Download Reliability and Safety Analysis

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Electrical engineering wikipedia , lookup

Opto-isolator wikipedia , lookup

Surface-mount technology wikipedia , lookup

Surge protector wikipedia , lookup

Electronic engineering wikipedia , lookup

Immunity-aware programming wikipedia , lookup

Fault tolerance wikipedia , lookup

Transcript
ECE 477: Digital Systems Senior Design
Last Modified: 03-03-2015
Reliability and Safety Analysis
Year: 2016 Semester: Spring
Creation Date: March 30
Author: Austin Fatt
Team: 1 Project: SmartPack
Last Modified: March 30, 2016
Email: [email protected]
Assignment Evaluation:
Item
Assignment-Specific Items
Reliability Analysis
MTTF Tables
FMECA Analysis
Schematic of Functional
Blocks (Appendix A)
FMECA Worksheet
(Appendix B)
Writing-Specific Items
Spelling and Grammar
Formatting and Citations
Figures and Graphs
Technical Writing Style
Total Score
Score (0-5)
https://engineering.purdue.edu/ece477
14
Weight
Points
Notes
x2
x3
x2
x2
x3
x2
x1
x2
x3
Page 1 of
ECE 477: Digital Systems Senior Design
5: Excellent 4: Good
3: Acceptable 2: Poor
Last Modified: 03-03-2015
1: Very Poor 0: Not attempted
Comments:
1.0 Reliability Analysis
Reliability and safety is an important aspect to consider when creating a product intended for use by the general public. There are
many different components that make up the SmartPack all of which have a potential for failing due to manufacturer error, thermal
factors, excessive use, or other factors. To measure the reliability of a component, the department of defense has devised a formula to
compute the Mean Time to Failure (MTTF) based on the failure rate defined by: πœ†π‘ = (𝐢1 πœ‹π‘‡ + 𝐢2 πœ‹πΈ ) πœ‹π‘„ πœ‹πΏ where πœ†π‘ is the part
failure rate, πœ‹ represents factors such as environmental or thermal, and 𝐢 represents a coefficient based on the physical characteristics
of the module.
When evaluating the parameters for the MTTF analysis three of our parameters are fixed; Environment Factor (Ο€E), Quality Factor
(Ο€Q), and Learning Factor (Ο€L). The Environment Factor was assumed to be two using the Ground, Fixed (𝐺𝐹 ) environment described
as moderately controlled environment, because our devices are in a backpack that is not a controlled environment and aren't quite as
mobile as equipment on a wheeled vehicle which would be described by Ground, Mobile (𝐺𝑀 ) using MIL-HDBK[1] section 3.0 Table
3-2, and section 5.10 .The Quality Factor was assumed to be ten using the commercial component value found in MIL-HDBK[1]
section 5.10. The Learning Factor was assumed to be two since all of our components have been produced for more than two years,
using the MIL-HDBK [1] section 5.10.
The microcontroller Die Complexity Failure Rate was determined to be .28, for a 16 bit MOS microprocessor, using the MIL-HDBK
[1] section 5.1 page 5-3. The temperature coefficient is .1 for a digital MOS device. The Package Failure Rate was chosen to be .41 for
a hermetically sealed SMT with 100 pins [2]. The Failure Rate for this device is 8.48 failures per million hours. The mean time to
failure is 13.46 years.
https://engineering.purdue.edu/ece477
14
Page 2 of
ECE 477: Digital Systems Senior Design
Last Modified: 03-03-2015
The shift register Die Complexity Failure Rate was determined to be .005, for a digital gate MOS component, using the MIL-HDBK
[1] section 5.1 page 5-3. The temperature coefficient is .1 for a digital MOS device. The Package Failure Rate was chosen to be .0056
for a hermetically sealed SMT with 16 pins [3]. The Failure Rate for this device is .12 failures per million hours. The mean time to
failure is 975.69 years.
The fuel gauge Die Complexity Failure Rate was determined to be .005, for a digital gate MOS component, using the MIL-HDBK [1]
