Professional Documents
Culture Documents
The Failure Mode and Effect Analysis Fmea Implementation For CSD An17582 12
The Failure Mode and Effect Analysis Fmea Implementation For CSD An17582 12
AN17582
Authors: Vadym Grygorenko, Gianluca Pedrina
Associated Project: Yes
Associated Part Family: CY8C21x34
GET FREE SAMPLES HERE
Software Version: PSoC Designer™ 5.0
Associated Application Notes: None
[+] Feedback
AN17582
The sensor pin is configured to resistive pull up drive baseline values are compared to the stored values. If the
mode. This is achieved by writing a „0‟ to the actual value is less than the stored value and the
corresponding bit of the port DM2 register, and a „1‟ to difference exceeds a threshold, a system fault is detected.
DM1, DM0, and DR registers. In normal conditions, the The threshold value must not be too small to avoid false
CPU reads a logical one because of the pull up resistor. If fault triggering based on environmental condition changes.
the sensor is connected to ground through a small In addition, this value must not be too large to provide
resistance, then the input level is recognized as a logical reliable disconnect detection. This implementation
zero. provides two predefined threshold values: 25% and 12.5%
of the stored baseline value. These values are sufficient
Sensor-to-VCC shorting is detected by a similar method. for most applications. Choose the actual value in your
The corresponding schematic is shown in Figure 2. system by running tests on real boards in real systems.
Figure 2. Sensor-to-VCC Short Detection Schematic It is possible for the baseline value to change with
Vcc
temperature by about 25% (see the CSD User Module
data sheet). In this case, the previous method may be
insensitive to sensor disconnects at high temperatures or
shorting
may produce false fault detection at low temperatures. To
achieve more reliable sensor disconnect detection, add a
dedicated reference sensor. This reference sensor is
Sensor
formed with a generic capacitor, instead of a regular touch
area. It is used for baseline temperature drift
compensation. Assuming that the relative baseline
PSoC temperature drift is the same for real and reference
sensors, the drift is estimated as:
In this case, the sensor pin is configured to resistive pull Bref Norm
down drive mode (DM2, DM1, DM0, and DR = 0). The Drift , Equation 1
Bref Curr
input level is zero in normal conditions.
The schematic for the sensor-to-sensor short check is In Equation 1, BrefCurr is the reference sensor baseline
shown in Figure 3. value at current conditions, and BrefNorm is the reference
sensor baseline value in normal conditions.
Figure 3. Sensor-to-Sensor Short Detection Schematic Compare the actual sensor baseline to the stored value
with drift compensation, as shown in Equation 2.
Vcc
[+] Feedback
AN17582
t ln 4 Equation 4
t 1.39 Equation 5
[+] Feedback
AN17582
Description: Checks all sensors for shorts to Vcc, ground, Error Code Value Description
or sensor-to-sensor shorts. FMEA_OK 0x00 No errors detected
Input: None FMEA_NO_FLASH_DATA 0x08 Reference baselines
values are not stored
Output: Returns an error code in the accumulator, as in flash memory
shown in Table 1.
FMEA_BASELENE_DOWN 0x10 Baseline is below the
Table 1. Error Code Descriptions for FMEA_CheckShorts allowed value
Error Code Value Description The number of the sensor with the fault is stored in the
FMEA_OK 0x00 No errors detected global variable CSD_bSensorNum.
FMEA_SHORT_TO_VCC 0x01 A short to Vcc is
4. BYTE FMEA_CheckBaselinesRef (BYTE
detected
bRefNo)
FMEA_SHORT_TO_GND 0x02 A short to GND is
detected Description: Compares all sensor baselines to stored
FMEA_SHORT_TO_OTHER 0x04 Sensor-to-sensor
reference values with temperature drift compensation,
short is detected using a reference sensor. If the baseline is below
tolerance then an error code is returned. Tolerance is
defined by the constant FMEA_TOLERANCE. The allowed
The number of the sensor that caused the error is stored
in a global variable, CSD_bSensorNum. values are:
2. BYTE FMEA_SaveBaselines(void)
FMEA_12_5_PERCENT (tolerance is 12.5%)
Description: Stores the current (reference) baseline values FMEA_25_PERCENT (tolerance is 25%)
to the selected Flash block. It writes Input: bRefNo is the number of the dedicated reference
CSD_TotalSensorCount data words that contain baseline sensor.
values and one additional word, 0x55AA, as sentinel. This
sentinel allows you to check the EEPROM to see if it Output: Returns an error code in the accumulator, as
contains the stored values. Call this function once to call shown in Table 2.
the sensor disconnect detection algorithm, which is based
CSD_bSensorNum contains the bad sensor number.
on baseline level tracking. The Flash block number that is
used to save data is defined with the constant BLOCK_ID
in CSD_FMEA.asm. This block must be unprotected in the 5. BYTE FMEA_CheckBaselinesShield(void)
flashsecurity.txt file. Description: Compares the signal values with an enabled
Input: None and disabled shield electrode. If the difference is below
tolerance, then an error code is returned. Tolerance is
Output: Returns an error code in the accumulator. defined by the constant FMEA_TOLERANCE. The
allowed values are:
Value greater than zero: The sensor is OK.
FMEA_12_5_PERCENT (tolerance is 12.5%)
Zero: Indicates an error.
FMEA_25_PERCENT (tolerance is 25%)
Note The current implementation of this function works
only with the CY8C21x34 PSoC family.
