ECE 477 Digital Systems Senior Design Project Rev 8/09 s12

ECE 477 Digital Systems Senior Design Project Rev 8/09

Homework 11: Reliability and Safety Analysis

Team Code Name: Home Enhancement Suite Group No. 10

Team Member Completing This Homework: Allen Humphreys

E-mail Address of Team Member: aehumphr@ purdue.edu

Evaluation:

SCORE

/

DESCRIPTION

10 /

Excellent – among the best papers submitted for this assignment. Very few corrections needed for version submitted in Final Report.

9 /

Very good – all requirements aptly met. Minor additions/corrections needed for version submitted in Final Report.

8 /

Good – all requirements considered and addressed. Several noteworthy additions/corrections needed for version submitted in Final Report.

7 /

Average – all requirements basically met, but some revisions in content should be made for the version submitted in the Final Report.

6 /

Marginal – all requirements met at a nominal level. Significant revisions in content should be made for the version submitted in the Final Report.

* /

Below the passing threshold – major revisions required to meet report requirements at a nominal level. Revise and resubmit.

* Resubmissions are due within one week of the date of return, and will be awarded a score of “6” provided all report requirements have been met at a nominal level.

Comments:

Grader: George Toh Score: 9/10

Great work! You should have talked about the reliability of the RFID component as well.

1.0  Introduction

The Home Enhancement Suite is a set-top box coupled with an onboard power supply circuit that supplies the 5V power rail using a uA78m00 series voltage regulator that feeds several ICs and the LM3940 1A low dropout voltage regulator, which supplies the 3.3V power rail [1][2]. The power supply circuit is a primary concern both for safety, due to its potential to overheat, and reliability, due to its above-average component failure rate. The main unit controls a room’s lights, door locks, and television based on user information received from an RFID reader. This unit’s control functions are enabled by a PIC32MX695F512L microcontroller (PIC32), which has all the necessary communication modules (I2C, UART, and Ethernet) on-chip to facilitate straightforward and expedient software development [3]. There are several reliability concerns with PIC32’s control circuitry, die complexity, pin count and heat dissipation. This project will also provide a web-based interface for changing user settings and remotely controlling the available devices. The interface’s physical layer (PHY) is managed by a National DP83848C PHYTER© chip that requires numerous external passive components to operate and has a relatively high pin count [5].

2.0  Reliability Analysis

The Home Enhancement Suite’s power supply circuitry uses two metal-oxide semiconductor (MOS) linear voltage regulators to supply stable power. The circuit also has one 3300μF, aluminum, dry, electrolytic capacitor that is included in this analysis because of its heat and potential for premature failure. The PIC32 microcontroller is the most complex part with 100 pins and a handful of supporting capacitors. It also runs at approximately 35-40C, increasing the probability that it will fail. The Ethernet PHY chip is included because it has 48 pins and requires ~40 external passive components to function correctly.

The following four tables contain the values used for calculating the failure rate and mean time to failure (MTTF) of the components chosen for analysis. The voltage regulators, PIC32, and Ethernet PHY all use the failure model, described in section 5.1 of MIL-HDBK-217F, included here [4]:

λp= C1πT + C2πEπQπL failures per 106 hours

Calculations for the 3300μF, electrolytic capacitor are included and use the failure model from section 10.15 “Fixed, Electrolytic (Dry), Aluminum” of MIL-HDBK-217F and included here [4]:

λp=λbπCVπQπE failures per 106 hours

Although all the values used are included in the tables, some values were only obtainable by making assumptions about unknown operating conditions. The temperature coefficients (πT) used for the four MOS devices assume a worse case junction temperature of 50C, which may be low for the voltage regulators and may be high for the microcontroller. The same value was used for consistency between the calculations. The values may still be different because they come from different columns in the table on page 5-13 in MIL-HDBK-217F [4]. The package failure rate factors for pin counts not listed in the table were extrapolated using a best-fit linear model. The environment factor (πE) is assumed to be ground, fixed because the device may be used in poorly, or non climate-controlled environments.

