"ESF Load Sequencer Software Verification & Validation Rept."

' ESF LOAD SEQUENCER

SOFTWARE VERIFICATION AND VALIDATION

REPORT

prepared by: SIMPACT ASSOCIATES'NC. 5520 Ruffin Road San Diego, CA 92123

September 9, 1982 ESF LOAD SEQUENCER

SOFTWARE VERIFICATION AND VALIDATION REPORT

TABLE OF CONTENTS

Pacae

~ 1 OB JECTIVE ~ o ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ o ~ ~ ~ 1

2. STUDY PROCEDURE AND RESULTS SUMMARY ~ ~ ~ ~ ~ ~ ~ t 0 4 I ~ 0 ~ 2

3. SPECIFICATION REQUIREMENTS ~ ~ ~ ~ ~ 0 ~ ~ ~ ~ 0 t I ~ 4 4 SOFTWARE STRUCTURE ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ 5

5. SYSTEM ~ ~ ~ ROUTINES ...... ~ ... ~ ... 7

6. UNDERVOLTAGE MONITORING ~ 0 ~ ~ ~ ~ ~ ~ ~ ~ 0 ~ ~ ~ 9

7. ESF BUS LOAD SEQUENCING o ~ ~ ~ ~ ~ ~ o ~ ~ ~ ~ e ~ 10 8. AUTOTESTING ...... 12 9. PERFORMANCE/DESIGN DEMONSTRATION TEST RESULTS . . 16

10. CONCLUSION ~ ...... ~ .. ~ ~ .. .. ~ .; ~ . 17

APPENDIX A ~ ~ ~ ~ ~ ~ ~ ~ ...... ~ ~ ... ~ ~ ~ ~ ~ .. ~ . ~ . ~ . ~ ~ .A-1 ESF LOAD SEQUENCER

SOFTWARE VERIFICATION AND VALIDATION REPORT

1 OBJECTIVE The objective of the Software Verification and Validation Study is to verify that the software of the ESF Load Sequencer meets the requirements of the design specification, and that no sneak software paths (circuits) exist that would render the system inoperable. The ESF Load Sequencer is a module in the Balance of Plant (BOP) Engineered Safety Features Actuation System (ESFAS) supplied by General Atomic Company (GA) to the Palo Verde Nuclear Generating Station under Arizona Public Service Company Purchase Order 10407-13-JM-104 and Bechtel Power Corporation Speci fication 13-JM-104. This module controls loading of the station ESF bus and diesel generators under loss of power conditions or if an accident signal is present. The purpose of this report is to outline the methods used to perform this study and to detail the findings of the study. 2. STUDY PROCEDURE AND RESULTS SUMMARY The following steps were taken to per form the study:

a ~ Review of Bechtel Specification (13-JM-104). This specification was reviewed in detail to determine the functional requirements of the ESF Load Sequencer. b. Review of General Atomic Operations and Maintenance Manual (E-115-760) . This manual was reviewed to determine how the functional requirements had been implemented and in particular, which functions had been implemented in software. The major functions implemented in software are: Monitoring of accident signals and sequencing control of ESF bus loads. Monitoring loss of power condition and generation of load shed signal and loss of power off delay. iii. Auto-testing of all ESFAS Modules including ESF Load Sequence r .

c ~ Review of Software Documentation (SK-1678). This documentation includes program listings and flowcharts for all software modules in the ESF Load Sequencer. The documentation was reviewed for completeness. In addition, " each module was reviewed individually to determine that the flowcharts matched the program code, that the program code was properly documented and that the code as implemented performed the required functions. d. Review of Performance Test Report (E-115-787) and Design Demonstration Test Report (E-160-972) . The Performance Test demonstrates the functional performance of the ESFAS equipment. The Design Demonstration Test verifies that the design of the ESF Load Sequencer permits no credible common failure modes to exist in response to credible input perturbations and series of events. Both test reports were reviewed to determine whether the tests exercised all program paths within the software of the ESF Load Sequencer. The results of this study show that the software of the ESF Load Sequencer meets the requirements of ESFAS Specification, 13-JM-104. Two minor anomalies were noted in the so ftware, neither of which will cause a malfunction of the ESFAS equipment. The first anomaly results from disabling interrupts during test of the bottom half of RAM memory. This causes an increase in the sampling interval of the contact debounce algorithm which in turn delays posting of an input change. Since the delay is of the order of l0 msec, there is no significant affect on the performance of the ESFAS system .

P The second anomaly is in the load sequencer logic and ~.can cause 2 msec pulses on certain relay outputs. The duration of these pulses is not sufficient to cause activation of any dev ice. 3 ~ SPECIFICATION REQUIREMENTS The Bechtel Specification, 13-JM-104, defines the technical requirements for all aspects of the ESFAS system. The functions specific to the ESF Load Sequencer are defined in Section 4.5.14 of that specification. These functions are implemented in the ESF Load Sequencer software. In addition, this software also controls the auto-testing functions"', as specified in Section 4.5.13 and certain alarm contact outputs as specified in Section 4.5.16. The major 'requirements of the specification are: a. Monitor undervoltage input from LOP/LS module. Upon detection of undervoltage condition generate a 1 second load shed pulse and activate loss of power signal. When undervoltage condition clears ensure that it remains in the cleared condition for 60 seconds before deactivating loss of power signal. b. Monitor loss of power and accident signals. Upon detection of specific combinations of these inputs, initiate one of four loading sequences or modes (see specification attachment 4-1, sheet 8) . Activate one contact per sequencer mode to indicate automatic sequencing in progress. Activate up to ten independent, time separated loading signals, adjustable in one second increments over a total time span of 60 seconds (for sequencer outputs and timing, see speci fication attachment 4-2, tables 8 and 9, respectively) . c. Automatically test the operation of the maximum possible portion of the ESFAS system. Upon detection of circuit malfunction, immediately initiate remote annunciator and indicate malfunction locally. This automatic testing, under normal or failure condition of the test features must not interfere with the normal operation of system or cause protective action. 4 SOFTWARE STRUCTURE

The software consists of a number of routines which operate in conjunction with each other to fulfill all functions of the system. These routines fall into four categories. a. System Routines. These routines handle timer interrupts and input/output. They also control the execution of the other programs in the system. F b. Task Routines. These routines implement the major functions in the system, i.e., under voltage monitoring, mode detection/output sequencing and auto-testing. c Task Subroutines. These routines implement specific functions within the task routines. d . Common Sub routines . These routines impl em ent func tions common to several tasks. The software structure and hierarchy is shown in Figure 4-1. Appendix A contains a profile of each routine in the system. The profile lists the following information for each routine: a. Category (e.g., system routine, task, etc.) b. Function c. Verification Study Data, including: accuracy and completeness of flowcharts accuracy and completeness of program listing comments

illo specific design demonstration/performance tests which exercise the code

1v ~ coding or design errors detected in the routine

v ~ comments c SEVE 1: 57&769 %XtrlNE5

ZOQ

QA'CK ~LOP

szrs cd rsrZ umnm 7STA/

* These common subroutines called by multiple tasks or task subroutines

Figure 4-1 Software Structure Chart 5 ~ SYSTEM ROUTINES

To meet the functional requirements defined in section 3, the system must provide the following major features: a. Accurate time base generator to control time-related functions e.g., input debouncing, load shed pulse duration, loss-of-power off delay and sequencing of loads onto the ESF bus. b. Concurrent operation of several different functions e.g., undervol tag e monitoring, mode determination/load sequencing and automatic testing . These features are implemented in two system routines, the timer interrupt handler (RST75/RST65) and the executive program (EXEC) . The overall design of these programs was validated and the detailed implementation of each feature was verified. Particular emphasis was placed on verification of the major features outlined above. The system meets the time base generator requirements by implementation of two timer interrupts. The lower priority interrupt occurs every 2 msec, the higher priority interrupt occurs every 10 msec. The 2 msec interrupt routine reads all digital inputs and processes them through a debounce routine. The debounce algorithm is based on the 2 msec sampling time and ensures that the input has reached a steady state before reporting any change to the other software routines. The 10 msec interrupt routine sets a software flag for the executive program in addition to debouncing the inputs. The executive uses this 10 msec flag to allocate execution time to each of .the concurrent functions and as a time base to schedule programs handling time-related functions. The executive allocates 10 msec time slots for execution of the concurrent functions required in the system. Each concurrent function outlined in (b) above is designed as a separate program(s) (see Table 5-1) . These programs, or tasks, run under 'control of the executive which allocates 10 msec time slots to each as required. Within the 10 msec time slot the task must execute to completion and return control to the executive. The system complies with this requi'rement; the execution time for each task is shown in Table 5-1. Every 250 msec the executive allocates one 10 msec time slot to the task SO which monitors the undervoltage condition and checks for a stall condition in the opposite train (redundant system) . It also allocates one 10 msec time slot to the task Sl which detects changes in the sequencer mode and performs the bus load sequencing operation. The remaining twenty-three 10 msec time slots are allocated to autotesting tasks. The sequential time slot during which each task may be executed is shown in Table 5-1. Since the task SO and Sl TABZ.E 5-1

Executed Approx imate Task dur ing execution :tame Function Performed time-slot time

I SO Check loss of power condition 1 msec *Generate/check stall opposite train signal

Sl Sequencer mode determination 3 msec Sequencer output control

S2 *Generate 10msec/50msec module test 1 msec pul se

S3 *Check 10 msec module test pulse on 1 msec

S4 *Check 10 msec module test pulse off 1 msec

S7 *Check 50 msec module test pulse on 1 msec ,! S24 *Check 50 msec module test pulse off 24 1 msec

TlRAM *Test top hal f o f RAM memory 2-24 7 msec ,, BlRAM *Test bottom hal f of RAM memory 2-24 8 msec

ROM *Test ROM memory 2-24 4 msec

* Auto testing functions

are executed every 25th time slot, they execute at 250 msec (1/4 sec) intervals. This synchronous execution permits the timed execution of functions at 1 sec intervals as required for load shed pulse, loss-of-power off delay and sequencing of loads onto the ESF bus. This inherent program timing is also used in the autotesting software to control the duration of test pulses to the other ESF modules. The design was found to be valid and met the system requirements of the specification. No discrepancies were detected in the software implementation of the design. 6. UNDERVOLTAGE MONITORING The design specification defines the following major requirements for the undervoltage monitoring function: a. Monitor an input from LOP/LS module for undervoltage condition on the 4.16 kV ESF bus. b. Upon occurrence of undervoltage condition, generate ajone second load shed pulse and set loss of power condition. c. If undervoltage condition clears and remains cleared for 60 sec, clear loss of power condition (off-delay) . ~ These functions are implemented in subroutine CKLOP which is executed every 250 msec by the task SO. The overall design of the subroutine was validated and the detailed implementation of each feature was verified. Particular emphasis was placed on verification of the major features outlined above. II The program monitors the bus undervoltage input from the LOP/LS module. Upon detection of an undervoltage condition it activates the load shed output to the LOP/LS module and illuminates the loss of power indicator on the Load Sequencer module. Internally it indicates the loss of power condition by setting a software flag. The program uses the synchronous nature of the task 'it executes every 250 msec) to control the duration of the load shed pulse. On the fourth execution of the program after the signal is activated, it is deactivated terminating the load shed pulse. After generation of the load shed pulse, the system continues to monitor the undervoltage input. If the undervoltage clears and remains in the cleared state for 60 seconds, the loss of power indicator is extinguished and the loss of power software flag is cleared. Again, the synchronous nature of the task is used to determine this 60 sec off-delay. Should the undervoltage condition re-occur within the 60 sec off-delay period, the design of the software ensures that the 60 sec off-delay is terminated without resetting the loss of power indicator or flag. A new 60 sec off-delay is started when the undervoltage clears again. The design of the software also ensures that the load shed pulse occurs only once for each loss of power condition. The load shed pulse is generated when the undervoltage condition is first d etec ted. No further load shed pul'ses are gener ated until the 60 sec off-delay completes although several undervoltage conditions may occur within this time interval. The design was found to be valid and met the undervoltage monitoring requirement of the specification. No discrepancies were detected in the software implementation of the design. ~ ~

7 ESF BUS LOAD SEQUENC ING The design specification defines the following major requirements for the ESF bus load sequencing function: a. Monitor loss of power condition and accident signal inputs for specified combinations of these inputs. I b. Upon detection o f any such combinatxon, initi ate/terminate load sequencing mode. The input combinations which cause mode transitions are defined in spec ification attachment 4-1, sheet 8. c. Upon initiation of any mode, - start bus loading sequence defined for that mode per specification attachment 4-2, table 9. Initiate contact closure to indicate currently active mode.. d. Sequence loads onto ESF bus at the specified time intervals for the active mode.

,y W e. Upon termination of a sequencing mode, return all outputs to idle state (mode 0) and clear mode indication contact. The mode determination function is implemented in task Sl which executes every 2SO msec. The load sequencing function is implemented in the subroutine OSEQ. OSEQ is called by task Sl when the sequencer is in any mode other than mode 0. The overall design of these programs was validated and the detailed implementation of each feature was verified. Particular emphasis was placed on verification of the major features outlined above. The task Sl checks initially for an active sequencing mode (modes 1-4) . If such a mode is active, it verifies that the specified inputs are still in the required state. All inputs which are not specified for the mode are considered as "don' care" inputs and are ignored. If all specif ied inputs are still true, no mode change is required. If some inputs have changed state, the sequencer returns to the idle state (mode 0), the mode indication output is cleared and all sequencer output signals are returned to the mode 0 condition. The sequencer always returns to the idle state when conditions for the active sequencing mode are no longer true even though conditions may be correct for entry into another sequencing mode. The next execution of the task will cause the transition to the new mode. If the sequencer is in the idle state (mode 0) upon entry to the task, the loss of power software flag and the accident signals are checked. If the state of these inputs matches the state specified for any of the sequencing modes 1-4, that mode is activated. Again, all inputs which are not specified for the mode are treated as "don' care" conditions. Upon

-10- transition to the mode, the mode indication output is set and the sequencing timer is started .

Prior to exiting task Sl, a check of the current sequencing mode is made. If the mode is not zero (output. sequence active) the subroutine OSEQ is called. This routine handles the contact closure outputs and the time activation of these signals necessary to sequence the loads onto the ESF gus. Since the routine executes every 1/4 sec the time resolution is sufficiently accurate to meet the load sequencing requirements. The routine is table-driven in design; this means that all sequencing modes are handled by the same executable program code with variable parameters (e.g., output signal, activation time) -stored in a table of each mode. All table entries were verified and found to be correct. A design anomaly was found in the routine OSEQ. As with all d ig ital outputs in the system, this routine sets/cl ears outputs in the output bit map. This output bit map is copied to the output ports every 2 msec by the timer interrupt routine. Certain actuation signals exist which change state twice during a sequencing mode e.g., Charging Pumps in mode 2. These require two entries in the mode table which specifies the parameters for OSEQ, one to activate the output, the other to deactivate the output. The design of the software is such that if, for example, the signal is activated at time 0 sec and deactivated at time 40 sec, every time the routine executes after the 40 sec time, the signal will first be set, then cleared in the output bit map. If an interrupt occurs while the bit is set, the bit is copied from the bit map to the output port. The bit will. remain set until the next interrupt, 2,msec later, by which time OSEQ will have reset the bit. The probability of occurrence of this 2 msec pulse is small; in addition, the duration of the pulse is insufficient to cause actuation of the controlled dev'ice. This anomaly will cause no malfunction of the ESFAS system. f All other features of the design were found to be valid and met the requirements of the specification. No discrepancies were detected in the software implementation of the design. AUTOTESTING The design specification defines the following requirements for the autotesting function: a. Test automatically and continually maximum possible portion of the ESFAS system. b. Under normal or failure conditions of the testing syst: em, ensure that it interferes in no way with the normal operation of the system. Co Upon detection of circuit malfunction, initiate a remote annunciator and locally indicate malfunction.

' d. Permit convenient interruption of autotesting at any time. Theqe functions are implemented in three categories; redundant system (opposite train) monitoring by task SO, ESFAS module testing by tasks S2, S3, S4, S7 and S24, and Load Sequencer testing by tasks TlRAM, BlRAM and ROM. The overall design of each test was validated and the detailed implementation of the testing features verified.

The task SO monitors a square wave input with a 10 second period which is generated by the opposite train (redundant system) . If a transition is not detected every 5 secs, an indicator on the Load Sequencer module is illuminated to indicate a stall. In addition, the stall opposite train annunciator is activated. The task SO also generates a square wave output with a 10 second period which is monitored by the opposite train. This feature continually monitors the correct operation of each system. The . other testing features are executed only if the Manual/Auto switch is in the Auto posi

Under normal autotesting conditions the task SO checks for the presence of a real input, as opposed to a test output response. If a real input is found, autotesting is suspended and initiation of the new sequencer mode (if required) wi3.1 be performed by task Sl. Suspension of autotesting due to a real input or due to a module test failure, does not affect the mode determination or the load sequencing functions of the Load Sequence r in any way. Autotesting of the Load Sequencer module itself is performed by the tasks T1RAM, B1RAM and ROM. These tasks test the top half of RAN memory, the bottom half of RAN memory and ROM memory, respectively. The RAM memory tests do a write/read/compare operation of all data patterns into all RAM memory locations. The ROM memory test does a checksum calculation/comparison operation on all RON memory locations. If an error is detected in any of these tests, an error light pattern is flashed on the Load Sequencer module and all software functions are inhibited. It is not possible to continue system operation when 'an error is detected in one of the tests as failure of RAN or ROM can cause unpredictable operation of the system. An anomaly was found in the design of task BlRAM. Inputs are sampled by the interrupt routine which normally executes at 2 msec intervals. Any input change is processed by a debounce algorithm which requires three consecutive sample values to determine the true debounced state. This results in a delay of up to 4 msec between the occurrence of the change and the reporting of it to the processing task. Interrupts are disab3.ed while testing the bottom half of RAM. This ensures that no data is changed during execution of the test which requires slightly in excess of 8 msec of the 10 msec exection slot assigned by the Executive. The inputs are sampled once prior to disabling of the interrupt, once upon reenabling of the interrupt and a third time at the end of the 10 ms execution time slot (see Figure 8-1) . Assuming -13- this extended sample interval (8 msec) will still match the mechanical . characteristics of the input contact, the delay between the occurrence of the change and the reporting of it to the processing task (i.e., time required for three consecutive samples of the input) has now increased to 10 msec. This is an increase of 150% in the reporting delay experienced with the 2 msec sample interval. It will have no significant affect on the operation of the Load Sequencer however; the undervoltage monitoring and sequencer mode determination functions are only performed once every" 250 msec. All other features of the design were found to be valid and met the requirements of the specification. No discrepancies were detected in the software implementation of the design.

