Design, Reliability

2010年英语笔译三级考试全真模拟试题(1)总分：100分及格：60分考试时间：120分Part 1 V ocabulary Selection(1)It is impossible for people to avoid ____________by ads in the modern society．(2)As a judge, he is supposed to be fair and tries to make ____________ decisions．(3)Lilly made no attempt to ____________ the problem.(4)Why don't you ___________ insurance on your possessions?(5)___________ called just now, but he didn't mention his full name．(6)The shipping clerks must know which orders___________(7)Language learning usually ___________ conscious imitation.(8)A program to mature the technologies needed to achieve an economically ____________reusable launch vehicle is underway in the U. S.A. soundB. selectiveC. superD. scientific(9)Fans still remember the superstar they knew during her concert ___________through Guangzhou five years ago．(10)The shortage of rainfall this summer in the region is sure to cause ___________ of vegetables for the food market(11)Playing a major role in the economic life of the United States, ____________(12)It’s commonly acknowledged that infant mortality has declined because of recent medical____________and a higher standard of living．(13)Ted has been living in town for only half a year; yet he seems to be ____________ with everyone he meets．(14)Actually，much of what was being presented on the stage at that time was____________and experimental．(15)Training programs for the U.S. Peace Corps are conducted in the country or region__________the volunteer will serve.(16)I was discharged in 1947 and, motivated by intellectual curiosity, decided upon a career in medical research at a time when such a choice was not ___________(17)The Chairman seldom talked much at these meetings．but his gestures and noises spoke____________。

designed for reliability工作内容Designed for Reliability: Ensuring the Dependability of Products and ServicesIntroductionIn today's fast-paced and competitive business environment, reliability has become a critical factor for success. Whether it is a product or a service, customers expect consistency, durability, and dependability. Therefore, organizations must design their offerings with reliability in mind. This article explores the importance of reliability, strategies for designing reliable products and services, and the benefits it brings to businesses.Importance of ReliabilityReliability refers to the ability of a product or service to perform consistently and as expected over time. It is a key determinant of customer satisfaction and loyalty. A reliable product or service builds trust and credibility, which fuels positive word-of-mouth, repeat purchases, and long-term customer relationships. On the other hand, a lack of reliability can result in dissatisfied customers, negative reviews, and damage to the brand reputation.Strategies for Designing Reliable Products and Services1. Robust Design: To ensure reliability, organizations must adopt a robust design approach. This involves designing products and services that can withstand unexpected conditions and variations. Robust design minimizes the impact of external factors on performance, enhances durability, and reduces the likelihood of failures or breakdowns.2. Quality Control Measures: Implementing rigorous quality control measures is crucial in maintaining reliability. This includes conducting quality checks at every stage of the production process, utilizing statistical analysis to identify and eliminate defects or deviations, and ensuring that only high-quality components and materials are used.Continuous monitoring and improvement of quality control processes are essential for sustained reliability.3. Redundancy and Backup Systems: Building redundancy and backup systems into products and services is another effective strategy for enhancing reliability. These systems provide an alternative or backup in case of failures or disruptions, minimizing the impact on the customer. Redundancy can be achieved by incorporating duplicate components, backup power sources, or alternative service providers.4. Testing and Validation: Thorough testing and validation are key steps in designing reliable products and services. This includes conducting various stress tests, performance tests, and environmental tests to assess the product's or service's performance under different conditions. It helps identify potential weaknesses or vulnerabilities and enables organizations to make necessary improvements before launching the offering in the market.Benefits of Designing for Reliability1. Customer Satisfaction and Loyalty: Reliable products and services ensure consistent performance, leading to higher customer satisfaction and loyalty. Satisfied customers are more likely to recommend the product or service to others and become repeat customers, thereby contributing to the company's revenue and growth.2. Competitive Advantage: Reliability can provide a competitive edge in crowded markets. When customers perceive a product or service as dependable and trustworthy, they are more inclined to choose it over competitors' offerings. Reliability differentiates a company from its competitors and helps build a positive brand image.3. Cost Savings: Designing for reliability can lead to cost savings in the long run. Reliable products and services have lower maintenance and warranty costs, as they require fewer repairs or replacements. This contributes to higher profitability and improved financial performance.4. Reduced Risk: Investing in reliability reduces the risk of product failures or service disruptions, which can have significant financial and reputational consequences.By designing for reliability, organizations mitigate potential risks and ensure smoother operations.ConclusionIn a world where reliability is synonymous with quality and customer satisfaction, organizations cannot afford to overlook this crucial aspect. Designing products and services for reliability requires a holistic approach, incorporating robust design, quality control, redundancy systems, testing, and validation. By prioritizing reliability, businesses gain a competitive advantage, enhance customer satisfaction and loyalty, reduce risks, and achieve long-term success in the marketplace.。

翻译三级笔译综合能力-13(总分100,考试时间90分钟)Section 1: V ocabulary and GrammarThis section consists of 3 parts. Read the directions for each part before answering the questions.Part 1 V ocabulary SelectionIn this part, there are 20 incomplete sentences. Below each sentence, there are 4 choices marked by letters A, B, C, D respectively. Choose the word or phrase which **pletes each sentence. There is only ONE right answer. Then mark the corresponding letter as required on your machine-scoring ANSWER SHEET.1. If the profits in one year are not sufficient to pay the dividend, the ______ will be paid from the profits of later year.A. arrearB. debtC. differenceD. margin2. The purpose of a ______ is to cut down imports in order to protect domestic industry and workers from **petition.A. taxB. tollC. feeD. tariff3. The monopoly-capitalist group ______ many smaller enterprises last year.A. integratedB. mergedC. combinedD. collected4. While typing, Helen has a habit of stopping ______ to give her long and flowing hair a smooth.A. occasionallyB. simultaneouslyC. eventuallyD. promptly5. The prices quoted above do not include any taxes and levies ______ upon the Personnel by theGovernment of the project-host country.A. imposedB. importedC. improvedD. impressed6. Customers may also be permitted to ______ their current accounts for a short period in anticipation of a credit **ing in.A. overextendB. overdrawC. overvalueD. overpay7. Don't rest on your laurels, ______ your success and start looking for new markets now.A. add upB. follow upC. work upD. count up8. When travelling, you are advised to take travellers' checks, which provide a secure ______ to carrying your money in cash.A. substituteB. selectionC. preferenceD. alternative9. If you want to buy this house, the payment may be made in five ______.A. installmentsB. piecesC. sharesD. parts10. The bank manager asked his assistant if it was possible for him to ______ the investment plan within a week.A. work outB. make outC. put outD. set out11. Dozens of scientific groups all over the world have been ______ the goal of a practical and economic way to use sunlight to split water molecules.A. pursuingB. chasingC. reachingD. winning12. The local authority ______ **pany an interest-free loan to start up the new factory.A. grantedB. allocatedC. financedD. sponsored13. Changing from solid to liquid, water takes in heat from all substances near it, and this ______ produces artificial cold surrounding it.A. absorptionB. transitionC. consumptionD. interaction14. One reason for the successes of Asian immigrants in the U.S. is that they have taken great______ to educate their children.A. effortsB. painsC. attemptsD. endeavours15. Without the friction between their feet and the ground, people would ______ be able to walk.A. in no timeB. by all meansC. in no wayD. on any account16. I didn't say anything like that at all. You are purposely ______ my ideas to prove your point.A. revisingB. contradictingC. distortingD. distracting17. I never trusted him because I always thought of him as such a ______ character.A. graciousB. suspiciousC. uniqueD. particular18. Some disputes among these countries are ______ by history.A. left overB. turned overC. handed overD. taken over19. My father has been on the ______ in this factory for nearly 20 years.A. paypacketB. payoffC. payrollD. payment20. The discussion was so prolonged and exhausting that______ the speakers stopped for refreshments.A. at largeB. at intervalsC. at easeD. at randomPart 2 V ocabulary ReplacementThis part consists of 20 sentences. In each of them one word or phrase is underlined. Below each sentence, there are 4 choices marked by letters A, B, C, D respectively. Choose the word or phrase that can replace the underlined word without causing any grammatical error or changing the basic meaning of the sentence. There is only ONE right answer. Blacken the corresponding letter as required on your machine-scoring ANSWER SHEET.21. The book shifted her outlook from social to spiritual, for its theme was that before you change other people you have to change yourself.A. viewpointB. vocationC. prospectD. preference22. The promised wage increase is being held back while it is examined by the government to see if it is greater than the law allows.A. dismissedB. delayedC. neglectedD. rejected23. Thus the most logical approach is to focus our analysis on the trade relations of Spain with other European countries.A. reasoningB. conclusionC. positionD. method24. Readers are required to abide by the rules of the library and mind their manners.A. observeB. memorizeC. reviewD. compose25. She believes that she is not a good mother because she does not fit the stereotype of a woman who spends all her time with her children.A. popular imageB. common standardC. fixed conceptionD. pleasant notion26. The microscope enables scientists to distinguish an incredible number and variety of bacteriA. A. unavoidableB. unchangeableC. unbelievableD. unpredictable 27. He noticed that Joan was studying him closely, but her expression gave away nothing of what she was thinking.A. revealedB. disposedC. remindedD. distributed28. At last John Smith chose to step down as **pany's chief executive and return to his roots in software research.A. resignB. removeC. retireD. replace29. We no longer keep up the close friend ship of a few years ago though we still visit each other on occasion.A. in good timeB. up to dateC. now and thenD. once and for all30. The cost of health care and health insurance remains the most urgent health problem facing the country today.A. pressingB. importantC. neglectedD. complicated31. Many youngsters have heard their parents say "You'll never amount to anything if you keep daydreaming that way!"A. be equal toB. accomplishC. add up toD. pursue32. The university offered several more courses for the purpose of furthering the career aspirations of its students.A. ambitionsB. achievementsC. advantagesD. advances33. The senator agreed that his support of the measure would jeopardize his chances for reelection.A. benefitB. endangerC. hinderD. disturb34. The leaders of the two countries are planning their summit meeting with a pledge to maintain and develop good ties.A. strategyB. standpointC. promiseD. priority35. Safety officials have earnestly questioned whether the increased use of synthetic materialsheightens the risk of fire.A. cautiouslyB. severelyC. accuratelyD. seriously36. Many women prefer to use cosmetics to enhance their beauty and make them look younger.A. enforceB. magnifyC. improveD. polish37. Racing the clock every day is such an exhausting effort that when I actually have a few free moments, I tend to collapse.A. fall downB. fall illC. fall outD. fall behind38. Nuclear power, with all its inherent problems, is still the only option to guarantee enough energy in the future.A. solutionB. policyC. choiceD. reason39. The coach explained the regulations at length to make sure that none of his players world become violators.A. at lastB. at largeC. in detailD. in short40. By advocating moderate change, they think that they can keep consumer costs low.A. reasonableB. radicalC. immediateD. minimumPart 3 Error CorrectionThis part consists of 20 sentences. In each of them there is an underlined part that indicates an error. Below each sentence, there are 4 choices marked by letters A, B, C, D respectively. Choose the word or phrase that can replace the underlined part so that the error is corrected. There is only ONE right answer. Blacken the corresponding letter as required on your machine-scoring ANSWER SHEET.41. As an English major student at one of the most famous universities in China, I strongly believe that business English is more practical than other fields.A. a student in EnglishB. a major English studentC. an English majorD. an English student major42. These include design for reliability, design for serviceability, design for modularity and design for quality, which must be applied in the entire system.A. forB. toC. withD. as43. Our plan didn't get up the ground because no one **e.A. get overB. get onC. get offD. get through44. The engineers are going through with their highway project, in spite that the expenses have risen.A. just becauseB. even thoughC. as thoughD. now that45. The general manager demanded that the job will be completed before the summer holidays.A. would beB. must beC. beD. had to be46. **pany will provide you with free transportation as you requested and charge the installation.A. installation with a chargeB. in the installationC. freely installationD. installation in charge47. Jerry saw his dog limping on a bloody leg and jumped up the conclusion that it had been shot.A. jumped overB. jumped toC. jumped forD. jumped through48. When this agreement is signed, a circular will be prepared for given to our customers.A. given outB. given offC. dispatchesD. distribution49. The government has hardly taken measures to crack down on these crimes when new ones occurred.A. Hardly had the government takenB. The government took hardlyC. Hardly the government had takenD. The government is hardly taking50. The newspaper stories deliberately put down the actress's unattractive past.A. acted downB. played downC. wrote downD. put down51. The very real and far reaching implications inherent in the current changes being experienced by government spaceports, with terms of their effect upon the whole international **munity, are also highlighted.A. for terms ofB. as terms ofC. in terms ofD. from terms of52. Doctors warned sun-starved tourists who received too much sunlight that they were at serious risk than others of contracting skin cancer.A. with more seriousB. at seriouslyC. at more seriousD. seriously with53. We have sent an order slip to all that we have reason to believe are interested in our books.A. who are believed by usB. with who we have reason to believeC. who we have reason to believeD. with whom we believe54. It **ply strictly in safety standards to be accepted by the public, and at the same time it must demonstrate that no health or environmental damage occurs.A. thanB. toC. fromD. with55. My company is Excellent Kitchenware Company, there nearby is a big market for kitchenware in our city.A. there nearB. and there nearC. there nearlyD. and nearby there56. It will be emphasized **mercial space operations are **plex, longterm, capital-hungry, and set by a variety of risks.A. beset byB. inset byC. preset byD. reset by57. It is now clear that no such creatures as vampires have been seen and none been found in the world.A. was foundB. are foundC. have been foundD. have been found out58. We will show how the International Olympics **mercialized internationally, and are financed from corporate and private sponsorships and how this funding scenario can be used to fund new projects.A. withinB. intoC. throughD. than59. Joe will have his father's gold watch because it is handed through in the family.A. handed upB. handed belowC. handed downD. handed downwards60. The teachers want to take away with the cheating in examinations in their school.A. do away withB. put away withC. get away withD. turn away withSection 2: Reading ComprehensionIn this section you will find after each of the passages a number of questions or unfinished statements about the passage, each with 4 (A , B, C and D) choices to complete the statement. You must choose the one which you think fits best. Then blanken the corresponding letter as required on your machine-scoring ANSWER SHEET.Almost every day the media discovers an African **munity fighting some form of environmental threat from land fills, garbage dumps, petrochemical plants, refineries, bus depots, and the list goes on. For years, residents watched helplessly as **munities became dumping grounds.But citizens didn't remain silent for long. Local activists have been organizing under the mantie of environmental justice since as far back as 1968. More than three decades ago, theconcept of environmental justice had not registered on the radar screens of many environmental or civil rights groups. But environmental justice fits squarely under the civil rights umbrella. It should not be forgotten that Dr. Martin Luther King Jr. went to Memphis on an environmental and economic justice mission in 1968, seeking support for striking garbage workers who were underpaid and whose basic duties exposed them to environmentally hazardous conditions.In 1979, a landmark environmental discrimination lawsuit filed in Houston, followed by similar litigation efforts in the 1980s, rallied activists to stand up to corporations and demand government intervention.In 1991, a new breed of environmental activists gathered in Washington, D.C. , to bring national attention to pollution problems threatening low-income and **munities. Leaders introduced the concept of environmental justice, protesting that Black, poor and working-**munities often received less environmental protection than White or more **munities. The first National People of Color Environmental Leadership Summit effectively broadened what "the environment" was understood to mean. It expanded the definition to include where we live, work, play, worship and go to school, as well as the physical and natural world. In the process, the environmental justice movement changed the way environmentalism is practiced in the United States and, ultimately, worldwide.Because many issues identified at the inaugural summit remain unaddressed, the second National People of Color Environmental Leadership Summit was convened in Washington, D.C. , this past October. The second summit was planned for 500 delegates ; but more than 1,400 people attended the four-day gathering."We are pleased that the Summit Ⅱ was able to attract a record number of grassroots activists, academicians, students, researchers, planners, policy analysts and government officials. We proved to the world that our movement is alive and well, and growing," says Beverly Wright, chair of the summit. The meeting produced two dozen policy papers that show powerful environmental and health disparities between people of color and Whites.61. In Paragraph 1, the word "residents" refers to ______ in particular.A. ethnic groups in the U.S.B. the American general publicC. African AmericansD. the U.S. working-class62. The word "squarely" underlined in Paragraph 2 is closest in meaning to ______.A. fairlyB. preciselyC. honestlyD. well63. More than three decades ago, environmental justice was ______.A. controversial among local activitiesB. first proposed by Martin Luther King Jr.C. fascinating to the civil rights groupsD. barely realized by many environmentalists64. The word "intervention" underlined in Paragraph 3 is closest in meaning to ______.A. interpositionB. participationC. involvementD. management65. In 1968, Martin Luther King Jr. went to Memphis to help the garbage workers ______.A. get relieved of some of their basic dutiesB. know what environmental justice wasC. fight for better working conditionsD. recognize their dangerous surroundings66. The word "protesting" underlined in Paragraph 4 is closest in meaning to ______.A. combatB. confirmC. considerD. affirm67. Paragraph 3 implies that, in 1979, ______.A. the environmental justice issues were first brought to court in HoustonB. environmental activists cooperated in defying the U.S. governmentC. the government intervention helped promote environmental justiceD. environmental problems attracted the attention of the government68. The word "grassrot" underlined in Paragraph 6 refers to ______.A. basic levelB. middle classC. peasantD. worker69. The new breed of environmental activists differed from the previous activists in that ______.A. they noticed environmental disparities between the rich and the poorB. they cried for government intervention in saving the environmentC. they knew what "the environment" really meant to the White peopleD. they practiced environmentalism outside as well as within the U. S.70. With respect to getting environmental justice, Summit Ⅱ was aimed for ______.A. showing the achieved successB. attracting national attentionC. identifying relevant issuesD. finding solutions to the problemsCooperation is **mon endeavor of two or more people to perform a task or reach a jointly cherished goal. **petition and conflict, there are different forms of cooperation, based on group organization and attitudes.In the first form, known as primary cooperation, group and individual unite. The group contains nearly all of each individual's life. The rewards of the group's work are shared with each member. There is an interlocking identity of individual, group, and task performed. Means and goals become one, for cooperation itself is valued.While primary cooperation is most often characteristic of preliterate societies, secondary cooperation is characteristic of many modern societies. In secondary cooperation, individuals devote only part of their lives to the group. Cooperation itself is not a value. Most members of the group feel loyalty, but the welfare of the group is not the first consideration. Members perform tasks so that they can separately enjoy the fruits of their cooperation in the form of salary, prestige, or power. Business offices and professional athletic teams are examples of secondary cooperation.In the third type, called tertiary cooperation or accommodation, latent conflict underlies the shared work. The attitudes of the cooperating parties are purely opportunistic; the organization is loose and fragile. Accommodation **mon means to achieve antagonistic goals; it breaks down when **mon means cease to aid each party in reaching its goals. This is not, strictly speaking, cooperation at all, and hence the somewhat contradictory term antagonistic cooperation issometimes used for this relationship.71. What is the author's main purpose in Paragraph 1 of the passage?A. To explain how cooperation differs **petition and conflict.B. To show the importance of group organization and attitudes.C. To offer a brief definition of cooperation.D. To urge readers to cooperate more often.72. The underlined word "cherished" in Paragraph 1 is closest in meaning to ______.A. prizedB. based onC. definedD. set up73. In the primary cooperation ______.A. group and individual don't have to uniteB. the group contains nearly all of each person's lifeC. individuals work for themselvesD. people don't value cooperation74. Which of the following statements about primary cooperation is supported by information in the passage?A. It was limited in prehistoric times.B. It is usually the first stage of cooperation achieved by a group of individuals attempting to cooperate.C. It is an ideal that can never be achieved.D. It is **monly seen among people who have not yet developed reading and writing skills.75. According to the passage, why do people join groups that practice secondary cooperation?A. To share the happiness with others.B. To get rewards for themselves.C. To associate with people who have similar backgrounds.D. To defeat a common enemy.76. Which of the following is an example of the third form of cooperation as it is defined in Paragraph 4?A. Students form a study group so that all of them can improve their grades.B. A new business attempts to take customers away from an **pany.C. Two rival political parties temporarily work together to defeat a third party.D. Members of a **munity share work and the food that they grow.77. Which of the following is NOT given as a name for the third type of cooperation?A. Tertiary cooperation.B. Accommodation.C. Latent conflict.D. Antagonistic cooperation.78. The underlined word "fragile" in the last paragraph is closest in meaning to ______.A. inefficientB. easily brokenC. poorly plannedD. involuntary79. As used throughout the passage, the term "common" is closest in meaning to which of the following?A. ordinary.B. shared.C. simple.D. popular.80. Which of the following best describes the overall organization of the passage?A. The author describes a concept by analyzing its three forms.B. The **pares and contrasts two types of human relations.C. The author presents the points of view of three experts on the same topic.D. The author provides a number of concrete examples and then draws a conclusion.Phyllis Wheatley is regarded as America's first black poet. She was born in Senegal, Africa, about 1753 and brought to America aboard a slave ship at about the age of seven. John and Susannah Wheatley bought her for three pounds at a slave auction in Boston in 1761 to be a personal servant of Mrs. Wheatley. The family had three other slaves, and all were treated with respect. Phyllis was soon accepted as one of the family, which included being raised and educated with the Wheatley's twin 15-year-old children, Mary and Nathaniel. At that time, most females, even from better families, could not read and write, but Mary was probably one of the best educated young women in Boston. Mary wanted to become a teacher, and in fact, it was Mary who decided to take charge of Phyllis's education. Phyllis soon displayed her remarkable talents. At the age of twelve she was reading the Greek and Latin classics and passages from the Bible. And eventually, Mrs. Wheatley decided Phyllis should become a Christian.At the age of thirteen Phyllis wrote her first poem. She became a Boston sensation after she wrote a poem on the death of the evangelical preacher George Whitfield in 1770. It **mon practice in Boston to have" Mrs. Wheatley's Phyllis" read poetry in polite society. Mary married in 1771, and Phyllis later moved to the country because of poor health, as a teacher and caretaker to a farmer's three children. Mary had tried to interest publishers in Phyllis's poems but once they heard she was a Negro they weren't interested.Then in 1773 Phyllis went with Nathaniel, who was now a businessman, to London. It was thought that a sea voyage might improve her health. Thirty-nine of her poems were published in London as Poems on Various Subjects, Religious and Moral. It was the first book published by a black American. In 1775 Phyllis wrote a poem extolling the accomplishments of George Washington and sent it to him. He responded by praising her talents and inviting her to visit his headquarters. After both of her benefactors died in 1777, and Mary died in 1778, Phyllis was freed as a slave. She married in 1778, moved away from Boston, and had three children. But after the unhappy marriage, she moved back to Boston, and died in poverty at the age of thirty.81. What does the passage mainly discuss?A. Slavery and the treatment of the black people in America.B. The Wheatley family, including their slaves.C. The life of America's first black poet.D. The achievements of Phyllis Wheatley.82. The underlined word "respect" in Paragraph 1 is closest in meaning to ______.A. considerationB. disregardC. punishmentD. behavior83. According to the passage, how many slaves did the Wheatley's have?A. One.B. Two.C. Three.D. Four.84. According to the passage, an unusual feature of Mary was that she ______.A. was not much older than PhyllisB. wanted to become a teacherC. **paratively well educatedD. decided to take charge of Phyllis's education85. The underlined word "eventually" in Paragraph 1 is closest in meaning to ______.A. ultimatelyB. slowlyC. reluctantlyD. gradually86. Which of the following is NOT true about Phyllis in the early 1770s?A. She wrote her first poem when in her teens.B. She married in 1771.C. She became a teacher.D. She was able to get her poems publishe87. The underlined word "they" in Paragraph 2 refers to ______.A. publishersB. poemsC. childrenD. black people88. It can be inferred that Phyllis's trip to England with Nathaniel in 1773 ______.A. did not improve her healthB. was for business reasonsC. led to books of her poems being available in AmericaD. led to the publication of her poems because the English were more interested in religious and moral subjects89. The word "extolling" is closest in meaning to ______.A. welcomingB. statingC. bemoaningD. praising90. Which of the following conclusions about Phyllis is supported by the passage?A. She would have been more recognized as a poet if she had not been black.B. She would have written poetry if she had stayed in Africa.C. She went unrecognized as a poet during her lifetime.D. She only wrote religious poetry.Section 3: Cloze TestIn the following passage, there are 20 blanks representing words that are missing from the context. Below the passage, each blank has 4 choices marked by letters A, B, C and D respectively. There is only ONE right answer. Blacken the corresponding letter as required on your machine-scoring ANSWER SHEET.Comparisons were drawn between the development of television in the 20th century and the diffusion of printing in the 15th and 16th centuries. Yet much had happened (91) . As was discussed before, it was not (92) the 19th century that the newspaper became the dominant pree-leetronie (93) , following in the wake of the pamphlet and the book and in the (94) of the periodical. It was during the same time that **municationsrevolution (95) up, beginning with transport, the railway, and leading (96) through the telegraph, the telephone, radio, and motion pictures (97) the 20th-eentury world of the motor ear and the airplane. Not everyone sees that process in (98) . It is important to do so.It is generally recognized, (99) , that the introduction of **puter in the early 20th century, (100) by the invention of the integrated circuit during the 1960s, radically changed the process, (101) its impact on the media was not immediately (102) . As time went by, computers became smaller and more powerful, and they became "personal" too, as well as (103) , with display becoming sharper and storage (104) increasing. They were thought of, like people, (105) generations, with the distance between generations much (106) It was within **puter age that the term" information society" began to be widely used to describe the (107) within which we now live. **munications revolution has (108) both work and leisure and how we think and feel both about place and time, but there have been (109) views about its economic, political, social and cultural implications. "Benefits" have been weighed (110) "harmful" outcomes. And generalizations have proved difficult.91.A. betweenB. beforeC. sinceD. later92.A. afterB. byC. duringD. until93.A. meansB. methodC. mediumD. measure94.A. processB. companyC. lightD. form95.A. gatheredB. speededC. workedD. picked96.A. onB. outC. overD. off97.A. ofB. forC. beyondD. into98.A. conceptB. dimensionC. effectD. perspective99.A. indeedB. henceC. howeverD. therefore100.。

