ECE 477 Digital Systems Senior Design Project Rev 8/09 s2

ECE 477 Digital Systems Senior Design Project Rev 8/09

Homework 11: Reliability and Safety Analysis

Team Code Name: _Quazyx: Laser Warefare System______Group No. _4____ Team Member Completing This Homework: __David Freidin______E-mail Address of Team Member: __dfreidin____ @ purdue.edu

Evaluation:

SCORE DESCRIPTION Excellent – among the best papers submitted for this assignment. Very few 10 corrections needed for version submitted in Final Report. Very good – all requirements aptly met. Minor additions/corrections needed for 9 version submitted in Final Report. Good – all requirements considered and addressed. Several noteworthy 8 additions/corrections needed for version submitted in Final Report. Average – all requirements basically met, but some revisions in content should 7 be made for the version submitted in the Final Report. Marginal – all requirements met at a nominal level. Significant revisions in 6 content should be made for the version submitted in the Final Report. Below the passing threshold – major revisions required to meet report * requirements at a nominal level. Revise and resubmit. * Resubmissions are due within one week of the date of return, and will be awarded a score of “6” provided all report requirements have been met at a nominal level.

Comments: ECE 477 Digital Systems Senior Design Project Rev 8/09

1.0 Introduction Our project is a laser tag system intended for playing in an indoor or outdoor environment. The game of laser tag carries with it some inherent safety risks, due to high-adrenaline physical activity in a simulated warfare environment. The opportunities for injury due to player actions and environmental hazards are completely our control; the most protection we can offer is a set of warnings and appropriate game rules in the user manual. However, the physical nature of the game must still be taken into account in designing our system to be robust enough to withstand a certain minimal amount of jostling. Any parts which are not securely fastened to and completely enclosed within the packaging are at risk of being damaged in ways which cannot be entirely predicted.

In addition to the physical hazards of the game, our system also carries a potential safety hazard in the form of a laser, used for visual targeting feedback. The website laserpointersafety.com [4] explains the damage that can be caused by shining a laser into a human eye. However, it also points out that for lasers rated at 5 mW or less (ours is 3 mW), a normally functioning “blink reflex” is sufficient to prevent accidental damage. It is still possible to cause retinal damage by purposely shining the laser into an eye and keeping that eye open, but if we simply limit the duration of a shot to 1 second or so, it would be effectively impossible to do so without deliberately misusing the product.

The final safety concern is the power supply. Our units are powered by three standard D-cell batteries. These were chosen for various reasons, including cost-effectiveness and reliability. Alkaline batteries have been around for over fifty years, and are much more stable and reliable than newer high-capacity batteries such as lithium-ion. The primary issues that can result from various power problems are sparking and leaking. Sparking could occur with any short-circuit anywhere in the device. In order to prevent harm to the user from sparking, all electrical components are fully enclosed and insulated from the user. Our batteries will only reach a combined total of 4.5V, with only 3V going to the PCBs, so as long as the insulation is good, there should be no risk to the user from sparking. The other possibility is that the batteries could leak either sulfuric acid (H2SO4) or potassium hydroxide (KOH), depending on what battery technology the user puts in the device. There should not be any immediate danger to the user, as the batteries are fully enclosed in either the gun or base station. The possibility of danger arises when the user attempts to remove the failed batteries. Unfortunately, there is not much we can do to lessen this risk aside from placing appropriate warnings in the user manual.

2.0 Reliability Analysis

The three components I will focus on for analysis will be the microcontroller, the RF transceiver, and the LEDs. The microcontroller (dsPIC30F4011) is probably the most complex component in our design. It has the most pins of any device, and is the most general purpose of the devices we are using. The RF transceiver is also a fairly complicated component, and it has the highest operational frequency in our project, as it must transmit an RF signal at 418 MHz. Finally, the LEDs make up the majority of the current drawn by our system, and there are more of them than any other component.

-2- ECE 477 Digital Systems Senior Design Project Rev 8/09

Microcontroller (Microelectronic Circuit Model) Parameter name Description Value Comments C1 Die complexity 0.14

πT Temperature coeff. 1.5 C2 Pin constant 0.015 Value for 40 pins

πE Environmental constant 6 “Ground Fixed” environment

πL Learning factor 1 In production for more than 2 years

πQ Quality factor 10 Non-military grade 6 λP Predicted failure rate 3 Per 10 hours MTTF Mean time to failure 333333 Years

RF Transceiver (Microelectronic Circuit Model) Parameter name Description Value Comments C1 Die complexity 0.14 Assuming similar complexity to our microcontroller

πT Temperature coeff. 1.5 C2 Pin constant 0.0041 12 pins

πE Environmental constant 6 “Ground Fixed” environment

πL Learning factor 1 In production for more than 2 years

πQ Quality factor 10 Non-military grade 6 λP Predicted failure rate 2.346 Per 10 hours MTTF Mean time to failure 426257 Years

LEDs (Diode Model) Parameter name Description Value Comments

λB Base failure probability 0.0012 General purpose diode

πT Temperature coeff. 3.9

πS Stress coefficient 0.054 Not a tranzorb

πC Contact construction 1 factor

πQ Quality factor 8 Plastic-encapsulated

πE Environmental constant 6 “Ground Fixed” environment 6 λP Predicted failure rate 0.0123 Per 10 hours MTTF Mean time to failure 81300813 Years

While the predicted failure rates for the microcontroller and RF transceiver are rather high, the values used in the calculations are worst case scenarios. In particular, the quality factor is probably somewhat below 10, and the temperature coefficient for the microcontroller is probably much lower than this upper bound due to the fact that it is being used at the lower end of its voltage range [2]. We could further reduce the heating of the microcontroller by reducing its clock rate, but there is a point of diminishing returns. If heat was found to be a serious issue, we have enough room that we could easily apply small heat sinks to certain components.

