robin/Robin_PHD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
cd0ec8fa69
Robin_PHD/submission_thesis/appendixes/detailed_analysis.tex

1118 lines
51 KiB
TeX
Raw Blame History

%%% Appendix for detailed workings out from CH5
\chapter{Detailed FMMD analyses}
\section{Bubba Oscillator FMMD analyses}
For clarity the detailed workings of the FMMD analysis stages in many of the examples
in chapter 5 have been moved here for reference.
\subsection{PHS45 Detailed Analysis}
FMEA study of a resistor and capacitor in use as a phase changer.
\label{detail:PHS45}
\begin{table}[h+]
\center
\caption{PhaseShift: Failure Mode Effects Analysis: Single Faults} % title of Table
\label{tbl:firstorderlp}
\begin{tabular}{|| l | c | l ||} \hline
% \textbf{Failure Scenario} & & \textbf{First Order} & & \textbf{Symptom} \\
% & & \textbf{Low Pass Filter} & & \\
\textbf{Failure} & \textbf{$PHS45$ } & \textbf{Symptom} \\ % \textbf{Derived Component} \\
\textbf{cause} & \textbf{Effect} & \\ % \textbf{Failure Mode} \\
\hline
FS1: R SHORT & 0 degree's of phase shift & $0\_phaseshift$ \\
% 90 degree's of phase shift & & $90\_phaseshift$
FS2: R OPEN & No Signal & $nosignal$ \\ \hline
FS3: C SHORT & Grounded,No Signal & $nosignal$ \\
FS4: C OPEN & 0 degree's of phase shift & $0\_phaseshift$ \\ \hline
\hline
\end{tabular}
\end{table}
% PHS45
\clearpage
\subsection{Bubba Oscillator: One Large Functional Group: Detailed Analysis}
\label{detail:BUBOSC1}
\begin{table}[h+]
\caption{Bubba Oscillator: Failure Mode Effects Analysis: One Large Functional Group} % title of Table
\label{tbl:bubbalargefg}
\center
\begin{tabular}{|| l | l | c | c | l ||} \hline
% \textbf{Failure Scenario} & & \textbf{Bubba} & & \textbf{Symptom} \\
% & & \textbf{Oscillator} & & \\
\textbf{Failure} & & \textbf{$BubbaOscillator$ } & & \textbf{Symptom} \\
\textbf{cause} & & \textbf{Effect} & & \\
\hline
FS1: $PHS45_1$ $0\_phaseshift$ & & osc frequency high & & $HI_{fosc}$ \\
FS2: $PHS45_1$ $no\_signal$ & & signal lost & & $NO_{osc}$ \\ \hline
% FS3: $PHS45_1$ $90\_phaseshift$ & & osc frequency low & & $LO_{fosc}$ \\ \hline
FS3: $NIBUFF_1$ $L_{up}$ & & output high No Oscillation & & $NO_{osc}$ \\
FS4: $NIBUFF_1$ $L_{dn}$ & & output low No Oscillation & & $NO_{osc}$ \\
FS5: $NIBUFF_1$ $N_{oop}$ & & output low No Oscillation & & $NO_{osc}$ \\
FS6: $NIBUFF_1$ $L_{slew}$ & & signal lost & & $NO_{osc}$ \\ \hline
FS7: $PHS45_2$ $0\_phaseshift$ & & osc frequency high & & $HI_{fosc}$ \\
FS8: $PHS45_2$ $no\_signal$ & & signal lost & & $NO_{osc}$ \\
%FS10: $PHS45_2$ $90\_phaseshift$ & & osc frequency low & & $LO_{fosc}$ \\ \hline
FS9: $NIBUFF_2$ $L_{up}$ & & output high No Oscillation & & $NO_{osc}$ \\
FS10: $NIBUFF_2$ $L_{dn}$ & & output low No Oscillation & & $NO_{osc}$ \\
FS11: $NIBUFF_2$ $N_{oop}$ & & output low No Oscillation & & $NO_{osc}$ \\
FS12: $NIBUFF_2$ $L_{slew}$ & & signal lost & & $NO_{osc}$ \\ \hline
FS13: $PHS45_3$ $0\_phaseshift$ & & osc frequency high & & $HI_{fosc}$ \\
FS14: $PHS45_3$ $no\_signal$ & & signal lost & & $NO_{osc}$ \\ \hline
% FS17: $PHS45_3$ $90\_phaseshift$ & & osc frequency low & & $LO_{fosc}$ \\ \hline
FS15: $NIBUFF_3$ $L_{up}$ & & output high No Oscillation & & $NO_{osc}$ \\
FS16: $NIBUFF_3$ $L_{dn}$ & & output low No Oscillation & & $NO_{osc}$ \\
FS17: $NIBUFF_3$ $N_{oop}$ & & output low No Oscillation & & $NO_{osc}$ \\
FS18: $NIBUFF_3$ $L_{slew}$ & & signal lost & & $NO_{osc}$ \\ \hline
FS19: $PHS45_4$ $0\_phaseshift$ & & osc frequency high & & $HI_{fosc}$ \\
FS20: $PHS45_4$ $no\_signal$ & & signal lost & & $NO_{osc}$ \\ \hline
% FS24: $PHS45_4$ $90\_phaseshift$ & & osc frequency low & & $LO_{fosc}$ \\ \hline
FS21: $INVAMP$ $OUTOFRANGE$ & & signal lost & & $NO_{osc}$ \\
FS22: $INVAMP$ $ZEROOUTPUT$ & & signal lost & & $NO_{osc}$ \\
FS23: $INVAMP$ $NOGAIN$ & & signal lost & & $NO_{osc}$ \\
FS24: $INVAMP$ $LOWPASS$ & & signal lost & & $NO_{osc}$ \\ \hline
% FS1: $CAP_{10nF}$ $OPEN$ & & osc frequency low & & $LO_{fosc}$ \\ \hline
% FS1: $CAP_{10nF}$ $SHORT$ & & osc frequency low & & $LO_{fosc}$ \\ \hline
\hline
\end{tabular}
\end{table}
Collecting symptoms from table~\ref{tbl:bubbalargefg} it can be shown that for single failure modes, applying $fm$ to the bubba oscillator
