* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Reliability and Safety Analysis
Survey
Document related concepts
Transcript
ECE 477: Digital Systems Senior Design Last Modified: 03-03-2015 Reliability and Safety Analysis Year: 2016 Semester: Spring Creation Date: March 30 Author: Austin Fatt Team: 1 Project: SmartPack Last Modified: March 30, 2016 Email: [email protected] Assignment Evaluation: Item Assignment-Specific Items Reliability Analysis MTTF Tables FMECA Analysis Schematic of Functional Blocks (Appendix A) FMECA Worksheet (Appendix B) Writing-Specific Items Spelling and Grammar Formatting and Citations Figures and Graphs Technical Writing Style Total Score Score (0-5) https://engineering.purdue.edu/ece477 14 Weight Points Notes x2 x3 x2 x2 x3 x2 x1 x2 x3 Page 1 of ECE 477: Digital Systems Senior Design 5: Excellent 4: Good 3: Acceptable 2: Poor Last Modified: 03-03-2015 1: Very Poor 0: Not attempted Comments: 1.0 Reliability Analysis Reliability and safety is an important aspect to consider when creating a product intended for use by the general public. There are many different components that make up the SmartPack all of which have a potential for failing due to manufacturer error, thermal factors, excessive use, or other factors. To measure the reliability of a component, the department of defense has devised a formula to compute the Mean Time to Failure (MTTF) based on the failure rate defined by: ππ = (πΆ1 ππ + πΆ2 ππΈ ) ππ ππΏ where ππ is the part failure rate, π represents factors such as environmental or thermal, and πΆ represents a coefficient based on the physical characteristics of the module. When evaluating the parameters for the MTTF analysis three of our parameters are fixed; Environment Factor (ΟE), Quality Factor (ΟQ), and Learning Factor (ΟL). The Environment Factor was assumed to be two using the Ground, Fixed (πΊπΉ ) environment described as moderately controlled environment, because our devices are in a backpack that is not a controlled environment and aren't quite as mobile as equipment on a wheeled vehicle which would be described by Ground, Mobile (πΊπ ) using MIL-HDBK[1] section 3.0 Table 3-2, and section 5.10 .The Quality Factor was assumed to be ten using the commercial component value found in MIL-HDBK[1] section 5.10. The Learning Factor was assumed to be two since all of our components have been produced for more than two years, using the MIL-HDBK [1] section 5.10. The microcontroller Die Complexity Failure Rate was determined to be .28, for a 16 bit MOS microprocessor, using the MIL-HDBK [1] section 5.1 page 5-3. The temperature coefficient is .1 for a digital MOS device. The Package Failure Rate was chosen to be .41 for a hermetically sealed SMT with 100 pins [2]. The Failure Rate for this device is 8.48 failures per million hours. The mean time to failure is 13.46 years. https://engineering.purdue.edu/ece477 14 Page 2 of ECE 477: Digital Systems Senior Design Last Modified: 03-03-2015 The shift register Die Complexity Failure Rate was determined to be .005, for a digital gate MOS component, using the MIL-HDBK [1] section 5.1 page 5-3. The temperature coefficient is .1 for a digital MOS device. The Package Failure Rate was chosen to be .0056 for a hermetically sealed SMT with 16 pins [3]. The Failure Rate for this device is .12 failures per million hours. The mean time to failure is 975.69 years. The fuel gauge Die Complexity Failure Rate was determined to be .005, for a digital gate MOS component, using the MIL-HDBK [1] section 5.1 page 5-3. The temperature coefficient is .1 for a digital MOS device. The Package Failure Rate was chosen to be .0034 for a hermetically sealed SMT with 10 pins [4]. The Failure Rate for this device is .07 failures per million hours. The mean time to failure is 1563.77 years. The voltage regulator Die Complexity Failure Rate was determined to be .02 for a linear gate MOS microprocessor using the MILHDBK [1] section 5.1 page 5-3. The temperature coefficient is .1 for a linear MOS device. The Package Failure Rate was chosen to be .00092 for a hermetically sealed SMT with 3 pins [5]. The Failure Rate for this device is .0384 failures per million hours. The mean time to failure is 2972.79 years. 