Robin_PHD/pt100/pt100.tex

%
% Make the revision and doc number macro's then they are defined in one place
\ifthenelse {\boolean{paper}}
{
\begin{abstract}
The PT100, or platinum wire \ohms{100} sensor is 
a widely used industrial temperature sensor that is
slowly replacing the use of thermocouples in many 
industrial applications below 600\oc, due to high accuracy\cite{aoe}.

This chapter looks at the most common configuration, the 
four wire circuit, and analyses it from an FMEA perspective twice.
Once considering single faults (cardinality constrained powerset of 1) and then again, considering the 
possibility of double faults (cardinality constrained powerset of 2).

The analysis is performed using Propositional Logic
diagrams to assist the reasoning process.
This chapter describes taking
the failure modes of the components, analysing the circuit using FMEA
and producing a failure mode model for the circuit as a whole.
Thus after the analysis the PT100 temperature sensing circuit, may be veiwed 
from an FMEA persepective as a component itself, with a set of known failure modes.

\end{abstract}
}
{
\section{Overview}
The PT100, or platinum wire \ohms{100} sensor is 
a widely used industrial temperature sensor that is
slowly replacing the use of thermocouples in many 
industrial applications below 600\oc, due to high accuracy\cite{aoe}.

This chapter looks at the most common configuration, the 
four wire circuit, and analyses it from an FMEA perspective twice.
Once considering single faults (cardinality constrained powerset of 1) and then again, considering the 
possibility of double faults (cardinality constrained powerset of 2).

The analysis is performed using Propositional Logic
diagrams to assist the reasoning process.
This chapter describes taking
the failure modes of the components, analysing the circuit using FMEA
and producing a failure mode model for the circuit as a whole.
Thus after the analysis the PT100 temperature sensing circuit, may be veiwed 
from an FMEA persepective as a component itself, with a set of known failure modes.
}

\begin{figure}[h]
 \centering
 \includegraphics[width=400pt,bb=0 0 714 180,keepaspectratio=true]{./pt100/pt100.jpg}
 % pt100.jpg: 714x180 pixel, 72dpi, 25.19x6.35 cm, bb=0 0 714 180
 \caption{PT100 four wire circuit}
 \label{fig:pt100}
\end{figure}


\section{General Description of PT100 four wire circuit}

The PT100 four wire circuit uses two wires to supply small electrical current,
and returns two sense volages by the other two.
By measuring volatges
from sections of this circuit forming potential dividers, we can determine the 
resistance of the platinum wire sensor. The resistance
of this is directly related to temperature, and may be determined by
look-up tables or a suitable polynomial expression.


\begin{figure}[h]
 \centering
 \includegraphics[width=150pt,bb=0 0 273 483,keepaspectratio=true]{./pt100/vrange.jpg}
 % pt100.jpg: 714x180 pixel, 72dpi, 25.19x6.35 cm, bb=0 0 714 180
 \caption{PT100 expected voltage ranges}
 \label{fig:pt100vrange}
\end{figure}


The voltage ranges we expect from this three stage potential divider\footnote{
two stages are required for validation, a third stage is used to measure the current flowing
through the circuit to obtain accurate temperature readings}
are shown in figure \ref{fig:pt100vrange}. Note that there is
an expected range for each reading, for a given temperature span.
Note that the low reading goes down as temperature increases, and the higher reading goes up.
For this reason the low reading will be reffered to as {\em sense-}
and the higher as {\em sense+}.

\subsection{Accuracy despite variable \\ resistance in cables}

For electronic and accuracy reasons a four wire circuit is preffered
because of resistance in the cables. Resistance from the supply
 causes a slight voltage 
drop in the supply to the PT100. As no significant current
is carried by the two `sense' lines the resistance back to the ADC
causes only a negligible voltage drop, and thus the four wire 
configuration is more accurate\footnote{The increased accuracy is because the voltage measured, is the voltage across
the thermistor and not the voltage across the thermistor and current supply wire resistance.}.