gives three failure modes:
%
$$ fm(BubbaOscillator) = \{ NO_{osc}, HI_{fosc}\} . $$ %, LO_{fosc} \} . $$
%\clearpage
\subsection{BUFF45: Detailed Analysis}
\label{detail:BUFF45}
\begin{table}[h+]
\caption{BUFF45: Failure Mode Effects Analysis} % title of Table
\label{tbl:buff45}
\begin{tabular}{|| l | l | c | c | l ||} \hline
%\textbf{Failure Scenario} & & \textbf{BUFF45} & & \textbf{Symptom} \\
% & & & & \\
\textbf{Failure} & & \textbf{$BUFF45$ } & & \textbf{Symptom} \\
\textbf{cause} & & \textbf{Effect} & & \\
\hline
FS1: $PHS45_1$ $0\_phaseshift$ & & phase shift low & & $0\_phaseshift$ \\
FS2: $PHS45_1$ $no\_signal$ & & signal lost & & $NO_{signal}$ \\ \hline
%FS3: $PHS45_1$ $90\_phaseshift$ & & phase shift high & & $90\_phaseshift$ \\ \hline
FS3: $NIBUFF_1$ $L_{up}$ & & output high & & $NO_{signal}$ \\
FS4: $NIBUFF_1$ $L_{dn}$ & & output low & & $NO_{signal}$ \\
FS5: $NIBUFF_1$ $N_{oop}$ & & output low & & $NO_{signal}$ \\
FS6: $NIBUFF_1$ $L_{slew}$ & & signal lost & & $NO_{signal}$ \\ \hline
\hline
\end{tabular}
\end{table}
collecting symptoms from table~\ref{tbl:buff45}, a derived component $BUFF45$ is created which has the following failure modes:
$$
fm (BUFF45) = \{ 0\_phaseshift, NO\_signal .\} % 90\_phaseshift,
$$
%
\clearpage
\subsection{PHS135BUFFERED: Failure Mode Effects Analysis} % title of Table
\label{detail:PHS135BUFFERED}
\begin{table}[h+]
\center
\caption{PHS135BUFFERED: Failure Mode Effects Analysis} % title of Table
\label{tbl:phs135buffered}
\begin{tabular}{|| l | l | c | c | l ||} \hline
%\textbf{Failure Scenario} & & \textbf{PHS135 Buffered} & & \textbf{Symptom} \\
% & & & & \\
\textbf{Failure} & & \textbf{$PHS135BUFFERED$ } & &\textbf{Symptom} \\
\textbf{cause} & & \textbf{Effect} & & \\
\hline
FS1: $PHS45_1$ $0\_phaseshift$ & & phase shift low & & $90\_phaseshift$ \\
FS2: $PHS45_1$ $no\_signal$ & & signal lost & & $NO_{signal}$ \\ \hline
%FS3: $PHS45_1$ $90\_phaseshift$ & & phase shift high & & $180\_phaseshift$ \\ \hline
FS3: $PHS45_2$ $0\_phaseshift$ & & phase shift low & & $90\_phaseshift$ \\
FS4: $PHS45_2$ $no\_signal$ & & signal lost & & $NO_{signal}$ \\ \hline
% FS6: $PHS45_2$ $90\_phaseshift$ & & phase shift high & & $180\_phaseshift$ \\ \hline
FS5: $PHS45_3$ $0\_phaseshift$ & & phase shift low & & $90\_phaseshift$ \\
FS6: $PHS45_3$ $no\_signal$ & & signal lost & & $NO_{signal}$ \\ \hline
% FS9: $PHS45_3$ $90\_phaseshift$ & & phase shift high & & $180\_phaseshift$ \\ \hline
\hline
\end{tabular}
\end{table}
%
%
Collecting symptoms from table~\ref{tbl:phs135buffered}, a derived component $PHS135BUFFERED$ is created which has the following failure modes:
$$
fm (PHS135BUFFERED) = \{ 90\_phaseshift, NO\_signal .\} % 180\_phaseshift,
$$
%
\clearpage
\subsection{PHS225AMP: Failure Mode Effects Analysis} % title of Table
\label{detail:PHS225AMP}
\begin{table}[h+]
\center
\caption{PHS225AMP: Failure Mode Effects Analysis} % title of Table
\label{tbl:phs225amp}
\begin{tabular}{|| l | l | c | c | l ||} \hline
%\textbf{Failure Scenario} & & \textbf{PHS225AMP} & & \textbf{Symptom} \\
% & & \textbf{Oscillator} & & \\
\textbf{Failure} & & \textbf{$PHS225AMP$ } & & \textbf{Symptom} \\
\textbf{cause} & & \textbf{Effect} & & \\
\hline
FS1: $PHS45_1$ $0\_phaseshift$ & & phase shift low & & $180\_phaseshift$ \\
FS2: $PHS45_1$ $no\_signal$ & & signal lost & & $NO_{signal}$ \\ \hline
% FS3: $PHS45_1$ $90\_phaseshift$ & & phase shift high & & $270\_phaseshift$ \\ \hline
FS3: $INVAMP$ $L_{up}$ & & output high & & $NO_{signal}$ \\
FS4: $INVAMP$ $L_{dn}$ & & output low & & $NO_{signal}$ \\
FS5: $INVAMP$ $N_{oop}$ & & output low & & $NO_{signal}$ \\
FS6: $INVAMP$ $L_{slew}$ & & signal lost & & $NO_{signal}$ \\ \hline
\hline
\end{tabular}
\end{table}
%
Applying FMMD a derived component $PHS225AMP$ is created which has the following failure modes:
$$
fm (PHS225AMP) = \{ 180\_phaseshift, NO\_signal .\} % 270\_phaseshift,
$$
\clearpage
\subsection{BUBBAOSC: Failure Mode Effects Analysis} % title of Table
\label{detail:BUBBAOSC}
\begin{table}[h+]
\center
\caption{BUBBAOSC: Failure Mode Effects Analysis} % title of Table
\label{tbl:bubba2}
\begin{tabular}{|| l | l | c | c | l ||} \hline