-14- 77/'IF (fGEc.) ExECvVON Ssor hf

Imper sRHPuNc„'~7'M

ExE

Figure 8-1 Input sampling timing diagram ~ ~

9 PERFORMANCE/DESIGN DEMONSTRATION TEST RESULTS The resul ts of the Per formance Test Report (E-115-787) and the Design Demonstration Test Report (E-160-972) were reviewed to determine whether all program paths within the software had been exercised by these tests. Appendix A lists tests which exercised the logic of each program. In general, almost- all program paths were tested. Exceptions are the failure paths for the RAM and ROM test programs, and 'he fatal error routine (HALT) to which they transfer control. These program paths are straightforward and perform their designed function.

Al1 test results indicate that the design and implementation of the software fulfill the requirements of the design speci fication.

-16- 10. CONC LUS ION The results of this study show that the software of the ESF Load Sequencer meets all the requirements of the ESFAS Design Specification 13-JM-104. In addition, no sneak circuits or software paths exist that would render the system inoperable. The two anomalies which were noted, 2 msec pulses on sequencer output relays and variations in debounce timinp of inputs, will cause no malfunction in the ESFAS equipment.

-17- APPENDIX A

PROGRAM DATA Prog ram Name: HALT Category: System Routine Function: Term ina tes system ex ec ution on fa tal error. Displays flashing error code in lights of Load Sequencer module." Flowchart: Complete and correct Source Code Comments: Ad equa te Exercised by: This routine was not exercised by either the Design Demonstration Test or the Per formance Test. Design/Coding Er ro rs: None Comments: None Program Name: COLD Ca tegory: System Routine Func tx on . Initializes so ftware and hardware on system power up (cold start) . Flowchart: Complete and correct Sour ce Cod e Comments: Ad equate Exercised by: Performance Test on start up (ELA 342-0062, Sheet 33 of 70) Design/Coding Errors: None Comments: None

A-2 Program Name: RST75/RST65 Category: System Routine Function: Processes timer interrupts. Reads inputs and stores debounced results in input bit map. Copies output bitimap to output ports . Sets 10 msec interrupt flag fo r executive. Flowchart: Com pletc and co rr ec t Source Code Comments: Ad equate Exercised by: Per formance Test and Design Demonstration Test on each interrupt (every 2 msec) . Design/Cod ing Errors: None Comments: None

A-3 Program Name: DEBNC Category: System Routine Function: Debounces dig ital inputs. Called by system routine RST75/RST65. Flowchart: Com pl e te and Co rr ec t Source Code Comments: Ad equa te Exercised by: Performance Test and Design Test on each interrupt (every 2 msec) .

Des ig n/Cod ing Er ro rs: None Comments: None Prog ram Name: INIT Category: System Routine Function: Initializes I/O ports and timers. Called by system routine COLD. Flowchart: Complete and co rr ec t Source Code Comments: Adequate Exercised by: performance Test on start up (ELA 342-0062 Sheet 33 of 70) Design/Cod ing Er rors: None Comments: None Proq ram Name: EXEC Category: System Routine Function: Controls execution of tasks wi thin system.

F15wchart: Complete and correct ~ $ So ur ce Cod e Comments: Adequate Ex ere ised by: Autotest section of Performance Test (ELA 342-0062 Sheet 55 of 70) . Design/Coding Errors: None Comments: None

A-6 Program Name: SO Category: Task Function: Calls STALL to check for stall of opposite train (redundant system) ., ~ P, Updates system running flag for this train. Calls CKLOP to monitor undervoltage condition.. Checks for any real inputs to stop/resume autotesting .

Flowchart:I Complete and correct Source Code Comments: Ad equa te

Exercised by: Stall/system running; tested by Performance Test (ELA 342-0062, Sheet 65 of 70) .

Undervol tag e monitoring; tested by De,sign Demonstration Test (ELA 342-0063, Page l6 of 43, Test l) Stop autotesting on real input; tested by Design Demonstration Test (ELA 342-0063, Page 22 of 43, Test 6) Resume autotesting on absence of real inputs tested by Design Demonstration Test (ELA 342 0063, Page 24/43, Test SA/SB) Design/Cod ing Errors: None Comments: None

A-7 Prog ram Name: Category: Task Function: Monitors loss of power and accident signals to determine sequencing mode, P, Calls output sequencing (OSEQ) routine to sequence'us loads. Flowchart: Complete and correct. So ur ce Cod e Comments: Accurate Exercised by: Mode transitions tested by Desing Demonstration Test (ELA 342-0063, Pages 22 and 23 of 43, Tests 6, 7A and 79) . Design/Cod ing Errors: None Comments: None

A-8 Program Name: S2 Category: Task Function: Ac tivates test pul se fo r mod ul e autotesting. Flowchart: Complete and correct Source Code Comments: Ad equa te Exercised by: Per fo rmance Test (EI.A 342-0062, Sheet 58 of 70) . Des ig n/Cod ing Er ro rs: None Comments: None

A-9 Program Name: S3 Category: Task Function: Checks "on" condition of test return for 10 msec test pulse (module auto testing) and deactivate test pulse. Flowchart: Complete and correct Source Code Comments: Ad equa te Exercised by: per fo rmance Test (ELA 343-0062, Sheet 58 of 70) . Design/Coding Er rors: None 1 Comments: Task, S3, S4, S7 and S24 are all a part of the same source code module (TEST) and use a common error exit, TSTERR.

A-1 0 Prog ram Name: S4 Ca tegory: Task Function: Check "off" condition of test return for 10 msec test pulse (module autotesting) . Flowchart: Complete and corret

Source Code Comments: Ad equa te Exercised by: Performance Test (ELA 34-0062, Sheet 58 of 70) . Design/Coding Errors: None Comments: Part of source code module TEST. ~ ~

Program Name: S7 Category: Task Function: Checks "on" condition of test return for 50 msec test pulse (module auto testing) and deactivate hest pul se. Flowchart: Complete and'orrect Source Code Comments: Ad equa te Exercised by: Per formance Test .(ELA 342-0062, Shweet 58 of 70) . Des ign/Cod ing Er ro rs: None

Comments: part of source code module TEST.

A-l2 ~ ~

~ ~ '

Program Name: S24 Category: Task Function: Checks "off" condition of test return for 50 msec test pulse (module autotesting) . Flowchart: Com pl e te and co rr ec t Source Code Comments: Adequa te Exercised by: Per fo rmance Test (ELA 342-0062, Sheet 58 of 70) . Design/Coding Er ro rs; None Comments: Part of source code module 'TEST. Program Name: TlRAM Category: Task

Function: Tests the top half of RAM memory. Flowchart: Compl etc and co rrec t. Source Code Comments: Ad equa te Exercised by: Autotest section o f Per formance Test (ELA 342-0062, Sheet 58 of 70) . Fail ur e cond ition not encountered during test, hence no testing of failure path. Design/Coding Errors: None Comments: None

A-l4 Program Name: B1RAM Category: Task

Function: Tests the bottom hal f of RAM memory. Flowchart: Complete and correct

So ur c e Cod e Comments: Ad equa te Exercised by: Autotest section of Per formance Test (EM 642-0062, Sheet 58 of 70) . Failure condition not encountered during test hence no testing of failure path. Design/Cod ing Errors: This test disables interrupt for approximately 8 msec. This affects the input debouncing algorithm and can delay updating of debounced inputs in input bit map. No coding errors. Comments: None

A-1 5 Program Name: ROM Category: Task

Function: Tests ROM memory Flowchart: Complete and correct So ur ce Cod e Comments: Ad equa te Exercised by; Autotest section of Performance Test (ELA 642-0062, Sheet 58 of 70) . Fa ilur e condition not encountered during test hence no testing of failure path. Design/Cod ing Er ror s: None Comments: None

A-l6 Program Name: STALL

Category: Task Subroutine called by SO Function: Check for stall of opposite train (redundant system) . Flowchart: Complete and correct

So ur ce Cod e Comments: Ad equa te Exercised by: Exercised continuously during testing. Stall condition simulated dur ing Per formance Test ~ (ELA 342-0062< Sheet 65/70) Design/Coding Errors: None Comments: None

A-17 C

Program Name: LIGHT

Category: Task Subroutine called by SO Function: Toggles lights which have blink status set. f p Flowe ha rt: Complete and Co rrec t So ur ce Code Comments: Minimal Exercised by: Per formance Test failure simulation. (ELA 342-0062, Sheet 64 of 70) . Des ig n/Cod ing Er ro rs: None Comments: None

A-1 8 Program Name: CKLOP

Category: Task Subroutine called by SO Function: Monitors undervol tage condition and generates load shed pulse and loss of power ind ication. Flowchart: Complete and correct

Source Code Comments: Ad equa te Exercised by: All paths exercised by Design Demonstration Test (ELA 342-0063, Page 19 of 43, Test 4 and Page 18 of 43, Test 3) . Desig/Coding Errors: None Comments: None

A-1 9 Program Name: OSEQ Category: Task Subroutine called by Sl Function: Controls time sequencing of loads onto ESF bus. Flowchart: Complete and correct Source Code Comments: Ad equa te Exercised by: Actuation response time measurements o f Per fo rmance Test (ELA 342-0062, Sheet 40 of 70 to. Sheet 44 of 70) .

Design/Coding Errors: Design can cause unwanted 2 msec pulses on signals which change state twice during bus loading sequence. Comments None

A-20 Program Name: ITT1/ITT2 Category: Task Subroutine called by 82 Function: Initializes parameters for 10msec/50msec pulse testing of module Flowchart: Complete and correct Source Code Comments: Ad equa te Exercised by: Autotest section of Performance Test (ELA 342-0062, Sheet 58 of 70) . Design/Code Errors: None Comments: Flowcharts for these programs are included with programs for task S2.

A-21 'L

Frog r am name: ONC K Category: Task Subroutine called by S3 and S7. Function: Checks "on" condition for spec ified input, "off" condition for all other inputs. p Flowchar t: Complete and correct Source Code Comments: Adequate Exercised by: Autotest section of Per formance Test (ELA 342-0062, Sheet 58 of 70) . Design/Coding Errors: None Comments: None

A-22 ~ ~ ~

Program Name: OFFCK

Category: Task Subroutine called by S4 and S24 Function: Check "off" condition for specified input. Flowchart: Complete and correc t Source Code Comments: Ad equa te Exercised by: Auto test section o f Per formance Test (ELA342-0062, Sheet 58 f 70) . Design/Coding Errors: None Comments: None

A-23 Program Name: NEXT Category: Task Subroutine called by S2 and S24 Function: Advances testing to next entry in parameter table used for 10msec/50msec pul se testing . Flowchart: Complete and correct So ur ce Cod e Commen ts: Ad equa te Exercised by: Autotest section of Per formance Test

(ELA 342-0062 < Sheet 58 of 70) . Design/Coding Errors: None Comments: None Program Name: UPDATE Category: Common Subroutine Function: Updates test parameters for 10msec/50msec pulse test of module, Flowchart: Complete and correct Source Code Comments: Ad equa te Exercised by: Auto test gee tion o f Per formance Test (ELA 3432-0062, Sheet 58 of 70) .

Des ig n/Cod ing Er ro rs: None Comments: None

A-25 Program Name: TS TW

Ca tegory: Common Sub ro utine Function: Compares byte (8 bits) with specified byte of input bit map.

~ 4 Flowchart: Complete and correct

So ur ce Code Comments: Minimal Exercised by: Autotestinq section of Per formance Test (ELA 342-0062, Sheet 58 of 70) . Design/Coding Errors: None Comments: None

A-26 Program Name: SETB Category: Common Subroutine Function: Sets bit corresponding to designated output in output bit map. Flowchart: Complete and correct

So ur ce Code Comments: Minimal Exercised by: Load shed -pulse generation of Design 'emonstration Test (ELA 342-0062, Page 19 of 43, Test 4) . Design/Coding Errors: None Comments: None

A-27 Program Name: CLRB

Ca tegory: Common Subroutine Function: Clears bit corresponding to designated output in output bit map. Flowchart: Complete and correct So ur ce Cod e Commen ts: Ninimal Exerc ised by: Load Shed pulse generation of Design Demonstration Test (ELA 342-0062, Page 19 of 43, Test 4) . Des ign/Cod ing Er ro rs: None

Comm en ts: None

A-28 ~ ~ I

Program Name: TSTB Category: Common Subroutine Function: Tests bit corresponding to designated input in input bit map. Flowchart: Complete and correct Source Code Comments: Minimal Exercised by: Load Shed, pulse generation of Design Demonstration Test (ELA 342-0062, Page l9 of 43, Test 4) . 4 Design/Coding Errors: None Comments: None

A-29 ~ ~

Prog ram Name: SUSP Category: Common Subroutine

Function: Calls STOP to terminate sequenc ing mode or autotesting, then sets system in autotesting suspended state.

Flowchart: Complete and correct Source Code Comments Ad equa te Exercised by: Auto test term ination in Design Demonstration Test (ELA 342-0063, Page 24 of 43, Test SA/8B) . Design/Cod ing Er ro rs: None Comments: None

A-30 Program Name: STOP

Category: Common Subroutine Function: Terminates sequencing mode or autotesting . Sets all outputs to idle state and turns off all lights except STOP. Flowchart: Complete and correct So ur c e Cod e Comm en ts: Ad equa te

Exercised by: Mode l or mode 4 termination in Design Demonstration Test (ELA 342-0063, Page 24 of 43, Test SA/SB) . Design/Coding Errors: None Comments: None

A-3l , r

I BOP ESFAS CHANGE Scope of Work

The following software modules have been changed to redefine the bit 7 of OBM+3 from the mode 9 indicator to the stall opposite train annunciator:

By searching the cross reference files for OBM+3 and A7:

1. EQUATE .SRC: Change 1 place for the redefinition of bit 7.

2. S1 .SRC: Remove code in 2 places where the mode 5 indicator was both set and reset.

3. STALL .SRC: Add code in 2 places to both set and reset the stall opposite train annunciator.

4. SUBS .SRC: Change code in STOP routine such that it will not set the mode 9 indicator bit.

5 ~ In addition, add a date and revision module. (ID.SRC) Link this module last so that it will be in the second EPROM.