\subsection{Calculating Temperature from \\ the sense line voltages}

The current flowing though the 
whole circuit can be measured on the PCB by reading a third
sense voltage from one of the load resistors. Knowing the current flowing
through the circuit   
and knowing the voltage drop over the PT100, we can calculate its 
resistance  by ohms law $V=I.R$, $R=\frac{V}{I}$. 
Thus a little loss of supply current due to resistance in the cables
does not impinge on accuracy.
The resistance to temperature conversion is achieved 
through the published PT100 tables\cite{eurothermtables}.
The standard voltage divider equations (see figure \ref{fig:vd} and 
equation \ref{eqn:vd}) can be used to  calculate
expected voltages for failure mode and temperature reading purposes.

\begin{figure}[h]
 \centering
 \includegraphics[width=100pt,bb=0 0 183 170,keepaspectratio=true]{./pt100/voltage_divider.png}
 % voltage_divider.png: 183x170 pixel, 72dpi, 6.46x6.00 cm, bb=0 0 183 170
 \caption{Voltage Divider}
 \label{fig:vd}
\end{figure}
%The looking at figure \ref{fig:vd} the standard voltage divider formula (equation \ref{eqn:vd}) is used.

\begin{equation}
\label{eqn:vd}
 V_{out} = V_{in}.\frac{Z2}{Z2+Z1}
\end{equation}

\section{Safety case for 4 wire circuit}

This sub-section looks at the behaviour of the PT100 four wire circuit 
for the effects of component failures.
All components have a set of known `failure modes'.
In other words we know that a given component can fail in several distinct ways.
Studies have been published which list common component types 
and their sets of failure modes, often with MTTF statistics \cite{mil1991}.
Thus for each component, an analysis is made for each of it failure modes,
with respect to its effect on the 
circuit. Each one of these scenarios is termed a `test case'.
The resultant circuit behaviour for each of these test cases is noted. 
The worst case for this type of
analysis would be a fault that we cannot detect.
Where this occurs a circuit re-design is probably the only sensible course of action.



\subsection{Single Fault FMEA Analysis \\ of PT100 Four wire circuit}

\label{fmea}
This circuit simply consists of three resistors.
Resistors according to the DOD Electronic component fault handbook
1991, fail by either going OPEN or SHORT circuit \cite{mil1991}.
%Should wires become disconnected these will have the same effect as
%given resistors going open. 
For the purpose of this analyis;
$R_{1}$ is the \ohms{2k2} from 5V to the thermistor,
$R_3$ is the PT100 thermistor and $R_{2}$ connects the thermistor to ground.

We can define the terms `High Fault' and `Low Fault' here, with reference to figure
\ref{fig:pt100vrange}. Should we get a reading outside the safe green zone
in the diagram we can consider this a fault.
Should the reading be above its expected range this is a `High Fault'
and if below a `Low Fault'.

Table \ref{ptfmea} plays through the scenarios of each of the resistors failing
in both SHORT and OPEN failure modes, and hypothesises an error condition in the readings.
The range {0\oc} to {300\oc} will be analysed using potential divider equations to 
determine out of range voltage limits in section \ref{ptbounds}.

\begin{table}[ht]
\caption{PT100 FMEA Single Faults} % title of Table
\centering % used for centering table
\begin{tabular}{||l|c|c|l|l||}
\hline \hline
 \textbf{Test} & \textbf{Result} & \textbf{Result } & \textbf{General}   \\
 \textbf{Case} &  \textbf{sense +} & \textbf{sense -} & \textbf{Symtom Description}   \\
%   R         &    wire        & res +         & res -    & description
\hline
\hline
 $R_1$ SHORT    &  High Fault        &  -       &  Value Out of Range Value \\ \hline
$R_1$  OPEN     &  Low Fault         & Low Fault     &  Both values out of range \\ \hline
 \hline
$R_3$  SHORT    &  Low Fault          & High Fault      &   Both values out of range \\ \hline
 $R_3$  OPEN     &  High Fault         & Low  Fault    &  Both values out of range \\ \hline
\hline
$R_2$ SHORT     &  -         &  Low Fault   &  Value Out of Range Value \\  
 $R_2$ OPEN     &  High Fault         & High Fault     &  Both values out of range \\ \hline
\hline
\end{tabular} 
\label{ptfmea}
\end{table}

From table \ref{ptfmea} it can be seen that any component failure in the circuit
should cause a common symptom, that of one or more of the values being `out of range'.
Temperature range calculations and detailed calculations
on the effects of each test case are found in section \ref{pt100range}
and \ref{pt100temp}. 



