robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Hazel proof reading.

Browse Source
This commit is contained in:
Robin Clark 2010-11-30 13:09:19 +00:00
parent 0b81f9fbb7
commit f379067a9f
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
fmmd_design_aide/fmmd_design_aide.tex
View File

@ -41,7 +41,7 @@ The principle of FMMD analysis is a five stage process,
the collection of components into {\fg}s,
which are analysed w.r.t. their failure mode behaviour,
the failure mode behaviour is then viewed from the
{\fg} perspective (i.e. as a symptoms of the {\fg}),
{\fg} perspective (i.e. as a symptoms of the {\fg}) and
common symptoms are then collected. The final stage
is to create a {\dc} which has the symptoms of the {\fg}
it was sourced from, as its failure modes.
@ -71,7 +71,7 @@ From the analysis of the {\fg} we can create a {\dc}, where the failure modes
are the symptoms of the {\fg} we derived it from.
%
\paragraph{detectable and undetectable failure modes}
The symptoms will be detectable (like a value of of range)
The symptoms will be detectable (like a value out of range)
or undetectable (like a logic state or value being incorrect).
The `undetectable' failure modes undertsandably, are the most worrying for the safety critical designer.
EN61058, the statistically based European Norm, using ratios
@ -83,7 +83,7 @@ for detected and undetected failure modes \cite{EN61508}.
%failure modes.
For instance, out of range values, are easy to detect by
systems using the {\dc} supplying them.
An undetectable faults are ones that forward incorrect information
Undetectable faults are ones that forward incorrect information
where we have no way of validating or testing it.
% we know we can cope with; they
%are an obvious error condition that will be detected by any modules
@ -396,6 +396,7 @@ This test case looks at the transistor failure mode where TR1 is always OFF.
\paragraph{$\overline{TEST\_LINE}$ ON}
Here TR1 should be OFF and R36 should be in series.
This is a dormant failure, we can only detect this failure
when the $\overline{TEST\_LINE}$ is OFF.
\paragraph{$\overline{TEST\_LINE}$ OFF}
Here TR1 should be ON, but is OFF due to failure.
The resistance R36 will always be in series.
@ -497,8 +498,9 @@ We can surmise the symptoms in a list.
\section{conclusions}
With safety addition the undetectable failure mode of \textbf{low~reading}
disappears. The overall reliability though goes down !
With the safety addition the undetectable failure mode of \textbf{low~reading}
disappears.
However, the overall reliability though goes down !
This is simply because we have more components that {\em can} fail.
%% Safety vs. reliability paradox.