git mix up... fixing I hope
This commit is contained in:
parent
5cca1a1311
commit
e7a09768b7
@ -57,6 +57,7 @@ failure mode of the component or sub-system}}}
|
||||
}
|
||||
|
||||
\title{Developing a rigorous bottom-up modular static failure mode modelling methodology}
|
||||
%\nodate
|
||||
\maketitle
|
||||
|
||||
|
||||
@ -74,13 +75,19 @@ These properties provide advantages in rigour and efficiency when compared to cu
|
||||
|
||||
\section{Introduction}
|
||||
|
||||
\subsection{Current methodologies}
|
||||
This paper describes and criticises the four current failure mode methodologies,
|
||||
presents a table of the deficiencies and advantages, and then presents a new proposed
|
||||
methodology. A worked example is then provided, which models the failure mode
|
||||
behaviour of a non inverting op-amp.
|
||||
|
||||
|
||||
\paragraph{Current methodologies}
|
||||
|
||||
We briefly analyse the four current methodologies.
|
||||
|
||||
\subsubsection{Fault Tree Analysis (FTA)}
|
||||
\paragraph{Fault Tree Analysis (FTA)}
|
||||
|
||||
FTA is a top down methodology in which a diagram is drawn for
|
||||
FTA is a top down methodology in which a hierarchical diagram is drawn for
|
||||
each undesirable top level failure, presenting the conditions that must arise to cause
|
||||
the event.
|
||||
%
|
||||
@ -88,14 +95,26 @@ It is suitable for large complicated systems with few undesirable top
|
||||
level failures and focuses on those events considered most important or most catastrophic.
|
||||
%
|
||||
Effects of duplication/redundancy of safety systems can be readily assessed.
|
||||
It uses notations that are readily understood by engineers (logic symbols from digtal electroics and a fault hierarchy).
|
||||
It uses notations that are readily understood by engineers (logic symbols from digital electronics and a fault hierarchy).
|
||||
However, it cannot guarantee to model all base component failure modes
|
||||
or be used to determine system level errors other than those modelled.
|
||||
Each diagram is a separate model, creating duplication of modelled elements,
|
||||
%
|
||||
Each FTA diagram models one top level event.
|
||||
This creates duplication of modelled elements,
|
||||
and there is no facility to cross check between diagrams. It has limited
|
||||
support for environmental and operational states.
|
||||
|
||||
|
||||
<<<<<<< HEAD
|
||||
\paragraph{Fault Mode Effects Analysis FMEA)} is used principally in manufacturing.
|
||||
Each top level failure is assessed by its cost to repair and its frequency,%, using a
|
||||
%failure mode ratio.
|
||||
A list of failures and their cost is then calculated.
|
||||
It is easy to identify single component failure to system failure scenarios
|
||||
and an estimate of product reliability can be calculated.
|
||||
%
|
||||
It cannot focus on
|
||||
=======
|
||||
\subsection{Fault Mode Effects Analysis FMEA)}
|
||||
FMEA is used principally in manufacturing.
|
||||
Each defect is assessed by its cost to repair and its frequency. %, using a
|
||||
@ -110,32 +129,30 @@ self-checking safety elements or other in-built safety features or
|
||||
analyse how particular components may fail.
|
||||
|
||||
|
||||
\subsection{Failure Mode Criticality Analysis (FMECA)}
|
||||
FMECA is a refinement of FMEA, using
|
||||
\paragraph{Failure Mode Criticality Analysis (FMECA)} is a refinement of FMEA, using
|
||||
two extra variables: the probability of a component failure mode occurring
|
||||
and the probability that this will cause a top level failure, and the perceived
|
||||
criticallity. It gives better estimations of product reliability/safety and the
|
||||
occurrence of particular system failure modes than FMEA but has similar deficiencies.
|
||||
|
||||
|
||||
\subsection{Failure Modes, Effects and Diagnostic Analysis (FMEDA)}
|
||||
|
||||
FMEDA is a refinement of
|
||||
\paragraph{Failure Modes, Effects and Diagnostic Analysis (FMEDA)} is a refinement of
|
||||
FMEA and FMECA and models self-checking safety elements. It assigns two
|
||||
attributes to component failure modes: detectable/undetectable and safe/dangerous.
|
||||
Statistical measures about the system can be made and used to classify a
|
||||
safety integrity level. It allows designs with in-built safety features to be assessed.
|
||||
Otherwise, it has similar deficiencies to FMEA but has limited support
|
||||
for environmental and operational states in sub-systems or components,
|
||||
via self checking statistical mitigation.
|
||||
via self checking statistical mitigation. FMEDA is the methodology associated with
|
||||
the safety integrity standards IOC5108 and EN61508~\cite{en61508}.
