Design and Reliability Analysis of DP-3 Dynamic Positioning Control Architecture

0203TPA SERIES T5VP2D36TSM (T3X) SERIES Pedal ValveT5V SERIES T5VP2D28TM SERIES Main Control Valve Remote Control Valve“It is our hope that our incessant efforts to develop the most advanced technologies and to produce the best quality products meet our client’s complete satisfaction”The brief History of Hydraulic Components1976. 8. Started production of hydraulic valves and motors(SX series)for industrial machinery with the technical cooperation introduced from Kawaski(Japan)1983. 3. Started production of 22ton class travelling motor(GM 30H)with the technical cooperation introduced from Teijin Seiki(Japan)1989. 5. Started production of high/low speed change-over travelling motor(GM35VA, GM38V) for 22ton class excavators1989. 7. Started production of main pump(K3V series) and swing motor(M2X series) in the class of 13, 22, 29ton for excavators with the technical cooperation introduced from Kawasaki1994. 1. Started production of travelling motor for 5ton class excavator1996. 3. Started production of main pump(K3V180DP) for 35ton class excavator1996. 7. Started production of RV gear type travelling motor(GM35VL)with the technical cooperation introduced from Teijin Seiki 1996. 8. Started production of remote control valves for excavator with the technical cooperation introduced from Kawasaki1997. 7. Started production of travelling motor(DNB50D, 60D)for 29, 35ton class excavators with the technical cooperation introduced from Kawasaki(Japan)1998. 10. Started production of K3V180DPH main pump for 40ton class excavator 1999. 4. Started production of main pump attached PTO for wheel type excavators1999. 5. Changed the name of travelling motor according to the end of technical cooperation with Teijin Seiki (GM24V TM24V, GM35VA TM35VA)1999. 6. Changed the name of main pump according to the end of technical cooperation with Kawasaki (K3V series T5V series, M2X series T3X series)1999. 9. Changed the name of travelling motor for 29, 35ton excatators according to the end of technical cooperation with Kawasaki (DNB50D TM50VA, DNB60D TM60VA)2000. 2. Started production of travelling motor TM50VA, TM60VA, TM70VA for 29, 35ton excavators 2000. 3. Started production of single main pump for industrial machinery2000. 10. Started production of teavelling motor for 13ton wheel-type excavators2001. 9. Started production of teavelling motor improved in reduction gear parts for 29, 35 ton excavators (TM50VA, 60VA, 70VA TM50VC, 60VC, 70VC)2002. 1. Started production of T5VP2D25 main pump for 5ton class excavator 2003. 9. Started production of TM40VC track drive for 20ton class excavator2005. 3. Started production of TSM86, TSM140 swing motor for 14ton and 20ton class excavator 2006. 3. Started production of TM18VC track drive for 13ton class excavator 2006. 6. Started production of TM30VC track deive for 17ton class excavator 2006. 8. Started production of TSM210 swing motor for 5ton class excavator 2007. 9. Started production of TM22VC track deive for 14ton class excavator 2007. 10. Started production of TSM32 swing motor for 5ton classs excavator2007. 11. Started production of TPA140/125 main pump for 20ton and 30ton classs excavator 2008. 5. Started production of TM100VD track drive for 45ton~55ton class excavator 2008. 8. Started production of TM10VD track drive for 8ton class excavator04FeaturesDimensionsDimensions of shaft endSpecificationThe T5V series are high-pressure, swash-plate type pump developed for construction equipments and general industrial machinery based upon our long and rich experience.High reliability and longevity are achieved by adoption of the high-load bearings and unique anti-wear materials for rotating groupThe spherical valve plate and improved hydraulic balance provide stable cylinder rotation, thus achieving high efficiency even in a low-pressure and low-speed operating range.The T5V series can be controlled hydraulic or electrical methods. And various control methods such as flow control, pressure control, horsepower control, and the combination of these are standardized and available.Optional gear pumps for various sizes can be attached. Accordingly, and separate pump unit is not necessary as control or medium duty system pressure source. Hydraulic units can thus be made compact.Model Information05The T5V series piston pumps are developed for construc-tion equipments and general industry.These pump provide user with high output density and efficiency.Moreover, they are specialzed in construction equipments and general industry applications with high quality by the funcional design.T5V112DP***R9N01Regulator codeR : Clockwise rotation, L : Counter clockwise rotation Pump codeDP : Double pump, DPP : Double pump + PTO Max displacement (cc/rev)T5V seriesT 5V S E R I E S H y d r a ul i c P i s t o n P u m pGeneralHydraulic Circuit06FeaturesDimensionsSpecificationShortening the length of pumpThe total length of DPA series is 30% shorter than the conventional tandem pump of same class of displacement.Various ControlsThe DPA series can be controlled by hydraulic input either negative pilot pressure or positive one. Beside, it is capable of responding to electrical input signal.Reduced Noise and Pressure PulsationThe rigid parts design and analysis of cylinder pressure decreases noise level and pressure ripple.High Reliability and Long LifeA high reliability is obtained by solving the over-load problem, as well as the fretting corrosion between swash-plate and support, decreasing the possibility of external leakage through one body and several short bolts, and increasing the strength of parts including shaft.Model Information07The DPA series of piston pumps are developed forconstruction equipments, especially with high quality by functional design.And DPA series are designed to satisfy needs suck as high power density, reliability and low noise using the newest design tools.PTO : PTO attached - : NonDesign code of regulatorS : sensor for tilting angle attached - : NonRegulator code*N : Negative Flow Control *P : Positive Flow Control*E : Electric - Hydraulic Hybrid ControlDesign codeC : With chamber type - : Without chamber type Size (displacement)117:117cc/rev 140:140cc/rev DPA seriesDPA140C115R*NS**PTOD P A SE R I E S H y d r a ul i c P i s t o n P u m pGeneralHydraulic Circuit08FeaturesHydraulic CircuitGeneralDimensionsDimensionsSpecificationThis is a variable displacement double-piston pump discharging with two equal displacements from one cylinder block.This pump is so compact as to be appeared a single pump though this is actually a double pump.Model Information09T5VP2D is a piston pump designed for mini construction vehicles such as excavators.This pump incorpates compactly, and has long life and high efficiency.Gear pump for auxilliary pilot pump is connected directly with spline, so you can handle this pump easily and variously.Design code Gear pump code Displacement (cc/rev)Double pump T5V seriesT5V P2D 28TG2CDesign code Gear pump code Displacement (cc/rev)Double pump T5V seriesT5V P2D 36TG1ADimensions of shaft endFlange mounting face for suction portFlange mounting face for delivery portPISTON PUMP T5VP2D28/36 SERIEST 5V P 2D 28/36 S E R I E S H yd r a u l i c P i s t o n P u m pT5VP2D28T5VP2D36T5VP2D28T5VP2D36T5VP2D28T5VP2D2610FeaturesPiston motor has a variable displacement (two speed) swash plate and incorporates a brake valve and a mechanical brake needed for travelling. TM motor with planetary gear reducer offers outstanding features.Hydraulically balanced piston motor ensures reliable changeover of the displacement by external pilot control (1.5 ~ 2 : 1 speed ratio)The motor offers speed control and braking to minimize shock with a built-in double counterblance valve and shockless relief valve. (These valves are not necessary for a closed circuit.)The mechanical brake is a negative. The brake is automatically activated or released when the stop or start.The case rotation type gear reducer has improved durability and reliablity because of its simple and equally loaded design in addition to high-precision machine parts. The motor uses heavy duty bearings to ensure long life.An efficient floating seal also prevents dust and water from entering into the motor.Model Information11The TM Series are travel motors designed for crawlermachines such as excavators, drilling machines, cranes etc.The motor is a case-rotation, high-torque motor which can be installed inside the crawler by connecting sprocket with motor case.TM40VCMIHigh / Low displacement.(cc/rev)M: With Machnical Brake Design numberV : 2 Speed, S : 1 Speed Rated Output Torque(ton.m)Motor ModelPISTON MOTOR TM SERIEST M S E R I E S H y d r a ul i c P i s t o n M o t o r w i t h R e d u c t i o n G e a rHydraulic CircuitGeneralSpecificationDimensions12FeaturesDimensionsSpecificationPiston motor has a swash plate and incorporates a mechanical brake needed for slewing.Hydraulically balanced motor ensures high-pressure and high-performance for a long time.Relief valve with shock-absorb fuction and make-up valve are appropriately integrated to shorten total length. Parking brake and swing reactionless valve are equipped as standard.Model Information13The TSM series are swing motors designed for construc-tion vehicles such as excavators, cranes etc.Compactly it incorporates various functions (parking brake, high-pressure relief valve, make-up valve, swing reaction-less valve etc.)TSM140CHBRVPISTON MOTOR TSM (T3X) SERIEST S M (T 3X ) S E R I E S H y d r au l i c P i s t o n M o t o rHydraulic CircuitGeneralWith Reactionless Valve With Mechanical Brake Design Code With Relief ValveMax. Motor Displacemnt (cc/rev)Motor Model14FeaturesHydraulic CircuitThe TMVO-70 valve series is operated by pilot signal.It has some load check in each section and also includes boom holding valve.This valve system is designed with paralled and tandem circuit. It provide our customer to control precisely.Dimensions 15Main Control Valve / Pedal Valve / Remote Control ValveM a i n C o n t r o l V a l v e / P e d a l V a l v e / R e m o t e C o n t r o l V a l v eMain Control ValveThe RCVP4 valve is excellent in dustproof, waterproof and durability and is designed for minimizing pressure loss. This valve also performs excellent response.DimensionsSpecificationFeaturesHydraulic SymbolDimensionsThe TR series of pilot valve are reducing valve type which can control the main control valve and variable pump simultaneously.Especially, wrist control is easy by reducing the operation torque.SpecificationHydraulic SymbolGeneralThe operating torque can be lowered upon a demend, it is controlled by a reduced operation force.A good response is gained by minimizing pressure loss.By attaching an electric switch, it is easy to compose an electric control as a safty function.FeaturesSpecificationPedal ValveRemote Control Valve。