%\textbf{Failure Scenario} & & \textbf{BUBBAOSC} & & \textbf{Symptom} \\
% & & & & \\
\textbf{Failure} & & \textbf{$BUBBAOSC$ } & & \textbf{Symptom} \\
\textbf{cause} & & \textbf{Effect} & & \\
\hline
%FS1: $PHS135BUFFERED$ $180\_phaseshift$ & & phase shift high & & $LO_{fosc}$ \\
FS1: $PHS135BUFFERED$ $no\_signal$ & & signal lost & & $NO_{osc}$ \\
FS2: $PHS135BUFFERED$ $90\_phaseshift$ & & phase shift low & & $HI_{osc}$ \\ \hline
% FS4: $PHS225AMP$ $270\_phaseshift$ & & phase shift high & & $LO_{fosc}$ \\
FS4: $PHS225AMP$ $180\_phaseshift$ & & phase shift low & & $HI_{osc}$ \\
FS5: $PHS225AMP$ $NO\_signal$ & & lost signal & & $NO_{signal}$ \\ \hline
\hline
\end{tabular}
\end{table}
%
Collecting symptoms from table~\ref{tbl:bubba2}, a derived component $BUBBAOSC$ is created which has the following failure modes:
$$
fm (BUBBAOSC) = \{ HI_{osc}, NO\_signal .\} % LO_{fosc},
$$
\clearpage
\section{Sigma Delta Detailed FMMD Analyses}
\subsection{FMMD Analysis of Summing Junction Integrator: SUMJINT}
\label{detail:SUMJINT}
\begin{table}[h+]
\center
\caption{Summing Junction Integrator($SUMJINT$): Failure Mode Effects Analysis} % title of Table
\label{tbl:sumjint}
\begin{tabular}{|| l | l | c | c | l ||} \hline
%\textbf{Failure Scenario} & & \textbf{failure result} & & \textbf{Symptom} \\
% & & & & \\
\textbf{Failure} & & \textbf{$SUMJINT$ } & & \textbf{Symptom} \\
\textbf{cause} & & \textbf{Effect} & & \\
\hline\hline
FS1: $R1$ $OPEN$ & & $V_{in}$ dominates input & & $V_{in} DOM$ \\
FS2: $R1$ $SHORT$ & & $V_{fb}$ dominates input & & $V_{fb} DOM$ \\ \hline
FS3: $R2$ $OPEN$ & & $V_{fb}$ dominates input & & $V_{fb} DOM$ \\
FS4: $R2$ $SHORT$ & & $V_{in}$ dominates input & & $V_{in} DOM$ \\ \hline
FS5: $IC1$ $HIGH$ & & output perm. high & & HIGH \\
FS6: $IC1$ $LOW$ & & output perm. low & & LOW \\ \hline
FS7: $IC1$ $NOOP$ & & no current to drive C1 & & NO\_INTEGRATION \\
FS8: $IC1$ $LOW\_SLEW$ & & signal delay to C1 & & NO\_INTEGRATION \\ \hline
FS9: $C1$ $OPEN$ & & no capacitance & & NO\_INTEGRATION \\
FS10: $C1$ $SHORT$ & & no capacitance & & NO\_INTEGRATION \\ \hline
% \hline
% FS1: $IC2$ $HIGH$ & & output perm. high & & HIGH \\
% FS2: $IC2$ $LOW$ & & output perm. low & & LOW \\ \hline
% FS3: $IC2$ $NOOP$ & & no current drive & & LOW \\
% FS4: $IC2$ $LOW\_SLEW$ & & delayed signal & & LOW\_SLEW \\ \hline
% \hline
\hline
\end{tabular}
\end{table}
Collecting the {\dc} failure modes of
$SUMJINT$ gives $$\{ V_{in} DOM, V_{fb} DOM, NO\_INTEGRATION, HIGH, LOW \} .$$
\clearpage
\subsection{FMMD Analysis of High Impedance Signal Buffer : HISB}
\label{detail:HISB}
\begin{table}[h+]
\center
% \center
\caption{ High Impedance Signal Buffer : Failure Mode Effects Analysis} % title of Table
\begin{tabular}{|| l | l | c | c | l ||} \hline
%\textbf{Failure Scenario} & & \textbf{failure result} & & \textbf{Symptom} \\
% & & & & \\
\textbf{Failure} & & \textbf{$HISB$ } & & \textbf{Symptom} \\
\textbf{cause} & & \textbf{Effect} & & \\
\hline\hline
FS1: $IC2$ $HIGH$ & & output perm. high & & HIGH \\
FS2: $IC2$ $LOW$ & & output perm. low & & LOW \\
FS3: $IC2$ $NOOP$ & & no current to output & & $NOOP$ \\
FS4: $IC2$ $LOW\_SLEW$ & & delay signal & & $LOW\_{SLEW}$ \\ \hline
\end{tabular}
\end{table}
% \hline
\clearpage
\subsection{FMMD Analysis of Digital level to analogue level converter : DL2AL}
\label{detail:DL2AL}
\begin{table}[h+]
\center
\caption{$PD , IC3$ Digital level to analogue level converter: Failure Mode Effects Analysis} % title of Table
\label{tbl:DL2AL}
\begin{tabular}{|| l | l | c | c | l ||} \hline
%\textbf{Failure Scenario} & & \textbf{failure result } & & \textbf{Symptom} \\
% & & & & \\
% & & & & \\
\textbf{Failure} & & \textbf{$DS2AL$ } & & \textbf{Symptom} \\
\textbf{cause} & & \textbf{Effect} & & \\
\hline \hline
FS1: $PD $ $HIGH$ & & output perm. low & & LOW \\
FS2: $PD $ $LOW$ & & output perm. low & & HIGH \\ \hline
\hline
FS3: $IC3$ $HIGH$ & & output perm. high & & HIGH \\
FS4: $IC3$ $LOW$ & & output perm. low & & LOW \\
FS5: $IC3$ $NOOP$ & & no current drive & & LOW \\
FS6: $IC3$ $LOW\_{SLEW}$ & & delayed signal & & $LOW\_{SLEW}$ \\ \hline
\hline
\end{tabular}
\end{table}
The symptoms of failure, i.e. $\{ LOW, HIGH, LOW\_{SLEW} \}$ are collected.
