268 lines
13 KiB
TeX
268 lines
13 KiB
TeX
%\renewcommand{\baselinestretch}{1.15}
|
|
\chapter*{Colophon}
|
|
|
|
In short ``Thanks every body''!
|
|
%
|
|
\\
|
|
\\
|
|
%
|
|
%Completing my PhD %degree
|
|
%is the most intellectually challenging %% FUCK OFF ZERNIKE POLYNOMIALS WERE MORE DIFFICULT --- and actually useful unlike set theory
|
|
%activity of my first 52 years of my life! %% SET THEORY IS A LOAD OF BOLLOCKS
|
|
%
|
|
%The best and worst moments of this journey
|
|
%have been shared with many people.
|
|
%
|
|
It has been a great privilege to spend several years
|
|
visiting the Mathematics and Engineering departments of
|
|
the University of Brighton, pushing me forward in clarity of self-expression,
|
|
precision through mathematics, critical assessment and carefully crafted English:
|
|
its members will always remain dear to me. %, and I am sure, a strong influence
|
|
%on work I produce after this.
|
|
%
|
|
%%%% IS THIS BIT A BIT MAD???? YES! 27AUG2013
|
|
% % % Like an army recruits training Sergeant Major I found them
|
|
% % % hard task masters at first, and then, as with realising the rationale behind training and
|
|
% % % {\em even} parade drill, respected and grew to like them. well one of them anyway, the one who actually helped. the one with the motorbike.
|
|
% % % %
|
|
%
|
|
My first debt of gratitude must go to my supervisors,
|
|
Dr. A. Fish,
|
|
Dr. C Garret and %% TOP BLOKE
|
|
%Dr. C Garret, %% TOP BLOKE
|
|
Professor J. Howse. %% LAT HUND
|
|
%Dr. A. Fish. %% JAVALA LAT HUND
|
|
%
|
|
They patiently provided the guidance,
|
|
encouragement and advice necessary for me to proceed through the
|
|
research, consolidation and write-up phases of the PhD program,
|
|
to prepare and present three papers to conferences~\cite{syssafe2011,syssafe2012,Clark_fastzone}
|
|
and to complete and submit this thesis.
|
|
\\
|
|
\\
|
|
%
|
|
%
|
|
I owe a debt of thanks to Dr J. flower, my MSc project supervisor,
|
|
who explained that the chapter in my project documentation postulating a modular form of
|
|
FMEA---which had %obvious
|
|
potential for making the process %FMEA
|
|
more efficient---was a concept worthy of being developed for a PhD and assisting me
|
|
to present the chapter as %submit this as
|
|
a conference paper~\cite{Clark200519}.
|
|
%
|
|
Further I thank her for encouraging me to apply for the PhD. %% PITY SHE DID NOT STAY ON AS MY PHD SUPERVISOR
|
|
%
|
|
I also wish to thank Alan Jones of Brighton College of Technology
|
|
for taking a chance on someone with no `A' levels and letting him
|
|
start an HND in software Engineering in 1986. That more than anything
|
|
changed my life and gave me fantasic opportunities.
|
|
%
|
|
\\
|
|
\\
|
|
%
|
|
I am deeply thankful to the directors of {\etc} not only for
|
|
funding this course, but providing training and work experience in the
|
|
field of safety critical engineering and giving me Friday
|
|
afternoons to pursue my studies.
|
|
%
|
|
At Energy~Technology~Control, the following people gave encouragement, and
|
|
validated the concepts for the `modular~FMEA' that I was developing,
|
|
Martin~Thirsk,
|
|
Colin~Talmay, % and
|
|
Darren~Legge and
|
|
Hazel~Anderson. % Varfor satter min bok i 60oC du eller skitstovlen...
|
|
%
|
|
These Engineers, whose whole careers
|
|
have been focused on the safety critical electronic/computing area,
|
|
gave valuable time to look at and comment on my FMMD proposals.
|
|
%
|
|
Their comments gave me confidence that the methodology I was developing had
|
|
%was not only an academic exercise but had
|
|
potential practical
|
|
applications and benefits.
|
|
%
|
|
The environment and context of the work at {\etc}
|
|
was very useful for clarifying concepts relating to FMEA and
|
|
safety; at least once a week there is a new practical case study arising
|
|
and being discussed, be it, say, the observability of the effect of failures in an
|
|
traditional amplifier configuration,
|
|
or how a particular sensor could fail.
