robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Working through very carefully......

Browse Source
This commit is contained in:
Robin P. Clark 2012-09-05 08:11:13 +01:00
parent f8a7225623
commit e2eb19a8fc
1 changed files with 50 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

145
submission_thesis/CH4_FMMD/copy.tex
View File

@ -54,100 +54,53 @@
This chapter
starts with %starts with %an overview of current failure modelling techniques, and then
a worked example to introduce % using
the new methodology,
a new methodology,
Failure Mode Modular De-composition (FMMD).
This is followed by a discussion on the design of the FMMD methodology and then a
This is followed by a discussion on the design of FMMD and then a
%an ontological
description using UML class models.
description and re-factoring process using UML class models.
% This chapter defines the FMMD process and related concepts and calculations.
FMMD is in essence modularised FMEA. Rather than taking each component failure mode
FMMD is in essence a modularised variant of traditional FMEA~\cite{sccs}[pp.34-38].
%
Rather than taking each component failure mode
and extrapolating top level or system failure symptoms from it,
small groups of components are collected into {\fgs} and analysed.
%and then {\dcs} are used to represent the {\fgs}.
We analyse the {\fgs} in order to determine its the failure mode behaviour.
We analyse each {\fg} in order to determine its failure mode behaviour.
%of the {\fg}.
With the failure mode behaviour we can obtain a set of failure modes
for the {\fg}. We can then create a new theoretical component to represent the {\fg}.
for the {\fg}.
%
Or in other words we determine how the {\fg}, as an entity can fail.
%
We can then create a new theoretical component to represent the {\fg}.
%
We call this a {\dc}.
This {\dc} may be used as though it were a component, and has a set of failure modes.
We then use {\dcs} to then build further {\fgs} until a hierarchy of {\fgs}
%
This {\dc} has a set of failure modes: we can thus treat it as a `higher~level' component.
%
Because a {\dc} has a set of failure modes we can use it in higher level {\fgs}
which in turn produce higher level {\dcs}.
%
We can then use {\dcs} to then build further {\fgs} until a hierarchy of {\fgs}
and {\dcs} has been built, converging to a final {\dc}
at the top of the hierarchy. The final {\dcs} failure modes
at the top of the hierarchy.
%
The failure modes of the final or top {\dc}
are the failure modes of the system under investigation.
%
Or in other words we take the traditional FMEA~\cite{sccs}[pp.34-38] process, and modularise it from the bottom-up.
Or in other words we take the traditional FMEA process, and modularise it from the bottom-up.
%We break down each stage of reasoning
%into small manageable groups, and use the failure mode behaviour from them to create {\dcs}
%to build higher level groups.
In this way we can incrementally analyse an entire system.
In this way we can incrementally analyse an entire system. %, with documented reasoning stages.
% %This has advantages of concentrating
% %effort in where modules interact,
%A notation is then described to index and classify objects created in FMMD hierarchical models.
% \subsection{Overview of current failure mode modelling techniques}
%
% We briefly analyse four current methodologies.
% Comprehensive overviews of these methodologies may be found
% in ~\cite{safeware,sccs,nasafta,nucfta,bfmea}.
%
% \paragraph{Fault Tree Analysis (FTA).}
% FTA~\cite{nasafta,nucfta} is a top down methodology in which a hierarchical diagram is drawn for
% each undesirable top level failure/event, presenting the conditions that must arise to cause
% the event.
% %
% It is suitable for large complicated systems with few undesirable top
% level failures and focuses on those events considered most important or most catastrophic.
% %
% Effects of duplication/redundancy of safety systems can be readily assessed.
% It uses notations that are readily understood by engineers
% (logic symbols borrowed from digital electronics and a fault hierarchy).
% However, it cannot guarantee to model all base component failures
% or be used to determine system level errors other than those modelled.
% %
% Each FTA diagram models one top level event.
% This creates duplication of modelled elements,
% and it is difficult to cross check between diagrams. It has limited
% support for environmental and operational states.
%
%
% \paragraph{Fault Mode Effects Analysis (FMEA)} is used principally to determine system reliability.
% It is bottom-up and starts with component failure modes, which
% lead to top level failure/events.
% Each top level failure is assessed by its cost to repair (or perceived criticality) and its estimated frequency. %, using a
% %failure mode ratio.
% A list of failures according to their cost to repair~\cite{bfmea}, or effect on system reliability is then calculated.
% It is easy to identify single component failure to system failure mappings
% and an estimate of product reliability can be calculated.
% %This can be viewed as a prioritised `to~fix' list.
% %
% It cannot focus on complex
% component interactions that cause system failure modes or determine potential
% problems from simultaneous failures. It does not consider changing environmental
% or operational states in sub-systems or components. It cannot model
% self-checking safety elements or other in-built safety features or
% analyse how particular components may fail.
%
%
% \paragraph{Failure Mode Effects Criticality Analysis (FMECA)} is a refinement of FMEA, using
% extra variables: the probability of a component failure mode occurring,