Put the following ASCII data in the date and revision module:

DATE August 18, 1982

REVISION PVLS.03 ~ r ~ Van ~ t i ~ > tavr nap OIE'"UATE .".,O'REF t... 0P l'CT(l. GBJ) i 3"".l:"'RI3lt(:Tt";l3

gL) Tr

C gCtmr~ LCC 0I'J gvrvgtwHT

Hni E ECUt')TE TITLE ('LCt ff EC'JE'CER E")J%7E f'I'LE ') 3 PF:0"Rt'f"N~R''-JH-78I'ATE 5 S i P Si",0CLUlQ

6 1 7 rfff:tfttffft':ftffttf!fttttttttt-'.tttttfttttttttttttt:ttt f3 9

10 r ~ THIS FILE CC3tTAI33S THE STST"3f EQUATES FCR 11 t THE LM)J SERUEtlCER

1" 1 13 tffffffftffffftffffffffftttffttttt4tttfttt"tttttttttt 14 fC PU!'LIC FRTiCS)FRTIA)FRTIP)FRTIC)PRT'.TL)FFTfTH fl FUI'L'C Pl I 'C )PRTCA)f'i')F?T2'PR) TL)f'RT2TH 17 PUI:LIC F'nT";A1FF'T3 'r r"..'TSC ) fRT"t. S 10 PUSL:C fRT4A1PFT4B) Pn I!t:1 F RT4tCb 19 FL'."LIC Ftt 'v'r'S)CREFAS)CR91'.S)SIAS)LOF)t".."t Sf 1! EAS2)ALLI33

FL))'LIC TFJ ".'AS t TCF Ef'hS t T)Cr i'I,". t TCF I.lS t TOSS t 'lLGP "-."".1 hi F'U"LIC LCF l 1 LOF60tAUTOtTtli31)rT TI'3). pnprr,'r r,n Yh PLfI'C r J..rJ.'lf Jr)StrR h3 PL)FLIC i'SI t PSI)CREAPJ!Il'".ESS)FBEnAE)AF)CS) C" hk '." '": ~ l FUI E.f'1 CHLtCHSP1"'nTCH)LC4SOr CE333Ll)CCl!Tillfh nS r PLr)'LIC itL1211.13tL14tLf5RGl'O)L1)L")L3)L4)L5)L6)L71L8)L9)LiO)L rt ~ t f'L'IC 1:Olhfln~ Itt~fh4tttJ)ti6)A7 PU)'LIC RO)Fzi.'R 'P: )RStR4)RS) .6fR7)RS)R9tR10)Rff)Pif2)R13) r14tR15 J. vr. vhr i vrfnn 1n(% PL) )C n Vvlrhtnrtitlfnr ~rtrt It) rr h9 30 )ffftfffbffffffftff".fftfftffit",fffttttfftttfittttt+tf~tttt+fttttfi-ttt"t '1 1 32 37 J4 H".R"'.)AFE FDRT ASSIGN!!F>ITS VJ7C

36 1 '1 'l r I hr) nt ii) Vrr 1 nE 1 7O

~ h 1 nht h i ~ Enit ~ 4 4 Ff;I!CS iC0!tTRSL/STATUS 1 ~ h ~ 7'Il~ I t ~ r.'l'f! E"U 17 )J7 PhNT f nhlh r 't ~ fl -3 f EL'U if CPUT FL'RT 1 '8' r ~ rr 7 rlr 1 n,'r. ~ V' v EGL) I? T f IC [rr t l l a. J h r', ~ C ~ I rr ~ J EJ "1 iT:!.ER 3'S 1 t

7 r ~ 1'f he i ~ ~ ~ r ~ i Cr) )

I C1 PThg n fnil ~ PhllfQhl /QT r T)'n J ~ f a VJ 4 ~ ~

arri %I f.n lip >1 Ia' I ~ El'UAIE f'nSE 2 vl C f r

~ I;I rfaJ S".',!RCE STATE"''".l(T

r'll0 Cg 't'l' ~ ~ l EB ~ V t]!!r'JT RXT 0 r,a ~ ~ f Ca <.iJ ll .III Ohf>T r> ~ tt ~ ~ ~ n I' n'I ~ ra>veil» rnOS a>aal 0 Irl Fa at I.L El>'I'l:I »> I(: 'I Ul l c n?rn.l I 0(.'". a>at RC ~ l8 tTI!l9! LES 2 rl,al '>I El"."J "9 v av 1 'tjltico!t 8 2 58 t 59 t ia0 t R"-lJICE 3 61 t 62 t 1

~ at Wrg>15 64 RRT3A f rill va iCUTRUT F'i7T 3 Ghh ~ 65 RRT.'8 EiU 33 rBT e 'A'QUIt"UT

'8'CUtPUt '5 ertt3C eoU 34 Pot't 3 C hnQ» 67 f'RT":S E"U 35 lCC!!IRCL/STnTUS 3 68 t 69 i >5 ~ RE'J'CE' 71 t

t 1 h000 73 Frt43 eau 40 toachpvt Fort 4 Irt Cisb? ca 74 Fr t4!t eov 41 tostFut Fort 4 5 prt4c eM port 4 'b'ootptet c 76 f't".T-'.CS Er>U 43 ;re!IRO $ P+4)v $ $ PPA$ $ $ i$ $$ vGnash 86 C.-".:~'S 020hiH t'CE(IRCll r 08I( ES'"t{I.'R. FILTRATION h41'5 3" Cf,"J.'I'IS Er.U G(vent t CCI'!TR'".'L Rr'Cl( 'J""iF.-LATICn IS iLATI"'!( hhhQ yang C So S nS ECUt )ShFLTi I!!J=CTI J'! '('5 89 LCR '. hhhl( I nr,f h>I - ~ ~ v 9O n n0i Ert i.Ia I> C ll )re" LI.-',";Y Fif"."TE0 1 if ~ r» 0] EC" '5" JH tl'-UX.LIA;lYFE"""'t'l ER " 2 er.n Pl1I I 0 8>0 ai(l t3(ESEL ('t="!liRtI":. (.tJ!( 1)I. UT 0» t~ 0) )>n ~ h 0 i'.II ~ 'I> t'IFASHt'Ftl h t'aaIJ . t r C «t ." tcf f ~ ~ 0tr C ~ a F>10 ~ I, ~ ~ 10 n> >> ~ rh ~ I ~ r f I>01 lf>0] ~ i'6tr>0 tf n".vvnn ErU CFOG» try a ~ >, ia, I h I > I fr" c'7 nLLI!! 'ill t tilSag>af 3n(rl tS] vlf[ RUI! I'»1 1 '> 1r 00 Tl Er.J F'i''I:CfiFI'>S(CRiII" l>'"./.'](rI. i'I 2tC5„"ll 00 l ~ vh ~ t ~ ' ~ nl !I ~ I( 1 «7 "7 t',. 7 l 7 i':S r ~ 1 P I F I C ~ rn ~ t ~ r a ~ ~ >' ~ ~ ~ ~ h > ~ 't Ia > I 11 I Q ( It rC f "-'. alt v I t ~ > I ! (t ~ ~ ~ ~ ~' ~ ~ ~ l r.c r 'll r Q C ."...:( ~ ~ v ~ vv (:.i.:L 'I' , ~ I ~ nl th>all>0 ll ~ ~, a, ijC>JI ~ >v Ilail Ilv ('5r)!! f.'.4"I( (.: ~ I 'litV>ll illa! > l .llil ~ ) >I ~ '7. I?'77 r, ~ Ti I> C h>J 0"(1]H t i":T f:EI".."..I! ( ) F''

I nt rtf r» a raa 1 E

I r'I'I ~ rg t,rrr El IJ ~ r all lf I'-'cT f=-:"';I, "F ",CR LL r I L' r a,i 11 t (J,Cc"L 6 l START S'"llAL) r)r( I a ~ a ~ "J arh!H ~ I> IÃ E .'J () r, F."; Ec (":i':R'!T(R 8" I'INER IiIFL',T iCI'ULE Itif'UT) ql 111 ~ a J !II L ( 112 f 113 I cUITCH IHPUT I':T IcEFlllf1TI".'lS 1! 'I I t~ !LJ f f1 I I 'l6 A">0 E 01(12}} t AUTO/I"ri"JA''-!ITCH((nYIIIHt1..(PI)TO) 117 t aalu 118 faELAY R TUR.l Il!PUT IIIT I!EFIHITICl}S Il< 120 t ~ ? ~ Ct grUI C.t v3 L ..t ri 0'0" H fHIIIH PR SP Rc. cAFETY IN.'CCTIO}l PU}J'LIU hnh't ~ aI »I fnil h? a7? Il f'PEcC".:,E PL'."iP ~ r L "r Sl'IFETY Il(JEECTICll h 1 ~ 17 I rC ~ ~ 'lI 03 L Ia ~ 1! J EfU !CCllTR"L R'l} E:-:F}ffirLA'rJ ~ ta I (.)h7 L' L'J C Crt g /If'r f'I'TESEL CEl:E>;I'.T".R E SBITII',L EX}l'IUST FA}l ~ hh fa»V LC a lh F"-.-I, »h EOI J 1CPJTH !FUEL I'O':„P.'!:3 E cQ!}TIAL EX';"„!>ST FAN Ihr.» "s »V'I;0 I Ac EOU 2('0JH ~ r ~ a1'I I IaaJ L I CS nhr7 I I "'" 8ra r Ec CA!! Phh?! l ES..»T"'.""." t':: O'TER PU h $ Ig I ~ ale CCO C 1IJ " ') ~ ~ 1 L ~ rl I rrrrCI g hlJ t> ~ aJ PO I t rraaa )) C-'.('-'. 131 011:l)H I ~ 71 CLTa I\ h8h I» H P U 08(>-:H f'I>ATTERY Cft IRCER ~ (Ih l 't ."" P'> I r > ar util 1(l".-'.H 'f-'.81) VI.LT LOr'3 CEllTER IRK(.:E'ER 2L"C4 lrt Cft'2> g I>« 21)(I.IIH » aa Lit Oh r I lit11 I 'I(J.IH at rll~ EOJ t CONTt'I!II.".r}IT li",.'}I'ILACU P..'.IHISSI're. 17/, I!ttt I>I EIIIJ nr,plfg'll lfr.a'raaaf ~ IIL 'll lll0.",lL1L CHILLER 137 f "t+Lt 138 "5~t;>Pk5k'>Ikt!7! ktltTfkkk$$klg~ tg4P~Lg~~+~"f~~+"'tQt+~f*".ACf8 7CI 1 t I-'.9 LIGHT OJT?UT 1!IT !IEFIl!ITI".!lS ~ I ~ Laa ' )fr'(:.H 1' a

~ ah. rh $ I C!".J 'f ~ 3 ) (I";".}l f".-3E''nS (F!'.L ."JILI'il:.SI E:cE}}TI',L UE}lT!LATIOll) r.gran rr L'l2iEflU (H tfREFAS ('„".;Il'. C> FOOH E".;.= T;,'L jfLTPI'fTlr'I}) (!.'.I".6> (r'(P9 Ef:,U ~ ~ fLPiAS (LC( llTI Inert'.EllT F UFGE 1$ 'MIQl}) 0»a paJ I-'.6 L3 EO!J ~ hth ~ I 'l7 Lt EPJ fff tLta ta»T rIPlhr 110 4 Jtt I r E".U 21', I'.I.(ll> IA>JTO TE-:I FATL ~ (a !LI> I t C. Il ~ h h ~ I a ??af 1'I'7 I 'J I..tr 1r S'rft f Car ht) Chl> 8ht 'Il I ??? (at a'L h! I'1 ES'IJ (;1(J1II f'CF.'2I;S ((;:ITP,:L F.'OCl} '('El; >LATI' '".."'TICN) 0'll' C'>ll r 7(!IJ a ~ It C'Jla IC c'ccTY !' ~ ' ! ~ f f T fT'Tt cl: fL) ~ ~ ~ »ta a a I I' t lr > f >aaag >I» >r'I ln E'FJ (,l(a!H Lf (I f ~ ~ rr 1 EraJ L a L r.::"-.» ~ !r I Irf F'1 ~ a 1 r Ll" J LL'f~

~ ~ r ~ L13 E(fJ c,a } ~ ~ rh« ~ a at ~ i«II I I' r ~ I' I ta ~ ~ lrrt lra. L.'II ra !L CIJ ', ~

~ I t! 1 r ~ ; ~ ~ r el i c. f nOT. l ee rl ~ < ah J ~ <) la ~ 1 'are ~ lrl r sr

n n J 4 ."» "Je'RCE STATEi'."HT I

r ~ r r,,l ~ v I Ofe)3H i(el'rL 1 nfis v>IClhiVR I ~ ~ ~ I„'ll', g ~ TC E;.! 1 hsai)7$rrersese ge 'epi»l TCn I 1') J I' ('703 H le sv'i. v) niuiisilvin I trta Jsash7 Il I r1'I IJr)

f. I f RELAY CJTPUT PIT 9EFIHITIO!lS

]7P 1 1 '7» t

In]h< E"

~ ~ )h ea JIgeae)< C v s ~ I 'v') 'I hl J»a I I ri 1 ~ l el I<'I I n Oirr h )I r3 li A 0103 1<3 A C."03 M A ]003 li4 A5 A 'itis)3 ~ ~ sl tt ~ is,re» I »e hi< r.e'j '.".O2 nil'

'I" ~ ~ hr « t» ~ f» < <} Ih pf 0< 4 0"04 R}9 I ~ V «'J A Ov05 f:12 A }005 !<<3 I» u hl I <««A 'i Rr »}Aa g f Al 040-'. A 0~04 P.4 A 1'.04 A 2".(<4 ~ ~ Tr< ~ « l ~

rutrrll«l <;}'u,hi Q

ilrht» Qv'h, il 7 v v ~ \ ~ v J h A< A1 AO nA n C"')3 A 0403 A3 A 0803 A4 A 1003 45 A 2C03 A 4003 A' I » hh7 7P 17 n''IFAS} I«QTr<< n v ~ ~ Af A 2000 ALLIS} A FFCO O'JTO A 0102 A C804 rrt,u20 l ,h.h< V t r,T« PPT23 A C01A PRT 'C A 00}B PRT2CS A 0010 PRT2 tI n 00}D ~l.ithtl A hh' f'"3-' A OMI} PITT7 I} PRT"CS PRT4n( PRT47u I I ~ I I } ~ A C021 PRi C A G022 A 0023 A 0029 ~ rr [T A 0!04 R' 0"04 R}0 A 0405 f.'1' CS05u RD 5 }003 «Ih l ~ ' u I C'} ~ ~ R11 A Elhi R2 0104 R3 A 08n4 R4 A 1004 R5 2004 t ' I ~ 1 I ting';=.'04 «.6 n 1<«t R7 R3 A 0105 RP A ('2C}< ci4S Al (F00 TCPI

r«.A ~ ~ ~ 'v ~ n n. X2CC A 0600 X4CCAA A 6600 XXX A 4001

1 ~ ~,

lr ~ . « 'l et~ 'I~'ll A

~ I/ «

~ 'C ~ ~ l T

1 ~ .' ~ r 1 A7 ~ ("f ~ ~ rnA ~ «rn AC AC I J 5 a >T ~ « ~ aC I'' t I ~ ~ ( tl, ~ I ~ ee( C „F T 4 ~ "..1 e7 QP f Q 95, 97 98 I 19 9' nq 95 '7 9n II I II I ~ Al.tn LT I 'J 1'I I, ~ <'32f ) leg ~IA C ' I.'I 17-'.f ne r ~ «7« f r''n«ITI)'I'I 1 ~ 1";.f ~ e I,~ 117el 1C Ie ( T 96 97 98 Ief.« ~ I e ~« nc Ie ~, ~ 'n (.'(" (LI N

'eg 9'7 Lr gn7f I' nel ~ ~ e A ee IIlt

(I, C$ , 122'lf kR".ll f 97 I iell ~ «r I I'« f rn: ~ ~ Vr

« I ~ C 'I 7nf nA'I~ 13i A I ~ ec re„ 19 8"f 97 Vi n7 11 c F::.'«i.ll~ Aa; li.'$1 13 1 JT I"V 11;f 1C I I1 $ lf I ~ IL 1c(a ~ I I ~ I I $ SCCA 1C'c 1J".I' I «3 «J rJe'tC71 I 1$ 3f «C' c/gC L:J 1 nc L" AJ nc L3 «J 1-'.5f I L-'. 1 Lc «J1C 1-'Sf « ~ I C L'. e.J 4'I( t «CPC T

~ ~, lr$ I «q «J+jC 1c

~ ~ I «<+f r.'.1L I VI

~ e ~. I en 1 c'C 'I., I i e ~ «7$ q 4 :(. i« 1« I "JT'; S 1J Tb Is« '

~ 'y ~ YI ~ I Ig C r ..Il f 'I I''JTl]i ~ C Ir. s J ,vy CT1« I C'. C f « C.s) f«sytl« C butyl~ }I, C 'l f'F'T;: }0 $ f"T" II c7] II( C'. I ~,I ll }5 (( F"':71 i 17 My" 17 6" yt P hy7I« 17 ~ r I l 'I!k ;cT3ra 1". !7$ f'F:T-'.t ]a 17$ f ]a 7-'.k F,, T ~ ls

«T ~ f Cl / V~t 11 f::: I ]?W ns h7 ]?,t R}p 27 }nay II}} }8?k fl}h. 21 ]re] ~ «$ h I $ f:}t 27 }Y~t II~ C II7 r. ~ I }":if ''." I.I11 }7P c h7 17:L «.I I7 }".Cf h'I Q ~,I }S}0 ,, f,'! I.I }8:k I. f:7 17 ]Q FIS }CIA h7 }pri. v:IC«C }0 t«h g TCF'}I'S }0?0 Tr:;f 2P }pcl T"R",rh hP ]«Pily hl I )Ol yrlr,y I Js ~ 21

TVJJJ 2P 1 "cat T « Ia 2l'h }Otk TG.: PV 0,] f'L2 2P 1{} T,"'C"; 2IKf Ã AA 2S vl I. r VII ~ rE h3 s6] TT7 1}."tt

CI«I«s«f f P

t ~ 0 «' I ~ I I I I I ]h Ig 2 fooffIII ~ ~ ~ ~ ~ ~ e', 1 ~ ~ e I T ~ I'rer ~ I ~ I'I f C I l r Ierf t.e ~ I ~ II ~ tl~ l ' GI 'I ~ eel Ie er:.I ~ i."JfCT ~ I I ~ I I'JI ~ e I'I If hl. e liifi4ef I I.inc I J ~ ) ~ I, ) sf

ISip' l 8085i" OSJJC HACRO AS"DKLERr V2I0 Sl l'i".GE

'CC CBJ ScQ SOURCE STr'.TEHI.!lT

TITLE ('Sl - TATE 1 Pf(C SSOi (18-AIIG 8 ~ 3 I I~ 5 I KiEl 11-JAH-?e re 1e, Ii Ce A I 6 I' Te itic Si Pi S)ICSLfJ'lD f 8 l PUBLIC Si 10 I'li I J EXT"-.H HOI,"; TY;E HCVT SUSP EXfRit SI.ASILGPttIOBKR 13 EXTRH TGRP 14 E'(TIIJl S TBITSTBrIBtlfTERHtG EGICLRBISTGP

EXTR)! A? 1 A II e"121A1 f AO 16 EXTRH LOPFL6 1? ) 18 I CSEG 20 I

cc, I STATE 1 F".,rJCESSOIR HOBULE rI7 ~ see I 24 I ~ 2J1C E'lTEP E''ERY 2'0 HILLI-SECGlluSI PERrORHS TH- FO'GUItl6 26 t 11 ~ I 1 CHECKS I!lPU'S FOR CH".IlOE CF ST'TE 28 t NlD SET I"OBE TO I!tf'UT COllGITICitSI 1P ~

