Embed Size (px)
Citation preview
ECE 477 Digital Systems Senior Design Project Rev 04/12
Homework 11: Reliability and Safety Analysis
Team Code Name: AWESILLOSCOPE Group No. 2
Team Member Completing This Homework: Jintao Zhang
E-mail Address of Team Member: zhang451@ purdue.edu
Evaluation:
SCORE DESCRIPTION
10 Excellent – among the best papers submitted for this assignment. Very few corrections needed for version submitted in Final Report.
9 Very good – all requirements aptly met. Minor additions/corrections needed for version submitted in Final Report.
8 Good – all requirements considered and addressed. Several noteworthy additions/corrections needed for version submitted in Final Report.
7 Average – all requirements basically met, but some revisions in content should be made for the version submitted in the Final Report.
6 Marginal – all requirements met at a nominal level. Significant revisions in content should be made for the version submitted in the Final Report.
* Below the passing threshold – major revisions required to meet report requirements at a nominal level. Revise and resubmit.
* Resubmissions are due within one week of the date of return, and will be awarded a score of “6” provided all report requirements have been met at a nominal level.
Comments:
ECE 477 Digital Systems Senior Design Project Rev 04/12
1.0 Introduction
AWESILLOSCOPE is a digital oscilloscope with playback function that provides all
general feature of a typical oscilloscope, such as sampling analog input, signal processing,
auto-scale, cursor, reconstruction and visualization of signals. Additional features include
recording and replicating signals as a function generator, import/export waveform data to
USB storage device.
The project has been designed to be a lab-use instrument, so the environment can be
considered as Ground Benign (GB), with ambient temperature of 35oC. As a low-voltage
electrical product, our project does not have safety issue that will directly hurt user. On the
other hand however, there are plenty of safety concerns that may damage the product
components and sabotage the project.
2.0 Reliability Analysis
The components that are likely to fail in our project can be distinct into 2 types, high
complexity components and voltage-control components. The MCU and FPGA consist of the
complexity type while linear regulators, Zener diodes and analog multiplexers are the voltage
control components. The table below specifically analyze the STM32 microprocessor [2],
Xilinx Spartan -3E FPGA [3], Linear regulator (part number UA78M33CKCS) [4],
Instrumentation amplifier [5], and Analog multiplexer [6].
Component: STM32F407VGT6. Model formula used: ℷp = (C1πT + C2 πE)* πQ πL
Parameter Value Remarks C1 0.56 Die Complexity failure rate for 32 Bit Microcontroller
πT 0.35Temperature Factor for TA = 35 oC Tj = 54.995 oC, θja = 43
Digital MOS, VHSIC CMOS, Still airC2 0.0425 Package failure rate for 100 Pin LPFQ packageπE 0.5 Environment Factor for Ground Benign*
πQ 10Quality factor assumed due to commercial product with
unknown screening level.
πL 1.8Learning Factor for Years in Production=0.5 (Assumption
Made due to Data Sheet Revision made in 2011) [2]
λp 3.9105 Failures / 10^6 hoursMTTF 255721.77 hours to fail, approximately 29.19 years
-1-
ECE 477 Digital Systems Senior Design Project Rev 04/12
Component: Xilinx Spartan – 3E. Model formula used: ℷp = (C1πT + C2 πE)* πQ πL
Parameter Value RemarksC1 1 Die Complexity failure rate for 500,000 gates FPGA
πT 0.19Temperature Factor for TA = 35 oC Tj = 38.61 oC, θja = 36.1
Digital MOS, VHSIC CMOS, Still airC2 0.098 Package failure rate for 192 Pin DIP package, non-hermaticπE 0.5 Environment Factor for Ground Benign*
πQ 10Quality factor assumed due to commercial product with
unknown screening level.
πL 1Learning Factor for Years in Production >= 2 (Assumption
Made due to Data Sheet Revision made in 2004) [3]
Λp 2.39 Failures / 10^6 hoursMTTF 418410.0418 hours to fail, approximately 47.763 years
Component: UA78M33C Linear Regulator [4]. Model formula used: ℷp=ℷbπTπSπCπEπQ
Parameter Value Remarksπt 14 Temperature Factor at Tj = 125 oC (highest possible)
πs 1
Electrical Stress Factor. Previous test suggest that applied voltage will always slightly greater than rated voltage.
So choose Vs = 1.0 πc 2 Contact construction factor, TOC-220πE 1 Environment Factor for Ground Benign*
πQ 8Quality factor assumed due to commercial product with
plasticλb 0.002 Base Failure rate for voltage regulatorλp 0.448 Failures / 10^6 hours
MTTF 2232142.857 hours to fail, approximately 254 years
Component: INA118 Instrumentation amplifier.
