% % Make the revision and doc number macro's then they are defined in one place \ifthenelse {\boolean{paper}} { \begin{abstract} A survey of Static Failure Mode analysis Methodologies applicable to saefty critical systems. \end{abstract} } { \section{Overvew} A survey of Static Failure Mode analysis Methodologies applicable to saefty critical systems. } \section{FMEA} Two meanings, a general one Fault Mode Effects Analysis, meaning general statics diagnosis of a design, looking at faults that can occur and their effect. \subsection{Manufacturing Cost Reduction FMEA} Second a methodology for reducing cost in manufacturing by taking fauls, their frequency and their cost, multiplying these together, and then coming up with a priority list for fixing knmown faults. "The basics of FMEA by Robin E. McDermott et all" ISBN 0-527-76320-9. \subsection{Deterministic FMEA} EN298 no two individual component failures may give rise to a dangerous condition. \section{FMEDA Failure effect Mode Diagnositic Analysis} This is the main babsis of SIL certification for Programmed Electronic Equipment. Itr applies FMEA, with classification of criticality of components, adjustment to MTTF values by self checking mechanisms in the product, and mitigation for a safe failure fraction. This leads to a probablistic mean time to failure or probability of failure on demand, that will fall within the criteria for a given SIL safety level. An overview for this method can be found in an EXIDA paper \cite{fmeda} and detailed description of the method for SIL certification in part 2 of EN61508 \cite{en61508}. disadvantage: single component failure is used to determine its effect on the entire system. This leads to classifying components as safety or non-safety critical at an early stage in the analysis. This means that complex interactions or side effects of the components failing may not be taken into account. advantage: concepts of self checking systems, and safe failure fraction\footnote{Safe Failure Fraction (SFF) is the number of non-safety critical components that can be detected as failed compared to the number of safety critcal components. The thinking here is that is components are detected as failing even though they are not safety critical, the system is self checking a greater proportion of its own systems, and is therefore safer. This is applying bayes theorem for probablistic error detection} This is a probablistic based methodology. \subsection{Safe Failure Fraction} Introduce the idea of coverage. A good example is RAM in a microprocessor/microcontroller, we cann ot give 100i\% coverage to it. We can perform some tests that give us 60\% coverage etc \subsection{Diagnostic interval} Reducing FIT with detecting a fraction of the faults within an interval. Give formulas etc \subsection{Redundancy - Models} 1oo1 2oo3 etc \subsection{Field Data} OK for EN61508, not OK for nuclear industry find refs. \section {FTA} Fault tree Analysis Show how it works, top down, FROM INTERBET HISTORY OF FTA %%- RE_PHRASE %% %%- RE_PHRASE %% Fault tree analysis (FTA) is a tool originally developed in %% RE_PHRASE %% 1962 by Bell Labs for use in studying failure modes in the %% RE_PHRASE %% launch control system of the Minuteman missile project. The tool now %% RE_PHRASE %% finds wide use in numerous applications, from accident investigation to design %% RE_PHRASE %% prototyping, and is also finding use for protection and control related %% RE_PHRASE %% applications. This paper provides an elementary background to the application of %% RE_PHRASE %% FTA for use in protection applications. The construction of the fault %% RE_PHRASE %% tree as well as the use of reliability data is considered. %% RE_PHRASE %% A simple example is presented. The intention is to provide a %% RE_PHRASE %% brief introduction to the concept, to allow users to at least %% RE_PHRASE %% understand how a fault tree is constructed and what can be done %% RE_PHRASE %% with it. % read exita doc and ref it % typeset in {\Huge \LaTeX} \today