1.1 Micro-controller: PIC24FJ128GA010 https://engineering.purdue.edu/ece477 14 Page 3 of ECE 477: Digital Systems Senior Design Parameter Description name C1 Die Complexity Failure Rate ΟT Temperature coefficients C2 Package Failure Rate ΟE Environment Factor .1 .41 2 Last Modified: 03-03-2015 Comments regarding choice of parameter value, especially if you had to make assumptions. MIL-HDBK [1] section 5.1, for 16 bit MOS Microprocessor Assumed to be a digital MOS device Hermetically sealed SMT with 100 pins πΊπΉ (πΊπππ’ππ, πΉππ₯ππ) MIL-HDBK [1] section 3.0 Value .28 ΟQ Quality Factor 10 Commercial Component ΟL Learning Factor 1 Component has been in production for over 2 years. ππ Failures rate per million hours Mean Time to Failure 8.48 Using the equation found in the MIL-HDBK [1] section 5.1 MTTF 13.46 yrs. 1.2 Shift register: 74HC595D https://engineering.purdue.edu/ece477 14 Page 4 of ECE 477: Digital Systems Senior Design Parameter Description name C1 Die complexity Failure Rate ΟT C2 ΟE Temperature coefficients Package Failure Rate Environment Factor .1 .0056 2 Last Modified: 03-03-2015 Comments regarding choice of parameter value, especially if you had to make assumptions. MIL-HDBK [1] section 5.1, MOS Digital Gate with 1011000 gates Assumed to be a digital MOS device Hermetically sealed SMT with 16 pins πΊπΉ (πΊπππ’ππ, πΉππ₯ππ) MIL-HDBK [1] section 3.0 ΟQ Quality Factor 10 Commercial Component ΟL Learning Factor 1 Component has been in production for over 2 years. ππ Failure rate per million hours 0.12 Using the equation found in the MIL-HDBK [1] section 5.1 MTTF Mean Time to Failure 975.69 yrs. 1.3 Fuel gauge - LTC4150 Parameter Description name C1 Die complexity Failure Rate Value .005 ΟT C2 ΟE ΟQ Temperature coefficients Package Failure Rate Environment Factor Quality Factor .1 .0034 2 10 Comments regarding choice of parameter value, especially if you had to make assumptions. MIL-HDBK [1] section 5.1, MOS Digital Gate with 1011000 gates Assumed to be a digital MOS device Hermetically sealed SMT with 10 pins πΊπΉ (πΊπππ’ππ, πΉππ₯ππ) MIL-HDBK [1] section 3.0 Commercial Component ΟL Learning Factor 1 Component has been in production for over 2 years. ππ Failures rate per million hours .07 Using the equation found in the MIL-HDBK [1] section 5.1 https://engineering.purdue.edu/ece477 14 Value .005 Page 5 of ECE 477: Digital Systems Senior Design Mean Time to Failure MTTF Last Modified: 03-03-2015 1563.77 yrs. 1.4 Voltage regulator - LD1086 Parameter name C1 Description Value Die complexity Failure Rate .02 ΟT C2 ΟE Temperature coefficient Package Failure Rate Environment Factor .1 .00092 2 Comments regarding choice of parameter value, especially if you had to make assumptions. MIL-HDBK [1] section 5.1, MOS Linear device with 1011000 gates Assumed to be a linear device Hermetically sealed SMT with 3 pins πΊπΉ (πΊπππ’ππ, πΉππ₯ππ) MIL-HDBK [1] section 3.0 ΟQ Quality Factor 10 Commercial Component ΟL Learning Factor 1 Component has been in production for over 2 years. ππ Failures rate per million hours .0384 Using the equation found in the MIL-HDBK [1] section 5.1 MTTF Mean Time to Failure 2972.79 yrs. As shown by the calculated MTTF values, the main micro-controller is most likely to be the cause of failure in the product. Additionally, it is critical to all operations of the product (unlike the Fuel Gauge), and while cause the entire product to fail. The initial design decision to use the PIC24FJ128GA010 was a developmental decision as it has extra features and GPIOs which still might have been implemented until the final design was decided. Now that the pins required have been identified, a different microcontroller with less pins and features will increase the reliability of the product as a whole. https://engineering.purdue.edu/ece477 14 Page 6 of ECE 477: Digital Systems Senior Design 2.0 Failure Mode, Effects, and Criticality Analysis (FMECA) Last Modified: 03-03-2015 The power circuit is made up of a 5V regulated input, a fuse (MICROSMD200FCT-ND), and a voltage regulator (LD1086). The voltage regulator is a linear voltage regulator used to step the 5V coming in down to 3.3V for components on the main board. The ways this functional block could fail would be through a failure of the fuse or the voltage regulator. The microcontroller communicates with all the modules via various interfaces, and holds all the embedded software that runs on the device. As the central method for tying the device together, a failure in the hardware can lead to anything from an isolated malfunctioning of a particular module, to a complete loss of the device functionality depending on where in the device the failure occurs. Most modes of failure involve the device flowing more than the recommended amount of current through its digital circuitry which would most likely be a result of cascading failures of its supporting power circuitry. Another possible concern is electrostatic discharge (ESD). Most of the danger of ESD occurs during the assembly of the device, because it should be isolated from any possible sources of ESD once installed in the backpack. In any case, ESD damage can be unpredictable. A partially damaged chip may have functionally losses that are not readily apparent and thus difficult to diagnosis. Finally, software bugs may occur that may lead to various failures and may only occur under certain edge conditions and thus remain undetected during the testing process. The fix for this would be software updates to the microcontroller. The