Reliability and Safety Analysis
Download
Report
Transcript Reliability and Safety Analysis
The “Drink Mixer”
Reliability and
Safety
Analysis
Criticality Levels
•
•
•
HIGH
•
Failure that causes system instability
•
Possible damage to user and/or system
MEDIUM
•
Failure that affects audio processing
•
Affects operability of system
LOW
•
LCD malfunction, inconvenience to user
•
No damage to device
Component Analysis
Failure Rates in the worst case scenario
•
ADSP-21262 Microcontroller
•
•
ARM9 Microcontroller
•
•
MTTF = 26.68 years
ATMega32A Microcontroller
•
•
MTTF = 5.73 years
MTTF = 44.94 years
5V Linear Voltage Regulator
•
MTTF = 70.29 years
Hammer ARM9
DSP
LED Driver
ATMega32A
Power Supply
FMECA
Table 1 – Hammer ARM9
Failure
No.
1A
1B
1C
1D
1E
Failure Mode
Possible Causes
Micro remains in
reset mode
Reset switch is broken
and stays in “pressed”
state
ATMELS and
Hammer cannot
communicate
because Hammer
cannot understand
5V logic
Contrast is set
either all the way
up or all the way
down
LCD does not
receive data
I2C level shifter fried
Failure Effects
Microcontroller
fails to run
program, also
cannot reprogram
memory
User interface
seems to be
working, but audio
is not
Erroneous/Sporadic ARM9 is fried
data sent to the DSP
Criticality
Remarks
Medium
Medium criticality
because it disables the
functionality of the system
Observation with
DMM and Logic
Analyzer
Medium
Medium criticality
because it disables the
functionality of the system
Observation with
DMM
Low
Low criticality because it
is simply a nuisance to the
user
LCD will not
Observation with
change the display, Oscilloscope
but the touch screen
works
Low
Low criticality because it
is simply a nuisance to the
user
Audio levels are
sporadic. Possibly
very high output
levels.
High
High criticality because if
levels are too high, they
can be harmful when
amplified
Contrast voltage divider Cannot adjust the
resistor is shorted
contrast on LCD
ZIF connector has bent
pins or Hammer has
burned out pins
Method of
Detection
Observation with
DMM
Observation with
Logic Analyzer
FMECA
Table 2 – DSP
Failure
Failure Mode
No.
2A
Micro remains in
reset mode
2B
Possible Causes
Failure Effects
Reset switch is broken Microcontroller
and stays in “pressed” fails to run
state
program, also
cannot reprogram
memory
Memory space is too SRAM chip burned
Audio Processing
small
out
is greatly lagging
Method of
Criticality
Detection
Observation with Medium
DMM
Remarks
Medium criticality
because it disables the
functionality of the
system
Observation with Medium
DMM and Logic
Analyzer
Medium criticality
because it disables the
essential functionality of
the system
2C
-If only one side: No
power sent to
individual LEDs
- If both sides: SPI
signal not present or
sampled incorrectly
-If only one side: LED Output amplitude
driver is burned out
LEDs are not
- If both sides: SPI is lighting
not working on DSP
Observation with Low
DMM and Logic
Analyzer
Low criticality because
it is simply a nuisance to
the user (Although it is
one of our current
PSSCs, so it is critical)
2D
Erroneous/Sporadic
output levels
SHARC is fried
Observation with High
Logic Analyzer
High criticality because
if levels are too high,
they can be harmful
when amplified
Audio levels are
sporadic. Possibly
very high output
levels.
FMECA
Failure
No.
3A
Failure Mode
Reset jumpers are
shorted, thus created
an effective “button
pressed” state
Criticality
Remarks
Microcontroller
fails to run
program, also
cannot reprogram
memory
Micro not
ATMEL is fried or I2C Nothing works on
communicating with not configured
one individual
ARM9
properly for that
channel
channel
Observation with Medium
DMM
Medium criticality
because it disables the
functionality of the
system
Observation with Medium
Logic Analyzer
Medium criticality
because it disables the
functionality of the
channel
3C
Erroneous/Sporadic
information about
audio levels is sent
to ARM9
ATMEL is fried
Audio levels are
sporadic. Possibly
very high output
levels.
Observation with High
Logic Analyzer
High criticality because
if levels are too high,
they can be harmful
when amplified
3D
PWM is only
working on one
channel
PWM is disabled or
fried
Fader will only
move
automatically in
one direction
Observation with Low
Oscilloscope
Low criticality because
it is simply a nuisance to
the user.
3B
Micro remains in
reset mode
Possible Causes
Table 3 – ATMega32A
Failure Effects
Method of
Detection
FMECA
Table 5 – Power Supply
Failure
Failure Mode
No.
5A
Excessive current
draw, fuses
continuously
blown
5B
Excessive current
draw on regulator
5C
Possible Causes
Power rails shorted
together
Regulator is blown
Rectifier circuit is Rectifier diodes or
degraded and goes Capacitors are blown
below dropout for
regulator, causing
a noisy voltage
supply
Failure Effects
Method of
Criticality
Detection
Observation
High
with DMM and
continuity check
Short causes a
blown fuse, burnt
out components,
or even a fire
Devices on a
Observation
particular power
with DMM
rail will not power
on
Preamp is noisy
Observation
with DMM
Medium
Remarks
High criticality because
if power traces are
shorted, they can cause
a fire
Medium criticality
because it disables the
functionality of the unit
Medium/Low Medium/Low criticality
because it is a nuisance
to the user, but also
degrades the quality of
the audio signal.