长安福特常用缩写词(CP)Confirmation Prototype确认样车Final Status最终状态(J1)Job 1整车投产(PT)P/T Design Complete动力传动系统设计结束PT（P/T）Power Train动力传动系统(ST)Surface Transfer表面参数传递Change Cut-Off更改完成Launch Readiness投产准备就绪Launch Sign-Off投产验收Program Approval项目批准Proportions & Hardpoints比例与固定点Product Readiness产品准备就绪Pre Milestone 1SI前里程碑1Pre Milestone 2SI前里程碑2Strategic Confirmation策略确认Strategic Intent策略意向Strategic Planning策略计划(SP)Structural Prototype样车结构(TTO)Tool Try-Out工装设备试运行Global 8D Eight disciplinary ActionsG8D(福特公司解决问题的标准方法)14DMore Detailed than Global 8D (used to containand resolve stop-shipment/recall problems)更详细的细节(包括并解决停止运货/召回问题)1MIS One Month in Service投入使用1个月1PP First Production Proveout第一次试生产2PP Second Production Proveout第二次试生产3MIS Three Months in Service投入使用3个月4P Production Process Proveout Program生产程序验证项目AAA American Automobile Association美国汽车工业联合会ABS Affordable Business Structure可承受商业结构ABS Anti skid brake system防抱死制动系统AIAG Automotive Industry Action Group 机动车工业行动小组AIC Accelerated Implementation Centre快速实施中心AIM Automated Issues Matrix问题结构图AIMS Automated Issues Matrix System问题结构图系统AME Advanced Manufacturing Engineering先进制造工艺AMPPE Advanced Manufacturing Pre-Program Engineering 先进项目前制造工艺ANOVA Analysis of Variance多样性分析AP Attribute Prototype设计样车APEAL Automotive Performance Execution and Layout机动车性能实施与规划APQP Advanced Product Quality Planning先进产品质量计划ASQ American Society for Quality美国质量协会AV Appraiser Variation评估者的多样性AVT Advance Vehicle Technology先进车辆技术AWS Analytical Warranty System分析性的保修系统AXOD Automatic Transaxle Overdrive Transmission自动变速驱动桥超速档传动系B&ABody & Assembly Operations (New Term: VehicleOperations)车身与组装操作(新术语:车辆操作)BCG Business Consumer Group消费者工作组BIC Best in Class等级中的最佳BIS Body Shop Information System车身工作间信息系统BLI Business Leadership Initiative领导层初始意向BOM Bill OfMaterials零件清单BTB Bumper-to-Bumper保险杠到保险杠BTS Build-To-Schedule按日程建造BUR Business Unit Review业务小组讨论CAS Capacity Analysis Sheet能力分析表C/E Cause & Effect成因及影响CA Customer Attribute消费者特性CAD Computer Aided Design计算机辅助设计CAE Computer Aided Engineering计算机辅助工程CAP Corrective Action Plan纠正行动计划CBG Consumer Business Group消费者业务小组CB Continuous Build连续性生产CC Critical Characteristic评价特性CC Courtesy Copy抄送CC Carbon Copy副本CCC Customer Concern Classification客户问题分类CCC China compulsory certification中国强制认证CDS Component Design Specification零件设计参数CET Campaignable Events Team召回情况小组CETs Common External Tariff普通关税CETP Corporate Engineering Test Procedures公司工程测试程序CFR Constant Failure Rate连续故障率CHFCIM Computer Integrated Manufacturing计算机综合制造CIWG Continuous Improvement Work Group持续改进工作组CL Centerline中心线CMM Coordinate Measuring Machine协调测量设备CMMS Common Material Management System通用材料管理系统CMMS3Common Manufacturing Management System-3通用制造管理系统-3Code X Pre-build focusing on exterior components制造前关注的外部零件Code Y Pre-build focusing on interior components制造前关注的内部零件CP Cost plan(马自达用语)由ECN引起的价格变动估计CP Common Position通用位置CP Confirmation prototype确认样车（FORD 时间节点）C p Relates the allowable spread of thespecification limits to the measure of theactual variation of the process.将参数限制允许限度下的展开与程序实际多样性联系起来CPE Chief Program Engineer首席项目工程师C pk Measures the process variation with respect tothe allowable specification, and takes intoaccount the location of the process average测量程序的多样性并将其考虑到程序平均性的位置中CPU Cost Per Unit单位成本CQDC Corporate Quality Development Center公司质量开发中心CQIS Common Quality Indicator System一般质量指标系统CR Concern Responses问题回复CRT Component Review Team零件讨论组CSA Corporate Security Administrator公司安全管理员CSI Customer Service Index客户服务指数DCO Duty Cycle Output责任循环结果DCP Dynamic Control Planning动态控制计划DDL Direct Data Link直接数据连接Df Degrees of Freedom自由度DFA Design for Assembly总成设计DFM Design for Manufacturability制造能力设计DFMEA Design Failure Mode Effects Analysis故障模式影响分析设计DFR Decreasing Failure Rate故障下降率DMA Database Maintenance Administrator数据库维护管理人员DOE Design of Experiment试验设计DOM Dealer Operations Manager经销商业务经理DP Design Parameters参数设计DQR Durability Quality and Reliability耐久性质量与可靠性DTD Dock to Dock码头至码头DTD Design to Delivery设计到交付DCV Design Confirmation Vehicle设计确认车DV Design Verification设计验证DVM Design Verification Method设计验证方式DVP Design Verification Plan设计验证计划Design Verification Process and Production设计验证程序和产品验证DVP&PVValidationDVP&R Design Verification Plan & Report设计验证计划和结果DVPR Design Verification & Product Reliability设计验证和产品可靠性DVPV Design Verification and Process Verification设计验证和程序验证EAO European Automotive Operations欧洲机动车协会EASI Engineering And Supply Information工程和供应信息ECAR Electronic Connector Acceptability Rating电子连接接受比率EDI Electronic Data Interchange电子数据交换EESE Electrical and Electronic Systems Engineering电力及电子系统工程EMM Expanded Memory Manager扩展内存管理器EMS Environmental Management System环境管理系统EOL End of Line线的端点EQI Extraordinary Quality Initiative特别初始质量ES Engineering Specifications工程参数ESI Early Supplier Involvement早期供应商参与ESP Extended Service Plan延期服务计划ESTA Early Sourcing Target Agreement早期选点目标协议ESWP Early Sourcing Work Plan早期选点工作计划EV Equipment Variation设备变更F&T Facility & Tooling工装设备FACT Facilitation and Certification Training简易化及认证培训FASS Field Action/Stop Shipment区域行动/停止运货区域行动/停止运货(优先使用缩FA/SS Field Action/Stop Shipment (Preferred Acronym)写)FAO Ford Automotive Operations福特机动车协会FAP Ford Automotive Procedure福特机动车程序FAQ Frequently Asked Questions常见问答FCPA Ford Consumer Product Audit福特客户产品审核FCSD Ford Customer Service Division福特客户售后服务分枝机构FDVS Ford Design Verification System福特设计验证系统FER Fresh Eyes Review其它行业人员论证FER Final Engineering Review最终工程论证FEU Field Evaluation Unit区域评估组FIFO First in First Out先进先出FMEA Failure Mode Effects Analysis故障模式影响分析FMVSS Federal Motor Vehicle Safety Standards美国联邦机动车安全标准FPDS Ford Product Development System福特产品开发系统FPS Ford Production System福特生产系统FPSI Ford Production System Institute福特产品系统学院FPS IT Ford Production System Information Technology福特产品系统信息技术FOB Ford of Britain福特英国FQRs Frequent Quality Rejects经常性质量不合格品FR Functional Requirements功能要求FAO (福特机动车运作) 可靠性指FRG FAO Reliability Guide导FS Final Sign-off最终验收FSIC Ford System Integration Council福特系统综合委员会FSN Ford Supplier Network福特供应商网络FSS Full Service Suppliers全方位服务供应商FTDC Fairlane Training and Development Center培训和发展中心FTEP Ford Technical Educational Program福特技术培训项目FTT First Time Through首次通过FUNC-APPRV Functional Approvals功能批准FVEP Finished Vehicle Evaluation Program下线车辆评估项目GAP Global Architecture Process全球建筑设计程序GC Global Craftsmanship全球技术工艺GCARS Global Craftsmanship Attribute Rating System全球技术特性评分系统GCEQ Global Core Engineering Quality全球核心工程质量GEM Generic Electronic Module通用电子模块GIS1Global Information Standards全球信息标准Global Prototype Inventory Requisition andGPIRS全球样车库存及控制安排SchedulingGPP Global Parts Pricing全球零件定价GQRS Global Quality Research System全球质量调查系统GRC UN-ECE Group des Raporteurs de Ceintures欧盟 ECE 安全带规划小组GRC Government Regulations Coordinator政府法规协调员GR&R Gage Repeatability and Reproducibility量具重复性和再现性GRVW Gross Vehicle Weight车辆质量GSDB Global Supplier Database全球供应商数据库GSSM Global Sourcing Stakeholders Meeting全球选点股东大会GYR Green-Yellow-Red绿-黄-红HB Homologation Build法规车制造HI High-Impact重大影响HIC High-Impact Characteristics重大影响特性HR Human Resources人力资源HTFB Hard Tooled Functional Build成形机功能建造HVAC Heating Ventilating and Air Conditioning加热通风和空调ICA Interim Containment Action过渡性补救措施ICCD Intensified Customer Concern Database强化的客户问题数据库ICCD CRSIntensified Customer Concern Database ConcernResolution Specialist 强化的客户问题数据库解决问题专员IE Industrial Engineer产业工程师IFR Increasing Failure Rate 故障率增长ILVS In-Line Vehicle Sequencing车辆顺序IM Industrial Materials工业材料IP Instrument Panel仪表板IPD In Plant Date进厂日IQ Incoming Quality进货质量IQS2Initial Quality Study初始质量研究IR Internal Reject内部不合格品ISO International Organization for Standardization国际标准化组织ISPC In-Station Process Controls过程质量控制JIT Just in Time及时JPH Jobs Per Hour每小时工作量JSA Job Safety Analysis工作安全分析PSW (零件质量合格验收) 未做好KKK PSW not ready for inspection检测准备KLT Key Life Test关键使用寿命测试KO Kickoff起动LCL Lower Control Limit低控制限值LDEM Lean Design Evaluation Matrix设计评估表LOA Letter of Agreement协议书LP&T Launch Planning & Training投产计划和培训LR Launch Readiness投产准备就绪LRR Launch Readiness Review投产准备就绪论证LS Launch Sign-Off投产验收LSL Lower Specification Limit低参数限制LTDB Light Truck Data Base轻型卡车数据库MBJ1Months Before Job One Job1（投产）前1个月MBO Manufacturing Business Office制造办公室ME Manufacturing Engineering制造工程MIS Months in Service使用中的月份MMSA Material Management System Assessment物料管理系统评定MP Mass Production批量生产MP&L Materials, Planning and Logistics材料、计划与物流MPPS Manufacturing Process Planning System制造程序计划系统MOD Module模块MRB Material Review Board物料论证板MRD Material Required Date物料要求到厂日MS Material Specifications物料参数MS3(MSIII)Material Supply Version III物料供应（第三版）MTC Manage the Change管理变更MY Model Year年度车型NAAO North American Automotive Operations北美汽车工业协会NFM Noise Factor Management噪声管理NIST National Institute of Standards and Testing全国标准和测试协会NMPDC New Model Program Development Center新车型项目开发中心Nova C New Overall Vehicle Audit新车总评审NPPR New Program Product Review供应商技术支持NTEI New Tooled End Items新工具加工成品NVH Noise, Vibration, Harshness噪声、振动、操纵平顺性OCM Operating Committee Meeting工作委员会会议OEE Overall Equipment Efficiency总体设备效率OEM Original Equipment Manufacturer设备最初制造厂ONP Owner Notification Program车主告知程序OS Operator Safety操作者安全OTG Open to Go可进行P Diagrams Parameter Diagrams参数图表PA Program Approval项目批准PAG Premier Automotive Group首要机动车项目组PAL Project Attribute Leadership项目特性领导层PAT Program Activity Team, Program Attribute Team, 项目促进小组、项目特性小组和or Program Action Team项目行动小组PCA Permanent Corrective Action持续改进行动PCF Parts Coordination Fixture零件夹具验证PCI Product Change Information产品变更信息PD Product Development产品开发PDL Program Design Language项目设计语言PD Q1Product Development Q1产品开发Q1PDN2Phased Data NotificationPDSA Plan, Do, Study, Act计划、实践、研讨、实施PFMEA Process Failure Mode Effects Analysis程序故障模式影响分析PI Process Improvement程序改进PIPC Percentage of P pk Indices Process Capable P pk指数程序能力百分比Percentage of Inspection Point That SatisfyPIST满足公差要求的检查点百分比TolerancePM Program Manger项目经理PMA Project Management Analyst项目管理分析PMT Program Management Team or Program Module T eam 项目管理组或项目模式组PO Purchase Order采购订单POC Point of Contact联系点POT Process Ownership Team程序所有者小组P p Process Potential程序潜力PP Pilot ProductPP&T Product Planning & Technology产品计划和技术PPAP Production Part Approval Process生产零件批准程序P pk Process Capability程序能力PPC Product Planning Committee产品计划委员会PPL Program Parts List项目零件清单PPMParts per Million (applied to defectiveSupplier parts)零件的百万分比率（适用于供应商不合格零件）PPPM Program and Pre-Production Management程序和投产前管理PR Public Relations公共关系PR Product Requirement产品要求PR Product Readiness Milestone产品就绪时间节点PSO Production Standard Order制造标准订单PSS Private Switching Service私人转接服务PST Program Steering Team项目指导小组PSW Part Submission Warrant零件质量合格验收PTO Powertrain Operations传动系统操纵件PTR Platinum Resistance Thermometer铂金电阻温度计PV Production Validation产品验证PV Process Variables程序变更PV Part Variation零件变更PVBR Prototype Vehicle Build Requirements样车制造要求PVM Production Validation Method产品验证方法PVP Powertrain Validation Program 传动系统验证程序PVT Product Vehicle Team or Plant Vehicle Team产品车辆组或工厂车辆组QA Quality Assurance质量保证QC Quality Control质量控制QCT Quality Cost Timing质量成本时机选择QFD Quality Function Deployment质量功能配备QFTF Quality Focused Test Fleet质量节点测试行动组QLS Quality Leadership System质量领导体系QMS Quality Management System质量管理体系QOS Quality Operating System质量运作体系QOE Quality of Event质量事件QPM Quality Program Manager质量项目经理QPS Quality Process System质量程序系统QR Quality Reject质量不合格QS-9000Quality Systems – 9000质量体系-9000Quality System Assessment for ProductQSA-PD产品开发质量体系评估DevelopmentQTM Quality Team Member质量小组成员QVA Quality-Focused Value Analysis Workshop车间质量重点价值分析R Range范围RFQ Request For Quotation寻求报价R&M Reliability and Maintainability可靠性及可维护性RMS Resource Management System资源管理系统R&R Repeatability and Reproducibility重复性和再现性R&R Roles and Responsibilities职务与责任R&VT Research & Vehicle Technology研究与车辆技术R/1000Repairs per thousand修理千分率RAP Remote Anti-theft Personality module 防盗遥控器个性化模式Robust Engineering Design Process Enabler积极的工程设计程序计划REDPEPRProjectRIE Reliability Improvement Engineer可靠性改进工程师ROA Return on Assets资产回报率ROCOF Rate of Occurrence of Failure故障发生率RPN Risk Priority Number优先处理风险号码RRCL Reliability and Robustness Check List可靠性与强有力的核对表RRDM Reliability and Robustness Demonstration Matrix可靠性与强有力的演示图表RRR PSW rejected PSW (零件质量合格验收) 不合格RWUP RealWorld Usage Profile现实生活使用记录S Standard deviation标准偏差s2Variance多样性SC Significant Characteristics重要特性Significant Characteristics/CriticalSCs/CCs重要特性/评价特性CharacteristicsSCAC Supplier Craftsmanship Advisory Committee供应商技术顾问委员会SCTs Strategic Commodity Teams策略性商品组SDS System Design Specifications系统设计参数SDS Subsystem Design Specification子系统设计参数SEVA Systems Engineering Value Analysis系统工程价值分析Senko Drawing先行图SHARP Safety and Health Assessment Review Process安全和健康评估讨论程序SI System International des Unit国际单位制SIM Supplier Improvement Metrics供应商改进步骤SMART Synchronous Material and Replenishment Trigger同步物料与补给触发器SME Subject Matter Expert主题专家SMF Synchronous Material Flow同步物料流程SOW Statement of Work工作陈述SP Support PlanSP/AP Structural Prototype/Attribute Prototype结构原形/特性原形SP&PI Strategic Process & Product Improvement策略性程序和产品改进SPC Special Product Committee特殊产品委员会SPC Statistical Process Control统计程序控制SPROM Sample Promise Date承诺的样品到货日SREA Supplier Request for Engineering Approval供应商要求工程批准SRI Supplier Responsible Issues供应商责任SSI Sales Satisfaction Index销售满意度指标SSM Strategic Sourcing Meeting策略选点会议ST Surface Transfer表面转移STA Supplier Technical Assistance供应商技术支持STARS Supplier Tracking and Reporting System供应商跟踪及汇报系统SVC Small Vehicle Center小型车中心TA Target Agreement目标协议TB Training Build训练制造TAP Target Achievement Plan目标完成计划TCM Total Cost Management 总成本管理TED Things Engineers Do工程师任务TEG Tooling and Equipment Group工装及设备组TEM Total Equipment Management全部设备管理TGR Things Gone Right事态发展正确TGW Things Gone Wrong事态发展错误TIS Time in Service服务期限TOC Table of Contents目录TPM Total Productive Maintenance全部生产维护TPPS Torque Process Potential Study扭矩程序潜力研究TQC True Quality Characteristics真实质量特性TRIZ (Russian)Theory of Inventive Problem Solving创造性解决问题的理论(俄罗斯) TRMC Timing, Release and Material Control (also 时效性、发布和物料控制（同known as Tar-Mac)Tar-Mac）TS-16949Technical Specification – 16949技术规范-16949 TSP Technical Skills Program技术性技能项目TTO Tool Try Out工装试运行UCL Upper Control Limit上限控制USL Upper Specification Limit参数上限V/C Very or Completely Satisfied非常或完全满意VC Vehicle Center汽车中心VC BuyerVehicle Center Buyer (now Consumer BusinessGroup Buyer)车辆中心客户（现在为商务集团购买客户）VDI Vehicle Dependability Index车辆可靠性指标VDS Vehicle Design Specifications车辆设计参数VDS Vehicle Descriptor Section车辆描述组VER Vehicle Evaluation Ratings车辆评估等级VFG Vehicle Function Group车辆功能组VIN Vehicle Identification Number车辆识别代码VLD Vehicle Line Director车辆生产线总监VO Vehicle Office车辆办公室VO Vehicle Operations车辆运作VOGO Vehicle Operations General Office车辆运作综合办公室VP Vice President副总裁VPMC Vehicle Project Management Coordinator车辆项目管理协调员VPP Vehicle Program Plan车辆项目计划VQL Vehicle Quality Level车辆质量级别VQR Vehicle Quality Review车辆质量研讨VRT Vehicle Review Team车辆研讨小组VRT Variability Reduction Team减少差异小组VRT Vehicle Reduction Team车辆减产小组WAS Work Analysis Sheet工作分析表WCR Worldwide Customer Requirements全球客户需求WERS Worldwide Engineering Release System全球工程发布系统WIP Work In Progress进行中的工作WMI World Manufacturing Identifier世界制造商识别代码WPRC Warranty Parts Return Center维修部件回收中心Potential Significant and CriticalYS/YC潜在的重要和评价特性CharacteristicsRemark: Editor adds the content in shadow. 备注：阴影部分的内容为编者增加。

