Sneak circuit analysis
This article has multiple issues. Please help improve it or discuss these issues on the talk page.
|
Sneak Circuit Analysis is a vital part of the safety assurance of safety-critical electronic and electro-mechanical systems.
Sneak conditions are defined as latent hardware, software, or integrated conditions that may cause unwanted actions or may inhibit a desired function, and are not caused by component failure.
Sneak Circuit Analysis (SCA) is used in safety-critical systems to identify sneak (or hidden) paths in electronic circuits and electro-mechanical systems that may cause unwanted action or inhibit desired functions. The analysis is aimed at uncovering design flaws that allow for sneak conditions to develop. The sneak circuit analysis technique differs from other system analysis techniques in that it is based on identification of designed-in inadvertent modes of operation and is not based on failed equipment or software.
SCA is most applicable to circuits that can cause irreversible events. These include:
- a. Systems that control or perform active tasks or functions
- b. Systems that control electrical power and its distribution.
- c. Embedded code which controls and times system functions.
Sneak conditions are classified into four basic types:
- 1. Sneak paths - unintended electrical (current) paths within a circuit and its external interfaces.
- 2. Sneak timing–unexpected interruption or enabling of a signal due to switch circuit timing problems which may cause or prevent the activation or inhibition of a function at an unexpected time.
- 3. Sneak indications–undesired activation or deactivation of an indicator which may cause an ambiguous or false display of system operating conditions.
- 4. Sneak labels–incorrect or ambiguous labeling of a switch which may cause operator error through inappropriate control activation.
Contents
Historical background
SCA is a detailed examination of switching circuitry that controls irreversible functions such as squibs and latches. The former Military Standard for Reliability Program (MIL-STD-785B) defines SCA (Task 205) as a task “ … to identify latent paths which cause occurrence of unwanted functions or inhibit desired functions, assuming all components are functioning properly.”
The Mercury-Redstone launch failure 1961 and a number of other mishaps caused by sneak circuits in missiles and torpedoes caused the military services and NASA to require formal procedures for prevention of these incidents. The first computer aided implementation of SCA was for the NASA Apollo program in 1967 by the Boeing Company.[1] Among early publications in the field are a 1970 Boeing report “Sneak Circuit Analysis Handbook” by J. P. Rankin and C. F. White (NTIS N71-12487), and a 1977 AGARD report by J. L. Wilson and R. C. Clardy “Sneak Circuit Analysis Application to Control System Design” (AD A041042). By 1980 the requirements for SCA had become sufficiently common to lead to the Navy publication of a “Contract and Management Guide for Sneak Circuit Analysis” (NAVSEA-TE001-AA-GYD-010/SCA).[2] Subsequent efforts led to several Air Force reports in 1990: "Sneak Circuit Analysis for the Common Man", Rome Air Development Center Technical Report, RADC-TR-89-223, October 1989[3] and "Intergration of Sneak Analysis with Design", Air Development Center Technical Report, RADC-TR-90-109, (June 1990.).[4]
Current standards and guidelines include NASA’s Sneak Circuit Analysis Guideline for Electromechanical Systems (PD-AP-1314)[5] and AIAA’s Performance-Based Sneak Circuit Analysis (SCA) Requirements (BSR/ANSI/AIAA S-102.2.5-2xxx).[6]
Sneak circuit example
Most sneak circuits reported from production systems are too complex to describe in an introductory discussion. However, the essential characteristics of a sneak circuit can be explained with a hypothetical example of an aircraft cargo door release latch as shown in Figure 1-1.
Figure 1-1 Sneak Circuit in Cargo Door Latching Function
To prevent unintended opening of the cargo door in flight, the normal cargo door control (CARGO OPEN) is powered in series with the GEAR DOWN switch. This permits routine opening on the ground. But there can be emergencies that require jettisoning cargo, and to be prepared for these there is an EMERGENCY CARGO OPEN switch that may be guarded with a safety wire to prevent its unintended operation. Now assume that an in-flight emergency exists that requires opening the cargo door. The flight personnel flips the normal CARGO OPEN switch and nothing happens (since the GEAR DOWN switch is open). It is realized that it is necessary to close the EMERGENCY CARGO OPEN switch, and when that action is taken the cargo door latch is indeed released, permitting the door to be opened. But at the same time the landing gear is lowered, not a desired action and one that probably will aggravate the emergency. The condition that permits this undesired lowering of the landing gear to occur when both cargo door switches are closed is a sneak circuit.
Two observations about this sneak circuit apply generally:
1. Switches or other control elements are operated in an unusual or even prohibited manner
2. The unintended function (in this example the lowering of the landing gear) is associated with current flow through a circuit element that is opposite to the intended current flow.
The latter of these conditions permits elimination of the sneak circuit by inserting a diode as shown in Figure 1-2.