|
|
%
|
|
The field of industrial burner control, is highly regulated and
|
|
is rich with practical examples of safety measures built into
|
|
hybrid digital/electronic systems.
|
|
%
|
|
This has given me many opportunities to % has been % be
|
|
apply the new methodology against `real~world' problems.
|
|
%
|
|
%and thus its
|
|
%theoretical aspects have been often
|
|
%sounded out against `real~world' problems.
|
|
%
|
|
These real~world failure scenarios and their proposed solutions, were often detailed in
|
|
requirements and design documentation, submitted in support of
|
|
safety accreditation.
|
|
%
|
|
I was glad to be tasked to produce many of these documents.
|
|
%
|
|
Again I thank {\etc}, for giving me
|
|
these parallel tasks, which aided my studies.
|
|
\\
|
|
\\
|
|
%
|
|
%
|
|
I wish to thank my parents, Jennifer and Richard Clark.
|
|
% MY MUM for proof reading alot!
|
|
I hope that this work makes you proud.
|
|
%
|
|
\\
|
|
\\
|
|
|
|
\vspace{3cm}
|
|
Typeset in \LaTeX \today.
|
|
\renewcommand{\baselinestretch}{1.5}
|
|
|
|
|
|
\clearpage
|
|
|
|
\chapter*{Declaration}
|
|
|
|
I declare that the research contained in this thesis, unless otherwise formally indicated within the
|
|
text, is the original work of the author. The thesis has not been previously submitted to this or any
|
|
other university for a degree, and does not incorporate any material already submitted for a
|
|
degree.
|
|
\\
|
|
\\
|
|
\\
|
|
\\
|
|
Signed
|
|
\\
|
|
\\
|
|
\\
|
|
Dated
|
|
\clearpage
|
|
|
|
|
|
\section*{Abstract}
|
|
|
|
\subsection*{Failure Mode Modular De-Composition}
|
|
|
|
%
|
|
% This should be a three hundred word summary of the work and findings
|
|
% Supervisors did not warn me this was required.
|
|
% I found out by reading the OU ``how to get a PhD'' book in the bath, and then wading through the Brighton University
|
|
% regulations where it is stated on page 14 of a 30+ page document filled with mostly n/a regulations to me.
|
|
%
|
|
%
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
% BEGINING --- Introduce the field
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
The certification process of safety critical products for European and other international
|
|
standards typically demand environmental stress, endurance and electro magnetic compatibility testing.
|
|
%
|
|
Theoretical, or `static~testing' also a requirement.
|
|
%
|
|
Failure Mode Effects Analysis (FMEA) is a tool used for static testing.
|
|
FMEA is a bottom-up technique that aims to assess the effects
|
|
of all component failure modes in a system.
|
|
%
|
|
Its use is traditionally limited to hardware systems. % only.
|
|
%
|
|
With the growing complexity of modern electronics traditional FMEA
|
|
is suffering from state explosion and re-use of analysis problems.
|
|
%
|
|
Also with the now ubiquitous use of micro-controllers in smart~instruments and control systems,
|
|
software is increasingly being seen as a `missing~factor' for FMEA. % analysis.
|
|
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
% Middle work and findings
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
This thesis presents a new modular variant of FMEA, Failure Mode Modular Decomposition (FMMD).
|
|
%
|
|
FMMD has been designed to integrate mechanical/electronic and software
|
|
failure models, by treating them all as components in terms of their failure modes.
|
|
%
|
|
For instance, software functions,
|
|
electronic and mechanical components
|
|
can all be assigned sets of failure modes.
|
|
%
|
|
FMMD builds failure mode models from the bottom-up by incrementally analysing
|
|
{\fgs} of components, using the results of analysis to create higher level {\dcs},
|
|
which in turn can be used to build {\fgs}.
|
|
%
|
|
In this way a hierarchical failure mode model
|
|
is built.
|
|
%
|
|
Software functions are treated as components by FMMD and can thus be incorporated seamlessly into
|
|
the failure mode hierarchical model.
|
|
%
|
|
A selection of examples, electronic circuits and hardware/software hybrids are analysed using
|
|
this new methodology.
|
|
%
|
|
The results of these analyses are then discussed from the perspective of safety critical application.
|
|
%
|
|
Performance in terms of test efficiency is greatly improved by FMMD and
|
|
the examples analysed and theoretical models are used to demonstrate this.
|
|
%
|
|
|
|
%Because FMMD is modular and hierarchical, and deals with all its objects in
|
|
%terms of their failure mode behaviour, it is ideally suited to creating integrated software and hardware models.