\clearpage
\subsection{FMMD Analysis of Digital level to analogue level converter : DL2AL}
\label{detail:DIGBUF}
\begin{table}[h+]
\center
\caption{$ IC4, CLOCK $ Digital Buffer: Failure Mode Effects Analysis} % title of Table
\label{tbl:digbuf}
\begin{tabular}{|| l | l | c | c | l ||} \hline
%\textbf{Failure Scenario} & & \textbf{failure result } & & \textbf{Symptom} \\
% & & & & \\
% & & & & \\
\textbf{Failure} & & \textbf{$DIGBUF$ } & & \textbf{Symptom} \\
\textbf{cause} & & \textbf{Effect} & & \\
%$$ fm ( CD4013B) = \{ HIGH, LOW, NOOP \} $$
\hline \hline
FS1: $CLOCK$ $STOPPED$ & & buffer stopped & & STOPPED \\ \hline
FS2: $IC4$ $HIGH$ & & buffer stopped & & STOPPED \\
FS3: $IC4$ $LOW$ & & buffer stopped & & STOPPED \\
FS4: $IC4$ $NOOP$ & & no current drive & & LOW \\ \hline
\hline
\hline
\end{tabular}
\end{table}
The symptoms of failure i.e. $\{ LOW, STOPPED \}$ are collected.
\clearpage
\subsection{FMMD Analysis of buffered integrating summing junction : BISJ}
\label{detail:BISJ}
\begin{table}[h+]
\caption{ $HISB , SUMJINT$ buffered integrating summing junction($BISJ$): Failure Mode Effects Analysis} % title of Table
\label{tbl:BISJ}
\begin{tabular}{|| l | l | c | c | l ||} \hline
% \textbf{Failure Scenario} & & \textbf{failure result } & & \textbf{Symptom} \\
% & & & & \\
% & & & & \\
\textbf{Failure} & & \textbf{$BISJ$ } & & \textbf{Symptom} \\
\textbf{cause} & & \textbf{Effect} & & \\
\hline \hline
FS1: $SUMJINT$ $V_{in} DOM$ & & output integral of $V_{in}$ & & $OUTPUT STUCK$ \\
FS2: $SUMJINT$ $V_{fb} DOM$ & & output integral of $V_{fb}$ & & $OUTPUT STUCK$ \\
% $$ fm(SUMJUINT^1_0) = \{ V_{in} DOM, V_{fb} DOM, NO\_INTEGRATION, HIGH, LOW \} .$$
FS3: $SUMJINT$ $NO\_INTEGRATION$ & & output stuck high or low & & $OUTPUT STUCK$ \\
FS4: $SUMJINT$ $HIGH$ & & output stuck high & & $OUTPUT STUCK$ \\
FS5: $SUMJINT$ $LOW$ & & output stuck low & & $OUTPUT STUCK$ \\ \hline
%\hline
FS6: $HISB$ $HIGH$ & & output perm. high & & $OUTPUT STUCK$ \\
FS7: $HISB$ $LOW$ & & output perm. low & & $OUTPUT STUCK$ \\
FS8: $HISB$ $ NO\_INTEGRATION$ & & no current drive & & $OUTPUT STUCK$ \\
FS9: $HISB$ $LOW\_SLEW$ & & delayed signal & & $REDUCED\_INTEGRATION$ \\ \hline
\hline
\end{tabular}
\end{table}
The symptoms of failure $\{ OUTPUT STUCK , REDUCED\_INTEGRATION \}$ collected , a {\dc} created
called $BISJ$.
\clearpage
\subsection{FMMD Analysis of flip flop buffered : FFB}
\label{detail:FFB}
\begin{table}[h+]
\caption{ $DIGBUF,DL2AL$ flip flop buffered($FFB$): Failure Mode Effects Analysis} % title of Table
\label{tbl:digbuf}
\begin{tabular}{|| l | l | c | c | l ||} \hline
%\textbf{Failure Scenario} & & \textbf{failure result } & & \textbf{Symptom} \\
% & & & & \\
% & & & & \\
\textbf{Failure} & & \textbf{$DIGBUF$ } & & \textbf{Symptom} \\
\textbf{cause} & & \textbf{Effect} & & \\
\hline \hline
FS1: $DIGBUF$ $STOPPED$ & & output stuck & & $OUTPUT STUCK$ \\
FS2: $DIGBUF$ $LOW$ & & output stuck low & & $OUTPUT STUCK$ \\ \hline
%\hline
FS3: $DL2AL$ $LOW$ & & output perm. high & & $OUTPUT STUCK$ \\
FS4: $DL2AL$ $HIGH$ & & output perm. low & & $OUTPUT STUCK$ \\
FS5: $DL2AL$ $LOW\_SLEW$ & & no current drive & & $LOW\_SLEW$ \\ \hline
\hline
\hline
\end{tabular}
\end{table}
Symptoms of failure are collected $\{OUTPUT STUCK, LOW\_SLEW\}$ and a {\dc} %at the third level of symptom abstraction
called $FFB$ created.
