robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of 192.168.0.3:/home/robin/git/thesis

Browse Source
This commit is contained in:
Robin Clark 2013-04-10 11:00:54 +01:00
commit f0e01afa98
4 changed files with 79 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
submission_thesis/CH2_FMEA/copy.tex
View File

@ -625,16 +625,28 @@ approach in looking for system failures.
In this section we examine some fundamental concepts and underlying philosophies of FMEA. In this section we examine some fundamental concepts and underlying philosophies of FMEA.
\paragraph{Failure modes of a component and mutual exclusivity.}
It is desirable that the failure modes for a component are mutually exclusive, were a component able
to fail in several ways at the same time, this would complicate analysis.
It would mean having to consider combinations of internal component failures
as separate failure modes. This concept is discussed in sections ~\ref{ch4:mutex}
and ~\ref{ch7:mutex}.
%
In general failure modes
for simple components are mutually exclusive
but large and complex components (such as integrated circuits), especially where they contain separate modules,
could have non mutually exclusive failure modes and these need spacial handling, see section~\ref{ch3:mutex}.
\paragraph{The signal path.} \paragraph{The signal path.}
% C Garret does not like the terms afferent and efferent here, try to think of something else % C Garret does not like the terms afferent and efferent here, try to think of something else
Most electronic systems are used to process a signal: with signal processing Most electronic systems are used to process a signal: with signal processing
there is usually a clear afferent to transform to efferent path. there is usually a clear path from the signal coming into the system, it being processed in some way, and a resultant effect on
an output or control signal. % afferent to transform to efferent path.
% %
That is, there is an input, some processing and an output. That is, there is an input, some processing and an output.
% %
We define the signal path as the components used to process the signal. For the purpose of FMEA, we define the signal path as the components used to process the signal.
% %
Some circuits have feedback loops or even circular signal paths, but it Some circuits have feedback loops or even circular signal paths, but it
is normal for a signal path to exist. is normal for a signal path to exist.

9
submission_thesis/CH4_FMMD/copy.tex
View File

@ -2204,6 +2204,15 @@ in the model.
With the above condition true, we term this a `complete' FMMD failure model. With the above condition true, we term this a `complete' FMMD failure model.
Ensuring this condition is described in section~\ref{sec:completetest}. Ensuring this condition is described in section~\ref{sec:completetest}.
\paragraph{Mutual exclusivity of {\dc} failure modes.}
It is a desirable feature of a component that its failure modes
are mutually exclusive.
This also applies to {\dcs} produced in the FMMD process.
In the FMMD process symptoms are are collected, i.e no component failure modes may be shared
by a symptom within a {\fg}, and therefore the failure modes of a {\dc} are mutually exclusive.
Thus FMMD naturally produces {\dc} failure modes that are mutually exclusive.
This property is examined in more detail in section~\ref{ch7:mutex}.
\paragraph{State explosion problem of FMEA solved by FMMD.} \paragraph{State explosion problem of FMEA solved by FMMD.}
% %
Because FMMD considers failure modes within functional groups; Because FMMD considers failure modes within functional groups;