", SEQUEtlCE,", 30 lI'iIF )HT IH tlODE 0 THEH RUH 31 I ~ i-505 :IA':5"J( 32 Sii LBA Hlc"E '16ET HOBE Ohht p'I ~ I 37 OA A fHOI.'E 0 ? Ielgih5 I7 C 34 . J tl0 IYESr U!P 7c ('!I')? 70 eI el KR Ai fte'.IBE 1 ? II'We J'I ~ Vrh Iil el p r.".Jf3 e IIIIPI Hl I if; t JI'e ~ (IO: 'I.'I 71rl ilf)I~ 1

E'r. l CISI TO 33 J7 H2 . YES JiJ.".: Ohe.f 7: 3ff Blep A ~ r. COIO CA3=.v) eI ti3 I'YF.SI JUMP 41 f ~ 1 ~ I EXIT!ZDE 4 CH ti Vi JTI IE 43

~ w r ~ hire rh IC C 'Ia LXI E)A3 ~ + ~ IIr E 45 O'LL CEifi eTUPil l'l l"'C 4 "'.IC;ITG"- (..'i' he ~ ~ I E 41 L".I l feleeiJ ~ Ie r. e) r el ~ CCT" 'iei Tit eeleL q ) Q C'.LL I pl.' 'T'f Pl rl. ~ e CCT ~ 'lrl e ~, fI I. ~ 4G J'lIL J1 ee ~ I he L.e E CO Lin Lr I', ~ h C "1 Stril I ci A 'Lf', OC t. OIt C1 C Je. ~e.ll fE"ET Si

Lrr( ', C.'' cE; 'IJ J,,es ~ 1 IlI 'l...i } PA ACer ~ I 1 v'I E c3 c C ~ J}T'rT.~I i'I".c",I'Sr ('..c'."'r C":."INST I'."..il.>1r ';FI'S2r ICFv'll 0:t? ~ ~ 'f Cr J2 f, l "crete C 14 1:C f':1 AtTee.C C ~ .'CT}'R'rlSE Cii""!l tlC 'E

C 1

C3 EXIT t',Gr;.„- 3 . }r („FG'JTjllE 59 50 PIPl E 61 te3I ~ LXI Pe+A 1 (t E 51 CkL c=Ti~ iT'JR}i Cll tl0'E 3 I}}91CnTCR t. CM.'liPP'4 rqcg'1 l 53 LXiI iri3E ('"')') c 5$ CC.LL TSTF rS"FETY Il}JECTIDll "-IGll'L Qll ? A'lwrtA r'. ie 5S il}T FEcET iYCSr JVP IP Il'» E, 55 LI't} Lrig FLG

'r'A \ 67 I'll Ii rLCSS ('F F".:!!ER CYCLE Clt? C 53 J2 RESET itlOr JK;F ~ T At,tgei >P„e'r'R 5e E LXI I A A. ~ r Pl'At JI,W i'I 1 c E I0 CnLL IIA I Arrpp J'1 C 7A r ttel r J%'le P.PC ~ )y CSF."<., C 72 selF Ci'..ECli i CT}l"FiU1 '" EXIT

'1 t 7 1 I '1 EXIT t!O'E ". Cii:Cti RCUTIi!E tet r IS r r ACT 01 Aretlei ~ '1 11 et ~ ~ I Jl 1 ~ y E II lie, ~ L"'I FrAf ripe A At 11 (t E (ALL cr TF. 17>!RH Ct! t};1K" 2 I}19ICI|TCR Ci1'C '19 1 VT i E 1 AA I:. SIAS AT AAr.n (I'„f50 ieA'V '0 v E 80 CI'.LL TSTF iS'FETY Ill'ECTIGll SI"!lAL C!t ? r FCIi lT ill,'63 D C Ci Ale RECET ftiI)f A e CAt.'I (')55 I Iiy s IiI E 82 LM L('FFLG L'LCSS g3 CRA i} Q." F"!.'ER CYCLE Cll? APitA ~ Pe Peg st"C Ci-r." C 3'1 J2 RE'."T it:.Or J"tl? I ti ~ t AJA 00 '1 'Cl' V 85 LXI Eric"tR I'I PPeite I 0'70 1 ~ tvr "I c 85 C;.LIL TS)3 ili:ESEL ( l:ERI',TGR I:REAl'ER SIGll"L Ctt? 00"' \e 87 JW F."ScT J ~ eilllct 'r l C"„-E" I C ":S OTic P ?IT 89 >0 EXIT t!A'E .'}l CK.RCCTI}!E 91 9g ei re0t rl E L.ii r.n-( ~etr 'I r'.IJ'."= ) E ( el 1CT>t 6:.l 1 It!T'ICPtTCR ht» Alt.rlA) slit 9= Lvt l',1 Sll.S rre ~ Q TST Q 0r (.'. II0 E ~ v C".LL ic.'.cETY Itl ':.CTI('t Siu'1".L Cll ? Cttr tet A (C, 9'1 111 sii J (1:eri'T".Rll1 ll!3l VU." AJCQ c fe A Lr,"rr s'l r ~ ~ I I 93 L G ~ ei I Ct ts e A LCi, }' tilt'1' 1 '1 ~ 99 0:iA 11 S C ~,eA,) I ~ C ~ ~ rti 'r 'e:

1 "1 1" 10. 'rtliS c,,'„"'t 1„'1 (}l„'>,'c 1; Tg l;A

J ~ J,P r I .rT ~ ~ ~ I r' 1P,P ~ ~ f': L rcc C'.1't I ~ I . ~ ti ~ I I ICI) ~ ~ E l')6 I IC P r 1 n'7 ~ «I ~ 'A e ~ I e! I- ~ Is.tr, f ~ ~ AOE ~ v I~ ~, is atl r' ~ I ~,lh h)aa

ta "C - ~ f')tia1 ~ v ~ J "r~'s-ST r t

h la

11C lI' l fhs ~ hrth Vsa I I Vt ' .. rl 'I P 'tl I As.la ~ }fan I ~ ~ ~ I l F..S:AS ah hh fah rf .Q i«3 Cr'.LL TS73 tS.-'.FETT IllJECTIO!1 SI'"!I~At'll ? htt ~ rt C1 h(as« l1 J'' l:vft tlaibt il 115 115 ELK l'.OI'E 3 GR 4 Ci!EC; MTIllE 117 1'8 ,ArhPIAt Or<7 E 11) LM LOFFLG t,hs f,'I h A 5 II tLOSS OF Pv'»EP. SIillt'.L O!l ? (asl l1 C .'"1 J!2 lICO t''fESt O'JAP ~ 1a7 t~ l'3 El!TER lm.E c u!~C" r;cJT'.l:E 1"7

1 sat'" ahh ~ CIAarlh J st C< 5 LY I't Tohhr ~ 1 I A I CnLL TSTP FIE«a ."t CREFASt er..'I",St t'IFAS1 '.".(S".t I'.$'Ui,'l,' pr,r.q Ag prh f ~ts CF:CK la ~ Ph7f err.7Vs l tv/ L'riI r:t,"3 Ch~f 1'P7 li"I gtg fhi't "7"~'P 171 S SIP 'i":E HACH.'..!I";E TO ilOIE 4 r i 0!

133 E! TER Vi0'"E 3 CllECll PZJTI!:E 1B 135 r,rv ~ AI p p h, p rlg 17 L"I Bt NE"lR

'37 C„rE „~,rhP Cs" L TSTs iDI":EL CEtlEf'".TOR I'".l'ER Gll ? Ih ~ 7tl faf ~ tall ~ ta \ I) atsl 4 lat J J7. ~ .I'sa tst'st Jdasa tA O'I..) f''h:,'IP E 13? LYI Ist II Qhr I ~ g, IIII Ps'i I l ~ 140 I Ot3 ~ ~ t (C! ".C.':":00 C l1 a CHr'll"E fCli'.ll."E TO 'lphiE 3 ~ 1 1

1'<3 Ei'!TER ili~<7E 1 OR 2 CE=Cls r-.o'JiillE ~ I ~

~ s t I'Iah 't ~ It)h I ~ SA LL'IO (" i i..'iv E t'»'-'.7 I ~ LO"FLC as F »II.,A rt tL.""S '.." P""."-P. SIC!'t",Cll . . r.h rsf rr. J" tl"D I V 1-:? J „PJ t lip '

~ c' ~

r hs 3 f i rat'hP 1.3 Lvt ~ ha ~ I ~ Ts"tt r 7"I I " t s 1 t 'll'f'sa "AL C'll 1 Tf «alt

n ~ ~ «a '„ I ls r ~ \ r>-i~ r n I'l l7 ~ 7 ~ t»J »I a I, r I ~ I 'ash '.b Il.hYtI d.Ai sr1 t«alt SJ ~ ~ sl II,I fl'","OE C I,l

s » ~ i P ~ r ~

LGC'::-J

eh ~ ' hregh P 457 ~ 7e iV~ L4 1 M ~ 0)AG 7 ~ h ~ I Iei I ~ ~ 4 155 ~ ~ ~ I'"c "'""" T" S '~" Ir" 8" I"'" "" 0 T3 C'57 '' I

CICel IO e hhhh) L ~ ~ LL.I 'l ~ E !58 C'c!MlG l CIILL STP c.fT TD ST6c" (l:I".i!UAL) STATE L'r.li 7A 1'7 ll '\ AI:< »e, ~ ar 7 lnh» ('i: l< q'reG E 120 STA lrrl't c SET .tl9";E r e pr ~ I I iehQCC)P E 171 ]e crTP I I".",ll H ler~cf Ill'I":)TIN .~OF 172 ?V)I A>-1 CT' ~ [ecnr» Uh Iie eIT II)7 Gir S E 1" e Ir< IP)itS p 0(FB nlnhr 1".5 LXI H,n Q ~ I GG.B E 17. ei."e r "LtIT I'r",EEET "ii'ISIS. CC'='lOOi -175 177 170 CCl5PI EhIT 70 $ FE 3AGGn0 E 130 L";A tiGIIE 1 GI <1 c$ A t TEST liGI'E r,trl') rlhf f IV) CII2 GS=9 !C:.'L 0"TPUT F'..".".=".:C=," IF rlOT tlni'E 0 ~ '[e hvflI>. I. » ~ (, cTI, 0':: C30000 E 103 ill TEF.5 I I~ In~

10S 185

I c'I7cghl fit; Ih S le ~ PG'e ~ C

Eh: .~ 'lelL a e ~ ~ ~ J S Ai E GCGG A2 E 0000 A3 E GGGG A7 iiGGG CLP3 E GG'r0 I'GcllR E Gl'."0 Ighii hrlrq Lrw I i~hFLG Gn"> Iin r E E 0000 E tlci/T E ('~00 I ~ '"JE E 0000 0".EO E (I"'0 g C ~ C P rrrh r The »eall» iv'aG E GJi) SL'.SP' C r'00 TERi'I E ('.7) TG.':F' E (000 f (0.)0 TYPE E 0000

QVIeeeCel C L~"=.r. ~ I ~ e~IC 7 hl r he II0 E6 00 IIk GrG) II2 E 0000 Ii3 E GG".0 A7 E GG",) C"I'Ih'c Ie le%'L9 D"'C" Cr".E r rlhrl rier 'I ~ IC e ~ E 0".00 Je I E (".)) E '.;.'0 LCPFLG eIG C 0."PA tIG'g 'e Ilel 'lie I"..G C 0".;C j C rGES ti1 C (I~c ~:C, C Gi:7 PI. C G).S ItT E 0';I'0 tIOl'IE E Gwieip D."-:0 ("."') G" E d» I C 0"'Cf S1 C .i T0 E(') SIAS E 0" 0 ST 0.". E ')vL) SUSP E (r'00 TEe,l ~ r.r e.le l.h vie'4 I 'rY E Gi)0 TST3 E e) TYc"'E E vr>'IG ~ Q Ir~ C add IC I'I IJ I 156 ~ C ' C 1:9 ~ » I ~ »I) 15 I lc I.'I'.I I'l ~ Vll( ~ ti3 1 f<'.$ ~ I' 13'f Sn An 'fTI CC- Inf.t. ~ » f f iJJ 1vvt ~ I

12 35 1;"5 iJ3 ~ 17 aI'jI, ii v C(a ~ TI f l r 'Cr F'.8 I( c0 82 98 119 146 VJt I ~ l.„' 1 I)

V fit( "1 I ~ l V.TT» ~ ~ ' V fi4 II.TTJ 118 Ii~ n",i :Io 36 t'I" 71) V'g ITJ I,'»I ~ C IT 1 i ~ ~ ', I~ 1 Il ~ i 32 170 180 C:-9 14 182 CTI CC(cT c5 65 63 71 81 84 87 97 1041 l C> 32k i Wl\r 14 46 78 94 171 (Iit;) I7i 41 63 79 95 112 168 11 10 r . ~ I ~ ~ 14 »'J7 f7 c3 12J C' 14 43 lf1 64 70 80 85 96 ff3 127 137 154 li 105

Cf".OSS REFEF."t!'".E C".lFi.ETE

n( I qr rti(l TJ * lktkffff " .t "T 19

~ J ~ ~

~ ~ l ~ ~ s ~ sr + ~ T,'I ~ ~ ' ~ 'ssrl I ~ ~ ', I',ll «7!I T v} c I,rsc tilts \ «nt strlt ~ s.s'v !'( ~ sis s ~ ~ I ss II isd'J sl I ~ Il.«J I s,), I."sd ~ «I . ~ ~ 'svslnLL dd») a'st ns»F li) ) Is

r J(+»'TALL

FACE 1

r» "-r"»CE 7 -"'-'}IT Gv rl~ VIVY

TIT'TI".LLl!.-'iiE ( ILr TI,'i. I. p STAIJ T, }FCT}.,'GGIC <13 AUIG-G2, ') s

DATE I '1- nli-7G 5 SI Pl SlZGLL'ID

G f'UtLIC STnLL 20 11 D!R)l .' tTSTALL:SFISL",!L13TSD".rCLfi'tA7 12 1} 14 CSEG

1s «C ST!'.LL DETEI Qi RCUTI}!E 17 ) 18 I i Gh() C- Iy STA'l ?USH t".I'Ii(: PEGIS}Ef S IlI'., I ~ I. C''Vs'd f'USH D «C J 11 PU.SH H ~ I «srs!} 1 I LG'3". \ ~ fs' E ce LI.I DISLf'tGET ADD.";.SS GF FLAu nss«g ~ ~ I'»( ~ HTTSTALL nnr sh 1«sr..n ' sl ~ ~ In'L' sl D 21 LDA Sf tCET ST}ILL S!nTE Fl.nG nnr 1C C est 0?A A ilS CITI" R S'ST H RKIHI)lG? ~ gnn«, n1« 1 7II wc-'.4 I5 BIZ ST1( 1 YES} Jn'}? 27

28 THIS ECT Lsl E.'EXECUTED ri)~~till GTsssER SYSTEH STnLLED ~

I ~ ~ »»stt I }sD Cislrna[g IIsshUT t))}i) s C CI'ILL FEA!'Cts sl hh I I' QCCO (nl IS I ~ C Vk res Ti }.II fans g 31. l}rsi) E v2 din vs I ISn"E II!?UT LEIJ="L 1 I' ~ 7» (:s}0 'I sC Z)I nt I I E 34 ST cf 'TCLEr'R ST'.LL STATE FL'lG (SFT f"."ilail'G) 7 ( if C sICdJ Jr? ST2'j

~ O 3'I THIS ".ECTI."II < "CUT»D ';i.'-".'iHER SYS EH IS RL",L},'IIIG, 33 ~ ~ 7ts I n«v I 'TO L!:AX n f T $ f FLA» r,» » V I 49 ORA rs s.'.h ~ Qg ss Is s'lp ("J."3 .nwI I C 41 JZ ST3'! I Yl.v l < I.~ . p'p "ES"-"'} N3 AT UT':"'r!) ? f'f 4P n»1 ~ c ~, ~ «Tss I~ ( ~ I ~ s«1 ~ ~ I ~ Tt ~ l !'(R IH t » .. I . L I ~ »os ~ I' r I g T ~ s) .: .'."i (~':t(fD) ~ s ~ 4( CI .-.(;) r s I 47 Cr'LL ~ ~ ~ n It I J ~ ~ 1 Qtl s s I s II s ~ ~ ~ ~ r. ~'I I' ~ ~ ~ 'l ~ « P ~ CC h« I ~, il If 1 ti»I c7" C rf g ~ L F;: 4 Iii

h I Pih L-r J vJ ci'-(E ST)PiE FHT

I i. 1 h?g' h Iehr rl 7 v l J'I'I ~ ~ LCI "> I, ~ "'PP rhrr E 1 CI'LL 'TI:"-'( Oc S "L 'ECHE ( "L T"")') r ~ « h ~ ".CA rc ~ l t »v LXE. PIA7 ~ r «Q E t5 Cl'iLL I'tL'.-„tf. OFF STALL (irtOSITE Tf{AIIH FliIJ!iCIATOR C'r I nhi hh 'I h0 ry g ll')I At0 Ch ( 4'. I TAX rB l "l"'"L0"" FL'6 hlhlh'Il :610 60 )('I'I H t 5 fcET TIHER TO 16 () SEC.) (04 I,Q5II00 C 61 fiQ ST10 61 l 3 BEFC;.;E Ml)KIJhU P.'."";CESSOR

