Robin_PHD/presentations/fmea/fmea_pres.tex

\documentclass{beamer}
\title[Failure Mode Effects Analysis]{Failure Mode Effects Analysis\\A critical view}
\usetheme{Warsaw}
\usepackage[latin1]{inputenc}
\author{Robin Clark -- Energy Technology Control Ltd}
\institute{Brighton University}
\setbeamertemplate{footline}[page number]


\newcommand{\fg}{\em functional~group}
\newcommand{\fgs}{\em functional~groups}
\newcommand{\dc}{\em derived~component}
\newcommand{\dcs}{\em derived~components}
\newcommand{\bc}{\em base~component}
\newcommand{\bcs}{\em base~components}
\newcommand{\irl}{in~real~life}

\begin{document}

\section{F.M.E.A.}
\begin{frame}
\frametitle{Outline}
\tableofcontents[currentsection]
\end{frame}

\begin{frame}

\begin{itemize}
  \pause \item Failure
   \pause \item Mode
   \pause \item Effects
  \pause \item Analysis
\end{itemize}

\end{frame}

% % \begin{itemize}
%  \item Failure 
%  \item Mode 
%  \item Effects 
%  \item Analysis
% \end{itemize}


\subsection{FMEA basic concept}

\begin{frame}
\begin{itemize}
  \pause \item \textbf{F - Failures of given component} Consider a component in a system
   \pause \item \textbf{M - Failure Mode} Look at one of the ways in which it can fail (i.e. determine a component `failure~mode')
   \pause \item \textbf{E - Effects} Determine the effects this failure mode will cause to the system we are examining
  \pause \item \textbf{A - Analysis} Analyse how much impact this symptom will have on the environment/people/the system its-self
\end{itemize}
\end{frame}


\begin{frame}
 \frametitle{ FMEA Example: Milli-volt reader}
Example: Let us consider a system, in this case a milli-volt reader, consisting
of instrumentation amplifiers connected to a micro-processor
that reports its readings via RS-232.
\begin{figure}
 \centering
 \includegraphics[width=175pt]{./mvamp.png}
 % mvamp.png: 561x403 pixel, 72dpi, 19.79x14.22 cm, bb=0 0 561 403
\end{figure}


\end{frame}


\begin{frame}
 \frametitle{FMEA Example: Milli-volt reader}
Let us perform an FMEA and consider how one of its resistors failing could affect
it.
For the sake of example let us choose resistor R1 in the  OP-AMP gain circuitry.
\begin{figure}
 \centering
 \includegraphics[width=175pt]{./mvamp.png}
 % mvamp.png: 561x403 pixel, 72dpi, 19.79x14.22 cm, bb=0 0 561 403
\end{figure}

\end{frame}




\begin{frame}
 \frametitle{FMEA Example: Milli-volt reader}
\begin{itemize}
  \pause \item \textbf{F - Failures of given component} The resistor (R1) could fail by going OPEN or SHORT (EN298 definition).
   \pause \item \textbf{M - Failure Mode} Consider the component failure mode SHORT
   \pause \item \textbf{E - Effects} This will drive the minus input LOW causing a HIGH OUTPUT/READING
  \pause \item \textbf{A - Analysis} The reading will be out of normal range, and we will have an erroneous milli-volt reading
\end{itemize}
\end{frame}



\begin{frame}
Note here that we have had to look at the failure~mode
in relation to the entire circuit.
We have used intuition to determine the probable
effect of this failure mode.
We have not examined this failure mode
against every other component in the system.
Perhaps we should.... this would be a more rigorous and complete
approach in looking for system failures.

\end{frame}

\subsection{Rigorous FMEA - State Explosion}
\begin{frame}
 \frametitle{Rigorous Single Failure FMEA}
Consider the analysis
where we look at all the failure modes in a system, and then 
see how they can affect all other components within it.
\end{frame}


 \begin{frame}
\frametitle{Rigorous Single Failure FMEA}
We need to look at a large number of failure scenarios
to do this completely (all failure modes against all components).
This is represented in the equation below. %~\ref{eqn:fmea_state_exp},
where $N$ is the total number of components in the system, and 
$cfm$ is the number of failure modes per component.
  