\subsection{Range and PT100 Calculations}
\label{pt100temp}
PT100 resistors are designed to 
have a resistance of \ohms{100}  at {0\oc} \cite{aoe},\cite{eurothermtables}.
A suitable `wider than to be expected range' was considered to be {0\oc} to {300\oc}
for a given application. 
According to the Eurotherm PT100
tables \cite{eurothermtables}, this corresponded to the resistances \ohms{100}
and \ohms{212.02} respectively. From this the potential divider circuit can be
analysed and the maximum and minimum acceptable voltages determined.
These can be used as bounds results to apply the findings from the 
PT100 FMEA analysis in section \ref{fmea}.

As the PT100 forms a potential divider with the \ohms{2k2}  load resistors,
the upper and lower readings can be calculated thus:


$$ highreading = 5V.\frac{2k2+pt100}{2k2+2k2+pt100} $$
$$ lowreading = 5V.\frac{2k2}{2k2+2k2+pt100} $$
So by defining an acceptable measurement/temperature range,
and ensuring the 
values are always within these bounds we can be confident that none of the
resistors in this circuit has failed.

To convert these to twelve bit ADC (\adctw) counts:

$$ highreading = 2^{12}.\frac{2k2+pt100}{2k2+2k2+pt100} $$
$$ lowreading = 2^{12}.\frac{2k2}{2k2+2k2+pt100} $$


\begin{table}[ht]
\caption{PT100 Maximum and Minimum Values} % title of Table
\centering % used for centering table
\begin{tabular}{||c|c|c|l|l||}
\hline \hline
 \textbf{Temperature} & \textbf{PT100 resistance} & 
\textbf{Lower} & \textbf{Higher} & \textbf{Description}   \\ 
\hline
% {-100 \oc} &  {\ohms{68.28}} &  2.46V         &   2.53V      & Boundary of   \\ 
%            &                 &  2017\adctw   &   2079\adctw  &   out of range LOW \\ \hline
  {0 \oc}   & {\ohms{100}}    &  2.44V         &   2.56V       & Boundary of         \\
            &                 &  2002\adctw   &   2094\adctw   &  out of range LOW        \\ \hline
 {+300 \oc} & {\ohms{212.02}}  &  2.38V         &   2.62V       & Boundary of                       \\
            &                  &  1954\adctw   &   2142\adctw   &  out of range HIGH  \\ \hline
\hline
\end{tabular} 
\label{ptbounds}
\end{table}

Table \ref{ptbounds} gives ranges that determine correct operation. In fact it can be shown that
for any single error (short or opening of any resistor) this bounds check
will detect it.


\section{Single Fault FMEA Analysis \\ of PT100 Four wire circuit}

\subsection{Single Fault Modes as PLD}

The component~failure~modes in table \ref{ptfmea} can be represented as contours
on a PLD diagram. 
Each test case, is defined by the contours that enclose
it. The test cases here deal with single faults only
and are thus enclosed by one contour each.


\begin{figure}[h]
 \centering
 \includegraphics[width=400pt,bb=0 0 518 365,keepaspectratio=true]{./pt100/pt100_tc.jpg}
 % pt100_tc.jpg: 518x365 pixel, 72dpi, 18.27x12.88 cm, bb=0 0 518 365
 \caption{PT100 Component Failure Modes}
 \label{fig:pt100_tc}
\end{figure}

ating input Fault  
This circuit supplies two results, sense+ and sense- voltage readings.
To establish the valid voltage ranges for these, and knowing our
valid temperature range for this example ({0\oc} .. {300\oc}) we can calculate
valid voltage reading ranges by using the standard voltage divider equation \ref{eqn:vd}
for the circuit shown in figure \ref{fig:vd}.

