Merge branch 'master' of 192.168.0.3:/home/robin/git/thesis
This commit is contained in:
commit
f0e01afa98
@ -625,16 +625,28 @@ approach in looking for system failures.
|
||||
|
||||
In this section we examine some fundamental concepts and underlying philosophies of FMEA.
|
||||
|
||||
\paragraph{Failure modes of a component and mutual exclusivity.}
|
||||
It is desirable that the failure modes for a component are mutually exclusive, were a component able
|
||||
to fail in several ways at the same time, this would complicate analysis.
|
||||
It would mean having to consider combinations of internal component failures
|
||||
as separate failure modes. This concept is discussed in sections ~\ref{ch4:mutex}
|
||||
and ~\ref{ch7:mutex}.
|
||||
%
|
||||
In general failure modes
|
||||
for simple components are mutually exclusive
|
||||
but large and complex components (such as integrated circuits), especially where they contain separate modules,
|
||||
could have non mutually exclusive failure modes and these need spacial handling, see section~\ref{ch3:mutex}.
|
||||
|
||||
\paragraph{The signal path.}
|
||||
|
||||
% C Garret does not like the terms afferent and efferent here, try to think of something else
|
||||
Most electronic systems are used to process a signal: with signal processing
|
||||
there is usually a clear afferent to transform to efferent path.
|
||||
there is usually a clear path from the signal coming into the system, it being processed in some way, and a resultant effect on
|
||||
an output or control signal. % afferent to transform to efferent path.
|
||||
%
|
||||
That is, there is an input, some processing and an output.
|
||||
%
|
||||
We define the signal path as the components used to process the signal.
|
||||
For the purpose of FMEA, we define the signal path as the components used to process the signal.
|
||||
%
|
||||
Some circuits have feedback loops or even circular signal paths, but it
|
||||
is normal for a signal path to exist.
|
||||
|
||||
@ -2204,6 +2204,15 @@ in the model.
|
||||
With the above condition true, we term this a `complete' FMMD failure model.
|
||||
Ensuring this condition is described in section~\ref{sec:completetest}.
|
||||
|
||||
\paragraph{Mutual exclusivity of {\dc} failure modes.}
|
||||
It is a desirable feature of a component that its failure modes
|
||||
are mutually exclusive.
|
||||
This also applies to {\dcs} produced in the FMMD process.
|
||||
In the FMMD process symptoms are are collected, i.e no component failure modes may be shared
|
||||
by a symptom within a {\fg}, and therefore the failure modes of a {\dc} are mutually exclusive.
|
||||
Thus FMMD naturally produces {\dc} failure modes that are mutually exclusive.
|
||||
This property is examined in more detail in section~\ref{ch7:mutex}.
|
||||
|
||||
\paragraph{State explosion problem of FMEA solved by FMMD.}
|
||||
%
|
||||
Because FMMD considers failure modes within functional groups;
|
||||
|
||||
@ -659,6 +659,7 @@ are level shifted, adding to the complication of analysing it for failures.
|
||||
%
|
||||
\section{Unitary State Component Failure Mode Sets}
|
||||
\label{sec:unitarystate}
|
||||
\label{ch7:mutex}
|
||||
\paragraph{Design Decision/Constraint}
|
||||
An important factor in defining a set of failure modes is that they
|
||||
should represent the failure modes as simply and minimally as possible.
|
||||
@ -679,29 +680,30 @@ This corresponds to the `mutually exclusive' definition in
|
||||
probability theory~\cite{probstat}.
|
||||
|
||||
|
||||
\begin{definition}
|
||||
A set of failure modes where only one failure mode
|
||||
can be active at one time is termed a {\textbf{unitary~state}} failure mode set.
|
||||
\end{definition}
|
||||
% \begin{definition}
|
||||
% A set of failure modes where only one failure mode
|
||||
% can be active at one time is termed a {\textbf{unitary~state}} failure mode set.
|
||||
% \end{definition}
|
||||
%
|
||||
% Let the set of all possible components be $ \mathcal{C}$
|
||||
% and let the set of all possible failure modes be $ \mathcal{F}$.
|
||||
% The set of failure modes of a particular component are of interest
|
||||
% here.
|
||||
|
||||
Let the set of all possible components be $ \mathcal{C}$
|
||||
and let the set of all possible failure modes be $ \mathcal{F}$.
|
||||
The set of failure modes of a particular component are of interest
|
||||
here.
|
||||
What is required is to define a property for
|
||||
a set of failure modes where only one failure mode can be active at a time;
|
||||
or borrowing from the terms of statistics, the failure mode being an event that is mutually exclusive
|
||||
with a set $F$.
|
||||
We can define a set of failure mode sets called $\mathcal{U}$ to represent this
|
||||
property for a set of failure modes.
|
||||
%
|
||||
% \begin{definition}
|
||||
% We can define a set $\mathcal{U}$ which is a set of sets of failure modes, where
|
||||
% the component failure modes in each of its members are unitary~state.
