ECE 477 Digital Systems Senior Design Project Spring 2008
Homework 11: Reliability and Safety Analysis
Due: Friday, April 4, at NOON
Team Code Name: ______SmartGlove______Group No. _14___
Team Member Completing This Homework: _____Shiv Biddanda______
e-mail Address of Team Member: ___sbiddand_____ @ purdue.edu
Evaluation:
SCORE
/DESCRIPTION
10 /Excellent – among the best papers submitted for this assignment. Very few corrections needed for version submitted in Final Report.
9 /Very good – all requirements aptly met. Minor additions/corrections needed for version submitted in Final Report.
8 /Good – all requirements considered and addressed. Several noteworthy additions/corrections needed for version submitted in Final Report.
7 /Average – all requirements basically met, but some revisions in content should be made for the version submitted in the Final Report.
6 /Marginal – all requirements met at a nominal level. Significant revisions in content should be made for the version submitted in the Final Report.
* /Below the passing threshold – major revisions required to meet report requirements at a nominal level. Revise and resubmit.
* Resubmissions are due within one week of the date of return, and will be awarded a score of “6” provided all report requirements have been met at a nominal level.
Comments:
1.0 Introduction
SmartGlove is a wearable Bluetooth-based human interface device. Being portable, it is driven by a battery and allows for charging when needed. This means that battery failure can possibly injure users in case it catches fire. So, extreme care is required to make sure safety in order not to cause human casualty. All the parts used in this project are surface mounted and the components are very small and easily shorted. Thus, all parts should be properly soldered on the PCB without touching each other and covered by non-conducting materials. In additional to catastrophic hardware failure, under and over voltage can cause damage to major components and this should be considered thoroughly.
2.0 Reliability Analysis
The MAX1555 battery charging IC, the PIC18F4550 microprocessor, and the AD8354 amplifier are the three components used by the SmartGlove that are most likely to fail. Out of the three components, a failure of the MAX1555 would lead to an injury of the user by damaging the battery. The IC could get burned out if exposed to a high voltage battery or an unregulated USB line. The PIC18F4550 was chosen because it is one of the most power hungry chips used in the SmartGlove. The AD8354 was chosen due to the fact that it acts as a medium between the sensors and the microprocessor. However, damage of the AD8354 op-amp cannot be easily propagated to the microcontroller or other components since diodes are used to block the inverse current flows. The following paragraphs utilize the MIL-HDBK-217F model to calculate failure rates for the three components mentioned above.
2.1 PIC18f4550 Microcontroller
The SmartGlove is driven by a PIC18F4550 microprocessor. According to the values and calculations shown in Table 2.1a and Table 2.1b, the PIC18F4550 has fairly good MTTF. However, the MTTF value should be even better. This is because the microprocessor will never run in an environment where the temperature is 100 degrees Celsius.
Description: CMOS Greater than 60,000 gates
λp = λBD πMFG πT πCD + λBP πE πQ πPT + λEOS Failures/106 hours
(MIL-HDBK-217F, Section 5.3)
Parameter / Value / Description / Justification or AssumptionλBD / 0.16 / Die Base Failure Rate:
Logic and custom ([1], Section 5.3) [5]
πMFG / 0.55 / Manufacturing Process Correction Factor:
QML or QPL ([1], Section 5.3) [5]
πT / 0.71 / Temperature Factor:
A digital VLSI chip ([1], Section 5.8) [3]
πCD / 0.36 / Die Complexity Correction Factor:
Die area is extremely small ([1], Section 5.3) [5]
λBP / 0.0036 / Package Base Failure Rate:
44 pins ([1], Section 5.3) [5]
πE / 2.0 / Environmental Factor:
All parts are under same condition, and Gf was picked ([1], Sec. 5.10) [5]
πQ / 2.0 / Quality Factor:
Most of the groups are included or better than them ([1], Sec 5.10) [5]
πPT / 4.7 / Package Type Correction Factor:
Surface Mount Technology ([1], Section 5.3) [5]
λEOS / 0.065 / Electrical Overstress Failure Rate:
0-1000V ESD range is chosen ([1], Section 5.3) [5]
Table 2.1a
λp / 1.552 Failures/106 hoursMTTF / 6.4433 x 105 hours ~ 73.5 years
Table 2.1b
Table 2.1a and 2.1b. PIC18F4550 reliability analysis
2.2 MAX1555 Battery Charger IC
The MAX1555 is the battery charging IC used in the SmartGlove. According to Table 2.2a and Table 2.2b, it has a MTTF of around 8 years. This value is not great, but due to the fact that the MAX1555 is responsible for recharging the lithium polymer battery, this kind of MTTF is expected. It should be pointed out that the TJ used in the calculation is exaggerated. During normal use, the temperature should never reach such high levels. Another important point is that the SmartGlove is not recharging the battery all the time. Therefore, the time that the MAX1555 IC is in operation is reduced. These two additional factors can help improve on the MTTF value that was calculated. MAXIM also published their own reliability report for the MAX1555. According to their report, the chip has a l=22.62E-9 [4]. Unfortunately, the report does not go into detail regarding the specifics for the method used to derive the number. The test data given in the report is also from a small sample group, which is not accurate to point out the real reliability of the chip.
