185 lines
7.3 KiB
TeX
185 lines
7.3 KiB
TeX
%
|
|
% Make the revision and doc number macro's then they are defined in one place
|
|
|
|
\ifthenelse {\boolean{paper}}
|
|
{
|
|
\begin{abstract}
|
|
A survey of Static Failure Mode analysis Methodologies applicable to saefty critical systems.
|
|
\end{abstract}
|
|
}
|
|
{
|
|
\section{Overvew}
|
|
A survey of Static Failure Mode analysis Methodologies applicable to saefty critical systems.
|
|
}
|
|
|
|
\section{FMEA}
|
|
|
|
Two meanings, a general one Fault Mode Effects Analysis, meaning general statics diagnosis of a design, looking
|
|
at faults that can occur and their effect.
|
|
|
|
|
|
\subsection{Manufacturing Cost Reduction FMEA}
|
|
|
|
Second a methodology for reducing cost in manufacturing by taking fauls, their frequency
|
|
and their cost, multiplying these together, and then coming up with a priority list
|
|
for fixing knmown faults.
|
|
"The basics of FMEA by Robin E. McDermott et all"
|
|
ISBN 0-527-76320-9.
|
|
|
|
|
|
\subsection{Deterministic FMEA}
|
|
|
|
EN298 no two individual component failures may give rise to a dangerous condition.
|
|
|
|
\section{FMEDA Failure effect Mode Diagnositic Analysis}
|
|
|
|
This is the main babsis of SIL certification for Programmed Electronic Equipment.
|
|
Itr applies FMEA, with classification of criticality of
|
|
components, adjustment to MTTF values by self checking mechanisms in the product,
|
|
and mitigation for a safe failure fraction. This leads to a probablistic
|
|
mean time to failure or probability of failure on demand, that will
|
|
fall within the criteria for a given SIL safety level.
|
|
An overview for this method can be found in an EXIDA paper \cite{fmeda}
|
|
and detailed description of the method for SIL certification in part 2 of
|
|
EN61508 \cite{en61508}.
|
|
|
|
disadvantage: single component failure is used to determine its effect on
|
|
the entire system. This leads to classifying components as safety or non-safety critical
|
|
at an early stage in the analysis. This means that complex interactions or side effects
|
|
of the components failing may not be taken into account.
|
|
|
|
advantage: concepts of self checking systems, and safe failure fraction\footnote{Safe Failure Fraction (SFF) is the number of non-safety critical components
|
|
that can be detected as failed compared to the number of safety critcal components. The thinking here is that is components are detected as failing
|
|
even though they are not safety critical, the system is self checking a greater proportion of its own systems, and is therefore safer. This
|
|
is applying bayes theorem for probablistic error detection}
|
|
|
|
This is a probablistic based methodology.
|
|
|
|
\subsection{Safe Failure Fraction}
|
|
|
|
Introduce the idea of coverage.
|
|
A good example is RAM in a microprocessor/microcontroller, we cann ot give 100i\% coverage to it.
|
|
We can perform some tests that give us 60\% coverage etc
|
|
|
|
\subsection{Diagnostic interval}
|
|
|
|
Reducing FIT with detecting a fraction of the faults within an interval. Give formulas etc
|
|
|
|
|
|
\subsection{Redundancy - Models}
|
|
|
|
1oo1 2oo3 etc
|
|
|
|
\subsection{Field Data}
|
|
|
|
OK for EN61508, not OK for nuclear industry find refs.
