ECE 477 Digital Systems Senior Design Project Spring 2009

ECE 477 Digital Systems Senior Design Project Spring 2009

Homework 11: Reliability and Safety Analysis

Due: Friday, April 10, at NOON

Team Code Name: _The Magic Wand______Group No. __5____

Team Member Completing This Homework: _____ Zachary M. Greenawalt______

E-mail Address of Team Member: ___zgreenaw______@ purdue.edu

Evaluation:

SCORE

/

DESCRIPTION

10 /

Excellent – among the best papers submitted for this assignment. Very few corrections needed for version submitted in Final Report.

9 /

Very good – all requirements aptly met. Minor additions/corrections needed for version submitted in Final Report.

8 /

Good – all requirements considered and addressed. Several noteworthy additions/corrections needed for version submitted in Final Report.

7 /

Average – all requirements basically met, but some revisions in content should be made for the version submitted in the Final Report.

6 /

Marginal – all requirements met at a nominal level. Significant revisions in content should be made for the version submitted in the Final Report.

* /

Below the passing threshold – major revisions required to meet report requirements at a nominal level. Revise and resubmit.

* Resubmissions are due within one week of the date of return, and will be awarded a score of “6” provided all report requirements have been met at a nominal level.

Comments:

Comments from the grader will be inserted here.

1.0  Introduction

The Magic Wand is a hand writing character recognition apparatus that uses a stylus to detect motion and a base station to analyze the motion and display the interrupted character. The stylus is a data acquisition device with a 3 axis accelerometer, microcontroller, 3V battery, and transceiver. The base station contains a transceiver to communicate with the stylus, a microcontroller to analyze acceleration data, a battery, and a LCD screen to display characters and operating data.

Both of these devices are low voltage and relatively safe. The base station requires minimal physical interaction with the user; meanwhile, the pen will interact with the user constantly. The amounts of interaction with the user factor into both the safety and reliability of the product. The pen, requiring more interaction with the user, is more susceptible to physical damage and has higher potential to harm the individual and is the reason why its parts are examined in the rest of the paper, and not the base stations. Another supporting argument for the choice of components coming from the pen is that most of the hardware on the pen is duplicated on the base station (boost, fuel gauge, and transceiver). The pen’s most critical safety and reliability issues are:

1)  Ensure the user suffers no physical harm from the pen’s design and operational usage.

2)  Ensure the pen operates under normal writing conditions and is not susceptible to breaking under normal use.

3)  Ensure the pen offers a long enough period of use that it is functionally useful

Taking these issues into consideration, the choice of components to be analyzed are the ADXL330 accelerometer, PIC18F2320 microcontroller, and LT1302 Boost.

Brief description of design project, with a focus on safety and reliability issue specific to this design. What safety and reliability issues will be most critical in this design?

2.0  Reliability Analysis

The accelerometer, microcontroller, and boost were all chosen because of their necessity in operation or the possibility to inflict harm to the user. The accelerometer was chosen because it is the heart of the product. The Magic Wand is an acceleration based writing apparatus, and thus if it cannot detect acceleration, it is useless. The microcontroller was chosen due to its complexity and the presumption that it is the device most likely to fail. Finally, the boost is being considered due to the fact that it is potentially the most dangerous component if malfunctioning.

To determine the number of failures per 106 hours and the MTTF, the Military Handbook – Reliability Prediction of Electronic Equipment was utilized. Page 25 of the handbook gives the equation lp = (C1 pT + C2 pE)pQpL where lp is the number of failures per 106 hours and 1/lp is the MTTF. C1 is summarized as the die complexity while pT is junction temperature coefficient. C2 is defined as the package failure rate and the environmental constant is pE. pQ is the quality factor while pL is defined as the learning factor, described as how long the component has been manufactured. Tables 2.0.1, 2.0.2, and 2.0.3 below summarize the results from the Military Handbook.