方案设计工程师英文简称IntroductionA design engineer, also known as a product engineer or development engineer, is responsible for creating and implementing new designs for products, tools, and machines. This role requires a strong understanding of engineering principles and design techniques, as well as the ability to work collaboratively with other team members. In this proposal, we will outline the responsibilities and qualifications of a design engineer, as well as a plan for recruiting and training new engineers.Responsibilities of a Design EngineerThe primary responsibility of a design engineer is to create new designs for products, tools, or machines. This includes researching and analyzing customer requirements, developing conceptual designs, and creating prototype models. Design engineers must also work closely with other team members, including manufacturing and test engineers, to ensure that their designs meet performance, quality, and cost requirements. Additionally, design engineers are responsible for identifying and resolving design issues, as well as implementing improvements to existing products.Qualifications for a Design EngineerTo be successful as a design engineer, candidates should possess a bachelor's degree in mechanical, electrical, or industrial engineering. Additionally, they should have strong technical skills, including proficiency in computer-aided design (CAD) software. Design engineers should also have excellent problem-solving and communication skills, as well as a strong attention to detail. Experience with design methodologies, such as design for manufacturability and design for reliability, is also preferred.Recruiting and Training PlanTo recruit new design engineers, we will utilize a variety of strategies, including job postings, recruitment agencies, and networking events. We will also establish relationships with engineering schools and universities to attract recent graduates. Once hired, new design engineers will undergo a comprehensive training program, which will include a combination of classroom instruction, on-the-job training, and mentorship from experienced engineers. This training will focus on developing the technical skills, problem-solving abilities, and collaborative mindset required to succeed as a design engineer.ConclusionIn conclusion, the role of a design engineer is critical to the success of any engineering organization. By outlining the responsibilities and qualifications of a design engineer, as well as a plan for recruiting and training new engineers, we can ensure that our organization is equipped to meet the demands of the ever-changing engineering industry.With a strong team of design engineers in place, we can continue to innovate and develop new products that meet the needs of our customers and drive the success of our organization. Thank you for considering this proposal.。

可制造性的设计DFX的概述鉴于DFX系列规范在改善可制造性、降低成本等方面的卓越贡献，DFX系列规范愈来愈受到企业的青睐。

虽然DFX已被各种各样地定义，但总的来说包括以下几种：DFM：Design for Manufacturing，专门为PCA组装着想的设计；DFT／DFD： Design for Test／Design for Diagnosibility专门为测试，分析着想的设计；DFA：Design for Assembly，为整机组装着想的设计；DFE：Design for Environment，为环境保护着想的设计DFF：Design for Fabrication of the PCB，专门为印刷电路板加工着想的设计；DFS：Design for Sourcing，专门为物流着想的设计；DFR：Design for Reliability，注重，产品可靠性及运输安全等方面；DFx：Design for"X"，包括以上所有。

在《加工与制造工程师手册》(Tool and Manufacturing评Engineers Handbook)一书中作者William H〃Cubberly和Raman Bake小an对DFM作了如下解释："DFM主要研究产品本身的物理设计与制造系统各部分之间的相互关系，并把它用于产品设计中以便将整个制造系统融合在一起进行总体优化。

DFM可以降低产品的开发周期和成本，使之能更顺利地投人生产。

"换言之，DFM就是在整个产品生命周期中及早的发现问题并解决问题，通过这一方法降低成本、缩短产品投人市场的时间、提高产品质量、提高产品的可制造性、缩短生产时间、提高工作效率。