%
%\begin{figure}[h]
% \centering
% \includegraphics[width=100pt,bb=0 0 183 170,keepaspectratio=true]{./pt100/voltage_divider.png}
% % voltage_divider.png: 183x170 pixel, 72dpi, 6.46x6.00 cm, bb=0 0 183 170
% \caption{Voltage Divider}
% \label{fig:vd}
%\end{figure}
%%The looking at figure \ref{fig:vd} the standard voltage divider formula (equation \ref{eqn:vd}) is used.
%
%\begin{equation}
%\label{eqn:vd}
% V_{out} = V_{in}.\frac{Z2}{Z2+Z1}
%\end{equation}
%


\subsection{Proof of Out of Range \\ Values for Failures}
\label{pt110range}
Using the temperature ranges defined above we can compare the voltages
we would get from the resistor failures to prove that they are
`out of range'. There are six test cases and each will be examined in turn.

\subsubsection{ TC 1 : Voltages $R_1$ SHORT } 
With pt100 at 0\oc 
$$ highreading = 5V $$
Since the highreading or sense+ is directly connected to the 5V rail,
both temperature readings will be 5V..
$$ lowreading = 5V.\frac{2k2}{2k2+100\Omega} = 4.78V$$
With pt100 at the high end of the temperature range 300\oc.
$$ highreading = 5V $$
$$ lowreading = 5V.\frac{2k2}{2k2+212.02\Omega} = 4.56V$$

Thus with $R_1$ shorted both readingare outside the 
proscribed range in table \ref{ptbounds}.

\subsubsection{ TC 2 : Voltages $R_1$ OPEN } 

In this case the 5V rail is disconnected. All voltages read are 0V, and 
therefore both readings are outside the
proscribed range in table \ref{ptbounds}.


\subsubsection{ TC 3 : Voltages $R_2$ SHORT }

With pt100 at 0\oc 
$$ lowreading = 0V $$
Since the lowreading or sense- is directly connected to the 0V rail,
both temperature readings will be 0V.
$$ lowreading = 5V.\frac{100\Omega}{2k2+100\Omega} = 0.218V$$
With pt100 at the high end of the temperature range 300\oc.
$$ highreading = 5V.\frac{212.02\Omega}{2k2+212.02\Omega} = 0.44V$$

Thus with $R_2$ shorted both readings are outside the 
proscribed range in table \ref{ptbounds}.

\subsubsection{ TC 4 : Voltages $R_2$ OPEN }
Here there is no potential divider operating and both sense lines
will read 5V, outside of the proscribed range.


\subsubsection{ TC 5 : Voltages $R_3$ SHORT } 

Here the potential divider is simply between
the two 2k2 load resistors. Thus it will read a nominal;
2.5V.

Assuming the load resistors are 
precision components, and then taking an absolute worst case of 1\% either way.

$$ 5V.\frac{2k2*0.99}{2k2*1.01+2k2*0.99} = 2.475V $$

$$ 5V.\frac{2k2*1.01}{2k2*1.01+2k2*0.99} = 2.525V $$

These readings both lie outside the proscribed range.
Also the sense+ and sense- readings would have the same value.

\subsubsection{ TC 6 : Voltages $R_3$ OPEN } 

Here the potential divider is broken. The sense- will read 0V and the sense+ will
read 5V. Both readings are outside the proscribed range.

\subsection{Summary of Analysis}

All six test cases have been analysed and the results agree with the hypothesis
put in  Table \ref{ptfmea}. The PLD diagram, can now be used to collect the
symptoms. In this case there is a common and easily detected symptom for all these single 
resistor faults :  Voltage out of range.

A spider can be drawn on the PLD diagram to this effect.