λp = (C1πT + C2πE)πQπL Failures/106 hours
(MIL-HDBK-217F, Section 5.1)
Parameter / Value / Description / Justification or AssumptionC1 / 0.045 / Digital and Linear Gate/Logic Array Die Complexity Failure Rate:
541 transistors, BiCMOS ([1], Section 5.1) [5]
C2 / 0.002 / Package Failure Rate for all Microcircuits:
5 Pin, Nonhermetic SMT Packaging ([1], Section 5.9) [3]
πT / 32 / Temperature Factor:
Assumptions: TJ=100°C. ([1], Section 5.8) [3]
πE / 2.0 / Environmental Factor:
All parts are under same condition, and Gf was picked
πQ / 10.0 / Quality Factor:
Commercial Product ([1], Section 5.10) [5]
πL / 1.0 / Package Type Correction Factor:
Years in Production >= 2 ([1], Section 5.10) [3]
Table 2.2a
λp / 14.44 failures per million hoursMTTF / Around 70000 hours, or 8 years
Table 2.2b
Table 2.2a and 2.2b. MAX1555 reliability analysis
2.3 AD8354 Quad Op-Amp IC
The AD8354 op-amps are used within the inverter amplifier circuit between the force sensors and the ADC channels on the PIC18F4550. According to Table 2.3a and Table 2.3b, the AD8354 has a MTTF of 34 years, which is pretty good. The MTTF can be improved by using a more realistic Tj. The data sheet stated that the maximum Tj is 150°C. A more realistic value such as 50°C (which is still very high) will result in a more realistic MTTF value.
λp = (C1πT + C2πE)πQπL Failures/106 hours
(MIL-HDBK-217F, Section 5.1)
Parameter / Value / Description / Justification or AssumptionC1 / 0.01 / Digital and Linear Gate/Logic Array Die Complexity Failure Rate:
Assumption: 100 transistors, BiCMOS ([1], Section 5.1) [5]
C2 / 0.0062 / Package Failure Rate for all Microcircuits:
14 Pin, Nonhermetic SMT Packaging ([1], Section 5.9) [3]
πT / 32 / Temperature Factor:
TJ=150°C. ([1], Section 5.8) [3]
πE / 2.0 / Environmental Factor:
Ground Fixed Environment ([1], Section 5.10) [5]
πQ / 10.0 / Quality Factor:
Commercial Product ([1], Section 5.10) [5]
πL / 1.0 / Package Type Correction Factor:
Years in Production >= 2 ([1], Section 5.10) [5]
Table 2.3a
λp / 3.324 failures per million hoursMTTF / Around 300800 hours, or 34.3 years
Table 2.3b
Table 2.3a and 2.3b. AD8354 reliability analysis
3.0 Failure Mode, Effects, and Criticality Analysis (FMECA)
For each of the major functional blocks, a schematic is shown in Appendix A. A FEMCA worksheet outlining the failure modes, effects and criticality analysis for each block is filled out in Appendix B. The functional blocks are categorized into five as in Table 3.1.
No. / Functional Block1. / Power Supply / Battery Charger Block
2. / Microcontroller Block
3. / Accelerometer Mini-Board Block
4. / Analog / Touch Sensor Block
5. / Bluetooth Block
Table 3.1
The FMECA report for each block above is based on these definitions of criticality levels. A “High” criticality level corresponds to injury to the user or a loss of functionality due to irreparable damage. “Medium” levels are deemed to failures which lead to a single block being inoperable while causing no harm to the user. A “Low” criticality level consists of damage that can be fixed such as faulty cabling or other minor issues.
Criticality / Failure Effect / Maximum ProbabilityHigh / Harm to the user or no functionality / lp 10-6
Medium / No harm to the user and partial functionality / 10-6 lp 10-9
Low / Reparable damage or minor flaws / lp 10-6
Table 3.2
In terms of personal injury, a failure mode of the power supply and charging block is the only conceivable way the user can hurt themselves. Either through battery leakage or potentially an explosive battery if overcharging occurs or the charging rates are too fast. Other non-hazardous high criticality levels were major system failures such as having a dead microcontroller or improper voltage supply. A standard maximum probability of lp 10-9 was picked for this level. Other criticality levels such as medium were assigned probability rates that are reasonable considering their failure effects. These rates are outlined in Table 3.2.