以下是HP公司关于DFM的统计调查，产品总成本的60％取决于最初的设计；75％的制造成本取决于设计说明和设计规范；70-80％的生产缺陷是由于设计原因造成的。

可见DFM在产品结构中的重要性。

Design for SixSigma(DFSS)& Design for Reliability(DFR) 六西格玛设计和可靠性设计The Journey1998 – Seagate adopts Six Sigma defect reduction,cost savings1999 – Lean in Manufacturing &Supply ChainIntro BE July 20102001 – DFSS in Product & ProcessDevelopmentPage 2DFSS in the BeginningIterativeUse of historical requests Test and re-testShort term estimates Isolated CTQ optimizationPredictiveRequirements hierarchy Model buildingLong term estimates System optimizationInitial Approach:Top down Educate the masses in design centers -> “DFSS Certified”• DFSS Foundation – 2 weeks of Statistics • DFSS Project – Systems Engineering – 3 days Train the suppliers and factory BrB/BB/MBBs in DFSSIntro BE July 2010Page 3What Is Design for Six Sigma?Design for Six Sigma (DFSS):• Allows us to set “need-based” requirements for CTQs and to evaluate our capability to meet those requirements.• Is a process that focuses on predictive product design. • Emphasizes the use of statistical methods to predictproduct quality early in the design process.• Is a complement to good engineering/decision making practices.Intro BE July 2010Page 4Six Sigma Improvement Methodology1 ADefineYES2NO1.MeasureIdentify2.YES3NOAnalyzeDesign3.OptimizeYES4NOImprove5YESA4.NOValidate5.ControlA high level Business need is identified(CTQ gap)Does a Current Business Process/Product exist to address the gapAre the Processes/Products that support your key outputs optimized but still not capable of meeting customer requirements?Is the solution or part of the solution a new process, product, or service.Does the capability of one or more KPIV need to be improved to optimize KPOV?Intro BE July 2010Page 5Statistical DesignIdentify DesignOptimize ValidateIntro BE July 2010Identify Customer RequirementsTranslate Into Critical To Quality (CTQ) Measures and Key Process/Product Output Variable (KPOV) LimitsFormulate Designs/Concepts//SolutionsValidate The Measurement Systems Evaluate DesignsFor Each Top Level CTQ, Identify Key Product/Process Input Variables (KPIV’s) Develop Transfer Functions Between KeyInput and Output VariablesOptimize DesignPerform Tradeoffs to Ensure that All CTQ’s Are MetNot OKNot OK OKException ReviewDetermine TolerancesAssess Process Capability to Achieve Critical Design Parameters and Meet CTQ Limits DFSS ScoringTest & ValidationPerform Tradeoffs to Ensure that All CTQ’s Are MetNot OK OKNot OK Exception ReviewAssess Performance, Failure Modes, Reliability and RisksOKFeasibility Point TollgateNot OKPage 6BreakthroughSix Sigma and Design for Six SigmaDesign for Six SigmaDesign robust products so thatspecs can be loosenedDefectsDMAIC Six SigmaFocus on reducing variation around the meanLower Spec LimitUpper Spec Limit• Design for Six Sigma and “Standard” Six Sigma work together!Intro BE July 2010Page 7Design EvolutionFROMEvolving Design requirements Design rework Build and test performance assessment Performance and manufacturability after product is designed Quality is “tested in”REACTIVEIntro BE July 2010TODisciplined CTQ flowdown Controlled design parameters Performance modeled and simulated Design for robust performance and manufacturabilityPREDICTIVEPage 8Key Elements• Systems relationships Transfer Functions, KPIV & KPOV• Statistical Design: Meeting not only target but address variations in design• Identify, Design, Optimize, & Verify (IDOV)Intro BE July 2010Page 9Systems Engineering - FlowdownQFD/FMEASystem CTQsSubsystem CTQsSub-assembly CTQsComponents CTQsProcess CTQsIntro BE July 2010Page 10Systems View Of a Hard Disc Drive38 CTQsCustomer CTQsServo-Mech RSS-H/MMech ServoProcess CTQs7 CTQsElec/InterfaceASIC111 Subsystem CTQs FirmwareAssembly/TestCert/Test>120 Factory CTQsHSA HGA Motor/Base HDA Encl. Head Media Channel/PreampComponent CTQs...Intro BE July 2010Page 11Transfer FunctionWhat is a Transfer Function?X1X2X3f(X1,X2,…, Xn)Y…Xn• It is a relationship of the CTQ (Y) to the key input variables (X’s). • It is not necessarily as rigorous as a process model. • It is key to predicting product performance before buildingprototypes.Intro BE July 2010Page 12Getting to the y = f(x1, x2…)Physical Models - dedicated experts ü Explore design space – run simulations with DOE ü Model management processStatistical Models ü DOE, Regression, Response Surface, etc ü Parametric data analysis – especially for reliability ü MSA“All models are wrong, some are useful.” - George BoxIntro BE July 2010Page 13Flowdown/Flowup ProcessSystemIdentify Customer CTQs. Translate into System CTQs.Identify Measurement for each system CTQ.Adjust tradeoffs to reduce cost (as new σ improvementsare made).PNCTrade off mean/variance requirements to x1,x2,…,xn to best meet system CTQ need.Determine Specifications for each system CTQ (Y).Identify Transfer FunctionY=f(x1,x2,…,xn)YesCapabilitiesof allNox1,x2,…,xnknown?Obtain process capabilities for those x’s that are not yetknown.Use transfer function and experience/judgement to allocate requirements for x1,x2,…,xn to meet systemCTQ need.SubsystemsIntro BE July 2010Page 14After y = f(x1,x2..), then…Internally developed tool – handles up to 20 transfer functions Ø Runs Sensitivity Analysis, Monte Carlo simulation and determines PNC Ø Optimizes for a Figure of Merit (cost, PNC, Z-score, user specified) Ø Helps set tolerances for all inputsOptimize to a Figure of MeritWhat the customerwantsInput w VariationsIntro BE July 2010Page 15Transfer FunctionsMeeting expectation?Screened Parts?Allocate OptimizedSpecsDesign & Engineering Benefits• KPOVs & KPIVs defined by transfer function • Clear ownership of CTQs • Visibility for trade-off managementIntro BE July 2010Page 16DFSS Process IntegrationCTQ FlowdownCustomer• Marketing Inputs • Product RoadmapsPNCCTQ’sSystem• System Models/Specs • System Eng. RoadmapPNCCTQ’sSubsystems• Subsystem Simulations • Subsystem RoadmapsPNCCTQ’sComponents• Eng. Design Tools • Process CharacterizationPNCCTQ’sParts• Parts CharacterizationParts/Process/Performance Capability FlowupOwnersMarketing /Systems EngineeringSystems EngineeringSubsystem EngineeringDesign Process Centers Mfg/Suppliers/Service Mfg/Suppliers/Sourcing Design TeamsIntro BE July 2010Page 17Prospects• Understanding customer needs • Complete understanding of systems relationships • Considers not only the target but the variation indesign • Integrating models & simulators to estimate Probabilityof Non-Conformance (PNC) • Not about the number 6 but a cultural changeIntro BE July 2010Page 18Design OpportunityMost current Six Sigma effort is here.$Must move quality effort here!Cost to Correct Quality and ReliabilityResearchDesignPrototypeDefects are:Difficult to see/predict Easy to fixProductionCustomerEasy to see Costly to fixIntro BE July 2010Page 19Cost to Design and Manufacture Product6 Sigma vs. Optimal SigmaDESIGN COST MATERIALS COST MANUFACTURING COSTOptimal SettingIntro BE July 2010ZST LEVELPage 20What workedProduct & Process Development culture transformed by DFSS ü More rigorous VOC process ü Doing Systems Engineering vs components (organization change) ü Speaking the “same language” in CTQ flow down (requirements) ü Emphasis on transfer function development - Models, DOE, regression, etc. ü Using statistical thinking vs target only - Monte Carlo simulation, tolerance analysis, etc ü Applying DFR early in product & technology development, FMEAs up front ü More data driven decisionsAvg Development TimeIntro BE July 2010Page 21But Something Still Needs Beefing Up1998 – Seagate adopts Six Sigma1999 – Lean in Manufacturing &Supply ChainIntro BE July 20102001 – DFSS in Product & ProcessDevelopment2006 – Revised Design forReliability (DFR)Page 22Design for ReliabilityDFSSANOVA RegressionHypothesis TestingVOC FlowdownQFD FMEADFREnvironmental & Usage ConditionsLife Data AnalysisPhysics of FailureGeneral Linear Model Control Plans Accelerated Life TestingMSAReliability GrowthSensitivity AnalysisModelingDOEWarranty PredictionsTolerancingFA recognition– Many common tools – DFSS enables achieving high quality at launch with nominal stress conditions – DFR focuses on achieving high quality over time and across stress levelsIntro BE July 2010Page 23Enhanced DFR ProcessUpfront use of DFR Assessment Matrix in the development cycle to identify and address reliability issuesModeling Physics ofFailureDFR Summary page: Key Reliability Risks / Failure ModesIssues from prior productsParetos , Post Mortem, …Competitive AnalysisNew technologiesFMEA’s , brainstorming, …Prioritized list of key reliability risksSys FMEANew market environmental & usage conditionsPotential Failure mode *CFM team?Maturity of physics of failure modelsUnderstand fieldenvironment stressorsEffective Stress testEffective FA recognitionParametric data analysisManufacturing/ supplier controlstrategy/ metrologyDFR TeamDesign OptionsArea Specific RepresentativeFailure Mode 1YesFailure Mode 2YesFailure Mode 3YesFailure Mode 4 NoFailure Mode 5YesFailure Mode 6NoFailure Mode 7YesFailure Mode 8 Yes• The status of the DFR activities will be updated at each progra m phase gate with a DFR review of the activities associated with the stoplight matrix above.• New Key Reliability Risks / Failure Modes should be added or pa rked when engineering data justifies that action.© Seagate ConfidentialPage 2Intro BE July 2010Page 24Integration into Product DevelopmentProduct Planning, Design and Development ProcessVOCLessons LearnedRequirements Management Phase-Gates & DeliverablesData Storage DeviceDesign for Design for SixReliabilitySigmaEngineering Models and Six Sigma Tool SetsIntro BE July 2010Page 25The Journey Forward1998 – adopts DMAIC Six SigmaToday – Business Excellence1999 – Lean in Manufacturing &Supply Chain2000 – DFSS in Product & ProcessDevelopment2006 – Integrated DFRwith DFSS2007 – Research ExcellenceIntro BE July 2010Page 26Integration into Product DevelopmentLean Design & DevelopmentProduct Planning, Design and Development ProcessVOCLessons LearnedRequirements Management Phase-Gates & DeliverablesData Storage DeviceDesign for Design for SixReliabilitySigmaEngineering Models and Six Sigma Tool SetsIntro BE July 2010Page 27Tools We UseSIX SIGMA• Traditional DMAIC toolset• Traditional DFSS toolset• DFR tools• Value StreamMapping • Value-add Analysis • Error-proofing • 5S • Cycle time analysis • Benchmarking • 5 why’s • Potential problemanalysis • Work measurement•Setup reduction•Pull systems•Total productive maintenance•Shop floor management• OEE•Lean assessment•Lean diagnostic•48 hour study •Layout optimizationLEAN•Batch size reduction•Time studies•Work sampling•Red flag analysisChange Mgmt•Current reality tree •Future reality tree •Conflict resolutionThroughput focus•Critical chain project mgmt •Prerequisite tree •Transition TreeTOCIntro BE July 2010Page 28Business Excellence“Today” and “Tomorrow” elementsLeanDFSS/DFRDMAIC 6σIntro BE July 2010Research & Technology DevelopmentFutureCommitment to technology developmentAdvanced Drive Integration & PlatformTomorrowStaging, aligning and integrating technologyProduct/ ComponentDesign & Manuf.TodayExecuting to product plansFactory & DeliveryPage 29SLAM II Context DiagramProduct and Technology Portfolio ManagementProduct Planning Process Platform Integration/Technology AlignmentBi-Annual ProcessesFramework Mini MR MRMiniPOREMGen 1 Gen 2Start EM RR Gen 1 RR Gen 2SAD CTU orDRArch.MR Declare Declare Declare Declare ECQPTADrive Development à(Click here forAdvanced Drive Development (ADD) Feasibility Phase 0 DesignIntegration Qualification PilotRampMilestoneDefinitions)FrameMRDrive Development Primary Market Segment-work MRMini MRMini DRADD ExitFeas ExitEMD/ Ph0 ExitProduct Phase-Based Gen1DeclareGen2 DeclareCTU DeclareSADProcPeTAssesEC MarketT-36 T-32T-25T-22T-19T-15T-10T-6T-2T=0T+4PS MarketT-32 T-28T-25T-22T-15T-12T-9T-6T-2T=0T+X# Months prior to SADSeagate ConfidentialIntro BE July 2010Page 30Learning ObjectivesAfter completing this training, the student will be able to:•Tie together the tools and methodology covered in thisclass.•Understand how DFSS, DFR and DMAIC are interrelated.•Apply the knowledge gained to current projects.IDOV ProcessFeasibility Point TollgateException ReviewPerform Tradeoffs to Ensure thatAll CTQ ’s Are MetOKNot OKNot OKNot OKValidateOptimizeDesignIdentifyOKTranslate Into Critical To Quality (CTQ) Measures and Key Process/Product Output Variable (KPOV) LimitsFormulate Designs/Concepts//Solutions Evaluate DesignsFor Each Top Level CTQ, Identify Key Product/Process Input Variables (KPIV ’s)Identify Customer RequirementsDevelop Transfer Functions Between KeyInput and Output VariablesAssess Process Capability to Achieve Critical Design Parameters and Meet CTQ LimitsOptimize Design DFSS ScoringDetermine TolerancesTest & ValidationAssess Performance, Failure Modes,Reliability and Risks Validate The Measurement SystemsNot OKException ReviewOKPerform Tradeoffs to Ensure thatAll CTQ ’s Are MetNot OKStatistical DesignWhat ’s NeededRM Software & Business ProcessIntegration intoProductDevelopment Flow & Phase-Gate ProcessTools Development& Model ManagementIdentify VOC, CTC, Environmental,System Level CTQsRequirement Management common repository, data structure, CTQ dictionary, flowdownDesign & Optimize Transfer FunctionsAllocationsTools Application simulators, models, DOEs, Monte Carlo, optimization, etc.VerifyStress Test, MSAMeasurement Systems & Builds sample sizes, cost, qualification test, etc.Appendix: DFSS Phase ReviewIdentify Phase1. What are you designing?2. Who is the customer?3. What business need will your design fill?4. When is your design needed?5. What does the cost/benefit (effort-to-impact) analysis show?6. What priority does this development effort have in the list of active and future projects?7. Who is going to champion this design effort?8. What are the CTQ requirements for this project?9. How are you sure these are the correct and complete list of requirements? (TTM, technical, environmental, etc)10. How did you determine which requirements are critical and which are non-critical?11. What are the targets and limits for each CTQ requirement?12. How did you determine the limits for each requirement?13. What requirements or limits do you expect to change either before or after project completion? How do you plan to handle this?14. How will you measure the CTQ’s? Who owns the equipment?15. What are the potential technological barriers? Describe your plan to overcome those barriers (alternative technology, costs, etc)?16. What elements of your design will be leveraged from existing designs, and/or will be used in future designs?17. What data do you have on existing similar designs?18. How does your design compare to our competitors?19. What resources are available (both personnel and budget)?20. Who are the critical players who can significantly impact this project? Are they “on board” with the development?21. What is your timeline and milestones?22. What obstacles do you foresee? Describe how you plan to overcome them?23. What does the feasibility / risk assessment indicate? What is your risk mitigation plan?I8-1Design Phase24. What design(s) are you considering?25. Where did the design(s) come from?26. Which design best satisfies the CTQ requirements?27. What existing knowledge are you leveraging into this design?28. What are the most complex elements of your design?29. What are the critical manufacturing/process steps for your design?30. Have you demonstrated technological/manufacturing feasibility?31. What is the risk associated with each design? (risk elements include: time to market, cost, capability, meeting volume,necessary resources, technological barriers, customer receptiveness, environmental regulations and vendor/supplier support)32. What data have you collected on the design(s)?33. How was the data collected?34. What additional output will you need to measure?35. What are the gauge R & R’s for all key measurable inputs and outputs? Who takes the measurements? Who owns the gauging?36. If a better gauge is needed, what would be the cost?37. What are the critical outputs (Vital Few) affecting each CTQ?38. What are the critical inputs (Vital Few) affecting each critical output?39. Who participated in developing the list of ALL (Trivial Many) the inputs/outputs initially analyzed and what were they?40. How were the critical inputs/outputs determined?41. What are the functional relationships between the critical outputs and the CTQ’s?42. What are the functional relationships between the critical inputs and critical outputs43. What are the tentative optimums for the inputs/outputs?44. What data do you have to support your decisions?45. How did you collect your data?46. How many parts and why?47. How do you know that you took enough samples to see a real effect and not just noise? What is your confidence that the effects is real?48. For suppliers, do they agree with your analysis of what the Vital Few are?49. What will be the process flow for your design?50. Who are the potential suppliers?51. What is the supplier’s capacity? Is it sufficient to meet short and long term capacity?I8-1Optimize Phase52. What are the product tolerances for each critical input/output?53. How were the tolerances determined?54. What data do you have to support these tolerances?55. How did you collect your data?56. How many parts and why?57. How do you know that you took enough samples?58. What is the capability for each tolerance?59. Is the capability score based on short or long-term estimates of variability?60. How sensitive is the performance to the critical inputs varying at the same time (i.e. interactions) over their tolerance ranges?61. Which environmental factors impact your design the most?62. How will you compensate for environmental influences?63. What are the key reliability issues?64. How did you test for reliability?65. What is your confidence in the predicted level of capability and reliability?66. Who are the suppliers? Have they been qualified? What is their capability?67. How will the parts be inspected?68. Do you have standards to ensure inspection test reproducibility?69. What does the product design / process flow diagram look like?70. Which steps in the process are value added and which are non-value added (rework, testing, inspecting, etc)?71. What is your plan for eliminating non-value added work?72. Are all the CTQ/S limits met or exceeded by using these product/process tolerances? If not, how do you plan to resolve that fact?73. What data do you have to support that all the CTQ/S’s are being met by this design?74. What is the predicted capacity?75. What are the biggest capacity constraints?76. What is the predicted cost?77. What are the areas of greatest risk?78. What is your plan for mitigating the risk? Is the risk acceptable?I8-2Validate Phase79. What is your validation test plan and criteria?80. What data do you have to support that the CTQ’s have been met?81. What is your confidence that the CTQ’s have been met?82. Which variables are the most important to control?83. What type of process control is being implemented?84. What are the action limits and action plans?85. What is the timing of the implementation?86. Who is involved with the implementation?87. Who will take the long-term responsibility for maintaining the controls?88. What plans do you have in place to revisit the process in the future to ensure the capability is being maintained?89. When will you transfer your design?90. How will you verify successful transfer of your design?All Phases91. What success(es) have you had in this phase (beyond what you expected)?92. What roadblocks did you encounter that you needed or still need help with?93. What do you see as your next steps?94. What would you have done differently?I8-2Appendix: MiscAcronyms and SymbolsRSM Response Surface Methodology RSS Root Sum of Squaress standard deviation of a sample s 2Variance of a sample S pSystem Capability IndexSDM Statistical Design Methods SESystems EngineeringSea.DOT Seagate Design Optimization Tool SEI Software Engineering Institute SPC Statistical Process Control SS Sum of SquaresSS p Subsystem Capability Index S/W Software T Target Level TF Transfer FunctionTol ToleranceTTM Time to MarketUCL Upper Confidence Limit (Upper Control Limit in SPC)USL Upper Spec limit VOC Voice of the Customer WC Worst Casex Mean of a sampleZNumber of σ‘s that can fit between Mean and Spec limitI & T Integration & Test Phase of a Program IDOV Identify, Design, Optimize, Validate IV Independent VariableKPIV Key Product/Process Input Variable KPOV Key Product/Process Output Variable KT Kepner-TregoeLCL Lower Confidence Limit (Lower Control Limit in SPC)LSL Lower Spec LimitMAIC Measure, Analyze, Improve, Control MBB Master Black BeltME Mechanical EngineeringMGPD Multi-Generation Product Development MS Mean Sum of SquaresMSA Measurement Systems Analysis MTBF Mean Time Between Failures MTTF Mean Time To Failure p probability of an occurrence PCB Printed Circuit BoardPCD Process Capability Database PCM Process Capability ModelsPNC Probability of Non-Conformance to specificationsPp, Ppk Long term capability measures PPM Parts per MillionQFD Quality Function Deployment R&R Repeatability & Reproducibility RPNRisk Priority NumberµMean of a populationσStandard Deviation of a Population σ2Variance of a population 1-D One dimensional linear stack-up ANOVA Analysis of VarianceBBBlack BeltBOM Bill of MaterialsCp, Cpk Process Capability Index, Short Term CI Confidence Interval COQ Cost of Quality CTQ Critical to Quality df Degrees of Freedom DFA Design for AssemblyDFM Design for Manufacturability DFSS Design for Six Sigma DoEDesign of ExperimentsDPLOC Defects per line of code DPPM Defective Parts per Million DPU Defects Per Unit DV Dependent Variable EE Electrical Engineering ETTR Elapsed Time To RepairFEA Finite Element AnalysisFMEA Failure Modes and Effects Analysis GLM General Linear ModelGR&R Gage Repeatability & Reproducibility H/WHardware。