In practical use, by defining an acceptable measurement/temperature range,
and ensuring the 
values are always within these bounds we can be confident that none of the
resistors in this circuit has failed.


\begin{figure}[h]
 \centering
 \includegraphics[width=400pt,bb=0 0 518 365,keepaspectratio=true]{./pt100/pt100_tc_sp.jpg}
 % pt100_tc.jpg: 518x365 pixel, 72dpi, 18.27x12.88 cm, bb=0 0 518 365
 \caption{PT100 Component Failure Modes}
 \label{fig:pt100_tc_sp}
\end{figure}


\subsection{Derived Component : The PT100 Circuit}
The PT100 circuit can now be treated as a component in its own right, and has one failure mode, 
{\textbf OUT\_OF\_RANGE}. It can now be represnted as a PLD see figure \ref{fig:pt100_singlef}.

\begin{figure}[h]
 \centering
 \includegraphics[width=100pt,bb=0 0 167 194,keepaspectratio=true]{./pt100/pt100_singlef.jpg}
 % pt100_singlef.jpg: 167x194 pixel, 72dpi, 5.89x6.84 cm, bb=0 0 167 194
 \caption{PT100 Circuit Failure Modes : From Single Faults Analysis}
 \label{fig:pt100_singlef}
\end{figure}


%From the single faults (cardinality constrained powerset of 1) analysis, we can now create
%a new derived component, the {\empt100circuit}. This has only \{ OUT\_OF\_RANGE \}
%as its single failure mode.


%Interestingly we can calculate the failure statistics for this circuit now.
%Mill 1991 gives resistor stats of ${10}^{11}$ times 6 (can we get special stats for pt100) ???
\clearpage
\subsection{Mean Time to Failure}

Now that we have a model for the failure mode behaviour of the pt100 circuit
we can look at the statistics associated with each of the failure modes.

The DOD electronic reliability of components
document  MIL-HDBK-217F\cite{mil1992} gives formulae for calculating
the
%$\frac{failures}{{10}^6}$
${failures}/{{10}^6}$ % looks better
in hours for a wide range of generic components
\footnote{These figures are based on components from the 1980's and MIL-HDBK-217F
can give conservative reliability figures when applied to
modern components}. 

Using the MIL-HDBK-217F\cite{mil1992}  specifications for resistor and thermistor
failure statistics we calculate the reliability of this circuit.


\subsubsection{Resistor FIT Calculations}

The formula for given in MIL-HDBK-217F\cite{mil1992}[9.2] for a generic fixed film non-power resistor
is reproduced in equation \ref{resistorfit}. The meanings 
and values assigned to its co-efficients are described in table \ref{tab:resistor}.

\begin{equation}
% fixed comp resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E
resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E
 \label{resistorfit}
\end{equation}

\begin{table}[ht]
\caption{Fixed film resistor Failure in time assessment} % title of Table
\centering % used for centering table
\begin{tabular}{||c|c|l||}
\hline \hline
 \em{Parameter}      &  \em{Value}    &   \em{Comments} \\
                     &                &      \\ \hline \hline
 ${\lambda}_{b}$ &  0.00092        & stress/temp base failure rate  $60^o$ C  \\   \hline
 %${\pi}_T$ &  4.2         & max temp of $60^o$ C\\ \hline
 ${\pi}_R$ &  1.0         & Resistance range $< 0.1M\Omega$\\ \hline
 ${\pi}_Q$ &  15.0         & Non-Mil spec component\\ \hline
 ${\pi}_E$ &  1.0         & benign ground environment\\ \hline

\hline \hline
\end{tabular}
\label{tab:resistor}
\end{table}

Applying equation \ref{resistorfit} with the parameters from table \ref{tab:resistor}
give the following failures in ${10}^6$ hours:

\begin{equation}
 0.00092 \times 1.0 \times 15.0 \times 1.0 = 0.0138  \;{failures}/{{10}^{6} Hours}
 \label{eqn:resistor}
\end{equation}

While MIL-HDBK-217F gives MTTF for a wide range of common components,
it does not specify how the components will fail (in this case OPEN or SHORT). {Some standards, notably EN298 only consider resistors failing in OPEN mode}.
FMD-97 Gives 27\% OPEN and 3\% SHORTED, for resistors under certain electrical and environmental stresses. This example 
compromises and uses a 90:10 ratio, for resistor failure. 
Thus for this example resistors are expevcted to fail OPEN in 90\% of cases and SHORTED 
in the other 10\%.
A standard fixed film resistor, for use in a benign environment, non military spec at
temperatures up to 60\oc is given a probability of 13.8 failures per billion ($10^9$)
hours of operation (see equation \ref{eqn:resistor}). 
This figure is referred to as a FIT\footnote{FIT values are measured as the number of 
failures per Billion (${10}^9$) hours of operation, (roughly 114,000 years). The smaller the 
FIT number the more reliable the fault~mode} Failure in time.