Parameter name / Description / Value / Comments
C1 / Die complexity / 0.56
πT / Temperature coeff. / 0.29 / 50C Junction Temp
C2 / Package Failure Rate / .0386 / 100 pins
πE / Environment Factor / 2.0 / Ground, Fixed
πQ / Quality Factor / 10 / Commercial product with unknown screening level
πL / Learning Factor / 1.0 / > 2.0 Years in Production
Failure Rate: / 2.396 per 106 / MTTF: / 417,362 hours

Table 1 PIC32MX695F512L

Parameter name / Description / Value / Comments
C1 / Die complexity / 0.56
πT / Temperature coeff. / .29 / 50C Junction Temp
C2 / Package Failure Rate / .0178 / 48 pins
πE / Environment Factor / 2.0 / Ground, Fixed
πQ / Quality Factor / 10 / Commercial product with unknown screening level
πL / Learning Factor / 1.0 / > 2.0 Years in Production
Failure Rate: / 1.98 per 106 / MTTF: / 505,050.50 hours

Table 2 TI DP83848C PHYTER

Parameter name / Description / Value / Comments
C1 / Die complexity / 0.020
πT / Temperature coeff. / 0.71 / 50C Junction Temp
C2 / Package Failure Rate / .0012 / 3 pin Regulator
πE / Environment Factor / 2.0 / Ground, Fixed
πQ / Quality Factor / 10 / Commercial product with unknown screening level
πL / Learning Factor / 1.0 / > 2.0 Years in Production
Failure Rate: / .166 per 106 / MTTF: / 6,024,096.3 hours

Table 3 LM3940 and uA78m00 Voltage Regulators

Parameter name / Description / Value / Comments
λb / Base Failure Rate / 0.040 / Relative stress
πCV / Capacitance Factor / 1.492 / For 3300uF
πQ / Quality Factor / 10 / Non-military
πE / Environment Factor / 2.0 / Ground, Fixed
Failure Rate: / 1.2 per 106 / MTTF: / 833,333.33 hours

Table 4 3300uF, Dry, Electrolytic Capacitor

The reliability of each component is acceptable, but looking forward to the FMECA the power supply capacitor should have a lower failure rate to satisfy the desired safety constraints. Choosing a capacitor with a higher voltage rating would decrease the capacitance factor. Also, using a transformer that outputs 8.3V RMS would still provide the desired 12V unregulated DC supply but provide a better derating for the capacitor. Redesigning the power supply circuit so the voltage regulators aren’t cascaded would decrease the load on the 5V regulator and decrease its operating temperature. This would also allow the entire product to continue functioning if the 5V regulator fails.

3.0  Failure Mode, Effects, and Criticality Analysis (FMECA)

For the purpose of the failure modes, effects, and criticality analysis (FMECA), the Home Enhancement Suite circuit is broken up into three subsystems. These systems are the power supply, microcontroller, and Ethernet subsystems and schematics detailing the components included in each system are provided in Appendix A. The FMECA tables detailing the manner and effects each subsystem can fail are listed in Appendix B.

Three criticality levels are considered in the analysis. A high criticality failure mode represents the potential of the device to harm the user and should have a rate of less than 10-9. A medium criticality failure mode is an irreparable failure that disables the entire system and should have a rate of less than 10-7. Finally, a low criticality failure mode is a failure that disables a single feature, may be repairable and should have a rate of less than 10-5.

4.0  Summary

The Home Enhancement Suite provides centralized, automated control of commonly used household functions. The system has an acceptable level of reliability with the least reliable component being the PIC32 with a MTTF of 47.64 years. The power supply circuit components have a better reliability when considered separately, but since the failure of either regulator disables the entire system, the reliability is actually less than what is listed in the table. Redesigning the power supply so the 3.3V regulator doesn’t run off of the 5V regulator would decrease the occurrence of total system failure. The FMECA uses three criticality levels to classify how catastrophic failure modes are.
List of References

[1]  Texas Instruments. LM3940 1A Low Dropout Regulator for 5V to 3.3V Conversion [Online]. Available: http://www.ti.com/lit/ds/symlink/lm3940.pdf