\begin{equation}
  \label{eqn:fmea_single}
  N.(N-1).cfm % \\
  %(N^2 - N).cfm 
\end{equation}
\end{frame}


\begin{frame}
\frametitle{Rigorous Single Failure FMEA}
This would mean an order of $N^2$ number of checks to perform
to undertake a `rigorous~FMEA'. Even small systems have typically
100 components, and they typically have 3 or more failure modes each.
$100*99*3=29,700$.
\end{frame}




\begin{frame}
 \frametitle{Rigorous Double Failure FMEA}
For looking at potential double failure scenarios (two components
failing within a given time frame) and the order becomes
$N^3$.

\begin{equation}
  \label{eqn:fmea_double}
  N.(N-1).(N-2).cfm % \\
  %(N^2 - N).cfm 
\end{equation}

$100*99*98*3=2,910,600$.

The European Gas burner standard (EN298:2003), demands the checking of 
double failure scenarios (for burner lock-out scenarios).

\end{frame}


\section{PFMEA - Production FMEA : 1940's to present}

\begin{frame}
 
Production FMEA (or PFMEA), is FMEA used to prioritise, in terms of
cost, problems to be addressed in product production.

It focuses on known problems, determines the 
frequency they occur and their cost to fix.
This is multiplied together and called an RPN
number.
Fixing problems with the highest RPN number
will return most cost benefit.

\end{frame}


\begin{frame}
% benign example of PFMEA in CARS - make something up.
\frametitle{PFMEA Example}

{
\begin{table}[ht]
\caption{FMEA Calculations} % title of Table
%\centering % used for centering table
\begin{tabular}{|| l | l | c | c | l ||} \hline
 \textbf{Failure Mode} &   \textbf{P}             & \textbf{Cost}        &  \textbf{Symptom} & \textbf{RPN} \\ \hline \hline
      relay 1 n/c      & $1*10^{-5}$              &  38.0                & indicators fail   & 0.00038 \\ \hline
        relay 2 n/c      & $1*10^{-5}$              &  98.0                & doorlocks fail   & 0.00098 \\ \hline
%       rear end crash    &  $14.4*10^{-6}$         & 267,700              & fatal fire       &  3.855 \\
%       ruptured f.tank   &                         &                      &                  &        \\ \hline


\hline
\end{tabular}
\end{table}
}

%Savings: 180 burn deaths, 180 serious burn injuries, 2,100 burned vehicles. Unit Cost: $200,000 per death, $67,000 per injury, $700 per vehicle.
%Total Benefit: 180 X ($200,000) + 180 X ($67,000) + $2,100 X ($700) = $49.5 million.
%COSTS
%Sales: 11 million cars, 1.5 million light trucks.
%Unit Cost: $11 per car, $11 per truck.
%Total Cost: 11,000,000 X ($11) + 1,500,000 X ($11) = $137 million.


 

\end{frame}



%\subsection{Production FMEA : Example Ford Pinto : 1975}
\begin{frame}
 \frametitle{PFMEA Example: Ford Pinto: 1975}

\begin{figure}[h]
 \centering
 \includegraphics[width=200pt]{./ad_ford_pinto_mpg_red_3_1975.jpg}
 % ad_ford_pinto_mpg_red_3_1975.jpg: 720x933 pixel, 96dpi, 19.05x24.69 cm, bb=0 0 540 700
 \caption{Ford Pinto Advert}
 \label{fig:fordpintoad}
\end{figure}

\end{frame}


 \begin{frame}
 \frametitle{PFMEA Example: Ford Pinto: 1975}

\begin{figure}[h]
 \centering
 \includegraphics[width=200pt]{./burntoutpinto.png}
 % burntoutpinto.png: 376x250 pixel, 72dpi, 13.26x8.82 cm, bb=0 0 376 250
 \caption{Burnt Out Pinto}
 \label{fig:burntoutpinto}
\end{figure}


