EDN Access

PLEASE NOTE:
FIGURES WILL LINK
TO A PDF FILE

 


June 18, 1998

Design for failure

Bill Schweber, Technical Editor

Keep failure in mind when you design.

Recently, someone asked me to look at a 30W public-address amplifier that was "smelling funny" and had blown a fuse. The amplifier was about 15 years old, and it had rarely been cranked up beyond about one-third of its maximum volume. Al-though I know fuses usually don't blow without a reason, my first step in checking out the unit was still to put in a replacement fuse. After a quick calculation, I determined that the fast-blow, 0.3A fuse listed on the UL-approval nameplate seemed to be about the right capacity, and I put in a new one.

Imagine my surprise when the new fuse didn't blow, but smoke began to billow, and, about 30 seconds later, flames broke out! I thought to myself--this shouldn't happen! The fuse should have ensured that the amplifier and user are protected against internal failures.

Because I didn't have a schematic or a parts list, I couldn't tell what failed or which component flamed. I was worried. If ubiquitous line fuses in ordinary devices such as amplifiers don't protect us, imagine the potential dangers in all those other household appliances, such as TVs and VCRs? Eventually, statistics put my fear to rest--today's electronic components are extremely reliable when they are properly sized and installed.

But there is a lesson here: You should keep failure in mind when you design. Ask yourself what would happen if a certain component failed--what would the consequences be? Are there internal failures that might have serious impact? Will these failures create a user hazard, or are they serious enough to bring down the entire system? Are there any places that might warrant additional protection, beyond what is mandated? Is the user likely do something that might damage or risk the system, such as plug a similar cable into a commonly used connector? Your concern should not be limited to line-powered equipment; even battery-stingy handheld devices have cells that can deliver enough short-term current in the multi-amp range to cause significant localized I2R heating.

Designers of military and high-reliability systems such as avionics often do a detailed safety and operational analysis on the consequences that can result if a component shorts or opens or if a node gets stuck at a logic level. Ironically, good software designers usually do the same type of analysis as standard practice, and they build into their code various routines, which accommodate the inevitable system occurrences of errors, high noise levels, signal loss, hung programs, and undetected bugs.

Your system may not require you to perform such a detailed analysis--a complicated task even with today's simulation tools. But there are still ways to guard against failure. Consider your circuit's electrical stress points, which components are more likely to fail, and where currents flow or divert when failures occur. Then, if appropriate, you can add a local protection device. If there's an industry standard you are striving to meet, use it to define these stress points. But do some additional thinking on your own, and base your thinking on both the application and the user situation.

\NETWORKT\TEXT\IMAGES\EDN\PERM\XXSCHWE
Bill Schweber, Technical Editor

Let me know what you think. Send me your comments via fax at 1-617-558-4470 or over the Internet at bill.schweber@cahners.com.  

EDN Access | Feedback | Table of Contents |
Copyright © 1998 EDN Magazine, EDN Access. EDN is a registered trademark of Reed Properties Inc, used under license. EDN is published by Cahners Business Information, a unit of Reed Elsevier Inc.