section 5.1 page 5-3. The temperature coefficient is .1 for a digital MOS device. The Package Failure Rate was chosen to be .0034 for
a hermetically sealed SMT with 10 pins [4]. The Failure Rate for this device is .07 failures per million hours. The mean time to failure
is 1563.77 years.
The voltage regulator Die Complexity Failure Rate was determined to be .02 for a linear gate MOS microprocessor using the MILHDBK [1] section 5.1 page 5-3. The temperature coefficient is .1 for a linear MOS device. The Package Failure Rate was chosen to be
.00092 for a hermetically sealed SMT with 3 pins [5]. The Failure Rate for this device is .0384 failures per million hours. The mean
time to failure is 2972.79 years.
1.1 Micro-controller: PIC24FJ128GA010
https://engineering.purdue.edu/ece477
14
Page 3 of
ECE 477: Digital Systems Senior Design
Parameter
Description
name
C1
Die Complexity Failure
Rate
Ο€T
Temperature coefficients
C2
Package Failure Rate
Ο€E
Environment Factor
.1
.41
2
Last Modified: 03-03-2015
Comments regarding choice of parameter value,
especially if you had to make assumptions.
MIL-HDBK [1] section 5.1, for 16 bit MOS
Microprocessor
Assumed to be a digital MOS device
Hermetically sealed SMT with 100 pins
𝐺𝐹 (πΊπ‘Ÿπ‘œπ‘’π‘›π‘‘, 𝐹𝑖π‘₯𝑒𝑑) MIL-HDBK [1] section 3.0
Value
.28
Ο€Q
Quality Factor
10
Commercial Component
Ο€L
Learning Factor
1
Component has been in production for over 2 years.
πœ†π‘
Failures rate per million
hours
Mean Time to Failure
8.48
Using the equation found in the MIL-HDBK [1] section
5.1
MTTF
13.46 yrs.
1.2 Shift register: 74HC595D
https://engineering.purdue.edu/ece477
14
Page 4 of
ECE 477: Digital Systems Senior Design
Parameter Description
name
C1
Die complexity Failure Rate
Ο€T
C2
Ο€E
Temperature coefficients
Package Failure Rate
Environment Factor
.1
.0056
2
Last Modified: 03-03-2015
Comments regarding choice of parameter value, especially
if you had to make assumptions.
MIL-HDBK [1] section 5.1, MOS Digital Gate with 1011000 gates
Assumed to be a digital MOS device
Hermetically sealed SMT with 16 pins
𝐺𝐹 (πΊπ‘Ÿπ‘œπ‘’π‘›π‘‘, 𝐹𝑖π‘₯𝑒𝑑) MIL-HDBK [1] section 3.0
Ο€Q
Quality Factor
10
Commercial Component
Ο€L
Learning Factor
1
Component has been in production for over 2 years.
πœ†π‘
Failure rate per million hours
0.12
Using the equation found in the MIL-HDBK [1] section 5.1
MTTF
Mean Time to Failure
975.69 yrs.
1.3 Fuel gauge - LTC4150
Parameter Description
name
C1
Die complexity Failure Rate
Value
.005
Ο€T
C2
Ο€E
Ο€Q
Temperature coefficients
Package Failure Rate
Environment Factor
Quality Factor
.1
.0034
2
10
Comments regarding choice of parameter value, especially
if you had to make assumptions.
MIL-HDBK [1] section 5.1, MOS Digital Gate with 1011000 gates
Assumed to be a digital MOS device
Hermetically sealed SMT with 10 pins
𝐺𝐹 (πΊπ‘Ÿπ‘œπ‘’π‘›π‘‘, 𝐹𝑖π‘₯𝑒𝑑) MIL-HDBK [1] section 3.0
Commercial Component
Ο€L
Learning Factor
1
Component has been in production for over 2 years.
πœ†π‘
Failures rate per million hours
.07
Using the equation found in the MIL-HDBK [1] section 5.1
https://engineering.purdue.edu/ece477
14
Value
.005
Page 5 of
ECE 477: Digital Systems Senior Design
Mean Time to Failure
MTTF
Last Modified: 03-03-2015
1563.77 yrs.
1.4 Voltage regulator - LD1086
Parameter
name
C1
Description
Value
Die complexity Failure Rate
.02
Ο€T
C2
Ο€E
Temperature coefficient
Package Failure Rate
Environment Factor
.1
.00092
2
Comments regarding choice of parameter value, especially
if you had to make assumptions.
MIL-HDBK [1] section 5.1, MOS Linear device with 1011000 gates
Assumed to be a linear device
Hermetically sealed SMT with 3 pins
𝐺𝐹 (πΊπ‘Ÿπ‘œπ‘’π‘›π‘‘, 𝐹𝑖π‘₯𝑒𝑑) MIL-HDBK [1] section 3.0
Ο€Q
Quality Factor