\end{frame}


\begin{frame}
 \frametitle{PFMEA Example: Ford Pinto: 1975}
 {
\begin{table}[ht]
\caption{FMEA Calculations} % title of Table
%\centering % used for centering table
\begin{tabular}{|| l | l | c | c | l ||} \hline
 \textbf{Failure Mode} &   \textbf{P}             & \textbf{Cost}        &  \textbf{Symptom} & \textbf{RPN} \\ \hline \hline
      relay 1 n/c      & $1*10^{-5}$              &  38.0                & indicators fail   & 0.00038 \\ \hline
        relay 2 n/c      & $1*10^{-5}$              &  98.0                & doorlocks fail   & 0.00098 \\ \hline
       rear end crash    &  $14.4*10^{-6}$         & 267,700              & fatal fire       &  3.855 \\
       ruptured f.tank   &                         &                      & allow               &        \\ \hline

     rear end crash    &  $1$                      &  $11$             &    recall   &   11.0 \\
       ruptured f.tank   &                         &                      & fix tank             &        \\ \hline

\hline
\end{tabular}
\end{table}
}

 
 http://www.youtube.com/watch?v=rcNeorjXMrE
 
\end{frame}
\section{FMECA - Failure Modes Effects and Criticallity Analysis}


\begin{frame}
\frametitle{ FMECA - Failure Modes Effects and Criticallity Analysis}
\begin{figure}
 \centering
 %\includegraphics[width=100pt]{./military-aircraft-desktop-computer-wallpaper-missile-launch.jpg}
 \includegraphics[width=100pt]{./A10_thunderbolt.jpg}
 % military-aircraft-desktop-computer-wallpaper-missile-launch.jpg: 1024x768 pixel, 300dpi, 8.67x6.50 cm, bb=0 0 246 184
 \caption{A10 Thunderbolt}
 \label{fig:f16missile}
\end{figure}
Emphasis on determining criticallity of failure.
Applies some Bayesian statistics (probabilities of component failures and those causing given system level failures).
\end{frame}


\section{FMECA - Failure Modes Effects and Criticallity Analysis}
\begin{frame}
\frametitle{ FMECA - Failure Modes Effects and Criticallity Analysis}
Very similar to PFMEA, but instead of cost, a criticallity or
seriousness factor is ascribed to putative top level incidents.
FMECA has three probability factors for component failures.

\textbf{FMECA ${\lambda}_{p}$ value.}
This is the overall failure rate of a base component.
This will typically be the failure rate per million ($10^6$) or
billion ($10^9$) hours of operation.

\textbf{FMECA $\alpha$ value.}
The failure mode probability, usually denoted by $\alpha$ is the  probability of 
is the probability of a particular failure
mode occurring within a component.
%, should it fail.
%A component with N failure modes will thus have
%have an $\alpha$ value associated with each of those modes.
%As the $\alpha$ modes are probabilities, the sum of all $\alpha$ modes for a component must equal one.
\end{frame}

\begin{frame}
\frametitle{ FMECA - Failure Modes Effects and Criticallity Analysis}
\textbf{FMECA $\beta$ value.}
The second probability factor $\beta$, is the probability that the failure mode
will cause a given system failure.
This corresponds to `Bayesian' probability, given a particular
component failure mode, the probability of a given system level failure.

\textbf{FMECA `t' Value}
The time that a system will be operating for, or the working life time of the product is
represented by the variable $t$. 
%for probability of failure on demand studies,
%this can be the number of  operating cycles or demands expected.

\textbf{Severity `s' value}
A weighting factor to indicate the seriousness of the putative system level error.
%Typical classifications are as follows:~\cite{fmd91}

\begin{equation}
 C_m  =  {\beta} .  {\alpha} . {{\lambda}_p} . {t} . {s}
\end{equation}

Highest $C_m$ values would be at the top of a `to~do' list
for a project manager.
\end{frame}



\section{FMEDA - Failure Modes Effects and Diagnostic Analysis}
\begin{frame}
\frametitle{ FMEDA - Failure Modes Effects and Diagnostic Analysis}
\begin{figure}
 \centering
 \includegraphics[width=200pt]{./SIL.png}
 % SIL.jpg: 350x286 pixel, 72dpi, 12.35x10.09 cm, bb=0 0 350 286
 \caption{SIL requirements}
\end{figure}

\end{frame}

\begin{frame}
\frametitle{ FMEDA - Failure Modes Effects and Diagnostic Analysis}
FMEDA is the methodology behind statistical (safety integrity level)
type standards (EN61508/IOC5108).
It provides a statistical overall level of safety
and allows diagnostic mitigation for self checking etc.
It provides guidelines for the design and architecture
of computer/software systems for the four levels of 
safety Integrity.
%For Hardware 

