%%% Appendix for detailed workings out from CH5 \chapter{Detailed FMMD analyses} For clarity the detailed workings of the FMMD analysis stages in many of the examples in chapter 5 have been moved here for reference. \section{Bubba Oscillator FMMD analyses} Detailed workings of the FMMD for the Bubba Oscillator are presented below. \subsection{PHS45 Detailed Analysis} FMEA study of a resistor and capacitor in use as a phase changer. \label{detail:PHS45} \begin{table}[h+] \center \caption{PhaseShift: Failure Mode Effects Analysis: Single Faults} % title of Table \label{tbl:firstorderlp} \begin{tabular}{|| l | c | l ||} \hline % \textbf{Failure Scenario} & & \textbf{First Order} & & \textbf{Symptom} \\ % & & \textbf{Low Pass Filter} & & \\ \textbf{Failure} & \textbf{$PHS45$ } & \textbf{Symptom} \\ % \textbf{Derived Component} \\ \textbf{cause} & \textbf{Effect} & \\ % \textbf{Failure Mode} \\ \hline FS1: R SHORT & 0 degree's of phase shift & $0\_phaseshift$ \\ % 90 degree's of phase shift & & $90\_phaseshift$ FS2: R OPEN & No Signal & $nosignal$ \\ \hline FS3: C SHORT & Grounded,No Signal & $nosignal$ \\ FS4: C OPEN & 0 degree's of phase shift & $0\_phaseshift$ \\ \hline \hline \end{tabular} \end{table} % PHS45 Collecting symptoms from table~\ref{tbl:firstorderlp}, a {\dc}, $PHS45$ is created with the following failure modes: $$ fm(PHS45) = \{ 0\_phaseshift, nosignal \} . $$ \clearpage \subsection{Bubba Oscillator: One Large Functional Group: Detailed Analysis} \label{detail:BUBOSC1} \begin{table}[h+] \caption{Bubba Oscillator: Failure Mode Effects Analysis: One Large Functional Group} % title of Table \label{tbl:bubbalargefg} \center \begin{tabular}{|| l | l | c | c | l ||} \hline % \textbf{Failure Scenario} & & \textbf{Bubba} & & \textbf{Symptom} \\ % & & \textbf{Oscillator} & & \\ \textbf{Failure} & & \textbf{$BubbaOscillator$ } & & \textbf{Symptom} \\ \textbf{cause} & & \textbf{Effect} & & \\ \hline FS1: $PHS45_1$ $0\_phaseshift$ & & osc frequency high & & $HI_{fosc}$ \\ FS2: $PHS45_1$ $no\_signal$ & & signal lost & & $NO_{osc}$ \\ \hline % FS3: $PHS45_1$ $90\_phaseshift$ & & osc frequency low & & $LO_{fosc}$ \\ \hline FS3: $NIBUFF_1$ $L_{up}$ & & output high No Oscillation & & $NO_{osc}$ \\ FS4: $NIBUFF_1$ $L_{dn}$ & & output low No Oscillation & & $NO_{osc}$ \\ FS5: $NIBUFF_1$ $N_{oop}$ & & output low No Oscillation & & $NO_{osc}$ \\ FS6: $NIBUFF_1$ $L_{slew}$ & & signal lost & & $NO_{osc}$ \\ \hline FS7: $PHS45_2$ $0\_phaseshift$ & & osc frequency high & & $HI_{fosc}$ \\ FS8: $PHS45_2$ $no\_signal$ & & signal lost & & $NO_{osc}$ \\ %FS10: $PHS45_2$ $90\_phaseshift$ & & osc frequency low & & $LO_{fosc}$ \\ \hline FS9: $NIBUFF_2$ $L_{up}$ & & output high No Oscillation & & $NO_{osc}$ \\ FS10: $NIBUFF_2$ $L_{dn}$ & & output low No Oscillation & & $NO_{osc}$ \\ FS11: $NIBUFF_2$ $N_{oop}$ & & output low No Oscillation & & $NO_{osc}$ \\ FS12: $NIBUFF_2$ $L_{slew}$ & & signal lost & & $NO_{osc}$ \\ \hline FS13: $PHS45_3$ $0\_phaseshift$ & & osc frequency high & & $HI_{fosc}$ \\ FS14: $PHS45_3$ $no\_signal$ & & signal lost & & $NO_{osc}$ \\ \hline % FS17: $PHS45_3$ $90\_phaseshift$ & & osc frequency low & & $LO_{fosc}$ \\ \hline FS15: $NIBUFF_3$ $L_{up}$ & & output high No Oscillation & & $NO_{osc}$ \\ FS16: $NIBUFF_3$ $L_{dn}$ & & output low No Oscillation & & $NO_{osc}$ \\ FS17: $NIBUFF_3$ $N_{oop}$ & & output low No Oscillation & & $NO_{osc}$ \\ FS18: $NIBUFF_3$ $L_{slew}$ & & signal lost & & $NO_{osc}$ \\ \hline FS19: $PHS45_4$ $0\_phaseshift$ & & osc frequency high & & $HI_{fosc}$ \\ FS20: $PHS45_4$ $no\_signal$ & & signal lost & & $NO_{osc}$ \\ \hline % FS24: $PHS45_4$ $90\_phaseshift$ & & osc frequency low & & $LO_{fosc}$ \\ \hline FS21: $INVAMP$ $OUTOFRANGE$ & & signal lost & & $NO_{osc}$ \\ FS22: $INVAMP$ $ZEROOUTPUT$ & & signal lost & & $NO_{osc}$ \\ FS23: $INVAMP$ $NOGAIN$ & & signal lost & & $NO_{osc}$ \\ FS24: $INVAMP$ $LOWPASS$ & & signal lost & & $NO_{osc}$ \\ \hline % FS1: $CAP_{10nF}$ $OPEN$ & & osc frequency low & & $LO_{fosc}$ \\ \hline % FS1: $CAP_{10nF}$ $SHORT$ & & osc frequency low & & $LO_{fosc}$ \\ \hline \hline \end{tabular} \end{table} Collecting symptoms from table~\ref{tbl:bubbalargefg}, the {\dc} $ BubbaOscillator $ is created with the following failure modes: $$ fm(BubbaOscillator) = \{ NO_{osc}, HI_{fosc} \} . $$ % %Collecting symptoms from table~\ref{} it can be shown that for single failure modes, applying $fm$ to the bubba oscillator %gives three failure modes: % %$$ fm(BubbaOscillator) = \{ NO_{osc}, HI_{fosc}\} . $$ %, LO_{fosc} \} . $$ \clearpage \subsection{BUFF45: Detailed Analysis} \label{detail:BUFF45} \begin{table}[h+] \caption{BUFF45: Failure Mode Effects Analysis} % title of Table \label{tbl:buff45} \begin{tabular}{|| l | l | c | c | l ||} \hline %\textbf{Failure Scenario} & & \textbf{BUFF45} & & \textbf{Symptom} \\ % & & & & \\ \textbf{Failure} & & \textbf{$BUFF45$ } & & \textbf{Symptom} \\ \textbf{cause} & & \textbf{Effect} & & \\ \hline FS1: $PHS45_1$ $0\_phaseshift$ & & phase shift low & & $0\_phaseshift$ \\ FS2: $PHS45_1$ $no\_signal$ & & signal lost & & $NO_{signal}$ \\ \hline %FS3: $PHS45_1$ $90\_phaseshift$ & & phase shift high & & $90\_phaseshift$ \\ \hline FS3: $NIBUFF_1$ $L_{up}$ & & output high & & $NO_{signal}$ \\ FS4: $NIBUFF_1$ $L_{dn}$ & & output low & & $NO_{signal}$ \\ FS5: $NIBUFF_1$ $N_{oop}$ & & output low & & $NO_{signal}$ \\ FS6: $NIBUFF_1$ $L_{slew}$ & & signal lost & & $NO_{signal}$ \\ \hline \hline \end{tabular} \end{table} Collecting symptoms from table~\ref{tbl:buff45}, a derived component $BUFF45$ is created which has the following failure modes: $$ fm (BUFF45) = \{ 0\_phaseshift, NO\_signal \} . % 90\_phaseshift, $$ % \clearpage \subsection{PHS135BUFFERED: Failure Mode Effects Analysis} % title of Table \label{detail:PHS135BUFFERED} \begin{table}[h+] \center \caption{PHS135BUFFERED: Failure Mode Effects Analysis} % title of Table \label{tbl:phs135buffered} \begin{tabular}{|| l | l | c | c | l ||} \hline %\textbf{Failure Scenario} & & \textbf{PHS135 Buffered} & & \textbf{Symptom} \\ % & & & & \\ \textbf{Failure} & & \textbf{$PHS135BUFFERED$ } & &\textbf{Symptom} \\ \textbf{cause} & & \textbf{Effect} & & \\ \hline FS1: $PHS45_1$ $0\_phaseshift$ & & phase shift low & & $90\_phaseshift$ \\ FS2: $PHS45_1$ $no\_signal$ & & signal lost & & $NO_{signal}$ \\ \hline %FS3: $PHS45_1$ $90\_phaseshift$ & & phase shift high & & $180\_phaseshift$ \\ \hline FS3: $PHS45_2$ $0\_phaseshift$ & & phase shift low & & $90\_phaseshift$ \\ FS4: $PHS45_2$ $no\_signal$ & & signal lost & & $NO_{signal}$ \\ \hline % FS6: $PHS45_2$ $90\_phaseshift$ & & phase shift high & & $180\_phaseshift$ \\ \hline FS5: $PHS45_3$ $0\_phaseshift$ & & phase shift low & & $90\_phaseshift$ \\ FS6: $PHS45_3$ $no\_signal$ & & signal lost & & $NO_{signal}$ \\ \hline % FS9: $PHS45_3$ $90\_phaseshift$ & & phase shift high & & $180\_phaseshift$ \\ \hline \hline \end{tabular} \end{table} % % Collecting symptoms from table~\ref{tbl:phs135buffered}, a derived component $PHS135BUFFERED$ is created which has the following failure modes: $$ fm (PHS135BUFFERED) = \{ 90\_phaseshift, NO\_signal \} .% 180\_phaseshift, $$ % \clearpage \subsection{PHS225AMP: Failure Mode Effects Analysis} % title of Table \label{detail:PHS225AMP} \begin{table}[h+] \center \caption{PHS225AMP: Failure Mode Effects Analysis} % title of Table \label{tbl:phs225amp} \begin{tabular}{|| l | l | c | c | l ||} \hline %\textbf{Failure Scenario} & & \textbf{PHS225AMP} & & \textbf{Symptom} \\ % & & \textbf{Oscillator} & & \\ \textbf{Failure} & & \textbf{$PHS225AMP$ } & & \textbf{Symptom} \\ \textbf{cause} & & \textbf{Effect} & & \\ \hline FS1: $PHS45_1$ $0\_phaseshift$ & & phase shift low & & $180\_phaseshift$ \\ FS2: $PHS45_1$ $no\_signal$ & & signal lost & & $NO_{signal}$ \\ \hline % FS3: $PHS45_1$ $90\_phaseshift$ & & phase shift high & & $270\_phaseshift$ \\ \hline FS3: $INVAMP$ $L_{up}$ & & output high & & $NO_{signal}$ \\ FS4: $INVAMP$ $L_{dn}$ & & output low & & $NO_{signal}$ \\ FS5: $INVAMP$ $N_{oop}$ & & output low & & $NO_{signal}$ \\ FS6: $INVAMP$ $L_{slew}$ & & signal lost & & $NO_{signal}$ \\ \hline \hline \end{tabular} \end{table} % % Applying FMMD a {\dc} $PHS225AMP$ is created which has the following failure modes: % $$ % fm (PHS225AMP) = \{ 180\_phaseshift, NO\_signal \} .% 270\_phaseshift, % $$ Collecting symptoms from table~\ref{tbl:phs225amp}, the {\dc} $PHS225AMP $ is created with the following failure modes: $$ fm() = \{ 180\_phaseshift, NO\_signal \} . $$ \clearpage \subsection{BUBBAOSC: Failure Mode Effects Analysis} % title of Table \label{detail:BUBBAOSC} \begin{table}[h+] \center \caption{BUBBAOSC: Failure Mode Effects Analysis} % title of Table \label{tbl:bubba2} \begin{tabular}{|| l | l | c | c | l ||} \hline %\textbf{Failure Scenario} & & \textbf{BUBBAOSC} & & \textbf{Symptom} \\ % & & & & \\ \textbf{Failure} & & \textbf{$BUBBAOSC$ } & & \textbf{Symptom} \\ \textbf{cause} & & \textbf{Effect} & & \\ \hline %FS1: $PHS135BUFFERED$ $180\_phaseshift$ & & phase shift high & & $LO_{fosc}$ \\ FS1: $PHS135BUFFERED$ $no\_signal$ & & signal lost & & $NO_{osc}$ \\ FS2: $PHS135BUFFERED$ $90\_phaseshift$ & & phase shift low & & $HI_{osc}$ \\ \hline % FS4: $PHS225AMP$ $270\_phaseshift$ & & phase shift high & & $LO_{fosc}$ \\ FS4: $PHS225AMP$ $180\_phaseshift$ & & phase shift low & & $HI_{osc}$ \\ FS5: $PHS225AMP$ $NO\_signal$ & & lost signal & & $NO_{signal}$ \\ \hline \hline \end{tabular} \end{table} % Collecting symptoms from table~\ref{tbl:bubba2}, a {\dc} $BUBBAOSC$ is created which has the following failure modes: $$ fm (BUBBAOSC) = \{ HI_{osc}, NO\_signal \} . % LO_{fosc}, $$ \clearpage \section{Sigma Delta Detailed FMMD Analyses} This section of the appendix contains FMEA tables for the {\sd}. \subsection{FMMD Analysis of Summing