Designing Safer Digital Circuits for Interfacing and Driving Signals

If you're concerned about interfaces with isolation, optoisolators are a good idea.

https://searchnetworking.techtarget.com/definition/optoisolator

Yes, optoisolator and electromagnetic relays are already in use in PLC.

Optoisolator are not free from capacitive coupling of common mode pulsed high voltage.

Perhaps fiber optic is relatively better.

Input stage photodiode is still sensitive and has to be replaced on damage, isn't damage proof unless something is done there too.

Q: Best for EMI protection?

A: Vacuum/thermionic tubes!

Yes, indeed vacuum tubes are the best choice. However, they are massive.

If <...cheap vulnerable electronics...> turn the user into an easy <...target...>, then there is rather more at stake than the problem of <...Designing safer digital circuits for interfacing and driving signals...>; lives are at risk in areas around the <...target...>. i.e. "Game over".

Great analysis.

I read your question with interest but did not see many replies. Perhaps partly because your question seemed biased to PLC & similar digital I/O which already have close attention given due to "safety requirements at work" and noisy nature of industrial environment.

Is the heart of electronics safe under transient RF, EMI and static heavy charges shock?

The "heart" is now usually some kind of computing microcontroller which uses memory for a program.

I must say it may not be, unless memory checksum routines and hardware "watchdogs", forcing a shutdown direct to outputs, are built-in. PLCs began with fusible ROM and static RAM - fusible very difficult to corrupt, static RAM with high current consumption (but high current impulse needed to push a bit into false state) but moved to static Battery Maintained "ROM" and EPROM/EAROM.

These last depend on a tiny charge buried in an ever smaller cell in an IC which is approaching quantum probability of error where electrons are "fuzzy" things which are not where you think they are. How secure are ever smaller charges against the mighty charges switched ever quicker by industrial gear?

I always remember the advice in Mostek manuals, around 1978 when their 16kbit dynamic RAMs were the biggest memory around - every chip will be corrupted once a year by a cosmic ray [no shielding against that]. Memories are physically same size now, but hugely more bits. It is no wonder PCs have parity bits and hardware checksums for blocks - they are expected to "glitch-out" occasionally without apparent reason requiring program reload or reboot/power down.

Ever more gear is radio connected, bathing the world in RFI. Recently, it was reported that very expensive cars [with "gimmick ignition keys" which allow engine start just because the key is in the driver's pocket] can be stolen by those whose criminal minds realised they could put a two-way repeater between the key in the house and a car on the drive.

Do we have time for designing safer electronics?

Ever more electronics seems to lack a real on-off switch, on the assumption the owner wants it on standby always - how much more time eating up MTBF and "hack-in" time does this give compared to only on when used? My TV turns "off to standby" quite often when the room light is turned on (room light is electronic CFL lamps). Simple equipment like fridges/freezers now have electronic controls & displays where once there was just a bimetal switch and a motor.

When I was young, homes were being fitted with heat insulation, but it was non-combustible rockwool or fibreglass - now it is combustible foam plastic - think of the Grenfell Tower fire here a year ago - started by a faulty freezer, maybe on recall for safety fault! Fire retardents, used in many plastics in electronics do not make them fireproof - plastics are typically combustible and worth their weight in fuel oil in a fire.

The last amendment to wiring regulations here 2015 requires non-combustible enclosures for "home fuse boards" because far too many are catching fire if they overheat and a plastic enclosure just sags out of shape or melts away from flames, letting them out to burn house down with occupiers asphyxiated in their sleep (fire retardants in plastic make more toxic fumes). When I began with electricity, fuses were in porcelain holders, then increasingly thermosetting plastics which smelt if overheated, but did not go out of shape - now you get thermoplastics which melt out of shape allowing conductors to move into contact - and circuit breakers made out of.....plastic. A fuse will fail if it overheats, can usually break a much higher fault current than breaker and after a short it is replaced with a new one - hidden in the specs for breakers is the fact that they are only required to break a short for as little as two times - how many users are aware that the convenience of easily turning circuit on/off seemingly any number of times carries a safety risk?

So there must be time for designing safer electronics when there is ever more of it, particularly since it is on for ever longer and contains more flammable material less well enclosed than old metal boxes. Also batteries of such power/weight ratio that they can melt down the equipment or set it on fire.

Are users willing to pay for safer circuits or do they consider these disposable crap?

I think they would if they understood the consequences. That the faulty gismo can be replaced for 1$ after your home has burnt down is no consolation. Bad media reports and legal claims can destroy your employer or you - the designer's name is on the paperwork, but the "vulture capitalist's" is not.

Your example of PLC is one where the (industrial) buyers understand the safety needs and expect safety, but I guess you mean "the user in the street or home" here.

Is engineering of current era making old great engineering ideas obsolete?

No - if Grenfell Tower [etcetara!] had freezers that did not catch fire, or non-combustible heat insulation, fire doors & barriers that met their spec or a sprinkler system or architects/contractors who understood what they dealt with, many people would still be alive and even more not homeless.

Are we making ourselves easier target by making cheap vulnerable electronics?