65 1 C? r.l n h."g'f 35 55 a'itl H ~ ~ II I? Ilh h II \I '«h 6' r J"";Q STI"LL R"ONE)'6 i ~ 17 v«VIIQJ ST90 I IF Ch'I '»'» 1 Jl lVPE Afl tih ~ »I ~ n J ~ C ~ 6S B i.ET L03i( FLAS {ah ~ CPT TI)i«Q ?Q Q ~ii'v 3i.3 i[9 HI)I H18 P ~ ~ ~ '«Jh h '«c'0 rt ICrlt F" «1 III (IP I) 'It) «IIC QIIUT v«' 'I ~ i» 70 C",LL ~ hdLli C I hhC'1 7« J? ST10 i 'L,"i.". IF Sr!'z AS STr;lEB (EX!T) ~ « ~ ~ rhl CIJ I lilt «~ » E I I S'I'I II(nUT I ricg 1 hg ST<0l Illi! A10 P 'ihhhr It C I J »1 1 I Sc tS T STI'ILL IH 'ICA tIR (tel)T RJN)IIil6) S'hI C PTL'hi ~ I ~ hIC";(0 I J P1L13 'ibt ~ 't 1 C rt00;h E I II CALL ~I Iv 3 ISSUE STIILL ALAIIH (LIGiJIT) h« 'j h'h .h 1'I ~ f .':;.''I E I I L.11 IttA7 hrhtt C L«v I 7B CAt L SETB 1 TURii Ce ~ STAI.L Oi PGSITE TRAIH fiiiiUIC'EATGR 79 t

({0 1 CC.'Z"M EXIT

81 1 (ht «Ei g1 ST90l f'I}'" H III QhQ I I tli 83 B hl'I« il~ h vl P1 f'CI' hr:.:,;t C9 I»5 RET

Pj6 1

07 1

u J 1 Pc?,c)»'~pf»IP$ $:,j«'$$ $ »,$ X„."»zPI»I$c»ADA+„p+P$tl,i'„g«$g

ny 1

np 1 RDi! H

93 1 fI.=I'tB !lit'UT I.HB CK"'/Pc "ITH STCREB ti'I"LUE I 9$ t CC' hc ('(!: J

~ P 0« "..'(If(') E ?5 'XI Q1 RIH I'E:'.('!i:UT I!ITO .IT 7 « I ~ ( ~ ~ 7}

I ~ QO 1«I'I i»l . ii

1(0 ~ ~ r h? IIQ 1::l

« 1'J3

II~ I th J I ~ ~ I'» ~ ii I I' ~ i"<~l ., a>z>LI C 1 yt >TC (1P. g)

r O' 0 F~ "4 rs y P~rg 0)'0 SETS E eiF E iX') SLEV F. &~t".) E "000 c E L13 E 00)0 ~ 0

+Teal ~ g L13 E V.'0 f'"~)CIA C ccTO E (";0 SF E 0".00 SLAV E 0000 0';ID S'0 "0 ST20 C 003F ST30 C 09-'.? SI40 C (02 ST"0 C!0SE STV0 C PP '0,) L C 55 19k

CCA"-S f,EF t'7. CC"P I" .' t 1 LCC 0 J g r

at ~ Ph ~ h gE h C T> TLC '"""" =):fry - "-"~;r'; EU!"0'.~lil..iS ".:-'06-P~D') 3 I +7> P I>AI>rl 4 Esa ~ '.I- ~ t ~

at 1 I 5 I'A:E) G IAa',

7 1 P, S.;eCLu:;."i 0 t 8 EYIRi) 0 ')it ~!)tlLliÃtNCLITYFE 11 t 13 P)I'-LIC Eil'I,lftf,~tTcTL' PU"LIC l.l"'I "'I'

"T'f'"-EG 15 1 15 a 1 1 ) ~ +'4 a'I'f>a t 10 II t+ b$ jt4) ".12~.", P)~P,'i?1P'?1I?xk,'~gt)

19 1

2G 1 IH 0"TPIJT SIT )lAP

11 1 nn ~ 4 1 Lt?0l) E" -"Yt W> I h 23 1 B-,'EG = I:IT PA n> TEPI'-REO = if.."ET Il!'.0 Ul) (OJ'PIJT I'IT )>4?)

ne 1 a V"".H n5 a> IL> II 1 SAI)E R";GISTE".;""

h a 2? PU'5H H ~\ ~ f>I, QG E 20 LY.I Hl G'='H '>at &t la 29 kiQ'.1 . 4 I ll + f I5 r,5GG 3G 't)I I'II) (.f.l. h 60 71 140 ~ nal, fi ".;A H I";rT "'I 'IH 00TPUT TAELE n7 33 t "".614 E1 14 Pe? H ah r'",,I; PET i 1 7n < k ~ s'"$ TT,'>it),t,t"? > tlg ) t > 1 5 1 j t $ I fP.'k') t ) 1'gee I 39 '0 CI r"~; 1T .," t:!Tna'IIT )

1 l C-'" = .""'':"'..''': '.. I': ~ C'> 1

>I ~ > ~ ~ ' >a g ~ 1> f C'c L.." a ~ 7

~ ~ ~ Q I )I > ~ 0 i ~ i h ~ $ ~:>$ ~ ~

~ ~ c' ~ f I 1 lG l n I'.-'t', f))7 P ~ ~

»1 . ~ ~ ~ , , ~ ... .-..." tn

C;C( JU 'Ct ST" Eti

~ h C iCZ'".- BI. Ilt GOTFUT I'T t",AP Lr,~ i 't7 f I » i. Ph (".)A E1 f 691S Cl NP B

(iver C r0 fiP T r RETUirt fh ~ i 4 r i '1'tr t tt'"'tft't!t j'.4'"$ tk$t>'at;i t~14f t!1fr.>;t',:ir f, 89 'r ';. i - TEST:-:iT IN IH?rOT B?T t'.AP 5" i 53 rUP"tti EHT"r"ii 5C r B-REG = !IT r"AT'.=~r'-f;EG Cc ~ = C"rFSET !tT9 Ii:1 (:ll!PUT BIT NP) 55 r f nih C5 7 TSTBl PUSH B iSY'.ErJ'ERS nGr t ~rf.J 58 f'OSH H n»enny (91F 4 ' » ~ 5~ LNI H! IBN nnhn » I A rfi 7:.1, N" Ar S Gi .13 (5G 1] HUI BrO (,nnf 72 I'A!r B fi">5 73 At A H r TEST BIT ( ET STATU~) (Inn'i 7A POP H ( ann C1 ?5 PCP B 75 f;ET

77 ir 79 .trf$t 1iitt't'f"f'g.ti}$ ggrgt Pgfffgq1''t t't't'tif$'t ""f "gt't)ii IP "') i TEST VG";,J (S BITS) Iit Itl?UT BIT tI'P 81 r 62 i OPUt! E!tT»:Yl 83 r 8"r'.EG = BIT PATTER t ~ Ci ~ r C-BEG = OFF'ET I:!T'." ISH (I!!?4T B!I l':AP)

AnA f»f Gt.n .J 85 |STUl r'USH B np: E5 87 PU":H H r r QA ~ V.' t. iran»» SS LXI Hr II't EQ t'OV Ar~ fir;15 ~ ~ 4» tl"I PrG f.isj r n f~ ~ 01 NrB B G'J3»1 'F2 CliF H f A3 ~ La 5'3 PGP tl $ 1 f'GP B i r f:ET

",E. r r j..'.if."i 9? r'r't,'t tf>>t> ft'.!rr tftr'tr1> rt$ t;t:1>e 111!'! t: tr»i'tN".'I!Tf',,.r','

1':: r ~ r» ~ I rvrn ITrr

j; r I »A ~

v ~

~ r ~ ~ AC ~ A r ~ rvi I ~ ~

~ ~

~ ,I -- ..- ~ . ":a; eel:iitp in r

isSIA A sv S

cC'.:;-CE STATE)l=i)E

~ llT, '1TI ]OS IRF IT" ]:9 I,s ]]C Off":tT frv' 1.Iv ~ ss ss 111 s''13 h 01 01 0') 112 C t i. 0 0 113 g'(l]1 „AC 0 04, 1 01 114 SIAS iS 1 115 LPn h 10 1 h4 116 QV 6] 0 0 1 rS 117 gtA32 0 1 10 1]8 I ..'::JH 1 40 sn A]9 1 I:T.i'KR 20 1 ~ V

120 1

v ~ rhh0 E 121 TLs L':A 11:)l 1"2 A ii1 ]23 )S') Cih C 124 LI:A 0 0.'4 C 126 STA GB!) 127 LfsA IT."."i ]nn Al)I 7CH 129 F;r.'C 'hali 130 RRC 131 h3)) C1A 137 LI'A I";l')2 133 ANI 30)) 134 F:LC 135 RLC 16 GRA C 137 PQl) Cih 13S LraA 139 GRA C STA GiH

142 1 143 )'.]f";:+",fkf'$fffif!fk]1X1f~t'!lSf1P!fHNNVf+.!.:! .P."f;4.":.V

144 1

145 1

.~a 1 ~ s ~ s r ~ ~ ~ ~ rA T )1 sit 11 T Q TC 147 1 I F $

1 ssT ~ ~ srH ~ Issl. '. Ir 1('rti n C':9 E5 1 A9 L1I H I'". (Ir ~ irn,II ]rh '1'.0 ~ vl ~ ~ ~ u] Hi0 T.'.hrs h t ]51 LLA I I:1'\' rs 1 ~ 'i ~ 'la ]r.n XP4 sl ~ r'1 A KC'l 514

s's ~ ~ ~ sisI r 1 ~ is'A H

+ ~ ~ ~ ~ I ~ ~ ~ r

I ~ ~ 1' i I".."4 ]r s )iIssi ii1ii ii

' I s s 7 ss ](A 'I.',A ii

~ ~ '4n C l'l A f .". ! A r r.rg t ~ '1 I 1 l f a ~ .0 M

I C:.J; '0

hhc1 CO »u)»I cct I L,)

a» ~ » ~ e I'CJ jIII;I?,X? t.?! f..?!;!'?:. it. f,» V t 4»? t:,~W I '.. I,'1'»? SAX»"?; 165 I ~ 5« I I 159 I fare» ltfr rt»'lr» I r T T{: I Iae n rrre':r rea t'l t' » ~ ~ t TH ~ a'«'lie'»a.a. ~ Te ~ LC»e I «a 'll~ «.»I «,L I'J ~ ~ rec 171 I CteqeaC»eta (Te TC TV nee l Ill« tc r«.. Jh.»CI»tr ~:ah t', »l rCt 17" I 173 C') P E5 173 '0 P' H

'U C«en) 'c S'f /eric 3 175 IJ»{I L J ~ J T 0 f. el ~ h{a f r 0055 I'C» E 176 1XI lIIO N ' « ~ ea al {I 1?7 ! II !!120'< 'CET AfJTO TEST SI.I i'i!!11 -> 0" 0rlr,fe I c/e5 178 1!')I At6 0hl'I E 1?c STA TveDc !SET TY"c TO A"TO S'JSFE!!IO 1'010 El 1$ 0 F'P H l81 F.'iT ~ P'I I 4+» 123 r '0? t'c-.0",~",W'S?'»41RCA? 4:{,'?4 1$ fikXgiC+g'g pi 1 'tg tgt-.+cg {{g I:.t I 135 I 185 SET TO ST."i'TATE I 'I 187 I 1$ 3 I 189 TPIS RDUTI"E I'"-3 THc FGLLG".I»!'l 150 I II» C»'»C al l Pettcfl 191 « ~ Ce «le ~ lJ Il'«l Jl ) I'ST L:."H -': F 193 I 3» T.ST P: SE -> OFF 19< I -'CF 195 I C;ht f..r.f-»-,-.h „y;.I» 195 I 197 I 7» i'.0"'E -> 0 15'3 I 8 TTcc -> 9 199 I 9» /.'J10 TEST SUSF'E}!0 -> OFF 2h0 I "01 I '.I 0h I h. 1 ~ ~ » Ec ST PLISH H I ~ '\era I'Ia E 3 LXI Htn;l! 4' J I »H10 i 40 I\a C 'Ip a'i at I!'X H P.tn ,".C'V Ae.'l

aa ee c/ )7 kel I it~"" '.I ',LL r"" T.""AlN riT rr{t « 'l ~eh{) ~ I a ~ J r,or !'Ik aT ' Of) ~ 7 IafX H r ~ ~

1 ~ ~ r- ~ e U ~ ee

Si."Jl:(E STr-'Ti ErlT

'3 ItÃ 'e" ~e ~ ee ~ ~' i rr ~ e'e ? ~ e ~ e.e ) r( 'e 2el i'g H uhte A!tr e e ~ ae c:.! I r Crr reee7 (,9$ e 77 krJ er tt!4 (',e, 1 ~ e 1Q ~ C!e e r: 'e A err 3eeleee,p trh: ~11';~ h (7cc7r:?$ 1 (:933 E crA . e rccT Tg ee''Yr ae, ~ r ~ a peeee5 STA E rcET T'riE T9 0 (O'O."-) 117 Oce Pp".-'9SA EI I F;ET

170 E!t!r

CLF.i: C:(E LIGHT C )0 P SETr' 0099 STL C 0037 STC?' 9962 cUSr" C 9952 TSTE: C 901" TSTit C 0:2A

Ey ".""'L SY:.'OLS I.:LIt:s E .('.9 i;il E 0999 VOI!E E 6990 0"6 E 0990 TTrE E 9099 r 1 r'f LICe r1 e,% Gr $ ~ e q ee: I E r 009 CLF:3 g h.",(E ID?l E 9999 LIGHT C 0033 tlOI= E 0999 OPS E 9".99 S-":9 C OKO fehg'e STOr" C OGP SJ."". C ph52 T TS C (CID C 002A TYr'E E 0990

AScih:LY (';.".PLETEr ?I0 E".r.'0"...S gCI ~ 8 10 ~ J ~ ~ J 1'3 45) p gn ra' T ~ ll s l:.'1 s 1 ) y, Cl 0 6'\C' ~ IJ ~ lr 'r g g7 ~ H V g (P 1". T STL 13 1;L v,wp

P' P P E II1 LET@ ~ ~ re i e

~ + ~ ~ ~ ) Cee.)5 ~ < ~ rI r I, (' ~ «(I 7 r) AC I 1 Ile: 'e gC I'rI C

f tt C

LCle I SOURCE STATEtlEtlT

1 ('IDEl

"; i I:ATES 1S-AUG-02 6 i 'ROSF:0'tliERl S. Pe St'OSLUI!D r t Q; r$'y g 4%AD,gkgpk "tWtrt"tt.„":;.gkpgktktt"k„'.Xyfp fWt I 10 i THIS ".ODULE CCtcTAIt'.S TH" DATE ht'0 Ti'I" REVISIOlt tlUne'ER UHICH O'LL 9E PUT I!!TG THE L.-'I T E'.-'RQire kV~ 7 t~ 'A$ 'P i'N::t t $ ff 2 S XkP% fkW~'«iffR'etkk~fXAX~'ttig f rk~~ggk~e: 15 i 5 17r CcEO $ rt < 9 f'U-:LIC DATEttIERS et 0 4 Cr,.00 Ag CC]» C At' 'er «A f'lt I « ~ 't3 'AUGUST 18t 19S" r: 7»1 ' r17 ~ V '1 I Ji O' .p ,C'771'l$1'l< rI L.eeeltl

Ah "3 DI! rP!.ILS I -'rl C'» VERSl 03 ~ )';>7 ee /e re ~ „r . re w r., hrj< p I ~ A ~ I 00 re ~ le+A ~ 'l 7 lelreet e ~ s««r V et ~ A t Etta

( I I!,I ~ re . tj;:"0 VERS C 0014

I"."'Ef.'t:.1 SYI'i 'OLS

r ~ - I ~ I \

~ „;E C .;.070 'I RS C 0014 ~ ~

~ r I

~ w T~ ~ n l4 l4 II ~t 7 OPTICAL LATOR VOLTAGE STANDOFF TEST FICATION C AND PROCEDURE OUTLINE

The following constitutes a justification for the recommended procedure for testing the isolation capability of the optical 'isolator assembly (0342-7100) provided within the PVNGS BOP ESFAS equipment. Attachment A consists of annotated excerpts from Reliability Handbook MIL-HDBK-217C regarding discrete semiconductors, i.e. OPTO-Electronic Devices. Considering the opto-coupler type used (14 each of 4N38A devices) and environmental conditions expected within the equipment, the total MTBF for isolator assembly based upon the isolation standoff characteristic - this assumption is probably overly conservative because the MIL-HDBK-217C model includes all failure except degradation of output light from the light emitting elements - is 13.3 years. This result implies that each opto-isolator assembly (0342-7100) must be removed from its cabinet assembly location and bench tested for voltage isolation standoff capability per the procedure referenced below.

Reference information regarding light output degradation (CTR) is also supplied in Attachment B. Reference information concerning opto-coupler isolation parameter measurements and data sheets for the 4N38A optical isolator devices are provided in Attachment C. Specification 13-JM-104, Section 4.4.5 ' requires that ..."Electrical isolation provided shall be capable of withstanding application of 1500 V RMS, 60 HZ potential for 60 seconds without degradation of isolation...". The procedure outlined below and performed once every 13.3 years during the plant life for the isolator assembly should verify the voltage isolation characteristic of the cross-train isolator assembly (0342-7100) . Because the isolator assembly, is partitioned into two sections via the common input and output return lines (designed to minimize the number of terminals needed on the terminal blocks for circuit interface), two tests will be required to be performed on each assembly. The first test will verify isolator circuits 1 through 8 and 10 (see schematic 0342-7110), while the second test will check out isolator circuits 9 and ll through 18. If a failure is detected in either test, common troubleshooting techniques may need to be used to locate the failed individual isolators within the applicable group. This additional trouble locating effort is forced by the common input return and output return printed circuit layout. Figure 1 conceptually indicates the test approach and equipment setup for the voltage isolation standoff verification test.