FMEDA does force the user to consider all components in a system
by requiring that a MTTF value is assigned for each failure~mode.
This MTTF may be statistically mitigated (improved)
if it can be shown that self-checking will detect failure modes.
\end{frame}

\begin{frame}
\frametitle{ FMEDA - Failure Modes Effects and Diagnostic Analysis}
Failure modes are classified as Safe or Dangerous according 
to the putative system level failure they will cause.
The Failure modes are also classified as Detected or
Undetected.
This gives us four level failure mode classifications:
Safe-Detected (SD), Safe-Undetected (SU), Dangerous-Detected (DD) or Dangerous-Undetected (DU),
and the probabilistic failure rate of each classification 
is represented by lambda variables
(i.e. $\lambda_{SD}$, $\lambda_{SU}$, $\lambda_{DD}$, $\lambda_{DU}$).
\end{frame}
\begin{frame}
\frametitle{ FMEDA - Failure Modes Effects and Diagnostic Analysis}
\textbf{Diagnostic Coverage.}
The diagnostic coverage is simply the ratio
of the dangerous detected probabilities
against the probability of all dangerous failures,
and is normally expressed as a percentage. $\Sigma\lambda_{DD}$ represents
the percentage of dangerous detected base component failure modes, and 
$\Sigma\lambda_D$ the total number of dangerous base component failure modes.

$$ DiagnosticCoverage = \Sigma\lambda_{DD} / \Sigma\lambda_D $$
\end{frame}


\begin{frame}
\frametitle{ FMEDA - Failure Modes Effects and Diagnostic Analysis}
The \textbf{diagnostic coverage} for safe failures, where  $\Sigma\lambda_{SD}$ represents the percentage of
safe detected base component failure modes,
and $\Sigma\lambda_S$ the total number of safe base component failure modes,
is given as

$$ SF = \frac{\Sigma\lambda_{SD}}{\Sigma\lambda_S} $$
\end{frame}

\begin{frame}
\frametitle{ FMEDA - Failure Modes Effects and Diagnostic Analysis}
\textbf{Safe Failure Fraction.}
A key concept in  FMEDA is Safe Failure Fraction (SFF).
This is the ratio of safe  and dangerous detected failures
against all safe and dangerous failure probabilities. 
Again this is usually expressed as a percentage.

$$ SFF = \big( \Sigma\lambda_S + \Sigma\lambda_{DD} \big) / \big( \Sigma\lambda_S + \Sigma\lambda_D \big) $$
SFF determines how proportionately fail-safe a system is, not how reliable it is !

\end{frame}

\begin{frame}
\frametitle{ FMEDA - Failure Modes Effects and Diagnostic Analysis}
To achieve SIL levels, diagnostic coverage and SFF levels are prescribed along with
hardware architectures and software techniques.
Over all   the aim of SIL is classify the safety of a system,
by statistically determining how frequently it can fail dangerously.


\end{frame}

\begin{frame}
\frametitle{ FMEDA - Failure Modes Effects and Diagnostic Analysis}
{
\begin{table}[ht]
\caption{FMEA Calculations} % title of Table
%\centering % used for centering table
\begin{tabular}{|| l | l | c | c | l ||} \hline
 \textbf{SIL} &   \textbf{Low Demand}     & \textbf{Continuous Demand}          \\ 
              & Prob of failing on demand & Prob of failure per hour  \\ \hline \hline
      4       & $ 10^{-5}$ to $< 10^{-4}$  &   $ 10^{-9}$ to $< 10^{-8}$                \\ \hline
      3       &  $ 10^{-4}$ to $< 10^{-3}$ &    $ 10^{-8}$ to $< 10^{-7}$             \\ \hline
      2       &  $ 10^{-3}$ to $< 10^{-2}$ &    $ 10^{-7}$ to $< 10^{-6}$             \\ \hline
      1       &  $ 10^{-2}$ to $< 10^{-1}$ &    $ 10^{-6}$ to $< 10^{-5}$                        \\ \hline

\hline
\end{tabular}
\end{table}
}
Table adapted from EN61508-1:2001 [7.6.2.9 p33]
\end{frame}

\begin{frame}
\frametitle{ FMEDA - Failure Modes Effects and Diagnostic Analysis}
FMEDA is a modern extension of FMEA, in that it will allow for 
self checking features, and provides detailed recommendations for computer/software architecture.
It also has a simple final result, a Safety Integrity Level (SIL) from 1 to 4 (where 4 is safest).