10
Commercial Component
Ο€L
Learning Factor
1
Component has been in production for over 2 years.
πœ†π‘
Failures rate per million hours
.0384
Using the equation found in the MIL-HDBK [1] section 5.1
MTTF
Mean Time to Failure
2972.79 yrs.
As shown by the calculated MTTF values, the main micro-controller is most likely to be the cause of failure in the product.
Additionally, it is critical to all operations of the product (unlike the Fuel Gauge), and while cause the entire product to fail. The initial
design decision to use the PIC24FJ128GA010 was a developmental decision as it has extra features and GPIOs which still might have
been implemented until the final design was decided. Now that the pins required have been identified, a different microcontroller with
less pins and features will increase the reliability of the product as a whole.
https://engineering.purdue.edu/ece477
14
Page 6 of
ECE 477: Digital Systems Senior Design
2.0 Failure Mode, Effects, and Criticality Analysis (FMECA)
Last Modified: 03-03-2015
The power circuit is made up of a 5V regulated input, a fuse (MICROSMD200FCT-ND), and a voltage regulator (LD1086). The
voltage regulator is a linear voltage regulator used to step the 5V coming in down to 3.3V for components on the main board. The
ways this functional block could fail would be through a failure of the fuse or the voltage regulator.
The microcontroller communicates with all the modules via various interfaces, and holds all the embedded software that runs on the
device. As the central method for tying the device together, a failure in the hardware can lead to anything from an isolated
malfunctioning of a particular module, to a complete loss of the device functionality depending on where in the device the failure
occurs. Most modes of failure involve the device flowing more than the recommended amount of current through its digital circuitry
which would most likely be a result of cascading failures of its supporting power circuitry.
Another possible concern is electrostatic discharge (ESD). Most of the danger of ESD occurs during the assembly of the device,
because it should be isolated from any possible sources of ESD once installed in the backpack. In any case, ESD damage can be
unpredictable. A partially damaged chip may have functionally losses that are not readily apparent and thus difficult to diagnosis.
Finally, software bugs may occur that may lead to various failures and may only occur under certain edge conditions and thus remain
undetected during the testing process. The fix for this would be software updates to the microcontroller.
The shift register is a fairly simple digital circuit, and since its function involves supporting a user interface (LCD display), the failure
of the chip would be immediately apparent to the user, and isolated to that particular serial peripheral interface communication chain
thus leaving the rest of the backpack’s features functioning. Causes of failure, like the microcontroller, are likely to be caused by the
supporting circuitry failures in regulating the current flow (shorts, broken linear regulator), or ESD damage during assembly.
The fuel gauge is the chip that will allow us to monitor the state of charge in the backpack, and requires numerous supporting
components to work correctly. The 4.7uF capacitor is used for filtering and if it failed it could lead to a more accurate battery reading.
Excessive noise in the circuit can also lead to the errors in the Coulomb counting process. The fuel gauge works by counting the flow
of charge across some current sensing resistor, so any damage or alteration made to resistor would be reflected in the amount of