As a first step, the 0342-7100 isolator assembly must be removed from the applicable logic cabinet by carefully disconnecting the associated input and output wiring harness. Particular attention should be given to disturbing the lead dress as little as possible so as to minimize wiring reconnection errors.

Secondly, a shorting jumper should be placed across each protection diode associated with both the input and output of each optical-coupler device. This jumper protects against damage to either the input led or the output transistor of the isolator from high capacitive charging currents impressed by high dv/dt's during the application of the test voltage. Thirdly, a high voltage breakdown generator (GAC recommends the standard "AC Hypot Junior" unit manufactured by Associated Research, Inc., 8221 North Kimball Avenue, Skokie, Illinois, 60076, or equivalent.) is impressed across terminals TB1-9 and TB2-1, and checks are made for any 'reakdown with the test generator set to 1500 V RES, 60 HZ output. This test voltage should be applied for 60 seconds minimum. The test generator must then be moved between terminals TB1-20 and TB2-12 and the same isolation breakdown check made. l After successful bench test completion, the test jumpers should be removed, the isolation assembly carefully re-installed in the logic cabinet, and wiring connection verified. After verification,'normal manual test procedures should be conducted to verify that each cross train isolator circuit employed functions properly. oPFosIM logic LMOTTDtl:2 TR'4ul Eau>F'waHT RE%DUE /50LA1VRA.SSEME{ Y P-ROM IOrnlE. 7ESC C4BNJET'DJ2. TYPICAL O'PASCAL opPosn E MGIC HDPOL6 THaN RECeIVirin t'KlVirg TYF'(C A L ISOLATOtZ QlR.CU IT C&~ SHDRl IhJ & JUMPER, C,Sv

4N46 7BI R3 Q~~2 950 U/ ZXX (A) Qg 3 sc —- —4 Cs 2 5'u>5A C79 oc /i54 '/ig+ ~ l I Rl OP7V- iSOLA CR2 g2 7VAf I I %Fly Ca,l I I RYI I I To P.e, Y I PCS'tM4M ~@ 0<') (20)" %0>) ~ 1,c LCICAMS VIELGCTRfC "HYPOT" Terna. 'Igloo VReSC~> 60Ez. XTP5T I COVE'gS lSOtATOR C9 << HYPN TESll62. insure 1500 VAC isolation standoff characteristic. THI-20 4-~b TM~ l2 . HI1'r.HDB/',21 7C AlT~A<&n A 9 April 1979 A'~<+/9 /'HW: u'rial'~Pz~~ ~~~rzoH, DISCRETE SEl/iI CO.')DUCTORS Au~~r~nows OPTO-ELECTPONI C DEYICES 2,2.10 Opto-electi onic Semiconductor 9evices, Group X.

SPECI FI CATION DESCRIPTION

MIL-S-19500 Light Emitting Diode (LED) NIL-S-19500 Opto-el ectroni c Coupler (Isolator) None LED Alpha-numeric Display

The part failure rate model, )p, is: /

b "C ~E "0 failures/10 hours ~ (O.NH)(I.S)(>)F00) = O.&l2 FaI~ZeS/<~C ~~~ cCdZ &0CH +n/gag where: >b = base failure rate in failures/10 hrs., Table 2.2.10-4. = mC complexity factor, Table 2.2.10-3. environmental factor, Table 2.2.10-1. >~ = quality factor, Table 2.2.10-2. The above nedel;includes all failures exce t deoradation of output li"ht from the liaht emit+ina d dgi concerning light degradation, see Bibl',ography item No. 49.

' TABLE 2.2.10-1 TABLE 2.2.10-2 >E,. ENVIRONS NTAL FACTOR >q, EQUALITY FACTOR 5GF PP Z"ri4 ~ t@aasrrrom

Environment guality Level Assv&r&Q ~pl/Ac Q~BABIIcr~ 6 Folic vs. WnZ EACH c/S~ INC%7M. CIRCuiT AAlb CSeiCC ~G Ql JANTXV RrWQruCX'e ma, EACii i>S~ SF 1 CSCCWv. /c/iJn rAm Ourpur G 2 JANTX &RCVC7" 7M 7DTAI ISOMER A4ic.v~ dATG Is: A.T 2. JAN 10 A = 4/,. = /g /o. biz)~~c AIF g 'ou~' LQIER* 50 N ~rotc PLAAT~+* OR ]g G)„ +10 PITB/= = /), = //C.7/Begs NU = *-App lies to a i nern:eti /9.Byes AUT packaged alpha-numeric displays 8. and to NON-JA.') hermetic packaged liF LED's and isolators. M 10 *"-Applies tc all devic s encapsulated ws-.K organic materials..

2.2.10-1

OCV~RKul- TRAtc S'H pDaAEQT RKlhBIL/7Y3 %I S M>I+

MfL-HDBK-217C 9 April 1979 DISCRETE SEMICONDUCTORS D OPTO-ELECTRONIC DEVICES TABLE 2.2.10-3 +C> COMPLEXITY FACTOR

Device Device

Single L'ED 1.0 Al ha-Numeric Dis la s*

~ 'in le Isolators 1 character 2.8 1 character w/logic ~Sim le~* 1 5 chip 3.8 " w/1 trans. ~l:8 2 character 4.0 " w/2 trans. 2.2 2 character w/logic " w/lin. amp. 3.3 chip 5.0 " w/lin. amp. & 1 trans. 3.6 3 character 4.9 " w/lin. amp. & 2 trans. 4.0 3 character w/logic chi p 5.9 Dual Isolators 4 character 5.7 5 character 6.3 Simple** 2.3 6 character 6.9 " w/2 trans. 2.7 7 character 7.4 " w/4 trans. 3.3 8 character 8.0 Q " w/2 lin. amps. 5.0 9 character 8.5 " w/2 lin. amps. & 2 10 character 8.9 trans. 5.4 " w/2 lin. amps. & 4 trans. 6.0

+-The number of characters in a display is the number of characters contained in a sinole sealed package. For example, a 4 character disap ay comprising 4 separatel packaged single characters mounted together wou d oe .4-one character displays, not 1-four character display.

~*-Simple isolator(s) contains only a lignt-emitting element(s) and a light detecting element(s).

2.2.10-2 HzL HDBv 217C ''pri 1 1979 DISCRETE SEMI Col)DUCTORS OPTO ELECTRONIC DEVICES

TABLE 2.2.10-4 OPTO-ELECTRONIC SEt"iICONDUCTOR DEVICE BASE FAILURE RATE, Xb, It/ FAILURES PER 10 HOURS * ( op~ max " op~ max)

T (OC) .1 .2 .3 .4 .5'6 .7 .8 .9 10 0 .0002 .0003 .0005 .0008 .OO12 .OO17 .OO24 .0034 .0048 .0071 5 .0002 .OOO4 .0006 .0010 .0014 .0020 .0028 .0040 .0058 .0088 10 .0003 .0005 .0008 .0012 .0017 .0024 .0034 .0048 .0071 .0112 15 .0004 .0006 .0010 .0014 .0020 .0028 - .0040 .0058 .0088 .0146 20 .0005 .0008 .0012 .0017 .0024 .0034 .0048 .0071 .0112 .0200

25 .0006 .0010 .0014 .0020 .0028 .0040 .0058 .0088 .0146 .0288 30 .0008 .001 2 . 0017 .0024 .0034 .0048 .0071 .0112 .0200 35 .0010 .0014 .0020 .0028 .0040 .0058 .0088 .0146 .0288 40 .0012 .0017 .0024 .0034 .0048 .0071 .0112 .0200 45 .0014 .0020 .0028 .0040 .0058 .0088 .0146 .0288

50 .0017 .0024 .0034 .0048 .0071 .0112 .0200 ~ 55 .0040 .0058 .0088 .0146 .0288 6r. .0048 .0071 .0112 .0200 6~ ~ VM to .0058 .0088 .0146 .0288 70 .0034 .0048 .0071 . 0112 .0200 75 .0040 .0058 .0088 .0146 .0288 '" 80 .0048 .0071 . 0112 .0200 85 .0058 .0088 .0146 .0288 90 .0071 .0112 .0200 95 .0088 .0146 .0208

100 .0112 .0200 105 .0146 .0288 llO .0200 115 .0288

*-Ifderating information for isolators and displays is unavailable, assume S=.5, TS=25oC, and: Tmax = 125 C for hermetic isolators. - Tmax = 100 C for plastic isol'ators and for all displays. See Section 2.2.11.2(7) 5 (9) for correction factor for S ratio and for the appropriate value of T to use with above table.

2.2.10-3 MlL-HDBK-21 7C 9 April 1979

33. >Nichrome Resistor Properties and Reliability", RADC-TR-73-181, A„ 765534.

"Dormancy 5 Power On-Off Cycling Effects on Electronic Equipment 5 Part Reliability", RADC-TR-73-248, AD 768519. 35. "Use of Marranties for Defense Avionic Equipment", RADC-TR-73«249, AD 769399/7.

36. "Reliability Acquisition Costs", RADC-TR-73-334, AD 916286L.

37. "Electrical Characterization of Complex Microcircuits", RADC-TR- 73-373, AD 775740.

38. "Reliability Study of Polyimide/Glass Multilayer Boards", RADC-TR- 73-400, AD 77194.

39. "Infrared Testing of Multilayer Boards", RADC-TR-74-88, AD 780550.

4O. "Laser Reliability Prediction",'ADC-TR-75-210, AD A016437. 41. "Reliability Model for M'.niature Blower Motors Per MIL-B-23071B", RADC-TR-75-178, AD A013735.

42., "Reliability Investigation of the MSC 2010 Transistors", ECOM- 0092-F-72, AD B000815L.

43. "Reliability Investigations of the MSC 1330A and MSC 13308 Microwave Power Trans i s tors", AD 923318L.

44. TA8694 and TA8777 Microwave Power Transistor'RCA Reliability Investigation", AD A007587. "Reliability Prediction for Microwave Transistors", RADC-TR-74- 313, AD A003643.

46. "Reliability Study of Microwave Power Transistors, RADC-TR-75-18, AD A007788.

47. "PAD". Nonelectronic Reliability Notebook, Revised", RADC-TR-75-22, AD A005657.

"Reliability/Design: Thermal Applications", MIL-HDBK-251, 19 January 1978. ~49. "Development of Failure Rate Heels for Semiconductor Optoelectroric Devices", FAA-RD-76-134, AD A( 29163.

50. "High Power Micro~ave Tube Reliability Study", FAA-RD-76-172, AD A033612.

C-3 NIL-HDBK;217C 9 April 1979

SEMI CONDUCTORS 'ISCRETE

= maximum rated zener current at I>(+ X) TS G.F.. stress correction factor per (8) below (4) Group YII Microwave Mixer Diodes Operating Spike Leakage (ergs) S = Rated Burnout Energy at 25 degrees C. (5) Group YII Microwave Detector Diodes

POp (Operating Power Dissipation)

P+,X (Rated Power at 25 degrees C.) (6) Group VIII Yaractor, Step Recover, and Tunnel Diodes.

S OP (C.F.} PmX

where:

= POP actual power dissipated = maximum rated power at T PMAX S C.F. = stress correction factor per (8) below

(7) Group X Opto-electronic Semiconductor Devices.

S "OP- (C.F.) or S = OP (C.F.} IMAX PWaX ~~ =,> ~87+ 8(I} (47S) where:

IQP operating average forward current = I+,X maximum rated ave age forward current at TS ~ POP actual power di ssi pated = maximum rated po~er at T P~X S C.F. ~ stress correction factor per (9) below. 2.2.11-5 Nli.-HDBK-217C 9 'Apri 1 1979 'DISCRETE SEMICONDUCTORS ~ 'I (8)''tress Correction Factor (C.F. ) and temperature corrections for Silicon Devices. = = a. Devices with TS 25 degrees C 8 TX 175 degrees C to 200 degrees C.

C.F. = 1

= b. Devices with TS >25 degrees C E, TX 175 degrees C to 200 degrees C. - C.F. 175 TS 150

= c. Devices with TS 25 degrees C 8 T~X <175 degrees C. - 25 C.F. = MAX 150

= and enter Ab table with T TA

r T=TC+ MAX)

d. Devices with TS )25 degrees C 8 T~X <175'degrees C.

CF;~ MAX S 150

= and enter Ab table with T TA + (175 - TNX) = - or T TC + (175 T~X) (9) '.'..': '.-.;"; - Factor (C.F.) and temperature correction for Opto- electronic Oevices. .'or devices with TS > 25 C. or T~AX < 125oC., or both,

!00-25 C..F. = MAX S 0.75 100 IOO

= and enter Xb table with T TA + (125 - TX) =35+ Cl25-IM3~ 60 = or T TC (125 -„T~X)

2.2.11-6 ~ ~

~ HIL-HDBK-21 7C 9 April 1979 DISCRETE SEMICONDUCTORS

2.2'll INSTRUCTIONS FOR USE OF SEMICONDUCTOR MODELS 2.2.11.1 Device Ratings

Transistors are normally rated at maximum power dissipation and diodes at maximum current permissible. Usually each device is .given two temperature rating points:

1 - Maximum TMAX permissible junction temperature.

2 TS - Maximum ambient or case temperature at which 100 percent of the rated load can be dissipated without causing the specified maximum junction temperature to be exceeded. (Case temperatures are given primarily for power devices used on heat sinks.)

As the ambient or case temperature rises above the TS value, the inter~: 'emperature rise (i.e., the power load) must be decreased so T~X is no+ exceeded. This is illustrated in Figure 2.2.11-1.

100 I

Maximum Use Rating 9 CY D I taJ F 50 l CL ~ +1 > 1

I— I CC O CO I b4t O. a. 0 A C MAX

FIGURE 2.2.11-1. Conventional Derating Curve

Note: T = temperature at which deratinq begins

= maximum rated junction temperature TMAMAX = TA ambient temperature = TC case temperature Q MIL-HDBK-217C 9 April 1979 only to have the equipment production procedures damage the parts or introduce latent defects. Total equipment program descriptions as they might vary with different part quality mixes is beyond the scope of this Handbook. Reliability managoment and quality control procedures are described in other DOD standards and publications. Nevertheless, - . when a proposed equipment development is pushing the state-of-the-art and has a high reliability. requirement necessitating high quality parts, the total equipment program should be given careful scrutiny and not gust ttte parts quaIity. Otherwise, the low failure rates as predicted by the models for high quality parts will not be valid. c. Use Environment. All part reliability models include the effects of environmental stresses through the factor, irE. The definitions of these environments are shown in Table 2-3. The T;E factor is quantified within each part failure rate model. These environm nts encompass the major areas of equipment use. Some equipment may experience'ore than one environment during its normal use, e. g., equipment in spacecraft. In such a case, the reliability analysis should be segmented, namely, missile launch (ML) conditions during boost and return from orbit, and space flight (SF) while in orbit.

TABLE 2-3 ENVIROtNENTAL SYMBOL IDENT IF I CATION AND DESCRIPTION

EtlVIROltHEWT SYtSOL NOtsI lAL E sVIROi4HsENTAL CO tDITIOt S

Ground, Benign GB Nearlv zero environmental stress with optimum engineerinq operation and maintenance.

Space, Flight SF Earth orbital. Approaches Ground, Benign conditions without access for maintenance. Vehicle neither under powered flight nor in atmospheric re-entry.

Ground, Fixed Conditions less than ideal to include installation in permanent racks with adequate cooling air, maintenance by military personnel and possible installation in unheated buildings.

Ground, Mobile Conditions more severe than those for GF, mostly for vibration and shock. Cooling air supply may also be more limited, and maintenance less uniform.

2~3

Airborne, Bomb bay, equipment bay, tail, or wing Uninhabited, installations where extreme pressure, Transport vibration, and temperature cycling may be aggravated by contamination from oil, hydraulic fluid and engine exhaust. Installed on long mission aircraft such as transports and bombers.

Airborne, AUF Same as A but installed on high Uninhabited, performanN aircraft such as fighters and Fighter intercepters.