可靠性设计可靠性设计的概述：可靠性设计(reliability design):为了满足产品的可靠性要求而进行的设计;对系统和结构进行可靠性分析和预测，采用简化系统和结构、余度设计和可维修设计等措施以提高系统和结构可靠度的设计。

可靠性问题是一种综合性的系统工程。

机电产品（零件、部件、设备或系统）的可靠性也和其他产品的可靠性一样，是与其设计、制造、运输、储存、使用、维修等各个环节紧密相关的。

设计只是其中的一个环节，但却是保证产品可靠性最重要的环节，它为产品的可靠性水平奠定了先天性的基础。

因为机械产品的可靠性取决于其零部件的结构形式与尺寸、选用的材料及热处理制造工艺、检验标准、润滑条件、维修方便性以及各种安全保护措施等，而这些都是在设计阶段决定的。

可靠性问题的研究是因处理电子产品不可靠问题于第二次世界大战期间发展起来的。

可靠性设计用在机械方面的研究始于20世纪60年代，首先应用于军事和航天等工业部门，随后逐渐扩展到民用工业。

随着现代科学技术的发展和对产品质量要求的日益提高，可靠性逐步成为科学和工程中一个非常重要的概念。

机械结构的可靠性及其设计直接决定了机械结构的可靠度，因此，对机械可靠性设计的研究具有十分重要的意义。

所谓可靠性，则是指产品在规定的时间内和给定的条件下，完成规定功能的能力。

它不但直接反映产品各组成部件的质量，而且还影响到整个产品质量性能的优劣。

可靠性分为固有可靠性、使用可靠性和环境适应性。

可靠性的度量指标一般有可靠度、无故障率、失效率3种。

对于一个复杂的产品来说，为了提高整体系统的性能，都是采用提高组成产品的每个零部件的制造精度来达到；这样就使得产品的造价昂贵，有时甚至难以实现（例如对于由几万甚至几十万个零部件组成的很复杂的产品）。

事实上可靠性设计所要解决的问题就是如何从设计中入手来解决产品的可靠性，以改善对各个零部件可靠度（表示可靠性的概率）的要求。

可靠度的分配是可靠性设计的核心。

其分配原则为①按重要程度分配可靠度。

Bi-Directional Safety Analysis for Product-Line, Multi-Agent SystemsJosh Dehlinger Department of Computer Science Iowa State University226 Atanasoff HallAmes, IA 500111 515-294-2735dehlinge@Robyn R. Lutz Department of Computer Science Iowa State University andJet Propulsion Laboratory/Caltech 226 Atanasoff HallAmes, IA 500111 515-294-3654rlutz@ABSTRACTSafety-critical systems composed of highly similar, semi-autonomous agents are being developed in several application domains. An example of such multi-agent systems is a fleet, or “constellation” of satellites. In constellations of satellites, each satellite is commonly treated as a distinct autonomous agent that must cooperate to achieve higher-level constellation goals. In previous work, we have shown that modeling a constellation of satellites or spacecraft as a product line of agents (where the agents have many shared commonalities and a few key differences) enables reuse of software analysis and design assets. We have also previously developed efficient safety analysis techniques for product lines.We now propose the use of Bi-Directional Safety Analysis (BDSA) to aid in system certification. We extend BDSA to product lines of multi-agent systems and show how the analysis artifacts thus produced contribute to the software’s safety case for certification purposes. The product-line approach lets us reuse portions of the safety analysis for multiple agents, significantly reducing the burden of certification. We motivate and illustrate this work through a specific application, a product-line, multi-agent satellite constellation.Categories and Subject DescriptorsI.2.11 [Artificial Intelligence]: Distributed Artificial Intelligence – multi-agent systems D.2.4 [Software Engineering]: Software/Program Verification – reliability D.2.1 [Software Engineering]: Requirements/SpecificationsGeneral TermsDesign, Reliability, Verification KeywordsSoftware safety, multi-agent systems, product-line engineering, system certification1.INTRODUCTIONThe emergence of distributed systems (e.g., formation flying of satellite constellations) as a viable and reliable architecture for mission-critical domains coupled with the advantages of adopting an agent-oriented perspective for software development has led to a number of proposed systems combining these two concepts. A multi-agent system (MAS) is an application “designed and developed in terms of autonomous software entities that can flexibly achieve their objectives by interacting with one another in terms of high-level protocols and languages” [24]. Actual proposed systems including the Terrestrial Planet Finder-I (TPF-I) spacecraft [22] and the TechSat-21 [3], Sun-Solar System Connection, Search for Earthlike Planets and Universe Exploration all rely on constellation missions to achieve their scientific goals [18]. Agent-oriented software engineering (AOSE) appears be an appropriate software development methodology for such systems [21].Certification is a process whereby a certification authority determines if an applicant provides sufficient evidence concerning the means of production of a candidate product and the characteristics of the candidate product so that the requirements of the certifying authority are fulfilled [11, 13, 19, 20]. Software safety analysis techniques, similar to those used in this work, have previously been shown to contribute to the certification of software-intensive systems in [1, 16]. However, little work has been specifically aimed at software product lines of MAS. A software product line is defined as a set of software-intensive systems sharing a common, managed set of features that satisfy the specific needs of a particular market segment or mission [23]. The work presented here tailors the safety analysis techniques to a particular AOSE methodology, Gaia, to support certification of product-line, agent-based systems.The main contribution of this paper is to extend Bi-Directional Safety Analysis (BDSA) to product line MAS and show how the analysis artifacts thus produced contribute to the software’s safety case for certification purposes. The product-line approach allowsPermission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.ITCES’06, April 4, 2006, San Jose, California, USA.Copyright 2006 ACM 1-58113-000-0/00/0004…$5.00.us to reuse portions of the safety analysis assets for multiple, similar agents, significantly reducing the burden of certification. First, we further the inclusion of safety analysis techniques into AOSE by providing a structured process to perform a Software Failure Modes, Effects, Criticality Analysis (SFMECA) for safety-critical, product-line MAS. The SFMECA is reusable for other agents in the system since our approach incorporates the product-line vision of a MAS from [6].Second, safety analysis techniques contribute to system certification of product-line MAS by verifying software design compliance with reliability, robustness and safety standards. Because the safety analysis is performed on the product line as a whole (rather than serially on each individual product-line member), the safety analysis assessment techniques described in this work may significantly reduce the time and cost of certifying a safety-critical MAS.This paper illustrates the process and contributions of this work using an agent-based implementation of a satellite constellation loosely based on the requirements for the TechSat21 [3, 21]. TechSat21 was a proposed mission, originally scheduled to launch in January 2006 but cancelled in late 2003 with much of the software reused on a subsequent mission [4]. It was designed to explore the benefits of a distributed, cooperative approach to satellites employing agents [3].The remainder of this paper is organized as follows. Section 2 reviews background and related work in software safety analysis techniques and product-line MAS. Section 3 details our approach in utilizing the BDSA technique for safety-critical, product-line MAS to assist in certifying the composite system. Finally, Section 4 provides concluding remarks and future research directions.2.BACKGROUND AND RELATED WORK The research presented here integrates existing work in software safety analysis with software engineering for multi-agent systems (MAS) to aid in system certification. Certification may apply to the development process, the developer or the actual product [16]. Since it is insufficient to certify the process or developer for the software of safety-critical systems, building a safety case that provides “an argument accompanied by evidence that all safety concerns and risks have been correctly identified and mitigated”[10] aids in the certification of the product. Further, this work builds upon our previous work of integrating the reuse potential of safety analysis assets into the design and development of product-line MAS.2.1Software Safety TechniquesSoftware safety analysis centers on the investigation of how software can jeopardize or contribute to the safety of the system [15]. Two common techniques used in software safety analysis are Software Failure Modes, Effects and Criticality Analysis (SFMECA) and Software Fault Tree Analysis (SFTA). Bi-Directional Safety Analysis (BDSA) combines these two techniques in order to provide both a forward analysis to determine systems effects of software failure modes to effects on the systems and to determine if those failure modes are possible in the system to be certified [16]. SFMECA is a tabular, forward (inductive) search technique that starts with the failure of a component or subsystem and then looks at its effect on the overall system [15]. In [17], a list of generic failure-mode guidewords is given to aid in the process of constructing a SFMECA for failure in data communication and event processing. These guidewords, when applied to the failure of a component or subsystem, help engineers systematize the process of determining the possible effects of each failure mode on other components of the system that could lead to a hazard(s). SFTA is a tree-based, backward (deductive) technique that typically has as its root node a system-wide, catastrophic event [15]. Analysis proceeds by determining the set of necessary preconditions causing the occurrence of the hazard. The set of possible causes are connected to the parent node by logic gates to describe their contributing relation. This process continues through each level of the constructed subtree until basic events are reached or until the desired level of subsystem detail is achieved.A technique to cleanly extend SFTA to software product lines was introduced in [8]. A SFTA can be constructed for an entire product line and product-line members’ fault trees can be derived from the product-line SFTA. PLFaultCAT, a graphical tool to construct a product-line SFTA, exploits this technique and then allows users to automatically derive a product-line members’ fault tree given the variabilities to be included [8].BDSA combines a search from potential failure modes to their effects with a search from possible hazards to the contributing causes of each hazard [17]. Although BDSA does not require SFMECA and SFTA to be used as the forward and backward search, respectively, we follow [12] and [16] in using these techniques in our BDSA.2.2Software Safety TechniquesReuse of software-engineering assets continues to be a demand on software system development methodologies. Software product-line engineering models provide software engineers a reuse-conscious development platform that can contribute to significantly reducing both the time and cost of software requirements specification, development, maintenance and evolution [5]. In a product line, the common, managed set of features shared by all members is the commonalities. The members of a product line may differ from each other via a set of allowed features not necessarily found in other members of the product line (i.e., the variabilities).Agent-oriented software engineering (AOSE) has provided tools and techniques allowing for natural, high-level abstractions in which software developers can understand, model and develop complex systems [24]. Several AOSE methodologies have been proposed for various types of application domains including Tropos [2] and MaSE [9]. We selected Gaia [24] as the AOSE design methodology with which to incorporate safety analysis because of its extensive documentation and acceptance in the AOSE community.The Gaia methodology centers on defining an agent based upon the role(s) that it can assume. Each role’s requirements specification is defined by its protocols (i.e., defines how agents interact), activities (i.e., the computations associated with the role that can be executed without interacting with other agents), permissions (i.e., the information resources that the role can read,change and generate) and responsibilities (i.e., the liveness and safety properties the role must ensure).Using the Gaia methodology, Dehlinger and Lutz applied the notion of an agent having different possible levels of intelligence for a given role to investigate the reuse advantages of product-line engineering in developing multi-agent systems (MAS) [6]. For example, a role in a distributed system of nodes, depending on its environment and context, may have one of the following levels of intelligence:•I4: receive/execute commands•I3: local planning and receive/execute commands•I2: local planning, interaction, partial system-knowledge and receive/execute commands•I1: system-level planning, interaction, full systems-knowledge and receive/execute commandsThe level of intelligence for a role may dynamically change during run-time depending on the system’s organization and/or goals. For example, at any given time only a single agent in a distributed system may have role X operating at intelligence level I1. However, several other agents with role X may operate at intelligence level I3 but be capable of dynamically increasing the role’s intelligence level to I1 if needed (i.e., a hot-spare/warm-spare concept). Similarly, some agents with role X may be restricted to operating only in I4 or I3 due to resource constraints or design decisions. Adopting this view, a MAS can be designed using the notions of product-line engineering to fully take advantage of the reuse principles inherent in product lines.In [7], it was shown how safety analysis can ensure the safety and reliability of product-line MAS using SFTA. This work extends [7] to include a SFMECA safety analysis enabling BDSA for product-line MAS. 3.APPLYING BI-DIRECTIONAL SAFETY ANALYSIS TO MULTI-AGENT SYSTEMS The use of Bi-Directional Safety Analysis (BDSA), detailed in Section 3.3, requires the use of forward and backward searches. In this work, we use Software Failure Modes, Effects and Criticality Analysis (SFMECA), discussed in Section 3.1, and Software Fault Tree Analysis (SFTA), discussed in Section 3.2, as the forward and backward search technique, respectively.Using the Gaia methodology [24], we situate the safety analysis step, shown in Figure 1, as using the software engineering assets (i.e., the Role Schema) of the “Analysis and Design” phase but also augmenting the requirements specifications of the “Analysis and Design” phase. Thus, the safety analysis, in addition to generating safety analysis assets (e.g., SFMECA tables, software fault trees, etc.) used to make a safety case for the software during system certification, aids in verifying the safety requirements and discovering safety requirements missed in the initial requirements specification. Again, because the multi-agent system (MAS) is viewed as a product line, the safety analysis is providing safety case assets for any product line member.In the Analysis and Design phase of the Gaia methodology [24], the software engineer specifies the requirements in a Role Schema, shown in Figure 2, when constructing a product-line MAS. Safety requirements for a role are listed in the form of safety properties that the agent must ensure in the Responsibilities section. However, Gaia provides no structured way by which to discover safety requirements. Similarly, Gaia provides no process by which to check that the safety requirements suffice to mitigate possible hazards. In the following sections, we detail how performing BDSA can help verify and complete the safety properties that a role must guarantee.Figure 1. An overview of our process situated in the Gaia-based product-line approach in developing MAS.Role Schema: Cluster Allocation Planner Schema ID: F32-I1Description:Assigns a new cluster configuration by assigning new satellite positionswithin the cluster. This is done to equalize fuel use across the cluster. Withthe I1 intelligence level, it is able to send cluster assignments to othersatellites (i.e., spacecraft level agents) in order to arrange a new cluster configuration. This may occur when a new satellite is added or in the caseof a failure of a satellite.Protocols and Activities:CalculateDeltaV, UpdateClusterInformation, MoveNewPos, DeOrbit,AssignCluster, AcceptDeltaVBids, RequestDeltaVBids,SendMoveNewPosMsg, SendDeOrbitMsgPermissions:Reads -p osition // current satellite positionvelocityIncrement // current satellite velocity incrementsupplied satelliteID // satellite identification numbersupplied velocityIncrment // satellite velocity incrementChanges -position// current satellite positionvelocityIncrement // current satellite velocity incrementGenerates -newPositionList // new position list to assign to the// satellites within the clusterResponsibilities:Liveness -Optimize the fuel use across the cluster.Safety -Prevent satellite collisions during a new cluster configuration.Figure 2. An example of the requirements specification for a role of the TechSAT21 satellite constellationspecified as a product line in Gaia’s Role Schema.3.1Forward Search Safety AnalysisThe forward analysis uses a Software Failure Modes, Effects and Criticality Analysis (SFMECA). Gaia’s Role Schema conveniently partitions a role’s requirements specifications into events (functionality) that the role can perform and data that the role can access. Like [12], we partition the SFMECA into separate analyses on the data and events. We use guidewords of [16] to steer our investigation into the possible failures within a product-line multi-agent system (MAS). We here describe first the construction of the SFMECA event table for the Gaia Role Schema and then the construction of the SFMECA data table. Each activity of a role (the non-underlined keywords listed in Gaia’s Role Schema under the Protocols and Activities section) is essentially an event (i.e., some functionality) that the role can execute. To construct a SFMECA table for the events that a role can execute, as in a standard SFMECA we use the following keywords to guide our analysis: “halt/abnormal termination”, “omission”, “incorrect logic/event” and “timing/order”. Because the role definition depends on its variation point in the Role Schema, detailed in full in [6], the derived SFMECA captures the possible event and data failures for all the near-identical satellites. Figure 3 gives an example of a partial SFMECA entry for the MoveNewPos activity for our TechSAT21 example, an event causing a satellite to alter its position in the constellation.The procedure to construct a SFMECA table for the events from the Role Schema using the event guidewords consists of the following steps:For each role:For each activity listed in the Protocols and Activities section of the Role Schema:a.Provide the event name in the appropriate column.b.Apply each of the keywords (“halt/abnormaltermination”, “omission”, “incorrect logic/event” and“timing/order”) to the event. For each keyword:Role Event Event FailureModeLocal Effect System Effect Criticality Halt/AbnormalTerminationThe position¸ velocityIncrementand newPositionList data may betemporarily incorrect since thesatellite did not complete movingto its new position. This couldpotentially affect other events suchas UpdateClusterInformation andCalculateDeltaV.The satellite will nothave moved to theposition expected byother satellites in thecluster potentiallycausing a collision.MajorOmission The satellite fails to move to itsnew assigned position in the clusterpossible causing the position¸velocityIncrement andnewPositionList data to betemporarily incorrect. This couldpotentially affect other events suchas UpdateClusterInformation andCalculateDeltaV.The satellite will nothave moved but, rathermaintain its previousposition. Othersatellites in the clustermay expect the satelliteto have moved to a newposition. This couldcause a collisionbecause of thediscrepancies betweenactual and satelliteposition.MajorClusterAllocationPlannerMoveNewPosTiming/Order The satellite fails to move to thenew position until some later,undetermined time possiblycausing its position¸velocityIncrement andnewPositionList data to may betemporarily incorrect. This couldpotentially affect other events suchas UpdateClusterInformation andCalculateDeltaV. The satellite fails tomove to its new position at the time expected by other satellites in the cluster.This could cause a collision.CriticalFigure 3. An excerpt of the SFMECA of the MoveNewPos activity of the Cluster Allocation Planner rolein the TechSAT21 satellite constellation.i.Provide the event failure mode (i.e., the keywordused to discover possible failures).ii.Describe the possible local effect(s) if the keyword failure happened to the event under consideration.The local event will likely only affect this role orthis agent and its description should not include thepropagation of its failure to other agents orcomponents of the global system.iii.Describe the possible system-level effect(s) if the keyword failure mode occurred. This columncaptures the possible emergent hazardous behaviorfrom the interaction of the agents (e.g., that acollision could occur between satellites if a satellitedoes not change its position when other satellites areexpecting it to).iv.Give the criticality (e.g., critical, major, average, etc.) of this failure as determined by the globaleffect of this failure on the system as a whole.c.Apply any additional failure modes not captured by theprovided keywords relevant to the current event and fill in the SFMECA row as appropriate. Constructing the SFMECA data table using Gaia’s Role Schema, the Permissions section lists each datum that the role can access, alter or generate. To construct a SFMECA table for the data that a role uses, we use the following keywords to guide our analysis: “incorrect value”, “absent value”, “wrong timing” and “duplicated value”. The procedure to construct a SFMECA table for the data from the Permissions section of the Role Schema is similar to that for the events’ table and is not shown here.3.2Backward Search Safety AnalysisThe backward analysis search technique used in this work utilizes a Software Fault Tree Analysis (SFTA). The SFTA can be performed in parallel and independently of the forward analysis technique(s). SFTA starts with a system hazard and traces backwards to find the contributing causes of the hypothesized root hazard. Typically, the hypothesized hazard comes from existing hazards lists or known domain hazards. If, however, the SFTA is performed following the forward analysis technique(s), each unique Possible Hazard listed in the Software Failure Modes, Effects and Criticality Analysis (SFMECA) can be used as a SFTA starting hazard. For example, it is clear from the SFMECAfor the TechSAT21 that a fault tree in the SFTA should include the hazard “satellite collision” as a root node. This is a concept of the Bi-Directional Safety Analysis (BDSA) that will be discussed further in Section 3.3.3.3Bi-Directional Safety Analysis ResultsBi-Directional Safety Analysis (BDSA) is used to verify the completeness of the forward and backward search techniques. The forward and backward techniques can be viewed as complementary since the output of the forward technique (i.e., the potential system-wide hazards) should match-up with the inputs of the backward technique. Similarly, the output of the backward technique (i.e., the low-level, local errors that cause a system-wide hazard) should match-up with the inputs of the forward technique. For example, we can verify the completeness of the SFTA by ensuring that every unique hazard listed in the Possible Hazard column of the SFMECA table with a particular level of criticality or higher (e.g., major criticality) is a root node within one of the fault trees of the SFTA.In our TechSAT21 example, BDSA was applied to ensure that all possible hazards labeled with a “major” or “critical” criticality level for the MoveNewPos event were captured as the root node of a fault tree. It was found that each “major” and “critical” level potential hazard in the SFMECA related to a collision of satellites and that the SFTA had already accounted for this hazard. However, comparing the event failures in the SFMECA that could possibly lead to a satellite collision with the leaf nodes of the fault trees where “satellite collision” is the root node led to the discovery that the SFTA failed to account for the possibility that a “timing/order” failure in the execution of the MoveNewPos event could be a contributing factor to a satellite collision. This omission in the SFTA is likely due to SFTA’s weakness in representing temporal/order-specific failures [15]. Thus, the BDSA not only helped in verifying that the results of the forward technique were the inputs for the backward technique and vice versa, but it also helped identify missing failure scenarios.3.4Applying the Safety Analysis Results to Assure SafetyBi-Directional Safety Analysis (BDSA) helped ensure that the safety analyses used for the forward and backward search techniques were consistent. In our case, the Software Failure Modes, Effects and Criticality Analysis (SFMECA) and the Software Fault Tree Analysis (SFTA) were utilized to discover further safety requirements not already specified in the Role Schema for a given role.To assess and derive safety requirements of the Role Schema using the SFMECA, the following steps suffice:For each Role Schema:a.For each data/event listed in the Data/Event column ofthe SFMECA for the role in the Role Schema:i.Decide at which level of criticality (i.e., critical,major, etc.) the role must provide mitigatingrequirements to ensure safety. This may correspondto what level of system certification is required ofthe system.ii.For each listed data/event failure mode listed in the Failure Mode column of the SFMECA with acriticality of at least the minimum criticality levelneeded for analysis (from Step i):1.Consult the local effect of the failure mode inthe Local Effect column of the SFMECA.Assure that the software mitigates the localeffect. For data, the mitigating requirementcould be some sanity check (i.e., checkingsome other piece of data or monitoring thatthe data is reasonable given the software’scurrent state). For events, the mitigationrequirement could be some guard to ensurethat the event is occurring under the rightconditions and at the appropriate time giventhe software’s current condition.2.Check to make sure that the product-lineMAS software will prevent the hazarddescribed in the Possible Hazard column ofthe SFMECA from occurring in the SFTA.That is, check that the hazard is mitigated inboth the SFMECA and SFTA.3.If the mitigation does not suffice to preventthe local effect, the software may not becompliant with system safety requirements. Applying this process on the TechSAT21 example using the partial SFMECA table, shown in Figure 3, identified several new mitigation requirements to prevent the hazard of a “satellite collision” that were then added to the Role Schema. For the “halt/abnormal termination” failure mode, the mitigation requirement was that the MoveNewPos activity be atomic (either it executes completely or not at all). Alternatively, a new NotifyFinishMoveNewPos protocol could be introduced to have the satellite notify all satellites (or the master satellite) of the completion (or non-completion) of the MoveNewPos activity. Additionally, a mitigation requirement for the “timing/order” failure mode could be to assign a timestamp deadline by which each MoveNewPos activity must complete before. Without the BDSA and SFMECA process detailed above, safety requirements such as these could be overlooked.The use of BDSA thus assists in certification of product-line MAS in two ways:•Demonstration of compliance. The use of BDSA provides assurances that certain classes of failure modes that mightoccur in the individual agents will not produceunacceptable effects in the composite system (e.g., theconstellation, or fleet). The artifacts produced in thisinvestigation (SFMECA tables, SFTAs, and the RoleSchemas responsibility statements) help demonstratecompliance of the failure-monitoring and failure-mitigation software tasked with the system safetyrequirements.•Enabling reuse of certification arguments. The use of product BDSA can reduce the burden of certification forsystems composed of identical or near-identical units. Insystems where each agent is a member of a product line,the similarities can be leveraged for efficient reuse of thesafety analysis artifacts. At the same time, the use of RoleSchemas captures any variations among the roles that theagents may assume. The Role Schemas thus help ensure。