[2]  Texas Instruments. uA78M00 SERIES Positive-Voltage Regulators [Online]. Available: http://www.ti.com/lit/ds/symlink/ua78m05.pdf

[3]  Microchip Technology. PIC32MX5XX/6XX/7XX Family Data Sheet (Rev. G) [Online]. Available: http://ww1.microchip.com/downloads/en/DeviceDoc/61156G.pdf

[4]  United States Department of Defense. MIL-HDBK-217F [Online]. Available: https://engineering.purdue.edu/ece477/Homework/CommonRefs/CC_reliability_and_safety_ref.pdf

[5]  Texas Instruments. DP83848C PHYTER Commercial Temperature Single Port 10/100 Mb/s Ethernet Physical Layer Transceiver [Online]. Available: http://www.ti.com/lit/ds/symlink/dp83848c.pdf

[6]  Panasonic. Aluminum Electrolytic Capacitors [Online]. Available: http://industrial.panasonic.com/www-data/pdf/ABA0000/ABA0000CE137.pdf

-1-

ECE 477 Digital Systems Senior Design Project Spring 2009

Appendix A: Schematic Functional Blocks

Appendix B: FMECA Worksheet

Failure No. / Failure Mode / Possible Causes / Failure Effects / Method of Detection / Criticality / Remarks
A1 / Either Supply Output = 0V / Failure to short circuit of any component in power supply / Circuit inoperable / Ohmmeter + fuse = no continuity, observe device not working / Medium / 1A fuse in circuit should protect against overloading other devices
A2 / Overheating C13 / Failure of C13 electrolyte / Explosive destruction of capacitor / Visual detection, smoke, fire, firemen / High / Included by request of Prof. Meyer
A3 / 5V Supply > 5V / Failure of T1 or U9 / U10 could overheat attempting to regulate from a higher voltage, PLIX chip, RFID Reader, parts overheat / PCB à vapor, smell of IC frying / High
A4 / 3.3V Supply > 3.3V / Failure of T1, U9, or U10 / µC thermal/voltage shutdown / Observe sporadic, unpredictable resets / Medium / PIC32 has internal voltage regulator that will protect it from a reasonable spike in voltage
A5 / Output out-of-tolerance / Failure to open circuit of any component in power supply / High ripple or out-of-spec operating voltage; Circuit Behavior Unpredictable / Voltmeter or scope displays erratic output voltage / Medium
Failure No. / Failure Mode / Possible Causes / Failure Effects / Method of Detection / Criticality / Remarks
B1 / Lock Unresponsive / R16 fails open à optoisolator control left floating / Lock Control Failure/unknown behavior / DMM probing, observation / Medium / The system could still function, but security failure is still dangerous
B2 / Communication to PLIX lost / R15 fails open, Y1 (xtal) fails, C11, C12 (xtal caps) fail / Light Control Failure / Observe undesired light level, ohmmeter / Low / Components not on above schematic
B3 / Stuck in reset / R6, S1, R5,
C10, Software (reset handling routines) / System failure / Observation / Medium
B4 / Receives < 3.3V / U10, C3, C4, C5, C6, C8, C7 / PIC32 could cut out sporadically / Oscilloscope / Medium / Voltage may only drop under load
Failure No. / Failure Mode / Possible Causes / Failure Effects / Method of Detection / Criticality / Remarks
C1 / No Ethernet clock / U8 oscillator failure / Ethernet Fails, µC Fails / Oscilloscope to verify external clock, ping device from a terminal / Medium / PHY feeds reference clock to PIC32, no reference = unpredictable PIC32 behavior
C2 / Circuit functioning, but producing Ethernet gibberish / Decoupling Caps Fail / No/Poor Ethernet Comm. / Difficult, probably need an Ethernet tester, observation / Low / Signaling from PHY to cable very sensitive to HF noise
C3 / Communication to µC Fail / R39 fails open, EMDIO signal lost/floating / No Ethernet / Software checking could reveal this and shut down Ethernet module, observation / Low
C4 / RESET_N floating, or ESD damage / R40 fails open, short / Unpredictable, depends on device usage / Multimeter probing / Low/Medium / Unpredictable interactiong with PIC32

-12-