charge being read by the IC. A serious concern would be the ability to detect that the fuel gauge was reporting incorrect value, as the
https://engineering.purdue.edu/ece477
14
Page 7 of
ECE 477: Digital Systems Senior Design
Last Modified: 03-03-2015
user has no easy way of manually measuring the battery charge state, and if the fuel gauge over reports its batteries values the user
may experience a sudden shut off the device due to drained battery and suspect other elements of the power circuits to be at fault.
3.0 Sources Cited:
[1] Department Of Defense, "MILITARY HANDBOOK RELIABILITY PREDICTION OF ELECTRONIC EQUIPMENT".
[2] MICROCHIP.PIC24J128GA Family Data Sheet
[3] SN54HC595 8-BIT SHIFT REGISTERS WITH 3-STATE OUTPUT REGISTERS. December 1982
[4] LINEAR TECHNOLOGY. LTC4150 Coulomb Counter/Battery Gas Gauge
[5] LD1086 1.5A adjustable and fixed low drop positive voltage regulator
https://engineering.purdue.edu/ece477
14
Page 8 of
ECE 477: Digital Systems Senior Design
Last Modified: 03-03-2015
Appendix A: Schematic Functional Blocks
Fuel Gauge Circuit
https://engineering.purdue.edu/ece477
14
Page 9 of
ECE 477: Digital Systems Senior Design
Last Modified: 03-03-2015
Shift Register
Voltage Regulator
https://engineering.purdue.edu/ece477
14
Page 10 of
ECE 477: Digital Systems Senior Design
Last Modified: 03-03-2015
Microcontroller Circuit
https://engineering.purdue.edu/ece477
14
Page 11 of
ECE 477: Digital Systems Senior Design
Last Modified: 03-03-2015
Appendix B: FMECA Worksheet
Subsystem A: Power Circuits
Failure
Failure Mode
No.
A1
0V across PCB
Possible Causes
Failure Effects
Fuse failed open
all components
unpowered
Method of
Detection
Observation
Criticality
High
A2
0V on 3.3V lines
Voltage regulator
failed open
Micro, Bluetooth,
and GPS
unpowered
Observation
High
A3
5V on 3.3V lines
Voltage regulator
failed short
Micro, Bluetooth,
and GPS
overvoltage
Observation
High
https://engineering.purdue.edu/ece477
14
Page 12 of
Remarks
Damage may occur to the
major components of the
device
ECE 477: Digital Systems Senior Design
A4
High current on
Fuse failed short
power input
Last Modified: 03-03-2015
Unpredictable
Observation
Medium
Damage may occur to the
major components that
sink more current than
allowed
Subsystem B: Microcontroller Circuit
Failure
Failure Mode
No.
B1
3.3V on signal
lines
Possible Causes
Failure Effects
microcontroller failure System Upset,
unexpected
behavior
Method of
Detection
Observation
Criticality
Remarks
Medium
Communication signals
will not work and data
will not be updated
correctly.
B2
0V on signal lines microcontroller failure System Upset,
modules not
working
Observation
High
Communication signals
will not work and data
will not be updated
correctly.
B3
Microcontroller
resistor on
Unable to
not programmable programming line fails reprogram
open or short
Microcontroller
Observation
Medium
If the code is already
perfect, fix not
necessary.
https://engineering.purdue.edu/ece477
14
Page 13 of
ECE 477: Digital Systems Senior Design
B4
Microcontroller
decoupling capacitor
not powered
failed short
Last Modified: 03-03-2015
unable to power
Observation
High
project
B5
microcontroller
will reset
frequently
Microcontroller
browns out on
module power-up
decoupling capacitor
failed open
Observation
Likely, to trip the fuse as
a shorted decoupling
capacitor would draw a
large amount of current.
High
Subsystem C: User Interface
Failure
Failure Mode
No.
C1
LCD will not
update when
button is pressed
button shorted
The button will
never be registered
as un-pressed
C2
button failed open
The button will
Observation
never be registered
as pressed
LCD will not
update when
button is pressed
Possible Causes
https://engineering.purdue.edu/ece477
14
Failure Effects
Method of
Detection
Observation
Criticality
low
low
Page 14 of
Remarks