Table 2.0.1 ADXL330 Accelerometer
Parameter / Value / Comments
C1 / .01 / 1 to 100 transistors, Linear, MOS
pT / 3.8 / Max temp 70 C
C2 / .0034 / 16 pins, 7 functional
pE / 4.0 / Ground mobile
pQ / 10 / Commercial
pL / 1.0 / >2 Years in production
lP / .516 / Failures per 106 hours
MTTF / 1,937,984 hours = 221 Years
Table 2.0.2 PIC18F2320 Microcontroller
Parameter / Value / Comments
C1 / .14 / CMOS, 8-Bit
pT / .71 / Max temp 50 C
C2 / .013 / 28 pins
pE / 4.0 / Ground mobile
pQ / 10 / Commercial
pL / 1.0 / >2 Years in production
lP / 1.514 / Failures per 106 hours
MTTF / 660,512 hours = 75.35 years
Table 2.0.3 LT1302 Boost
Parameter / Value / Comments
C1 / .01 / 1 to 100 Gates, Linear, MOS
pT / 3.8 / Max temp 70 C
C2 / .0034 / 8 pins
pE / 4.0 / Ground mobile
pQ / 10 / Commercial
pL / 1.0 / >2 Years in production
lP / .516 / Failures per 106 hours
MTTF / 1,937,984 hours = 221 Years

The three parts chosen show an acceptable level of reliability. The temperatures chosen are relatively high, not unrealistic, but relatively high and thus lower what might be considered the true MTTF given more probable operating temperatures. The design change that may prove to increase the reliability of the device the most is to remove the extended part of the transceiver. While the transceiver itself was not analyzed in scrutiny, it is my opinion that the device most likely to fail will be the transceiver, as part of it sticks off, over the design, by about 1/3 of an inch.

§  Choose 3-5 components in your design that you believe are most likely to fail (voltage regulators, power MOSFETs, etc. – basically anything operating above room temperature). The microcontroller and any other similarly high complexity ICs should be included. Such devices are not always the hottest on your board, they are usually the most complicated and have the most I/O pins. Be sure to briefly explain the reasons for your selections.

§  Perform calculations to determine the number of failures per 106 hours and mean time to failure (MTTF) for each component, making any reasonable assumptions where necessary. State the model used and any assumptions you had to make. For each component you analyzed, present the parameters you used and the results obtained in a tabular format like the following:

Parameter name / Description / Value / Comments regarding choice of parameter value, especially if you had to make assumptions.
C1 / Die complexity
πT / Temperature coeff.
Entire design:

§  Summarize conclusions about the reliability of these components and/or the circuit in general. Suggest design or analysis refinements that would realistically improve the reliability of the design.

3.0  Failure Mode, Effects, and Criticality Analysis (FMECA)

Appendix A below provides a breakdown of the schematics used in the production of the Magic Wand. There are four main parts of the design, two “digital” sections, one for the stylus and another for the base. There are also two “power” sections, showing the design of the power supplies for the stylus and base. Appendix B utilizes Appendix A and shows the Failure Mode Analysis. There are three types of criticality utilized in the analysis:

Low: No risk of user injury, easy replacement of part

Medium: No risk of user injury, difficult to replace malfunctioning part

High: Any chance of user injury

The conditions for a criticality level were chosen largely based off of the risk of user injury. While the likely hood of a part failing is important, it is trumped by the possibility of user injury. Take an automobile for example. The probability of your seat belt light failing may be very high while the probability of a brake bad failing may be very low. The criticality of the seat belt light should, in no way, be as severe as the criticality of the brakes; likewise, while a part may malfunction and render the device inoperable, that part should not have a criticality the same level as a part that may malfunction and cause harm to the user while the device can still operate. This amounts to a genuine care for the user’s safety on the side of the manufacturer.

§  Failure Modes: Divide your schematic into functional blocks (e.g. power circuits, sensor blocks, microcontroller block) – include this illustration as Appendix A Break the schematic into small enough blocks so that details are readable. Determine all possible failure conditions of each functional block. Indicate the components that could possibly be responsible for such a failure (e.g., a shorted bypass capacitor might cause a voltage drop, but cannot cause a voltage increase).

§  Effects: For each failure mode above, determine the possible effects, if any, on any major components in other parts of the design (e.g., damage the microcontroller or fry a resistor) as well as effects on the overall operation of the project (e.g, audio volume increases to maximum). For some failure modes, it is acceptable to declare the effects unpredictable. “Method of detection” of a particular failure mode should be observable from the operation of the device, unless there is particular circuitry intended to detect such a failure.

§  Criticality: Begin by defining at least two criticality levels for types of failures in the output of your design. Define an acceptable failure rate l for each level of failure. These are up to you and somewhat arbitrary, but keep in mind l 10-9 is standard for any failure that could potentially injure the user. Failures not affecting user safety do not usually require l 10-9.

§  FEMCA Worksheet: Include your completed FEMCA Worksheet as Appendix B. In the body of the report, explain your choice of criticality levels and any assumptions that affected your analysis of several failure modes. Assumptions affecting just individual failure modes can be included in the comments in the table.

