logic diagram must use XOR
This commit is contained in:
Robin
parent
9698fd3d60
commit
efb184939c
@ -12,7 +12,7 @@ that control the flow of a computer program. This type of diagram can therefore
|
||||
integrate logical models from mechanical, electronic and software domains.
|
||||
Nearly all modern safety critical systems involve these three disiplines.
|
||||
%
|
||||
It is intended to be used for analysis of automated safety critical systen
|
||||
It is intended to be used for analysis of automated safety critical systems.
|
||||
Many types of safety critical systems now legally
|
||||
require fault mode effects analysis\cite{FMEA},
|
||||
but few formal systems exist and wide-spread take-up is
|
||||
@ -231,12 +231,11 @@ In English:
|
||||
Test points on the concrete diagram pair-wise connected by a `joining line'
|
||||
|
||||
|
||||
A collection of test points connected by joining lines, is an Fuctionally Merged Group, $FMG$
|
||||
A collection of test points connected by joining lines, is an Functionally Merged Group, $FMG$
|
||||
or `test point disjunction'.
|
||||
An $FMG$ has members which are test points.
|
||||
|
||||
{may be merged
|
||||
and create a
|
||||
{
|
||||
\definition{
|
||||
%A spider is a set of test points where,
|
||||
%a test point is a member of a spider where it can trace a path connected by joining lines
|
||||
@ -256,6 +255,7 @@ A singleton test point can be considered a sequence of one test point and is the
|
||||
|
||||
|
||||
% \subsection{Abstract Description of PLD}
|
||||
%and create a
|
||||
%
|
||||
% An Abstract PLD {\em Propositional logic diagram} consists of contours $C$ defining zones $Z$, test points $T$ (which
|
||||
% are defined by the zone they inhabit) and pair wise connections $W$, which connect test points.
|
||||
@ -284,11 +284,10 @@ A singleton test point can be considered a sequence of one test point and is the
|
||||
\item A $FMG$ represents the disjunction of all test points that are members of it.
|
||||
\end{itemize}
|
||||
|
||||
To obtain the set of propositions from a PLD, each $FMG$ must be processed. For each test case
|
||||
To obtain the set of propositions from a PLD, each $FMG$ must be traversed
|
||||
along each joining line. For each test case
|
||||
in the $FMG$ a new section of the equation is disjuctively appended to it.
|
||||
|
||||
|
||||
|
||||
Let conjunctive logic equation associated with a test point
|
||||
be determined from the contours that enclose it.
|
||||
i.e. the contours $\mathcal{X}$ from the zone it inhabits.
|
||||
@ -397,6 +396,7 @@ In the diagram \ref{fig:ld_and} the area of intersection between the contours $a
|
||||
represents the conjunction of those conditions. The point $P$ represents the logic equation
|
||||
$$ P = (a \wedge b) $$
|
||||
There are no disjunctive joining lines and so this diagram represents one equation only, $ P = (a \wedge b) $.
|
||||
Note that $P$ is considered to be an $FMG$ with one element, $ (a \wedge b) $
|
||||
|
||||
\paragraph{How this would be interpreted in failure analysis}
|
||||
In failure analysis, this could be considered to be a sub-system with two failure states $a$ and $b$.
|
||||
@ -430,23 +430,43 @@ $$ P = (a) $$
|
||||
$$ Q = (b) $$
|
||||
|
||||
The two test cases are joined by a the line named $R$.
|
||||
we thus apply disjunction to the test cases.
|
||||
$$ R = P \vee Q $$
|
||||
we thus apply exclusive disjunction to the test cases.
|
||||
$$ R = P \oplus Q $$
|
||||
substituting the test cases for their Boolean logic equations gives
|
||||
$$ R = ((a) \vee (b)) $$.
|
||||
\begin{equation}
|
||||
\label{eqn:l_or}
|
||||
R = ((a) \oplus (b))
|
||||
\end{equation}
|
||||
|
||||
\paragraph{Failure Analysis Interpretation}
|
||||
Equation \ref{eqn:l_or} would be interpretted to mean that
|
||||
either failure mode a or b occurring, would have the same failure symptom for the circuit/sub-system
|
||||
under analysis.
|
||||
|
||||
|
||||
|
||||
\clearpage
|
||||
\subsection {Labels and useage}
|
||||
|
||||
In diagram \ref{fig:ld_meq} Z and W were labeled but were not necessary for the final expression
|
||||
of $ R = b \vee c $. The intended use of these diagrams, is that resultant logical conditions be used in a later stage of reasoning.