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
% End what has been achieved ---- all in 300ish word OK here we go.
|
|
%Conclusions are presented listing the
|
|
%and FMMD is compared with traditional HFMEA and SFMEA.
|
|
This thesis presents a methodology that solves the state explosion problems of FMEA;
|
|
provides integrated hardware and software failure mode models;
|
|
facilitates multiple failure mode analysis;
|
|
encourages re-use of analysis work
|
|
and can be used to produce traditional format FMEA reports.
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
|
|
|
% The certification process of safety critical products for European and other international
|
|
% standards often demand environmental stress, endurance and Electro Magnetic Compatibility (EMC) testing.
|
|
% Theoretical, or `static testing',is often also required. Failure Mode effects Analysis (FMEA) is a tool used for static testing.
|
|
% Its use is traditionally applied to hardware (electrical and mechanical) systems.
|
|
% With the increasing use of micro-controllers in smart~instruments and control systems,
|
|
% software is increasingly being seen as the `missing factor' in FMEA analysis.
|
|
% This paper presents a new modular variant of FMEA, Failure Mode Modular Decomposition (FMMD).
|
|
% Because FMMD is modular and hierarchical, and deals with all its objects in
|
|
% % terms of their failure mode behaviour, it is ideally suited to creating integrated software and hardware models.
|
|
% FMEA is a bottom-up technique that aims to assess the effects
|
|
% of all component failure modes on a system. It is used both as a design tool (to determine weaknesses),
|
|
% and is a requirement of certification of safety critical products. FMEA has been successfully applied to
|
|
% mechanical, electrical and hybrid electro-mechanical systems. Work on software FMEA (SFMEA) is beginning,
|
|
% but at present no technique for SFMEA that integrates hardware and software models exists.
|
|
% Software in current embedded systems practise sits on top of most modern safety critical control systems
|
|
% [and inside many data collection/actuator modules (smart~instruments)], and defines their most important
|
|
% system wide behaviour, interfaces and communications. Currently standards that demand FMEA for hardware
|
|
% (e.g. EN298, EN61508), do not specify it for software, but instead specify, computer architecture, good software practise,
|
|
% review processes and language feature constraints. Where FMEA traces component failure modes to resultant system failures,
|
|
% software has been left in a non-analytical limbo of best practises and constraints. Where SFMEA has been applied---for some
|
|
% automotive and highly safety critical systems---it has always been performed separately from hardware FMEA (HFMEA).
|
|
% %
|
|
% At present the hardware/software interface is a source for confusion and misunderstanding, and in many organisations,
|
|
% the actual design teams for software and hardware work in separate departments. Subtle errors of electronic systems for instance,
|
|
% may not be picked up by software specialists, and vice versa. It would be desirable to have a methodology that provides seamless
|
|
% software and hardware integration in its failure modelling. FMMD has been designed to integrate mechanical/electronic and software
|
|
% failure models, by treating all modular components in terms of their failure modes. For instance, a software function,
|
|
% or an electronic or a mechanical component can be assigned a known set of failure modes.
|
|
% This paper presents an overview of the FMMD methodology and then an FMMD analysis of a simple software/hardware hybrid sub-system.
|
|
%
|
|
%
|
|
% The example system chosen is a 4->20mA input circuit consisting of a resistive element, multiplexer (MUX),
|
|
% Analogue to Digital Converter (ADC) and two software functions. The purpose of this system is to convert an
|
|
% electrical current signal into a value for use in software. FMMD is applied to the hardware (resistive element, MUX and ADC)
|
|
% and to the software components (two `C' functions), producing one integrated failure mode model.
|
|
% The 4->20mA input circuitry used in the example and its related software, are accepted practise and in
|
|
% common use, and therefore its failure mode behaviour is well known and understood. For this reason it is a
|
|
% good example to use for comparing the results from FMMD analysis with known failure mode behaviour
|
|
% from the field/direct experience of engineers. The failure model is then discussed and compared with
|
|
% heuristic knowledge of 4->20mA inputs, circuitry and software.
|
|
% Conclusions are then presented listing the benefits and draw-backs of analysing the
|
|
% hardware/software hybrid system using FMMD, and FMMD is compared with traditional HFMEA and SFMEA.
|
|
|
|
|