%FMEA can be used as a term simple to mean Failure Mode Effects Analysis, and is
%part of product approval for many regulated products in the EU and the USA...

\end{frame}




\section{FMEA used for Safety Critical Approvals}

\begin{frame}
\frametitle{DESIGN FMEA: Safety Critical Approvals FMEA}
Experts from Approval House and Equipment Manufacturer
discuss selected component failure modes
judged to be in critical sections of the product.


\begin{figure}[h]
 \centering
 \includegraphics[width=100pt,keepaspectratio=true]{./tech_meeting.png}
 % tech_meeting.png: 350x299 pixel, 300dpi, 2.97x2.53 cm, bb=0 0 84 72
 \caption{FMEA  Meeting}
 \label{fig:tech_meeting}
\end{figure}
\end{frame}

\begin{frame}
\frametitle{DESIGN FMEA: Safety Critical Approvals FMEA}

\begin{figure}[h]
 \centering
 \includegraphics[width=70pt,keepaspectratio=true]{./tech_meeting.png}
 % tech_meeting.png: 350x299 pixel, 300dpi, 2.97x2.53 cm, bb=0 0 84 72
 \caption{FMEA  Meeting}
 \label{fig:tech_meeting}
\end{figure}

\begin{itemize}
  \pause \item Impossible to look at all component failures let alone apply FMEA rigorously.
  \pause \item In practise, failure scenarios for critical sections are contested, and either justified or extra safety measures implemented.
   \pause \item Often Meeting notes or minutes only. Unusual for detailed arguments to be documented.
\end{itemize}

\end{frame}

\section{FMEA - General Criticism}
\begin{frame}
\frametitle{FMEA - General Criticism}

\begin{itemize}
  \pause \item Reasoning Distance - component failure to system level symptom
   \pause \item State explosion - impossible to perform rigorously
   \pause \item Difficult to re-use previous analysis work
  \pause \item FMEA type methodologies were designed for simple electro-mechanical systems of the 1940's to 1960's.
\end{itemize}

%

\end{frame}


\subsection{FMEA - Better Metodology - Wish List}
 
\begin{frame}
\frametitle{FMEA - Better Metodology - Wish List}

\begin{itemize}
  
   \pause \item State explosion  
  \pause \item  Rigorous
   \pause \item Reasoning Traceable  
   \pause \item re-useable
  %\pause \item  
\end{itemize}

%FMEDA is a modern extension of FMEA, in that it will allow for 
%self checking features, and provides detailed recommendations for computer/software architecture,
%but

\end{frame}
\section{Failure Mode Modular De-Composition}
\begin{frame}
 \frametitle{FMMD - Failure Mode Modular De-Composition}
% Consider the FMEA type methodologies
% where we look at all the failure modes in a system, and then 
% see how they can affect all other components within it,
% to determine its system level symptom or failure mode.
% We need to look at a large number of failure scenarios
% to do this completely (all failure modes against all components).
% This is represented in equation~\ref{eqn:fmea_state_exp},
% where $N$ is the total number of components in the system, and 
% $cfm$ is the number of failure modes per component.
% 
% \begin{equation}
%   \label{eqn:fmea_state_exp}
%   N.(N-1).cfm % \\
%   %(N^2 - N).cfm 
% \end{equation}


The FMMD methodology breaks the analysis down into small stages,
by making the analyst choose {\fgs} of components, to which FMEA is applied.
When analysed, a set of symptoms of failure for the {\fg} is used create a derived~component.
The derived components failure modes, are the symptoms of the {\fg}
from which it was derived.
We can use derived components to form `higher~level' {\fgs}.
This creates an analysis hierarchy.
\end{frame}