|
||||
Test cases joined by disjunction, all become represented in one, resultant equation.
|
||||
Therefore only test cases not linked by any disjunctive joining lines need be named.
|
||||
%In diagram \ref{fig:ld_meq} Z and W were labeled but were not necessary for the final expression
|
||||
%of $ R = b \vee c $. The intended use of these diagrams, is that resultant logical conditions be used in a later stage of reasoning.
|
||||
%Test cases joined by disjunction, all become represented in one, resultant equation.
|
||||
%Therefore only test cases not linked by any disjunctive joining lines need be named.
|
||||
%
|
||||
%The diagram \ref{fig:ld_meq} can therefore be represented as in diagram \ref{fig:ld_meq2}, with
|
||||
%two unnamed test cases.
|
||||
|
||||
Diagram \ref{fig:ld_meq}
|
||||
shows three Functionally Merged groups, Q, R and P.
|
||||
|
||||
Z and W were labeled but this was not necessary for determination of the final expression
|
||||
of $ R = b \oplus c $.
|
||||
%The intended use of these diagrams, is that resultant logical conditions be used in a later stage of reasoning.
|
||||
%Test cases joined by disjunction, all become represented in one, resultant equation.
|
||||
%Therefore only test cases not linked by any disjunctive joining lines need be named.
|
||||
%The diagram \ref{fig:ld_meq} can therefore be represented as in diagram \ref{fig:ld_meq2}, with
|
||||
%two unnamed test cases.
|
||||
|
||||
The diagram \ref{fig:ld_meq} can therefore be represented as in diagram \ref{fig:ld_meq2}, with
|
||||
two unnamed test cases.
|
||||
|
||||
\begin{figure}[h]
|
||||
\centering
|
||||
@ -457,7 +477,7 @@ two unnamed test cases.
|
||||
|
||||
%
|
||||
% \begin{figure}[h+]
|
||||
% %\centering
|
||||
% %\centeringeragraph
|
||||
% %\input{millivolt_sensor.tex}
|
||||
% \begin{center}
|
||||
% \includegraphics[width=200pt,bb=0pt 0pt 600pt 600pt]{logic_diagram/ldmeq2.jpg}
|
||||
@ -470,12 +490,20 @@ two unnamed test cases.
|
||||
|
||||
|
||||
\paragraph{How this would be interpreted in failure analysis}
|
||||
In failure analysis, this could be considered to be a sub-system with two failure states $a$ and $b$.
|
||||
The proposition $P$ considers the scenario where either failure~mode is active.
|
||||
Additionally it says that either failure mode $a$ or $b$ being active
|
||||
will have a resultant effect $R$ on the sub-system. Note that the effect
|
||||
of $a$ and $b$ both being active is not defined on this diagram.
|
||||
In failure analysis, this could be considered to be a sub-system with three failure states $a$,$b$ and $c$.
|
||||
It has three FMG's Q,R and P. Thus there are three ways in which this sub-system can fail.
|
||||
|
||||
% \tiny
|
||||
\vspace{0.3cm}
|
||||
\begin{tabular}{||c|c|l||} \hline \hline
|
||||
{\em $FMG$ } & {\em Failure Mode equation } & {\em comments } \\ \hline
|
||||
Q & $(a)$ & T \\ \hline
|
||||
P & $(b \oplus c)$ & T \\ \hline
|
||||
R & $(b \wedge c)$ & F \\ \hline
|
||||
% T & T & T \\ \hline \hline
|
||||
\end{tabular}
|
||||
\vspace{0.3cm}
|
||||
% \normalsize
|
||||
|
||||
\clearpage
|
||||
|
||||
@ -488,15 +516,22 @@ Repeated contours are allowed in PLD diagrams.
|
||||
Logical contradictions or tautologies can be detected automatically by
|
||||
a software tool which assists in drawing these diagrams.