Computer-Aided Design and Analysis As a seasoned writer, I understand the importance of creating compelling and engaging content that resonates with readers on a deep level. When it comes to discussing topics like Computer-Aided Design and Analysis, it's essential to convey not only the technical aspects but also the emotional impact and significance of such technologies. Computer-Aided Design (CAD) has revolutionized the way we create and design products, buildings, and more. The ability to create detailed 3D models and simulations has significantly enhanced the efficiency and accuracy of the design process. Engineers and designers can now visualize their ideas in a virtual space before bringing them to life, leading to better outcomes and fewer errors. This technological advancement has not only saved time and resources but has also opened up new possibilities for innovation and creativity. On the other hand, Computer-Aided Analysis (CAA) plays a crucial role in evaluating and optimizing designs for performance and functionality. By running simulations and tests on CAD models, engineers can identify potential issues and make necessary adjustments before production. This not only ensures the safety and reliability of the final product but also allows for continuous improvement and refinement throughout the design process. The ability to predict how a design will perform in real-world conditions is invaluable, especially in industries where failure is not an option. However, with great power comes great responsibility. The reliance on CAD and CAA tools can sometimes lead to complacency and a lack of critical thinking. It's essential for designers and engineers to remember that these tools are aids, not substitutes for human judgment and creativity. While CAD and CAA can streamline the design process and improve efficiency, they should always be used in conjunction with human expertise and experience. The human touch is irreplaceable when it comes to problem-solving, innovation, and pushing the boundaries of what is possible. Moreover, the advancement of CAD and CAA technologies has raised concerns about job displacement and the future of work. As these tools become more sophisticated and automated, there is a fear that traditional design and analysis roles may become obsolete. It's crucial for professionals in these fields to adapt and upskill to remain relevant in a rapidly evolving technological landscape. Embracing new tools and technologies can enhancejob performance and open up new opportunities for growth and development. In conclusion, Computer-Aided Design and Analysis have transformed the way we design, create, and analyze products and structures. These tools have enhanced efficiency, accuracy, and innovation in various industries, leading to significant advancements in technology and design. However, it's essential to remember the importance of human judgment and creativity in conjunction with these tools to ensure optimal outcomes. By embracing the benefits of CAD and CAA while maintaining a human-centric approach, we can harness the full potential of these technologies and continue to push the boundaries of what is possible.。

Design for X (DFX)Design for X (DFX) is an essential concept in the field of engineering and product design. It refers to the practice of considering various factors and requirements during the design process, with the aim of optimizing the product for a specific purpose or end-user. This approach ensures that the final product meets the highest standards of quality, functionality, and user experience. In this response, we will explore the importance of DFX, its various requirements, and the impact it has on the design and development process. One of the key requirements of DFX is to consider the specific needs and requirements of the end-user. This involves conducting thorough research and analysis to understand the preferences, behaviors, and challenges faced by the target audience. By gaining insights into the user's needs, designers can create products that are tailored to their requirements, ultimately leading to higher levels of satisfaction and usability. For example, when designing a new smartphone, it is essential to consider factors such as screen size, battery life, and ease of use, in order to create a product that meets the needs of the target market. Another important aspect of DFX is to consider the environmental impact of the product. With increasing awareness of environmental issues, there is a growing demand for products that are sustainable and eco-friendly. Designers need to consider factors such as the use of recyclable materials, energy efficiency, and the product's end-of-life disposal. By incorporating sustainable practices into the design process, companies can reduce their environmental footprint and appeal to environmentally conscious consumers. This not only benefits the environment but also enhances the brand's reputation and appeal in the market. In addition to user needs and environmental impact, DFX also requires designers to consider the manufacturing and production processes. This involves optimizing the design for manufacturability, assembly, and cost-effectiveness. By considering these factors early in the design process, designers can create products that are easier and more cost-effective to produce, ultimately reducing time-to-market and improving the overall profitability of the product. For example, by simplifying the design of a complex component, manufacturers can reduce the number of parts and assembly steps, leading to lower production costs and faster assembly times. Furthermore, DFX also encompasses the aspect ofreliability and quality. Designers must consider factors such as durability, performance, and safety to ensure that the product meets the highest standards of quality and reliability. By conducting rigorous testing and analysis, designers can identify potential weaknesses and failure points in the design, allowing them to make necessary improvements before the product reaches the market. This not only enhances the overall user experience but also reduces the risk of product recalls and warranty claims, ultimately saving the company time and money in the long run. Moreover, DFX also requires designers to consider the global market and cultural differences. In today's interconnected world, products are often sold and used in diverse markets with varying cultural norms and preferences. Designers need to consider factors such as language support, cultural sensitivities, and global regulatory requirements to ensure that the product is suitable for a global audience. By considering these factors early in the design process, companies can avoid costly redesigns and modifications to meet the requirements of different markets, ultimately improving the product's competitiveness and appeal on a global scale. In conclusion, Design for X (DFX) is a critical aspect of the design and development process, encompassing various requirements and considerations to create products that meet the highest standards of quality, functionality, and user experience. By considering factors such as user needs, environmental impact, manufacturability, reliability, and global market requirements, designers can create products that are tailored to the specific needs of the target audience, while also meeting the demands of a global market. Ultimately, DFX is essentialfor creating products that are not only innovative and competitive but also sustainable and user-friendly in today's ever-changing market.。

英语作文-如何进行集成电路设计中的故障诊断与可靠性分析In the intricate world of integrated circuit (IC) design, fault diagnosis and reliability analysis are paramount. These processes ensure that ICs function correctly over their intended lifespan, despite the presence of inherent manufacturing defects or external stresses encountered during operation.Fault diagnosis in IC design is a methodical approach to detect, localize, and characterize faults within the circuit. It begins with the creation of a test plan that includes a suite of electrical tests designed to be sensitive to potential faults. Once testing is conducted, data analysis tools are employed to compare the electrical responses of the IC to expected values. Deviations indicate the presence of a fault, and advanced algorithms can then pinpoint its location.The complexity of modern ICs, with billions of transistors on a single chip, necessitates the use of sophisticated diagnostic tools. These tools often employ machine learning techniques to recognize patterns in test data that correlate with specific types of faults. For instance, a recurrent voltage drop at a particular node might suggest a resistive open circuit fault, while unexpected logic states could indicate a bridging fault.Reliability analysis, on the other hand, is concerned with predicting and enhancing the long-term performance of ICs. It involves studying the failure mechanisms that can affect the circuit over time, such as electromigration, hot carrier injection, and time-dependent dielectric breakdown. By understanding these mechanisms, engineers can design ICs to mitigate their effects, thereby improving reliability.One key aspect of reliability analysis is accelerated life testing, where ICs are subjected to elevated stress conditions to induce failures more quickly than would occur under normal operating conditions. This allows engineers to observe failure modes and gather data on the IC's lifespan in a condensed timeframe. Statistical models are thenapplied to extrapolate these findings to normal usage conditions, providing estimates of the IC's mean time to failure (MTTF).To further enhance reliability, redundancy can be built into the IC design. This involves incorporating additional circuit elements that can take over the function of a failed component without interrupting the operation of the IC. Such redundancy is crucial in applications where uninterrupted operation is critical, such as in aerospace or medical devices.In conclusion, fault diagnosis and reliability analysis are essential components of IC design that work in tandem to ensure the functionality and longevity of electronic devices. Through meticulous testing, data analysis, and proactive design strategies, engineers can identify potential issues before they become problems and engineer circuits that stand the test of time. This relentless pursuit of perfection not only drives technological advancement but also underpins the reliability we have come to expect from our electronic devices. 。

2020年第3期总第355期造船技术MARINE TECHNOLOGYNo.3Jun.,2020文章编号：1000-3878(2020)03-0053-08DP系统设计流程及标准化方案徐戎1,洪学武1,付如愿S邓建华2,钱正彦2(1.招商局重工(江苏)有限公司，江苏南通226100；2.中车株洲电力机车研究所有限公司，湖南株洲412000)摘要：随着深水海洋工程技术的不断发展，出于安全和操作需求，DP系统在海洋工程项目上得到广泛应用。

为提高DP设计的可靠性和高效性，从规范和行业领先的供应商系统方案出发，深入研究对比各等级DP的系统配置，结合实际应用经验，总结并给出标准化设计方案。

关键词：DP；位置参考系统；海洋工程;标准化方案；闭环电力中图分类号：U661.3文献标志码ADP System Design Flow and Standardization SchemeXU Rong1,HONG Xuewu1,FU Ruyuan2,DENG Jianhua2,QIAN Zhengyan2(1.China Merchants Heavy Industry(Jiangsu)Co.，Ltd.，Nantong226100，Jiangsu,China；2.CRRC Zhuzhou Institute Co.，Ltd.，Zhuzhou412000，Hunan,China)Abstract:With the continuous development of deep-water marine engineering technology,DP system is widely applied to the marine engineering projects for the security and operation requirements.In order to improve the reliability and efficiency of DP design,starting from the standard and industry-leading supplier system scheme,the system configuration of each level of DP is deeply studied and compared；combined with the practical application experience,the standardization design scheme is summarized and given.Key words:DP；position reference system；marine engineering；standardization scheme；closed loop power0引言目前，动力定位(Dynamic Positioning,DP)系统在海洋钻井船和多功能支持船、铺管船和半潜重吊等深水海工项目中得到广泛应用。