\subsection{FMMD Outline of Methodology}
\begin{frame}
\frametitle{FMMD - Outline of Methodology}
\begin{itemize}
  \pause \item Select `{\fgs}' of components ( groups that perform a well defined function).
  \pause \item Using the failure modes of the components create failure scenarios.
  \pause \item Analyse each failure scenario of the {\fg}. 
  \pause \item Collect Symptoms.
  \pause \item Create a '{\dc}', where its failure modes are the symptoms of the {\fg} it was derived from.
  \pause \item The {\dc} is now available to be used in higher level {\fgs}.
\end{itemize}
\end{frame}



\subsection{FMMD - Example - Milli Volt Amplifier}
\begin{frame}
\frametitle{FMMD - Example - Milli Volt Amplifier}
We can return to the milli-volt amplifier as an example to analyse.

We can begin by looking for functional groups.
The resistors would together to perform a fairly common function in electronics, that of the potential divider.
So our first functional group is $\{ R1, R2 \}$.
We can now take the failure modes for the resistors (OPEN and SHORT EN298) and see what effect each of these failures will have on the {\fg} (the potential divider).
\begin{figure}
 \centering
 \includegraphics[width=100pt]{./mvampcircuit.png}
 % mvampcircuit.png: 243x143 pixel, 72dpi, 8.57x5.04 cm, bb=0 0 243 143
\end{figure}

\end{frame}


\begin{frame}
\frametitle{FMMD - Example - Resistor and failure modes}
Resistor and its failure modes represented as a directed graph.

\begin{figure}
 \centering
 \includegraphics[width=200pt]{./resistor_failure_graph.png}
 % resistor_failure_graph.png: 391x279 pixel, 93dpi, 10.68x7.62 cm, bb=0 0 303 216
 \label{fig:resasfm}
\end{figure}

\end{frame}


\subsubsection{Potential Divider}
\begin{frame}
\frametitle{FMMD - Example - Failure mode analysis of Potential Divider}


\begin{table}
\begin{tabular}{|| l | l | c | c | l ||} \hline
 \textbf{Failure Scenario} & &  \textbf{Pot Div Effect}  &   & \textbf{Symptom}          \\ 
               \hline
     FS1: R1 SHORT    &  & $LOW$   &  &  $PDLow$                \\ \hline
    FS2: R1 OPEN      &  &  $HIGH$ &  &  $PDHigh$             \\ \hline
     FS3: R2 SHORT    &  &  $HIGH$ &  &  $PDHigh$             \\ \hline
     FS4: R2 OPEN     &  &  $LOW$  &  &  $PDLow$                        \\ \hline
\hline
\end{tabular}
\end{table}

\begin{figure}
 \centering
 \includegraphics[width=100pt,keepaspectratio=true]{./pd.png}
 % pd.png: 361x241 pixel, 72dpi, 12.74x8.50 cm, bb=0 0 361 241
\end{figure}
\end{frame}



\begin{frame}
\frametitle{FMMD - Example - Potential Divider as Derived Component}
\begin{figure}
 \centering
 \includegraphics[width=175pt]{./pd_failures_as_graph.png}
 % pd_dc_failures_as_graph.png: 389x284 pixel, 93dpi, 10.63x7.76 cm, bb=0 0 301 220
 \label{fig:pd}
\end{figure}
\end{frame}


\begin{frame}
\frametitle{FMMD - Example - Potential Divider as Derived Component}
\begin{figure}
 \centering
 \includegraphics[width=200pt]{./pd_dc_failures_as_graph.png}
 % pd_dc_failures_as_graph.png: 389x284 pixel, 93dpi, 10.63x7.76 cm, bb=0 0 301 220
 \label{fig:pd}
\end{figure}
\end{frame}

\begin{frame}
\frametitle{FMMD - Example - Potential Divider as Derived Component}

We can now use this pre-analysed potential divider `derived~component'
in a higher level design.

\begin{figure}
 \centering
 \includegraphics[width=100pt]{./pd_dc_failures_as_graph.png}
 % pd_dc_failures_as_graph.png: 389x284 pixel, 93dpi, 10.63x7.76 cm, bb=0 0 301 220
 \label{fig:pd}
\end{figure}
\end{frame}