扬智咨询公司更多资料 George.hu@工欲善其事，必先利其器《论语·魏灵公》：“工欲善其事，必先利其器。

居是邦 也，事其大夫之贤者，友其士之仁者。

”印制这本小册子的宗旨在于给关注和实施六西格 玛的业界人士提供便利。

抛砖引玉，这本小册子的背后是扬智在六西格玛 咨询过程中智慧的结晶。

比如扬智出版的系列工具类图书，是实施六西格 玛经理人必备手册。

比如扬智拥有系列专业工具类培训课程，这些课 程是根据客户的需要，量身定做。

扬智可以针对企业、学员的薄弱环节，进行一些 实用工具的培训，如六西格玛中SPC、DOE、FMEA， 精益运营中的IE、均衡生产等等。

通过实用工具的培 训，与其他培训和咨询相辅相成、互为补充，促进以 上各个方面的进一步应用。

扬智部分特色工具培训课程： MINITAB与应用统计课程培训 SPC课程培训 DOE课程培训 FMEA课程培训 QFD课程培训 MSA课程培训 田口式品质工程课程《精益六西格玛评论》编辑部1扬智咨询公司更多资料 George.hu@A英文名称Analyze Average quality loss AC Acceptable quality level, AQL Accuracy Adjustment factor ANOVA Axiomatic design AV Acceptance testing procedure, ATP Activity based cost, ABC Advanced quality system, AQS 分析 平均质量损失 检验成本 合格质量水平 准确性; 准确度 调节因子 方差分析 公理性设计 检验者偏差 验收检验规程 作业成本法 先进质量体系中文名称2扬智咨询公司更多资料 George.hu@B英文名称Balanced scorecard Bias Blocking Box-Behnken design Black belt, BB 英文名称 Benchmarking Block Bottleneck technique Business case Box-whisker plots中文名称平衡计分卡 偏差,偏倚 划分区组 Box-Behnken设计 黑带 中文名称 水平对比 区组,模块 瓶颈技术 经营情况 箱线图3扬智咨询公司更多资料 George.hu@C英文名称Cause and effect diagram 因果图中文名称Center line, CL Central composite design Central composite inscribed design, CCI Champion Cause and effect matrix Central composite circumscribed design, CCC Central composite face-centered design, CCF Continuous flow manufacturing, CFM Charter Common cause Concurrent engineering Confidence interval中心线 中心复合设计 中心复合有界设计 倡导者 C&E矩阵矩 因果矩阵中心复合序贯设计 中心复合表面设计 连续流生产 特许任务书 偶然原因 并行工程 置信区间4扬智咨询公司更多资料 George.hu@英文名称Confounded Control array Coding Complete randomized design Confidence coefficient, 1-a Confirmation Contingency tables Control chart Control limits Controlled factor Critical to quality, CTQ Correlation coefficient Cost of conformity Cost of nonconformity 混杂 控制表 代码化中文名称完全随机化设计 置信水平1-a 验证试验 列联表 控制图 控制界限 可控因子 关键质量特性 相关系数 符合性质量成本 非符合性质量成本5扬智咨询公司更多资料 George.hu@英文名称Cost of poor quality COPQ Critical value Customer CUSUM control chart Cycle-time reduction CAP CI COE COPIS CTP CQI Critical to process, CTP Cross array Customer requirements 劣质成本 临界值 顾客中文名称累积和控制图 缩短周期 加速变革流程 置信区间 绩效中心 客户-输出-流程-输入-供应商 关键流程要素 持续质量改进 关键过程特性 乘积表;交叉表 顾客要求6扬智咨询公司更多资料 George.hu@英文名称Cycle time, CT COQ CPM CQA CQ C&E Matrix CVP Cp , Cpk 周期时间 质量成本中文名称关键路径法 客户品质保证 商业质量 因果矩阵 特征核实计划 流程能力指数D英文名称 Data analysis Defects per million opportunity, DPMO Defects per opportunity, DPO 中文名称 数据分析 百万机会缺陷数 机会缺陷率7扬智咨询公司更多资料 George.hu@英文名称 Defects per unit, DPU Design failure mode and effect analysis, DFMEA Design for assembly, DFA Design for cost, DFC Design for environment, DFE Design for manufacturing, DFM Design for reliability &maintainability, DFRM Design for service, DFS Design for test, DFT Design mapping process Design of experiment, DOE Detection Digital simulation Discrimination中文名称 单位缺陷数 设计FMEA 面向装配的设计 面向成本的设计 面向环境的设计 面向制造的设计 面向可靠性和维修性的 设计 面向售后服务的设计 面向试验的设计 设计的映射过程 试验设计 检测难度 数字仿真 分辨力8扬智咨询公司更多资料 George.hu@英文名称 Dispersion factor DFSS DQ DMAIC DMADV中文名称 散度因子 六西格玛设计 设计质量 定义-测量-分析-改进控制 定义-测量-分析-设计验证9扬智咨询公司更多资料 George.hu@E英文名称Engineering specialty integration Event tree analysis Experiment environment Experimental error External noise Effect Estimable Experiment unit Experimental run Extreme vertices design中文名称工程专业综合 事件树分析 试验环境 试验误差 外噪声 效应,效果 可估计的 试验单元 试验 极端顶点设计法1扬智咨询公司更多资料 George.hu@F英文名称Factor Factorial design Failure Failure mode Failure mode Failure mode and effects analysis, FMEA Failure tree analysis, FTA Flow chart Flow diagram Fractional factorial design Full factorial design F-test Financial effect analyst, FEA 因子 因子设计 故障;失效 故障模式 失效模式与影响分析 故障树分析 流程图 流程图 部分实施因子设计 全因子设计 F检验 财务审核员中文名称2扬智咨询公司更多资料 George.hu@G英文名称Gantt chart Generator Goal statement Goodness-of-fit test Green Belts, GB 甘特图 生成元 目标陈述 拟合优度检验 绿带中文名称H英文名称Hidden factory Histogram Hypothesis testing中文名称隐蔽工厂 直方图 假设检验3扬智咨询公司更多资料 George.hu@I英文名称Ideal technical system Independence assumption Independent axiom Information axiom Inherent process variation Interaction Interaction effect Internal noise Interval estimate Interval measurement scale Inter-outer array ITO I & MR中文名称理想技术系统 独立性假设 独立性公理 信息公理 过程固有波动 交互作用 交互效应 内噪声 区间估计 定距测量尺度 内外表 问询至订单 单值和移动极差(控制图)4扬智咨询公司更多资料 George.hu@K英文名称KPIV KPOV KQC KPI KPO中文名称关键过程输入变量 关键流程输出变量 关键质量特征 关键流程输入 关键流程输出L英文名称Lack of fit Level Level of confidence Life cycle cost, LCC 失拟 水平 置信水平 全寿命周期费用中文名称5扬智咨询公司更多资料 George.hu@英文名称Lower control limit, LCL Location and dispersion modeling Linearity LSL Location factor LT LF LTY LS中文名称控制下限 位置和散度建模法 线性 规格下限 位置因子 长期 最后完成 长期产出率 最后开始M英文名称Main effect Master black belt, MBB中文名称主效应,主效果 黑带大师6扬智咨询公司更多资料 George.hu@英文名称MTBF Mean square of error, MSE Multiple comparison Mini-problem Multiple regression Mixtures of distributions Multi-way layout Multiple correlation coefficient MTB Multi-vari chart MGP MSA MS MTW中文名称平均故障间隔时间 均方误差 多重比较 缩小的问题 多元回归分析 分布的混合 多向分类 多元全相关系数 MINITAB 多变异图 多代产品计划 测量系统分析 材料报废 MINITAB工作表7扬智咨询公司更多资料 George.hu@N英文名称Natural limits Near rotatability Nested design NPV Noise array Noise factor Nominal measurement scale Non value-added activities Nonparametric test Normal effect plot n N NPI中文名称自然界限 近似旋转性 嵌套设计 净现值 噪声表 噪声因子 名义测量尺度 非增值活动 非参数检验 正态效应图 在每个子群中的观测数 观测值的总数 新产品导入8扬智咨询公司更多资料 George.hu@O英文名称Occurrence One-factor One-factor-at-one-time One-way layout 0rdinal measurement scale Orthogonal array One-factor Orthogonal experimental design Orthogonal polynomial regression Output requirements Overfitting O 频度 单因子 单因子变化法;一次一因子 法 单向分类 定序测量尺度 正交表 正交试验设计法 正交多向式回归 输出要求 超拟合 输出中文名称9扬智咨询公司更多资料 George.hu@OP OCC OTR OJT机会 发生率 订单到汇款 在职培训P英文名称P,np,c,u Control chart Paired comparison design Paired –comparison test Parameter design Pareto effect plot Pareto chart Partial balanced incomplete block design Path of steepest ascent中文名称P,np,c,u控制图 配对比较设计 配对数据检验 参数设计 帕拉效应图 排列图;帕拉图 部分平衡不完全区组设计 最速前进方向1扬智咨询公司更多资料 George.hu@英文名称PDPC Physical mapping Plackett-Burman design Planning matrix Point estimate Poka-Yoke Polynomial regression Precision Pre-control Probability density function, pdf Problem/opportunity statement Process Process analysis PCI中文名称过程决策程序图法 物理映射 Plackett-Burman 设计 计划矩阵;实施矩阵 点估计 防差错措施 多向式回归 精度;精密度 预控制 概率密度函数 问题/机会描述 过程 过程分析 过程能力指数2扬智咨询公司更多资料 George.hu@英文名称Process control plan PFMEA Process Mapping Program evaluation review technique, PERT Project scope Pugh matrix P-Value PI P PM PC PPM PDCA PQ中文名称过程管理技术 过程FMEA 过程映射 计划评审法 项目范围 普氏矩阵 p-值 预测区间 流程或概率 流程管理 预防成本 百万缺陷数 计划、执行、检查、行动 产品质量或 生产质量3扬智咨询公司更多资料 George.hu@英文名称P&E Pp, Ppk中文名称厂房和设备 长期流程能力指数Q英文名称Quality function deployment, QFD Quality house Quality loss function QPC QA QPT QC中文名称质量功能展开 质量屋 质量损失函数 质量、生产力和竞争力 质量保证 质量项目跟踪 质量控制R4扬智咨询公司更多资料 George.hu@英文名称 Randomization Randomized block design Ratio measurement scale Rational subgrouping Region of rejection Regression and correlation analysis Regression design Rejectable quality level, PQL Repeatability Repetition Reproducibility Requirement mapping Residual diagnostic Resolution中文名称 随机化 随机区组设计 定比测量尺度 合理子组化 拒绝域 回归和相关分析 回归设计 拒收质量水平 重复性 同单元的重复 再现性 需求映射 残差诊断 分辩度5扬智咨询公司更多资料 George.hu@英文名称 Response model Response modeling Response surface methodology, RSM Response Risk priority number, RPN Robust design Robust parameter design ROI Run chart Rolled throughput yield, RTY Rotatability RMP RC RPN中文名称 响应模型 响应建模 响应曲面方法 响应变量 风险度;风险系数 稳健设计;健壮设计 稳健参数设计;健壮参数设计 投资收益率;投资回报率 运行图,链图 流通合格率,直通率 旋转性 风险管理流程 返工成本 风险优先值6扬智咨询公司更多资料 George.hu@英文名称 RCA R&R RCT中文名称 根本原因分析 重复性与再现性 区域客户小组S英文名称Screening design Service requirements Setting Severity, SEV Short-run SPC Sigma calculation Signal factor Signal to noise ratio中文名称因子筛选设计 服务要求 设置 严重度 短期生产统计过程控制技术 西格玛水平计算 信号因子 信噪比;S/N比7扬智咨询公司更多资料 George.hu@英文名称Signal-response system Simple response Simple response system Simplex centroid Simplex lattice Single array SIPOC analysis and map Six sigma design scorecard Single minute exchange of die, SMED Special Cause Stakeholders Stability Static parameter design Standard work中文名称信号—响应系统 简单响应 简单响应系统 单纯形重心法 单纯形格点法 单一表 SIPOC分析和图 六西格玛设计计分卡 快速换模 异常原因,特殊原因 利益相关方 稳定性 静态参数设计 标准作业8扬智咨询公司更多资料 George.hu@英文名称Statistical Quality control, SQC Statistical process control, SPC Stem-and-leaf Steepest ascent search Sum of squares Substance-field analysis Symmetrical orthogonal array Supplier-input-process-outputcustomer map, SIPOC Stdev System design SIPOC SPC SL中文名称统计质量控制 统计过程控制 茎叶图 最速上升法 平方和 物体-场分析 对称正交表 SIPOC图;高端流程图;宏观流程 图 标准偏差 系统设计 供应商-输入-流程-输出-客户 统计过程控制 规格界限9扬智咨询公司更多资料 George.hu@ST SMART SSB SST SSW短期 具体、可测量、可达到、相 关、有时间性 组间平方和 总平方和 组内平方和T英文名称 中文名称1扬智咨询公司更多资料 George.hu@英文名称The effects of interactions between inputs Test statistic Tolerance The effects of time relationships Test statistic Type of design of experiment Total productive maintenance, TPM Target中文名称输入变量间交互作用的影响 检验统计量 容差 时间关系效应 检验统计量 试验设计类型 全面生产维护 目标2扬智咨询公司更多资料 George.hu@英文名称Two-way layout TOP TMC 双向分类 机会总数中文名称生产总成本U英文名称 Uncontrolled factor 中文名称 非可控因子3扬智咨询公司更多资料 George.hu@Uniform precision Unit USL UCL一致均匀精度 单位 规格上限 控制上限V英文名称 Value engineering/value analysis, VE/VA Variance component modeling 中文名称 价值工程与价值分析 方差分量模型4扬智咨询公司更多资料 George.hu@Verification & validation testing VOB VOC双V试验;V&V试验 企业之声 客户之声X英文名称X-bar and R control chart X-bar and S control chart X中文名称均值一极差控制图 均值一标准差控制图 独立变量5扬智咨询公司更多资料 George.hu@X bar and R平均数和极差图Y英文名称Y Yellow Belt YB中文名称非独立变量 黄带6扬智咨询公司更多资料 George.hu@Z英文名称 Zst Zlt 短期Z 长期Z 中文名称7扬智咨询公司更多资料 George.hu@扬智系列工具书推介：目前，随着六西格玛管理在各行各业的逐渐推广与应用，六西格玛的理念和方法论已渐渐让一 些企业管理人士熟识和掌握。