|
||||
|
||||
|
||||
|
||||
\begin{figure}[h]
|
||||
\centering
|
||||
\includegraphics[bb=0 0 485 206]{logic_diagram/repeated.jpg}
|
||||
% repeated.jpg: 539x229 pixel, 80dpi, 17.11x7.27 cm, bb=0 0 485 206
|
||||
\label{fig:repeat}
|
||||
\includegraphics[width=400pt,bb=0 0 560 195,keepaspectratio=true]{./repeated.jpg}
|
||||
% repeated.jpg: 560x195 pixel, 72dpi, 19.76x6.88 cm, bb=0 0 560 195
|
||||
\caption{Contours can appear more than once in a PLD}
|
||||
\label{fig:repeated}
|
||||
\end{figure}
|
||||
|
||||
%
|
||||
% \begin{figure}[h]
|
||||
% \centering
|
||||
% \includegraphics[bb=0 0 485 206]{logic_diagram/repeated.jpg}
|
||||
% % repeated.jpg: 539x229 pixel, 80dpi, 17.11x7.27 cm, bb=0 0 485 206
|
||||
% \label{fig:repeat}
|
||||
% \end{figure}
|
||||
|
||||
% \begin{figure}[h]
|
||||
% \centering
|
||||
% \includegraphics[bb=0 0 486 206]{./repeated.jpg}
|
||||
@ -513,19 +548,22 @@ $$ Q = (a) \wedge (c) $$
|
||||
|
||||
The two test cases are joined by a the line named $R1$.
|
||||
we thus apply disjunction to the test cases.
|
||||
$$ R1 = P \vee Q $$
|
||||
$$ R1 = b \vee ( a \wedge c ) $$.
|
||||
$$ R1 = P \oplus Q $$
|
||||
$$ R1 = b \oplus ( a \wedge c ) $$.
|
||||
|
||||
$R2$ joins two other test cases
|
||||
$$R2 = a \vee c $$
|
||||
$$R2 = a \oplus c $$
|
||||
|
||||
The test~case residing in the intersection of countours $B$ and $A$
|
||||
represents the logic equation $R3 = a \wedge b$.
|
||||
|
||||
\paragraph{How this would be interpreted in failure analysis}
|
||||
In failure analysis, $R2$ is the symptom of either failure~mode $A$ or $C$
|
||||
occurring. $R1$ is the symptom of $B$ or $A \wedge C$ occurring.
|
||||
There is an additional symptom, that of the test case in $A \wedge B$.
|
||||
In failure analysis, $R2$ is the symptom of either failure~mode $a$ or $c$
|
||||
occurring. $R1$ is the symptom of $b$ exclusive-or $a \wedge c$ occurring.
|
||||
The third FMG or symptom shown is test case in $a \wedge b$.
|
||||
This diagram is incomplete, there is no test case for the fault mode $a$.
|
||||
The `available region' $a\\b$ has no test case, and this would be considered a `syntax error'
|
||||
by the FMMD software tool.
|
||||
|
||||
|
||||
|
||||
@ -537,7 +575,7 @@ There is an additional symptom, that of the test case in $A \wedge B$.
|
||||
|
||||
Very often a failure mode can only occurr
|
||||
given a searate environmental condition.
|
||||
In Fault Tree Analysis (FTA) this is represented by an inhibit gate.
|
||||
In Fault Tree Analysis (FTA) this is represented by an inhibit gate.\cite{NASA},\cite{NUK}
|
||||
|
||||
\begin{figure}[h]
|
||||
\centering
|
||||
@ -559,7 +597,7 @@ that for failure~mode $C$ to occur failure mode $A$
|
||||
must have occurred.
|
||||
A well known example of this is the space shuttle `O' ring failure that
|
||||
caused the 1986 challenger disaster \cite{wdycwopt}.
|
||||
For the failure mode to occurr the ambiant temperature had to
|
||||
For the failure mode to occur the ambient temperature had to
|
||||
be below a critical value.
|
||||
If we take the failure mode of the `O' ring to be $C$
|
||||
and the temperature below critical to be $A$, we can see that
|
||||
@ -746,24 +784,28 @@ The intention for these diagrams is that they are used to collect
|
||||
component faults and combinations thereof, into faults that,
|
||||
at the module level have the same symptoms.
|
||||
|
||||
\subsection{Example Sub-system}
|
||||
The act of collecting common symptoms by joining lines is seen as intuitive.
|
||||
Syntax checking (looking for contradictions and tautologies), as well as detecting
|
||||
errors of ommission are automated in the FMMD tool.
|
||||
|
||||
For instance were a `power supply' being analysed there could be several
|
||||
individual component faults or combinations that lead to
|
||||
a situation where there is no power. This can be described as a state
|
||||
of the powersupply being modeelled as NO\_POWER.
|
||||
These can all be collected by DISJUCNTION, i.e. that this this or this
|
||||
fault occuring will cause the NO\_POWER fault. Visually this disjuction is
|
||||
indicated by the joining lines.
