robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Monday night third bash

Browse Source
This commit is contained in:
Robin Clark 2010-11-15 20:16:07 +00:00
parent 66fcffa97e
commit e977502eb7
1 changed files with 35 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
fmmd_concept/fmmd_concept.tex
View File

@ -346,15 +346,15 @@ The following gives an outline of the procedure.
\subsubsection{Two statistical perspectives} \subsubsection{Two statistical perspectives}
he Statistical Analysis method is used from two perspectives, FMEDA is a statistical analysis methodology is used from one of two perspectives,
Probability of Failure on Demand (PFD), and Probability of Failure Probability of Failure on Demand (PFD), and Probability of Failure
in continuous Operation, Failure in Time (FIT). in continuous Operation, or Failure in Time (FIT).
\paragraph{Failure in Time (FIT).} Continuous operation is measured in failures per billion ($10^9$) hours of operation. \paragraph{Failure in Time (FIT).} Continuous operation is measured in failures per billion ($10^9$) hours of operation.
For a continuously running nuclear powerstation For a continuously running nuclear powerstation
we would be interested in its operational FIT values. we would be interested in its operational FIT values.
\paragraph{Probability of Failure on Demand (PFD).} For instance with the anti-lock system on a automobile braking \paragraph{Probability of Failure on Demand (PFD).} For instance with an anti-lock system in
system, we would be interested in PFD. automobile braking, we would be interested in PFD.
That is to say the ratio of it failing That is to say the ratio of it failing
to succeeding on demand. to succeeding on demand.
@ -364,44 +364,47 @@ to succeeding on demand.
The first stage is to apply FMEA to the SYSTEM. The first stage is to apply FMEA to the SYSTEM.
% %
Each component is analysed in terms of how its failure Each component is analysed in terms of how its failure
would affact the system.% would affect the system.
Failure rates of individual components in the SYSTEM Failure rates of individual components in the SYSTEM
are calculated based on component type and are calculated based on component type and
environmental conditions. environmental conditions.
% %
Statistical data exists for most component types \cite{mil1992}. Statistical data exists for most component types \cite{mil1992}.
% %
This phase is typically implemented on a spreadsheet. Along with a components This phase is typically implemented on a spreadsheet
type, placing in the system, part number, environmental stress factors etc. with rows representing each component. A typical component spreadshet row would
comprise of
component type, placing in the system, part number, environmental stress factors, MTTF etc.
%will be a determination of whether the component failing will lead to a `safe' %will be a determination of whether the component failing will lead to a `safe'
%or `unsafe' condition. %or `unsafe' condition.
\paragraph{Overall SYSTEM failure rate.} \paragraph{Overall SYSTEM failure rate.}
Product failure rate is the sum of all component The product failure rate is the sum of all component
failure rates. This is the sum of safe and unsafe failure rates.
failures. %This is the sum of safe and unsafe
%failures.
\paragraph{Self Diagnostics} \paragraph{Self Diagnostics}
We next evaluate the SYSTEMSs self-diagnostic ability. We next evaluate the SYSTEM's self-diagnostic ability.
Each components failure modes and failure rate are now available. %Each components failure modes and failure rate are now available.
Failure modes are now classified as safe or dangerous. Failure modes are now classified as safe or dangerous.
This is done by taking a component failure mode and determining This is done by taking a component failure mode and determining
how it will react with any other components in the SYSTEM and taking a decision how it may react with any other components in the SYSTEM, and taking a final decision
based on hueristics. based on hueristics or field data.
Detectable failure probabilities are labelled `$\lambda_D$' (for Detectable failure probabilities are labelled `$\lambda_D$' (for
dangerous) and `$\lambda_S$' (for safe) \cite{EN61508}. dangerous) and `$\lambda_S$' (for safe) \cite{EN61508}.
\paragraph{Determine Detectable and Undetecable Failures} \paragraph{Determine Detectable and Undetecable Failures}
Each safe and dangerous failure mode is now Each safe and dangerous failure mode is now
determined as detectable or un-detectable by the SYSTEMSs determined as detectable or un-detectable by the SYSTEMs
self checking features. self checking features.
