ECE 477 Digital Systems Senior Design Project Rev 8/09
Homework 11: Reliability and Safety Analysis
Team Code Name: ____Blinkers++______Group No. __5____
Team Member Completing This Homework: ____Dennis Lee______
E-mail Address of Team Member: ____leedj______@ purdue.edu
Evaluation:
SCORE
/DESCRIPTION
10 /Excellent – among the best papers submitted for this assignment. Very few corrections needed for version submitted in Final Report.
9 /Very good – all requirements aptly met. Minor additions/corrections needed for version submitted in Final Report.
8 /Good – all requirements considered and addressed. Several noteworthy additions/corrections needed for version submitted in Final Report.
7 /Average – all requirements basically met, but some revisions in content should be made for the version submitted in the Final Report.
6 /Marginal – all requirements met at a nominal level. Significant revisions in content should be made for the version submitted in the Final Report.
* /Below the passing threshold – major revisions required to meet report requirements at a nominal level. Revise and resubmit.
* Resubmissions are due within one week of the date of return, and will be awarded a score of “6” provided all report requirements have been met at a nominal level.
Comments:
1.0 Introduction
Blinkers++ is an inter-car communication system that provides a more dynamic and intuitive way for drivers to convey messages. The user will interact with the device using a capacitive touch array that will be able to interpret multiple fingers. The output will be displayed using coordinated LED patterns associated with the interpreted gesture. User interaction with the touchpad is relatively safe; there are no moving parts like motors or stressed parts like guitar strings. The output may be incorrect, but the user should have the option of turning off the touchpad if he notices a disparity between input and output. Potential safety and reliability issues for this project are power supply failures, which may damage parts or overheat the touchpad.
2.0 Reliability Analysis
The components most likely to fail are the voltage regulators and the microcontrollers, which include the PSoC, dsPIC, and PIC18. These parts were chosen because the voltage regulators are expected to operate at the highest temperatures, and the microcontrollers were the most complex and had the most number of pins. Tables 1 to 5 below show the failure rate calculations for each of these devices.
2.1 Voltage Regulators
The voltage regulators are modeled as MOS devices with up to 300 transistors as a conservative estimate [1, 2, 3]. Assuming that the regulators will operate at 70oC, the LM7805 and LM7833 have a failure rate of 6.08 * 10-7 failures/hour, and the LM2576 has a failure rate of 6.6 * 10-7 failure/hour. Calculations are shown in Tables 1 and 2 below.
LM7805 and LM7833: λp = (C1 * πT + C2 * πE) * πQ * πL Failures / 106 hours
Parameter name / Description / Value / CommentsC1 / Die Complexity / .02 / MOS device, linear gate array, assume up to 300 transistors
πT / Temperature Factor / 2.8 / Linear MOS at TJ = 70oC
C2 / Package Failure Rate / .0012 / Nonhermetic DIP, NP = 3 (# of pins)
πE / Environment Factor / 4.0 / Ground/mobile environment; similar to handheld communications equipment
πQ / Quality Factors / 10.0 / Commercial product
πL / Learning Factor / 1.0 / In production for > 2 years
λp / Failure Rate / 6.08 * 10-7 / Failures/hour
MTTF / Mean Time to Failure / 1.64 * 106 hours
188 years
Table 1. Failure rate calculations for voltage regulators (LM7805 and LM7833)
LM2576: λp = (C1 * πT + C2 * πE) * πQ * πL Failures / 106 hours
Parameter name / Description / Value / CommentsC1 / Die Complexity / .02 / MOS device, linear gate array, assume up to 300 transistors
πT / Temperature Factor / 2.8 / Linear MOS at TJ = 70oC
C2 / Package Failure Rate / .0025 / Nonhermetic DIP, NP = 6 (# of pins)
πE / Environment Factor / 4.0 / Ground/mobile environment; similar to handheld communications equipment
πQ / Quality Factors / 10.0 / Commercial product
πL / Learning Factor / 1.0 / In production for > 2 years
λp / Failure Rate / 6.6 * 10-7 / Failures/hour
MTTF / Mean Time to Failure / 1.52 * 106 hours
173 years
Table 2. Failure rate calculations for voltage regulator (LM2576)
2.2 Microcontrollers
The PSoC, dsPIC, and PIC18 were modeled as 16 bit MOS logic microprocessors [1, 4, 5, 6], and their failure rates were calculated as 1.572 * 10-6, 3.532 * 10-6, and 1.212 * 10-6 failures per hour, respectively. Calculations are shown in Tables 3 to 5 below.
