{SHORT}$}; \node[failure] (R2SHORT) at (\layersep,-9.0) {$R2_{SHORT}$};
\node[failure] (R2OPEN) at (\layersep,-9.0) {$R2_{OPEN}$}; \node[failure] (R2OPEN) at (\layersep,-11.0) {$R2_{OPEN}$};
@ -871,8 +826,8 @@ as {\fcs} in table~\ref{tbl:ampfmea1}.
% Potential divider failure modes % Potential divider failure modes
% %
\node[symptom] (PDHIGH) at (\layersep*2,-6) {$PD_{HIGH}$}; \node[symptom] (PDHIGH) at (\layersep*2,-7) {$PD_{HIGH}$};
\node[symptom] (PDLOW) at (\layersep*2,-7.6) {$PD_{LOW}$}; \node[symptom] (PDLOW) at (\layersep*2,-8.6) {$PD_{LOW}$};