% the probability that this will cause a given top level failure, and the perceived
% criticality. It gives better estimations of product reliability/safety and the
% occurrence of particular system failure modes than FMEA but has similar deficiencies.
%
%
% \paragraph{Failure Modes, Effects and Diagnostic Analysis (FMEDA)} is a refinement of
% FMEA and FMECA and in addition models self-checking safety elements. It assigns two
% attributes to component failure modes: detectable/undetectable and safe/dangerous.
% Statistical measures about the system can be made and used to classify a
% safety integrity level. It allows designs with in-built safety features to be assessed.
% Otherwise, it has similar deficiencies to FMEA.
% However, it has limited support
% for environmental and operational states in sub-systems or components,
% via self checking statistical mitigation. FMEDA is the methodology associated with
% the safety integrity standard EN61508~\cite{en61508}.
%
% \subsection{Summary of Deficiencies in Current Methods}
%
% \paragraph{Top Down approach: FTA} The top down technique FTA, introduces the possibility of missing base component
@ -470,7 +423,7 @@ In this way we can incrementally analyse an entire system.
\section{Worked Example: Non-Inverting Amplifier}
%% here bring in sys safety papaer from 2011
%% here bring in sys safety paper from 2011
%%
%% GARK BEGIN
@ -535,22 +488,24 @@ We represent a resistor and its failure modes as a directed acyclic graph (DAG)
Thus $R1$ has failure modes $\{R1_{OPEN}, R1_{SHORT}\}$ and $R2$ has failure modes $\{R2_{OPEN}, R2_{SHORT}\}$.
%
We look at each of these base component failure modes,
and determine how they affect the operation of the potential divider.
and determine how they affect the operation of the potential~divider.
%Each failure mode scenario we look at will be given a test case number,
%which is represented on the diagram, with an asterisk marking
%which failure modes is modelling (see figure \ref{fig:fg1a}).
%
Each resistor failure mode is a potential {\fc} in the potential~divider.
%%For this example we look at single failure modes only.
For each failure mode in our {\fg} `potential~divider',
we can assign a %{\fc}
For each failure mode in our {\fg} potential~divider
we can assign a {\fc}
number (see table \ref{tbl:pdfmea}).
%
Each {\fc} is analysed to determine the symptom of failure in
the potential dividers' operation. For instance
the potential~dividers' operation. For instance
if resistor $R_1$ were to become open, then the potential~divider would not be grounded and the
voltage output from it would float high (+ve).
This would mean the symptom of the failed potential divider would be voltage high output.
This would mean the symptom of the failed potential~divider would be voltage high output.
%
The failure symptom of a high potential divider output is termed `HighPD', and
The failure symptom of a high potential~divider output is termed `HighPD', and
for it outputting a low voltage `LowPD'. % Andrew asked for this to be defined before the table. ...
%We can now consider the {\fg}
%as a component in its own right, and its symptoms as its failure modes.
@ -644,14 +599,14 @@ This is represented in the DAG in figure \ref{fig:fg1adag}.
We can now create % formulate
a `derived component' to represent this potential divider:
a {\dc} to represent this potential divider:
we name this \textbf{PD}.
This {\dc} will have two failure modes.
We use the symbol $\derivec$ to represent the process of taking the analysed
{\fg} and creating from it a {\dc}.
The creation of the {\dc} \textbf{PD} is represented as a
hierarchy diagram in figure~\ref{fig:dc1}.
We represent the {\dc} \textbf{PD}, as a DAG in figure \ref{fig:dc1dag}.
This {\dc} will have two failure modes, $PD_{HIGH}$ and $PD_{LOW}$.
% HTR 05SEP2012 We use the symbol $\derivec$ to represent the process of taking the analysed
% HTR 05SEP2012 {\fg} and creating from it a {\dc}.
% HTR 05SEP2012 The creation of the {\dc} \textbf{PD} is represented as a
% HTR 05SEP2012 hierarchy diagram in figure~\ref{fig:dc1}.
% HTR 05SEP2012 We represent the {\dc} \textbf{PD}, as a DAG in figure \ref{fig:dc1dag}.
%We could represent it algebraically thus: $ \derivec(PotDiv) =
@ -825,8 +780,8 @@ as {\fcs} in table~\ref{tbl:ampfmea1}.
% \node[component, pin=left:Input \#\y] (I-\name) at (0,-\y) {};
\node[component] (OPAMP) at (0,-1.8) {$OPAMP$};
\node[component] (R1) at (0,-6) {$R_1$};
\node[component] (R2) at (0,-7.6) {$R_2$};
\node[component] (R1) at (0,-7) {$R_1$};
\node[component] (R2) at (0,-8.6) {$R_2$};
%\node[component] (C-3) at (0,-5) {$C^0_3$};
%\node[component] (K-4) at (0,-8) {$K^0_4$};
@ -843,11 +798,11 @@ as {\fcs} in table~\ref{tbl:ampfmea1}.
\node[failure] (OPAMPNP) at (\layersep,-2.5) {noop};
\node[failure] (OPAMPLS) at (\layersep,-3.8) {lowslew};
\node[failure] (R1SHORT) at (\layersep,-5.1) {$R1_{SHORT}$};
\node[failure] (R1OPEN) at (\layersep,-6.4) {$R1_{OPEN}$};
\node[failure] (R1SHORT) at (\layersep,-5.6) {$R1_{SHORT}$};
\node[failure] (R1OPEN) at (\layersep,-7.4) {$R1_{OPEN}$};
\node[failure] (R2SHORT) at (\layersep,-7.7) {$R2_{SHORT}$};
\node[failure] (R2OPEN) at (\layersep,-9.0) {$R2_{OPEN}$};
\node[failure] (R2SHORT) at (\layersep,-9.0) {$R2_{SHORT}$};
\node[failure] (R2OPEN) at (\layersep,-11.0) {$R2_{OPEN}$};
@ -871,8 +826,8 @@ as {\fcs} in table~\ref{tbl:ampfmea1}.
% Potential divider failure modes
%
\node[symptom] (PDHIGH) at (\layersep*2,-6) {$PD_{HIGH}$};
\node[symptom] (PDLOW) at (\layersep*2,-7.6) {$PD_{LOW}$};
\node[symptom] (PDHIGH) at (\layersep*2,-7) {$PD_{HIGH}$};
\node[symptom] (PDLOW) at (\layersep*2,-8.6) {$PD_{LOW}$};