tcsp – reliability and safety. reliability analysis major component chosen for analysis:major...
TRANSCRIPT
TCSP – Reliability and Safety
Reliability AnalysisReliability Analysis• Major component chosen for analysis:Major component chosen for analysis:
• Switching Regulators (LM2679SD-5.0, LM2679SD-Switching Regulators (LM2679SD-5.0, LM2679SD-3.3)3.3)
• Hottest running componentsHottest running components
• Microcontroller (MCS12A64CFUE)Microcontroller (MCS12A64CFUE)• Most complex componentMost complex component
• Quad 2 to 1 Multiplexer (SN74CBT3257)Quad 2 to 1 Multiplexer (SN74CBT3257)• Failure leads to crashingFailure leads to crashing
• Linear Amplifiers for thermopiles (AD8626)Linear Amplifiers for thermopiles (AD8626)• Failure would cause unstable flight, possibly crashingFailure would cause unstable flight, possibly crashing
FMECA FMECA Criticality LevelsCriticality Levels
• High – Could cause personal injuryHigh – Could cause personal injury
• Medium – Inhibits ability to fly Medium – Inhibits ability to fly autonomouslyautonomously
• Low – Inhibits ability to take photos or Low – Inhibits ability to take photos or other inconveniencesother inconveniences
FMECA FMECA Block A - Block A - MicrocontrollerMicrocontroller
FMECA FMECA Block A - Block A - MicrocontrollerMicrocontroller
Failure No.
Failure Mode Possible Causes Failure Effects Method of Detection
Criticality Remarks
A1 Microcontroller outputs no data
Out of spec supply voltage, U1 failure, clock failure, PLL failure, software bug, bypass caps shorted
No display on LCD, does not work in autonomous mode
Observation Medium-High
This failure would be elevated to high criticality if a shorting component caused excess heat dissipation
A2 Some pins are always 0 or 1
Over-voltage on pin could have burned up the driver, software bug
Erratic system behavior, excessive heating of the microcontroller
Observation Medium-High
This failure would be elevated to high criticality if a shorting component caused excess heat dissipation
FMECA FMECA Block B - RegulatorsBlock B - Regulators
FMECA FMECA Block B - RegulatorsBlock B - Regulators
Failure No.
Failure Mode Possible Causes Failure Effects Method of Detection
Criticality Remarks
B1 Vout,5 = 0V or
Vout,3.3 = 0V
Failure of U6 or U7, Shorted capacitor in Block B, no feedback, external short
System shows no operation
Observation High If a short is causing the lack of output, excessive heat is being generated which could injury the user
B2 Vout,5 > 5V or
Vout,3.3 > 3.3V
Failure of U6 or U7 Could damage any of the ICs on the board, system probably non-functional
Observation High Possibility of injurious heat dissipation
B3 Vout,5 or Vout,3.3
not regulated enough
Failure of a capacitor in Block B that becomes and open circuit
Erratic microcontroller failure, perhaps repeated resetting
Observation Medium Unlikely to cause harm, but results in non-flyable plane
B4 Vsense > 5V R20 fails and causes a short
Microcontroller reports unreasonable battery voltage
Observation Low - Medium
Probably just a nuisance which would fry a port pin, but could also cause the entire microcontroller to fail.
FMECA FMECA Block C – Radio and Block C – Radio and ServosServos
FMECA FMECA Block C – Radio and Block C – Radio and ServosServos
Failure No.
Failure Mode Possible Causes Failure Effects Method of Detection
Criticality Remarks
C1 Autopilot / Manual multiplexer signal incorrect
U18 failure, or failure of any of the resistors or capacitors directly before it
Plane does not properly switch between manual and autopilot
Observation High If this failure arose during a flight, the plane could crash, possibly injuring a person
C2 Inputs do not propagate through multiplexer
U13 or R40 failure Servo motors do not respond to manual input or autopilot
Observation High This would cause the plane to crash, possibly injuring someone
C3 Multiplexer always output either manual or autopilot values
S pin of U13 shorted to Vcc or ground
Cannot switch operating modes
Observation High Could cause injury if the drive motor powered up unexpectedly on the ground
FMECAFMECA Block DBlock D – Thermopile – Thermopile AmplifiersAmplifiers
FMECAFMECA Block DBlock D – Thermopile – Thermopile AmplifiersAmplifiers
Failure No.
Failure Mode Possible Causes Failure Effects Method of Detection
Criticality Remarks
D1 Vref = 0V U14 failure, could also have its input or output shorted to ground
Thermopiles do not sense sky properly, unstable flight
Observation High Could cause injury if crash induced
D2 Vref > 2.5V U14 failure Thermopiles do not sense ground as well, jittery flight
Observation High - Medium
Could lead to crashing
D3 Amplifier output is very small
Failure of U9 or U10, Failure of any of the resistors in Block D such that they become shorts
Plane cannot stabilize
Observation High Would lead to crashing in autopilot mode, and possibly injure the operator
D4 Thermopile values read in are erratic
Connection to thermopiles could be faulty
Jittery flight Observation Medium Could lead to crashing
FMECA FMECA Block E – GPS and Block E – GPS and MicroSDMicroSD
FMECA FMECA Block E – GPS and Block E – GPS and MicroSDMicroSD
Failure No.
Failure Mode Possible Causes Failure Effects Method of Detection
Criticality Remarks
E1 Unable to communicate with MicroSD card
Failure of U2, U3, or U4; Any resistor in the SD circuit becomes open; SD card corrupt; software
System unable to read MicroSD card, displays error message
Observation and BIST
Medium No risk of injury, but the plane cannot operate autonomously
E2 Unable to communicate with GPS receiver
Failure of U15, U16, or U17; resistor in GPS circuit becoming open; faulty cable; software bug
System unable to get a GPS lock, waits indefinitely and will not allow autonomous flight
Observation and BIST
Medium No risk of injury, but the plane cannot operate autonomously
FMECA FMECA Block F – Camera and Block F – Camera and LCDLCD
FMECA FMECA Block F – Camera and Block F – Camera and LCDLCD
Failure No.
Failure Mode Possible Causes Failure Effects Method of Detection
Criticality Remarks
F1 LCD_TX signal always idle
Failure of U12, short or open circuit of any of the capacitors or resistors connected to U12
LCD is always blank
Observation Low This is a nuisance, but the plane will operate properly
F2 Camera shutter trigger always open
Failure of U11, software malfunction
Camera never takes photos
Observation Low The plane will fly, but no photos will be taken
Questions?