83
submission_thesis/CH7_Evaluation/copy.tex
View File

@ -659,6 +659,7 @@ are level shifted, adding to the complication of analysing it for failures.
% %
\section{Unitary State Component Failure Mode Sets} \section{Unitary State Component Failure Mode Sets}
\label{sec:unitarystate} \label{sec:unitarystate}
\label{ch7:mutex}
\paragraph{Design Decision/Constraint} \paragraph{Design Decision/Constraint}
An important factor in defining a set of failure modes is that they An important factor in defining a set of failure modes is that they
should represent the failure modes as simply and minimally as possible. should represent the failure modes as simply and minimally as possible.
@ -679,29 +680,30 @@ This corresponds to the `mutually exclusive' definition in
probability theory~\cite{probstat}. probability theory~\cite{probstat}.
\begin{definition} % \begin{definition}
A set of failure modes where only one failure mode % A set of failure modes where only one failure mode
can be active at one time is termed a {\textbf{unitary~state}} failure mode set. % can be active at one time is termed a {\textbf{unitary~state}} failure mode set.
\end{definition} % \end{definition}
%
% Let the set of all possible components be $ \mathcal{C}$
% and let the set of all possible failure modes be $ \mathcal{F}$.
% The set of failure modes of a particular component are of interest
% here.
Let the set of all possible components be $ \mathcal{C}$
and let the set of all possible failure modes be $ \mathcal{F}$.
The set of failure modes of a particular component are of interest
here.
What is required is to define a property for What is required is to define a property for
a set of failure modes where only one failure mode can be active at a time; a set of failure modes where only one failure mode can be active at a time;
or borrowing from the terms of statistics, the failure mode being an event that is mutually exclusive or borrowing from the terms of statistics, the failure mode being an event that is mutually exclusive
with a set $F$. with a set $F$.
We can define a set of failure mode sets called $\mathcal{U}$ to represent this We can define a set of failure mode sets called $\mathcal{U}$ to represent this
property for a set of failure modes. property for a set of failure modes.
%
% \begin{definition}
% We can define a set $\mathcal{U}$ which is a set of sets of failure modes, where
% the component failure modes in each of its members are unitary~state.
% Thus if the failure modes of a component $F$ are unitary~state, we can say $F \in \mathcal{U}$ is true.
% \end{definition}
\begin{definition} \subsection{Example of unitary state component failure modes}
We can define a set $\mathcal{U}$ which is a set of sets of failure modes, where
the component failure modes in each of its members are unitary~state.
Thus if the failure modes of a component $F$ are unitary~state, we can say $F \in \mathcal{U}$ is true.
\end{definition}
\section{Component failure modes: Unitary State example}
An example of a component with an obvious set of ``unitary~state'' failure modes is the electrical resistor. An example of a component with an obvious set of ``unitary~state'' failure modes is the electrical resistor.
% %
@ -750,10 +752,10 @@ Note where there are more than two failure~modes,
by banning any pairs from being active at the same time, by banning any pairs from being active at the same time,
we have banned larger combinations as well. we have banned larger combinations as well.
\subsection{Design Rule: Unitary State} %\subsection{Design Rule: Unitary State}
\paragraph{Design Rule: Unitary State}
All components must have unitary state failure modes to be used with the FMMD methodology and All components must have unitary state failure modes to be used with the FMMD methodology and
for base~components this is usually the case. Most simple components fail in one for base~components this is usually the case. Most simple components fail in one
@ -761,15 +763,15 @@ clearly defined way and generally stay in that state.
Traditional FMEA has problems dealing with non unitary state failure modes. Traditional FMEA has problems dealing with non unitary state failure modes.
This is mainly because combinations of failure modes could cause This is mainly because combinations of failure modes could cause
effects very difficult to predict (as they are in effect new failure modes of the component). effects very difficult to predict (as they are in effect new failure modes of the component).
%
However, where a complex component is used, for instance a microcontroller However, where a complex component is used, for instance a micro-controller
with several modules that could all fail simultaneously, a process with several modules that could all fail simultaneously, a process
of reduction into smaller theoretical components will have to be made. of reduction into smaller theoretical components will have to be made.
We can term this `heuristic~de-composition'. We can term this `heuristic~de-composition'.
% %
A modern micro-controller will typically have several modules which are configured to operate on A modern micro-controller will typically have several modules which are configured to operate on
pre-assigned pins on the device. Typically voltage inputs (\adcten / \adctw), digital input and outputs, pre-assigned pins on the device. Typically voltage inputs (\adcten / \adctw), digital input and outputs,
PWM (pulse width modulation), UARTs and other modules will be found on simple cheap microcontrollers~\cite{pic18f2523}. PWM (pulse width modulation), UARTs and other modules will be found on simple cheap micro-controllers~\cite{pic18f2523}.
% %
For instance, the voltage reading functions which consist For instance, the voltage reading functions which consist
of a multiplexer and ADC---which must work together to channel readings--- could be considered to be components of a multiplexer and ADC---which must work together to channel readings--- could be considered to be components
@ -780,10 +782,9 @@ that can be analysed separately~\footnote{It is common for the signal paths
in a safety critical product to be traced, and when entering a complex in a safety critical product to be traced, and when entering a complex
