Homework 9: Reliability and Safety Analysis · ECE 477 Digital Systems Senior Design Project Spring 2005 λP = (C1 * πT + C2 * πE) * πQ * πL Failures/10 6 hours Table 2. Atmel

ECE 477 Digital Systems Senior Design Project Spring 2005

Homework 9: Reliability and Safety AnalysisDue: Thursday, March 31, at Classtime

Team Code Name: _Double Deuce Alarm System__________________ Group No. __2___

Team Member Completing This Homework: _Michael Tammen ____________________

Report Outline: Introduction (brief description of design project, with a focus on safety and reliability issues) Reliability analysis

o Choose 35 components in your design that you believe are most likely to fail (voltageregulators, power MOSFETs, etc. – basically anything operating above room temperature).

o Perform calculations to determine the number of failures per 106 hours and mean time to failure(MTTF) for each component, making any reasonable assumptions where necessary.

o Summarize conclusions about the reliability of these components and/or the circuit in general. FMECA (failure mode, effects, and criticality analysis) worksheet for entire schematic

o Failure Modes : Divide your schematic into functional blocks (e.g. power circuits, sensor blocks,microcontroller block). Determine all possible failure conditions of each functional block.Indicate the components that could possibly be responsible for such a failure (e.g., a shortedbypass capacitor might cause a voltage drop, but can not cause a voltage increase).

o Effects : For each failure mode above, determine the possible effects, if any, on any majorcomponents in other parts of the design (e.g., damage the microcontroller or fry a resistor) aswell as effects on the overall operation of the project (e.g, audio volume increases to maximum).Do not waste too much time on this! For some failure modes, it is acceptable to declare theeffects unpredictable. “Method of detection” of a particular failure mode should be observedfrom the operation of the device, unless there is particular circuitry intended to detect such afailure.

o Criticality : Begin by defining at least two criticality levels for types of failures in the output ofyour design. Define an acceptable failure rate λ for each level of failure. These are up to youand somewhat arbitrary, but keep in mind λ < 109 is standard for any failure that couldpotentially injure the user.

List of references (including MILHDBK217F)

NOTE: This is the third in a series of four “professional component” homework assignments,each of which is to be completed by one team member. The completed homework will countfor 10% of the team member’s individual grade. It should be a minimum of five printed pages.


Evaluation:Component/Criterion Score Multiplier Points

Introduction 0 1 2 3 4 5 6 7 8 9 10 X 1

Reliability Analysis 0 1 2 3 4 5 6 7 8 9 10 X 3

FMECA Worksheet 0 1 2 3 4 5 6 7 8 9 10 X 4

List of References 0 1 2 3 4 5 6 7 8 9 10 X 1

Technical Writing Style 0 1 2 3 4 5 6 7 8 9 10 X 1

TOTAL


Introduction

The “Double Deuce Alarm System” is a home security system with an interactive web

interface. Electronic home monitoring systems have been available in their most basic form

since the electronic revolution with electronic hobbyists creating simple buzzer circuits with a

switch to trigger the alarm. Home monitoring has evolved even further over the years with the

first patented smoke and heat detector alarm being patented on February 10, 1976 [1]. This

design will focus on two areas, expandability and integration with the web, both of which are

crucial when it comes to choosing a home security system. Safety and reliability of the design is

crucial to the success of a home security system. Reliability of the system is our biggest

concern. If the system is not reliable, meaning it could fail at any point, the safety of our

customers would be in jeopardy. By nature, failure of the system will not lead directly to any

injuries, but indirect injuries may result. The design’s, at its current state, reliability will be

examined in the following report. It will show that the design is quite reliable and should a

failure occur, it would never be critical and could easily be fixed.


Reliability Analysis

The reliability analysis was completed using the information provided by the Military

Handbook for Reliability Prediction of Electronic Equipment [2] and Designing for Reliability,

Maintainability, and Safety [3]. The failures per 106 hours and the Mean Time to Failure

(MTTF) calculations were completed using these data sources. The parameters referred to in the

rest of the documentation are the following:

λP part failure rate πL learning factorC1 die complexity λB base failure rateC2 a constant based on the number of pins πR resistance factorπT temperature coefficient πA application factorπE environmental constant πr power rating factorπQ quality factor πS voltage stress factor

The security system has four major areas for concern when examining the reliability of

the system. The failure of the entire system is something of grave concern so the Freescale

MC9S12NE64 [4] is a component of concern. Monitoring of the sensors is a key component to

the project. This means the Atmel MEGA88V10PI [5] is another component of concern as well

as the accompanying circuitry. Should an alarm be tripped and the horn actually not sound the

homeowner may be harmed. The circuit that controls the horn therefore is one of concern.