Junction Integrator: SUMJINT} \label{detail:SUMJINT} \begin{table}[h+] \center \caption{Summing Junction Integrator($SUMJINT$): Failure Mode Effects Analysis} % title of Table \label{tbl:sumjint} \begin{tabular}{|| l | l | c | c | l ||} \hline %\textbf{Failure Scenario} & & \textbf{failure result} & & \textbf{Symptom} \\ % & & & & \\ \textbf{Failure} & & \textbf{$SUMJINT$ } & & \textbf{Symptom} \\ \textbf{cause} & & \textbf{Effect} & & \\ \hline\hline FS1: $R1$ $OPEN$ & & $V_{in}$ dominates input & & $V_{in} DOM$ \\ FS2: $R1$ $SHORT$ & & $V_{fb}$ dominates input & & $V_{fb} DOM$ \\ \hline FS3: $R2$ $OPEN$ & & $V_{fb}$ dominates input & & $V_{fb} DOM$ \\ FS4: $R2$ $SHORT$ & & $V_{in}$ dominates input & & $V_{in} DOM$ \\ \hline FS5: $IC1$ $HIGH$ & & output perm. high & & HIGH \\ FS6: $IC1$ $LOW$ & & output perm. low & & LOW \\ \hline FS7: $IC1$ $NOOP$ & & no current to drive C1 & & NO\_INTEGRATION \\ FS8: $IC1$ $LOW\_SLEW$ & & signal delay to C1 & & NO\_INTEGRATION \\ \hline FS9: $C1$ $OPEN$ & & no capacitance & & NO\_INTEGRATION \\ FS10: $C1$ $SHORT$ & & no capacitance & & NO\_INTEGRATION \\ \hline % \hline % FS1: $IC2$ $HIGH$ & & output perm. high & & HIGH \\ % FS2: $IC2$ $LOW$ & & output perm. low & & LOW \\ \hline % FS3: $IC2$ $NOOP$ & & no current drive & & LOW \\ % FS4: $IC2$ $LOW\_SLEW$ & & delayed signal & & LOW\_SLEW \\ \hline % \hline \hline \end{tabular} \end{table} Collecting symptoms from table~\ref{tbl:sumjint}, the {\dc} $ SUMJINT $ is created with the following failure modes: $$ fm() = \{ V_{in} DOM, V_{fb} DOM, NO\_INTEGRATION, HIGH, LOW \} . $$ % Collecting the {\dc} failure modes of % $SUMJINT$ gives $$\{ V_{in} DOM, V_{fb} DOM, NO\_INTEGRATION, HIGH, LOW \} .$$ \clearpage \subsection{FMMD Analysis of High Impedance Signal Buffer : HISB} \label{detail:HISB} \begin{table}[h+] \center % \center \caption{ High Impedance Signal Buffer : Failure Mode Effects Analysis} % title of Table \label{tbl:HISB} \begin{tabular}{|| l | l | c | c | l ||} \hline %\textbf{Failure Scenario} & & \textbf{failure result} & & \textbf{Symptom} \\ % & & & & \\ \textbf{Failure} & & \textbf{$HISB$ } & & \textbf{Symptom} \\ \textbf{cause} & & \textbf{Effect} & & \\ \hline\hline FS1: $IC2$ $HIGH$ & & output perm. high & & HIGH \\ FS2: $IC2$ $LOW$ & & output perm. low & & LOW \\ FS3: $IC2$ $NOOP$ & & no current to output & & $NOOP$ \\ FS4: $IC2$ $LOW\_SLEW$ & & delay signal & & $LOW\_{SLEW}$ \\ \hline \end{tabular} \end{table} % \hline Collecting symptoms from table~\ref{tbl:HISB}, the {\dc} $ HISB $ is created with the following failure modes: $$ fm(HISB) = \{ HIGH, LOW, NOOP, LOW\_SLEW \} . $$ \clearpage \subsection{FMMD Analysis of Digital level to analogue level converter : DL2AL} \label{detail:DL2AL} \begin{table}[h+] \center \caption{$PD , IC3$ Digital level to analogue level converter: Failure Mode Effects Analysis} % title of Table \label{tbl:DL2AL} \begin{tabular}{|| l | l | c | c | l ||} \hline %\textbf{Failure Scenario} & & \textbf{failure result } & & \textbf{Symptom} \\ % & & & & \\ % & & & & \\ \textbf{Failure} & & \textbf{$DS2AL$ } & & \textbf{Symptom} \\ \textbf{cause} & & \textbf{Effect} & & \\ \hline \hline FS1: $PD $ $HIGH$ & & output perm. low & & LOW \\ FS2: $PD $ $LOW$ & & output perm. low & & HIGH \\ \hline \hline FS3: $IC3$ $HIGH$ & & output perm. high & & HIGH \\ FS4: $IC3$ $LOW$ & & output perm. low & & LOW \\ FS5: $IC3$ $NOOP$ & & no current drive & & LOW \\ FS6: $IC3$ $LOW\_{SLEW}$ & & delayed signal & & $LOW\_{SLEW}$ \\ \hline \hline \end{tabular} \end{table} % %The symptoms of failure, i.e. $\{ LOW, HIGH, LOW\_{SLEW} \}$ are collected. % Collecting symptoms from table~\ref{tbl:DL2AL}, the {\dc} $DL2AL$ is created with the following failure modes: $$ fm(DL2AL) = \{ LOW, HIGH, LOW\_{SLEW} \} . $$ \clearpage \subsection{FMMD Analysis of Digital Buffer : DIGBUF} \label{detail:DIGBUF} \begin{table}[h+] \center \caption{$ IC4, CLOCK $ Digital Buffer: Failure Mode Effects Analysis} % title of Table \label{tbl:digbuf} \begin{tabular}{|| l | l | c | c | l ||} \hline %\textbf{Failure Scenario} & & \textbf{failure result } & & \textbf{Symptom} \\ % & & & & \\ % & & & & \\ \textbf{Failure} & & \textbf{$DIGBUF$ } & & \textbf{Symptom} \\ \textbf{cause} & & \textbf{Effect} & & \\ %$$ fm ( CD4013B) = \{ HIGH, LOW, NOOP \} $$ \hline \hline FS1: $CLOCK$ $STOPPED$ & & buffer stopped & & STOPPED \\ \hline FS2: $IC4$ $HIGH$ & & buffer stopped & & STOPPED \\ FS3: $IC4$ $LOW$ & & buffer stopped & & STOPPED \\ FS4: $IC4$ $NOOP$ & & no current drive & & LOW \\ \hline \hline \hline \end{tabular} \end{table} %The symptoms of failure i.e. $\{ LOW, STOPPED \}$ are collected. % Collecting symptoms from table~\ref{tbl:digbuf}, the {\dc} $ DIGBUF $ is created with the following failure modes: $$ fm(DIGBUF) = \{ LOW, STOPPED \} . $$ % \clearpage \subsection{FMMD Analysis of buffered integrating summing junction : BISJ} \label{detail:BISJ} \begin{table}[h+] \caption{ $HISB , SUMJINT$ buffered integrating summing junction($BISJ$): Failure Mode Effects Analysis} % title of Table \label{tbl:BISJ} \begin{tabular}{|| l | l | c | c | l ||} \hline % \textbf{Failure Scenario} & & \textbf{failure result } & & \textbf{Symptom} \\ % & & & & \\ % & & & & \\ \textbf{Failure} & & \textbf{$BISJ$ } & & \textbf{Symptom} \\ \textbf{cause} & & \textbf{Effect} & & \\ \hline \hline FS1: $SUMJINT$ $V_{in} DOM$ & & output integral of $V_{in}$ & & $OUTPUT STUCK$ \\ FS2: $SUMJINT$ $V_{fb} DOM$ & & output integral of $V_{fb}$ & & $OUTPUT STUCK$ \\ % $$ fm(SUMJUINT^1_0) = \{ V_{in} DOM, V_{fb} DOM, NO\_INTEGRATION, HIGH, LOW \} .