\subsection{Non Inverting OP-AMP}

\begin{frame}
\frametitle{FMMD - Example - Non Inverting OP-AMP}
\begin{figure}
 \centering
 \includegraphics{./mvampcircuit.png}
 % mvampcircuit.png: 243x143 pixel, 72dpi, 8.57x5.04 cm, bb=0 0 243 143
\end{figure}

\end{frame}



\begin{frame}
\frametitle{FMMD - Example - Non Inverting OP-AMP}
\begin{figure}
 \centering
 \includegraphics[width=300pt]{./non_inv_amp_fmea.png}
 % non_inv_amp_fmea.png: 964x492 pixel, 96dpi, 25.50x13.02 cm, bb=0 0 723 369
\end{figure}

\end{frame}


\begin{frame}
\frametitle{FMMD - Example - Non Inverting OP-AMP}
% \begin{figure}
%  \centering
%  \includegraphics[width=200pt]{./opamp_failures_as_graph.png} // op amp failure modes
%  % opamp_failures_as_graph.png: 329x440 pixel, 93dpi, 8.99x12.02 cm, bb=0 0 255 341
% \end{figure}
\begin{figure}
 \centering
 \includegraphics[width=150pt]{./fg_opamp_pd_as_graph.png}
 % fg_opamp_pd_as_graph.png: 750x826 pixel, 93dpi, 20.49x22.56 cm, bb=0 0 581 640
\end{figure}
\end{frame}



\begin{frame}
\frametitle{FMMD - Example - Non Inverting OP-AMP}
\begin{figure}
 \centering
 \includegraphics[width=150pt]{./n_inv_dc.png}
 % n_inv_dc.png: 296x326 pixel, 72dpi, 10.44x11.50 cm, bb=0 0 296 326
\end{figure}

\end{frame}



\begin{frame}
\frametitle{FMMD - Example - Non Inverting OP-AMP}
\begin{figure}
 \centering
 \includegraphics[width=200pt]{./fmmd_exm_h.png}
 % fmmd_exm_h.png: 376x241 pixel, 72dpi, 13.26x8.50 cm, bb=0 0 376 241
\end{figure}


\end{frame}

\begin{frame}
\frametitle{FMMD - Failure Mode Modular De-Composition}
We can view the functional groups in FMMD as forming a hierarchy.
If for the sake of example we consider each functional group to
be three components, the figure below shows
how the levels work and converge to a top or system level.
\begin{figure}
 \centering
 \includegraphics[width=300pt]{./three_tree.png}
 % three_tree.png: 780x226 pixel, 72dpi, 27.52x7.97 cm, bb=0 0 780 226
 \caption{Functional Group Tree example}
 \label{fig:three_tree}
\end{figure}
\end{frame}
 
\begin{frame}
\frametitle{FMMD - Failure Mode Modular De-Composition}
The fact FMMD analyses small groups of components at a time, and organises them
into a hierarchy
addresses the state explosion (where $O$ is order
of complexity) $O=N^2$ inherent in equation

\begin{equation}
  \label{eqn:fmea_single2}
  N.(N-1).cfm % \\
  %(N^2 - N).cfm 
\end{equation}


We can represent the number of failure scenarios to check in an FMMD hierarchy
with equation~\ref{eqn:anscen}.

\begin{equation}
  \label{eqn:anscen}
  \sum_{n=0}^{L} {fgn}^{n}.fgn.cfm.(fgn-1) 
\end{equation}
Where $fgn$ is the number of components in each functional group,
and $cfm$ is the number of failure modes per component
and L is the number of levels, the number of
analysis scenarios to consider is show in equation~\ref{eqn:anscen}.

~\ref{eqn:fmea_state_exp}.

\end{frame}



% So for a very simple analysis with three components forming a functional group where
% each component has three failure modes, we have only one level (zero'th).
% So to check every failure modes against the other components in the functional group
% requires 18 checks.
% 
% \begin{equation}
%   \label{eqn:anscen2}
%   \sum_{n=0}^{0} {3}^{0}.3.3.(3-1) = 18 
% \end{equation}
% \clearpage
% 
% 
% 
% In other words, we have three components in our functional group, 
% and nine failure modes to consider.
% So taking each failure mode and looking at how that could affect the functional group,
% we must compare each failure mode against the two other components (the `$fgn-1$' term).
% 
% For the one `zero' level FMMD case we are doing the same thing as FMEA type analysis
% (but on a very simple small sub-system).
% We are looking at how each failure~mode can effect the system/top level.
% We can use equation~\ref{eqn:fmea_state_exp44} to represent 
% the number of checks to rigorously perform FMEA, where $N$ is the total
% number of components in the system, and $cfm$ is the number of failures per component.