component like a micro-controller, the process of heuristic de-compostion component like a micro-controller, the process of heuristic de-compostion
is then applied to it.}. is then applied to it.}.
%
%\paragraph{Reason for FMMD unitary failure mode constraint.}
Were this constraint not to be applied,
\paragraph{Reason for FMMD unitary failure mode constraint.} Were this constraint not to be applied,
each component would not contribute $N$ failure modes, % to consider each component would not contribute $N$ failure modes, % to consider
but potentially but potentially
$2^N$. $2^N$.
@ -892,20 +893,27 @@ be less than this.
This is because certain combinations of faults within a components failure mode set This is because certain combinations of faults within a components failure mode set
are impossible under the conditions of unitary state failure mode. are impossible under the conditions of unitary state failure mode.
To modify equation \ref{eqn:ccps} for unitary state conditions, we must subtract the number of component `internal combinations' To modify equation \ref{eqn:ccps} for unitary state conditions, we must subtract the number of component `internal combinations'
for each component in the functional group under analysis. for each component in the {\fg} under analysis.
Note we must sequentially subtract using combinations above 1 up to the cardinality constraint. Note we must sequentially subtract using combinations above 1 up to the cardinality constraint.
For example, say For example, say
the cardinality constraint was 3, we would need to subtract both the cardinality constraint was 3, we would need to subtract both
$|{n \choose 2}|$ and $|{n \choose 3}|$ for each component in the functional~group. $|{n \choose 2}|$ and $|{n \choose 3}|$ for each component in the {\fg}.
\subsubsection{Example: Two Component functional group Cardinality Constraint of 2} \subsubsection{Example: Two Component {\fg} Cardinality Constraint of 2}
For example: suppose we have a simple functional group with two components R and T, of which For example: suppose we have a simple {\fg} with two components R and T, of which
$$fm(R) = \{R_o, R_s\}$$ and $$fm(T) = \{T_o, T_s, T_h\}.$$ $$fm(R) = \{R_o, R_s\}$$ and $$fm(T) = \{T_o, T_s, T_h\}.$$
This means that the functional~group $FG=\{R,T\}$ will have a component failure mode set This means that the {\fg} $FG=\{R,T\}$ will have a component failure mode set
of $fm(FG) = \{R_o, R_s, T_o, T_s, T_h\}$ of $fm(FG) = \{R_o, R_s, T_o, T_s, T_h\}$. Note this set of failure modes
is as we would use them for single failure analysis.
% Did J Howse actually read this? 06APR2013
% This set does not contain
% mutually exclusive failure modes, because both $R$ and $T$ could fail.
% The failure modes of $R$ and $T$ are mutually exclusive though, and so some
% combinations of the failure mode set $\{R_o, R_s, T_o, T_s, T_h\}$ cannot occur.
% We use equation~\ref{eqn:ccps} to determine the number of valid combinations.
%
For a cardinality constrained powerset of 2, because there are 5 error modes ( $|fm(FG)|=5$), For a cardinality constrained powerset of 2, because there are 5 error modes ( $|fm(FG)|=5$),
applying equation \ref{eqn:ccps} gives :- applying equation \ref{eqn:ccps} gives :-
@ -913,17 +921,22 @@ $$ | P_2 (fm(FG)) | = \frac{5!}{1!(5-1)!} + \frac{5!}{2!(5-2)!} = 15.$$
This is composed of ${5 \choose 1}$ This is composed of ${5 \choose 1}$
five single fault modes, and ${5 \choose 2}$ ten double fault modes. five single fault modes, and ${5 \choose 2}$ ten double fault modes.
However we know that the faults are mutually exclusive within a component. %
However we know that the {\fms} are mutually exclusive within a component.
%
We must then subtract the number of `internal' component fault combinations We must then subtract the number of `internal' component fault combinations
for each component in the functional~group. for each component in the {\fg}.
%
For component R there is only one internal component fault that cannot exist For component R there is only one internal component fault that cannot exist
$R_o \wedge R_s$. As a combination ${2 \choose 2} = 1$. For the component $T$ which has $R_o \wedge R_s$. As a combination ${2 \choose 2} = 1$. For the component $T$ which has
three fault modes ${3 \choose 2} = 3$. three fault modes ${3 \choose 2} = 3$.
%
Thus for $cc = 2$, under the conditions of unitary state failure modes in the components $R$ and $T$, we must subtract $(3+1)$. Thus for $cc = 2$, under the conditions of unitary state failure modes in the components $R$ and $T$, we must subtract $(3+1)$.
The number of combinations to check is thus 11, $|\mathcal{P}_{2}(fm(FG))| = 11$, for this example and this can be verified The number of combinations to check is thus 11, $|\mathcal{P}_{2}(fm(FG))| = 11$, for this example and this can be verified
by listing all the required combinations: by listing all the required combinations:
% Because there are only two components, this is simply the cross product
% of fm(R) and fm(T) but this does not hold for larger {\fgs}...
$$ \mathcal{P}_{2}(fm(FG)) = \{ $$ \mathcal{P}_{2}(fm(FG)) = \{
\{R_o T_o\}, \{R_o T_s\}, \{R_o T_h\}, \{R_s T_o\}, \{R_s T_s\}, \{R_s T_h\}, \{R_o \}, \{R_s \}, \{T_o \}, \{T_s \}, \{T_h \} \{R_o T_o\}, \{R_o T_s\}, \{R_o T_h\}, \{R_s T_o\}, \{R_s T_s\}, \{R_s T_h\}, \{R_o \}, \{R_s \}, \{T_o \}, \{T_s \}, \{T_h \}
@ -986,7 +999,7 @@ Expanding the combination in equation \ref{eqn:correctedccps}
\label{eqn:correctedccps2} \label{eqn:correctedccps2}
\end{equation} \end{equation}
\paragraph{Use of Equation \ref{eqn:correctedccps2} } %\paragraph{Use of Equation \ref{eqn:correctedccps2} }
Equation \ref{eqn:correctedccps2} is useful for an automated tool that Equation \ref{eqn:correctedccps2} is useful for an automated tool that
would verify that a single or double simultaneous failures model has complete failure mode coverage. would verify that a single or double simultaneous failures model has complete failure mode coverage.
By knowing how many test cases should be covered, and checking the cardinality By knowing how many test cases should be covered, and checking the cardinality