\clearpage
\subsection{FMMD Analysis of \sd : SDADC}
\label{detail:SDADC}
\begin{table}[h+]
\caption{ $FFB , BISJ $ \sd ($SDADC$): Failure Mode Effects Analysis} % title of Table
\label{tbl:sdadc}
\begin{tabular}{|| l | l | c | c | l ||} \hline
%\textbf{Failure Scenario} & & \textbf{failure result } & & \textbf{Symptom} \\
% & & & & \\
% & & & & \\
\textbf{Failure} & & \textbf{$FFB$ } & & \textbf{Symptom} \\
\textbf{cause} & & \textbf{Effect} & & \\
\hline \hline
FS1: $FFB$ $OUTPUT STUCK$ & & value max high or low & & $OUTPUT\_OUT\_OF\_RANGE$ \\
FS2: $FFB$ $LOW\_SLEW$ & & values will appear larger & & $OUTPUT\_INCORRECT$ \\
% FS3: $IC4^0$ $NOOP$ & & output stuck low & & $OUTPUT STUCK$ \\ \hline
%\hline
FS3: $BISJ$ $OUTPUT STUCK$ & & value max high or low & & $OUTPUT\_OUT\_OF\_RANGE$ \\
FS4: $BISJ$ $REDUCED\_INTEGRATION$ & & values will appear larger & & $OUTPUT\_INCORRECT$ \\ \hline
\hline
\end{tabular}
\end{table}
%\clearpage
The symptoms for the \sd are collected
$$ \; \{OUTPUT\_OUT\_OF\_RANGE, OUTPUT\_INCORRECT\}.$$
A {\dc} is created to represent the failure behaviour of the analogue to digital converter, $SDADC$.
$$fm(SSDADC) = \{OUTPUT\_OUT\_OF\_RANGE, OUTPUT\_INCORRECT\}$$
\fmmdglossADC
\clearpage
\section{Standalone temperature controller}
FMMD analysis tables from chapter~\ref{sec:chap6}.
\label{sec:readPt100}
\subsection{Read\_Pt100: Failure Mode Effects Analysis}
{
\tiny
\begin{table}[h+]
\center
\caption{ Read\_Pt100: Failure Mode Effects Analysis} % title of Table
\label{tbl:readPt100}
\begin{tabular}{|| l | c | l ||} \hline
% \textbf{Failure} & \textbf{failure} & \textbf{Symptom} \\
% \textbf{Scenario} & \textbf{effect} & \textbf{RADC } \\ \hline
\hline
\textbf{Failure} & \textbf{Failure } & \textbf{Symptom} \\
\textbf{cause} & \textbf{Effect} & \\
\hline
FC1: $RI_{VRGE}$ & voltage & $VOLTAGE\_HIGH$ \\
& outside range & \\ \hline
FC2: $RADC_{VV_ERR}$ & voltage & $VAL\_ERR$ \\
& incorrect & \\ \hline \hline
FC3: $RADC_{HIGH}$ & voltage value & $VAL\_ERR$ \\
& incorrect & \\ \hline
FC4: $RADC_{LOW}$ & ADC may read & $VOLTAGE\_LOW$ \\ \hline
FC5: post condition fails & software failure & $VAL\_ERR$ \\
in function read\_ADC & read\_ADC & \\ \hline
\end{tabular}
\end{table}
}
\fmmdglossADC
\clearpage
\subsection{ Get\_Temperature: Failure Mode Effects Analysis }
{
\tiny
\begin{table}[h+]
\center
\caption{ Get\_Temperature: Failure Mode Effects Analysis} % title of Table
\label{tbl:gettemperature}
\begin{tabular}{|| l | c | l ||} \hline
% \textbf{Failure} & \textbf{failure} & \textbf{Symptom} \\
% \textbf{Scenario} & \textbf{effect} & \textbf{RADC } \\ \hline
\hline
\textbf{Failure} & \textbf{Failure } & \textbf{Symptom} \\
\textbf{cause} & \textbf{Effect} & \\
\hline
FC1: $Pt100:Voltage\_High$ & Pt100 voltage too high & Pt100\_out\_of\_range \\
& Pt100\_higher\_voltage & \\
& OR Pt100\_current & \\ \hline
FC2: $Pt100:Voltage\_Low$ & Pt100 voltage too low & Pt100\_out\_of\_range \\
& Pt100\_lower\_voltage & \\
& OR Pt100\_current & \\ \hline
FC3: $Pt100\_high\_low\_mismatch$ & temperature can be calculated & Pt100\_out\_of\_range \\
& from either high or low & \\
& reading, but should correlate & \\ \hline
% FC4: $Pt100\_current$ & the current applied is & Pt100\_out\_of\_range \\
% & necessary to calculate resistance, & \\
% & but should be within given bounds & \\ \hline
%
%
FC4: $Pt100:VAL\_ERR$ & could cause an out of & temp\_incorrect\\
& range error, but may also & \\
& cause us to read an & \\
& incorrect temperature & \\ \hline
FC5: post condition fails & software failure & temp\_incorrect \\
in function convert\_ADC\_to\_T & convert\_ADC\_to\_T & \\ \hline
\hline
\end{tabular}
\end{table}
}
\clearpage
\subsection{ GetError: Failure Mode Effects Analysis }
{
\tiny
\begin{table}[h+]
\center
\caption{ GetError: Failure Mode Effects Analysis} % title of Table
\label{tbl:geterror}
\begin{tabular}{|| l | c | l ||} \hline
% \textbf{Failure} & \textbf{failure} & \textbf{Symptom} \\
% \textbf{Scenario} & \textbf{effect} & \textbf{RADC } \\ \hline
\hline
\textbf{Failure} & \textbf{Failure } & \textbf{Symptom} \\
\textbf{cause} & \textbf{Effect} & \\
\hline
FC1: $ Pt100\_out\_of\_range $ & pre-condition violated & KnownIncorrectErrorValue \\
& observable/detectable & \\
& failure mode & \\ \hline
FC2: $temp\_incorrect$ & pre-condition violated & IncorrectErrorValue \\
& unobservable & \\
& undetectable failure mode & \\ \hline
FC3: post condition fails & software failure & IncorrectErrorValue \\
in function determine\_set\_point\_error & determine\_set\_point\_error & \\ \hline
\end{tabular}
\end{table}
}
\clearpage
\subsection{PID: Failure Mode Effects Analysis}
{
\tiny
\begin{table}[h+]
\center
\caption{ PID: Failure Mode Effects Analysis} % title of Table
\label{tbl:pidfunction}
\begin{tabular}{|| l | c | l ||} \hline
% \textbf{Failure} & \textbf{failure} & \textbf{Symptom} \\
% \textbf{Scenario} & \textbf{effect} & \textbf{RADC } \\ \hline
\hline
\textbf{Failure} & \textbf{Failure } & \textbf{Symptom} \\
