modified circuit

found out parallel on the top 2.2
meant what ever you put with it
gave the same offset if the main safety resistor was OPEN.

!!!!

fmmd_design_aide/fmmd_design_aide.tex

@@ -7,8 +7,8 @@ safety critical designs and identify undetectable and dormant faults.
 %
 Once undetecable faults or dormant faults are discovered
 the design can be altered (or have a safety component added), and the FMMD analysis process re-applied.
-This can be an iterative process which can be applied until the 
+This can be an iterative process applied until the 
-design has an acceptable level of dormant or undetectable failure modes.
+design has an acceptable level safety. % of dormant or undetectable failure modes.
 %
 Used in this way, its is a design aide, giving the user
 the possibility to refine/correct a {\dc} from the perspective
@@ -24,7 +24,7 @@ safety critical designs and identify undetectable and dormant faults.
 Once undetecable faults or dormant faults are discovered
 the design can be altered (or have a safety component added), and the FMMD analysis process re-applied.
 This can be an iterative process which can be applied until the 
-design has an acceptable level of dormant or undetectable failure modes.
+design has an acceptable level of safety. % dormant or undetectable failure modes.
 %
 Used in this way, its is a design aide, giving the user
 the possibility to refine/correct a {\dc} from the perspective
@@ -37,30 +37,48 @@ of its failure mode behaviour.
 \paragraph{Overview of FMMD Methodology}
 The principle of FMMD analysis is a four stage process, 
 the collection of components into {\fg}s, 
-these are analysed  w.r.t. their failure mode behaviour, 
+which are analysed  w.r.t. their failure mode behaviour, 
-the failure mode behaviour is then viewed from the {\fg} perspective (i.e. as a symptom of the {\fg}),
+the failure mode behaviour is then viewed from the 
-the common  symptoms are then collected. 
+{\fg} perspective (i.e. as a symptoms of the {\fg}),
+common  symptoms are then collected. 
+
 %
 %From the failure mode behaviour of the {\fg} common symptoms are collected.
-These common symptoms are in effect the failure mode behaviour of
+These common symptoms are % in effect 
-the {\fg} viewed as a single entity, or a `black box' component.
+the failure mode behaviour of
+the {\fg} viewed as an % single 
+entity, or a `black box' component.
+%
 From the analysis of the {\fg} we can create a {\dc}, where the failure modes
 are the symptoms of the {\fg} we derived it from.
+%
 \paragraph{detectable and undetectable failure modes}
 The symptoms will be detectable (like a value of  of range)
 or undetectable (like a logic state or value being incorrect).
 The `undetectable' failure modes are the most worrying for the safety critical designer.
 %It is these that are, generally the ones that stand out as single 
 %failure modes. 
-For instance, out of range values, we know we can cope with; they
+For instance, out of range values, are easy to detect by
-are an obvious error condition that will be detected by any modules
+systems using the {\dc} supplying them.
-using the {\dc}. An undetecable failure mode will introduce
+An undetectable faults are ones that forward incorrect information
+where we have no way of validating or testing it.
+% we know we can cope with; they
+%are an obvious error condition that will be detected by any modules
+%using the {\dc}. 
+%
+An undetecable failure mode can introduce serious
 errors into a SYSTEM.
+
+
+
 \paragraph{dormant faults} A dormant fault is one
 which can manifest its-self in conjuction with
 another failure mode becoming active, or an environmental
 condition changing (for instance temperature). Some
 component failure modes may lead to dormant failure modes.
+By examining test cases from a functional group against all
+input conditions and germane environmental conditions
+we can determine the active failure mode conditions.
 
 \subsection{Iterative Design Example}
 
@@ -86,7 +104,7 @@ are detectable.
 We then design a circuit to test for the `undetectable' failure mode
 and analyse this with FMMD.
 With both {\dcs} we then use them to form a {\fg} which we can call our `self testing milli-volt amplifier'.
-We then analsye the {\fg} and the resultant {\dc} failure modes are discussed.
+We then analsye the {\fg} and the resultant {\dc} failure modes/symptoms are discussed.
 \section{An example: A Millivolt Amplifier}
 
 \begin{figure}[h]
@@ -162,11 +180,11 @@ we can represent this in an FMMD hierarchy diagram, see figure \ref{fig:mvamp_fm
 The table \ref{tab:fmmdaide1} shows two possible causes for an undetectable
 error, that of a low reading due to the loss of the offset millivolt signal.
 Typically this type of circuit would be used to read a thermocouple
-and this erro symptom, "LOW READING" would mean our plant could 
+and this error symptom, `low\_reading' would mean our plant could 
 beleive that the temperature reading is lower than it actually is.
 To take an example from a K type thermocouple, the offset of 1.86mV
-from the potential divider represents amplified to 
+%from the potential divider represents amplified to 
-$\approx \, 342mV$ would represent  $\approx \; 46\,^{\circ}{\rm C}$.
+would represent  $\approx \; 46\,^{\circ}{\rm C}$ \cite{eurothermtables} \cite{aoe}.
 
 \clearpage
 \subsection{Undetected Failure Mode: Incorrect Reading}
@@ -182,23 +200,25 @@ allowance according to EN61508.
 