PSoC: λp = (C1 * πT + C2 * πE) * πQ * πL Failures / 106 hours
Parameter name / Description / Value / CommentsC1 / Die Complexity / .28 / Microcontroller, 16 bit MOS logic
πT / Temperature Factor / .29 / Digital MOS at TJ = 50oC
C2 / Package Failure Rate / .019 / Nonhermetic SMT, NP = 40 (# of pins)
πE / Environment Factor / 4.0 / Ground/mobile environment; similar to handheld communications equipment
πQ / Quality Factors / 10.0 / Commercial product
πL / Learning Factor / 1.0 / In production for > 2 years
λp / Failure Rate / 1.572 * 10-6 / Failures/hour
MTTF / Mean Time to Failure / 2.83 * 105 hours
73 years
Table 3. Failure rate calculations for PSoC
dsPIC33: λp = (C1 * πT + C2 * πE) * πQ * πL Failures / 106 hours
C1 / Die Complexity / .28 / Microcontroller, 16 bit MOS logic
πT / Temperature Factor / .29 / Digital MOS at TJ = 50oC
C2 / Package Failure Rate / .068 / Nonhermetic SMT, NP = 128 (# of pins)
πE / Environment Factor / 4.0 / Ground/mobile environment; similar to handheld communications equipment
πQ / Quality Factors / 10.0 / Commercial product
πL / Learning Factor / 1.0 / In production for > 2 years
λp / Failure Rate / 3.532 * 10-6 / Failures / 106 hours
MTTF / Mean Time to Failure / 2.83 * 105 hours
32 years
Table 4. Failure rate calculations for dsPIC
PIC18: λp = (C1 * πT + C2 * πE) * πQ * πL Failures / 106 hours
Parameter name / Description / Value / CommentsC1 / Die Complexity / .28 / Microcontroller, 16 bit MOS logic
πT / Temperature Factor / .29 / Digital MOS at TJ = 50oC
C2 / Package Failure Rate / .01 / Nonhermetic SMT, NP = 22 (# of pins)
πE / Environment Factor / 4.0 / Ground/mobile environment; similar to handheld communications equipment
πQ / Quality Factors / 10.0 / Commercial product
πL / Learning Factor / 1.0 / In production for > 2 years
λp / Failure Rate / 1.212 * 10-6 / Failures/hour
MTTF / Mean Time to Failure / 8.25* 105 hours
94 years
Table 5. Failure rate calculations for PIC18
2.3 Conclusions
A standard “acceptable” failure rate can be defined as 1 failure per million hours. Based on the failure analysis in section 3.0, the voltage regulators have a medium criticality level, so this failure rate is reasonable. Therefore, based on the calculations from Tables 1 and 2, these regulators meet and exceed the standard failure rate.
It should be noted that the failure rates of the microcontrollers are conservative, since a quality factor of 10 was used, as determined by the MIL handbook’s category of commercial products [1]. For the worst case failure rate of 3.532 * 10-6, associated with the dsPIC, a quality factor of 2 would reduce the failure rate to below 1 failure per million hours. As shown in Appendix B, the failures associated with the microcontrollers were generally low criticality, so the rates calculated in Tables 3 to 5 should be acceptable.
Overall, the design is safe and reliable. There are no flying parts or extremely dangerous components, so safety should not be a major issue with the design, other than the possibility of the input touchpad being overheated from power supply failures. The design meets reliability thresholds, but it can always be improved by adding redundancy. For example, comparators can be added to the power supply circuitry to ensure that the voltage levels are within tolerance. In addition, the design could possibly use a less complex chip than the dsPIC, which has 100 pins. We have realized that our algorithm for processing inputs may not need to be as complex as originally thought.
3.0 Failure Mode, Effects, and Criticality Analysis (FMECA)
Blinkers++ can be divided into the power, microcontroller, and LED output subsystems, as depicted in Figure 1 in Appendix A. The power subsystem includes the voltage regulators. The microcontroller subsystem includes the PSoC, dsPIC, and PIC18. The LED output subsystem contains the LED driver and LEDs. Figures 2 to 7 are schematics for reference in failure analysis. Appendix B dissects the failure modes for each subsystem.
Three levels have been defined for criticality:
· Low – No damage to parts; may cause annoyance, such as wrong LED output
· Medium – Possible damage to parts
· High – Possible injury to user
High failure rates should have no more than 1 failure per 109 hours. Medium failure rates should have no more than 1 failure per 106 hours. For low failure rates, it is acceptable to have failure rates greater than 1 failure per 106 hours.
4.0 Summary
Overall, Blinkers++ is a safe and reliable product. Given that there are no moving parts, there is little risk for physical harm, other than the risk of overheating if the voltage regulators fail. Redundancy can be added to the design to improve reliability, and less complex chips could possibly be substituted if this project went to a future iteration. As it is now, the design meets acceptable reliability levels, and the user should be able to use Blinkers++ for more than the lifetime of a car.