Missile, ML Severe conditions of noise, vibration, and Launch other environments related to missile launch, and space vehi cl e boost into orbit, vehi cl e re-entry an'd landing by parachute. Conditions may also apply to installation near main rocket engines during launch operations. d. Part Failure Rate Models. Par t failure rate models for microelectronic parts are significantly different form those for other parts and are presented entirely in Section 2.1. Another type of model is used on most other parts; a cal example is the following one for discrete semiconductors:

2-4 MUD STATE GEM ERAL ELECTR lC 'ur( 'e ~ ~ ~ rI 1 t JP I I i III r stf J'vAjMXthcvd 3." > -A ~' 't(I'':< Wu Wl l~(a I:p ~

v r +vs~ rvuhr Lop 4+ evoe v ~ + S ~ ~ ~ e' r

photon CoUpfed Isolator 4Ã38-4N38A

Ga As Infrared Emitting Diode 8'PN Silicon Photo-Transistor ~sr(ee vsnuets[1 Vj~V P'q uo $ )os IS$ ~ I ~ ~ S $ 00 nto Idt ~ CI The General Electric 4N38 and 4N38A consist of a I $ ~ 4 ~ 4 ~ gallium'rsenide s4l Ot ~ 04 $ 0 infrared emitting diode coupled with a silicon tC ~ CD photo~ I QeOi OI s Os s IC 0'$0. ~ ~ t t0 t 'IS transistor in a dual in-line package. J 0$ l ~ 4 J 00 ~ 0 ~ t'0$ $ 0$ J IOC tS ~ ~ Se I Se FEATURES: OI4 $ ~ I S IS $ $ ,ICS AS tSI ~ ' ~ Fast switching speeds 'Stdnn ~l. tto I ~ I I II I It t 1 reCstt ~ I I see I Iwles ~ Ivvvvu eveeeun se svv High DC current transfer ratio ves ve 'oeeu vsse verruca osreevur se ~ I I ~s rar I' High isolation resistance t I c+ t Ierrue osevenleoueveere I $ 0 seals esroee ~ ~ 2500 volts isolation voltage 4 Ines ~ uevv~ ve roue Vnu ve eav s~ Vous ~ I/O compatible with integrated circuits L J ~ Ierr rvseo Indicates JEDEC tc istcrcd values ~fV absolute maximum ratings: (25'C) (unless otherwise specified) tStorage Temperature -55 to 150 C. Operating Temperature -55 to 100 C. Lead Soldering Time (at 260 C) 10 seconds.

INFRARED EMITTING DIODE PHOTO TRANSISTOR, tPower Dissipation 0150 milliwatts fPower Dissipation 00150 milliwatts t Forward Current (Continuous) 80 milliamps tVcEO 80 volts t Forward Current (Peak) 3 ampere tVcao 80 volts (Pulse width 300psec,2%duty cycle) tVEco 7 volts t Reverse Voltage 3 volts Collector Current (Continuous) 100 mllliamps QDcsatc 2.0mW/OCabove 2SQCambicnt. 0'Dcratc 2.0 mw/ C above 25 Cambicnt.

fTotal device dissipation 8 TA o 25 C. PD 250 mK fDctatc 3.3 mW/ Cabove 25 Cambicnt. individual electrical characteristics (25'C) INFRARED EMITTING TYP. MAX. UNITS PHOTO.TRANSISTOR MIN. 7YP. MAX. UNITS DIODE fForward Voltage 1.2 1.5 volts t Breakdown Voltage —VcEo 80 volts (IF —10m A) (IC = I mA, IF = 0) — tBreakdown Voltage VECO volts (VR ~ 3V) (IE ~ I OOPA, IF = 0) tCollector Dark Current —lcEO 50 nanoamps (VcE 60V, IF O) Capacitance 50 picofarads tCollector Dark Current —lcao 20 nanoamps V~0,f ~ 1 MHz (VcE ~ 60V, IF ~O) coupled electrical characteristics (25'C) MIN. TYP. MAX. UNITS

s. ut ron t~olra e 60Hz with the input lerraioals (diode( 4N38 1500 volts (peak) shooed tonelher and the oulput terra(nels (transistor) 'A vo ts tpea shor Ied Ioget her. 4N38A 1775 volts R!htS sc = = t Saturation oltagc — o ector — mitter F mA, C mA 1.0 volts Resistance —IRED to Photo. Transistor (C" 500 volts) 100 gigaohms Capacitance —I RED to Photo-Transistor (t<'0 volts, f= I hfHz) 1 picofarad DC Current Transfer Ration (IF $$ 10mA, VcE 10V) 10 jO Switching Speeds (VCE = lOV, IC, ~ 2mA, RI. ~ IOOQ) Turnn TimC —ton microseconds Turnff Time —tetr mtcroseconds f 127 ~ q ~

TYPlCAL CHARACTERISTlCS

?I c q 20mA IP IP Lo I

qq q IS ~ IomA ~ I.o lorn O ~sq NORMALIZEO To: ~4 O.I VCE ~ lo VOLTS JP ~ 5mA T ~ lomA O p ? ? NORMALIZED To: I O O Vgg ~ lo VOLTS IJ qq A H H Js TA ~ +2S'C O.OII 2 1 6 6 lo 20 Ao 60 60 loo l5 +25 +65 +IOC Zp INPUT CURRENT mA TA AMBIENT TEMPERATURE C 1. OUTPUT CURRENT VS INPUT CURRENT 2. OUTPUT CURRENT VS TEMPERATURE

~ lp SomA q I Ioo I 6 c Ip ~ lomA I ?I I.o c I q IJ O p ~ Sm

5 al O.l To: oc NORMALIZEO ? Vgg ~ lo VOLTS O IP ~ lomA .OI bt M

Dol 0.01 l.o I.S 2.0 .OI .I I Io IOC Vr FORWARO VOLTAGE VOLTS Vgg COLLECTOR To EMITTER VOLTAGE VOLTS 3. INPUT CHARACTERISTICS 4. OUTPUT CHARACTERISTICS

Io Boo

Vcg ~ 60V ~? e> ~ 250 I? Vqg ~ IOV 5 Is ~ 50mA "„e> ~ 200 0 IOI m c ISO O E I c NORMALIZEO To: vqq 60 Yqqqq ~ TP ~ 0 VGA IOV O Ip ~ qomA " TA ~ ~25qC IO' II So Vgg ~ IOV qq ~ ~ q IP 5mA e2 +2S 050 ITS +IOO +I25 iSO 25 0 +25 +$0 +VS +IOC TA AMBIENT TEMPERATURE iC TA AMBIENT TEMPERATURE qC 6. NORMALIZEDDARK CURRENT VS TEMPERATURE 6. COLLECTOR BASE CURRENT VS TEMPERATURE Transistor Output Optical Couple/Isolators olation Volta e is 7500 V Min eve es. See notes. Couplers are designed to provide isolation protection DC Currant fromhigh-voltage transients, surge voltage, or low-level Device Trisnafer V(BA)CEO noise that would otherwise damage the Ratio Volts input or gen- Type Min erate erroneous information. They allow interfacing sys Min systems of different logic levels, different grounds. etc., TIL112 2.0 20 otherwise be TIL115 2.0 20 that would incompatible. ~Mti~rl.t IL15 6.0 30 cou lers are tested and s ecified to an isolati n v Ita MCT26 6.0 30 TIL111 8.0 30 TIL114 8.0 30 Motorola offers a wide array of standard devices with IL12 10 20 a wide range of specifications (including the first series MOC1006 10 30 of DIP transistors and Darlington couplers to achieve 4N27 10 30 ,4N28 10 30 JEDEC registration: transistors - 4N25 thru 4N38, and H11A4 10 30 Darlingtons —4N29 thru 4N33). AlfMotorola couplers TIL124 10 30 with File Number E54915. TIL153 10 30 are Ul Recognized IL74 12.5 20 MOC1005 20 30 TIL125 20 30 TIL154 20 30 4N25 20 30 4N26 20 30 H11A2 20 30 H11A3 20 30 H11A520 20 30 CASE 73DA ILl 20 30 MCT2 20 30 TIL116 . 20 30 4N3 20 80 HIIAS 30 30 MCT271 45 30 H11A1 50 30 H11A550 50 30 TIL117 50 30 TIL126 50 30 The Transl ~ tor Coupler is probably the most TIL155 50 30 popular form of isolator since it offers moderate CNY17 62 70 speec (8"craximateiy 300 kHz), sensitivity and MCT275 70 80 economy, In addition, the collector-base junc- MCT272 75 30 tion can be used as a photodiode to achieve MCT277 100 30 4N35 100 30 higher speeds. The output in the diode mode is 4N36 100 30 lower, requiring amplification for more usable 4N37 100 30 output levels. H11A5100 100 30 ' MCT273 125 30 MCT274 225 30 Darlington Output tsolation Voltage is 7500 V (Min) on all devices. See notes. Current Device Transfer V(BR)CEO Ratio Volts Type Min % Min 4N31 50 30 H1183 100 25 4N29 100 30 4N30 100 30 MCA230 100 30 H'I18255 100 55 MCA255 100 55 The Dartlngton Transistor Coupler is used when H11B2 200 25 high transfer ratios and increased output current MCA231 200 30 capability are needed. The speed. appioximateiy 300 30 MOC119'IL119'IL113 300 30 30 kHz, is slower than the transistor type but the 300 30 transfer ratio can be as much as ten tiines as 300 80 MOC8030'IL127 high as the single transistor type. 300 30 300 30 TIL128'IL156 300 30

TIL157'1181 300 30 500 25 4N32 500 30 4N33 SOO 30 MOC8020'OC8050'OC8021'C 500 50 500 80 \000 50

s nn csea is el ~ ~: l. Isolshonsuioevonsoe.viso,s ~ sninieinslaemceaieirc tnc bsessaown rshno For inis irsi LEO pins s ena 2 es commonena phoioliensisloi pins ~ .5,ena6siecommon 2. Ail Moiosoie coo pins are specihea ~ i 1500 Veo peen i seconasi snis ususay eaeeeai inc onainslas ~ s peCihce hon ena Jf orc sr i@rica rs>urs By: W.H. Sahrn

Technical Contributors: J. Cook R. Finke A. Fox R. Grandys M. Tarzia

LayoutiDesign: D. Barney

Production: R. Brewster D. Kay B. Dillon-fUlalone N. Patrick

S"-;";IlGOf'OUCTOA Pf(".DU"TS OEPARTMElfi B. RELIABILITYPREDICTION OF CIRCUITS CONTAINING IRED's Previously the IRED phenomena of light output decrease, as the time current flows through it, was mentioned. This presents a dilemma to the circuit designer attempting to provide adequate margins for bias values unless he can predict what minimum value of light output, from the IRED, he can expect at the end of thc design life of his equipment. Based on the results of tests performed at G.E. and at customer's facilities (who were kind enough to furnish us test data and summaries) the G.E. Application Engineering Center has developed design guidelines to allow the prediction of the approximate worst case, end of life, IRED performance. The basis of the prediction is the observed behavior of the ratio of light output after operation to the initial value of light output. It also is based on the observation that all devices do not behave identically in this ratio in time, but that a distribution with identifiabl tenth, fiftieth (median) and ninetieth percentile points exists at any time the ratio is calculated. Use of this tenth percentile ratio (90~e of the devices are better than this) and the distribution of licht out ut (or CTR for courl rs abovo the specified minimum value allows the product of specllle mtnlmum light output and tenth percentile ratio, predicted at end of life, to be used as a reasonable approximation of minimum

SUMMARY OF TESTS USED TO OBTAIN !RED DESIGN GUIDE LINES

25 C 40 C 55 C 70 C 80 C 100 C lpS 2Q 3mA 1000 Hr. 3mA 20 5mA 1000 Hr. I 5mA 16 40mA 1000 Hr. I 10mA 27 108 20mA 500, 1000 Hr. 1000 Hr. I 5, 10. 20mA 10mA 20 2Q 20 60 25mA 1500 Hr. 1500 Hr. 1500 Hr 1500 Hr. 10mA 10mA 10mA 10mA 20 40 50mA 1500 Hr. 15QO Hr. 10mA 10mA 20 163 60mA 1000 Hr. 1000, 3000, 5000 Hr. I 5.10.20.60mA 10mA )0 75mA 1500 Hr. 10mA 79 90 100mA IK, 15K, 30K EIr. 168, 1500 Hr. l. 10. I OOrnA 1. 10. 100mA This chart tepresents about 2.0 million device bouts of opetation on 625 dual in line optocouplets and t l l hecmetic IstED's.

SAMPLE SlZE FORMAT OF DATA PRESENTATION: TEST DURATION lpM CURRENT O. end of life value. Although this does not rcprcsent the worst possible case, no correlation can bo found between initial light output and rate of decrease in light output, and so the percentage of devices expected to be less than thc guideline derived number approaches zero. These guidelines, as can be noted, are based on fair sample sizes, although both larger samples than these and greater precision, higher resolution, measurements could provide better fits. To make the guideline development less obscure, the discussion will trace the steps followed in defining these design guidelines and, in the process, develop the guidelines. IVIIen the percent of initial value of light output (or current transfer ratio in couplers) of an IRED on an operating life test, is plotted against the time the IRED has been operated, two phenomena become apparent. The long-term behavior is found to be a straight line when the ratio is plotted on a logarithmic time scale. The short-term behavior is found to have a much shallower slope, on the same plot, than thc long-term behavior. This effect is illustrated by the fact that the long-term straight line can be extrapolated back towards zero and will usually inter- sect the initial value line at a time between 10 and 100 hours. TlIese properties combine to allow the response to be described>y a "virtual initial time" and the slope of the linc passing through that time point. This had been recognized in other work. The problems with predicting response are the variety of test conditions at which both stress and measurement data have been taken, and the spread of data at the readout points. It was recognized that the fail in light output was accelerated by either stressing the IRED harder, i.e., at a higher current (IFs) and/or temperature, or by monitoring the test results at lower current (IFM) levels. Precise acceleration factors have yet to be determined due to lot-to-lot variability. Fortunately, circuit design purposes can be served by a less precise model, which only attempts to serve the requirements of circuit desi n. For this approach, as mentioned before, we pay attention to the lower decile of the distribution a'nd its change in time.

I EU ~ IIO

cf goop E IOO K L song I R le!. ~~ 90 BEST FIT STRAIGHT I LINE LOWER DECILE I long LONG TERM RESPONSE 2 80 O I 70 K ~ 60 HIIA P~ I 300 mw, Irg * 60mA, 1 p~ ~ lomA I TWO LOTS, 36 UNITS, 180,000 DEY. HRS. w 50 CC

LP Io VIRTUAL IOO - IOOO IOOOO INITIAI. STRESS TIME - HOURS

LIFE TEST RESULTS —ILLUSTRATINGOBSERVED CHANGE IN IRFO OUTPUT VNITKOPERATING TlhlE

41 The question naturally arises of the applicability of this description to time periods beyond the one and five thousand hour„times that the majority of the tests stopped at. Fortunately, tests have been completed on discrete IRED's for 30 000 hours. test d e othin unex ected'a ens at extrem I ion times as can . This is reinforcing evidei.ce indicating the superiority of the G.E. silicon doped, liquid phase epitaxially grown IRED. grown IRED.

llo 90 PERCENTILE 100

I- 90 Io PERCENTILE ~ eo O 50 PERCENTILE g TO I ~ 60

u 40 DISCRETE XRED ';I ~ TEST CONDITIONS 50 Iq ~ IOO mA Tc * 25'C 20 l4 DEVICES

IO IO' io'o~ iO'0 TIME IN HOURS YRS LONG TERM IRED LIFE TEST RESULTS

io'lotting

the response (best straight line) of various test conditions on a single graph, the acceleration due to raising stress current (IFs) is e sily seen. Higher temperatures during stress cause tile same effect, and can be accomplislied by raising the ambient or by self-heating (in a coupler by dissipating power in the output device). Lowering the current at wliich the IRED light output is monitored, (IFsl) also accelerates the phenomena, but in lookii.g at many test results, it appears that the ratio of IFS /IFM iS t!ie key facto." affecting the slope besides temperature.

42 ~ ~ ~ O, ~ 100 eC W CL " '80mA W)CL'C cn~4. 2 eC 'Om1 ~CI 90 CCi I DUAL INLINE COUPLERS ZZ TEST CONDITIONS W4J CL. O Irg ~ 60mA ~WIC:4I 80 Tg ~ 25~C OIL IO DEVICES

IO 100 IOOO STRESS TIME - HOURS

EFFECT OF MEASUREMENT CURRENT ON SI.OPE

O I I- IOO eC W 7 CL D srIICSC c 25, W> 10eC cn~4 eC ~I2 90 55eC I DUAL INLINE COUPLERS 700 22I- T E ST COND IT ION9 WW Ira 25mA CL O Ir4 > IOmA ~w 80 20 DEVICES PER STRESS Pp CL

ICO IOOO STRESS TIME - HOURS

EFFECT OF STRESS TEMPERATURE ON SLOPE

O I IOO ~CW

CL 4I 0eC ~r 4. g 20m l/I~ cI= 90 CL Z DUAL INLINE COUPLERS 6 TEST CONDITIONS 0~ 22 Ir„~ IOmA WW ~ CCO Tq 25'C ~w 80 Pout we ~ 300 mW Pp CL 36 AND 15 DEVICES PER TEST

IOO IOOO STRESS TIME - HOURS

EFFECT OF STRESS CURRENT ON SLOPE

~ ~ ~ ey, ~ ... ~ ~eeeeeeee met~ ee ~ ~ ' ~ ~ 'ee ~ ' eeeee ~ ~ o~ e t~ ~ . When the temperature effect is plotted as an acceleration vs. temperature, a fair straight line fit is found, as illustrated below. This temperature acceleration factor represents the ratios of the slopes of the lower decile lines of various temperature stresses. The fit is not perfect, but is good enough to be useful. It contains both discrete IRED data (LED55 series) and optocoupler data (Hl 1 series) and appears to fit both equally. With this, and the determination of the coupled thermal resistance in the optocoupler (i.e., the heating factor for the IRED from power dissipated in the output device), it was attempted to fit the IFs/IFM ratio into the model. After many attempts to find models which fit various phenomena better, and the generation of additional data to try to fill holes, it was decided that two factors contributed to the inability of defining a tight fit single line. These are lot-to-lot and sampling variability and the precision (and volume) of data required to find the slope at low I Fs/ IEM ratios and low temperatures. These factors cause the best model found to enclose a band of observed values, as can be seen.

