Transcript ppt
TCSP – Reliability and Safety Reliability Analysis • Major component chosen for analysis: • Switching Regulators (LM2679SD-5.0, LM2679SD3.3) • Hottest running components • Microcontroller (MCS12A64CFUE) • Most complex component • Quad 2 to 1 Multiplexer (SN74CBT3257) • Failure leads to crashing • Linear Amplifiers for thermopiles (AD8626) • Failure would cause unstable flight, possibly crashing FMECA Criticality Levels • High – Could cause personal injury • Medium – Inhibits ability to fly autonomously • Low – Inhibits ability to take photos or other inconveniences FMECA Block A - Microcontroller FMECA Block A - Microcontroller Failure No. Failure Mode Possible Causes Failure Effects Method of Detection Criticality Remarks A1 Microcontroller outputs no data Out of spec supply voltage, U1 failure, clock failure, PLL failure, software bug, bypass caps shorted No display on LCD, does not work in autonomous mode Observation MediumHigh This failure would be elevated to high criticality if a shorting component caused excess heat dissipation A2 Some pins are always 0 or 1 Over-voltage on pin could have burned up the driver, software bug Erratic system behavior, excessive heating of the microcontroller Observation MediumHigh This failure would be elevated to high criticality if a shorting component caused excess heat dissipation FMECA Block B - Regulators FMECA Block B - Regulators Failure No. Failure Mode Possible Causes Failure Effects Method of Detection Criticality Remarks B1 Vout,5 = 0V or Vout,3.3 = 0V Failure of U6 or U7, Shorted capacitor in Block B, no feedback, external short System shows no operation Observation High If a short is causing the lack of output, excessive heat is being generated which could injury the user B2 Vout,5 > 5V or Vout,3.3 > 3.3V Failure of U6 or U7 Could damage any of the ICs on the board, system probably nonfunctional Observation High Possibility of injurious heat dissipation B3 Vout,5 or Vout,3.3 not regulated enough Failure of a capacitor in Block B that becomes and open circuit Erratic microcontroller failure, perhaps repeated resetting Observation Medium Unlikely to cause harm, but results in non-flyable plane B4 Vsense > 5V R20 fails and causes a short Microcontroller reports unreasonable battery voltage Observation Low Medium Probably just a nuisance which would fry a port pin, but could also cause the entire microcontroller to fail. FMECA Block C – Radio and Servos FMECA Block C – Radio and Servos Failure No. Failure Mode Possible Causes Failure Effects Method of Detection Criticality Remarks C1 Autopilot / Manual multiplexer signal incorrect U18 failure, or failure of any of the resistors or capacitors directly before it Plane does not properly switch between manual and autopilot Observation High If this failure arose during a flight, the plane could crash, possibly injuring a person C2 Inputs do not propagate through multiplexer U13 or R40 failure Servo motors do not respond to manual input or autopilot Observation High This would cause the plane to crash, possibly injuring someone C3 Multiplexer always output either manual or autopilot values S pin of U13 shorted to Vcc or ground Cannot switch operating modes Observation High Could cause injury if the drive motor powered up unexpectedly on the ground FMECA Block D – Thermopile Amplifiers FMECA Block D – Thermopile Amplifiers Failure No. Failure Mode Possible Causes Failure Effects Method of Detection Criticality Remarks D1 Vref = 0V U14 failure, could also have its input or output shorted to ground Thermopiles do not sense sky properly, unstable flight Observation High Could cause injury if crash induced D2 Vref > 2.5V U14 failure Thermopiles do not sense ground as well, jittery flight Observation High Medium Could lead to crashing D3 Amplifier output is very small Failure of U9 or U10, Failure of any of the resistors in Block D such that they become shorts Plane cannot stabilize Observation High Would lead to crashing in autopilot mode, and possibly injure the operator D4 Thermopile values read in are erratic Connection to thermopiles could be faulty Jittery flight Observation Medium Could lead to crashing FMECA Block E – GPS and MicroSD FMECA Block E – GPS and MicroSD Failure No. Failure Mode Possible Causes Failure Effects Method of Detection Criticality Remarks E1 Unable to communicate with MicroSD card Failure of U2, U3, or U4; Any resistor in the SD circuit becomes open; SD card corrupt; software System unable to read MicroSD card, displays error message Observation and BIST Medium No risk of injury, but the plane cannot operate autonomously E2 Unable to communicate with GPS receiver Failure of U15, U16, or U17; resistor in GPS circuit becoming open; faulty cable; software bug System unable to get a GPS lock, waits indefinitely and will not allow autonomous flight Observation and BIST Medium No risk of injury, but the plane cannot operate autonomously FMECA Block F – Camera and LCD FMECA Block F – Camera and LCD Failure No. Failure Mode Possible Causes Failure Effects Method of Detection Criticality Remarks F1 LCD_TX signal always idle Failure of U12, short or open circuit of any of the capacitors or resistors connected to U12 LCD is always blank Observation Low This is a nuisance, but the plane will operate properly F2 Camera shutter trigger always open Failure of U11, software malfunction Camera never takes photos Observation Low The plane will fly, but no photos will be taken Questions?