\textbf{cause} & \textbf{Effect} & \\
\hline
FC1: $ KnownIncorrectErrorValue $ & pre-condition violated & KnownControlValueErrorV \\
& observable/detectable & \\
& failure mode & \\ \hline
FC2: $ IncorrectErrorValue $ & pre-condition violated & IncorrectControlErrorV \\
& unobservable & \\
& undetectable failure mode & \\ \hline
FC3: post condition fails & software failure & IncorrectControlErrorV \\
in function PID & PID & \\ \hline
\end{tabular}
\end{table}
}
\clearpage
\subsection{ HeaterOutput: Failure Mode Effects Analysis }
{
\tiny
\begin{table}[h+]
\center
\caption{ HeaterOutput: Failure Mode Effects Analysis} % title of Table
\label{tbl:heateroutput}
\begin{tabular}{|| l | c | l ||} \hline
% \textbf{Failure} & \textbf{failure} & \textbf{Symptom} \\
% \textbf{Scenario} & \textbf{effect} & \textbf{RADC } \\ \hline
\hline
\textbf{Failure} & \textbf{Failure } & \textbf{Symptom} \\
\textbf{cause} & \textbf{Effect} & \\
\hline
FC1: $ PWM stuck HIGH $ & pre-condition violated & HeaterOnFull \\
& PWM module not working & \\ \hline
FC2: $ PWM stuck LOW $ & pre-condition violated & HeaterOff \\
& PWM module not working & \\ \hline
FC3: HEATER $SHORT$ & heating element resistor & HeaterOff \\
& SHORT no heating effect & \\ \hline
FC4: HEATER $OPEN $ & heating element resistor & HeaterOff \\
& OPEN no heating effect & \\ \hline
FC5: $ output\_control$ post & The software supplies the wrong & HeaterOutputIncorrect \\
condition failure & value to the PWM register & \\ \hline
\end{tabular}
\end{table}
}
\clearpage
\subsection{ LEDOutput: Failure Mode Effects Analysis }
{
\tiny
\begin{table}[h+]
\center
\caption{ LEDOutput: Failure Mode Effects Analysis} % title of Table
\label{tbl:ledoutput}
\begin{tabular}{|| l | c | l ||} \hline
% \textbf{Failure} & \textbf{failure} & \textbf{Symptom} \\
% \textbf{Scenario} & \textbf{effect} & \textbf{RADC } \\ \hline
\hline
\textbf{Failure} & \textbf{Failure } & \textbf{Symptom} \\
\textbf{cause} & \textbf{Effect} & \\
\hline
FC1: $ Temp LED fails $ & LED will not light & FailureIndicated \\
& & \\ \hline
FC2: $ Processor LED fails $ & LED will not light & FailureIndicated \\
& & \\ \hline
FC3: $ PWM LED fails $ & LED will not light & FailureIndicated \\
& & \\ \hline
FC4: GPIO stuck HIGH & LED permanently OFF & FailureIndicated \\ \hline
FC5: GPIO stuck Low & LED permanently ON & FailureIndicated \\ \hline
FC6: Software SetLEDs & Incorrect Indication & IndicationError \\
fails to set outputs correctly & Post condition failure & \\ \hline
\end{tabular}
\end{table}
}
\clearpage
\subsection{ Standalone temperature controller: Failure Mode Effects Analysis}
{
\tiny
\begin{table}[h+]
\center
\caption{ standalone temperature controller: Failure Mode Effects Analysis} % title of Table
\label{tbl:pid}
\begin{tabular}{|| l | c | l ||} \hline
% \textbf{Failure} & \textbf{failure} & \textbf{Symptom} \\
% \textbf{Scenario} & \textbf{effect} & \textbf{RADC } \\ \hline
\hline
\textbf{Failure} & \textbf{Failure } & \textbf{Symptom} \\
\textbf{cause} & \textbf{Effect} & \\
\hline
FC1: PID KnownControlValueError & As error is detectable/ & ControlFailureIndicated \\
& observable error can be indicated & \\ \hline
FC2: PID IncorrectControlerrorV & undetectable/unobservable & ControlFailure \\
& failure PID will not control properly & \\ \hline
FC3: HeaterOutput & Heater will constantly & ControlFailureIndicated \\
HeaterOnFULL & apply maximum power & \\ \hline
FC4: HeaterOutput & heater will supply & ControlFailureIndicated \\ \hline
HeaterOFF & no power & \\
FC5: HeaterOutput & with incorrect hower applied & ControlFailure \\ \hline
HeaterOutputIncorrect & control will not be effective & \\
FC6: LEDOutput & failure of LED system & KnownIndicationError \\
FailureIndicated & where failure is observable & \\ \hline
FC7: LEDOutput & failure of LED system & UnknownIndicationError \\
IndicationError & where failure is unobservable & \\ \hline
%% PROM\_FAULT, RAM\_FAULT, CPU\_FAULT, ALU\_FAULT, CLOCK\_STOPPED
FC8: micro-controller & un-defined behaviour & ControlFailure \\
PROM\_FAULT & & \\ \hline
FC9: micro-controller & un-defined behaviour & ControlFailure \\
RAM\_FAULT & & \\ \hline
FC10: micro-controller & un-defined behaviour & ControlFailure \\
CPU\_FAULT & & \\ \hline
FC11: micro-controller & incorrect arithmetic & ControlFailure \\
ALU\_FAULT & performed in processing & \\ \hline
FC12: micro-controller & processor will not run & ControlFailureIndicated \\
CLOCK\_STOPPED & indicator leds will not flash & \\ \hline
FC13: monitor: & postcondition fails & ControlFailure \\
software fails & & \\ \hline
\hline
\end{tabular}
\end{table}
}
\clearpage
\subsection{Statistics and FMMD: Pt100 example for single and double failures}
\label{detailed:Pt100stats}
\paragraph{Pt100: Single Failures and statistical data.} %Mean Time to Failure}
\frategloss
From an earlier example, the model for the failure mode behaviour of the Pt100 circuit,
{\bc} {\fm} statistics are added to determine the probability of symptoms of failure.
