\label{sec:chap3} \section{Historical Origins of FMEA} \subsection{FMEA designed for simple electro-mechanical systems} FMEA traces it roots to the 1940s when it was used to identify the most costly failures arising from car mass-production~\cite{pfmea}. It was later modified slightly to include severity of the top level failure (FMECA~\cite{fmeca}). In the 1980s FMEA was extended again (FMEDA~\cite{fmeda}) to provide statistics for predicting failure rates. However a typical entry in each of the above methodologies, starts with a particular component failure mode and associates it with a system---or top level---failure symptom. This analysis philosophy has not changed since FMEA was first used. \subsection{FMEA does not support modularity.} It is a common practise in the process control industry to buy in sub-systems, typically sensors and actuators connected to an industrially hardened computer bus, i.e. CANbus~\cite{can,canspec}, modbus~\cite{modbus} etc. Most sensor systems now are `smart', that is to say, they contain programmatic elements even if their outputs are %they supply analogue signals. For instance a liquid level sensor that supplies a {\ft} output, would have been typically have been implemented in analogue electronics before the 1980s. After that time, it would be common to use a micro-processor based system to perform the functions of reading the sensor and converting it to a current (\ft) output. For the non-safety critical systems integrator this brings with it the advantages that come with using a digital system (increased accuracy, self checking and ease of calibration etc. ). For a safety critical systems integrator this can be very problematic when it comes to approvals. Even if the sensor manufacturer will let you see the internal workings and software we have a problem with tracing the FMEA reasoning through the sensor, through the sensors software and then though the system being integrated. This problem is compounded by the fact that traditional FMEA cannot integrate software into FMEA models~\cite{sfmea,safeware}. \section{Reasoning Distance used to measure Comparison Complexity} \section{FMEA - General Criticism} \subsection{FMEA - General Criticism} \begin{itemize} \item FMEA type methodologies were designed for simple electro-mechanical systems of the 1940's to 1960's. \item Reasoning Distance - component failure to system level symptom \item State explosion - impossible to perform rigorously \item Difficult to re-use previous analysis work \item Very Difficult to model simultaneous failures. \end{itemize} % \subsection{FMEA - Better Methodology - Wish List} \subsection{FMEA - Better Methodology - Wish List} \begin{itemize} \item State explosion \item Rigorous (total coverage) \item Reasoning Traceable \item Re-useable \item Simultaneous failures % \item \end{itemize} %FMEDA is a modern extension of FMEA, in that it will allow for %self checking features, and provides detailed recommendations for computer/software architecture, %but