Yes and polluting everywhere with unrepairable throw away junk!

What are the list of things I must ensure in the designs? Please feel free to discuss. I am all ears to all of you experts. Let us begin here.

Your theme was safety, but I suppose reliability is a big factor, if something fails much less often, it is safer and the customer is happier because he does not have cost and trouble of replacement.

Simplicity is a great virtue - the Russian Proton rocket is one of the most reliable because of a philosophy of the simplest solution.

Electrical wiring regulations [some of the oldest electrical regulations in existence] start with the statement that their purpose is to avoid fire and electrocution. A look at national statistics (population 60 million, per year) gives 28 deaths due to LV electrocution, 350,000 serious injuries due to shock. But half of 40,000 domestic fires (244 deaths) were due to electricity.

So fire is more lethal and costly than other risks of electricity and should be considered seriously at design stage. It has been noted that recording tapes/discs made of plastic are combustible and worth their weight in petrol in a fire.

I worked for an aircraft engine maker who required the possible modes of failure of every part and consequences of failure to be identified, listed and quantified and evaluated where failure of equipment could be dangerous or have severe reliability or maintenance liabilities (like engine has to be taken off plane/disassembled to get at part). Ideally, everything would be done that way, but it is at least necessary to look at previous failure experience & risks e.g. in electronics one should look for parts which can be overloaded due to shorts or supply regulation failure.

A large survey of US military equipment failures in 1950s, highlighted by G.W.A. Dummer in a reliability textbook, reported that 60% of field failures were due to design faults or shortcomings. Reliance on parameters which were not actually specified or measured by the component maker and failure to allow for known faults were criticised, example transmitter valve often failing due to screen grid short circuit, which burnt out feed resistor. A feed resistor of high rating changed a "return to workshop" failure into an "in-air" plug-in replacement job. My experience is that this statistic has not changed. It is too easy to make a handful of prototypes from a "good" batch of parts and conclude all is well.

Under-running components compared to their maximum current or voltage or power by 2:1 has a massive effect on their running temperature, thus failure rate (and tolerance of occasional overload).

Attention must always be given to the physical layout of equipment as well as the circuit, particularly EMC risks. Putting a base resistor at the transistor end may avoid a long run of HiZ wiring connected to base and act as RFI filter. In other circumstance, putting the resistor at the incoming edge of the board acts as filter/ avoids external noisy wire track running into board close to sensitive circuits. Whenever possible, do not connect an IC pin direct to the outside world, put a resistor in the way - able to survive 240V rms if feasible - or a filter, at least a bypass capacitor.

When it comes to insulation breakdown, magnetic fields particularly and unwanted coupling generally, there is no substitute for distance and separation. PLCs have the I/O and logic backplane on opposite sides.

Example - A governor I tested, of reputable make and EMC tested to MILitary standards, could shut down plant, when driving an unsuppressed relay near its relay output contacts wiring. Simulation by connecting an unsuppressed relay coil to that contact, switched once/second by another relay and monitored by an oscilloscope showed 99/100 of switchings caused an innocuous voltage spike - number 100 was a 2kV peak burst of nanosecond risetimes, with governor relay rattle. The relay released, closing contact to 5ms speed plant shutdown relay. No indication of problem on governor. Cause of trip - 1) relay contact wires in gov tied in bundle with their coil wires [instead of coil & contact wires 1" apart on opposite sides of relay] 2) capacitance coupling gave negative spike on coil connected to relay drive transistor collector - forward biased collector-base. 3) base was connected to common by 0.1 μF, fed by 100k resistor - which looks like good bypass & time-lag to avoid spike effects. 4) Spike current charged cap & base to -8V via collector-base, then base-emitter zener breakdown clamped. 5) Transistor off, with >>10ms charge time causing relay release.

So the moral is ...do not suppose a few operations prove you do not have a problem or components only have the effect you wanted, do not let the production dept save a bit on wire dressing and ties and ruin your carefully analysed theoretical isolation. Panel builders/cabling contractors are also good at running everything together in one tray for minimum cost. They have to be told to separate terminals & wiring to keep noisy away from sensitive. If it is not in your installation manual, you will not get it. If it is, you will still have to remind customers and point out how much more difficult/costly it will be to separate after they have been mixed-up and trouble appears.

On the other hand, small equipment makes a small antenna to radiate/receive EMC trouble.

Thinking of your particular example of PLC input...

The real world does not care if you consider an input wire as common or ground. It may send spikes on either/both [ particularly since it is a common assumption for installation wiring that a short circuit in equipment may take the earth wire up to 2/3 the supply voltage, earth 1/2 cross section of live]. An opto coupler need not have the ballast resistor all on "live" side - it can be split equally between hot & common, for fast spikes there is then the small capacitance of the resistor connecting to common. Large tracks on double side board can give the opto diode a good capacitance to ground to "divide down" with resistor capacitance.

You particularly mention safety - in the earlier days of transistors, components, based on thermionic days, were made for high [mains] voltages and wattages automatically giving transistor use a considerable derating for reliability and fault tolerance. SMD components come in much lower voltage ratings and wattages and tiny clearances, although capacitance may be less (no end-caps). I always prefer, for mains use resistors, to select a part of suitable voltage/wattage rating and then fit two in series.