|
||||
As far as the user of the `power supply' is concerned, the power supply has failed
|
||||
with the failure mode $NO\_POWER$.
|
||||
The `power supply' module, after this process will have a defined set of
|
||||
fault modes and may be considered as a component at a higher
|
||||
level of abstraction. This module can then be combined
|
||||
with others at the same abstraction level.
|
||||
Note that because this is a fault collection process
|
||||
the number of component faults for a module
|
||||
must be less than or equal to the sum of the number of component faults.
|
||||
%\subsection{Example Sub-system}
|
||||
%
|
||||
%For instance were a `power supply' being analysed there could be several
|
||||
%individual component faults or combinations that lead to
|
||||
%a situation where there is no power. This can be described as a state
|
||||
%of the powersupply being modeelled as NO\_POWER.
|
||||
%These can all be collected by DISJUCNTION, i.e. that this this or this
|
||||
%fault occuring will cause the NO\_POWER fault. Visually this disjuction is
|
||||
%indicated by the joining lines.
|
||||
%As far as the user of the `power supply' is concerned, the power supply has failed
|
||||
%with the failure mode $NO\_POWER$.
|
||||
%The `power supply' module, after this process will have a defined set of
|
||||
%fault modes and may be considered as a component at a higher
|
||||
%level of abstraction. This module can then be combined
|
||||
%with others at the same abstraction level.
|
||||
%Note that because this is a fault collection process
|
||||
%the number of component faults for a module
|
||||
%must be less than or equal to the sum of the number of component faults.
|
||||
|
||||
%Typeset in \ \ {\huge \LaTeX} \ \ on \ \ \today
|
||||
|
||||
|
||||
BIN
logic_diagram/repeated.dia
Normal file
BIN
logic_diagram/repeated.dia
Normal file
Binary file not shown.
@ -1,27 +0,0 @@
|
||||
#FIG 3.2 Produced by xfig version 3.2.5
|
||||
Landscape
|
||||
Center
|
||||
Metric
|
||||
A4
|
||||
100.00
|
||||
Single
|
||||
-2
|
||||
1200 2
|
||||
5 1 0 1 0 7 50 -1 -1 0.000 0 1 0 0 5173.463 2296.817 3555 2430 5310 3915 6795 2385
|
||||
5 1 0 1 0 7 50 -1 -1 0.000 0 0 0 0 6772.500 3082.500 5715 2070 6840 1620 7830 2070
|
||||
1 3 0 1 0 7 50 -1 -1 0.000 1 0.0000 1980 2205 1011 1011 1980 2205 2835 2745
|
||||
1 3 0 1 0 7 50 -1 -1 0.000 1 0.0000 3150 2205 1028 1028 3150 2205 4095 2610
|
||||
1 3 0 1 0 7 50 -1 -1 0.000 1 0.0000 6255 2070 1070 1070 6255 2070 7245 2475
|
||||
1 3 0 1 0 7 50 -1 -1 0.000 1 0.0000 7515 2115 1138 1138 7515 2115 8595 2475
|
||||
4 0 0 50 -1 0 12 0.0000 4 75 105 2430 2520 *\001
|
||||
4 0 0 50 -1 0 12 0.0000 4 75 105 6795 2340 *\001
|
||||
4 0 0 50 -1 0 12 0.0000 4 75 105 7785 2340 *\001
|
||||
4 0 0 50 -1 0 12 0.0000 4 75 105 5670 2340 *\001
|
||||
4 0 0 50 -1 0 12 0.0000 4 75 105 3510 2385 *\001
|
||||
4 0 0 50 -1 0 12 0.0000 4 135 135 1620 1035 A\001
|
||||
4 0 0 50 -1 0 12 0.0000 4 135 135 2970 945 B\001
|
||||
4 0 0 50 -1 0 12 0.0000 4 135 135 5985 810 A\001
|
||||
4 0 0 50 -1 0 12 0.0000 4 135 135 7515 810 C\001
|
||||
4 0 0 50 -1 0 12 0.0000 4 135 240 4770 3690 R1\001
|
||||
4 0 0 50 -1 0 12 0.0000 4 135 240 5985 1800 R2\001
|
||||
4 0 0 50 -1 0 12 0.0000 4 135 240 2340 2160 R3\001
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 17 KiB After Width: | Height: | Size: 16 KiB |
Loading…
Reference in New Issue
Block a user