$$ FS3: $SUMJINT$ $NO\_INTEGRATION$ & & output stuck high or low & & $OUTPUT STUCK$ \\ FS4: $SUMJINT$ $HIGH$ & & output stuck high & & $OUTPUT STUCK$ \\ FS5: $SUMJINT$ $LOW$ & & output stuck low & & $OUTPUT STUCK$ \\ \hline %\hline FS6: $HISB$ $HIGH$ & & output perm. high & & $OUTPUT STUCK$ \\ FS7: $HISB$ $LOW$ & & output perm. low & & $OUTPUT STUCK$ \\ FS8: $HISB$ $ NO\_INTEGRATION$ & & no current drive & & $OUTPUT STUCK$ \\ FS9: $HISB$ $LOW\_SLEW$ & & delayed signal & & $REDUCED\_INTEGRATION$ \\ \hline \hline \end{tabular} \end{table} %The symptoms of failure $\{ OUTPUT STUCK , REDUCED\_INTEGRATION \}$ collected , a {\dc} created %called $BISJ$. Collecting symptoms from table~\ref{tbl:BISJ}, the {\dc} $ BISJ $ is created with the following failure modes: $$ fm(BISJ) = \{ OUTPUT STUCK , REDUCED\_INTEGRATION \} . $$ \clearpage \subsection{FMMD Analysis of flip flop buffered : FFB} \label{detail:FFB} \begin{table}[h+] \caption{ $DIGBUF,DL2AL$ flip flop buffered($FFB$): Failure Mode Effects Analysis} % title of Table \label{tbl:ffb} \begin{tabular}{|| l | l | c | c | l ||} \hline %\textbf{Failure Scenario} & & \textbf{failure result } & & \textbf{Symptom} \\ % & & & & \\ % & & & & \\ \textbf{Failure} & & \textbf{$DIGBUF$ } & & \textbf{Symptom} \\ \textbf{cause} & & \textbf{Effect} & & \\ \hline \hline FS1: $DIGBUF$ $STOPPED$ & & output stuck & & $OUTPUT STUCK$ \\ FS2: $DIGBUF$ $LOW$ & & output stuck low & & $OUTPUT STUCK$ \\ \hline %\hline FS3: $DL2AL$ $LOW$ & & output perm. high & & $OUTPUT STUCK$ \\ FS4: $DL2AL$ $HIGH$ & & output perm. low & & $OUTPUT STUCK$ \\ FS5: $DL2AL$ $LOW\_SLEW$ & & no current drive & & $LOW\_SLEW$ \\ \hline \hline \hline \end{tabular} \end{table} % %Symptoms of failure are collected $\{OUTPUT STUCK, LOW\_SLEW\}$ and a {\dc} %at the third level of symptom abstraction %called $FFB$ created. % Collecting symptoms from table~\ref{tbl:ffb}, the {\dc} $ FFB $ is created with the following failure modes: $$ fm(FFB) = \{ OUTPUT STUCK, LOW\_SLEW \} . $$ \clearpage \subsection{FMMD Analysis of {\sd} : SDADC} \label{detail:SDADC} \begin{table}[h+] \caption{ $FFB , BISJ $ \sd ($SDADC$): Failure Mode Effects Analysis} % title of Table \label{tbl:sdadc} \begin{tabular}{|| l | l | c | c | l ||} \hline %\textbf{Failure Scenario} & & \textbf{failure result } & & \textbf{Symptom} \\ % & & & & \\ % & & & & \\ \textbf{Failure} & & \textbf{$FFB$ } & & \textbf{Symptom} \\ \textbf{cause} & & \textbf{Effect} & & \\ \hline \hline FS1: $FFB$ $OUTPUT STUCK$ & & value max high or low & & $OUTPUT\_OUT\_OF\_RANGE$ \\ FS2: $FFB$ $LOW\_SLEW$ & & values will appear larger & & $OUTPUT\_INCORRECT$ \\ % FS3: $IC4^0$ $NOOP$ & & output stuck low & & $OUTPUT STUCK$ \\ \hline %\hline FS3: $BISJ$ $OUTPUT STUCK$ & & value max high or low & & $OUTPUT\_OUT\_OF\_RANGE$ \\ FS4: $BISJ$ $REDUCED\_INTEGRATION$ & & values will appear larger & & $OUTPUT\_INCORRECT$ \\ \hline \hline \end{tabular} \end{table} %\clearpage % The symptoms for the \sd are collected from table~\ref{tbl:sdadc} % $$ \; \{OUTPUT\_OUT\_OF\_RANGE, OUTPUT\_INCORRECT\}.$$ % A {\dc} is created to represent the failure behaviour of the analogue to digital converter, $SDADC$, % $$fm(SSDADC) = \{OUTPUT\_OUT\_OF\_RANGE, OUTPUT\_INCORRECT\}$$ \fmmdglossADC Collecting symptoms from table~\ref{tbl:sdadc}, the {\dc} $SDADC $ is created with the following failure modes: $$ fm(SDADC) = \{ OUTPUT\_OUT\_OF\_RANGE, OUTPUT\_INCORRECT \} . $$ \clearpage \section{Standalone temperature controller} FMMD analysis tables from chapter~\ref{sec:chap6}. \label{sec:readPt100} \subsection{Read\_Pt100: Failure Mode Effects Analysis} { \tiny \begin{table}[h+] \center \caption{ Read\_Pt100: Failure Mode Effects Analysis} % title of Table \label{tbl:readPt100} \begin{tabular}{|| l | c | l ||} \hline % \textbf{Failure} & \textbf{failure} & \textbf{Symptom} \\ % \textbf{Scenario} & \textbf{effect} & \textbf{RADC } \\ \hline \hline \textbf{Failure} & \textbf{Failure } & \textbf{Symptom} \\ \textbf{cause} & \textbf{Effect} & \\ \hline FC1: $RI_{VRGE}$ & voltage & $VOLTAGE\_HIGH$ \\ & outside range & \\ \hline FC2: $RADC_{VV_ERR}$ & voltage & $VAL\_ERR$ \\ & incorrect & \\ \hline \hline FC3: $RADC_{HIGH}$ & voltage value & $VAL\_ERR$ \\ & incorrect & \\ \hline FC4: $RADC_{LOW}$ & ADC may read & $VOLTAGE\_LOW$ \\ \hline FC5: post condition fails & software failure & $VAL\_ERR$ \\ in function read\_ADC & read\_ADC & \\ \hline \end{tabular} \end{table} } \fmmdglossADC Collecting symptoms from table~\ref{tbl:readPt100}, the {\dc} $Read\_Pt100 $ is created with the following failure modes: $$ fm(Read\_Pt100) = \{ VOLTAGE\_HIGH , VOLTAGE\_LOW, VAL\_ERR\} . $$ \clearpage \subsection{ Get\_Temperature: Failure Mode Effects Analysis } { \tiny \begin{table}[h+] \center \caption{ Get\_Temperature: Failure Mode Effects Analysis} % title of Table \label{tbl:gettemperature} \begin{tabular}{|| l | c | l ||} \hline % \textbf{Failure} & \textbf{failure} & \textbf{Symptom} \\ % \textbf{Scenario} & \textbf{effect} & \textbf{RADC } \\ \hline \hline \textbf{Failure} & \textbf{Failure } & \textbf{Symptom} \\ \textbf{cause} & \textbf{Effect} & \\ \hline FC1: $Pt100:Voltage\_High$ & Pt100 voltage too high & Pt100\_out\_of\_range \\ \hline FC2: $Pt100:Voltage\_Low$ & Pt100 voltage too low & Pt100\_out\_of\_range \\ \hline FC3: $Pt100\_high\_low\_mismatch$ & temperature can be calculated & Pt100\_out\_of\_range \\ & from either high or low & \\ & reading, but should correlate & \\ \hline % FC4: $Pt100\_current$ & the current applied is & Pt100\_out\_of\_range \\ % & necessary to calculate resistance, & \\ % & but should be within given bounds & \\ \hline % % FC4: $Pt100:VAL\_ERR$ & could cause an out of & temp\_incorrect\\ & range error, but may & \\ & cause an incorrect & \\ & temperature reading & \\ \hline FC5: post condition fails & software failure & temp\_incorrect \\ in function convert\_ADC\_to\_T & convert\_ADC\_to\_T & \\ \hline \hline \end{tabular} \end{table} } Collecting symptoms from table~\ref{tbl:gettemperature}, the {\dc} $Get\_Temperature$ is created with the following failure modes: $$ fm(Get\_Temperature) = \{ Pt100\_out\_of\_range, temp\_incorrect \} . $$ \clearpage \subsection{ GetError: Failure Mode Effects Analysis } The error value being discussed here is an important concept in PID control. It represents how far from the control target the measured reading of it is. The lower the PID error value the closer to the controlled systems target/desired value. { \tiny \begin{table}[h+] \center \caption{ GetError: Failure Mode Effects Analysis} % title of Table \label{tbl:geterror} \begin{tabular}{|| l | c | l ||} \hline % \textbf{Failure} & \textbf{failure} & \textbf{Symptom} \\ % \textbf{Scenario} & \textbf{effect} & \textbf{RADC } \\ \hline \hline \textbf{Failure} & \textbf{Failure } & \textbf{Symptom} \\ \textbf{cause} & \textbf{Effect} & \\ \hline FC1: $ Pt100\_out\_of\_range $ & pre-condition violated & KnownIncorrectErrorValue \\ & detectable failure mode & \\ \hline FC2: $temp\_incorrect$ & pre-condition violated & IncorrectErrorValue \\ & undetectable failure mode & \\ \hline FC3: post condition fails & software failure & IncorrectErrorValue \\ in function \cf{determine\_set\_point\_error} & determine\_set\_point\_error & \\ \hline \end{tabular} \end{table} } % Collecting symptoms from table~\ref{tbl:geterror}, the {\dc} $ GetError $ is created with the following failure modes: $$ fm( GetError ) = \{ KnownIncorrectErrorValue, IncorrectErrorValue \} . $$ % % % \clearpage \subsection{PID: Failure Mode Effects Analysis} { \tiny \begin{table}[h+] \center \caption{ PID: Failure Mode Effects Analysis} % title of Table \label{tbl:pidfunction} \begin{tabular}{|| l | c | l ||} \hline % \textbf{Failure} & \textbf{failure} & \textbf{Symptom} \\ % \textbf{Scenario} & \textbf{effect} & \textbf{RADC } \\ \hline \hline \textbf{Failure} & \textbf{Failure } & \textbf{Symptom} \\ \textbf{cause} & \textbf{Effect} & \\ \hline FC1: $ KnownIncorrectErrorValue $ & pre-condition violated & KnownControlValueErrorV \\ & detectable & \\ & failure mode & \\ \hline FC2: $ IncorrectErrorValue $ & pre-condition violated & IncorrectControlErrorV \\ & undetectable failure mode & \\ \hline FC3: post condition fails & software failure & IncorrectControlErrorV \\ in function \cf{PID} & PID & \\ \hline \end{tabular} \end{table} } Collecting symptoms from table~\ref{tbl:pidfunction}, the {\dc} $PID$ is created with the following failure modes: $$ fm(PID) = \{ KnownControlValueErrorV , IncorrectControlErrorV \} . $$ \clearpage \subsection{ HeaterOutput: Failure Mode Effects Analysis } { \tiny \begin{table}[h+] \center \caption{ HeaterOutput: Failure Mode Effects Analysis} % title of Table \label{tbl:heateroutput} \begin{tabular}{|| l | c | l ||} \hline % \textbf{Failure} & \textbf{failure} & \textbf{Symptom} \\ % \textbf{Scenario} & \textbf{effect} & \textbf{RADC } \\ \hline \hline \textbf{Failure} & \textbf{Failure } & \textbf{Symptom} \\ \textbf{cause} & \textbf{Effect} & \\ \hline FC1: $ PWM stuck HIGH $ & pre-condition violated & HeaterOnFull \\ & PWM module not working & \\ \hline FC2: $ PWM stuck LOW $ & pre-condition violated & HeaterOff \\ & PWM module not working & \\ \hline FC3: HEATER $SHORT$ & heating element resistor & HeaterOff \\ & SHORT no heating effect & \\ \hline FC4: HEATER $OPEN $ & heating element resistor & HeaterOff \\ & OPEN no heating effect & \\ \hline FC5: $ output\_control$ post & The software supplies the wrong & HeaterOutputIncorrect \\ condition failure & value to the PWM register & \\ \hline \end{tabular} \end{table} } Collecting symptoms from table~\ref{tbl:heateroutput}, the {\dc} $ HeaterOutput$ is created with the following failure modes: $$ fm(HeaterOutput) = \{ HeaterOnFull, HeaterOff, HeaterOutputIncorrect \} . $$ \clearpage \subsection{ LEDOutput: Failure Mode Effects Analysis } { \tiny \begin{table}[h+] \center \caption{ LEDOutput: Failure Mode Effects Analysis} % title of Table \label{tbl:ledoutput} \begin{tabular}{|| l | c | l ||} \hline % \textbf{Failure} & \textbf{failure} & \textbf{Symptom} \\ % \textbf{Scenario} & \textbf{effect} & \textbf{RADC } \\ \hline \hline \textbf{Failure} & \textbf{Failure } & \textbf{Symptom} \\ \textbf{cause} & \textbf{Effect} & \\ \hline FC1: $ Temp LED fails $ & LED will not light & FailureIndicated \\ & & \\ \hline FC2: $ Processor LED fails $ & LED will not light & FailureIndicated \\ & & \\ \hline FC3: $ PWM LED fails $ & LED will not light & FailureIndicated \\ & & \\ \hline FC4: GPIO stuck HIGH & LED permanently OFF & FailureIndicated \\ \hline FC5: GPIO stuck Low & LED permanently ON & FailureIndicated \\ \hline FC6: Software SetLEDs & Incorrect Indication & IndicationError \\ fails to set outputs correctly & Post condition failure & \\ \hline \end{tabular} \end{table} } Collecting symptoms from table~\ref{tbl:ledoutput}, the {\dc} $ LEDOutput $ is created with the following failure modes: $$ fm() = \{ FailureIndicated, IndicationError \} . $$ \clearpage \subsection{ Standalone temperature controller: Failure Mode Effects Analysis} { \tiny \begin{table}[h+] \center \caption{Standalone temperature controller: Failure Mode Effects Analysis} % title of Table \label{tbl:pid} \begin{tabular}{|| l | l | l ||} \hline % \textbf{Failure} & \textbf{failure} & \textbf{Symptom} \\ % \textbf{Scenario} & \textbf{effect} & \textbf{RADC } \\ \hline \hline \textbf{Failure} & \textbf{Failure } & \textbf{Symptom} \\ \textbf{cause} & \textbf{Effect} & \\ \hline FC1: PID KnownControlValueError & As error is detectable & ControlFailureIndicated \\ & error can be indicated & \\ \hline FC2: PID IncorrectControlerrorV & undetectable failure: & ControlFailure \\ & PID will not control properly & \\ \hline FC3: HeaterOutput & Heater will constantly & ControlFailureIndicated \\ HeaterOnFULL & apply maximum power & \\ \hline FC4: HeaterOutput & no power & ControlFailureIndicated \\ HeaterOFF & supplied to heater & \\ \hline FC5: HeaterOutput & incorrect power levels & ControlFailure \\ HeaterOutputIncorrect & applied to heater & \\\hline FC6: LEDOutput & failure of LED system & KnownIndicationError \\ FailureIndicated & where failure is detectable & \\ \hline FC7: LEDOutput & failure of LED system & UnknownIndicationError \\ IndicationError & where failure is undetectable & \\ \hline %% PROM\_FAULT, RAM\_FAULT, CPU\_FAULT, ALU\_FAULT, CLOCK\_STOPPED FC8: micro-controller & un-defined behaviour & ControlFailure \\ PROM\_FAULT & & \\ \hline FC9: micro-controller & un-defined behaviour & ControlFailure \\ RAM\_FAULT & & \\ \hline FC10: micro-controller & un-defined behaviour & ControlFailure \\ CPU\_FAULT & & \\ \hline FC11: micro-controller & incorrect arithmetic & ControlFailure \\ ALU\_FAULT & performed in processing & \\ \hline FC12: micro-controller & processor will not run & ControlFailureIndicated \\ CLOCK\_STOPPED & indicator leds will not flash & \\ \hline FC13: monitor: & postcondition fails & ControlFailure \\ software fails & & \\ \hline \hline \end{tabular} \end{table} } Collecting symptoms from table~\ref{tbl:pid} the {\dc} $TempController$, is created with the following failure modes: \begin{eqnarray*} fm ( TempController ) = \{ ControlFailureIndicated, \\ ControlFailure, \\ KnownIndicationError, \\ UnknownIndicationError \}. \end{eqnarray*} \clearpage \subsection{Statistics and FMMD: Pt100 example for single and double failures} \label{detailed:Pt100stats} \paragraph{Pt100: Single Failures and statistical data.} %Mean Time to Failure} \frategloss From an earlier example, the model for the failure mode behaviour of the Pt100 circuit, {\bc} {\fm} statistics are added to determine the probability of symptoms of failure. % The DOD electronic reliability of components document MIL-HDBK-217F~\cite{mil1991} gives formulae for calculating the %$\frac{failures}{{10}^6}$ ${failures}/{{10}^6}$ % looks better in hours for a wide range of generic components. These figures are based on components from the 1980's and MIL-HDBK-217F can give conservative reliability figures when applied to modern components. % Using the MIL-HDBK-217F %~\cite{mil1991} specifications for resistor and thermistor failure statistics, the reliability for the Pt100 example (see section~\ref{sec:Pt100}) is calculated below. % % \paragraph{Resistor FIT Calculations.