There is no assigned model for this component. Based on its internal diagram [4], there are
2 portions need analysis: precision amplify and overload-protection. Overload protection is a
lot smaller than the precision amplify, so only precision amplify is analyzed.
-2-
ECE 477 Digital Systems Senior Design Project Rev 04/12
Model formula used for precision amplify: ℷp = ℷb πTπAπRπSπQπE
Parameter Value Remarksλb 0.00074 Base Failure rate for amplifier
πT 1.3
Temperature Factor at TA = 35 Tj = 35.48 oC (worst case) ,
θja = 80πA 1.5 Application factor, Assume MOSFETπR 0.43 Power factor, P less than 0.1πS 1 Worst stress factor is V_apply = V_rated
πQ 8Quality factor assumed due to commercial product with
plasticπE 1 Environment Factor assume Ground Benign*λp 0.00496392 Failures / 10^6 hours / op-ampMTTF 201453689.8 hours to fail, approximately 22997 years
Since there are 3 op-amps in the structure
ℷp = 3* ℷp-op-amp = 0.014891, MTTF ~ 7665 years
Component: MAX14752 Analog multiplexer, 2 formulas used:
Digital portion: ℷp = (C1πT + C2 πE)* πQ πL
Parameter Value RemarksC1 0.01 Die Complexity failure rate for 16 gates
πT 1.3Temperature Factor at Tj = 115 oC (worst case power
dissapation assumed), θja = 90C2 0.0056 Package failure rate for 16 Pin TSSOP packageπE 0.5 Environment Factor for Ground Benign*
πQ 10Quality factor assumed due to commercial product
with unknown screening level.
πL 1
Learning Factor for Years in Production >= 2 (Assumption Made due to Data Sheet Revision made
in 2010)λp 0.158 Failures / 10^6 hours
MTTF 6329113.924 hours to fail, approximately 722 years
Switch portion: ℷp = ℷb πTπSπCπEπQ
Parameter Value Remarks
-3-
ECE 477 Digital Systems Senior Design Project Rev 04/12
λb 0.012 Base Failure rate for switchπT 4.5 Temperature Factor at Tj = 115 oC (highest possible)
πS 1Electrical Stress Factor. Applied voltage is the output
votage. So Vs = 1 πC 1 Contact construction factor, TSSOP-16πE 1 Environment Factor for Ground Benign*
πQ 8Quality factor assumed due to commercial product
with plasticΛp 0.432 Failures / 10^6 hours /switchMTTF 2314814.815 hours to fail, approximately 264 years
Overall: λp = λp-digital + 8 * λp-analog = 3.614
Overall MTTF: ~31 years
* Since our instrument will mainly be an in lab equipment, Ground Benign (GB) environment
was selected for all the components, with Tambience = 35 oC
Overall, the reliability for most of the parts is acceptable and shall not perform erratically
during lab environment. Three most critical parts are MCU, FPGA and Analog MUX,
respectively. Since 2 of the critical components are related with the input sampling process
(Analog MUX and MCU), the input procedure is having a great deal of challenge. There was
an improvement made at the beginning of the project is to implement a Zener Diode into the
input circuitry and use INA118 instrumentation amplifier as protection circuit. These two
components have a relatively low failure rate, thus they can provide effective protection to
the circuitry and turn the High critical failure (damage components/ circuit) into Low critical
failure (inaccuracy or bias in measurement).The other highly critical portion is the I2C
transmission. Both terminal (MCU and FPGA) are critical components and I2C itself does
not have an error correction mechanism. The way to reduce the problem is to increase the
transmission frequency (100 Hz) and make it higher than the refresh rate of the VGA output
(60 Hz); additionally, decrease the I2C data speed will increase the reliability of this BUS.
Other than the refinement above, further improvement is not necessary.
3.0 Failure Mode, Effects, and Criticality Analysis (FMECA)
AWESILLOSCOPE can be split into 4 portions: Power circuit, Microprocessor unit
(include user interface), FPGA display unit, and input circuitry. As for in-lab equipment,
-4-
ECE 477 Digital Systems Senior Design Project Rev 04/12
AWESILLOSCOPE is not likely to cause any harm to user with its low voltage and small
current. However, there are still highly critical conditions which can permanently damage the
voltage sensitive components. As a result, it is determined that the high critical condition
have a failure rate of no more than 1 in 109 hours since the damage would be costly and
should be prevented with all effort. The low criticality is defined as all other possible errors
such as wrong input value, fail to output signals, etc. It is preferably this kind of condition
will appear no more than 1 in 106 hours. Although none of the failures can possibly cause
harm to user within the containing box, AWESILLOSCOPE should keep the failure rate less
than 1 in 106 hours to perform well for a decent period of time.