DiMo:Distributed Node Monitoring in WirelessSensor NetworksAndreas Meier†,Mehul Motani∗,Hu Siquan∗,and Simon Künzli‡†Computer Engineering and Networks Lab,ETH Zurich,Switzerland∗Electrical&Computer Engineering,National University of Singapore,Singapore‡Siemens Building T echnologies,Zug,SwitzerlandABSTRACTSafety-critical wireless sensor networks,such as a distributed fire-or burglar-alarm system,require that all sensor nodes are up and functional.If an event is triggered on a node, this information must be forwarded immediately to the sink, without setting up a route on demand or having tofind an alternate route in case of a node or link failure.Therefore, failures of nodes must be known at all times and in case of a detected failure,an immediate notification must be sent to the network operator.There is usually a bounded time limit,e.g.,five minutes,for the system to report network or node failure.This paper presents DiMo,a distributed and scalable solution for monitoring the nodes and the topology, along with a redundant topology for increased robustness. Compared to existing solutions,which traditionally assume a continuous data-flow from all nodes in the network,DiMo observes the nodes and the topology locally.DiMo only reports to the sink if a node is potentially failed,which greatly reduces the message overhead and energy consump-tion.DiMo timely reports failed nodes and minimizes the false-positive rate and energy consumption compared with other prominent solutions for node monitoring.Categories and Subject DescriptorsC.2.2[Network Protocols]:Wireless Sensor NetworkGeneral TermsAlgorithms,Design,Reliability,PerformanceKeywordsLow power,Node monitoring,Topology monitoring,WSN 1.INTRODUCTIONDriven by recent advances in low power platforms and protocols,wireless sensor networks are being deployed to-day to monitor the environment from wildlife habitats[1] Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on thefirst page.To copy otherwise,to republish,to post on servers or to redistribute to lists,requires prior specific permission and/or a fee.MSWiM’08,October27–31,2008,Vancouver,BC,Canada.Copyright2008ACM978-1-60558-235-1/08/10...$5.00.to mission-criticalfire-alarm systems[5].There are,how-ever,still some obstacles in the way for mass application of wireless sensor networks.One of the key challenges is the management of the wireless sensor network itself.With-out a practical management system,WSN maintenance will be very difficult for network administrators.Furthermore, without a solid management plan,WSNs are not likely to be accepted by industrial users.One of the key points in the management of a WSN is the health status monitoring of the network itself.Node failures should be captured by the system and reported to adminis-trators within a given delay constraint.Due to the resource constraints of WSN nodes,traditional network management protocols such as SNMP adopted by TCP/IP networks are not suitable for sensor networks.In this paper,we con-sider a light-weight network management approach tailored specifically for WSNs and their unique constraints. Currently,WSN deployments can be categorized by their application scenario:data-gathering applications and event-detection applications.For data-gathering systems,health status monitoring is quite straight forward.Monitoring in-formation can be forwarded to the sink by specific health status packets or embedded in the regular data packets.Ad-ministrators can usually diagnose the network with a helper program.NUCLEUS[6]is one of the network management systems for data-gathering application of WSN.Since event-detection deployments do not have regular traffic to send to the sink,the solutions for data-gathering deployments are not suitable.In this case,health status monitoring can be quite challenging and has not been discussed explicitly in the literature.In an event-detection WSN,there is no periodic data trans-fer,i.e.,nodes maintain radio silence until there is an event to report.While this is energy efficient,it does mean that there is no possibility for the sink to decide whether the net-work is still up and running(and waiting for an event to be detected)or if some nodes in the network have failed and are therefore silent.Furthermore,for certain military ap-plications or safety-critical systems,the specifications may include a hard time constraint for accomplishing the node health status monitoring task.In an event-detection WSN,the system maintains a net-work topology that allows for forwarding of data to a sink in the case of an event.Even though there is no regular data transfer in the network,the network should always be ready to forward a message to the sink immediately when-ever necessary.It is this urgency of data forwarding that makes it undesirable to set up a routing table and neighborlist after the event has been detected.The lack of regular data transfer in the network also leads to difficulty in de-tecting bad quality links,making it challenging to establish and maintain a stable robust network topology.While we have mentioned event-detection WSNs in gen-eral,we accentuate that the distributed node monitoring problem we are considering is inspired by a real-world ap-plication:a distributed indoor wireless alarm system which includes a sensor for detection of a specific alarm such as fire(as studied in[5]).To illustrate the reporting require-ments of such a system,we point out that regulatory speci-fications require afire to be reported to the control station within10seconds and a node failure to be reported within 5minutes[9].This highlights the importance of the node-monitoring problem.In this paper,we present a solution for distributed node monitoring called DiMo,which consists of two functions: (i)Network topology maintenance,introduced in Section2, and(ii)Node health status monitoring,introduced in Sec-tion3.We compare DiMo to existing state-of-the-art node monitoring solutions and evaluate DiMo via simulations in Section4.1.1Design GoalsDiMo is developed based on the following design goals:•In safety critical event monitoring systems,the statusof the nodes needs to be monitored continuously,allow-ing the detection and reporting of a failed node withina certain failure detection time T D,e.g.,T D=5min.•If a node is reported failed,a costly on-site inspectionis required.This makes it of paramount interest todecrease the false-positive rate,i.e.,wrongly assuminga node to have failed.•In the case of an event,the latency in forwarding theinformation to the sink is crucial,leaving no time toset up a route on demand.We require the system tomaintain a topology at all times.In order to be robustagainst possible link failures,the topology needs toprovide redundancy.•To increase efficiency and minimize energy consump-tion,the two tasks of topology maintenance(in par-ticular monitoring of the links)and node monitoringshould be combined.•Maximizing lifetime of the network does not necessar-ily translate to minimizing the average energy con-sumption in the network,but rather minimizing theenergy consumption of the node with the maximal loadin the network.In particular,the monitoring shouldnot significantly increase the load towards the sink.•We assume that the event detection WSN has no reg-ular data traffic,with possibly no messages for days,weeks or even months.Hence we do not attempt to op-timize routing or load balancing for regular data.Wealso note that approaches like estimating links’perfor-mance based on the ongoing dataflow are not possibleand do not take them into account.•Wireless communications in sensor networks(especially indoor deployments)is known for its erratic behav-ior[2,8],likely due to multi-path fading.We assumesuch an environment with unreliable and unpredictablecommunication links,and argue that message lossesmust be taken into account.1.2Related WorkNithya et al.discuss Sympathy in[3],a tool for detect-ing and debugging failures in pre-and post-deployment sen-sor networks,especially designed for data gathering appli-cations.The nodes send periodic heartbeats to the sink that combines this information with passively gathered data to detect failures.For the failure detection,the sink re-quires receiving at least one heartbeat from the node every so called sweep interval,i.e.,its lacking indicates a node fail-ure.Direct-Heartbeat performs poorly in practice without adaptation to wireless packet losses.To meet a desired false positive rate,the rate of heartbeats has to be increased also increasing the communication cost.NUCLEUS[6]follows a very similar approach to Sympathy,providing a manage-ment system to monitor the heath status of data-gathering applications.Rost et al.propose with Memento a failure detection sys-tem that also requires nodes to periodically send heartbeats to the so called observer node.Those heartbeats are not directly forwarded to the sink node,but are aggregated in form of a bitmask(i.e.,bitwise OR operation).The ob-server node is sweeping its bitmask every sweep interval and will forward the bitmask with the node missing during the next sweep interval if the node fails sending a heartbeat in between.Hence the information of the missing node is disseminated every sweep interval by one hop,eventually arriving at the sink.Memento is not making use of ac-knowledgements and proactively sends multiple heartbeats every sweep interval,whereas this number is estimated based on the link’s estimated worst-case performance and the tar-geted false positive rate.Hence Memento and Sympathy do both send several messages every sweep interval,most of them being redundant.In[5],Strasser et al.propose a ring based(hop count)gos-siping scheme that provides a latency bound for detecting failed nodes.The approach is based on a bitmask aggre-gation,beingfilled ring by ring based on a tight schedule requiring a global clock.Due to the tight schedule,retrans-missions are limited and contention/collisions likely,increas-ing the number of false positives.The approach is similar to Memento[4],i.e.,it does not scale,but provides latency bounds and uses the benefits of acknowledgements on the link layer.2.TOPOLOGY MAINTENANCEForwarding a detected event without any delay requires maintaining a redundant topology that is robust against link failures.The characteristics of such a redundant topology are discussed subsequently.The topology is based on so called relay nodes,a neighbor that can provide one or more routes towards the sink with a smaller cost metric than the node itself has.Loops are inherently ruled out if packets are always forwarded to relay nodes.For instance,in a simple tree topology,the parent is the relay node and the cost metric is the hop count.In order to provide redundancy,every node is connected with at least two relay nodes,and is called redundantly con-nected.Two neighboring nodes can be redundantly con-nected by being each others relay,although having the same cost metric,only if they are both connected to the sink. This exception allows the nodes neighboring the sink to be redundantly connected and avoids having a link to the sinkas a single point of failure.In a(redundantly)connected network,all deployed nodes are(redundantly)connected.A node’s level L represents the minimal hop count to the sink according to the level of its relay nodes;i.e.,the relay with the least hop count plus one.The level is infinity if the node is not connected.The maximal hop count H to the sink represents the longest path to the sink,i.e.,if at every hop the relay node with the highest maximal hop count is chosen.If the node is redundantly connected,the node’s H is the maximum hop count in the set of its relays plus one, if not,the maximal hop count is infinity.If and only if all nodes in the network have afinite maximal hop count,the network is redundantly connected.The topology management function aims to maintain a redundantly connected network whenever possible.This might not be possible for sparsely connected networks,where some nodes might only have one neighbor and therefore can-not be redundantly connected by definition.Sometimes it would be possible tofind alternative paths with a higher cost metric,which in turn would largely increase the overhead for topology maintenance(e.g.,for avoiding loops).For the cost metric,the tuple(L,H)is used.A node A has the smaller cost metric than node B ifL A<L B∨(L A=L B∧H A<H B).(1) During the operation of the network,DiMo continuously monitors the links(as described in Section3),which allows the detection of degrading links and allows triggering topol-ogy adaptation.Due to DiMo’s redundant structure,the node is still connected to the network,during this neighbor search,and hence in the case of an event,can forward the message without delay.3.MONITORING ALGORITHMThis section describes the main contribution of this paper, a distributed algorithm for topology,link and node monitor-ing.From the underlying MAC protocol,it is required that an acknowledged message transfer is supported.3.1AlgorithmA monitoring algorithm is required to detect failed nodes within a given failure detection time T D(e.g.,T D=5min).A node failure can occur for example due to hardware fail-ures,software errors or because a node runs out of energy. Furthermore,an operational node that gets disconnected from the network is also considered as failed.The monitoring is done by so called observer nodes that monitor whether the target node has checked in by sending a heartbeat within a certain monitoring time.If not,the ob-server sends a node missing message to the sink.The target node is monitored by one observer at any time.If there are multiple observer nodes available,they alternate amongst themselves.For instance,if there are three observers,each one observes the target node every third monitoring time. The observer node should not only check for the liveliness of the nodes,but also for the links that are being used for sending data packets to the sink in case of a detected event. These two tasks are combined by selecting the relay nodes as observers,greatly reducing the network load and maximiz-ing the network lifetime.In order to ensure that all nodes are up and running,every node is observed at all times. The specified failure detection time T D is an upper bound for the monitoring interval T M,i.e.,the interval within which the node has to send a heartbeat.Since failure detec-tion time is measured at the sink,the detection of a missing node at the relay needs to be forwarded,resulting in an ad-ditional maximal delay T L.Furthermore,the heartbeat can be delayed as well,either by message collisions or link fail-ures.Hence the node should send the heartbeat before the relay’s monitoring timer expires and leave room for retries and clock drift within the time window T R.So the monitor-ing interval has to be set toT M≤T D−T L−T R(2) and the node has to ensure that it is being monitored every T M by one of its observers.The schedule of reporting to an observer is only defined for the next monitoring time for each observer.Whenever the node checks in,the next monitoring time is announced with the same message.So for every heartbeat sent,the old monitoring timer at the observer can be cancelled and a new timer can be set according the new time.Whenever,a node is newly observed or not being observed by a particular observer,this is indicated to the sink.Hence the sink is always aware of which nodes are being observed in the network,and therefore always knows which nodes are up and running.This registration scheme at the sink is an optional feature of DiMo and depends on the user’s requirements.3.2Packet LossWireless communication always has to account for possi-ble message losses.Sudden changes in the link quality are always possible and even total link failures in the order of a few seconds are not uncommon[2].So the time T R for send-ing retries should be sufficiently long to cover such blanks. Though unlikely,it is possible that even after a duration of T R,the heartbeat could not have been successfully for-warded to the observer and thus was not acknowledged,in spite of multiple retries.The node has to assume that it will be reported miss-ing at the sink,despite the fact it is still up and running. Should the node be redundantly connected,a recovery mes-sage is sent to the sink via another relay announcing be-ing still alive.The sink receiving a recovery message and a node-missing message concerning the same node can neglect these messages as they cancel each other out.This recov-ery scheme is optional,but minimizes the false positives by orders of magnitudes as shown in Section4.3.3Topology ChangesIn the case of a new relay being announced from the topol-ogy management,a heartbeat is sent to the new relay,mark-ing it as an observer node.On the other hand,if a depre-cated relay is announced,this relay might still be acting as an observer,and the node has to check in as scheduled.How-ever,no new monitor time is announced with the heartbeat, which will release the deprecated relay of being an observer.3.4Queuing PolicyA monitoring buffer exclusively used for monitoring mes-sages is introduced,having the messages queued according to a priority level,in particular node-missing messagesfirst. Since the MAC protocol and routing engine usually have a queuing buffer also,it must be ensured that only one single monitoring message is being handled by the lower layers atthe time.Only if an ACK is received,the monitoring mes-sage can be removed from the queue(if a NACK is received, the message remains).DiMo only prioritizes between the different types of monitoring messages and does not require prioritized access to data traffic.4.EV ALUATIONIn literature,there are very few existing solutions for mon-itoring the health of the wireless sensor network deployment itself.DiMo is thefirst sensor network monitoring solution specifically designed for event detection applications.How-ever,the two prominent solutions of Sympathy[3]and Me-mento[4]for monitoring general WSNs can also be tailored for event gathering applications.We compare the three ap-proaches by looking at the rate at which they generate false positives,i.e.,wrongly inferring that a live node has failed. False positives tell us something about the monitoring pro-tocol since they normally result from packet losses during monitoring.It is crucial to prevent false positives since for every node that is reported missing,a costly on-site inspec-tion is required.DiMo uses the relay nodes for observation.Hence a pos-sible event message and the regular heartbeats both use the same path,except that the latter is a one hop message only. The false positive probability thus determines the reliability of forwarding an event.We point out that there are other performance metrics which might be of interest for evaluation.In addition to false positives,we have looked at latency,message overhead, and energy consumption.We present the evaluation of false positives below.4.1Analysis of False PositivesIn the following analysis,we assume r heartbeats in one sweep for Memento,whereas DiMo and Sympathy allow sending up to r−1retransmissions in the case of unac-knowledged messages.To compare the performance of the false positive rate,we assume the same sweep interval for three protocols which means that Memento’s and Sympa-thy’s sweep interval is equal to DiMo’s monitoring interval. In the analysis we assume all three protocols having the same packet-loss probability p l for each hop.For Sympathy,a false positive for a node occurs when the heartbeat from the node does not arrive at the sink in a sweep interval,assuming r−1retries on every hop.So a node will generate false positive with a possibility(1−(1−p r l)d)n,where d is the hop count to the sink and n the numbers of heartbeats per sweep.In Memento,the bitmask representing all nodes assumes them failed by default after the bitmap is reset at the beginning of each sweep interval. If a node doesn’t report to its parent successfully,i.e.,if all the r heartbeats are lost in a sweep interval,a false positive will occur with a probability of p l r.In DiMo the node is reported missing if it fails to check in at the observer having a probability of p l r.In this case,a recovery message is triggered.Consider the case that the recovery message is not kept in the monitoring queue like the node-missing messages, but dropped after r attempts,the false positive rate results in p l r(1−(1−p l r)d).Table1illustrates the false positive rates for the three protocols ranging the packet reception rate(PRR)between 80%and95%.For this example the observed node is in afive-hop distance(d=5)from the sink and a commonPRR80%85%90%95% Sympathy(n=1) 3.93e-2 1.68e-2 4.99e-3 6.25e-4 Sympathy(n=2) 1.55e-3 2.81e-4 2.50e-5 3.91e-7 Memento8.00e-3 3.38e-3 1.00e-3 1.25e-4 DiMo 3.15e-4 5.66e-5 4.99e-67.81e-8Table1:False positive rates for a node with hop count5and3transmissions under different packet success rates.number of r=3attempts for forwarding a message is as-sumed.Sympathy clearly suffers from a high packet loss, but its performance can be increased greatly sending two heartbeats every sweep interval(n=2).This however dou-bles the message load in the network,which is especially substantial as the messages are not aggregated,resulting in a largely increased load and energy consumption for nodes next to the paring DiMo with Memento,we ob-serve the paramount impact of the redundant relay on the false positive rate.DiMo offers a mechanism here that is not supported in Sympathy or Memento as it allows sending up to r−1retries for the observer and redundant relay.Due to this redundancy,the message can also be forwarded in the case of a total blackout of one link,a feature both Memento and Sympathy are lacking.4.2SimulationFor evaluation purposes we have implemented DiMo in Castalia1.3,a state of the art WSN simulator based on the OMNet++platform.Castalia allows evaluating DiMo with a realistic wireless channel(based on the empiricalfindings of Zuniga et al.[8])and radio model but also captures effects like the nodes’clock drift.Packet collisions are calculated based on the signal to interference ratio(SIR)and the radio model features transition times between the radio’s states (e.g.,sending after a carrier sense will be delayed).Speck-MAC[7],a packet based version of B-MAC,with acknowl-edgements and a low-power listening interval of100ms is used on the link layer.The characteristics of the Chipcon CC2420are used to model the radio.The simulations are performed for a network containing80 nodes,arranged in a grid with a small Gaussian distributed displacement,representing an event detection system where nodes are usually not randomly deployed but rather evenly spread over the observed area.500different topologies were analyzed.The topology management results in a redun-dantly connected network with up to5levels L and a max-imum hop count H of6to8.A false positive is triggered if the node fails to check in, which is primarily due to packet errors and losses on the wireless channel.In order to understand false positives,we set the available link’s packet reception rate(PRR)to0.8, allowing us to see the effects of the retransmission scheme. Furthermore,thisfixed PRR also allows a comparison with the results of the previous section’s analysis and is shown in Figure1(a).The plot shows on the one hand side the monitoring based on a tree structure that is comparable to the performance of Memento,i.e.,without DiMo’s possibil-ity of sending a recovery message using an alternate relay. On the other hand side,the plot shows the false positive rate of DiMo.The plot clearly shows the advantage of DiMo’s redundancy,yet allowing sending twice as many heartbeats than the tree approach.This might not seem necessarily fair atfirst;however,in a real deployment it is always possible(a)Varying number of retries;PRR =0.8.(b)Varying link quality.Figure 1:False positives:DiMo achieves the targeted false positive rate of 1e-7,also representing the reliability for successfully forwarding an event.that a link fails completely,allowing DiMo to still forward the heartbeat.The simulation and the analysis show a slight offset in the performance,which is explained by a simulation artifact of the SpeckMAC implementation that occurs when the receiver’s wake-up time coincides with the start time of a packet.This rare case allows receiving not only one but two packets out of the stream,which artificially increases the link quality by about three percent.The nodes are observed every T M =4min,resulting in being monitored 1.3e5times a year.A false positive rate of 1e-6would result in having a particular node being wrongly reported failed every 7.7years.Therefore,for a 77-node net-work,a false positive rate of 1e-7would result in one false alarm a year,being the targeted false-positive threshold for the monitoring system.DiMo achieves this rate by setting the numbers of retries for both the heartbeat and the recov-ery message to four.Hence the guard time T R for sending the retries need to be set sufficiently long to accommodate up to ten messages and back-offtimes.The impact of the link quality on DiMo’s performance is shown in Figure 1(b).The tree topology shows a similar performance than DiMo,if the same number of messages is sent.However,it does not show the benefit in the case of a sudden link failure,allowing DiMo to recover immedi-ately.Additionally,the surprising fact that false positives are not going to zero for perfect link quality is explained by collisions.This is also the reason why DiMo’s curve for two retries flattens for higher link qualities.Hence,leaving room for retries is as important as choosing good quality links.5.CONCLUSIONIn this paper,we presented DiMo,a distributed algorithm for node and topology monitoring,especially designed for use with event-triggered wireless sensor networks.As a de-tailed comparative study with two other well-known moni-toring algorithm shows,DiMo is the only one to reach the design target of having a maximum error reporting delay of 5minutes while keeping the false positive rate and the energy consumption competitive.The proposed algorithm can easily be implemented and also be enhanced with a topology management mechanism to provide a robust mechanism for WSNs.This enables its use in the area of safety-critical wireless sensor networks.AcknowledgmentThe work presented in this paper was supported by CTI grant number 8222.1and the National Competence Center in Research on Mobile Information and Communication Sys-tems (NCCR-MICS),a center supported by the Swiss Na-tional Science Foundation under grant number 5005-67322.This work was also supported in part by phase II of the Embedded and Hybrid System program (EHS-II)funded by the Agency for Science,Technology and Research (A*STAR)under grant 052-118-0054(NUS WBS:R-263-000-376-305).The authors thank Matthias Woehrle for revising a draft version of this paper.6.REFERENCES[1] A.Mainwaring et al.Wireless sensor networks for habitatmonitoring.In 1st ACM Int’l Workshop on Wireless Sensor Networks and Application (WSNA 2002),2002.[2] A.Meier,T.Rein,et al.Coping with unreliable channels:Efficient link estimation for low-power wireless sensor networks.In Proc.5th Int’l worked Sensing Systems (INSS 2008),2008.[3]N.Ramanathan,K.Chang,et al.Sympathy for the sensornetwork debugger.In Proc.3rd ACM Conf.Embedded Networked Sensor Systems (SenSys 2005),2005.[4]S.Rost and H.Balakrishnan.Memento:A health monitoringsystem for wireless sensor networks.In Proc.3rd IEEE Communications Society Conf.Sensor,Mesh and Ad Hoc Communications and Networks (IEEE SECON 2006),2006.[5]M.Strasser,A.Meier,et al.Dwarf:Delay-aware robustforwarding for energy-constrained wireless sensor networks.In Proceedings of the 3rd IEEE Int’l Conference onDistributed Computing in Sensor Systems (DCOSS 2007),2007.[6]G.Tolle and D.Culler.Design of an application-cooperativemanagement system for wireless sensor networks.In Proc.2nd European Workshop on Sensor Networks (EWSN 2005),2005.[7]K.-J.Wong et al.Speckmac:low-power decentralised MACprotocols for low data rate transmissions in specknets.In Proc.2nd Int’l workshop on Multi-hop ad hoc networks:from theory to reality (REALMAN ’06),2006.[8]M.Zuniga and B.Krishnamachari.Analyzing thetransitional region in low power wireless links.In IEEE SECON 2004,2004.[9]Fire detection and fire alarm systems –Part 25:Componentsusing radio links.European Norm (EN)54-25:2008-06,2008.。

