robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fta or trap described as a example

Browse Source
This commit is contained in:
Robin Clark 2011-05-16 09:38:17 +01:00
parent 51d46d452c
commit e6f66dfe3b
1 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
noninvopamp/noninvopamp.tex
View File

@ -710,7 +710,7 @@ to assist in building models for FTA, FMEA, FMECA and FMEDA failure mode analysi
%\node[annot,right of=s](dcl) {Derived Component}; %\node[annot,right of=s](dcl) {Derived Component};
\end{tikzpicture} \end{tikzpicture}
% End of code % End of code
\caption{DAG representing failure modes and symptoms of the Non Inverting Op-amp Circuit} \caption{Full DAG representing failure modes and symptoms of the Non Inverting Op-amp Circuit}
\label{fig:noninvdag0} \label{fig:noninvdag0}
\end{figure} \end{figure}
@ -721,7 +721,7 @@ to assist in building models for FTA, FMEA, FMECA and FMEDA failure mode analysi
\section{Extracting Fault Trees from the DAG} \section{Extracting Fault Trees from the DAG}
We can derive an FTA~\cite{nucfta}~\cite{nasafta} diagram for a top level event, by tracing back through the DAG. We can derive an FTA~\cite{nucfta}~\cite{nasafta} diagram for a top level event, by tracing back through the DAG.
Where we come to a node with more than one error source, this becomes an or gate Where we come to a node with more than one error source, this becomes an `xor' gate
in the FTA diagram. Tracing back from the top level event $AMP Low$ we are lead to in the FTA diagram. Tracing back from the top level event $AMP Low$ we are lead to
the $OPAMP latch down$ and $OP amp Noop$. These two events can cause the symptom $AMP Low$. the $OPAMP latch down$ and $OP amp Noop$. These two events can cause the symptom $AMP Low$.
We can also trace back down to the symptom $PD High$. Thus we have three We can also trace back down to the symptom $PD High$. Thus we have three
@ -827,7 +827,23 @@ The FTA diagram directly derived from the FMMD DAG is shown in figure \ref{fig:n
\end{figure} \end{figure}
\subsection{The FTA `or' trap}
The example above highlighs a weakness in the FTA methodology.
Intuitively, the $AMP_{low}$ failure symptom, has three possible
causes and it would be tempting drawing an FTA diagram
to use a triple input `or' gate to model these.
An `or' gate would mean that the powerset of all its inputs
leads to the resultant failure mode/symptom.
In this case we have a combination that breaks this rule. Were the condition
$$PD_{high} \wedge OPAMP_{noop}$$ to be true we would have a floating output
which is a different error condition to the output being actively low.
This means that anyone drawing an OR gate in an FTA diagram
should either specifiy that only single failure modes are considered
possible, or, must consider all powerset combinations of the inputs.
\subsection{Information missing in FTA} \subsection{Information missing in FTA}