The formula given for a thermistor in  MIL-HDBK-217F\cite{mil1992}[9.8] is reproduced in
equation \ref{thermistorfit}. The variable meanings and values are described in table \ref{tab:thermistor}.

\begin{equation}
% fixed comp resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E
resistor{\lambda}_p = {\lambda}_{b}{\pi}_Q{\pi}_E
 \label{thermistorfit}
\end{equation}

\begin{table}[ht]
\caption{Bead type Thermistor Failure in time assessment} % title of Table
\centering % used for centering table
\begin{tabular}{||c|c|l||}
\hline \hline
 \em{Parameter}      &  \em{Value}    &   \em{Comments} \\
                     &                &      \\ \hline \hline
 ${\lambda}_{b}$ &  0.021        & stress/temp base failure rate bead thermistor \\   \hline
 %${\pi}_T$ &  4.2         & max temp of $60^o$ C\\ \hline
 %${\pi}_R$ &  1.0         & Resistance range $< 0.1M\Omega$\\ \hline
 ${\pi}_Q$ &  15.0         & Non-Mil spec component\\ \hline
 ${\pi}_E$ &  1.0         & benign ground environment\\ \hline

\hline \hline
\end{tabular}
\label{tab:thermistor}
\end{table}


\begin{equation}
 0.021 \times 1.0 \times 15.0 \times 1.0 = 0.315 \; {failures}/{{10}^{6} Hours}
 \label{eqn:thermistor}
\end{equation}


Thus thermistor, bead type, non military spec is given a FIT of 315.0

Using the RIAC finding we can draw up the following table (table \ref{tab:stat_single}),
showing the FIT values for all faults considered.



\begin{table}[h+]
\caption{PT100 FMEA Single // Fault Statistics} % title of Table
\centering % used for centering table
\begin{tabular}{||l|c|c|l|l||}
\hline \hline
 \textbf{Test} & \textbf{Result} & \textbf{Result } & \textbf{MTTF}   \\
 \textbf{Case} &  \textbf{sense +} & \textbf{sense -} & \textbf{per $10^9$ hours of operation}   \\
%   R         &    wire        & res +         & res -    & description
\hline
\hline
TC:1 $R_1$ SHORT    &  High Fault        &  -       &  12.42 \\ \hline
TC:2 $R_1$  OPEN     &  Low Fault         & Low Fault     &  1.38 \\ \hline
 \hline
TC:3 $R_3$  SHORT    &  Low Fault          & High Fault      &   283.5 \\ \hline
TC:4 $R_3$  OPEN     &  High Fault         & Low  Fault    &   31.5 \\ \hline
\hline
TC:5 $R_2$ SHORT     &  -         &  Low Fault   &  12.42 \\  
TC:6 $R_2$ OPEN     &  High Fault         & High Fault     &  1.38 \\ \hline
\hline
\end{tabular} 
\label{tab:stat_single}
\end{table}

The FIT for the circuit as a whole is the sum of MTTF values for all the 
test cases. The PT100 circuit here has a  FIT of 342.6. This is a MTTF of
about 360 years per circuit.