4.0  Summary

Tables 2.0.1, 2.0.2, 2.0.3 summarize the reliability of the stylus and show that it is a reliable device even when operating above expected temperatures. Many of the actual concerns with reliability are focused on the physical layout of parts, how simple it is to replace a part, can the part be easily physically broken, etc. The key factor that will determine the true reliability of the Magic Wand is how hard it is used. Dropping, tossing, and moisture cannot be underestimated in their determining how reliable the Magic Wand is. If this design is to go to market, some redesigns will need to be made. In the meantime, the Magic Wand is expected to demonstrate a high level of reliability and fulfill, if not surpass expectations.

Briefly summarize the contents of this report.

List of References

[1]  Reference1…

[2]  Reference2…

[3]  Reference3…

-4-

ECE 477 Digital Systems Senior Design Project Spring 2009

Appendix A: Schematic Functional Blocks

Divide schematic into subsystems and present each subsystem with a schematic that is easily readable on 8.5 x 11” paper.

Appendix B: FEMCA Worksheet

For each group of failures corresponding to one subsystem, make a separate table and label it with the name of the corresponding subsystem. Add more rows to this table as necessary to provide a complete analysis.

Failure No. / Failure Mode / Possible Causes / Failure Effects / Method of Detection / Criticality / Remarks
A1 / Muddy analog signals are sent to the micro / C14, C15, C18 have been destroyed / The simplest of characters are not recognized / Observation on LCD / Low / Easy replacement of parts
B1 / Microcontroller will not leave reset state / SW TACT has failed in closed state / Microcontroller fails to run program / Observation on LCD / Low / Easy replacement of part
B2 / Base station does not detect end of character / SW2 has failed in closed state / Buffer overflows on base station and an end of character signal is not received / Observation on LCD / Low / Easy replacement of part
B3 / Base station does not detect beginning of character / SW2 has failed in open state / Sampling of accelerometer is not done due to faulty pushbutton / Observation / Low / Easy replacement of part
C1 / Communication between the base and pen cannot be made. / Transceiver has failed / Permanent loss of communication between pen and base / Observation / Low / Easy replacement of part
Failure No. / Failure Mode / Possible Causes / Failure Effects / Method of Detection / Criticality / Remarks
D1 / Battery status does not change or update / Fuel Gauge has failed / Microcontroller no long receives interrupt and does not update battery status / Observation on LCD / Medium / Difficult to replace part
D1 / Battery status does not change or update / R_sense has been shorted / Fuel gauge no longer counts coulombs and does not trigger interrupt on micro / Observation / Low / Easy replacement of part
E1 / Pen does not power up / Short across C23, C25, C24 / Pen is not powered, traces may be burnt / Observation, bad smell. / High / Possible injury due to heat. Easy to replace parts so long as traces are still intact.
E2 / Pen does not power up / Breakdown of D4 / Pen is not able to power up / Observation / Low / Easy replacement of part
F1 / Communication between the base and pen cannot be made. / Transceiver has failed / Permanent loss of communication between pen and base / Observation / Low / Easy replacement of part
G1 / Microcontroller will not leave reset state / SW TACT has failed in closed state / Microcontroller fails to run program / Observation on LCD / Low / Easy replacement of part
Failure No. / Failure Mode / Possible Causes / Failure Effects / Method of Detection / Criticality / Remarks
H1 / Battery does not charge but base still runs off of battery but not wall power / Short across Co or C3 / Base station will run off battery but not wall / Observation / High / Short can cause high heat and possible harm. Place can be replaced if trace still intact
I1 / Battery status does not change or update / Fuel Gauge has failed / Microcontroller no long receives interrupt and does not update battery status / Observation on LCD / Medium / Difficult to replace part
I2 / Battery status does not change or update / R_sense has been shorted / Fuel gauge no longer counts coulombs and does not trigger interrupt on micro / Observation / Low / Easy replacement of part
J1 / LCD does not display anything / Short across C16, C30, or C29, C25 / LCD will not power up and possible burn up of traces / Observation / High / Possibility for harm to user but easy to replace parts
K1 / Nothing powers up. / Short across C27, C26 / Nothing will receive power and traces may burn / Observation / High / Possibility to harm user, but easy to replace parts
Failure No. / Failure Mode / Possible Causes / Failure Effects / Method of Detection / Criticality / Remarks
K2 / Nothing powers up / Short across C28 / Nothing will receive power and traces may burn / Observation / High / Possibility to harm user, but easy to replace parts

-7-