Therefore, this document will focus on the following components:

• Freescale MC9S12NE64

• Atmel MEGA88

• Sensor circuitry

• Horn circuitry

Freescale


The Freescale MC9S12NE64 [4] is the main onboard chip used in this design. It will be

used to control all major functions of the system, as well as running a web server. The failure

rate is defined as the following:

λP = (C1 * πT + C2 * πE) * πQ * πL Failures/106 hours

Table 1. Freescale MC9S12NE64 Parameters

Parameter Value JustificationC1 0.28 The Freescale MC9S12NE64 is a 16bit microprocessor

(MILHDBK217F, Section 5.1)πT 0.98 Digital CMOS Device

Operation should not exceed 85°C(MILHDBK217F, Section 5.8)

C2 0.0457

112pin SMT deviceC2 = 2.8 * 104 * (NP) 1.08

(MILHDBK217F, Section 5.9)πE 2.0 Assumed “Ground Fixed” environment

(MILHDBK217F, Section 5.10)πQ 10 Commercial component

(MILHDBK217F, Section 5.10)πL 1.5 Years in Production < 1 year

(MILHDBK217F, Section 5.10)

λP 5.487 per 106 hoursMTTF

182249 hours

Atmel

The Atmel MEGA88V10PI [5] is the other microprocessor that will be used in the

system. It is in control of monitoring the sensors and relaying that data back to the NE64 though

the I2C bus. The failure rate can be determined by the following formula:


λP = (C1 * πT + C2 * πE) * πQ * πL Failures/106 hours

Table 2. Atmel MEGA88V10PI Parameters

Parameter Value JustificationC1 0.14 Atmel MEGA88V10PI is an 8bit microprocessor

(MILHDBK217F, Section 5.1)πT 0.98 Digital CMOS Device

Operation should not exceed 85°C(MILHDBK217F, Section 5.8)

C2 0.0129

28pin DIP deviceC2 = 3.0 * 105 * (NP) 1.82

(MILHDBK217F, Section 5.9)πE 2.0 Assumed “Ground Fixed” environment

(MILHDBK217F, Section 5.10)πQ 10 Commercial component

(MILHDBK217F, Section 5.10)πL 1.2 Years in Production < 1.5 years

(MILHDBK217F, Section 5.10)λP 1.956 per 106 hoursMTTF

511247 hours

Horn Circuit

The next concern for reliability of the system is the circuit for the horn. The horn will

sound when an alarm has been tripped allowing the owner of the system to know when

something is going wrong in his/her home. The circuit reliability is in the hands of a TIP122

transistor [6] and a T77 relay [7]. Calculations will be done for both of the parts and then added

together to find the overall λP and MTTF for the circuit. The formula for the TIP122 is as

follows:

λP = λB * πT * πA * πr * πS * πQ * πE Failures/106 hours

Table 3. TIP122 Parameters


Parameter Value JustificationλB 0.0007

4Base failure rate for NPN and PNP devices(MILHDBK217F, Section 6.3)

πT 8.1 Junction Temperature of TIP122 is +150°C (MILHDBK217F, Section 6.3)

πA 0.7 Switching application(MILHDBK217F, Section 6.3)

πr 4.69 πr = (Pr).37

Pr used is therefore 65W (MILHDBK217F, Section 6.3)

πS 0.11 0 < Vs < .3(MILHDBK217F, Section 6.3)

πQ 8.0 Plastic(MILHDBK217F, Section 6.3)

πE 6.0 Assumed “Ground Fixed” environment(MILHDBK217F, Section 6.3)


9624506 hours

The other component is the T77 relay. The default model in the handbook was used. The

formula for failure is the following:

λP = λB * πP * πE Failures/106 hours

Table 4. T77 Relay Parameters

Parameter Value

Justification

λB 0.4 Assumed solid state device(MILHDBK217F, Section 6.3)


πP 4.0 Lower(MILHDBK217F, Section 6.3)



208333 hours

Optical Isolator

A 425ND 4 Channel Optical Isolator [8] is the Atmel’s relay to the sensors. It is in

charge of isolating the sensor inputs to protect from electromagnetic discharge. No optical

isolators were located in the handbook, so the part will be broken down into the photodiode and

the NPN transistor. Each chip contains 4 isolator circuits, which will also need to be accounted

for. The failure rate for the photodiode is as follows:

λP = λB * πT * πQ * πE Failures/106 hours

Table 5. Photodiode Parameters

Parameter Value JustificationλB 0.002

5Photodiode Output, Single Device(MILHDBK217F, Section 6.11)

πT 6.6 Temperature of junction not to exceed 100°C(MILHDBK217F, Section 6.11)

πQ 5.5 Lower(MILHDBK217F, Section 6.11)


λP .1815 per 106 hours


MTTF

5509641 hours

The calculations for the transistor can be found in Table 3. Accounting for 4 photodiodes and 4

transistors in a chip, that leaves us with the following:

Table 6. Optical Isolator Parameters


875964 hours

Conclusions

Table 6 provides a summary of the results. Looking over the results, all of the

components are safe to operate for extended periods of time. The Freescale and the relay are the

two most likely to fail with a MTTF of 1.82249E+05 and 2.08333E+05 respectively. The

microcontroller is low because it is 16bit device along with an assumed operating temperature

of 85°C. Should the microcontroller operate between 50°C and 60°C the MTTF would be

significantly increased. The relay was calculated using a basic equation from the handbook.