%
The DOD electronic reliability of components
document MIL-HDBK-217F~\cite{mil1991} gives formulae for calculating
the
%$\frac{failures}{{10}^6}$
${failures}/{{10}^6}$ % looks better
in hours for a wide range of generic components
\footnote{These figures are based on components from the 1980's and MIL-HDBK-217F
can give conservative reliability figures when applied to
modern components}.
%
Using the MIL-HDBK-217F %~\cite{mil1991}
specifications for resistor and thermistor failure statistics, the reliability for the Pt100 example (see section~\ref{sec:Pt100}) is calculated below.
%
%
\paragraph{Resistor FIT Calculations.}
%
The formula given in MIL-HDBK-217F\cite{mil1991}[9.2] for a generic fixed film non-power resistor
is reproduced in equation \ref{resistorfit}. The meanings
and values assigned to its co-efficients are described in table \ref{tab:resistor}.
\fmmdglossFIT
\fmodegloss
%
\begin{equation}
% fixed comp resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E
resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E
\label{resistorfit}
\end{equation}
\begin{table}[ht]
\caption{Fixed film resistor Failure In Time (FIT) assessment.} % title of Table
\centering % used for centering table
\begin{tabular}{||c|c|l||}
\hline \hline
\em{Parameter} & \em{Value} & \em{Comments} \\
& & \\ \hline \hline
${\lambda}_{b}$ & 0.00092 & stress/temp base failure rate $60^o$ C \\ \hline
%${\pi}_T$ & 4.2 & max temp of $60^o$ C\\ \hline
${\pi}_R$ & 1.0 & Resistance range $< 0.1M\Omega$\\ \hline
${\pi}_Q$ & 15.0 & Non-Mil spec component\\ \hline
${\pi}_E$ & 1.0 & benign ground environment\\ \hline
\hline \hline
\end{tabular}
\label{tab:resistor}
\end{table}
\frategloss
Applying equation \ref{resistorfit} with the parameters from table \ref{tab:resistor}
give the following failures in ${10}^6$ hours:
\begin{equation}
0.00092 \times 1.0 \times 15.0 \times 1.0 = 0.0138 \;{failures}/{{10}^{6} Hours}
\label{eqn:resistor}
\end{equation}
While MIL-HDBK-217F gives MTTF for a wide range of common components,
it does not specify how the components will fail (in this case OPEN or SHORT).
%
Some standards, notably EN298 only consider most types of resistor as failing in OPEN mode.
%FMD-97 gives 27\% OPEN and 3\% SHORTED, for resistors under certain electrical and environmental stresses.
% FMD-91 gives parameter change as a third failure mode, luvvverly 08FEB2011
This example
compromises and uses a 9:1 OPEN:SHORT ratio, for resistor failure.
%
Thus for this example resistors are expected to fail OPEN in 90\% of cases and SHORTED
in the other 10\%.
A standard fixed film resistor, for use in a benign environment, non military specification at
temperatures up to {60\oc} is given a probability of 13.8 failures per billion ($10^9$)
hours of operation (see equation \ref{eqn:resistor}).
In EN61508 terminology, this figure is referred to as a Failure in Time FIT\footnote{FIT values are measured as the number of
failures per Billion (${10}^9$) hours of operation, (roughly 114,000 years). The smaller the
FIT number the more reliable the component.}.
%
The formula given for a thermistor in MIL-HDBK-217F\cite{mil1991}[9.8] is reproduced in
equation \ref{thermistorfit}. The variable meanings and values are described in table \ref{tab:thermistor}.
%
\begin{equation}
% fixed comp resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E
resistor{\lambda}_p = {\lambda}_{b}{\pi}_Q{\pi}_E
\label{thermistorfit}
\end{equation}
%
\begin{table}[ht]
\caption{Bead type Thermistor Failure in time assessment} % title of Table
\centering % used for centering table
\begin{tabular}{||c|c|l||}
\hline \hline
\em{Parameter} & \em{Value} & \em{Comments} \\
& & \\ \hline \hline
${\lambda}_{b}$ & 0.021 & stress/temp base failure rate bead thermistor \\ \hline
%${\pi}_T$ & 4.2 & max temp of $60^o$ C\\ \hline
%${\pi}_R$ & 1.0 & Resistance range $< 0.1M\Omega$\\ \hline
${\pi}_Q$ & 15.0 & Non-Mil spec component\\ \hline
${\pi}_E$ & 1.0 & benign ground environment\\ \hline
\hline \hline
\end{tabular}
\label{tab:thermistor}
\end{table}
%
\begin{equation}
0.021 \times 1.0 \times 15.0 \times 1.0 = 0.315 \; {failures}/{{10}^{6} Hours}
\label{eqn:thermistor}
\end{equation}
%
Thus thermistor, bead type, `non~military~spec' is given a FIT of 315.0.
%
\frategloss
Using the RIAC finding the following (table~\ref{tab:stat_single}) can be created which
presents the FIT values for all single failure modes.