20 lu 9- o HrL + I I I5 rc 0 4l ru O.~W~ 4ownrc g ru ~@ g lo rL' su no nw Q rc 2 rc cc ru 9 g I- O > ~ O.

0 IO IOO 20 30 40 50 . 60 70 80 90 IOO trs/IFII OPERATING TEMPERATURE - 'C STRESS TO MONITOR IREO FORWARD CURRENT RATIO

Blas Currant Effect Temperature Effect IREO OUTPUT VS. TIME SLOPE PREDICTION CURVES ASSUMINQ A VIRTUALINITIALTIME OF 50 HOURS

To use this data the circuit designer must define a desired lifetime, the degree of control he has on minimum and maximum values of IF in any single socket, and the temperature environment to which the circuit is exposed. A simple example of the design procedure illustrates its use. Assume the need for an 4N35 which will provide 10mA of output current at 5 Volts VCE after 100,000 hours of 55'C operation. To find the IRED current needed to provide this, we need tile minir'num specified CTR of the 4N35, the estimated slope of the lower decile of light output vs. time and the teinperature acceleration of that slope at 55'C. The 4N35 specification indicates a rninimuin CTR of 100~~o, that for IE values of up to 20 mA the CTR is relatively constant and that at 55'C the CTR willbe /6 CTRL about 0.85 times its 25'C value The center of the range of slopes vs. is con- (—

~ I effects due to power supply and bias circuit drifts. Thc temp'erature acceleration factor curve indicates this slope vsill be increased by 1.75 times at 55'C (AT), i.ess the slope will be 8.8'/ decade. The difference between 50 hours and 100,000 hours (t) is 3.3 decades (log 100,000— log 50), so the expected lower decile will provide about 29~io less light at 100,000 hours than initially. To provide the 10 mA output requirement, the IRED current must be raised by about 40/c to compensate for light lessening with operation ti.e, ] and this must be raised 100 —29 by 18% (i,e., 1/.85) to compensate temperature variation of CTR, yielding a minimum input current to the IRED of 16.6 mA, as compared to the 10 mA required initially at 25'C. The formula used in this example is: 100 x '' x" 100 —[slope x As x tog (t/50)] tsCfR/oT CTR

where: AT is the temperature acceleration for slope at the expected operating temperature, CTR is the specified minimum current transfer ration, hCTR/>T is the change in CTR due to temperature, I;:- the required output current, is the required IRED bias current, Slope is the light output lessening per decade time, and s e t is the circuit design life.

Note that for a one million hour life the required IRED current would only rise to 18.5 mA, as time has only increased by another decade! The estimate of the effect of operating time on the circuit has been almost as simple as the estimate of temperature effects.

I20

IIO O g- IOO

Cg. gt: 90 PEÃzE 80 IOVe 90'0'A

~ TO

1/>SzP'O a 60 ".e

50 IO'4 -" ~o z

MFG MFG MFG MFG G M T COMPETITIVE COMPARISON, ACCELER*TED LIFE TEST

40 ~ \ ~ auV ~ grr~xng

~ ~

nnn.itg t sensitive devices, exceptxcep 'Fnv6r thee tigh(senstttveig i sensitive pstsmct~ers.parameters. uch techniques are desdescribed'h ~ s d, m the General Electric Transistor manual and the General Electric SCR hlanual, and will;not be detailed here. The most common problem encountered is the leakage current measurement with the base open, as icqo is rarely measured on normal transistors, and understanding the need for considering dynamic effects and ambient light effects will solve the problem'. Dynamic effects must be considered, because the open base has no path but junction leakage to charge the junction capacitances. If the common high source impedance bias circuit for leakage current is used, the gain of the transistor multiplies the junction capacitance, of the collector base photodiode (= 25 pF), and provides a long stabilization time constant. Note the "double barreled" effect of source impedance in that it is the resistance in the RC time constant and also is the load resistor that determines voltage gain (A„=l/hie. Rt ~ hFE). These effects indicate lczo should be measured by application of the bias voltage from a low impedance supply untiljunction capacitances are charged (now determined by the base emitter diode impedance), which can take up to 100 msec, (with no external capacitances, switches, sockets, coaxial, etc. connected to the base) in a darlington. After junction capacitance is charged, the current measuring resistor is introduced to the circuit by removing the short across it. The charge balance at the base can be affected by the motion of conductive objects in the area, so best reproducibility will be obtained within an electrostatic shield. The electrostatic shield can also serve the purpose of shielding the detector from ambient light, the effects of which are obvious on a leakage current measurement. Measurement of the light parameters of a phototransistor requires a light source of known intensity and spectral characteristics. Lamps with known spectral characteristics, i.evs calibrated standards, are available and, in conjunction with a thermo pile or calibrated photo cell and a solid mechanical positioning system, can be the basis of an opto measuring system. Some relatively simple systems based on the response of a silicon photo cell are available, but the assumption that all silicon devices have identical spectral response is implicit in their use for optical measurements. As different devices have different response curves, the absolute accuracy of these devices js impaired, although excellent comparative measurements can be made. Another method which has fair accuracy is the use of a calibrated detector, L9VX4 for the photo SCR's or L14H special for the phototransistors, to adjust tlie light source to the desired level. This willeliminate spectral problems as the calibrated device has an identical spectral response to the devices being measured". Accuracy will then depend on basic equipment accuracies, ambient control and mechanical posi- tion reproducibility. Spectral response measurements require use of precision filters or a precision monochromator and a calibrated photo cell or thermo pile. As in the case of the IRED, it is recommended that these measurements be done by a laboratory specializing in optical measurements.

—~ C. Optocoupler Measurements The measurement of the individual devices in the optocoupler is identical to the measurement of a discrete diode and a discrete device ot the type of detector being considered, and is covered previously. The measurement of isolation and transfer characteristics are not as obvious, and will be illustrated. g. /volation Paranierars are always measured with the terminals of each device of the coupler shorted. This prevents the liigh capacitive cliarging currents, caused by the high dv/dt's applied during the measurement, from damaging either device. Safety precautions must be observed in these tests due to the very high voltages present! a). Isolation voltaee is measured as illustrated beiow. Niormally tlie surge voltage capability is measured, and, unless tlie higli voltage power supply has a fast shutdown (<0.5 @sec), the device under test will be destroyed if its isolation voltage capability is less than tlie high voltage supply 'ace "Avoid lCyO gttcsstgggmengs", ngndgiitg. ~ ~ ~ I I

~ ~

design guideline, unfortunately, is only valid for the G.E. IRED's and DIP couplers. Life tests of competitive units at both maximum rating and accelerated test conditions indicate a wide variation of performance exists in the industry. The accelerated test results were dupli- cated by the maximum'rating test results, indicating the same type of response in both the Ar and IFs/IFM curves. But the magnitude of shifts observed, especially the lower decile, are much greater, indicating much greater slopes, in percent per decade, of the light output vs. operating time graphs. This is illustrated in the plots comparing the life test results given above. To life cycle design with such devices would require derivation of a different model, based on a matrix of life tests. Based on extremely limited testing and some published information, it appears that at least two other manufacturers of IRED's and optocouplers can achieve light output performance with operation similar to the G.E. performance. Neither utilizes the glass dielectric in the p'hecoupler and no tests have been performed to allow comment on other reliability factors. Degradation failure rates, to a desired criteria of percent initial light output, may be calculated from accelerated data to use condition response by use of the design guideline. The design guideline temperature acceleration and slope per decade factors may be used to calculate an equivalent number of test hours at use condition to the accelerated test. Note that early hour slope of light output vs, time is very shallow, and accelerated test results are not valid for operating times under 168 hours. The number of devices which decrease in light output to a value less than the desired criteria on the accelerated test is then used with the equivalent unit hours to estimate 'ailure rate. IVhile this is not strictly accurate, due to the distribution of change in light output, the following is a useful approximation: to X Agg — x x + log 50] ~ log —AI t„= 10 50)~ Ag2

where: Aq is the slope at stress conditions —. slope at use conditions, AYq is the temperature acceleration at stress conditions, Aqz is the temperature acceleration at use conditions, t~ is the stress test duration, and t„ is the equivalent time at use conditions. The reliability test summary degradation failure rates were calculated this way and provide an example. The 100'C, 100 mA phototransistor accelerated operating life tests run for 168 hours (t ). The temperature acceleration curve gives a —'atio of the slope per decade at 100'C to the 55'C 2.83 ~ - ~ 10 value of —'=1.62. The middle line of the 1Fs/IF«curve gives a ratio of —=2.5 for the slopes 1.75 of a 10mA/10mA IFs/IF«compared~,to the 100mA/10mA IFs/IFM the test was run at. Tl:e equivalent hours for this test at a 55'C use condition is: f (log —i x (1.62) x (2.5) + log 50] t„= 10 ~ 50) = 6770 hours.

Two units of the 3 5 tested failed a light output criteria of half the initial value, giving a 2/2,200,000 device hours observed failure rate. which at the 50% UCL is the 0.12',"o per thousand hour failure rate shosvn in the summary chart. This also illustrates that for the G.E. IRED and coupler, the decrease in light output should have a minimal effect on circuit failure rate in con- servatively designe J circuits.

46 +.44

~ DIELECTRIC lSHIELO J O.U.T. I I I HIGH- I VOLTAGE I I I SUPPLY LI E

FOR VOLTAGES OVER 2500 Vrms, THE DIELECTRIC SHIELO IS RECOMMENDEO TO ELIMINATEAIR GAP EFFECTS.

ISOLATION VO

is set at. Crowbar techniques may be used in lab set-ups to provide rapid turnoff and forestall the test being described as "destructive." Steady-state isolation voltage is usually specified as a fixed percentage of the measured surge capability, although limited life tests indicate this derating is not required for the G.E. glass dielectric isolation. Application Engineering believes conservative design practices are required in the use of isolation voltage ratings, due to the transients normally observed when line voltages are monitored and the catastrophic effects of a failure. b). Isolation resistance is measured at voltages far below the surge isolation capability, and has less potential for damaging the device being tested. The test is illustrated schematically here,

O.U.T.

ELECTRO- I METER I LI

. MEASURING OF ISOLATION RESISTANCE t

and requires the procedures normally used when measuring currents below a microampere. c). Isolation capacitance is a straightforward capacitance measurement. The capacitance of couplers utilizing the G.E. patented glass dielectric process is quite independent of applied voltage

49 ' I ,LN ST.lTF.t ~ ~ ee ~ ~ m ~ ~ ~ ~ '

t I ~ F d

i,'m enomomm „pJhrem .mA h ~ 0 o e ms esa e ~ ~ 'ne o' ~ u

photon CoupIed fsoIator 4M38"4N38A

Diode 8; NPN Silicon Photo-Transistor ~+ee anadem[st ~ Ga As Infrared Emitting ve t toe gS ~ ) ~ 4 ~ 'I $ 00 ~ CS I St ~ to General Electric and a ' $ ~ 0 ltd The 4N38 4N38A consist of F gallium'rsenide sds ot 0 '0 lion snt ml tO $ 0 ~ infrared emitting diode coupled with a silicon photo~ Pdo Ol ~ 0 ~ ~ ld OSOI I ~ t td t ll transistor in a dual in-line package. I 0$ ~ 0 ooti oet'4$ .SCS d SOO'td ISe I Se -'-I- Wpt- OIS S ~ I FEATURES: Spl $ $ $ . ~ 00 ~ ~ $ tl~ ~ I ~ Fast switching speeds ttl t ~ pile 1 It t ~costs ~ t I lee' seder le ~ ommmem edduesn os seem High DC current transfer ratio one moereeme ee ses oeeore» eetsome ae ~ I I ~ensue ~ High isolation resistance t $ t lammas s oosmoe send eouern +to Som ele mseeeee ~. %%me ~ I oeeemmme mu roe suan md eom 2500 volts isolation voltage $ ~ lease ~ ~ I/O compatible with integrated circuits ~I 0 Peee deeeeo. ftndicttcs JEDEC tc istctcd valve

absolute maximum ratings: (25 C) (unless otherwise speciTied) fStorage Temperature -55 to 150 C. Operating Temperature -55 to 100'C. Lead Soldering Time (at 260 C) 10 seconds.

INFRARED EMITTING DIODE PHOTO.TRANSISTOR fPower Dissipation 4150 milliwatts tPower Dissipation 44150 milliwatts fForward Current (Continuous) 80 milliamps tVcEo 80 volts fForward Current (Peak) 3 ampere tVCBO 80 volts '(Pulse width 300psec,2%duty cycle) tVEco 7 volts t Reverse Voltage 3 volts Collector Current (Continuous) 100 mBliamps «Dcrate 2.0 mW/4C above 254C ambient. 40Dcsatc 2.0 mW/4C above 2S4C ambient.

fTotal device dissipation 8 TA 4 25 C. PD 2SO mW. fDcrasc 3.3 mW/ Cabovc 25 Cambicnt. individual electrical characteristics (25 C) INFRARED EMITTING TYP. MAX. UNITS PHOTO TRANSISTOR MIN. TYP. MAX. UNITS DIODE fForward Voltage 1.2 1.5 volts t Breakdown Voltage —VcEo 80 volts (IF ~ 10mA) (lc I mA, IF 0) t Breakdown Voltage —V

t rotation V~olra e IDHg ertlh the input mrminai ~ idiodei 4N38 1500 volts (peak) shor(ed together and ihe output terminate Hransistor) A vo ts pea shor ted t oget her. 4N38A 1775 volts RMS sec ~ tSaturation o)sage — o lector — mitter F = mA, C mA 1.0 volts Resistance —IRED to Photo-Transistor (8 500 volts) 100 giga ohms = Capacitance —IRED to Photo-Transistor (80 volts, f I MHz) 1 picofarad DC Current Transfer Ration (IF ~ 10mA, VCE ~ 10V) 10 Switching Speeds (VCE ~ 10V, IC, ~ 2mA, RI. ~ 100A) Turnn Time —to„ microseconds TurneOff Time — microseconds toff l27 Gpticat Couplers/Isotators Transistor Output l olation Voltaoe is 7500 V Min 'i ~eces. See nares. Couplers are designed t, . vide isolation protection fromhigh-vollage transients, DC Current surge voltage, or low-level Device Transfer V(8R) CEO noise that would otherwise damage the input or gen- Ratio Volts Type Mln erate erroneous information. They allow interfacing tys Mln systems of difierent logic levels, different grounds, etc., TIL112 2.0 20 would TIL115 2.0 20 that otherwise be incompatible. ~Mti~rl t cou IL15 6.0 30 lersarelestedands ecifiedtoanisolati nv Ita MCT26 6.0 30 TIL111 8.0 30 Motorola offers a wide array of standard devices with TIL114 8.0 30 IL'12 '10 20 8 wide range of specifications (including the first series MOC1006 10 30 of DIP transistors and Darlington couplers to achieve 4N27 10 30 JEDEC registration: transistors —4N25 4N28 10 30 thru 4N38, and H11A4 10 30 Darlingtons —4N29 thru 4N33). AllMotorola couplers TIL124 10 30 are UL Recognized with File Number E54915. TIL153 10 30 IL74 12.5 20 MOC1005 20 30 TIL125 20 30 TIL154 20 30 4N25 20 30 4N26 20 30 H11A2 20 30 H11A3 20 30 H11A520 20 30 CASE 730A I IL1 20 30 MCT2 20 30 IlIi TIL116 . 20 30 ~4N3 20 80 H11AS 30 30 MCT271 45 30 H'I1AI 50 30 H11A550 50 30 TIL117 50 30 TIL126 50 30 The Transistor Coupler is probably the most TIL155 50 30 popular form ol isolator since it offers moderate CNYI7 62 70 ~ speed (approximately 300 kHz). sensitivity and MCT275 70 80 economy. In addition, the collector-base junc- MCT272 75 30 tion can be used as a photodiode to achieve MCT277 100 30 higher speeds. The output in the diode mode is 4N35 100 30 4N36 100 30 lower, requiring amplification for more usabte 4N37 levels. 100 30 output H11A5100 100 30 MCT273 125 30 MCT274 225 30 Darlington Output Isolation Voltage is 7500 V (Min) on ail devices. See notes. Current Device Transfer V(BR)CEO Type Ratio Volts s/ Min Min 4N31 50 30 H1183 100 25 4N29 100 30 4N30 100 30 MCA230 100 30 H118255 100 55 MCA255 100 55 The Darllnglon Transistor Coupler is used when H1182 200 25 high transfer ratios and increased output current MCA231 200 30 capability are needed. The speed. approximately 300 30 30 kHz, is slower than the transistor but the MOC119'IL119'IL113 300 30 type 300 transfer ratio can be as much as Ien times as 30 MOC8030'IL127 300 80 high as the single transistor type. 300 30

TIL128'IL156 300 30 300 30

TIL157'1181 300 30 500 25 4N32 500 30 4N33 500 30 MOC8020'OC8050'OC8021'C 500 50 500 60 1000 50 r n onn cted Notssi 1 tsoisooll surps vortsos,vtso,rs snrhtsrnstdsrlco d>stye trio OrssSdonnrstiny for inis isst LEO OInS i Snd 7 ~ r common snd phototi ~ hst ~ ior pshs ~,5, ~ nd 6 sit coihmoll NC 2. Ati Mptprpr~ COup( ~ iS ~ ro Sprsirrrd St l500 VSC PeSS t sscohds) this usustry ~ scssos ths onQihsior ~ spscrtrcs tionsnd i 284 JEOfcrs ~strrrdrsrurs

~ ~ J 4 ':f ~

c ~

f' ~ p

f f