|
|
|
|
|
|
\section {FTA}
|
|
|
|
Fault tree Analysis
|
|
Show how it works, top down,
|
|
|
|
FROM INTERBET HISTORY OF FTA
|
|
|
|
% A simple fault tree
|
|
% Author: Zhang Long, Mail: zhangloong[at]gmail.com
|
|
%\def\pgfsysdriver{pgfsys-dvipdfm.def}
|
|
%\documentclass{minimal}
|
|
%\usepackage{tikz}
|
|
%\usetikzlibrary{shapes.gates.logic.US,trees,positioning,arrows}
|
|
%\begin{document}
|
|
|
|
\begin{figure}
|
|
\begin{tikzpicture}[
|
|
% Gates and symbols style
|
|
and/.style={and gate US,thick,draw,fill=blue!40,rotate=90,
|
|
anchor=east,xshift=-1mm},
|
|
or/.style={or gate US,thick,draw,fill=blue!40,rotate=90,
|
|
anchor=east,xshift=-1mm},
|
|
be/.style={circle,thick,draw,fill=white!60,anchor=north,
|
|
minimum width=0.7cm},
|
|
tr/.style={buffer gate US,thick,draw,fill=white!60,rotate=90,
|
|
anchor=east,minimum width=0.8cm},
|
|
% Label style
|
|
label distance=3mm,
|
|
every label/.style={blue},
|
|
% Event style
|
|
event/.style={rectangle,thick,draw,fill=yellow!20,text width=2cm,
|
|
text centered,font=\sffamily,anchor=north},
|
|
% Children and edges style
|
|
edge from parent/.style={very thick,draw=black!70},
|
|
edge from parent path={(\tikzparentnode.south) -- ++(0,-1.05cm)
|
|
-| (\tikzchildnode.north)},
|
|
level 1/.style={sibling distance=7cm,level distance=1.4cm,
|
|
growth parent anchor=south,nodes=event},
|
|
level 2/.style={sibling distance=7cm},
|
|
level 3/.style={sibling distance=6cm},
|
|
level 4/.style={sibling distance=3cm}
|
|
%% For compatability with PGF CVS add the absolute option:
|
|
% absolute
|
|
]
|
|
%% Draw events and edges
|
|
\node (g1) [event] {No flow to receiver}
|
|
child{node (g2) {No flow from Component B}
|
|
child {node (g3) {No flow into Component B}
|
|
child {node (g4) {No flow from Component A1}
|
|
child {node (t1) {No flow from source1}}
|
|
child {node (b2) {Component A1 blocks flow}}
|
|
}
|
|
child {node (g5) {No flow from Component A2}
|
|
child {node (t2) {No flow from source2}}
|
|
child {node (b3) {Component A2 blocks flow}}
|
|
}
|
|
}
|
|
child {node (b1) {Component B blocks flow}}
|
|
};
|
|
%% Place gates and other symbols
|
|
%% In the CVS version of PGF labels are placed differently than in PGF 2.0
|
|
%% To render them correctly replace '-20' with 'right' and add the 'absolute'
|
|
%% option to the tikzpicture environment. The absolute option makes the
|
|
%% node labels ignore the rotation of the parent node.
|
|
\node [or] at (g2.south) [label=-20:G02] {};
|
|
\node [and] at (g3.south) [label=-20:G03] {};
|
|
\node [or] at (g4.south) [label=-20:G04] {};
|
|
\node [or] at (g5.south) [label=-20:G05] {};
|
|
\node [be] at (b1.south) [label=below:B01] {};
|
|
\node [be] at (b2.south) [label=below:B02] {};
|
|
\node [be] at (b3.south) [label=below:B03] {};
|
|
\node [tr] at (t1.south) [label=below:T01] {};
|
|
\node [tr] at (t2.south) [label=below:T02] {};
|
|
%% Draw system flow diagram
|
|
% \begin{scope}[xshift=-7.5cm,yshift=-5cm,very thick,
|
|
% node distance=1.6cm,on grid,>=stealth',
|
|
% block/.style={rectangle,draw,fill=cyan!20},
|
|
% comp/.style={circle,draw,fill=orange!40}]
|
|
% \node [block] (re) {Receiver};
|
|
% \node [comp] (cb) [above=of re] {B} edge [->] (re);
|
|
% \node [comp] (ca1) [above=of cb,xshift=-0.8cm] {A1} edge [->] (cb);
|
|
% \node [comp] (ca2) [right=of ca1] {A2} edge [->] (cb);
|
|
% \node [block] (s1) [above=of ca1] {Source1} edge [->] (ca1);
|
|
% \node [block] (s2) [right=of s1] {Source2} edge [->] (ca2);
|
|
% \end{scope}
|
|
\end{tikzpicture}
|
|
\caption{Example FTA for a Gas Supply with two Shutoff Valves}
|
|
\end{figure}
|
|
|
|
|
|
%%- RE_PHRASE %%
|
|
%%- RE_PHRASE %% Fault tree analysis (FTA) is a tool originally developed in
|
|
%% RE_PHRASE %% 1962 by Bell Labs for use in studying failure modes in the
|
|
%% RE_PHRASE %% launch control system of the Minuteman missile project. The tool now
|
|
%% RE_PHRASE %% finds wide use in numerous applications, from accident investigation to design
|
|
%% RE_PHRASE %% prototyping, and is also finding use for protection and control related
|
|
%% RE_PHRASE %% applications. This paper provides an elementary background to the application of
|
|
%% RE_PHRASE %% FTA for use in protection applications. The construction of the fault
|
|
%% RE_PHRASE %% tree as well as the use of reliability data is considered.
|
|
%% RE_PHRASE %% A simple example is presented. The intention is to provide a
|
|
%% RE_PHRASE %% brief introduction to the concept, to allow users to at least
|
|
%% RE_PHRASE %% understand how a fault tree is constructed and what can be done
|
|
%% RE_PHRASE %% with it.
|
|
% read exita doc and ref it
|
|
|
|
% typeset in {\Huge \LaTeX} \today
|
|
|