List of References
[1] United States Department of Defense, “Military Handbook on Reliability Prediction of Electronic Equipment,” Dec. 1991. [online]. Available: https://engineering.purdue.edu/ece477/Homework/CommonRefs/Mil-Hdbk-217F.pdf. [Accessed: November 11, 2009].
[2] Fairchild Semiconductor, “LM78XX/LM78XXA,” March 2008. [online]. Available: http://www.fairchildsemi.com/ds/LM%2FLM7805.pdf. [Accessed: November 11, 2009].
[3] National Semiconductor, “LM2576/LM2576HV Series,” August 2004. [online]. Available: http://www.national.com/ds/LM/LM2576.pdf. [Accessed: November 11, 2009].
[4] Cypress Semiconductor, “CY8C20X36/46/66/96,” September 2009. [online]. Available: http://www.cypress.com/?rID=17840. [Accessed: November 11, 2009].
[5] Microchip, “PIC18F2525/2620/4525/4620,” May 2004. [online]. Available: http://ww1.microchip.com/downloads/en/DeviceDoc/39626b.pdf. [Accessed: November 11, 2009].
[6] Microchip, “dsPIC33F Product Overview,” August 2005. [online]. Available: http://ww1.microchip.com/downloads/en/devicedoc/70155c.pdf. [Accessed: November 11, 2009].
Appendix A – Schematic Functional Blocks
Overall system
Figure 1. Subsystem division
Power supply subsystem
Figure 2. Power supply for input touchpad
Figure 3. Power supply for LED output
Microcontroller subsystem
Figure 4. Touchpad controller – Cypress PSoC
Figure 5. Digital signal processor - dsPIC
Figure 6 – LED controller – PIC18
LED output subsystem
Figure 7 – LED drivers and LEDs (TLC driver)
ECE 477 Digital Systems Senior Design Project Rev 8/09
Appendix B – FEMCA Worksheet
Power Supply SubsystemFailure No. / Failure Mode / Possible Causes / Failure Effects / Method of Detection / Criticality / Remarks
A1 / 5V rail = 0V (input touchpad) / LM7805 fails open; power not connected; short via blown capacitor / No LEDs turn on / Observation / Low / A short in the supply would cause excess current flow and heat
A2 / 5V rail > 5V (input touchpad) / LM7805 fails shorted / Potential damage to voltage regulators and PSoCs and ICs / Observation / Medium / Input pad parts may become damaged
A3 / 5V rail out of tolerance
(input touchpad) / LM7805 failure; overloading; noisy power source; blown filter capacitor / Causes 5V to be out of tolerance; minor damage to parts; unreliable performance / Observation / Low / Device may possibly not operate if voltage is out of tolerance
A4 / 3.3V rail = 0V (input touchpad) / LM7833 fails open; short via blown capacitor / No LEDs turn on / Observation / Low / dsPIC will not turn on
A5 / 3.3V rail > 3.3V (input touchpad) / LM7833 fails shorted / Potential damage to dsPIC / Observation / Medium / Definitely want to avoid damage to dsPIC, a critical and expensive part
A6 / 3.3V rail out of tolerance
(input touchpad) / LP7833 failure; overloading; noisy power source; blown filter capacitor / Unpredictable operation of dsPIC; potential damage to dsPIC / Observation / Low / Device may possibly not operate if voltage is out of tolerance
A7 / 5V rail = 0V (LED output) / LM2576 fails open; short via blown capacitor or diode / No LED output / Observation / Low / PIC18 and LED drivers will not turn on
A8 / 5V rail > 5V (LED output) / LM2576 fails shorted / Potential damage to the PIC18 and TLC drivers / Observation / Medium / Medium criticality due to possible damage to parts
A9 / 5V rail out of tolerance
(LED output) / LM2576 failure; overloading; noisy power source; blown filter capacitor/inductor / Unpredictable operation of the PIC18, TLC drivers / Observation / Low / Device may possibly not operate if voltage is out of tolerance
Microcontroller Subsystem
Failure No. / Failure Mode / Possible Causes / Failure Effects / Method of Detection / Criticality / Remarks
B1 / PSoC does not communicate with dsPIC / dsPIC uses wrong slave addresses for PsoC; PSoC stuck at fault on I2C line; noisy I2C lines / LED pattern cannot be displayed / No communication observed over I2C line / Low / dsPIC won’t be able to process inputs, but PSoC can still detect touches
B2 / PSoC does not read touchpad input correctly / Noise thresholds for touchpad input are too low / An incorrect LED pattern may be displayed / Reading from debugging tool on computer / Low / PSoC is the main means of detecting user input
B3 / dsPIC to LED driver communication breakdown / dsPIC stuck at fault on I2C line; noisy I2C lines / No LED outputs around user touchpad / No communication over dsPIC/TLC I2C line / Low / dsPIC won’t be able to display user feedback LEDs, although LEDs may still work around the car