Design for SixSigma(DFSS)& Design for Reliability(DFR) 六西格玛设计和可靠性设计The Journey1998 – Seagate adopts Six Sigma defect reduction,cost savings1999 – Lean in Manufacturing &Supply ChainIntro BE July 20102001 – DFSS in Product & ProcessDevelopmentPage 2DFSS in the BeginningIterativeUse of historical requests Test and re-testShort term estimates Isolated CTQ optimizationPredictiveRequirements hierarchy Model buildingLong term estimates System optimizationInitial Approach:Top down Educate the masses in design centers -> “DFSS Certified”• DFSS Foundation – 2 weeks of Statistics • DFSS Project – Systems Engineering – 3 days Train the suppliers and factory BrB/BB/MBBs in DFSSIntro BE July 2010Page 3What Is Design for Six Sigma?Design for Six Sigma (DFSS):• Allows us to set “need-based” requirements for CTQs and to evaluate our capability to meet those requirements.• Is a process that focuses on predictive product design. • Emphasizes the use of statistical methods to predictproduct quality early in the design process.• Is a complement to good engineering/decision making practices.Intro BE July 2010Page 4Six Sigma Improvement Methodology1 ADefineYES2NO1.MeasureIdentify2.YES3NOAnalyzeDesign3.OptimizeYES4NOImprove5YESA4.NOValidate5.ControlA high level Business need is identified(CTQ gap)Does a Current Business Process/Product exist to address the gapAre the Processes/Products that support your key outputs optimized but still not capable of meeting customer requirements?Is the solution or part of the solution a new process, product, or service.Does the capability of one or more KPIV need to be improved to optimize KPOV?Intro BE July 2010Page 5Statistical DesignIdentify DesignOptimize ValidateIntro BE July 2010Identify Customer RequirementsTranslate Into Critical To Quality (CTQ) Measures and Key Process/Product Output Variable (KPOV) LimitsFormulate Designs/Concepts//SolutionsValidate The Measurement Systems Evaluate DesignsFor Each Top Level CTQ, Identify Key Product/Process Input Variables (KPIV’s) Develop Transfer Functions Between KeyInput and Output VariablesOptimize DesignPerform Tradeoffs to Ensure that All CTQ’s Are MetNot OKNot OK OKException ReviewDetermine TolerancesAssess Process Capability to Achieve Critical Design Parameters and Meet CTQ Limits DFSS ScoringTest & ValidationPerform Tradeoffs to Ensure that All CTQ’s Are MetNot OK OKNot OK Exception ReviewAssess Performance, Failure Modes, Reliability and RisksOKFeasibility Point TollgateNot OKPage 6BreakthroughSix Sigma and Design for Six SigmaDesign for Six SigmaDesign robust products so thatspecs can be loosenedDefectsDMAIC Six SigmaFocus on reducing variation around the meanLower Spec LimitUpper Spec Limit• Design for Six Sigma and “Standard” Six Sigma work together!Intro BE July 2010Page 7Design EvolutionFROMEvolving Design requirements Design rework Build and test performance assessment Performance and manufacturability after product is designed Quality is “tested in”REACTIVEIntro BE July 2010TODisciplined CTQ flowdown Controlled design parameters Performance modeled and simulated Design for robust performance and manufacturabilityPREDICTIVEPage 8Key Elements• Systems relationships Transfer Functions, KPIV & KPOV• Statistical Design: Meeting not only target but address variations in design• Identify, Design, Optimize, & Verify (IDOV)Intro BE July 2010Page 9Systems Engineering - FlowdownQFD/FMEASystem CTQsSubsystem CTQsSub-assembly CTQsComponents CTQsProcess CTQsIntro BE July 2010Page 10Systems View Of a Hard Disc Drive38 CTQsCustomer CTQsServo-Mech RSS-H/MMech ServoProcess CTQs7 CTQsElec/InterfaceASIC111 Subsystem CTQs FirmwareAssembly/TestCert/Test>120 Factory CTQsHSA HGA Motor/Base HDA Encl. Head Media Channel/PreampComponent CTQs...Intro BE July 2010Page 11Transfer FunctionWhat is a Transfer Function?X1X2X3f(X1,X2,…, Xn)Y…Xn• It is a relationship of the CTQ (Y) to the key input variables (X’s). • It is not necessarily as rigorous as a process model. • It is key to predicting product performance before buildingprototypes.Intro BE July 2010Page 12Getting to the y = f(x1, x2…)Physical Models - dedicated experts ü Explore design space – run simulations with DOE ü Model management processStatistical Models ü DOE, Regression, Response Surface, etc ü Parametric data analysis – especially for reliability ü MSA“All models are wrong, some are useful.” - George BoxIntro BE July 2010Page 13Flowdown/Flowup ProcessSystemIdentify Customer CTQs. Translate into System CTQs.Identify Measurement for each system CTQ.Adjust tradeoffs to reduce cost (as new σ improvementsare made).PNCTrade off mean/variance requirements to x1,x2,…,xn to best meet system CTQ need.Determine Specifications for each system CTQ (Y).Identify Transfer FunctionY=f(x1,x2,…,xn)YesCapabilitiesof allNox1,x2,…,xnknown?Obtain process capabilities for those x’s that are not yetknown.Use transfer function and experience/judgement to allocate requirements for x1,x2,…,xn to meet systemCTQ need.SubsystemsIntro BE July 2010Page 14After y = f(x1,x2..), then…Internally developed tool – handles up to 20 transfer functions Ø Runs Sensitivity Analysis, Monte Carlo simulation and determines PNC Ø Optimizes for a Figure of Merit (cost, PNC, Z-score, user specified) Ø Helps set tolerances for all inputsOptimize to a Figure of MeritWhat the customerwantsInput w VariationsIntro BE July 2010Page 15Transfer FunctionsMeeting expectation?Screened Parts?Allocate OptimizedSpecsDesign & Engineering Benefits• KPOVs & KPIVs defined by transfer function • Clear ownership of CTQs • Visibility for trade-off managementIntro BE July 2010Page 16DFSS Process IntegrationCTQ FlowdownCustomer• Marketing Inputs • Product RoadmapsPNCCTQ’sSystem• System Models/Specs • System Eng. RoadmapPNCCTQ’sSubsystems• Subsystem Simulations • Subsystem RoadmapsPNCCTQ’sComponents• Eng. Design Tools • Process CharacterizationPNCCTQ’sParts• Parts CharacterizationParts/Process/Performance Capability FlowupOwnersMarketing /Systems EngineeringSystems EngineeringSubsystem EngineeringDesign Process Centers Mfg/Suppliers/Service Mfg/Suppliers/Sourcing Design TeamsIntro BE July 2010Page 17Prospects• Understanding customer needs • Complete understanding of systems relationships • Considers not only the target but the variation indesign • Integrating models & simulators to estimate Probabilityof Non-Conformance (PNC) • Not about the number 6 but a cultural changeIntro BE July 2010Page 18Design OpportunityMost current Six Sigma effort is here.$Must move quality effort here!Cost to Correct Quality and ReliabilityResearchDesignPrototypeDefects are:Difficult to see/predict Easy to fixProductionCustomerEasy to see Costly to fixIntro BE July 2010Page 19Cost to Design and Manufacture Product6 Sigma vs. Optimal SigmaDESIGN COST MATERIALS COST MANUFACTURING COSTOptimal SettingIntro BE July 2010ZST LEVELPage 20What workedProduct & Process Development culture transformed by DFSS ü More rigorous VOC process ü Doing Systems Engineering vs components (organization change) ü Speaking the “same language” in CTQ flow down (requirements) ü Emphasis on transfer function development - Models, DOE, regression, etc. ü Using statistical thinking vs target only - Monte Carlo simulation, tolerance analysis, etc ü Applying DFR early in product & technology development, FMEAs up front ü More data driven decisionsAvg Development TimeIntro BE July 2010Page 21But Something Still Needs Beefing Up1998 – Seagate adopts Six Sigma1999 – Lean in Manufacturing &Supply ChainIntro BE July 20102001 – DFSS in Product & ProcessDevelopment2006 – Revised Design forReliability (DFR)Page 22Design for ReliabilityDFSSANOVA RegressionHypothesis TestingVOC FlowdownQFD FMEADFREnvironmental & Usage ConditionsLife Data AnalysisPhysics of FailureGeneral Linear Model Control Plans Accelerated Life TestingMSAReliability GrowthSensitivity AnalysisModelingDOEWarranty PredictionsTolerancingFA recognition– Many common tools – DFSS enables achieving high quality at launch with nominal stress conditions – DFR focuses on achieving high quality over time and across stress levelsIntro BE July 2010Page 23Enhanced DFR ProcessUpfront use of DFR Assessment Matrix in the development cycle to identify and address reliability issuesModeling Physics ofFailureDFR Summary page: Key Reliability Risks / Failure ModesIssues from prior productsParetos , Post Mortem, …Competitive AnalysisNew technologiesFMEA’s , brainstorming, …Prioritized list of key reliability risksSys FMEANew market environmental & usage conditionsPotential Failure mode *CFM team?Maturity of physics of failure modelsUnderstand fieldenvironment stressorsEffective Stress testEffective FA recognitionParametric data analysisManufacturing/ supplier controlstrategy/ metrologyDFR TeamDesign OptionsArea Specific RepresentativeFailure Mode 1YesFailure Mode 2YesFailure Mode 3YesFailure Mode 4 NoFailure Mode 5YesFailure Mode 6NoFailure Mode 7YesFailure Mode 8 Yes• The status of the DFR activities will be updated at each progra m phase gate with a DFR review of the activities associated with the stoplight matrix above.• New Key Reliability Risks / Failure Modes should be added or pa rked when engineering data justifies that action.© Seagate ConfidentialPage 2Intro BE July 2010Page 24Integration into Product DevelopmentProduct Planning, Design and Development ProcessVOCLessons LearnedRequirements Management Phase-Gates & DeliverablesData Storage DeviceDesign for Design for SixReliabilitySigmaEngineering Models and Six Sigma Tool SetsIntro BE July 2010Page 25The Journey Forward1998 – adopts DMAIC Six SigmaToday – Business Excellence1999 – Lean in Manufacturing &Supply Chain2000 – DFSS in Product & ProcessDevelopment2006 – Integrated DFRwith DFSS2007 – Research ExcellenceIntro BE July 2010Page 26Integration into Product DevelopmentLean Design & DevelopmentProduct Planning, Design and Development ProcessVOCLessons LearnedRequirements Management Phase-Gates & DeliverablesData Storage DeviceDesign for Design for SixReliabilitySigmaEngineering Models and Six Sigma Tool SetsIntro BE July 2010Page 27Tools We UseSIX SIGMA• Traditional DMAIC toolset• Traditional DFSS toolset• DFR tools• Value StreamMapping • Value-add Analysis • Error-proofing • 5S • Cycle time analysis • Benchmarking • 5 why’s • Potential problemanalysis • Work measurement•Setup reduction•Pull systems•Total productive maintenance•Shop floor management• OEE•Lean assessment•Lean diagnostic•48 hour study •Layout optimizationLEAN•Batch size reduction•Time studies•Work sampling•Red flag analysisChange Mgmt•Current reality tree •Future reality tree •Conflict resolutionThroughput focus•Critical chain project mgmt •Prerequisite tree •Transition TreeTOCIntro BE July 2010Page 28Business Excellence“Today” and “Tomorrow” elementsLeanDFSS/DFRDMAIC 6σIntro BE July 2010Research & Technology DevelopmentFutureCommitment to technology developmentAdvanced Drive Integration & PlatformTomorrowStaging, aligning and integrating technologyProduct/ ComponentDesign & Manuf.TodayExecuting to product plansFactory & DeliveryPage 29SLAM II Context DiagramProduct and Technology Portfolio ManagementProduct Planning Process Platform Integration/Technology AlignmentBi-Annual ProcessesFramework Mini MR MRMiniPOREMGen 1 Gen 2Start EM RR Gen 1 RR Gen 2SAD CTU orDRArch.MR Declare Declare Declare Declare ECQPTADrive Development à(Click here forAdvanced Drive Development (ADD) Feasibility Phase 0 DesignIntegration Qualification PilotRampMilestoneDefinitions)FrameMRDrive Development Primary Market Segment-work MRMini MRMini DRADD ExitFeas ExitEMD/ Ph0 ExitProduct Phase-Based Gen1DeclareGen2 DeclareCTU DeclareSADProcPeTAssesEC MarketT-36 T-32T-25T-22T-19T-15T-10T-6T-2T=0T+4PS MarketT-32 T-28T-25T-22T-15T-12T-9T-6T-2T=0T+X# Months prior to SADSeagate ConfidentialIntro BE July 2010Page 30Learning ObjectivesAfter completing this training, the student will be able to:•Tie together the tools and methodology covered in thisclass.•Understand how DFSS, DFR and DMAIC are interrelated.