diff --git a/noninvopamp/noninvopamp.tex b/noninvopamp/noninvopamp.tex index 6897b90..708cf63 100644 --- a/noninvopamp/noninvopamp.tex +++ b/noninvopamp/noninvopamp.tex @@ -710,7 +710,7 @@ to assist in building models for FTA, FMEA, FMECA and FMEDA failure mode analysi %\node[annot,right of=s](dcl) {Derived Component}; \end{tikzpicture} % End of code - \caption{DAG representing failure modes and symptoms of the Non Inverting Op-amp Circuit} + \caption{Full DAG representing failure modes and symptoms of the Non Inverting Op-amp Circuit} \label{fig:noninvdag0} \end{figure} @@ -721,7 +721,7 @@ to assist in building models for FTA, FMEA, FMECA and FMEDA failure mode analysi \section{Extracting Fault Trees from the DAG} We can derive an FTA~\cite{nucfta}~\cite{nasafta} diagram for a top level event, by tracing back through the DAG. -Where we come to a node with more than one error source, this becomes an or gate +Where we come to a node with more than one error source, this becomes an `xor' gate in the FTA diagram. Tracing back from the top level event $AMP Low$ we are lead to the $OPAMP latch down$ and $OP amp Noop$. These two events can cause the symptom $AMP Low$. We can also trace back down to the symptom $PD High$. Thus we have three @@ -827,7 +827,23 @@ The FTA diagram directly derived from the FMMD DAG is shown in figure \ref{fig:n \end{figure} +\subsection{The FTA `or' trap} +The example above highlighs a weakness in the FTA methodology. +Intuitively, the $AMP_{low}$ failure symptom, has three possible +causes and it would be tempting drawing an FTA diagram +to use a triple input `or' gate to model these. +An `or' gate would mean that the powerset of all its inputs +leads to the resultant failure mode/symptom. + + +In this case we have a combination that breaks this rule. Were the condition +$$PD_{high} \wedge OPAMP_{noop}$$ to be true we would have a floating output +which is a different error condition to the output being actively low. + +This means that anyone drawing an OR gate in an FTA diagram +should either specifiy that only single failure modes are considered +possible, or, must consider all powerset combinations of the inputs. \subsection{Information missing in FTA}