58 lines
2.8 KiB
TeX
58 lines
2.8 KiB
TeX
|
|
\abstract{
|
|
The ability to assess the safety of man made equipment has been a concern
|
|
since the dawn of the industrial age~\cite{indacc01}~\cite{steamboilers}.
|
|
The philosophy behind safety measure has progressed
|
|
with time, and by world war two~\cite{boffin} we begin to see concepts such as `no single component failure should cause
|
|
a dangerous system failure' emerging.
|
|
The concept of a double failure causing a dangerous condition being unacceptable,
|
|
can be found in the legally binding European standard EN298~\cite{en298}.
|
|
More sophisticated statistically based standards, i.e EN61508~\cite{en61508} and variants thereof,
|
|
governing failure conditions and determining risk levels associated with systems.
|
|
|
|
All of these risk assessment techniques are based on variations on the theme of
|
|
Failure Mode Effect Analysis (FMEA), which has its roots in the 1940's mass production industry
|
|
and was designed to save large companies money by fixing the most financially
|
|
draining problems in a product first.
|
|
|
|
This thesis show that the refinements and additions made to
|
|
FMEA to tailor them for military or statistical commercial use, have common flaws
|
|
which make them unsuitable for the higher safety requirements of the 21st century.
|
|
Problems with state explosion in failure mode reasoning and the impossibility
|
|
of integrating software and hardware failure mode models are the most obvious of these. %flaws.
|
|
The methodologies are explained in chapter~\ref{sec:chap2} and the advantages and drawbacks
|
|
of each FMEA variant are examined in chapter~\ref{sec:chap3}.
|
|
In chapter~\ref{sec:chap4}, a new methodology is then proposed which addresses the state explosion problem
|
|
and, using contract programmed software, allows the modelling of integrated
|
|
software/electrical systems.
|
|
This is followed by two chapters showing examples of the new modular FMEA analysis technique (Failure Mode Modular De-Composition FMMD)
|
|
firstly looking at electronic circuits and then at electronic/software hybrid systems.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
\section{Introduction}
|
|
|
|
Msc project Euler/Spider Diagram editor --- Euler/Spider Diagrams
|
|
could be used to model failure modes in components.
|
|
--- 2005 paper --- need for static analysis because of
|
|
high reliability of modern safety critical systems.
|
|
|
|
\section{Practical Experience: Safety Critical Product Approvals}
|
|
|
|
FMEA performed on selected areas perceived as critical
|
|
by test house.
|
|
Blanket measures, RAM ROM checks, EMC, electrical and environmental stress testing
|
|
|
|
\subsection{Practical limitations of testing for certification vs. rigorous approach}
|
|
|
|
State explosion problem considering a failure mode of a given component against
|
|
all other components in the system i.e. an exponential ($2^N$) order of processing resource rather than a polynomial i.e. $N^2$.
|
|
|
|
Impossible to perform double simultaneous failure analysis (as demanded by EN298~\cite{en298}).
|
|
|