Power supply, among all these portions, can cause the highest criticality by overload any
subsystem if the power management is not working properly. Obviously most of the high-
criticality conditions belong to Power circuit (See appendix B, case B-Power supply).
Although power circuit is handling most of the power consumption, the most critical portion
is the input circuitry. Not only because it has 2 high-failure rate components, but also
because input circuit is a crucial parts for a correct data-processing sequence. Additionally,
there is also potentially large voltage coming in through input circuit, so it will be a good
idea to pay extreme effort on it.
4.0 Summary
Consider all the factors and component, AWESILLOSCOPE is relatively reliable
equipment. During its life time (most likely the MCU’s lifetime), it should not have much risk in
fulfilling its duty. However, since the MCU is the only component that will hold all the parts
together, it also becomes the only concern in all the system. If MCU or a subsystem (ADC, I2C)
happen to fail during use, it is almost impossible for the product to have any further use.
Nonetheless, since the only thing this concern will bring is reliability and not safety issue,
AWESILLOSCOPE can be concluding as a safe product.
-5-
ECE 477 Digital Systems Senior Design Project Rev 04/12
List of References
[1] Military Handbook Reliability Prediction of Electronic Equipment (MIL-HDBK-217F), Revised Dec. 2nd, 1990, retrieved from: https://engineering.purdue.edu/ece477/Homework/CommonRefs/Mil-Hdbk-217F.pdf, accessed on Apr. 2nd, 2012
[2] STM32F4xx datasheet, Rev 2, Revised Jan. 2012, retrieved from: https://engineering.purdue.edu/477grp2/documents/Partlist/Digital/ARM/STM32F407VG.pdf, accessed on Apr. 2nd, 2012
[3] Xilinx DS312 Spartan-3E FPGA Family Data Sheet, DS312 (v3.8), Revised August 26, 2009, retrieved from: www.xilinx.com/support/documentation/data_sheets/ds312.pdf, accessed on Apr. 2nd, 2012
[4] Positive-Voltage Regulator, SLVS059Q –June 1976–Revised Apr. 2010, retrieved from http://www.ti.com/lit/ds/symlink/ua78m05.pdf, accessed on Apr. 2nd, 2012
[5] Precision, Low Power Instrumentation Amplifier, INA118, Revised 2009, retrieved from https://engineering.purdue.edu/477grp2/documents/Partlist/Analog/20120213_Mark_recommended/ina118.pdf, accessed on Apr. 2nd, 2012
[6] 8-Channel/Dual 4-Channel 72V Analog Multiplexers, 19-4255; Rev 3; Revised Jul., 2010, https://engineering.purdue.edu/477grp2/documents/Partlist/Analog/MAX14752-MAX14753.pdf, accessed on Apr. 2nd, 2012
-6-
ECE 477 Digital Systems Senior Design Project Spring 2009Appendix A: Schematic Functional Blocks
Fig1. Functional Block Diagram
-7-
ECE 477 Digital Systems Senior Design Project Spring 2012
Fig 2. Input circuitry portion-8-
ECE 477 Digital Systems Senior Design Project Spring 2012
Fig 3. Power Circuitry
-9-
ECE 477 Digital Systems Senior Design Project Spring 2012
Fig 4. MCU circuit-10-
ECE 477 Digital Systems Senior Design Project Spring 2012
Fig 5. FPGA circuit-11-
ECE 477 Digital Systems Senior Design Project Spring 2012Appendix B: FEMCA Worksheet
A- Input circuitryB- Power systemC- FPGA/ VGA displayD- STM32 MicroprocessorE- I2C transmissionFailure No. Failure Mode Possible Causes Failure Effects Detection Method Criticality
A1(MUX, INA, ADC)
Input mode error Wrong selection, MUX failure
Overload INA, ATD or resistor Output Error. Data error. Possible damage on ADC
High
A1_1(MUX)
Input mode error, but INA118 works fine
Multiplexer failure Overload INA Output Error. Data error Low
A1_2(INA)
Input mode error, there is attenuated voltage
Instrumentation amplifier fail to protect
Overload Zener diode or ADC channel
Output Error. Damage on ADC channel
High
A2(STM32, INA, MUX)
Input not received / not correct
ADC channel/ INA118 No detectable output Output Error. Low
A2_1(INA)
Instrumentation amplifier fails to amplify the voltage at expected level. INA118 failure
No sampling process can achieve valid data
debugging by view ADC channels' output Low
A2_2(STM32, ADC channel)
ADC cannot perform correct sampling even voltage is valid
ADC initialization error, or contact failure
No valid data sampled/ wrong data sampled
Use testing voltage on the input end to test the sampling Low
A2_3(MUX)
Multiplexer was cut-off or not on the input channel
MCU send the wrong channel message to MUX, or multiplexer failure No data can be sampled
Observation when perform a sampling Low
A2_4(Zener) Input voltage rectified
Zener diode fail to break-down or break-down too soon
ADC channel damaged or receive wrong data
Observation, measure voltage with DMM High
Failure No. Failure Mode Possible Causes Failure Effects Detection Method Criticality
-12-
ECE 477 Digital Systems Senior Design Project Spring 2012B1(ATX Power, Regulator)
Power overloaded Regulator failure, overheat Component damage Extreme hot parts, Check node voltage with DMM
High
B1_1(ATX Power)
ATX output voltage unstable, higher than rated voltage
ATX power internal instability
Overheat the regulator and increase the power consumption on it.