However, the relay is a common and easily replaceable component. With the low MTTF for the

relay it would make sense to have the microcontroller monitor the status of it and send an email

via the web server should it quit working. Considering the fact that failures would occur quite

infrequently, the MTTF values calculated were satisfactory.

Table 7. Preliminary Failure Rate Calculations

Component Description Ip/106 hours MTFF


U3 Freescale MC9S12NE64 5.487 1.82249E+05J14 Atmel MEGA88V10PI 1.956 5.11247E+05Q1 NPN Transistor (TIP122) 0.1039 9.62450E+06L1 Relay (T77) 4.8 2.08333E+05U27 Optical Isolator (425ND) 1.1416 8.75964E+05

FMECA

The attached schematics have been broken down into the four functional blocks there

were examined earlier. Table 8 shows the blocks

Table 8. FMECA functional blocks

Block Type Main component(s)A Microcontrolle

rFreescale MC9S12NE64

B Microcontroller

Atmel MEGA88V10PI

C Power circuit NPN Transistor & T77 RelayD Isolator Optical Isolator

Two levels of critically have been defined:

Criticality Failure effect Maximum probabilityHigh A critical failure should never

happen, potential for personalinjury

λ < 109

Low During noncritical failure thesystem has lost some or allfunctionality; Customerdissatisfaction results

λ < 105

The following High Criticality failures have been identified for this design:


• A3 – software malfunction

• B1 – Output continuous 0

• B3 – software malfunction

• D1 – optical isolator failure

The probibilty of the failures can be reduced by implementing a few things. To monitor

the software a “watchdog” can be implemented. The failure of the horn can be attributed to

failure in the relay or the transistor. The outputs and inputs of the optical isolator can be fed

back to the microcontroller and monitored at all times.


FMECA Worksheet – Group __2__

FailureNo.

Failure Mode Possible Causes Failure Effects Method ofDetection

Criticality Remarks

A1Output

continuous 0J34, U25, C36, C34,

softwareLoss of horn

soundingMonitored by

microcontrollerLow

Monitored through theweb server.

A2Output

continuous 1J34, U25, C36, C34,

softwareContinuous horn

soundObservation Low Monitored by the user

A3Software

MalfunctionU3

Disruption of theentire system

Observation High

B1Output

continuous 0 U27, U24, software

Loss of sensormonitoring

Monitored bymicrocontrollerand web server

High

B2Output

continuous 1U27, U24, software

Continuous hornsound

Observation Low


FMECA Worksheet – Group __2__

FailureNo.

Failure Mode Possible Causes Failure Effects Method ofDetection

Criticality Remarks

B3Software

MalfunctionJ14

Loss of sensormonitoring

Monitored bymicrocontrollerand web server

High

C1

Relay Failure L1Loss of horn

soundMonitored by

microcontrollerLow

C2

BJT Failure Q1Loss of horn

soundMonitored by

microcontrollerLow

D1

Isolator Failure U27, U24Loss of sensor

monitoringMonitored by

microcontrollerHigh


References

[1] History of Home Security Systems

http://inventors.about.com/library/inventors/blhomesecurity.htm

[2] U.S. Department of Defense, Reliability Prediction of Electronic Equipment, MILHDBK217F

http://shay.ecn.purdue.edu/~dsml/ece477/Homework/Fall2004/MilHdbk217F.pdf

[3] George Novacek, Designing for Reliability, Maintainability, and Safety, Circuit Cellar December 2000

http://shay.ecn.purdue.edu/~dsml/ece477/Notes/PDF/4Mod9_ref.pdf

[4] Motorola MC9S12NE64

http://www.freescale.com/files/microcontrollers/doc/data_sheet/MC9S12NE64V1.pdf

[5] Atmel MEGA88V10PI

http://www.atmel.com/dyn/resources/prod_documents/doc2545.pdf

[6] TIP122 Transistor


http://rocky.digikey.com/WebLib/Fairchild/Web%20Data/TIP120_121_122.pdf

[7] T77 Relay

http://rocky.digikey.com/WebLib/Potter%20Brumfield/Web%20Data/T77.pdf

[8] Optical Isolator

http://rocky.digikey.com/WebLib/Sharp/Web%20Data/PC3Q67Q.pdf

Documents

Homework 9: Reliability and Safety Analysis · ECE 477 Digital Systems Senior Design Project Spring 2005 λP = (C1 * πT + C2 * πE) * πQ * πL Failures/10 6 hours Table 2. Atmel