•Apply the knowledge gained to current projects.IDOV ProcessFeasibility Point TollgateException ReviewPerform Tradeoffs to Ensure thatAll CTQ ’s Are MetOKNot OKNot OKNot OKValidateOptimizeDesignIdentifyOKTranslate Into Critical To Quality (CTQ) Measures and Key Process/Product Output Variable (KPOV) LimitsFormulate Designs/Concepts//Solutions Evaluate DesignsFor Each Top Level CTQ, Identify Key Product/Process Input Variables (KPIV ’s)Identify Customer RequirementsDevelop Transfer Functions Between KeyInput and Output VariablesAssess Process Capability to Achieve Critical Design Parameters and Meet CTQ LimitsOptimize Design DFSS ScoringDetermine TolerancesTest & ValidationAssess Performance, Failure Modes,Reliability and Risks Validate The Measurement SystemsNot OKException ReviewOKPerform Tradeoffs to Ensure thatAll CTQ ’s Are MetNot OKStatistical DesignWhat ’s NeededRM Software & Business ProcessIntegration intoProductDevelopment Flow & Phase-Gate ProcessTools Development& Model ManagementIdentify VOC, CTC, Environmental,System Level CTQsRequirement Management common repository, data structure, CTQ dictionary, flowdownDesign & Optimize Transfer FunctionsAllocationsTools Application simulators, models, DOEs, Monte Carlo, optimization, etc.VerifyStress Test, MSAMeasurement Systems & Builds sample sizes, cost, qualification test, etc.Appendix: DFSS Phase ReviewIdentify Phase1. What are you designing?2. Who is the customer?3. What business need will your design fill?4. When is your design needed?5. What does the cost/benefit (effort-to-impact) analysis show?6. What priority does this development effort have in the list of active and future projects?7. Who is going to champion this design effort?8. What are the CTQ requirements for this project?9. How are you sure these are the correct and complete list of requirements? (TTM, technical, environmental, etc)10. How did you determine which requirements are critical and which are non-critical?11. What are the targets and limits for each CTQ requirement?12. How did you determine the limits for each requirement?13. What requirements or limits do you expect to change either before or after project completion? How do you plan to handle this?14. How will you measure the CTQ’s? Who owns the equipment?15. What are the potential technological barriers? Describe your plan to overcome those barriers (alternative technology, costs, etc)?16. What elements of your design will be leveraged from existing designs, and/or will be used in future designs?17. What data do you have on existing similar designs?18. How does your design compare to our competitors?19. What resources are available (both personnel and budget)?20. Who are the critical players who can significantly impact this project? Are they “on board” with the development?21. What is your timeline and milestones?22. What obstacles do you foresee? Describe how you plan to overcome them?23. What does the feasibility / risk assessment indicate? What is your risk mitigation plan?I8-1Design Phase24. What design(s) are you considering?25. Where did the design(s) come from?26. Which design best satisfies the CTQ requirements?27. What existing knowledge are you leveraging into this design?28. What are the most complex elements of your design?29. What are the critical manufacturing/process steps for your design?30. Have you demonstrated technological/manufacturing feasibility?31. What is the risk associated with each design? (risk elements include: time to market, cost, capability, meeting volume,necessary resources, technological barriers, customer receptiveness, environmental regulations and vendor/supplier support)32. What data have you collected on the design(s)?33. How was the data collected?34. What additional output will you need to measure?35. What are the gauge R & R’s for all key measurable inputs and outputs? Who takes the measurements? Who owns the gauging?36. If a better gauge is needed, what would be the cost?37. What are the critical outputs (Vital Few) affecting each CTQ?38. What are the critical inputs (Vital Few) affecting each critical output?39. Who participated in developing the list of ALL (Trivial Many) the inputs/outputs initially analyzed and what were they?40. How were the critical inputs/outputs determined?41. What are the functional relationships between the critical outputs and the CTQ’s?42. What are the functional relationships between the critical inputs and critical outputs43. What are the tentative optimums for the inputs/outputs?44. What data do you have to support your decisions?45. How did you collect your data?46. How many parts and why?47. How do you know that you took enough samples to see a real effect and not just noise? What is your confidence that the effects is real?48. For suppliers, do they agree with your analysis of what the Vital Few are?49. What will be the process flow for your design?50. Who are the potential suppliers?51. What is the supplier’s capacity? Is it sufficient to meet short and long term capacity?I8-1Optimize Phase52. What are the product tolerances for each critical input/output?53. How were the tolerances determined?54. What data do you have to support these tolerances?55. How did you collect your data?56. How many parts and why?57. How do you know that you took enough samples?58. What is the capability for each tolerance?59. Is the capability score based on short or long-term estimates of variability?60. How sensitive is the performance to the critical inputs varying at the same time (i.e. interactions) over their tolerance ranges?61. Which environmental factors impact your design the most?62. How will you compensate for environmental influences?63. What are the key reliability issues?64. How did you test for reliability?65. What is your confidence in the predicted level of capability and reliability?66. Who are the suppliers? Have they been qualified? What is their capability?67. How will the parts be inspected?68. Do you have standards to ensure inspection test reproducibility?69. What does the product design / process flow diagram look like?70. Which steps in the process are value added and which are non-value added (rework, testing, inspecting, etc)?71. What is your plan for eliminating non-value added work?72. Are all the CTQ/S limits met or exceeded by using these product/process tolerances? If not, how do you plan to resolve that fact?73. What data do you have to support that all the CTQ/S’s are being met by this design?74. What is the predicted capacity?75. What are the biggest capacity constraints?76. What is the predicted cost?77. What are the areas of greatest risk?78. What is your plan for mitigating the risk? Is the risk acceptable?I8-2Validate Phase79. What is your validation test plan and criteria?80. What data do you have to support that the CTQ’s have been met?81. What is your confidence that the CTQ’s have been met?82. Which variables are the most important to control?83. What type of process control is being implemented?84. What are the action limits and action plans?85. What is the timing of the implementation?86. Who is involved with the implementation?87. Who will take the long-term responsibility for maintaining the controls?88. What plans do you have in place to revisit the process in the future to ensure the capability is being maintained?89. When will you transfer your design?90. How will you verify successful transfer of your design?All Phases91. What success(es) have you had in this phase (beyond what you expected)?92. What roadblocks did you encounter that you needed or still need help with?93. What do you see as your next steps?94. What would you have done differently?I8-2Appendix: MiscAcronyms and SymbolsRSM Response Surface Methodology RSS Root Sum of Squaress standard deviation of a sample s 2Variance of a sample S pSystem Capability IndexSDM Statistical Design Methods SESystems EngineeringSea.DOT Seagate Design Optimization Tool SEI Software Engineering Institute SPC Statistical Process Control SS Sum of SquaresSS p Subsystem Capability Index S/W Software T Target Level TF Transfer FunctionTol ToleranceTTM Time to MarketUCL Upper Confidence Limit (Upper Control Limit in SPC)USL Upper Spec limit VOC Voice of the Customer WC Worst Casex Mean of a sampleZNumber of σ‘s that can fit between Mean and Spec limitI & T Integration & Test Phase of a Program IDOV Identify, Design, Optimize, Validate IV Independent VariableKPIV Key Product/Process Input Variable KPOV Key Product/Process Output Variable KT Kepner-TregoeLCL Lower Confidence Limit (Lower Control Limit in SPC)LSL Lower Spec LimitMAIC Measure, Analyze, Improve, Control MBB Master Black BeltME Mechanical EngineeringMGPD Multi-Generation Product Development MS Mean Sum of SquaresMSA Measurement Systems Analysis MTBF Mean Time Between Failures MTTF Mean Time To Failure p probability of an occurrence PCB Printed Circuit BoardPCD Process Capability Database PCM Process Capability ModelsPNC Probability of Non-Conformance to specificationsPp, Ppk Long term capability measures PPM Parts per MillionQFD Quality Function Deployment R&R Repeatability & Reproducibility RPNRisk Priority NumberµMean of a populationσStandard Deviation of a Population σ2Variance of a population 1-D One dimensional linear stack-up ANOVA Analysis of VarianceBBBlack BeltBOM Bill of MaterialsCp, Cpk Process Capability Index, Short Term CI Confidence Interval COQ Cost of Quality CTQ Critical to Quality df Degrees of Freedom DFA Design for AssemblyDFM Design for Manufacturability DFSS Design for Six Sigma DoEDesign of ExperimentsDPLOC Defects per line of code DPPM Defective Parts per Million DPU Defects Per Unit DV Dependent Variable EE Electrical Engineering ETTR Elapsed Time To RepairFEA Finite Element AnalysisFMEA Failure Modes and Effects Analysis GLM General Linear ModelGR&R Gage Repeatability & Reproducibility H/WHardware。

DATASHEET OverviewSynopsys PrimeWave Design Environment is a comprehensive and flexible environment for simulation and reliability analysis of analog, RF, mixed-signal design, custom-digital and memory designs within the Synopsys Custom Design Family.It delivers a seamless simulation experience around all the engines of Synopsys PrimeSim with comprehensive analysis, improved productivity, and ease of use. PrimeWave Design Environment also offers a powerful Tcl-based scripting capability enabling easy regressions across thousands of corners. It offers a unified workflow driven analysis for all Synopsys PrimeSim Reliability Analysis applications. It provides a consistent and rich verification experience across applications. Synopsys PrimeWave Design Environment offers guided analysis setup, intuitive visualization, debug, and root-causing capabilities enabling a reliability aware design methodology.Figure 1: PrimeWave Design EnvironmentUnified WorkflowDriven Environmentfor Simulation andReliability AnalysisPrimeWave Design EnvironmentKey Benefits• Unified workflow across all PrimeSim engines for all types of simulation and reliability analysis• Tightly integrated with Custom Compiler™ for analog, RF, and mixed-signal analysis or available in a command-line mode for custom-digital and memory flows• High-capacity waveform viewing capable of handling large waveform files in a multitude of file formats.• Efficient post-processing with more than a hundred built-in functions and support for HSPICE measure statements• Open environment for integration and customization• Flexible Tcl-based scripting capability for programming complex testbenches for regression and post-processing Comprehensive Environment for Analog/RF and Mixed Signal SimulationFigure 2: PrimeWave provides a comprehensive environment for analog, RF and mixed-signal simulationThe PrimeWave Design Environment is a comprehensive environment for all Synopsys simulation engines and analysis capabilities. It provides an easy-to-use simulation setup cockpit, support for grid-based job distribution and monitoring of simulation jobs, anda powerful graphical waveform viewer. Whether designing analog, mixed-signal, or RF designs on mature or advanced nodes, the PrimeWave Design Environment is a unified solution for all applications.For mixed-signal applications, the PrimeWave Design Environment offers support for both analog and digital waveforms.For RF designs such as VCOs, LNAs, and Mixers, the PrimeWave Design Environment offers built-in phase-noise, jitter, intermodulation distortion, and gain compression measurement functions.For signal integrity, the PrimeWave Design Environment supports built-in measurements for statistical eye simulations as well as specific applications such as PAM4 and DDR. With the sequential testbench feature, the PrimeWave Design Environment allows dependencies to be created between testbenches and measurements, allowing measurements from one testbench to be used in another for a specification-driven flow. The powerful parameterization capability allows any design variable or view to be transformed into a variable that the design environment can iterate through, to allow exhaustive characterization of any design.Unified Workflow Driven Environment For Reliability AnalysisFor reliability, the PrimeWave Design Environment offers a unified workflow driven setup with several features for out-of-box and customizable workflows, advanced debug, and visualizations, distributing and monitoring compute intensive jobs.203/16/23.CS1071072274-PrimeWave-Design-Environment-DS.