 \section{Proposed Checking Method}
 
-Were we to able to switch a second resistor in parrallel with the 
+Were we to able to switch a second resistor in series with the 
-safety resistor and switch it out again, we could tet 
+820R resistor (R22) and switch it out again, we could test 
-that it is still functioning correctly.
+that the safety resistor (R18) still functioning correctly.
 
 With the new resistor switched in we would expect
 the voltage added by the potential divider
 to increase.
 
-The circuit in figure \ref{fig:mvamp2} shows an NPN transistor
+The circuit in figure \ref{fig:mvamp2} shows an FET transistor
-controlled by the `test line' connection, which can switch in the resitor R30
+controlled by the `test line' connection, which can switch in the resitor R36
-also with a value of \ohms{2.2M}.
+also with a value of \ohms{820}.
 
 We could detect the effect on the reading with the potential divider
 according to the following formula.
 
-The potential divider is now $\frac{820R}{1M1+820R}$ over 5V this gives
+%% check figures
+The potential divider is now $\frac{820R+820R}{2M2+820R+820R}$ over 5V this gives
 3.724mV, amplified by 184 this is 0.685V \adcten{140}.
+%
 The potential divider with the second resistor
 switched out is $\frac{820R}{2M2+820R}$ over 5V gives 1.86mV,
 amplified by 184 gives 0.342V \adcten{70}.
@@ -210,7 +230,7 @@ we can apply the checking resistor and look for a corresponding
 change in the reading.
 
 Lets us analyse this in more detail to prove that we are indeed checking for
-the failure of the safety resistor, and that we are not instroducing
+the failure of the safety resistor, and that we are not introducing
 any new problems.
 
 First let us look at the new transistor and resistor and 
@@ -237,26 +257,31 @@ can be switched on to apply the test parallel resistance, and
 off to obtain the correct reading.
 %
 We must examine each test case from these two perspectives.
+For TEST LINE ON the transistor is turned OFF
+and we are in a test mode and expect the reading to go up by around \adcten{70}.
+For TEST LINE OFF the tranistor is on and R36 is by-passed,
+and the reading is assumed to be valid.
 
 \begin{table}[h+]
 \caption{Test Addition Single Fault FMMD} % title of Table
 \centering % used for centering table
-\begin{tabular}{||l|c|l|c||}
+\begin{tabular}{||l|l|c|l|c||}
 \hline \hline
- \textbf{Test} & \textbf{Failure } & \textbf{Symptom } & \textbf{MTTF}   \\
+ \textbf{test line } & \textbf{Test} & \textbf{Failure } & \textbf{Symptom } & \textbf{MTTF}   \\
- \textbf{Case} &  \textbf{mode} & \textbf{       } &    \\ % \textbf{per $10^9$ hours of operation}   \\
+ \textbf{status}     & \textbf{Case} &  \textbf{mode} & \textbf{       } &    \\ % \textbf{per $10^9$ hours of operation}   \\
 %   R         &    wire        & res +         & res -    & description
 \hline
 \hline
-ON TC:1 $R36$ SHORT      &   5V on test line          &  reading out of range &  1.38  \\ \hline
+%% OK TR1 OFF
-OFF TC:1 $R36$ SHORT     &  N/A                       &  NO SYMPTOM           &  1.38  \\ \hline
+TEST LINE ON  & TC:1 $R36$ SHORT      & No added resistance        &  NO TEST EFFECT       & XX 1.38  \\ \hline
-ON TC:2 $R36$  OPEN      &  No parallel resistance    &  No test effect       &  12.42\\ \hline
+TEST LINE OFF  & TC:1 $R36$ SHORT     & dormant fault              &  NO SYMPTOM           & XX 1.38  \\ \hline
-OFF TC:2 $R36$  OPEN     &  N/A                       &  NO SYMPTOM           &  12.42\\ \hline
+TEST LINE ON  & TC:2 $R36$  OPEN      & open circuit              &  OPEN                & XX 12.42\\ \hline
+TEST LINE OFF  & TC:2 $R36$  OPEN     & open circuit              &  OPEN                & XX 12.42\\ \hline
  \hline
-ON TC:3 $TR1$  ALWAYS ON    &  N/A                         & NO SYMPTOM       & 1.38  \\ \hline
+TEST LINE ON & TC:3   $TR1$  ALWAYS ON    &  dormant fault               &  NO SYMPTOM      & XX 1.38  \\ \hline
-OFF TC:3 $TR1$  ALWAYS ON    &  parallel resistance always & no test effect   & 1.38  \\ \hline
+TEST LINE OFF & TC:3   $TR1$  ALWAYS ON    & No added resistance         &   NO TEST EFFECT & XX 1.38  \\ \hline
-ON TC:4 $TR1$  ALWAYS OFF    &  No parallel resistance     & no test effect   & 1.38  \\ \hline
+TEST LINE ON & TC:4   $TR1$  ALWAYS OFF    & resistance added failure    &   NO TEST EFFECT & XX 1.38  \\ \hline
-OFF TC:4 $TR1$  ALWAYS OFF    &  N/A                       & NO SYMPTOM       & 1.38  \\ \hline
+TEST LINE OFF & TC:4 $TR1$  ALWAYS OFF    & dormant fault               &   NO SYMPTOM    & XX 1.38  \\ \hline
 \hline
 \end{tabular}
 \label{tab:testaddition}