Input: None
[+] Feedback
AN17582
Note Interrupts are not disabled during the measurement, Zero. This indicates an error.
because this function is not intended for precision
measurement, only for failure detection. If precision 4. BYTE FMEA_CheckDown(void)
measurement is required, disable interrupts before calling
FMEA_CheckMod(). Description: Checks all sensors for shorts to VCC by calling
FMEA_CheckSensorDown() once for each sensor.
Auxiliary Functions Input: None
Description: Checks all sensors for short to GND by calling Output: Returns an error code in the accumulator.
FMEA_CheckSensorUp() once for each sensor.
Value > zero. This indicates the sensor is OK.
Input: None
Output: Returns an error code in the accumulator.
Zero. This indicates an error.
One: Error.
CSD_bSensorNum contains the bad sensor number.
[+] Feedback
AN17582
Resources
First, store the reference values in the internal EEPROM
7 bytes RAM (does not include stack usage) using the FMEA_SaveBaselines() function. Then
function FMEA_CheckBaselines() is periodically called
1544 bytes ROM (large memory model, including 594
to check the sensors.
bytes for Flash API)
Another example is in the attached project for the CY3213
1351 bytes ROM (small memory model, including 594 CapSense Board.
bytes for Flash API)
You can decrease ROM usage by removing unused Summary
sensor disconnect detection functions from the assembler
You can easily modify the FMEA library implementation to
source file. Manual removal is more effective than
use it with the CSA User Module. Modifications are
compiler code compression features.
necessary because the CY8C20x34 PSoC family has
different drive modes for the pins.
Example Modify the functions FMEA_CheckSensorUp() and
Code 1 demonstrates how to check all sensors for any FMEA_CheckSensorDown() to correctly set pins to
shorting. The test results are displayed on the LCD. resistive pull up and pull down modes.
Code 1. Check Sensors for Shorting
bResult = FMEA_CheckShorts();
if (bResult == FMEA_OK)
LCD_PrCString(" FMEA Check OK ");
else if (bResult == FMEA_SHORT_TO_VCC) {
LCD_PrCString(" Sensor ");
LCD_PrHexByte(CSD_bSensorNum);
LCD_PrCString(" - Vcc");
}
else if (bResult == FMEA_SHORT_TO_GND) {
LCD_PrCString(" Sensor ");
LCD_PrHexByte(CSD_bSensorNum);
LCD_PrCString(" - Gnd");
}
else if (bResult == FMEA_SHORT_TO_OTHER) {
LCD_PrCString(" Sensor ");
LCD_PrHexByte(CSD_bSensorNum);
LCD_PrCString(" shorts");
}
[+] Feedback
AN17582
Document History
Document Title: Failure Mode and Effect Analysis (FMEA) Implementation for CSD
Document Number: 001-17582
Revision ECN Orig. of Change Submission Date Description of Change
** 1674263 Victor Kremin/HMT 10/25/2007 New Application Note.
*A 2545909 Victor Kremin/AESA 09/05/2008 Added chapter “Detecting sensor disconnect with
redundancy”. Changed title to “Failure Mode and Effect
Analysis (FMEA) Implementation for CSD“. Updated
application note template. Updated software version and
project to PSoC Designer 5.0.
PSoC is a registered trademark of Cypress Semiconductor Corp. "Programmable System-on-Chip," PSoC Designer, and PSoC Express are
trademarks of Cypress Semiconductor Corp. All other trademarks or registered trademarks referenced herein are the property of their
respective owners.
Cypress Semiconductor
198 Champion Court
San Jose, CA 95134-1709
Phone: 408-943-2600
Fax: 408-943-4730
http://www.cypress.com/
© Cypress Semiconductor Corporation, 2007-2008. The information contained herein is subject to change without notice. Cypress Semiconductor
Corporation assumes no responsibility for the use of any circuitry other than circuitry embodied in a Cypress product. Nor does it convey or imply any
license under patent or other rights. Cypress products are not warranted nor intended to be used for medical, life support, life saving, critical control or
safety applications, unless pursuant to an express written agreement with Cypress. Furthermore, Cypress does not authorize its products for use as
critical components in life-support systems where a malfunction or failure may reasonably be expected to result in significant injury to the user. The
inclusion of Cypress products in life-support systems application implies that the manufacturer assumes all risk of such use and in doing so indemnifies
Cypress against all charges.
This Source Code (software and/or firmware) is owned by Cypress Semiconductor Corporation (Cypress) and is protected by and subject to worldwide
patent protection (United States and foreign), United States copyright laws and international treaty provisions. Cypress hereby grants to licensee a
personal, non-exclusive, non-transferable license to copy, use, modify, create derivative works of, and compile the Cypress Source Code and derivative
works for the sole purpose of creating custom software and or firmware in support of licensee product to be used only in conjunction with a Cypress
integrated circuit as specified in the applicable agreement. Any reproduction, modification, translation, compilation, or representation of this Source
Code except as specified above is prohibited without the express written permission of Cypress.
Disclaimer: CYPRESS MAKES NO WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, WITH REGARD TO THIS MATERIAL, INCLUDING, BUT
NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Cypress reserves the
right to make changes without further notice to the materials described herein. Cypress does not assume any liability arising out of the application or
use of any product or circuit described herein. Cypress does not authorize its products for use as critical components in life-support systems where a
malfunction or failure may reasonably be expected to result in significant injury to the user. The inclusion of Cypress‟ product in a life-support systems
application implies that the manufacturer assumes all risk of such use and in doing so indemnifies Cypress against all charges.
Use may be limited by and subject to the applicable Cypress software license agreement.
[+] Feedback