©2023 Synopsys, Inc. All rights reserved. Synopsys is a trademark of Synopsys, Inc. in the United States and other countries. A list of Synopsys trademarks isavailable at /copyright.html . All other names mentioned herein are trademarks or registered trademarks of their respective owners.Automated Setup WizardSchematic cross-probing & annotationConsolidated view for setup/violation/waiversDesign Schematic Design SetupWaiversViolationOA View (CCK data save/restore)Figure 3: PrimeWave Design Environment offers a unified workflow driven setup with several features for customizable workflowsSome key highlights include.• Guided wizard driven setup for new users and expert mode for advanced users.• Load, visualize and cross-probe and annotate violations in the schematic and layout open access database.• Consolidated open access view saving setup, annotations, and violations.• Advanced debugging features to quickly root-cause and isolate reliability bottlenecks.Flexible and Programmable EnvironmentA modern design environment requires a robust mechanism for running batch-mode simulations, reliability analysis and regressions. The PrimeWave Design Environment is open and extensible and can be controlled in either GUI or Batch mode with scripting. The GUI is also extensible, allowing CAD teams to craft custom measurements and create bind key settings and release them across their organizations. The PrimeWave Design Environment allows any simulation setup to easily be saved as a Tcl script, allowing all the capabilities in interactive mode to be also used in batch-mode. Users can also define pre-and post-run procedures for performing calibrations and other processing of simulation data. The environment also provides flexibility to users to customize their own checks for reliability applications. It includes a rich set of open APIs that make it easy to customize the user experience.Foundry-certified, ISO26262 Compliant and Cloud Ready• The PrimeWave Design Environment supports all PrimeSim simulators for Analog, RF and Mixed Signal simulations and offers applications for full life cycle reliability verification.• PrimeSim and PrimeSim Reliability Analysis technologies are part of the ISO 26262 TCL1 certified Synopsys Custom Design tool chain and thus can be reliably used for ASIL-D applications.• PrimeSim simulation engines and PrimeSim Reliability Analysis technologies are also cloud ready with enablement andoptimization for leading public cloud platforms.For more information about Synopsys products, support services or training, visit us on the web at , contact your local sales representative or call 650.584.5000。

Vishay SiliconixSiR462DPN-Channel 30-V (D-S) MOSFETFEATURES•Halogen-free According to IEC 61249-2-21 •TrenchFET ® Power MOSFET •100 % R g Tested •100 % UIS TestedAPPLICATIONS•High-Side Switch •Server, VRM, POL •DC/DCPRODUCT SUMMARYV DS (V)R DS(on) (Ω)I D (A)Q g(Typ.)300.0079 at V GS = 10 V 30a 8.8 nC0.010 at V GS = 4.5 V30aNotes:a.Based on T C = 25 °C. Package limited.b.Surface Mounted on 1" x 1" FR4 board.c.t = 10 s.d.See Solder Profile (/ppg?73257). The PowerPAK SO-8 is a leadless package. The end of the lead terminal is exposed copper (not plated) as a result of the singulation process in manufacturing. A solder fillet at the exposed copper tip cannot be guaranteed and is not required to ensure adequate bottom side solder interconnection.e.Rework Conditions: manual soldering with a soldering iron is not recommended for leadless components.f.Maximum under Steady State conditions is 70 °C/W.ABSOLUTE MAXIMUM RATINGS T A = 25 °C, unless otherwise notedarameter Symbol Limit Unit Drain-Source Voltage V DS 30VGate-Source Voltage V GS ± 20Continuous Drain Current (T J = 150 °C)T C = 25 °C I D 30a AT C = 70 °C 30aT A = 25 °C 18.9b, cT A = 70 °C 15.1b, cPulsed Drain Current I DM 70Avalanche Current L = 0.1 mHIAS 31Avalanche Energy E AS 48mJ Continuous Source-Drain Diode Current T C = 25 °C I S30a A T A = 25 °C 4b, c Maximum Power DissipationT C = 25 °C P D 41.7W T C = 70 °C 26.7T A = 25 °C 4.8b, c T A = 70 °C 3.1b, cOperating Junction and Storage T emperature Range T J , T stg - 55 to 150°C Soldering Recommendations (Peak Temperature)d, e 260THERMAL RESISTANCE RATINGSarameter Symbol Typical MaximumUnitMaximum Junction-to-Ambientb, f t ≤ 10 s R thJA 2126°C/WMaximum Junction-to-Case (Drain)Steady StateR thJC 2.4 3.0Vishay SiliconixSiR462DPNotes:a. Pulse test; pulse width ≤ 300 µs, duty cycle ≤ 2 %.b. Guaranteed by design, not subject to production testing.Stresses beyond those listed under “Absolute Maximum Ratings” may cause permanent damage to the device. These are stress ratings only, and functional operation of the device at these or any other conditions beyond those indicated in the operational sections of the specifications is not implied. Exposure to absolute maximum rating conditions for extended periods may affect device reliability.SPECIFICATIONS T J = 25 °C, unless otherwise notedarameter Symbol Test Conditions Min. Typ.Max.UnitStaticDrain-Source Breakdown Voltage V DS V GS = 0 V , I D = 250 µA30V V DS Temperature Coefficient ΔV DS /T J I D = 250 µA32mV/°C V GS(th) T emperature Coefficient ΔV GS(th)/T J - 5.5Gate-Source Threshold Voltage V GS(th)V DS = V GS , I D = 250 µA 13V Gate-Source LeakageI GSS V DS = 0 V , V GS = ± 20 V ± 100nA Zero Gate Voltage Drain Current I DSS V DS = 30 V , V GS = 0 V 1µA V DS = 30 V , V GS = 0 V , T J = 55 °C5On-State Drain Current aI D(on) V DS ≥ 5 V, V GS = 10 V 50A Drain-Source On-State Resistance a R DS(on)V GS = 10 V , I D = 20 A 0.00650.0079ΩV GS = 4.5 V, I D = 14 A 0.00820.010Forward T ransconductance a g fsV DS = 15 V , I D = 20 A70SDynamic bInput Capacitance C iss V DS = 15 V , V GS = 0 V, f = 1 MHz1155pFOutput CapacitanceC oss 260Reverse Transfer Capacitance C rss 95Total Gate Charge Q g V DS = 15 V , V GS = 10 V , ID = 20 A 2030nC V DS = 15 V , V GS = 4.5 V , I D = 20 A 8.814Gate-Source Charge Q gs 3.5Gate-Drain Charge Q gd 2.2Gate Resistance R g f = 1 MHz0.21.02.0ΩTurn-On Delay Time t d(on) V DD = 15 V , R L = 15 ΩI D ≅ 1.0 A, V GEN = 4.5 V , R g = 17 Ω2030ns Rise Timet r 1525Turn-Off Delay Time t d(off) 2540Fall Timet f 1015Turn-On Delay Time t d(on) V DD = 15 V , R L = 15 ΩI D ≅ 1.0 A, V GEN = 10 V , R g = 1 Ω1420Rise Timet r 915Turn-Off Delay Time t d(off) 2540Fall Timet f915Drain-Source Body Diode Characteristics Continuous Source-Drain Diode Current I S T C = 25 °C30A Pulse Diode Forward Current I SM 70Body Diode VoltageV SD I S = 4.0 A, V GS = 0 V0.8 1.2V Body Diode Reverse Recovery Time t rr I F = 4.0 A, dI/dt = 100 A/µs, T J = 25 °C2142ns Body Diode Reverse Recovery Charge Q rr 1530nC Reverse Recovery Fall Time t a 12.6nsReverse Recovery Rise Timet b8.4On-Resistance vs. Drain Current and Gate VoltageGate ChargeThreshold VoltageSingle Pulse Power (Junction-to-Ambient)Vishay SiliconixSiR462DPTYPICAL CHARACTERISTICS 25°C, unless otherwise noted* The power dissipation P D is based on T J(max) = 150 °C, using junction-to-case thermal resistance, and is more useful in settling the upper dissipation limit for cases where additional heatsinking is used. It is used to determine the current rating, when this rating falls below the package limit.Power, Junction-to-Case Power, Junction-to-AmbientVishay SiliconixSiR462DPTYPICAL CHARACTERISTICS 25°C, unless otherwise notedVishay Siliconix maintains worldwide manufacturing capability. Products may be manufactured at one of several qualified locations. Reliability data for Silicon Technology and Package Reliability represent a composite of all qualified locations. For related documents such as package/tape drawings, part marking, and reliability data, see /ppg?68823.Normalized Thermal Transient Impedance, Junction-to-CaseDisclaimer Legal Disclaimer NoticeVishayAll product specifications and data are subject to change without notice.Vishay Intertechnology, Inc., its affiliates, agents, and employees, and all persons acting on its or their behalf (collectively, “Vishay”), disclaim any and all liability for any errors, inaccuracies or incompleteness contained herein or in any other disclosure relating to any product.Vishay disclaims any and all liability arising out of the use or application of any product described herein or of any information provided herein to the maximum extent permitted by law. The product specifications do not expand or otherwise modify Vishay’s terms and conditions of purchase, including but not limited to the warranty expressed therein, which apply to these products.No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted by this document or by any conduct of Vishay.The products shown herein are not designed for use in medical, life-saving, or life-sustaining applications unless otherwise expressly indicated. Customers using or selling Vishay products not expressly indicated for use in such applications do so entirely at their own risk and agree to fully indemnify Vishay for any damages arising or resulting from such use or sale. Please contact authorized Vishay personnel to obtain written terms and conditions regarding products designed for such applications.Product names and markings noted herein may be trademarks of their respective owners.元器件交易网。

Bi-Directional Safety Analysis for Product-Line, Multi-Agent SystemsJosh Dehlinger Department of Computer Science Iowa State University226 Atanasoff HallAmes, IA 500111 515-294-2735dehlinge@Robyn R. Lutz Department of Computer Science Iowa State University andJet Propulsion Laboratory/Caltech 226 Atanasoff HallAmes, IA 500111 515-294-3654rlutz@ABSTRACTSafety-critical systems composed of highly similar, semi-autonomous agents are being developed in several application domains. An example of such multi-agent systems is a fleet, or “constellation” of satellites. In constellations of satellites, each satellite is commonly treated as a distinct autonomous agent that must cooperate to achieve higher-level constellation goals. In previous work, we have shown that modeling a constellation of satellites or spacecraft as a product line of agents (where the agents have many shared commonalities and a few key differences) enables reuse of software analysis and design assets. We have also previously developed efficient safety analysis techniques for product lines.We now propose the use of Bi-Directional Safety Analysis (BDSA) to aid in system certification. We extend BDSA to product lines of multi-agent systems and show how the analysis artifacts thus produced contribute to the software’s safety case for certification purposes. The product-line approach lets us reuse portions of the safety analysis for multiple agents, significantly reducing the burden of certification. We motivate and illustrate this work through a specific application, a product-line, multi-agent satellite constellation.Categories and Subject DescriptorsI.2.11 [Artificial Intelligence]: Distributed Artificial Intelligence – multi-agent systems D.2.4 [Software Engineering]: Software/Program Verification – reliability D.2.1 [Software Engineering]: Requirements/SpecificationsGeneral TermsDesign, Reliability, Verification KeywordsSoftware safety, multi-agent systems, product-line engineering, system certification1.INTRODUCTIONThe emergence of distributed systems (e.g., formation flying of satellite constellations) as a viable and reliable architecture for mission-critical domains coupled with the advantages of adopting an agent-oriented perspective for software development has led to a number of proposed systems combining these two concepts. A multi-agent system (MAS) is an application “designed and developed in terms of autonomous software entities that can flexibly achieve their objectives by