% 
% Where $N=3$ and $cfm=3$ we can see that  the number of checks for this simple functional 
% group is the same for equation~\ref{eqn:fmea_state_exp22}
% and equation~\ref{eqn:anscen}.
% \clearpage

%\section{Example}
\begin{frame}
\frametitle{FMMD - Failure Mode Modular De-Composition}
To see the effects of reducing `state~explosion' we can use an example.
% with fixed numbers
%for components in a functional group, and failure modes per component.
Let us take a system with 4 levels (with a top/system 0 level),
with three components per functional group and three failure modes per component,
 and apply these formulae.
Having 4 levels (in addition to the top zero'th level)
will require 81 base level components.

$$
%\begin{equation}
  \label{eqn:fmea_state_exp22}
  81.(81-1).3 = 19440 % \\
  %(N^2 - N).cfm 
%\end{equation}
$$

$$
%\begin{equation}
 % \label{eqn:anscen}
  \sum_{n=0}^{4} {3}^{n}.3.3.(2) = 2178 
%\end{equation}
$$
\end{frame}


\begin{frame}
\frametitle{FMMD - Failure Mode Modular De-Composition}
Thus for FMMD we needed to examine 2178 failure~modes against functionally adjacent components, and for traditional FMEA
type analysis methods 19440.
% In practical example followed through, no more than 9 components have ever been required for a functional
% group and the largest known number of failure modes has been 6.
% If we take these numbers and double them (18 components per functional group
% and 12 failure modes per component) and apply the formulas for a 4 level analysis
% (i.e. 

\end{frame}

\begin{frame}
\frametitle{FMMD - Failure Mode Modular De-Composition}

Note that for all possible double simultaneous failures the equation~\ref{eqn:fmea_state_exp2} becomes
equation~\ref{eqn:fmea_state_exp2} essentially making the order $N^3$.
The FMMD case (equation~\ref{eqn:anscen2}), is cubic within the functional groups only, 
not all the components in the system.

\begin{equation}
  \label{eqn:fmea_state_exp2}
  N.(N-1).(N-2).cfm % \\
  %(N^2 - N).cfm 
\end{equation}

\begin{equation}
  \label{eqn:anscen2}
  \sum_{n=0}^{L} {fgn}^{n}.fgn.cfm.(fgn-1).(fgn-2)
\end{equation}
\end{frame}

\begin{frame}
\frametitle{FMMD - Failure Mode Modular De-Composition}
\textbf{Traceability}
Because each reasoning stage contains associations ($FailureMode \mapsto Sypmtom$)
we can trace the `reasoning' from base level component failure mode to top level/system
failure, by traversing the tree/hierarchy. This is in effect providing a `framework' of the reasoning.


\end{frame}

\begin{frame}
\frametitle{FMMD - Failure Mode Modular De-Composition}
\textbf{Re-usability}
Electronic Systems use commonly re-used functional groups (such as potential~dividers, amplifier configurations etc)
Once a derived component is determined, it can generally be used in other projects.
 
\end{frame}


\begin{frame}
\frametitle{FMMD - Failure Mode Modular De-Composition}
\textbf{Total coverage}
With FMMD we can ensure that all component failure modes
have been represented as a symptom in the derived components created from them.
We can thus apply automated checking to ensure that no
failure modes, from base or derived components have been
missed in an analysis.
\end{frame}



\subsection{conclusion}
\begin{frame}
\frametitle{FMMD - Failure Mode Modular De-Composition}
\textbf{Conclusion: FMMD}

\begin{itemize}
  \pause \item Addresses State Explosion
   \pause \item Addresses total coverage of all components and their failure modes
   \pause \item Provides traceable reasoning
  \pause \item derived components are re-use-able
\end{itemize}
\end{frame}

\begin{frame}
\frametitle{FMMD - Failure Mode Modular De-Composition}
\textbf{Questions?}
\end{frame}

\end{document}