Figure 1-2. Corrected Cargo Door Latching Circuit
Conventional SCA techniques
The original SCA techniques depended on recognition of circuit patterns or “clues” for the detection of potential sneak circuits. The most common of these circuit patterns are shown in Figure 1-3.
Figure 1-3 Circuit Patterns for Sneak Circuit Analysis
The box symbols represent arbitrary circuit elements; in many cases the individual legs of the patterns include switches. It will be recognized that the leg containing the normal CARGO OPEN switch in Figure 1-1 constitutes the middle horizontal leg of an H-pattern. The inverted Y is also called a ground dome; note that the two bottom legs terminate in different ground levels, such as chassis ground and signal ground. The Y-pattern is also called a power dome. The two upper legs terminate at different power sources, such as V1 and V2.
To facilitate the recognition of these patterns or clues, the schematic diagrams were redrawn as “network trees”, with power sources at the top and grounds at the bottom. In sneak circuit analysis both positive and negative sources will be shown at the top of the figure. Because searching for the patterns is very labor intensive, computer programs were developed to recognize the common clues in the network trees. Main frame computers had to be utilized to perform the topological searches even on small designs. Despite the aid of computers, SCA remained a very expensive and lengthy activity, and it was usually conducted only after the circuit design was frozen to avoid having to repeat it after changes. This had a distinct disadvantage when a sneak circuit was detected: it became very expensive to fix it because usually the circuit card or cabling was already in production.
An effort of the Rome Air Development Center (now part of the USAF Research Laboratories) directed at finding techniques that would permit sneak circuit analysis to be conducted as part of the design activity led to the “bi-path” methodology, developed by SoHaR. The “bi-path” algorithm was implemented into an automated software tool that allowed large designs to be analyzed very quickly early in the design phase of a safety-critical circuit.
Editing
Editing is used to eliminate paths that cannot contribute to operation of sensitive elements (elements that can lead to critical actions). Circuits that control squibs or latches usually contain computational, instrumentation, and switching elements. An example of the integration of these functions for a hypothetical and simplified missile detonation system is shown in Figure 1-4. The computational elements at the top of the figure establish the conditions for operation of the pre-arm, arm, and detonate switches. The heavy lines constitute the switching elements. The instrumentation functions are shown in the lower part of the figure. Sneak circuit analysis encompasses only the switching functions; the computational and instrumentation elements are eliminated from the traced paths.
This editing is justified because the connection between the computational elements and the switches (shown as dashed lines in the figure) is non-conducting. In most cases the output of the computational element goes to the gate of a MOSFET while the switching function uses the source-drain path. The computational elements are typically quite complex and their failure probability is much higher than that of the switching path. Thus safeguards are provided to tolerate the worst failure modes of these devices and sneak circuit analysis of the computational elements is not required.
Figure 1-4. Hypothetical Missile Detonation System
The elimination of the instrumentation functions is justified by the isolation resistors at the connection with the switching function. The resistance values are typically of the order of 10k ohms. Since the switching voltage is in the 20V–30V range, the current flow through the isolation resistors cannot exceed a few milliamperes, while squibs fire only above 1 ampere. In addition to this editing of major blocks, individual elements connected to the switching circuit may have to be eliminated or modified by editing as shown in the examples of Figure 1-5. The feedback resistor Rf constitutes an intentional bi-path (not a sneak circuit). Its high resistance prevents significant current flow. In part b. of the figure a mechanical connection keeps switches S1 and S2 from being closed at the same time, preventing a power-to-power tie.
Figure 1-5. Editing for Intentional and Irrelevant Paths
1.Sneak Circuit Analysis for the Common Man–http://www.sohar.com/proj_pub/download/SCA4TheCommonMan.pdf 2. Integration of Sneak Analysis with Design http://www.sohar.com/proj_pub/publications/pub_132.html 3. Sneak Circuit Analysis http://www.sohar.com/ad_tech/sca.html 4. Sneak Circuit Analysis Automated Tool, SCAT http://www.sohar.com/software/scat/
References
- ↑ R.C. Clardy “Sneak Circuit Analysis Development and Application”, Region V IEEE Conference Digest, 1976, pp 112-116.
- ↑ http://oai.dtic.mil/oai/oai?verb=getRecord&metadataPrefix=html&identifier=ADA094541
- ↑ http://www.sohar.com/proj_pub/publications/pub_131.html
- ↑ http://www.sohar.com/proj_pub/publications/pub_132.html
- ↑ http://klabs.org/DEI/References/design_guidelines/analysis_series/1314msfc.pdf
- ↑ http://aiaa.kavi.com/apps/group_public/download.php/798/S-102.2.5(PR).pdf
External links
1.Sneak Circuit Analysis for the Common Man–[1]
2. Integration of Sneak Analysis with Design [2]
3. Sneak Circuit Analysis [3]
4. Sneak Circuit Analysis Automated Tool, SCAT [4]