% %
This gives us four failure mode classifications: This gives us four level failure mode classifications:
Safe-Detected (SD), Safe-Undetected (SU), Dangerous-Detected (DD) or Dangerous-Undetected (DU), Safe-Detected (SD), Safe-Undetected (SU), Dangerous-Detected (DD) or Dangerous-Undetected (DU),
and the failure rate of each classification and the probablistic failure rate of each classification
is represented by lambda variables is represented by lambda variables
($\lambda_{SD}$, $\lambda_{SU}$, $\lambda_{DD}$, $\lambda_{DU}$). (i.e. $\lambda_{SD}$, $\lambda_{SU}$, $\lambda_{DD}$, $\lambda_{DU}$).
Because some failure modes may not be discovered theoretically during the static Because some failure modes may not be discovered theoretically during the static
analysis, the analysis, the
@ -409,11 +412,11 @@ analysis, the
% and guess how it will affect an ENTIRE complex SYSTEM % and guess how it will affect an ENTIRE complex SYSTEM
next step is to investigate using an actual working SYSTEM. next step is to investigate using an actual working SYSTEM.
Failures are deliberately caused (by physical intervetion), and any new SYSTEM level Failures are deliberately caused (by physical intervention), and any new SYSTEM level
failures are added to the model. failures are added to the model.
Hueristics and MTTF failure rate for the components Hueristics and MTTF failure rates for the components
are used to calculate probabilities for these new failure modes are used to calculate probabilities for these new failure modes
according to their saefty and detectability classifications (i.e. along with their safety and detectability classifications (i.e.
$\lambda_{SD}$, $\lambda_{SU}$, $\lambda_{DD}$, $\lambda_{DU}$). $\lambda_{SD}$, $\lambda_{SU}$, $\lambda_{DD}$, $\lambda_{DU}$).
These new failures are added to the model. These new failures are added to the model.
%SD, SU, DD, DU. %SD, SU, DD, DU.
@ -441,7 +444,7 @@ $$ SF = \frac{\Sigma\lambda_SD}{\Sigma\lambda_S} $$
\paragraph{Safe Failure Fraction.} \paragraph{Safe Failure Fraction.}
A key concept in FMEDA is Safe Failure Fraction (SFF). A key concept in FMEDA is Safe Failure Fraction (SFF).
This is the ratio of safe and dangerous detected failures This is the ratio of safe and dangerous detected failures
against the safe and dangerous failure probabilities. against all safe and dangerous failure probabilities.
Again this is usually expressed as a percentage. Again this is usually expressed as a percentage.
$$ SFF = \big( \Sigma\lambda_S + \Sigma\lambda_{DD} \big) / \big( \Sigma\lambda_S + \Sigma\lambda_D \big) $$ $$ SFF = \big( \Sigma\lambda_S + \Sigma\lambda_{DD} \big) / \big( \Sigma\lambda_S + \Sigma\lambda_D \big) $$
@ -476,20 +479,26 @@ have threshold bands beoming stricter for each level.
Software techniques and constraints are Software techniques and constraints are
also become stricter for each SIL level. also become stricter for each SIL level.
FMEDA uses MTFF and other statistical models to determine the probability of Thus FMEDA uses statistical methods to determine
failures occurring, and provide an adaquate risk level. a safety level (SIL), typically used to meet an acceptable risk
value, specified for the environment the SYSTEM must work in.
%the probability of
%failures occurring, and provide an adaquate risk level.
% %
%A component failure mode, given its MTTF %A component failure mode, given its MTTF
%the probability of detecting the fault and its safety relevant validation time $\tau$, %the probability of detecting the fault and its safety relevant validation time $\tau$,
%contributes a simple risk factor that is summed %contributes a simple risk factor that is summed
%in to give a final risk result. %in to give a final risk result.
% %
Thus a statistical Thus an FMEDA
model can be implemented on a spreadsheet, where each component model can be implemented on a spreadsheet, where each component
has a calculated risk, a fault detection time (if any), an estimated risk importance has a calculated risk, a fault detection time (if any), an estimated risk importance
and other factors such as de-rating and environmental stress. and other factors such as de-rating and environmental stress.
With one component failure mode per row, With one component failure mode per row,
all the statistical factors for SIL rating can be produced\footnote{A SIL rating will apply to an installed plant, i.e. A complete SYSTEM. SIL ratings for individual components or sub-systems are meaningless, and the nearest equivalent would be the FIT/PFD and SFF and diagnostic coverage figures}. all the statistical factors for SIL rating can be produced\footnote{A SIL rating will apply
to an installed plant, i.e. A complete SYSTEM. SIL ratings for individual components or
sub-systems are meaningless, and the nearest equivalent would be the FIT/PFD and SFF and diagnostic coverage figures.}.