%\glossary{name={FIT}, description={Failure in Time (FIT). The number of times a particular failure is expected to occur in a $10^{9}$ hour time period.}}
\fmmdglossFIT
%
\begin{table}[h+]
\caption{Pt100 FMEA Single // Fault Statistics} % title of Table
\centering % used for centering table
\begin{tabular}{||l|c|c|l|l||}
\hline \hline
\textbf{Test} & \textbf{Result} & \textbf{Result } & \textbf{MTTF} \\
\textbf{Case} & \textbf{sense +} & \textbf{sense -} & \textbf{per $10^9$ hours of operation} \\
% R & wire & res + & res - & description
\hline
\hline
TC:1 $R_1$ SHORT & High Fault & - & 1.38 \\ \hline
TC:2 $R_1$ OPEN & Low Fault & Low Fault & 12.42\\ \hline
\hline
TC:3 $R_3$ SHORT & Low Fault & High Fault & 31.5 \\ \hline
TC:4 $R_3$ OPEN & High Fault & Low Fault & 283.5 \\ \hline
\hline
TC:5 $R_2$ SHORT & - & Low Fault & 1.38 \\
TC:6 $R_2$ OPEN & High Fault & High Fault & 12.42 \\ \hline
\hline
\end{tabular}
\label{tab:stat_single}
\end{table}
%
\frategloss
%
The FIT for the circuit as a whole is the sum of MTTF values for all the
test cases. The Pt100 circuit here has a FIT of 342.6. This is a MTTF of
about $\approx 360$ years per circuit.
%
A probabilistic tree can now be drawn, with a FIT value for the Pt100
circuit and FIT values for all the component fault modes from which it was calculated.
%
From this it can be seen that the most likely fault is the thermistor going OPEN.
%
This circuit is around 10 times more likely to fail in this way than in any other.
%
If a more reliable temperature sensor was required, this would probably
be the fault~mode scrutinised first.
%
\frategloss
%
\begin{figure}[h+]
\centering
\includegraphics[width=400pt,bb=0 0 856 327,keepaspectratio=true]{./CH5_Examples/stat_single.png}
% stat_single.jpg: 856x327 pixel, 72dpi, 30.20x11.54 cm, bb=0 0 856 327
\caption{Probablistic Fault Tree : Pt100 Single Faults}
\label{fig:stat_single}
\end{figure}
%
The Pt100 analysis presents a simple result for single faults.
The next analysis phase looks at how the circuit will behave under double simultaneous failure
conditions.
%
%
\paragraph{Pt100 Example: Double Failures and statistical data.}
Because double simultaneous failure analysis can be performed under FMMD
failure rate statistics for double failures can also be determined.
%
\frategloss
%
%%
%% Need to talk abou the `detection time'
%% or `Safety Relevant Validation Time' ref can book
%% EN61508 gives detection calculations to reduce
%% statistical impacts of failures.
%%
%
Considering the failure modes to be statistically independent
the FIT values for all the combinations of
failures in the electronic examples from chapter~\ref{sec:chap5} in table~\ref{tab:ptfmea2} can be calculated.
%
The failure mode of most concern, the undetectable {\textbf{FLOATING}} condition,
requires that resistors $R_1$ and $R_2$ both fail.
%
Multiplying the MTTF probabilities for these types of resistor failing gives the MTTF for both failing.
%
The FIT value of 12.42 corresponds to $12.42 \times {10}^{-9}$ failures per hour.
%
Squaring this gives $ 154.3 \times {10}^{-18} $.
%
This is an astronomically small MTTF, and so small that it would
probably fall below a threshold to sensibly consider.
%
However, it is very interesting from a failure analysis perspective,
because an undetectable fault (at least at this
level in the FMMD hierarchy) has been revealed.
%
This means that should it be required to cope with
this fault, a new way of detecting this
condition must be engineered, perhaps in higher levels of the system/FMMD hierarchy.
%
\paragraph{MTTF statistics and FMMD hierarchies.}
%
In a large FMMD model, system/top level failures can be traced
down to {\bc} {\fms}.
%
To determine the MTTF probability
for a system level failure,
the MTTF statistics are added for all its possible causes.
%
Thus even for large FMMD models accurate
statistics for electronic sourced failures can be calculated.
%
%\glossary{name={FIT}, description={Failure in Time (FIT). The number of times a particular failure is expected to occur in a $10^{9}$ hour time period. Associated with continuous demand systems under EN61508~\cite{en61508}}}
%
\frategloss
\fmmdglossFIT
\clearpage
\subsection{Gnuplot script for hypothetical XFMEA FMMD reasoning distance comparison}
\label{sec:gnuplotxfmeafmmdcomp}
\begin{verbatim}
#####################################################################################
# GNUPLOT SCRIPT to plot XFMEA FMMD reasoning distance
# comparisons.
#
#
# Always define floating point explicitly at initialisation, as in 'C',
# because otherwise gnuplot treats these as integers.
#
# number of failure modes per component
fm = 3.0
#
# number of components in each functional group
k = 3.0
#
# place the functional group size and failure mode per components
# size into a string to use as the graph title
#
tt = sprintf("reasoning distance comparison for |fg| = %d and |fm| = %d", k, fm)
set title tt
#
a = 0.0
b = 0.0
#
# formula for reasoning distance in one level of FMMD
# hierarchy (as given by ll)
#
fmmd(ll)=k**ll * k * fm * (k - 1)
#
# set up iterative sum in gnuplot syntax
# to iterate over FMMD levels
#
sum(a,b) = (a > b) ? 0 : fmmd(a) + sum(a+1, b)
sig_fx(c) = sum(a,c)
#
# reasoning distance for exhaustive case in FMEA
# where ll is the hierarchy level
xfmea(ll) = k**(ll+1) * ( k**(ll+1) -1 ) * fm
#
#
set xrange [0:1000]
set xlabel "Component count"
set ylabel "reasoning distance"
set logscale y
#
set terminal png
set output 'xfmea_fmmd_comp.png'
plot sig_fx(x**(1/k)), xfmea(x**(1/k))
#!sleep 20
#####################################################################################
\end{verbatim}
Reference in New Issue View Git Blame Copy Permalink