A Probablistic tree can now be drawn, with a FIT value for the PT100
circuit and FIT values for all the component fault modes that it was calculated from.
We can see from this that that the most likely fault is the thermistor going OPEN.
This circuit is around 10 times more likely to fail in this way than in any other.
Were we to need a more reliable temperature sensor this would probably 
be the fault~mode we would scrutinise first.


\begin{figure}[h+]
 \centering
 \includegraphics[width=400pt,bb=0 0 856 327,keepaspectratio=true]{./pt100/stat_single.jpg}
 % stat_single.jpg: 856x327 pixel, 72dpi, 30.20x11.54 cm, bb=0 0 856 327
 \caption{Probablistic Fault Tree : PT100 Single Faults}
 \label{fig:stat_single}
\end{figure}


The PT100 analysis presents a simple result for single faults. 
The next analysis phase looks at how the circuit will behave under double simultaneous failure
conditions.

\clearpage
\section{ PT100 Double Simultaneous \\ Fault Analysis}

In this section we examine the failure mode behaviour for all single 
faults and double simultaneous faults.
This corresponds to the cardinality contstrained powerset of
the failure modes in the functional group.
All the single faults have already be proved in the last section.
For the next set of test cases, let us again hypothesise
the failure modes, and then examine each one in detail with
potential divider equation proofs.

Table \ref{tab:ptfmea2} lists all the combinations of double
faults and then hypothesises how the functional~group will react
under those conditions.

\begin{table}[ht]
\caption{PT100 FMEA Double Faults} % title of Table
\centering % used for centering table
\begin{tabular}{||l|l|c|c|l|l||}
\hline \hline
 \textbf{TC}      &\textbf{Test} & \textbf{Result} & \textbf{Result } & \textbf{General}   \\
 \textbf{number} &\textbf{Case} &  \textbf{sense +} & \textbf{sense -} & \textbf{Symtom Description}   \\
%   R         &    wire        & res +         & res -    & description
\hline
\hline
 TC 7: & $R_1$ OPEN $R_2$ OPEN    &  Floating input Fault        &   Floating input Fault    &  Unknown value readings \\ \hline
 TC 8: & $R_1$ OPEN $R_2$ SHORT   &  low        &   low    &  Both out of range  \\ \hline
\hline
 TC 9: & $R_1$ OPEN $R_3$ OPEN   &  high        &   low     &  Both out of Range \\ \hline
 TC 10: & $R_1$ OPEN $R_3$ SHORT   &  low        &   low    &  Both out of range \\ \hline
\hline

 TC 11: & $R_1$ SHORT $R_2$ OPEN    &  high        &   high    &  Both out of range \\ \hline
TC 12: &  $R_1$ SHORT $R_2$ SHORT   &  high        &   low    &  Both out of range  \\ \hline
\hline
 TC 13: & $R_1$ SHORT $R_3$ OPEN   &  high        &   low     &  Both out of Range \\ \hline
TC 14: &  $R_1$ SHORT $R_3$ SHORT   &  high        &   high    &  Both out of range \\ \hline

\hline
 TC 15: & $R_2$ OPEN $R_3$ SHORT   &  high        &   Floating input Fault    &  sense+ out of range \\ \hline
TC 16: &  $R_2$ OPEN $R_3$ SHORT   &  high        &   high    &  Both out of Range \\ \hline
TC 17: &  $R_2$ SHORT $R_3$ OPEN   &  high        &   low    &  Both out of Range \\ \hline
TC 18: &  $R_2$ SHORT $R_3$ SHORT   &  low        &   low    &  Both out of Range \\ \hline
\hline
\end{tabular}
\label{tab:ptfmea2}
\end{table}

\subsection{Verifying complete coverage for a \\ cardinality constrained powerset of 2}

It is important to check that we have covered all possible double fault combinations.
We can use the equation \ref{eqn:correctedccps2}, reproduced below to verify this.



\begin{equation}
 |{\mathcal{P}_{cc}SU}| = {\sum^{k}_{1..cc}  \frac{|{SU}|!}{k!(|{SU}| - k)!}}   
- \sum^{p}_{2..cc}{{\sum^{j}_{j \in J}   \frac{|FM({C_j})|!}{p!(|FM({C_j})| - p)!}}  }
 %\label{eqn:correctedccps2}
\end{equation}


$|FM(C_j)|$ is always 2 here,  as all the components are resistors and have two failure modes.

%
% Factorial of zero is one ! You can only arrange an empty set one way !