什么是DFX测试
所谓DFX（Design for X⾯向产品⽣命周期各/环节的设计）的缩写。

其中，X可以代表产品⽣命周期或其中某⼀环节，如装配(M-制造，T-测试）、加⼯、使⽤、维修、回收、报废等，也可以代表或决定的因素，如质量、成本(C)、时间等等。

包括：
DFP：Design for Procurerent可采购设计；
DFM Design for Manufacture可⽣产设计；
DFT：Design for Test可测试设计；
DFD：Design for Diagnosibility可诊断分析设计；
DFA：Design for Assrrrbly可组装设计；
DFE：Design for Envirorrnent可环保设计；
DFF：Design for Fabrication of the PCB为FCB可制造⽽设计；
DFS：Design for Serviceability可服务设计；
DFR：Design for Reliability为可靠性⽽设计；
DFG：Design forCost为成本⽽设计。

这⾥的设计不仅仅指产品的设计，也指和系统的设计。

在产品设计时，不但要考虑功能和性能要求，⽽且要同时考虑与产品整个⽣命周期各阶段相关的因素。

包括制造的可能性、⾼效性和经济性等。

其⽬标是在保证产品质量的前提下缩短开发周期降低成本。

这是⼀项设计中的并⾏⼯程。

设计的英文是什么的相关知识虽然服装店也有衣服，但是她果然还是喜欢穿自己设计的衣服。

下面店铺为大家带来设计的英语意思和相关用法，欢迎大家一起学习! 设计的英语意思design设计的相关英语例句1. Many of the clothes come from the world's top fashion houses.这些服装中有很多出自世界顶级时装设计公司。

2. Since its inception the company has produced 53 different aircraft designs.该公司自成立以来已经完成了53种不同样式飞行器的设计。

3. The questions were set up to make her look dumb.问题这么设计，就是为了让她出丑。

4. A rather neat option allows you to design your own fiendish puzzle.只要干净利落地做一个选择，你就能自己设计出难以解开的谜题。

5. His water-colour designs adorn a wide range of books.他的水彩设计使许多图书大为生色。

6. Ricardo Bofill, the Catalan architect, has designed the revamped airport.里卡多·博菲利是一名加泰罗尼亚的建筑师，这座整修过的机场就是他设计的。

7. She asked her son, a graphic designer, to create letterheads and stationery.她请做平面设计师的儿子设计了信头和信笺。

8. The company uses the simulator to market test new designs.这家公司使用模拟装置对新设计进行市场测试。

可靠性设计（Reliability Design）设计是人类改造自然的一种基本活动，也是一种复杂的创造思维过程。

所谓的设计技术，也就是在设计过程中解决具体设计问题的各种方法和手段。

它的核心内容包括三个方面：1.计划，构思的形成；2.视觉传达方式；3.计划通过传达后的具体应用。

而因为影响计划和构思因数的不同，因此有传统设计和现代设计的区分。

两者最根本的区别在与现代设计与工业化大生产和现代文明密切联系，这是传统设计所不具有的。

因此现代设计是工业化大批量生产技术条件下的必然之物。

因此，可以说现代技术技术是在传统设计方法基础上继承和发展起来的，是一门多专业和多学科交叉，其综合性很强的基础技术科学。

一、可靠性设计概述可靠性设计的定义：定义1：对系统和结构进行可靠性分析和预测，采用简化系统和结构、余度设计和可维修设计等措施以提高系统和结构可靠度的设计。

定义2：为了满足产品的可靠性要求而进行的设计。

可靠性设计即根据可靠性理论与方法确定产品零部件以及整机的结构方案和有关参数的过程。

设计水平是保证产品可靠性的基础。

可靠性设计是产品的一个重要的性能特征，产品质量的主要指标之一，是随产品所使用时间的延续而在不断变化的。

可靠性设计的任务就是确定产品质量指标的变化规律，并在其基础上确定如何以最少的费用以保证产品应有的工作寿命和可靠度，建立最优的设计方案，实现所要求的产品可靠性水平。