|
||||
% Thus if the failure modes of a component $F$ are unitary~state, we can say $F \in \mathcal{U}$ is true.
|
||||
% \end{definition}
|
||||
|
||||
\begin{definition}
|
||||
We can define a set $\mathcal{U}$ which is a set of sets of failure modes, where
|
||||
the component failure modes in each of its members are unitary~state.
|
||||
Thus if the failure modes of a component $F$ are unitary~state, we can say $F \in \mathcal{U}$ is true.
|
||||
\end{definition}
|
||||
|
||||
\section{Component failure modes: Unitary State example}
|
||||
\subsection{Example of unitary state component failure modes}
|
||||
|
||||
An example of a component with an obvious set of ``unitary~state'' failure modes is the electrical resistor.
|
||||
%
|
||||
@ -750,10 +752,10 @@ Note where there are more than two failure~modes,
|
||||
by banning any pairs from being active at the same time,
|
||||
we have banned larger combinations as well.
|
||||
|
||||
\subsection{Design Rule: Unitary State}
|
||||
|
||||
%\subsection{Design Rule: Unitary State}
|
||||
|
||||
|
||||
\paragraph{Design Rule: Unitary State}
|
||||
|
||||
All components must have unitary state failure modes to be used with the FMMD methodology and
|
||||
for base~components this is usually the case. Most simple components fail in one
|
||||
@ -761,15 +763,15 @@ clearly defined way and generally stay in that state.
|
||||
Traditional FMEA has problems dealing with non unitary state failure modes.
|
||||
This is mainly because combinations of failure modes could cause
|
||||
effects very difficult to predict (as they are in effect new failure modes of the component).
|
||||
|
||||
However, where a complex component is used, for instance a microcontroller
|
||||
%
|
||||
However, where a complex component is used, for instance a micro-controller
|
||||
with several modules that could all fail simultaneously, a process
|
||||
of reduction into smaller theoretical components will have to be made.
|
||||
We can term this `heuristic~de-composition'.
|
||||
%
|
||||
A modern micro-controller will typically have several modules which are configured to operate on
|
||||
pre-assigned pins on the device. Typically voltage inputs (\adcten / \adctw), digital input and outputs,
|
||||
PWM (pulse width modulation), UARTs and other modules will be found on simple cheap microcontrollers~\cite{pic18f2523}.
|
||||
PWM (pulse width modulation), UARTs and other modules will be found on simple cheap micro-controllers~\cite{pic18f2523}.
|
||||
%
|
||||
For instance, the voltage reading functions which consist
|
||||
of a multiplexer and ADC---which must work together to channel readings--- could be considered to be components
|
||||
@ -780,10 +782,9 @@ that can be analysed separately~\footnote{It is common for the signal paths
|
||||
in a safety critical product to be traced, and when entering a complex
|
||||
component like a micro-controller, the process of heuristic de-compostion
|
||||
is then applied to it.}.
|
||||
|
||||
|
||||
|
||||
\paragraph{Reason for FMMD unitary failure mode constraint.} Were this constraint not to be applied,
|
||||
%
|
||||
%\paragraph{Reason for FMMD unitary failure mode constraint.}
|
||||
Were this constraint not to be applied,
|
||||
each component would not contribute $N$ failure modes, % to consider
|
||||
but potentially
|
||||
$2^N$.
|
||||
@ -892,20 +893,27 @@ be less than this.
|
||||
This is because certain combinations of faults within a components failure mode set
|
||||
are impossible under the conditions of unitary state failure mode.
|
||||
To modify equation \ref{eqn:ccps} for unitary state conditions, we must subtract the number of component `internal combinations'
|
||||
for each component in the functional group under analysis.
|
||||
for each component in the {\fg} under analysis.
|
||||
Note we must sequentially subtract using combinations above 1 up to the cardinality constraint.
|
||||
For example, say
|
||||
the cardinality constraint was 3, we would need to subtract both
|
||||
$|{n \choose 2}|$ and $|{n \choose 3}|$ for each component in the functional~group.
|
||||
$|{n \choose 2}|$ and $|{n \choose 3}|$ for each component in the {\fg}.
|
||||
|
||||
\subsubsection{Example: Two Component functional group Cardinality Constraint of 2}
|
||||
\subsubsection{Example: Two Component {\fg} Cardinality Constraint of 2}
|
||||
|
||||
For example: suppose we have a simple functional group with two components R and T, of which
|
||||
For example: suppose we have a simple {\fg} with two components R and T, of which
|
||||
$$fm(R) = \{R_o, R_s\}$$ and $$fm(T) = \{T_o, T_s, T_h\}.$$
|
||||
|
||||
This means that the functional~group $FG=\{R,T\}$ will have a component failure mode set
|
||||
of $fm(FG) = \{R_o, R_s, T_o, T_s, T_h\}$
|
||||
|
||||
This means that the {\fg} $FG=\{R,T\}$ will have a component failure mode set
|
||||
of $fm(FG) = \{R_o, R_s, T_o, T_s, T_h\}$. Note this set of failure modes
|
||||
is as we would use them for single failure analysis.