interacting with one another in terms of high-level protocols and languages” [24]. Actual proposed systems including the Terrestrial Planet Finder-I (TPF-I) spacecraft [22] and the TechSat-21 [3], Sun-Solar System Connection, Search for Earthlike Planets and Universe Exploration all rely on constellation missions to achieve their scientific goals [18]. Agent-oriented software engineering (AOSE) appears be an appropriate software development methodology for such systems [21].Certification is a process whereby a certification authority determines if an applicant provides sufficient evidence concerning the means of production of a candidate product and the characteristics of the candidate product so that the requirements of the certifying authority are fulfilled [11, 13, 19, 20]. Software safety analysis techniques, similar to those used in this work, have previously been shown to contribute to the certification of software-intensive systems in [1, 16]. However, little work has been specifically aimed at software product lines of MAS. A software product line is defined as a set of software-intensive systems sharing a common, managed set of features that satisfy the specific needs of a particular market segment or mission [23]. The work presented here tailors the safety analysis techniques to a particular AOSE methodology, Gaia, to support certification of product-line, agent-based systems.The main contribution of this paper is to extend Bi-Directional Safety Analysis (BDSA) to product line MAS and show how the analysis artifacts thus produced contribute to the software’s safety case for certification purposes. The product-line approach allowsPermission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.ITCES’06, April 4, 2006, San Jose, California, USA.Copyright 2006 ACM 1-58113-000-0/00/0004…$5.00.us to reuse portions of the safety analysis assets for multiple, similar agents, significantly reducing the burden of certification. First, we further the inclusion of safety analysis techniques into AOSE by providing a structured process to perform a Software Failure Modes, Effects, Criticality Analysis (SFMECA) for safety-critical, product-line MAS. The SFMECA is reusable for other agents in the system since our approach incorporates the product-line vision of a MAS from [6].Second, safety analysis techniques contribute to system certification of product-line MAS by verifying software design compliance with reliability, robustness and safety standards. Because the safety analysis is performed on the product line as a whole (rather than serially on each individual product-line member), the safety analysis assessment techniques described in this work may significantly reduce the time and cost of certifying a safety-critical MAS.This paper illustrates the process and contributions of this work using an agent-based implementation of a satellite constellation loosely based on the requirements for the TechSat21 [3, 21]. TechSat21 was a proposed mission, originally scheduled to launch in January 2006 but cancelled in late 2003 with much of the software reused on a subsequent mission [4]. It was designed to explore the benefits of a distributed, cooperative approach to satellites employing agents [3].The remainder of this paper is organized as follows. Section 2 reviews background and related work in software safety analysis techniques and product-line MAS. Section 3 details our approach in utilizing the BDSA technique for safety-critical, product-line MAS to assist in certifying the composite system. Finally, Section 4 provides concluding remarks and future research directions.2.BACKGROUND AND RELATED WORK The research presented here integrates existing work in software safety analysis with software engineering for multi-agent systems (MAS) to aid in system certification. Certification may apply to the development process, the developer or the actual product [16]. Since it is insufficient to certify the process or developer for the software of safety-critical systems, building a safety case that provides “an argument accompanied by evidence that all safety concerns and risks have been correctly identified and mitigated”[10] aids in the certification of the product. Further, this work builds upon our previous work of integrating the reuse potential of safety analysis assets into the design and development of product-line MAS.2.1Software Safety TechniquesSoftware safety analysis centers on the investigation of how software can jeopardize or contribute to the safety of the system [15]. Two common techniques used in software safety analysis are Software Failure Modes, Effects and Criticality Analysis (SFMECA) and Software Fault Tree Analysis (SFTA). Bi-Directional Safety Analysis (BDSA) combines these two techniques in order to provide both a forward analysis to determine systems effects of software failure modes to effects on the systems and to determine if those failure modes are possible in the system to be certified [16]. SFMECA is a tabular, forward (inductive) search technique that starts with the failure of a component or subsystem and then looks at its effect on the overall system [15]. In [17], a list of generic failure-mode guidewords is given to aid in the process of constructing a SFMECA for failure in data communication and event processing. These guidewords, when applied to the failure of a component or subsystem, help engineers systematize the process of determining the possible effects of each failure mode on other components of the system that could lead to a hazard(s). SFTA is a tree-based, backward (deductive) technique that typically has as its root node a system-wide, catastrophic event [15]. Analysis proceeds by determining the set of necessary preconditions causing the occurrence of the hazard. The set of possible causes are connected to the parent node by logic gates to describe their contributing relation. This process continues through each level of the constructed subtree until basic events are reached or until the desired level of subsystem detail is achieved.A technique to cleanly extend SFTA to software product lines was introduced in [8]. A SFTA can be constructed for an entire product line and product-line members’ fault trees can be derived from the product-line SFTA. PLFaultCAT, a graphical tool to construct a product-line SFTA, exploits this technique and then allows users to automatically derive a product-line members’ fault tree given the variabilities to be included [8].BDSA combines a search from potential failure modes to their effects with a search from possible hazards to the contributing causes of each hazard [17]. Although BDSA does not require SFMECA and SFTA to be used as the forward and backward search, respectively, we follow [12] and [16] in using these techniques in our BDSA.2.2Software Safety TechniquesReuse of software-engineering assets continues to be a demand on software system development methodologies. Software product-line engineering models provide software engineers a reuse-conscious development platform that can contribute to significantly reducing both the time and cost of software requirements specification, development, maintenance and evolution [5]. In a product line, the common, managed set of features shared by all members is the commonalities. The members of a product line may differ from each other via a set of allowed features not necessarily found in other members of the product line (i.e., the variabilities).Agent-oriented software engineering (AOSE) has provided tools and techniques allowing for natural, high-level abstractions in which software developers can understand, model and develop complex systems [24]. Several AOSE methodologies have been proposed for various types of application domains including Tropos [2] and MaSE [9]. We selected Gaia [24] as the AOSE design methodology with which to incorporate safety analysis because of its extensive documentation and acceptance in the AOSE community.The Gaia methodology centers on defining an agent based upon the role(s) that it can assume. Each role’s requirements specification is defined by its protocols (i.e., defines how agents interact), activities (i.e., the computations associated with the role that can be executed without interacting with other agents), permissions (i.e., the information resources that the role can read,change and generate) and responsibilities (i.e., the liveness and safety properties the role must ensure).Using the Gaia methodology, Dehlinger and Lutz applied the notion of an agent having different possible levels of intelligence for a given role to investigate the reuse advantages of product-line engineering in developing multi-agent systems (MAS) [6]. For example, a role in a distributed system of nodes, depending on its environment and context, may have one of the following levels of intelligence:•I4: receive/execute commands•I3: local planning and receive/execute commands•I2: local planning, interaction, partial system-knowledge and receive/execute commands•I1: system-level planning, interaction, full systems-knowledge and receive/execute commandsThe level of intelligence for a role may dynamically change during run-time depending on the system’s organization and/or goals. For example, at any given time only a single agent in a distributed system may have role X operating at intelligence level I1. However, several other agents with role X may operate at intelligence level I3 but be capable of dynamically increasing the role’s intelligence level to I1 if needed (i.e., a hot-spare/warm-spare concept). Similarly, some agents with role X may be restricted to operating only in I4 or I3 due to resource constraints or design decisions. Adopting this view, a MAS can be designed using the notions of product-line engineering to fully take advantage of the reuse principles inherent in product lines.In [7], it was shown how safety analysis can ensure the safety and reliability of product-line MAS using SFTA. This work extends [7] to include a SFMECA safety analysis enabling BDSA for product-line MAS. 3.APPLYING BI-DIRECTIONAL SAFETY ANALYSIS TO MULTI-AGENT SYSTEMS The use of Bi-Directional Safety Analysis (BDSA), detailed in Section 3.3, requires the use of forward and backward searches. In this work, we use Software Failure Modes, Effects and Criticality Analysis (SFMECA), discussed in Section 3.1, and Software Fault Tree Analysis (SFTA), discussed in Section 3.2, as the forward and backward search technique, respectively.Using the Gaia methodology [24], we situate the safety analysis step, shown in Figure 1, as using the software engineering assets (i.e., the Role Schema) of the “Analysis and Design” phase but also augmenting the requirements specifications of the “Analysis and Design” phase. Thus, the safety analysis, in addition to generating safety analysis assets (e.g., SFMECA tables, software fault trees, etc.) used to make a safety case for the software during system certification, aids in verifying the safety requirements and discovering safety requirements missed in the initial requirements specification. Again, because the multi-agent system (MAS) is viewed as a product line, the safety analysis is providing safety case assets for any product line member.In the Analysis and Design phase of the Gaia methodology [24], the software engineer specifies the requirements in a Role Schema, shown in Figure 2, when constructing a product-line MAS. Safety requirements for a role are listed in the form of safety properties that the agent must ensure in the Responsibilities section. However, Gaia provides no structured way by which to discover safety requirements. Similarly, Gaia provides no process by which to check that the safety requirements suffice to mitigate possible hazards. In the following sections, we detail how performing BDSA can help verify and complete the safety properties that a role must guarantee.Figure 1. An overview of our process situated in the Gaia-based product-line approach in developing MAS.Role Schema: Cluster Allocation Planner Schema ID: F32-I1Description:Assigns a new cluster configuration by assigning new satellite positionswithin the cluster. This is done to equalize fuel use across the cluster. Withthe I1 intelligence level, it is able to send cluster assignments to othersatellites (i.e., spacecraft level agents) in order to arrange a new cluster configuration. This may occur when a new satellite is added or in the caseof a failure of a satellite.Protocols