3.0 Failure Mode, Effects, and Criticality Analysis (FMECA) Appendix A contains circuit schematics for various subsystems of our product. Each system has its own potential failures associated with it, and the failures for each system affect the game in different ways. For the FMECA tables in Appendix B, three levels of criticality are used: Low, Medium, and High. High criticality indicates a possibility of harm to a user. Low and Medium criticality are differentiated by both importance to gameplay and replaceability. If a particular failure still allows the game to be played or the broken part is easily replaceable by the user, the failure has low criticality. Otherwise it has medium criticality. Note that the parts that are not replaceable are generally critical for gameplay, so the question of whether a non-replaceable failure that doesn’t break gameplay should be medium or low criticality can be ignored. The criticality of each failure is briefly explained in its row in the FMECA tables. For high criticality failures, the probability of failure should be less than 10-9. For medium criticality failures, a rate of around 10-6 is reasonable, and for low criticality failures the rate can be higher.

4.0 Summary

Our project has various safety hazards associated with it. However, many of these hazards are part of the normal intended usage scenario of the system. Because none of the components we are using are bleeding edge technology, they are expected to be very reliable, especially if we avoid using them near the limits of their specifications. Very few of our potential failures have a possibility of harm to the user, and we are doing all we can at our end to prevent such harm.

List of References

[1] Military Handbook: Reliability Prediction of Electronic Equipment, MIL-HDBK-217F. 1991.

[2] “dsPIC30F4011 Data Sheet,” dsPIC30F4011, Microchip Technology, Inc., July 4, 2008. [Online]. Available: http://www.microchip.com/wwwproducts/Devices.aspx? dDocName=en010337. [Accessed: Apr. 8, 2010].

[3] “LT Series Transceiver Module Data Guide,” Linx Technologies Wireless Made Simple, Linx Technologies, Inc., Feb. 28, 2008. [Online]. Available: http://www.linxtechnologies.com/Documents/TRM-xxx-LT_Data_Guide.pdf. [Accessed: Apr. 8, 2010].

[4] “Don’t aim laser pointers at a person’s head and eyes!” LaserPointerSafety.com. [Online] Available: http://www.laserpointersafety.com/laser-hazards_head-eyes/laser-hazards_head- eyes.html. [Accessed: Apr. 5, 2010].

-5- ECE 477 Digital Systems Senior Design Project Spring 2009

Appendix A: Schematic Functional Blocks Schematic Subsystem Microcontroller

Vest LED circuit

RF transceiver circuit

LCD system

IR detectors (top) and emitters (bottom)

Appendix B: FEMCA Worksheet Microcontroller Failure Failure Mode Possible Causes Failure Effects Method of Criticality Remarks No. Detection 1 Pin stuck high or Externally driving That pin becomes Voltmeter Medium The microcontroller low output pin, software useless, system cannot be replaced by bug, overvoltage, probably breaks the user short circuit 2 Chip burns Overvoltage, short System is Smell, smoke, Medium circuit unusable hot to touch

Vest LED Circuit Failure Failure Mode Possible Causes Failure Effects Method of Criticality Remarks No. Detection 1 LED burns out Too much current, One LED doesn’t Visual Low Doesn’t break heat, physical blink gameplay. Sensor pods damage are replaceable 2 BJT burns out Too much current, Multiple LEDs Visual Low Doesn’t break heat, physical don’t blink gameplay. Sensor pods damage are replaceable

RF Transceiver Circuit Failure Failure Mode Possible Causes Failure Effects Method of Criticality Remarks No. Detection 1 Chip burns Overvoltage, short No RF System is Medium Cannot be replaced by circuit communication unable to the user with that unit communicate

LCD system Failure Failure Mode Possible Causes Failure Effects Method of Criticality Remarks No. Detection

1 Broken shift Overvoltage, short LCD fills with Visual Medium Cannot be replaced by register circuit one repeating the user character 2 Broken LCD Overvoltage, short LCD displays Visual Low Can be replaced and panel circuit, physical strange things or plugged in by the user damage nothing

IR system Failure Failure Mode Possible Causes Failure Effects Method of Criticality Remarks No. Detection 1 IR LED burns out Too much current, Unable to shoot Observation Low Breaks gameplay, but heat, physical can be replaced damage 2 IR detector breaks Overvoltage, short Unable to detect Observation Low Breaks gameplay, but circuit, physical shots from certain sensor pods can be damage angles replaced 3 Lens breaks Physical damage Shots are Observation High Lenses are plastic but unfocused could still conceivable cause minor harm to the user. This is no worse than the plastic gun being broken.

Power Supply Failure Failure Mode Possible Causes Failure Effects Method of Criticality Remarks No. Detection 1 Batteries shorted Loose wires Batteries drained, Observation High Can cause harm to the possible sparking, user, but not easily, as possible leaking explained previously