} % The formula given in MIL-HDBK-217F\cite{mil1991}[9.2] for a generic fixed film non-power resistor is reproduced in equation \ref{resistorfit}. The meanings and values assigned to its co-efficients are described in table \ref{tab:resistor}. \fmmdglossFIT \fmodegloss % \begin{equation} % fixed comp resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E \label{resistorfit} \end{equation} \begin{table}[ht] \caption{Fixed film resistor Failure In Time (FIT) assessment.} % title of Table \centering % used for centering table \begin{tabular}{||c|c|l||} \hline \hline \em{Parameter} & \em{Value} & \em{Comments} \\ & & \\ \hline \hline ${\lambda}_{b}$ & 0.00092 & stress/temp base failure rate $60^o$ C \\ \hline %${\pi}_T$ & 4.2 & max temp of $60^o$ C\\ \hline ${\pi}_R$ & 1.0 & Resistance range $< 0.1M\Omega$\\ \hline ${\pi}_Q$ & 15.0 & Non-Mil spec component\\ \hline ${\pi}_E$ & 1.0 & benign ground environment\\ \hline \hline \hline \end{tabular} \label{tab:resistor} \end{table} \frategloss Applying equation \ref{resistorfit} with the parameters from table \ref{tab:resistor} give the following failures in ${10}^6$ hours: \begin{equation} 0.00092 \times 1.0 \times 15.0 \times 1.0 = 0.0138 \;{failures}/{{10}^{6} Hours} \label{eqn:resistor} \end{equation} While MIL-HDBK-217F gives MTTF for a wide range of common components, it does not specify how the components will fail (in this case OPEN or SHORT). % Some standards, notably EN298 only consider most types of resistor as failing in OPEN mode. %FMD-97 gives 27\% OPEN and 3\% SHORTED, for resistors under certain electrical and environmental stresses. % FMD-91 gives parameter change as a third failure mode, luvvverly 08FEB2011 This example compromises and uses a 9:1 OPEN:SHORT ratio, for resistor failure. % Thus for this example resistors are expected to fail OPEN in 90\% of cases and SHORTED in the other 10\%. A standard fixed film resistor, for use in a benign environment, non military specification at temperatures up to {60\oc} is given a probability of 13.8 failures per billion ($10^9$) hours of operation (see equation \ref{eqn:resistor}). In EN61508 terminology, this figure is referred to as a Failure in Time FIT\footnote{FIT values are measured as the number of failures per Billion (${10}^9$) hours of operation, (roughly 114,000 years). The smaller the FIT number the more reliable the component.}. % The formula given for a thermistor in MIL-HDBK-217F\cite{mil1991}[9.8] is reproduced in equation \ref{thermistorfit}. The variable meanings and values are described in table \ref{tab:thermistor}. % \begin{equation} % fixed comp resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E resistor{\lambda}_p = {\lambda}_{b}{\pi}_Q{\pi}_E \label{thermistorfit} \end{equation} % \begin{table}[ht] \caption{Bead type Thermistor Failure in time assessment} % title of Table \centering % used for centering table \begin{tabular}{||c|c|l||} \hline \hline \em{Parameter} & \em{Value} & \em{Comments} \\ & & \\ \hline \hline ${\lambda}_{b}$ & 0.021 & stress/temp base failure rate bead thermistor \\ \hline %${\pi}_T$ & 4.2 & max temp of $60^o$ C\\ \hline %${\pi}_R$ & 1.0 & Resistance range $< 0.1M\Omega$\\ \hline ${\pi}_Q$ & 15.0 & Non-Mil spec component\\ \hline ${\pi}_E$ & 1.0 & benign ground environment\\ \hline \hline \hline \end{tabular} \label{tab:thermistor} \end{table} % \begin{equation} 0.021 \times 1.0 \times 15.0 \times 1.0 = 0.315 \; {failures}/{{10}^{6} Hours} \label{eqn:thermistor} \end{equation} % Thus thermistor, bead type, `non~military~spec' is given a FIT of 315.0. % \frategloss %Using the RIAC finding the following (table~\ref{tab:stat_single}) can be created which %presents the FIT values for all single failure modes. Using the above table~\ref{tab:stat_single} is presented which lists the FIT values for all single failure modes. %\glossary{name={FIT}, description={Failure in Time (FIT). The number of times a particular failure is expected to occur in a $10^{9}$ hour time period.