Transcript Reliability and Safety Analysis

Fly Spy – Group 12
Reliability and Safety Analysis
Heather Barrett
Definition of Criticality Levels
(In-flight operation)



High : Plane crashes (goes out in a blaze of
glory) or cannot be returned to manual
control (flies off into the “Wild Blue Yonder”)
Medium : Loss of autonomous control
functionality; Must return to manual control
Low : Some loss of non-critical functionality
(ex. Cannot take pictures)
Components Chosen for Analysis




Few components are complex or run hot
Microcontroller (PIC24FJ256GA110): Most
complex component
Mux (P13V512): Operation is essential;
controls switching between manual and
autonomous modes
Buck Converter (LTC1174) : Operation is
essential; everything (including micro and
mux) is powered on the +3.3 V rail
FMECA – Microcontroller
Failure
#
Failure Mode
Possible Causes
Failure Effects
Method of
Detection
Criticality
A1
No output
Software bug or
chip failure
Total loss of
control
Observation
High
A2
Some pins are
“stuck” at 0 or
1
Exceeded voltage
or current ratings
(fried pin),
software bug
Runs gamut
from failure to
communicate
with nonessential
peripherals to
total loss of
control
Observation
All Levels
Remarks
Control Mode Switching System
Control Mode Switching System
FMECA – Control Mode Switching
System
Failure
#
Failure Mode
Possible Causes
Failure Effects
Method of
Detection
Criticality
B1
No output
Mux failure, no
input from micro
Total loss of
control
Observation
High
B2
“Stuck” in
autonomous
mode
CTRL_SW stuck
high due to
comparator chip or
filter failure
Loss of manual
control
Observation
Medium or
high
B3
“Stuck” in
manual mode
CTRL_SW stuck
low due to filter
failure
Loss of
autonomous
capability
Observation
Medium
Remarks
Power Supply
FMECA – Power Supply
Failure
#
Failure Mode
Possible Causes
Failure Effects
Method of
Detection
Criticality
C1
No output (0
V)
Failure of LTC1174
(open)
Total loss of
control
Observation
High
C2
Unacceptable
ripple
Failure of bulk
capacitor
Erratic
behavior;
component
burnout
Observation
Medium or
High
C3
Output < 3.3V
Low battery
Erratic
behavior
followed by
total loss of
control
Observation
High
C4
Output > 3.3V
Failure of LTC1174
(short to battery
voltage)
IC Damage
Observation
High
Remarks
Additional Remarks


Due to software complexity, most of these
hardware failures appear trivial concerns
In retrospect, should have powered mux on
+5 V rail like the servos and motor; if +3.3V
source fails, mux fails (no signal to servos 
CRASH)