and Activities:CalculateDeltaV, UpdateClusterInformation, MoveNewPos, DeOrbit,AssignCluster, AcceptDeltaVBids, RequestDeltaVBids,SendMoveNewPosMsg, SendDeOrbitMsgPermissions:Reads -p osition // current satellite positionvelocityIncrement // current satellite velocity incrementsupplied satelliteID // satellite identification numbersupplied velocityIncrment // satellite velocity incrementChanges -position// current satellite positionvelocityIncrement // current satellite velocity incrementGenerates -newPositionList // new position list to assign to the// satellites within the clusterResponsibilities:Liveness -Optimize the fuel use across the cluster.Safety -Prevent satellite collisions during a new cluster configuration.Figure 2. An example of the requirements specification for a role of the TechSAT21 satellite constellationspecified as a product line in Gaia’s Role Schema.3.1Forward Search Safety AnalysisThe forward analysis uses a Software Failure Modes, Effects and Criticality Analysis (SFMECA). Gaia’s Role Schema conveniently partitions a role’s requirements specifications into events (functionality) that the role can perform and data that the role can access. Like [12], we partition the SFMECA into separate analyses on the data and events. We use guidewords of [16] to steer our investigation into the possible failures within a product-line multi-agent system (MAS). We here describe first the construction of the SFMECA event table for the Gaia Role Schema and then the construction of the SFMECA data table. Each activity of a role (the non-underlined keywords listed in Gaia’s Role Schema under the Protocols and Activities section) is essentially an event (i.e., some functionality) that the role can execute. To construct a SFMECA table for the events that a role can execute, as in a standard SFMECA we use the following keywords to guide our analysis: “halt/abnormal termination”, “omission”, “incorrect logic/event” and “timing/order”. Because the role definition depends on its variation point in the Role Schema, detailed in full in [6], the derived SFMECA captures the possible event and data failures for all the near-identical satellites. Figure 3 gives an example of a partial SFMECA entry for the MoveNewPos activity for our TechSAT21 example, an event causing a satellite to alter its position in the constellation.The procedure to construct a SFMECA table for the events from the Role Schema using the event guidewords consists of the following steps:For each role:For each activity listed in the Protocols and Activities section of the Role Schema:a.Provide the event name in the appropriate column.b.Apply each of the keywords (“halt/abnormaltermination”, “omission”, “incorrect logic/event” and“timing/order”) to the event. For each keyword:Role Event Event FailureModeLocal Effect System Effect Criticality Halt/AbnormalTerminationThe position¸ velocityIncrementand newPositionList data may betemporarily incorrect since thesatellite did not complete movingto its new position. This couldpotentially affect other events suchas UpdateClusterInformation andCalculateDeltaV.The satellite will nothave moved to theposition expected byother satellites in thecluster potentiallycausing a collision.MajorOmission The satellite fails to move to itsnew assigned position in the clusterpossible causing the position¸velocityIncrement andnewPositionList data to betemporarily incorrect. This couldpotentially affect other events suchas UpdateClusterInformation andCalculateDeltaV.The satellite will nothave moved but, rathermaintain its previousposition. Othersatellites in the clustermay expect the satelliteto have moved to a newposition. This couldcause a collisionbecause of thediscrepancies betweenactual and satelliteposition.MajorClusterAllocationPlannerMoveNewPosTiming/Order The satellite fails to move to thenew position until some later,undetermined time possiblycausing its position¸velocityIncrement andnewPositionList data to may betemporarily incorrect. This couldpotentially affect other events suchas UpdateClusterInformation andCalculateDeltaV. The satellite fails tomove to its new position at the time expected by other satellites in the cluster.This could cause a collision.CriticalFigure 3. An excerpt of the SFMECA of the MoveNewPos activity of the Cluster Allocation Planner rolein the TechSAT21 satellite constellation.i.Provide the event failure mode (i.e., the keywordused to discover possible failures).ii.Describe the possible local effect(s) if the keyword failure happened to the event under consideration.The local event will likely only affect this role orthis agent and its description should not include thepropagation of its failure to other agents orcomponents of the global system.iii.Describe the possible system-level effect(s) if the keyword failure mode occurred. This columncaptures the possible emergent hazardous behaviorfrom the interaction of the agents (e.g., that acollision could occur between satellites if a satellitedoes not change its position when other satellites areexpecting it to).iv.Give the criticality (e.g., critical, major, average, etc.) of this failure as determined by the globaleffect of this failure on the system as a whole.c.Apply any additional failure modes not captured by theprovided keywords relevant to the current event and fill in the SFMECA row as appropriate. Constructing the SFMECA data table using Gaia’s Role Schema, the Permissions section lists each datum that the role can access, alter or generate. To construct a SFMECA table for the data that a role uses, we use the following keywords to guide our analysis: “incorrect value”, “absent value”, “wrong timing” and “duplicated value”. The procedure to construct a SFMECA table for the data from the Permissions section of the Role Schema is similar to that for the events’ table and is not shown here.3.2Backward Search Safety AnalysisThe backward analysis search technique used in this work utilizes a Software Fault Tree Analysis (SFTA). The SFTA can be performed in parallel and independently of the forward analysis technique(s). SFTA starts with a system hazard and traces backwards to find the contributing causes of the hypothesized root hazard. Typically, the hypothesized hazard comes from existing hazards lists or known domain hazards. If, however, the SFTA is performed following the forward analysis technique(s), each unique Possible Hazard listed in the Software Failure Modes, Effects and Criticality Analysis (SFMECA) can be used as a SFTA starting hazard. For example, it is clear from the SFMECAfor the TechSAT21 that a fault tree in the SFTA should include the hazard “satellite collision” as a root node. This is a concept of the Bi-Directional Safety Analysis (BDSA) that will be discussed further in Section 3.3.3.3Bi-Directional Safety Analysis ResultsBi-Directional Safety Analysis (BDSA) is used to verify the completeness of the forward and backward search techniques. The forward and backward techniques can be viewed as complementary since the output of the forward technique (i.e., the potential system-wide hazards) should match-up with the inputs of the backward technique. Similarly, the output of the backward technique (i.e., the low-level, local errors that cause a system-wide hazard) should match-up with the inputs of the forward technique. For example, we can verify the completeness of the SFTA by ensuring that every unique hazard listed in the Possible Hazard column of the SFMECA table with a particular level of criticality or higher (e.g., major criticality) is a root node within one of the fault trees of the SFTA.In our TechSAT21 example, BDSA was applied to ensure that all possible hazards labeled with a “major” or “critical” criticality level for the MoveNewPos event were captured as the root node of a fault tree. It was found that each “major” and “critical” level potential hazard in the SFMECA related to a collision of satellites and that the SFTA had already accounted for this hazard. However, comparing the event failures in the SFMECA that could possibly lead to a satellite collision with the leaf nodes of the fault trees where “satellite collision” is the root node led to the discovery that the SFTA failed to account for the possibility that a “timing/order” failure in the execution of the MoveNewPos event could be a contributing factor to a satellite collision. This omission in the SFTA is likely due to SFTA’s weakness in representing temporal/order-specific failures [15]. Thus, the BDSA not only helped in verifying that the results of the forward technique were the inputs for the backward technique and vice versa, but it also helped identify missing failure scenarios.3.4Applying the Safety Analysis Results to Assure SafetyBi-Directional Safety Analysis (BDSA) helped ensure that the safety analyses used for the forward and backward search techniques were consistent. In our case, the Software Failure Modes, Effects and Criticality Analysis (SFMECA) and the Software Fault Tree Analysis (SFTA) were utilized to discover further safety requirements not already specified in the Role Schema for a given role.To assess and derive safety requirements of the Role Schema using the SFMECA, the following steps suffice:For each Role Schema:a.For each data/event listed in the Data/Event column ofthe SFMECA for the role in the Role Schema:i.Decide at which level of criticality (i.e., critical,major, etc.) the role must provide mitigatingrequirements to ensure safety. This may correspondto what level of system certification is required ofthe system.ii.For each listed data/event failure mode listed in the Failure Mode column of the SFMECA with acriticality of at least the minimum criticality levelneeded for analysis (from Step i):1.Consult the local effect of the failure mode inthe Local Effect column of the SFMECA.Assure that the software mitigates the localeffect. For data, the mitigating requirementcould be some sanity check (i.e., checkingsome other piece of data or monitoring thatthe data is reasonable given the software’scurrent state). For events, the mitigationrequirement could be some guard to ensurethat the event is occurring under the rightconditions and at the appropriate time giventhe software’s current condition.2.Check to make sure that the product-lineMAS software will prevent the hazarddescribed in the Possible Hazard column ofthe SFMECA from occurring in the SFTA.That is, check that the hazard is mitigated inboth the SFMECA and SFTA.3.If the mitigation does not suffice to preventthe local effect, the software may not becompliant with system safety requirements. Applying this process on the TechSAT21 example using the partial SFMECA table, shown in Figure 3, identified several new mitigation requirements to prevent the hazard of a “satellite collision” that were then added to the Role Schema. For the “halt/abnormal termination” failure mode, the mitigation requirement was that the MoveNewPos activity be atomic (either it executes completely or not at all). Alternatively, a new NotifyFinishMoveNewPos protocol could be introduced to have the satellite notify all satellites (or the master satellite) of the completion (or non-completion) of the MoveNewPos activity. Additionally, a mitigation requirement for the “timing/order” failure mode could be to assign a timestamp deadline by which each MoveNewPos activity must complete before. Without the BDSA and SFMECA process detailed above, safety requirements such as these could be overlooked.The use of BDSA thus assists in certification of product-line MAS in two ways:•Demonstration of compliance. The use of BDSA provides assurances that certain classes of failure modes that mightoccur in the individual agents will not produceunacceptable effects in the composite system (e.g., theconstellation, or fleet). The artifacts produced in thisinvestigation (SFMECA tables, SFTAs, and the RoleSchemas responsibility statements) help demonstratecompliance of the failure-monitoring and failure-mitigation software tasked with the system safetyrequirements.•Enabling reuse of certification arguments. The use of product BDSA can reduce the burden of certification forsystems composed of identical or near-identical units. Insystems where each agent is a member of a product line,the similarities can be leveraged for efficient reuse of thesafety analysis artifacts. At the same time, the use of RoleSchemas captures any variations among the roles that theagents may assume. The Role Schemas thus help ensure。