|
||||
% Did J Howse actually read this? 06APR2013
|
||||
% This set does not contain
|
||||
% mutually exclusive failure modes, because both $R$ and $T$ could fail.
|
||||
% The failure modes of $R$ and $T$ are mutually exclusive though, and so some
|
||||
% combinations of the failure mode set $\{R_o, R_s, T_o, T_s, T_h\}$ cannot occur.
|
||||
% We use equation~\ref{eqn:ccps} to determine the number of valid combinations.
|
||||
%
|
||||
For a cardinality constrained powerset of 2, because there are 5 error modes ( $|fm(FG)|=5$),
|
||||
applying equation \ref{eqn:ccps} gives :-
|
||||
|
||||
@ -913,17 +921,22 @@ $$ | P_2 (fm(FG)) | = \frac{5!}{1!(5-1)!} + \frac{5!}{2!(5-2)!} = 15.$$
|
||||
|
||||
This is composed of ${5 \choose 1}$
|
||||
five single fault modes, and ${5 \choose 2}$ ten double fault modes.
|
||||
However we know that the faults are mutually exclusive within a component.
|
||||
%
|
||||
However we know that the {\fms} are mutually exclusive within a component.
|
||||
%
|
||||
We must then subtract the number of `internal' component fault combinations
|
||||
for each component in the functional~group.
|
||||
for each component in the {\fg}.
|
||||
%
|
||||
For component R there is only one internal component fault that cannot exist
|
||||
$R_o \wedge R_s$. As a combination ${2 \choose 2} = 1$. For the component $T$ which has
|
||||
three fault modes ${3 \choose 2} = 3$.
|
||||
%
|
||||
Thus for $cc = 2$, under the conditions of unitary state failure modes in the components $R$ and $T$, we must subtract $(3+1)$.
|
||||
The number of combinations to check is thus 11, $|\mathcal{P}_{2}(fm(FG))| = 11$, for this example and this can be verified
|
||||
by listing all the required combinations:
|
||||
|
||||
|
||||
% Because there are only two components, this is simply the cross product
|
||||
% of fm(R) and fm(T) but this does not hold for larger {\fgs}...
|
||||
|
||||
$$ \mathcal{P}_{2}(fm(FG)) = \{
|
||||
\{R_o T_o\}, \{R_o T_s\}, \{R_o T_h\}, \{R_s T_o\}, \{R_s T_s\}, \{R_s T_h\}, \{R_o \}, \{R_s \}, \{T_o \}, \{T_s \}, \{T_h \}
|
||||
@ -986,7 +999,7 @@ Expanding the combination in equation \ref{eqn:correctedccps}
|
||||
\label{eqn:correctedccps2}
|
||||
\end{equation}
|
||||
|
||||
\paragraph{Use of Equation \ref{eqn:correctedccps2} }
|
||||
%\paragraph{Use of Equation \ref{eqn:correctedccps2} }
|
||||
Equation \ref{eqn:correctedccps2} is useful for an automated tool that
|
||||
would verify that a single or double simultaneous failures model has complete failure mode coverage.
|
||||
By knowing how many test cases should be covered, and checking the cardinality
|
||||
|
||||
@ -37,6 +37,7 @@ we are able to collect common symptoms of failure for the {\fg}.
|
||||
With the collected common symptoms, we can treat the {\fg}
|
||||
as a component in its own right.
|
||||
This new component being derived from the {\fg}.
|
||||
%
|
||||
In the field of safety engineering this derived component corresponds to a low~level sub-system.
|
||||
%The technique uses a graphical notation, based on Euler\cite{eulerviz} and Constraint diagrams\cite{constraint} to model failure modes and failure mode common symptom collection. The technique is designed for making building blocks for a hierarchical fault model.
|
||||
%
|
||||
@ -66,8 +67,13 @@ The symptom extraction or abstraction process, is the key process in creating an
|
||||
}
|
||||
\vspace{40pt}
|
||||
%\today
|
||||
|
||||
|
||||
\paragraph{Mutual exclusive property of the failure modes of a {\dc}}
|
||||
Because the symptoms have been collected from
|
||||
identical failure effects of the {\fg} they are mutually exclusive.
|
||||
That is to say no failure mode effects of a component of a {\fg}
|
||||
can be shared by a {\dc} failure mode.
|
||||
This ensures the mutually exclusive, or unitary state failure mode property, meaning
|
||||
the failure modes of a {\dc} are suitable for use in higher level {\fgs}.
|
||||
|
||||
\subsection{Diagnostic analysis and Failure Mode Analysis}
|
||||
Fault finding is a closely related discipline to failure mode analysis.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user