shift register is a fairly simple digital circuit, and since its function involves supporting a user interface (LCD display), the failure of the chip would be immediately apparent to the user, and isolated to that particular serial peripheral interface communication chain thus leaving the rest of the backpackβs features functioning. Causes of failure, like the microcontroller, are likely to be caused by the supporting circuitry failures in regulating the current flow (shorts, broken linear regulator), or ESD damage during assembly. The fuel gauge is the chip that will allow us to monitor the state of charge in the backpack, and requires numerous supporting components to work correctly. The 4.7uF capacitor is used for filtering and if it failed it could lead to a more accurate battery reading. Excessive noise in the circuit can also lead to the errors in the Coulomb counting process. The fuel gauge works by counting the flow of charge across some current sensing resistor, so any damage or alteration made to resistor would be reflected in the amount of charge being read by the IC. A serious concern would be the ability to detect that the fuel gauge was reporting incorrect value, as the https://engineering.purdue.edu/ece477 14 Page 7 of ECE 477: Digital Systems Senior Design Last Modified: 03-03-2015 user has no easy way of manually measuring the battery charge state, and if the fuel gauge over reports its batteries values the user may experience a sudden shut off the device due to drained battery and suspect other elements of the power circuits to be at fault. 3.0 Sources Cited: [1] Department Of Defense, "MILITARY HANDBOOK RELIABILITY PREDICTION OF ELECTRONIC EQUIPMENT". [2] MICROCHIP.PIC24J128GA Family Data Sheet [3] SN54HC595 8-BIT SHIFT REGISTERS WITH 3-STATE OUTPUT REGISTERS. December 1982 [4] LINEAR TECHNOLOGY. LTC4150 Coulomb Counter/Battery Gas Gauge [5] LD1086 1.5A adjustable and fixed low drop positive voltage regulator https://engineering.purdue.edu/ece477 14 Page 8 of ECE 477: Digital Systems Senior Design Last Modified: 03-03-2015 Appendix A: Schematic Functional Blocks Fuel Gauge Circuit https://engineering.purdue.edu/ece477 14 Page 9 of ECE 477: Digital Systems Senior Design Last Modified: 03-03-2015 Shift Register Voltage Regulator https://engineering.purdue.edu/ece477 14 Page 10 of ECE 477: Digital Systems Senior Design Last Modified: 03-03-2015 Microcontroller Circuit https://engineering.purdue.edu/ece477 14 Page 11 of ECE 477: Digital Systems Senior Design Last Modified: 03-03-2015 Appendix B: FMECA Worksheet Subsystem A: Power Circuits Failure Failure Mode No. A1 0V across PCB Possible Causes Failure Effects Fuse failed open all components unpowered Method of Detection Observation Criticality High A2 0V on 3.3V lines Voltage regulator failed open Micro, Bluetooth, and GPS unpowered Observation High A3 5V on 3.3V lines Voltage regulator failed short Micro, Bluetooth, and GPS overvoltage Observation High https://engineering.purdue.edu/ece477 14 Page 12 of Remarks Damage may occur to the major components of the device ECE 477: Digital Systems Senior Design A4 High current on Fuse failed short power input Last Modified: 03-03-2015 Unpredictable Observation Medium Damage may occur to the major components that sink more current than allowed Subsystem B: Microcontroller Circuit Failure Failure Mode No. B1 3.3V on signal lines Possible Causes Failure Effects microcontroller failure System Upset, unexpected behavior Method of Detection Observation Criticality Remarks Medium Communication signals will not work and data will not be updated correctly. B2 0V on signal lines microcontroller failure System Upset, modules not working Observation High Communication signals will not work and data will not be updated correctly. B3 Microcontroller resistor on Unable to not programmable programming line fails reprogram open or short Microcontroller Observation Medium If the code is already perfect, fix not necessary. https://engineering.purdue.edu/ece477 14 Page 13 of ECE 477: Digital Systems Senior Design B4 Microcontroller decoupling capacitor not powered failed short Last Modified: 03-03-2015 unable to power Observation High project B5 microcontroller will reset frequently Microcontroller browns out on module power-up decoupling capacitor failed open Observation Likely, to trip the fuse as a shorted decoupling capacitor would draw a large amount of current. High Subsystem C: User Interface Failure Failure Mode No. C1 LCD will not update when button is pressed button shorted The button will never be registered as un-pressed C2 button failed open The button will Observation never be registered as pressed LCD will not update when button is pressed Possible Causes https://engineering.purdue.edu/ece477 14 Failure Effects Method of Detection Observation Criticality low low Page 14 of Remarks