|
||||
|
||||
\subsection{Summary of Defeciencies in Current Methods}
|
||||
|
||||
\subsubsection{Top Down approach: FTA} The top down technique FTA, introduces the possibility of missing base component
|
||||
\paragraph{Top Down approach: FTA} The top down technique FTA, introduces the possibility of missing base component
|
||||
level failure modes~\cite{faa}[Ch.9]. Since one FTA tree is drawn for each top level
|
||||
event, this leads to repeated work, with limited ability for cross checking/model validation.
|
||||
|
||||
\subsubsection{Bottom-up approach: FMEA, FMECA, FMEDA}
|
||||
\subsection{Bottom-up approach: FMEA, FMECA, FMEDA}
|
||||
|
||||
\paragraph{State Explosion problem}
|
||||
The bottom -up techniques all suffer from a problem of state explosion.
|
||||
@ -144,7 +161,7 @@ of a component failure against all other components. Adding environmental
|
||||
and operational states further increases this effect.
|
||||
|
||||
Let N be the number of components in our system, and K be the average number of component failure modes
|
||||
(ways in which a component can fail). The total number of base component failure modes
|
||||
(ways in which a component can fail). The approximate total number of base component failure modes
|
||||
is $N \times K$. To examine the effect that one failure mode has on all
|
||||
the other components\footnote{A %base
|
||||
component failure will typically affect the sub-system
|
||||
@ -152,7 +169,7 @@ it is part of, and create a failure effect at the SYSTEM level.}
|
||||
will be $(N-1) \times N \times K$. %, in effect a very large set cross product.
|
||||
If $E$ is the number of environmental conditions to consider
|
||||
in a system, and $A$ the number of applied/operational states (or modes of the SYSTEM),
|
||||
the job of the bottom-up analyst is presented with two
|
||||
the bottom-up analyst is presented with two
|
||||
additional %cross product
|
||||
factors,
|
||||
$(N-1) \times N \times K \times E \times A$.
|
||||
@ -193,28 +210,30 @@ To look in detail at a half of a million test cases is obviously impractical.
|
||||
\paragraph{Multiple Events from one base component failure mode}
|
||||
A base component failure may potentially cause more than one
|
||||
SYSTEM level failure mode.
|
||||
It could be possible to identify one top level event associated with
|
||||
It would be possible to identify one top level event associated with
|
||||
a {\bcfm} and not investigate other possibilities.
|
||||
|
||||
%\section{Requirements for a new static failure mode Analysis methodology}
|
||||
|
||||
\section{Desireable Criteria for a failure mode methodology}
|
||||
From the deficiencies outlined above, ideally we can form a wish list for a better methodology.
|
||||
\section{Desireable Criteria for a failure mode methodology}.
|
||||
From the deficiencies outlined above, ideally we can form a set of desirable criteria for a better methodology.
|
||||
{ \small
|
||||
\begin{itemize}
|
||||
\begin{enumerate}
|
||||
%\begin{itemize}
|
||||
\label{fmmdreq}
|
||||
\item Address the state explosion problem.
|
||||
\item Ensure that all component failure modes be considered in the model.
|
||||
\item Be easy to integrate mechanical, electronic and software models \cite{sccs}[pp.287].
|
||||
\item Be re-usable, in that commonly used modules can be re-used in other designs/projects.
|
||||
\item It should have a formal basis, that is to say, be able to produce mathematical traceability
|
||||
\item Address the state explosion problem. % 1
|
||||
\item Ensure that all component failure modes be considered in the model. % 2
|
||||
\item Be easy to integrate mechanical, electronic and software models \cite{sccs}[pp.287]. %3
|
||||
\item Be re-usable, in that commonly used modules can be re-used in other designs/projects. %4
|
||||
\item It should have a formal basis, that is to say, be able to produce mathematical traceability %5
|
||||
for its results, such as error causation trees.%, reliability and safety statistics.
|
||||
%\item It should be easy to use, ideally using a
|
||||
%graphical syntax (as opposed to a formal symbolic/mathematical text based language).
|
||||
%\item From the top down, the failure mode model should follow a logical de-composition of the functionality
|
||||
%to smaller and smaller functional groupings \cite{maikowski}.
|
||||
\item Be able to model multiple (simultaneous) failure modes.% from the base component level up.
|
||||
\end{itemize}
|
||||
\item Be able to model multiple (simultaneous) failure modes.% 6 % from the base component level up.
|
||||
\end{enumerate}
|
||||
%\end{itemize}
|
||||
}
|
||||
|
||||
% A new methodology must ensure that it represents all component failure modes and it therefore should be bottom-up,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user