}} \fmmdglossFIT % \begin{table}[h+] \caption{Pt100 FMEA Single // Fault Statistics} % title of Table \centering % used for centering table \begin{tabular}{||l|c|c|l|l||} \hline \hline \textbf{Test} & \textbf{Result} & \textbf{Result } & \textbf{MTTF} \\ \textbf{Case} & \textbf{sense +} & \textbf{sense -} & \textbf{per $10^9$ hours of operation} \\ % R & wire & res + & res - & description \hline \hline TC:1 $R_1$ SHORT & High Fault & - & 1.38 \\ \hline TC:2 $R_1$ OPEN & Low Fault & Low Fault & 12.42\\ \hline \hline TC:3 $R_3$ SHORT & Low Fault & High Fault & 31.5 \\ \hline TC:4 $R_3$ OPEN & High Fault & Low Fault & 283.5 \\ \hline \hline TC:5 $R_2$ SHORT & - & Low Fault & 1.38 \\ TC:6 $R_2$ OPEN & High Fault & High Fault & 12.42 \\ \hline \hline \end{tabular} \label{tab:stat_single} \end{table} % \frategloss The FIT for the circuit as a whole is the sum of MTTF values for all the test cases. The Pt100 circuit here has a FIT of 342.6. This is an MTTF of about $\approx 360$ years per circuit. % A probabilistic tree can now be drawn, with a FIT value for the overall Pt100 circuit and FIT values for all its component fault modes. % from which it was calculated. % From this it can be seen that the most likely fault is the thermistor going OPEN. % This circuit is around 10 times more likely to fail in this way than in any other. % If a more reliable temperature sensor was required, this would probably be the fault~mode scrutinised first. % \frategloss % \begin{figure}[h+] \centering \includegraphics[width=400pt,bb=0 0 856 327,keepaspectratio=true]{./CH5_Examples/stat_single.png} % stat_single.jpg: 856x327 pixel, 72dpi, 30.20x11.54 cm, bb=0 0 856 327 \caption{Probablistic Fault Tree : Pt100 Single Faults} \label{fig:stat_single} \end{figure} % The Pt100 analysis presents a simple result for single faults. % %The next analysis phase looks at how the circuit will behave under double simultaneous failure %conditions. % % \paragraph{Pt100 Example: Double Failures and statistical data.} % Because double simultaneous failure analysis can be performed under FMMD failure rate statistics for double failures can also be determined. % \frategloss % %% %% Need to talk abou the `detection time' %% or `Safety Relevant Validation Time' ref can book %% EN61508 gives detection calculations to reduce %% statistical impacts of failures. %% % Considering the failure modes to be statistically independent the FIT values for all the combinations of failures in the electronic examples from chapter~\ref{sec:chap5} in table~\ref{tab:ptfmea2} can be calculated. % The failure mode of most concern, the undetectable {\textbf{FLOATING}} condition, requires that resistors $R_1$ and $R_2$ both fail. % Multiplying the MTTF probabilities for these types of resistor failing gives the MTTF for both failing. % The FIT value of 12.42 corresponds to $12.42 \times {10}^{-9}$ failures per hour. % Squaring this gives $ 154.3 \times {10}^{-18} $. % This is an astronomically small MTTF, and so small that it would probably fall below a threshold to sensibly consider. % However, it is interesting from a failure analysis perspective, because an undetectable fault (at least at this level in the FMMD hierarchy) has been revealed. % This means that should it be required to cope with this fault, a new way of detecting this condition must be engineered, perhaps in higher levels of the system/FMMD hierarchy. % \paragraph{MTTF statistics and FMMD hierarchies.} % In a large FMMD model, system/top level failures can be traced down to {\bc} {\fms}. % To determine the MTTF probability for a system level failure, the MTTF statistics are added for all its possible causes. % Thus even for large FMMD models accurate statistics for electronic sourced failures can be calculated. % %\glossary{name={FIT}, description={Failure in Time (FIT). The number of times a particular failure is expected to occur in a $10^{9}$ hour time period. Associated with continuous demand systems under EN61508~\cite{en61508}}} % \frategloss \fmmdglossFIT \clearpage \subsection{Gnuplot script for hypothetical XFMEA FMMD reasoning distance comparison} \label{sec:gnuplotxfmeafmmdcomp} \begin{verbatim} ##################################################################################### # GNUPLOT SCRIPT to plot XFMEA FMMD reasoning distance # comparisons. # # # Always define floating point explicitly at initialisation, as in 'C', # because otherwise gnuplot treats these as integers. # # number of failure modes per component fm = 3.0 # # number of components in each functional group k = 3.0 # # place the functional group size and failure mode per components # size into a string to use as the graph title # tt = sprintf("reasoning distance comparison for |fg| = %d and |fm| = %d", k, fm) set title tt # a = 0.0 b = 0.0 # # formula for reasoning distance in one level of FMMD # hierarchy (as given by ll) # fmmd(ll)=k**ll * k * fm * (k - 1) # # set up iterative sum in gnuplot syntax # to iterate over FMMD levels # sum(a,b) = (a > b) ? 0 : fmmd(a) + sum(a+1, b) sig_fx(c) = sum(a,c) # # reasoning distance for exhaustive case in FMEA # where ll is the hierarchy level xfmea(ll) = k**(ll+1) * ( k**(ll+1) -1 ) * fm # # set xrange [0:1000] set xlabel "Component count" set ylabel "reasoning distance" set logscale y # set terminal png set output 'xfmea_fmmd_comp.png' plot sig_fx(x**(1/k)), xfmea(x**(1/k)) #!sleep 20 ##################################################################################### \end{verbatim}