The Drink Mixer Reliability and Safety Analysis Criticality

The “Drink Mixer” Reliability and Safety Analysis

Criticality Levels • • • HIGH • Failure that causes system instability • Possible damage to user and/or system MEDIUM • Failure that affects audio processing • Affects operability of system LOW • LCD malfunction, inconvenience to user • No damage to device

Component Analysis Failure Rates in the worst case scenario • ADSP-21262 Microcontroller • • ARM 9 Microcontroller • • MTTF = 26. 68 years ATMega 32 A Microcontroller • • MTTF = 5. 73 years MTTF = 44. 94 years 5 V Linear Voltage Regulator • MTTF = 70. 29 years

Hammer ARM 9

DSP LED Driver

ATMega 32 A

Power Supply

FMECA Table 1 – Hammer ARM 9 Failure No. 1 A 1 B Failure Mode Micro remains in reset mode Possible Causes Reset switch is broken and stays in “pressed” state Failure Effects Method of Detection Microcontroller Observation with fails to run program, DMM also cannot reprogram memory Criticality Remarks Medium criticality because it disables the functionality of the system ATMELS and I 2 C level shifter fried Hammer cannot communicate because Hammer cannot understand 5 V logic Contrast is set either Contrast voltage divider all the way up or all resistor is shorted the way down User interface seems to be working, but audio is not Observation with DMM and Logic Analyzer Medium criticality because it disables the functionality of the system Cannot adjust the contrast on LCD Observation with DMM Low criticality because it is simply a nuisance to the user 1 D LCD does not receive data LCD will not Observation with change the display, Oscilloscope but the touch screen works Low criticality because it is simply a nuisance to the user 1 E Erroneous/Sporadic ARM 9 is fried data sent to the DSP Audio levels are sporadic. Possibly very high output levels. High criticality because if levels are too high, they can be harmful when amplified 1 C ZIF connector has bent pins or Hammer has burned out pins Observation with Logic Analyzer

FMECA Table 2 – DSP Failure Mode No. 2 A Micro remains in reset mode 2 B Possible Causes Failure Effects Reset switch is broken Microcontroller and stays in “pressed” fails to run state program, also cannot reprogram memory Memory space is too SRAM chip burned Audio Processing small out is greatly lagging Method of Criticality Detection Observation with Medium DMM Remarks Medium criticality because it disables the functionality of the system Observation with Medium DMM and Logic Analyzer Medium criticality because it disables the essential functionality of the system 2 C -If only one side: No power sent to individual LEDs - If both sides: SPI signal not present or sampled incorrectly -If only one side: LED Output amplitude driver is burned out LEDs are not - If both sides: SPI is lighting not working on DSP Observation with Low DMM and Logic Analyzer Low criticality because it is simply a nuisance to the user (Although it is one of our current PSSCs, so it is critical) 2 D Erroneous/Sporadic output levels SHARC is fried Observation with High Logic Analyzer High criticality because if levels are too high, they can be harmful when amplified Audio levels are sporadic. Possibly very high output levels.

FMECA Failure No. 3 A Failure Mode Possible Causes Micro remains in reset mode Reset jumpers are shorted, thus created an effective “button pressed” state Table 3 – ATMega 32 A Failure Effects Method of Detection Criticality Remarks Microcontroller fails to run program, also cannot reprogram memory Micro not ATMEL is fried or I 2 C Nothing works on communicating with not configured one individual ARM 9 properly for that channel Observation with Medium DMM Medium criticality because it disables the functionality of the system Observation with Medium Logic Analyzer Medium criticality because it disables the functionality of the channel 3 C Erroneous/Sporadic information about audio levels is sent to ARM 9 ATMEL is fried Audio levels are sporadic. Possibly very high output levels. Observation with High Logic Analyzer High criticality because if levels are too high, they can be harmful when amplified 3 D PWM is only working on one channel PWM is disabled or fried Fader will only move automatically in one direction Observation with Low Oscilloscope Low criticality because it is simply a nuisance to the user. 3 B

FMECA Table 5 – Power Supply Failure Mode No. 5 A Excessive current draw, fuses continuously blown 5 B Excessive current draw on regulator 5 C Possible Causes Power rails shorted together Regulator is blown Rectifier circuit is Rectifier diodes or degraded and goes Capacitors are blown below dropout for regulator, causing a noisy voltage supply Failure Effects Method of Criticality Detection Observation High with DMM and continuity check Short causes a blown fuse, burnt out components, or even a fire Devices on a Observation particular power with DMM rail will not power on Preamp is noisy Observation with DMM Medium Remarks High criticality because if power traces are shorted, they can cause a fire Medium criticality because it disables the functionality of the unit Medium/Low criticality because it is a nuisance to the user, but also degrades the quality of the audio signal.