I could go on, but probably wrote too much anyhow.

Hi 67model,

You have made many great points.

Reliability is the key point. Reliability now and how long? Reliable under what circumstances?

In 2004 I purchased TDS2024 Tektronix DSO. It still works fine. Will my electronics be like that? If not then why? I do know that design experience of several decades and attitude to design with perfection is prime for some good companies. Knowing I must not bypass the design to eldup being unreliable due to one or few so so parts.

Industrial PLC was an example for very general daily use products. In research we.need performance and that may bypass safety else signal may disappear.

Compactness is another problem other than power hungry massive stuffs.

Electronics is srinking, power consumption is way down reaching impulse charge level.at sense inputs. Memories may fail anytime. Looking at fuse memories again and again. As if new memories can't be trusted.

Fuzzy? Break and restart? Problems in programs and data. Problems in functioning of CPU, problems in handling I/O etc. Like making permanent God using crap or like humans who die in anyway.

Hello again, Shyam,

I guess from the things you post that you were in the "low volume, high spec, high cost" area - as I was.

My old company had a term NRFT - Not Right First Time. It identified that most unexpected and unwelcome development costs/delays occurred when some part had to be re-designed and replaced after it was in use by the customer. An assessment of any new project resulted; as to whether it was all based on "what we know how to do and understand" , with risky or unknown elements identified. This might result in new research and/or a "technology demonstrator" build and test.

The best application project manager, after reviewing his experience and the cost files on previous jobs, had a dictum "Fixing an identified problem on customer's site costs 10 times fixing it in the factory" and would avoid trouble by delaying delivery or paying extra for fixing it in time.

Where safety is involved, the cost of NRFT is more severe.

You mention a DSO as being notably reliable. Test equipment is usually the "proof test" of other equipment -if it does not stay in calibration or functional it makes great trouble. It is assumed that any malperformance or variation in the equipment under test is there - not in the testgear!

A hidden but important part of cost of test equipment is that the manufacturer must have & keep calibrated, his own test & calibration gear significantly more accurate than what is made, as must a calibration "house". This is expensive and a user will have significant cost if he finds that testgear is "out of spec" when calibrated or needs frequent returns to ensure accuracy.

Expensive test equipment is usually complex and difficult to fault trace/repair if faulty. If "out of spec", where is the fault? If 100 are made and one fails with high remedial cost, this may be 10% of your 10% profit margin. The maker wants every one to work, every part must be reliable.

Also everything has to be tight tolerance and low drift but survive the occasional overloads inevitable with testing. Tight tolerance parts must be made better, or drift with time will mock the initial tolerance. Look at the spec of resistors, most basic and essential of parts - it is typical for soldering, any single test like high temp or humidity to cause a change of 0.5 to 1%, even though they may be bought as 1% tolerance "out of the box". This applies similar for 0.01% ultra precision items with tempco down to 2 ppm/'C - an individual test can cause 0.01% resistance change. The designer & production must make sure minimum stress is applied.

Basic parts such as power supply must reject noise and operate with low temperature rise/good cooling to avoid warming other parts. Overvoltage crowbar, to protect against overvoltage fault is justified against cost of destroying or de-calibrating every module "at one go". Local regulators on each board may reduce the risk of widespread damage and spread heat as well as satisfying local voltage/ripple/noise needs.

So there are strong reasons to use well derated, high quality parts running with low temperature rise in test equipment. This is also the formula for reliability.

Yes, the volumes are real low, as I work in research and partially in education. That a design must perform alone isn't the criteria and consistency over reasonable time span along with falure resistance is also deeply looked into.

Burn test, emp and esd we're common tests done. Ceramic package was preferred but now we get plastics that shuch moisture and good reason for failures.

Equipments are never switched off so, heat is always there. However, many places where I worked are at seashore with high moisture and salt in air.

Many manufacturers have switched hands so do not know with whom I can discuss.

A colleague who consulted manufacturers about most reliable semiconductors discovered that automotive parts are the best. Volumes far exceed military/space - millions of units field proven with high/low temp, temperature cycling, outdoor damp, vibration, EMC exposure, supply that also starts engine. Failures soon get reported - no-one likes their car to not start/stop dead at 70 mph & manufacturers compete on length of warranty.

Some plastic parts have the IC within buried under glass & I remember that first plastic transistors to get military approval did better on temperature cycling than metal.

Stored plastic ICs are to be baked before fixed over circuits is usual practice to get the moisture out.

Same problem exists if circuit wasn't in use for very long or was dipped in water but can't be baked. Trapped moisture kills. It kills much faster when you solder them.

Why the beauty on old ceramic parts manufacturing died? Cost? We only see hybrid on ceramic now.

I agree that automotive parts are real robust. I use many MOSFETs that are rated for automotive high temperature high power continuous use.

I still find hard to get good discrete parts which I love to design with for each distint key function and then integrated together.

It is good that few manufacturers have stored design files and are prepared to manufacture old gold parts on order but at much higher cost. I consider it worth at times.