check node voltage with DMM Low
B1_2(Regulator)
Regulator fail to perform proper regulated voltage
Input voltage out of range, or regulator failure
damage the component managed by this regulator
Check regulator output voltage through DMM High
B1_3(interconnect) Regulator Overheat
Poor management between ATX power and regulator, which cause regulator consume too much power Damage the Linear Regulator
Extreme heat generate from regulator. The parts managed by the regulator are not working properly High
B2(Regulator, INA118)
regulator cannot provide required voltage for op-amps
Regulator failure, connection fail INA118 not functioning properly
Check input voltage on INA118 Low
B3(ATX, MUX)
Power supply cannot provide high-enough voltage for multiplexer
ATX power internal instability
the voltage comes out from the regulator are rectified with respect to supply voltage
Check the output voltage of ATX power while testing with extreme case Low
B4(ATX, FPGA) Power loss on FPGA
ATX power internal instability, connection error
FPGA internal RAM lost data, need re-program to proceed
VGA output sudden black-out Low
B5(ATX, circuit)
Wrong voltage on power or ground trace
ATX power fails to provide proper voltage. Connection failure. Short-circuit in PCB
Damage of components, or no power goes through components
Check trace voltage with DMM High
C1(FPGA, VGA Display)
No output to screen Wrong FPGA code, /VGA mode
No display Observe Low
C1_1(FPGA)
No output, but FPGA powered
FPGA code error, VGA display setting error (wrong resolution) No display Observe Low
Failure No. Failure Mode Possible Causes Failure Effects Detection Method Criticality
-13-
ECE 477 Digital Systems Senior Design Project Spring 2012C1_2(FPGA)
No output, but FPGA powered
FPGA mode error (in program mode). Not reset. No display Observe Low
C2(FPGA)
Screen has output, however not as expected
Wrong FPGA code, or the output fail to refresh
Display not as expected, or no reasonable display Observe Low
C3(FPGA)
Screen has output, such as static menu, but dynamic data not displayed
FPGA code error. Not receiving data. Cannot process data into correct points
Data display error, wrong data shows on the screen Observe Low
D1(STM32, Input circuit)
Wrong data sampled Code bug (or see table A) Wrong samples Compare input and sample
Low
D2_1(STM32)
Wrong value calculation FFT algorithm error Display error values for user Observe Low
D2_2(STM32)
Wrong value calculation Data storage error. Correct calculation performed on wrong data
Display error values for user Observe Low
D3(STM32, pushbutton)
RPG/ Pushbutton not detected
Pushbutton/RPG pull up circuit failure, input sample failure
No response to user control observe Low
D4(STM32)
MCU not responde to all interfaces
JTAG connection error. Jumpers on MCU are not connecting well. Large critical calculation performed.
MCU no response Check MCU output pin voltage, especially debugging pins.
Low
D5(USB)
MCU cannot read/ write to USB device
USB interface setup error. USB device not acknowledged
No interface between MCU and USB USB has no data after writing process
Low
E1(STM, FPGA)
I2C transmission error, EM interference
Wrong data transmitted Wrong display data received Debug via certain packet
High*
*it is determined that the transmission error as a high criticality, since transmission error can hardly be detected after overall packaging
-14-