4.0 Summary
After analyzing all the functional areas and components and their criticality levels, one can conclude that none of the components used stand out as being completely unreliable. It would require some kind of malfunction on the part of the other components or human error to cause a serious problem. In terms of safety hazards, the battery charger circuit block stands out as the single source of possible bodily harm. If the battery charger IC unit is damaged in some way, there could be damage to the battery such as leakage of toxic materials or explosive behavior. Several precautions have been taken to avoid these circumstances both in hardware and software and the enclosure used to case the main PCB seems strong enough to protect the user from serious harm.
List of References
[1] Department of Defense, “Military Handbook, Reliability Prediction of Electronic Equipment,” [Online Document], Available:
http://assist.daps.dla.mil/quicksearch/basic_profile.cfm?ident_number=53939
[2] Microchip, “PIC18F2455/2550/4455/4550 Data Sheet”, [Online Document], January 2007,
http://ww1.microchip.com/downloads/en/DeviceDoc/39632D.pdf
[3] MAXIM, “SOT23 Dual-Input USB/AC Adapter 1-Cell Li+Battery Chargers”, [Online Document], 2003,
http://datasheets.maxim-ic.com/en/ds/MAX1551-MAX1555.pdf
[4] MAXIM, “MAX1555 Reliability Report”, [Online Document], 2003,
http://www.maxim-ic.com/reliability/maxim/MAX1555EZK.pdf
-6-
ECE 477 Digital Systems Senior Design Project Spring 2008
Appendix A: Schematic Functional Blocks
Overall Layout
Power Supply / Battery Charger Block
Microcontroller Block
Accelerometer Mini-Board Block
Bluetooth Block
Analog Block
Appendix B: FMECA Worksheet
1. FMECA for Power Supply / Charger Block
Failure No. / Failure Mode / Possible Causes / Failure Effects / Method of Detection / Criticality / Remarks1 / Battery Charger IC Failure / Failure of USB_R2, MAX1555_C1, MAX1555_C2, MAX1555_C3, PW_C1 resulting in shorts. / Battery cannot be charged from external USB power source. / PW_LED1 lights up depending on the power supply / High / USB line is an alternate source of powering this device. Since it would be rendered useless, the battery is the only power supply.
2 / Voltage regulator IC Failure / Failure of Battery charger IC or FDG315N Mosfet. / • Damage to battery
• Battery Leakage
• Explosion / Observation / High / Battery very sensitive to charging characteristics and may explode if charging rates are beyond tolerable limits.
2. FMECA for Microcontroller Block
Failure No. / Failure Mode / Possible Causes / FailureEffects / Method of Detection / Criticality / Remarks
1 / Dead pic18f4550 – unresponsive / • Failure of power system or supply voltage > 7.5V
• Short on bypass capacitors C_C2, C_C3, C_C4
• Failure of external clock source - crystal FX425B / • Non-programmable
• Failure of system / Observation with DMM / High / Failure of the microcontroller should not lead to any unpredictable behavior or injury to the user.
3. FMECA for Accelerometer Mini-Board Block
Failure No. / Failure Mode / Possible Causes / Failure Effects / Method of Detection / Criticality / Remarks1 / No output
on port pins / • Bypass caps C1-C3 shorted
• Open line between glove and main PCB
• IC Damaged due to extremely quick movement, dropping IC / No analog output to feed into ATD pins. / Observation with DMM / Medium / Having a low voltage input into the microcontroller would be interpreted as no movement.
2 / Erroneous output readings / • Failure of Analog subsystem block
• Failure of passive components / Noisy output fed into ATD pins / Observation on host PC / Low / These noisy readings would be interpreted as incorrect cursor movements on PC
4. FMECA for Analog Block
Failure No. / Failure Mode / Possible Causes / Failure Effects / Method of Detection / Criticality / Remarks1 / Erroneous output fed into ATD pins / • Failure of AD8354 op-amp
• Failure of AD8532 voltage inverter / Unpredictable output values into ATD pins. / Observation with DMM / Medium / • If the inverter amplifier circuit fails, the voltage output would be unpredictable
• If the voltage inverter fails, there would be a negative voltage output which is blocked by diodes.
5. FMECA for Bluetooth Module Block
Failure No. / Failure Mode / Possible Causes / Failure Effects / Method of Detection / Criticality / Remarks1 / Incorrect data on host PC / • Retransmission of data
• Error in packet construction / Unpredictable cursor movements / Observation on host PC / Low / None
2 / No data / • UART Tx error
• No Bluetooth handshake between host PC and radio / No cursor movement / Observation on host PC / Low / None
-14-