10
submission_thesis/appendixes/algorithmic.tex
View File

@ -37,6 +37,7 @@ we are able to collect common symptoms of failure for the {\fg}.
With the collected common symptoms, we can treat the {\fg} With the collected common symptoms, we can treat the {\fg}
as a component in its own right. as a component in its own right.
This new component being derived from the {\fg}. This new component being derived from the {\fg}.
%
In the field of safety engineering this derived component corresponds to a low~level sub-system. In the field of safety engineering this derived component corresponds to a low~level sub-system.
%The technique uses a graphical notation, based on Euler\cite{eulerviz} and Constraint diagrams\cite{constraint} to model failure modes and failure mode common symptom collection. The technique is designed for making building blocks for a hierarchical fault model. %The technique uses a graphical notation, based on Euler\cite{eulerviz} and Constraint diagrams\cite{constraint} to model failure modes and failure mode common symptom collection. The technique is designed for making building blocks for a hierarchical fault model.
% %
@ -66,8 +67,13 @@ The symptom extraction or abstraction process, is the key process in creating an
} }
\vspace{40pt} \vspace{40pt}
%\today %\today
\paragraph{Mutual exclusive property of the failure modes of a {\dc}}
Because the symptoms have been collected from
identical failure effects of the {\fg} they are mutually exclusive.
That is to say no failure mode effects of a component of a {\fg}
can be shared by a {\dc} failure mode.
This ensures the mutually exclusive, or unitary state failure mode property, meaning
the failure modes of a {\dc} are suitable for use in higher level {\fgs}.
\subsection{Diagnostic analysis and Failure Mode Analysis} \subsection{Diagnostic analysis and Failure Mode Analysis}
Fault finding is a closely related discipline to failure mode analysis. Fault finding is a closely related discipline to failure mode analysis.