可靠性问题的研究是因处理电子产品不可靠问题于第二次世界大战期间发展起来的。

可靠性设计用在机械方面的研究始于20世纪60年代，首先应用于军事和航天等工业部门，随后逐渐扩展到民用工业。

可靠性设计的一个重要内容是可靠性预测，即利用所得的资料预报一个零件、部件或系统实际可能达到的可性，预报这些零部件或系统在规定的条件下和在规定时间内完成规定功能的概率。

在产品设计的初期阶段，及时完成可靠性预测工作，可以了解产品各零部件之间可靠性的相互关系，找出提高产品可靠性的有效途径。

机械08k1摩擦学是一门研究在相对运动中相互作用着的表面的科学与技术。

它来源于希腊语中的词tribos，意思是摩擦。

它研究工程表面的摩擦、润滑和磨损，目的是详细地理解表面间的相互作用，以便在实际应用中提出改进办法。

摩擦学家的工作是跨学科的，包含有物理、化学、力学、热力喾材料科学等学科，并包括一个涉及有关表面间相对运动的机械设计、可靠性和工作性能的庞大复杂而且交织在一起的领域。

估计目前世界上大约有三分之一的能源是以各种摩擦形式消耗的。

在今天的机械化社会中，这代表了潜在能量的一个惊人损失。

研究摩擦学的目的是减少或消除在各种表面摩擦技术中不必要的浪费。

研究摩擦学的一个重要任务是按照我们的需要调节摩擦力的大小，例如可将其调到最小，或者最大。

然而，必须着重指出，只有在对温度、滑动速度、润滑、表面光洁度和材料性能等所有条件下的摩擦过程有了基本理解之后，这个目的才能实现。

《机械工程》哈尔滨工业大学出版社施平译文：Tribology is defined as the science and technology of interacting surfaces in relative motion, having its origin in the Greek word tribos meaning rubbing. It is a study of the friction, lubrication, and wear of engineering surfaces with a view to understanding surface interactions in detail and then prescribing improvements in given applications. The work of the tribologist is truly interdisciplinary, embodying physics, chemistry, mechanics, thermodynamics, and materials science, and encompassing a large, complex, and interwinded area of machine design, reliability, and performance where relative motion between surfaces is involved.It is estimated that approximately one-third of the worlds’s energy resources in present use appear as friction in one form or another. This represents a staggering loss of potential power for today’s mechanized society. T he purpose of research in tribology is understandably the minimization and elimination of unnecessary waste at all levels of technology where the rubbing of surfaces is involved.One of the important objectives in tribology is the regulation of the magnitude of frictional forces according to whether we require a minimum or a maximum. It must be emphasized, however, that this objective can be realized only after a fundamental understanding of the frictional process is obtained for all conditions of temperature, sliding velocity, lubrication, surface finish, and material properties.。

可靠性设计Reliability Design可靠性是产品质量得重要指标之一。

现代优质产品主要是功能好、可靠性高。

为了提高机械产品的可靠性，首先，必须在设计上满足可靠性要求。

为此，要求机械设计人员在掌握常规机械设计方法的基础上，必须掌握机械可靠性设计的基本理论和方法，从而设计出性能好、可靠性高的现代机械产品。

内容：可靠性的概念和设计特点可靠性设计中常用的特征量和可靠性常用概率分布机械强度可靠性设计疲劳强度可靠性分析机械系统可靠性设计1 概述可靠性技术的研究源于20世纪50年代，在其后60、70年代，随着航空航天事业的发展，可靠性问题的研究取得了长足的进展，引起了国际社会的普遍重视。

为了研究产品的可靠性，许多国家相继成立了可靠性研究机构，对可靠性理论作了广泛的研究。

其中，最为有名的就是美国国防部研究与发展局于1952年成立了一个所谓的“电子设备可靠性顾问团咨询组”(AGREE)，经过五年的工作，于1957年提出了“电子设备可靠性报告”，即AGREE报告。

该报告全面地总结了电子设备的失效的原因与情况，提出了比较完整的评价产品可靠性的一套理论与方法。

AGREE报告从而为可靠性科学的发展奠定了理论基础。

我国对可靠性科学和技术的研究也有较长的历史，大约从20世纪50年代初期研制“两弹一星”就开设。

1990年我国机械电子工业部印发的《加强机电产品设计工作的规定》中指出：可靠性、适应性、经济性三性统筹作为我国机电产品设计的原则。

在新产品的鉴定定型时，必须要有产品可靠性设计资料和试验报告，否则不能通过鉴定。

现今可靠性的观点和方法已经成为质量保证、安全性保证、产品责任预防等不可缺少的依据和手段，也是我国工程技术人员掌握现代设计理论和方法所必须掌握的重要内容之一。

1.2 可靠性的概念及特点可靠性是产品质量的重要指标，它标志着产品不会丧失工作能力的可靠程度。

可靠性的定义是：产品在规定的条件下和规定的时间内，完成规定功能的能力。

绝对可靠可靠性维修性标准术语中华人民共和国国家标准GB/T3178-94可靠性维修性术语产品<MONK>item修理的产品<MONK>repaireditem不修理的产品<MONK>non-repaireditem服务<MONK>service规定功能<MONK>requiredfunction时刻<MONK>instantoftime时间区间<MONK>timeinterval持续时间<MONK>timeduration累积时间<MONK>accumulatedtime量度<MONK>measure工作<MONK>operation修改对产品而言<MONK>modificationofanitem效能<MONK>effectiveness固有能力<MONK>capability耐久性<MONK>durability可靠性<MONK>reliability维修性<MONK>maintainability维修保障性<MONK>maintenancesupportperformance可用性<MONK>availability可信性<MONK>dependability失效<MONK>failure致命失效<MONK>criticalfailure非致命失效<MONK>non-criticalfailure误用失效<MONK>misusefailure误操作失效<MONK>mishandlingfailure弱质失效<MONK>weaknessfailure设计失效<MONK>designfailure制造失效<MONK>manufacturefailure老化失效;耗损失效<MONK>ageingfailure;wear-outfailure突然失效<MONK>suddenfailure渐变失效;漂移失效<MONK>gradualfailure;driftfailure灾变失效<MONK>catalepticfailure关联失效<MONK>relevantfailure非关联失效<MONK>non-relevantfailure独立失效<MONK>primaryfailure从属失效<MONK>secondaryfailure失效原因<MONK>failurecause失效机理<MONK>failuremechanism系统性失效;重复性失效<MONK>systematicfailure;reproduciblefailure;repeatfailure完全失效<MONK>completefailure退化失效<MONK>degradationfailure部分失效<MONK>partialfailure故障<MONK>fault致命故障<MONK>criticalfault非致命故障<MONK>non-criticalfault重要故障<MONK>majorfault次要故障<MONK>minorfault误用故障<MONK>misusefault误操作故障<MONK>mishandlingfault弱质故障<MONK>weaknessfault设计故障<MONK>designfault制造故障<MONK>manufacturingfault老化故障;耗损故障<MONK>ageingfault;wear-outfault程序敏感故障<MONK>programme-sensitivefault数据敏感故障<MONK>data-sensitivefault完全故障;功能阻碍故障<MONK>completefault;function-preventingfault部分故障<MONK>partialfault持久故障<MONK>persistentfault间歇故障<MONK>intermittentfault确定性故障<MONK>determinatefault 非确定性故障<MONK>indeterminatefault潜在故障<MONK>latentfault系统性故障<MONK>systematicfault故障模式<MONK>faultmode故障产品<MONK>faultyitem差错<MONK>error失误<MONK>mistake工作状态<MONK>operatingstate不工作状态<MONK>non-operatingstate待命状态<MONK>standbystate闲置状态;空闲状态<MONK>idlestate;freestate不能工作状态<MONK>disablestate;outage外因不能工作状态<MONK>externaldisabledstate不可用状态;内因不能工作状态<MONK>downstate;internaldisabledstate可用状态<MONK>uptime忙碌状态<MONK>busystate致命状态<MONK>criticalstate维修<MONK>maintenance维修准则<MONK>maintenancephilosophy维修方针<MONK>maintenancepolicy维修作业线<MONK>maintenanceechelon;lineofmaintenance维修约定级<MONK>indenturelevelformaintenance维修等级<MONK>levelofmaintenance预防性维修<MONK>preventivemaintenance修复性维修<MONK>correctivemaintenance受控维修<MONK>controlledmaintenance计划性维修<MONK>scheduledmaintenance非计划性维修<MONK>unscheduledmaintenance现场维修<MONK>on-sitemaintenance;insitsmaintenance;fieldmaintenance非现场维修<MONK>off-sitemaintenance遥控维修<MONK>remotemaintenance自动维修<MONK>automaticmaintenance逾期维修<MONK>deferredmaintenance基本的维修作业<MONK>elementarymaintenanceactivity维修工作<MONK>maintenanceaction;maintenancetask修理<MONK>repair故障识别<MONK>faultrecognition故障定位<MONK>faultlocalization故障诊断<MONK>faultdiagnosis故障修复<MONK>faultcorrection 功能核查<MONK>functioncheck-out恢复<MONK>restoration;recovery监测<MONK>supervision;monitoring维修的实体<MONK>maintenanceentity影响功能的维修<MONK>function-affectingmaintenance妨碍功能的维修<MONK>function-preventingmaintenance减弱功能的维修<MONK>function-degradingmaintenance不影响功能的维修<MONK>function-permittingmaintenance维修时间<MONK>maintenancetime维修人时<MONK>MMH;maintenanceman-hour实际维修时间<MONK>activemaintenancetime预防性维修时间<MONK>preventivemaintenancetime修复性维修时间<MONK>correctivemaintenancetime实际的预防性维修时间<MONK>activepreventivemaintenancetime实际的修复性维修时间<MONK>activecorrectivemaintenancetime未检出故障时间<MONK>undetectedfaulttime管理延迟对于修复性维修<MONK>administrativedelay后勤延迟<MONK>logisticdelay故障修复时间<MONK>faultcorrectiontime技术延迟<MONK>technicaldelay核查时间<MONK>check-outtime故障诊断时间<MONK>faultdiagnosistime故障定位时间<MONK>faultlocalizationtime修理时间<MONK>repairtime工作时间<MONK>operatingtime不工作时间<MONK>non-operatingtime需求时间<MONK>requiredtime无需求时间<MONK>non-requiredtime待命时间<MONK>standbytime闲置时间<MONK>idletime;freetime不能工作时间<MONK>disabledtime不可用时间<MONK>downtime累积不可用时间<MONK>accumulateddowntime外因不能工作时间<MONK>externaldisabledtime;externallosstime可用时间<MONK>uptime首次失效前时间<MONK>timetofirstfailure失效前时间<MONK>timetofailure失效间隔时间<MONK>timebetweenfailures失效间工作时间<MONK>operatingtimebetweenfailures恢复前时间<MONK>timetorestoration;timetorecovery使用寿命<MONK>usefullife早期失效期<MONK>earlyfailureperiod恒定失效密度期<MONK>constantfailureintensityperiod恒定失效率期<MONK>constantfailurerateperiod耗损失效期<MONK>wear-outfailureperiod瞬时可用度<MONK>instantaneousavailability 瞬时不可用度<MONK>instantaneousunavailability平均可用度<MONK>meanavailability平均不可用度<MONK>meanunavailability渐近可用度<MONK>asymptoticavailability稳态可用度<MONK>steady-stateavailability渐近不可用度<MONK>asymptoticunavailability稳态不可用度<MONK>steady-stateunavailability渐近平均可用度<MONK>asymptoticmeanavailability渐近平均不可用度<MONK>asymptoticmeanunavailability平均可用时间<MONK>meanuptime 平均累积不可用时间<MONK>meanaccumulateddowntime可靠度<MONK>reliability瞬时失效率<MONK>instantaneousfailurerate 平均失效率<MONK>meanfailurerate瞬时失效密度<MONK>instantaneousfailureintensity平均失效密度<MONK>meanfailureintensity平均首次失效前时间<MONK>MTTFF;meantimetofirstfailure平均失效前时间<MONK>MTTF;meantimetofailure平均失效间隔时间<MONK>MTBF;meantimebetweenfailures平均失效间工作时间<MONK>MOTBF;meanoperatingtimebetweenfailure失效率加速系数<MONK>failurerateaccelerationfactor失效密度加速系数<MONK>failureintensityaccelerationfactor维修度<MONK>maintainability瞬时修复率<MONK>instantaneousrepairrate平均修复率<MONK>meanrepairrate平均维修人时<MONK>meanmaintenanceman-hour平均不可用时间<MONK>MDT;meandowntime平均修理时间<MONK>MRT;meanrepairtimeP-分位修理时间<MONK>P-fractilerepairtime平均实际修复性维修时间<MONK>meanactivecorrectivemaintenancetime平均恢复前时间<MONK>MTTR;meantimetorestoration故障识别比<MONK>faultcoverage修复比<MONK>repaircoverage平均管理延迟<MONK>MAD;meanadministrativedelayP-分位管理延迟<MONK>P-fractileadministrativedelay平均后勤延迟<MONK>MLD;meanlogisticdelayP-分位后勤延迟<MONK>P-fractilelogisticdelay验证试验<MONK>compliancetest测定试验<MONK>determinationtest实验室试验<MONK>laboratorytest现场试验<MONK>fieldtest耐久性试验<MONK>endurancetest加速试验<MONK>acceleratedtest步进应力试验<MONK>stepstresstest筛选试验<MONK>screeningtest时间加速系数<MONK>timeaccelerationfactor维修性检验<MONK>maintainabilityverification维修性验证<MONK>maintainabilitydemonstration观测数据<MONK>observeddata试验数据<MONK>testdata现场数据<MONK>fielddata基准数据<MONK>referencedata冗余<MONK>redundancy工作冗余<MONK>activeredundancy备用冗余<MONK>standbyredundancy失效安全<MONK>failsafe故障裕度<MONK>faulttolerance故障掩盖<MONK>faultmasking预计<MONK>prediction可靠性模型<MONK>reliabilitymodel可靠性预计<MONK>reliabilityprediction 可靠性分配<MONK>reliabilityallocation;reliabilityapportionment故障模式与影响分析<MONK>FMEA;faultmodesandeffectsanalysis故障模式影响与危害度分析<MONK>FMECA;faultmodes,effectsandcriticalityanalysis故障树分析<MONK>FTA;faulttreeanalysis应力分析<MONK>stressanalysis可靠性框图<MONK>reliabilityblockdiagram故障树<MONK>faulttree状态转移图<MONK>state-transitiondiagram应力模型<MONK>stressmodel故障分析<MONK>faultanalysis失效分析<MONK>failureanalysis 维修性模型<MONK>maintainabilitymodel维修性预计<MONK>maintainabilityprediction维修树<MONK>maintenancetree维修性分配<MONK>maintainabilityallocation;maintainabilityapportionment老练<MONK>burnin可靠性增长<MONK>reliabilitygrowth可靠性改进<MONK>reliabilityimprovement可靠性和维修性管理<MONK>reliabilityandmaintainabilitymanagement可靠性和维修性保证<MONK>reliabilityandmaintainabilityassurance可靠性和维修性控制<MONK>reliabilityandmaintainabilitycontrol可靠性和维修性大纲<MONK>reliabilityandmaintainabilityprogramme可靠性和维修性计划<MONK>reliabilityandmaintainabilityplan可靠性和维修性审计<MONK>reliabilityandmaintainabilityaudit可靠性和维修性监察<MONK>reliabilityandmaintainabilitysurveillance设计评审<MONK>designreview真实的<MONK>true预计的<MONK>predicted 外推的<MONK>extrapolated估计的<MONK>estimated固有的<MONK>intrinsic;inherent使用的<MONK>operational平均的<MONK>meanP-分位<MONK>P-fractile瞬时的<MONK>instantaneous稳态的<MONK>steadystate。