Populating this equation with $|SU| = 6$ and $|FM(C_j)|$ = 2.
%is always 2 for this circuit, as all the components are resistors and have two failure modes.

\begin{equation}
 |{\mathcal{P}_{2}SU}| = {\sum^{k}_{1..2}  \frac{6!}{k!(6 - k)!}}   
- \sum^{p}_{2..2}{{\sum^{j}_{1..3}   \frac{2!}{p!(2 - p)!}}  }
 %\label{eqn:correctedccps2}
\end{equation}

$|{\mathcal{P}_{2}SU}|$ is the number of valid combinations of faults to check
under the conditions of unitary state failure modes for the components (a resistor cannot fail by being shorted and open at the same time).

Expanding the sumations


$$ NoOfTestCasesToCheck = \frac{6!}{1!(6-1)!} + \frac{6!}{2!(6-2)!} - \Big( \frac{2!}{2!(2 - 2)!} + \frac{2!}{2!(2 - 2)!} + \frac{2!}{2!(2 - 2)!} \Big) $$

$$ NoOfTestCasesToCheck = 6 + 15 - ( 1 + 1 + 1 )  = 18 $$

As the test case are all different and are of the correct cardinalities (6 single faults and (15-3) double)
we can be confident that we have looked at all `double combinations', of the possible faults
in the pt100 circuit. The next task is to investigate
these test cases in more detail to prove the failure mode hypothese set out in table \ref{tab:ptfmea2}.


\subsection{Proof of Double Faults Hypothese }

\subsubsection{ TC 7 : Voltages $R_1$ OPEN $R_2$ OPEN } 
\label{pt100:bothfloating}
This double fault mode produces an interesting symptom.
Both sense lines are floating.
We cannot know what the {\adctw} readings on them will be.
In practise these would probably float to  low values
but for the purpose of a safety critical analysis
all we can say is the values are `floating' and `unknown'.
This is an interesting case, because it is, at this stage an undetectable
fault that must be handled.


\subsubsection{ TC 8 : Voltages $R_1$ OPEN $R_2$ SHORT } 

This cuts the supply from Vcc. Both sense lines will be at zero.
Thus both values will be out of range.


\subsubsection{ TC 9 : Voltages $R_1$ OPEN $R_3$ OPEN } 

Sense- will be floating.
Sense+ will be tied to Vcc and will thus be out of range.

\subsubsection{ TC 10 : Voltages $R_1$ OPEN $R_3$ SHORT } 

This shorts ground to the 
both of the sense lines.
Both values thuis out of range.

\subsubsection{ TC 11 : Voltages $R_1$ SHORT $R_2$ OPEN } 

This shorts both sense lines to Vcc.
Both values will be out of range.


\subsubsection{ TC 12 : Voltages $R_1$ SHORT $R_2$ SHORT }

This shorts the sense+ to Vcc and the sense- to ground.
Both values will be out of range.









\subsubsection{ TC 13 : Voltages $R_1$ SHORT $R_3$ OPEN }

This shorts the sense+ to Vcc and the sense- to ground.
Both values will be out of range.

\subsubsection{ TC 14 : Voltages $R_1$ SHORT $R_3$ SHORT }

This shorts the sense+ and sense- to Vcc.
Both values will be out of range.

\subsubsection{ TC 15 : Voltages $R_2$ OPEN $R_3$ OPEN }

This shorts the sense+ to Vcc and causes sense- to float.
The sense+ value will be out of range.


\subsubsection{ TC 16 : Voltages $R_2$ OPEN $R_3$ SHORT }

This shorts the sense+ and sense- to Vcc.
Both values will be out of range.





\subsubsection{ TC 17 : Voltages $R_2$ SHORT $R_3$ OPEN }

This shorts the sense- to Ground.
The sense- value will be out of range.


\subsubsection{ TC 18 : Voltages $R_2$ SHORT $R_3$ SHORT }

This shorts the sense+ and sense- to Vcc.
Both values will be out of range.







\vspace{20pt}

typeset in {\Huge \LaTeX} \today