MOSFET Redundancy/Fail-Safe in Automotive System

Click For Summary
SUMMARY

The discussion focuses on implementing redundancy and fail-safe mechanisms for N-MOSFETs, specifically ON Semi's NCV8402, in automotive applications. The primary concern is ensuring that if a FET fails, the relays controlling the 'Run' circuit do not cut off power while the vehicle is operational. Participants suggest using a separate backup system, possibly a PMOS, that activates only upon failure of the primary FET. Additionally, the use of logic gates for fault detection and external TVS diodes for voltage clamping are recommended to enhance reliability.

PREREQUISITES
  • Understanding of N-MOSFET operation and characteristics
  • Familiarity with automotive relay systems
  • Knowledge of logic gate functionality and applications
  • Experience with transient voltage suppression (TVS) diodes
NEXT STEPS
  • Research the implementation of PMOS as a backup system in automotive circuits
  • Learn about designing fault detection systems using logic gates
  • Explore transient voltage suppression techniques for automotive applications
  • Investigate best practices for redundancy in automotive electronic systems
USEFUL FOR

Automotive engineers, circuit designers, and anyone involved in the development of fail-safe electronic systems in vehicles.

¡MR.AWESOME!
Messages
35
Reaction score
0
Yohoho. I've got an N-MOSFET driving some relays that control the 'Run' circuit in a vehicle. If a FET fails, these relays must not cut off power while the car is running. The FET's I'm using are ON Semi's NCV8402. They are pretty heavy duty as it is, but I want to implement some sort of redundant or fail-safe system to make sure.

I have an MCU with CMOS output of 3.3V driving the gate. There is a series resistor on the gate as well as a pull-down resistor. I will probably include a diode to block any voltage to the MCU that may arise out of a Drain-Gate short failure. How does that sound to you guys? Did I miss anything so far?

I was thinking of using a logic gate to compare the state of the MCU's output pin with the state of the FET to determine if a fault occurred. I would a voltage divider from the drain-side of the FET to one of the inputs of the logic gate and the other side of the logic gate to the gate-side of the FET. Doing this would require me to clamp the voltage down to a lower level than what is provided by the MOSFET, so I would add an external TVS from Drain to Source as well. How does that sound?

Now the real trouble I'm having is deciding on whether to just wire up two FETs in parallel and monitor if one of them goes bad to alert the operator, or if i need a completely separate backup system that is unused in normal operation, but would kick in in case of the primary MOSFET failing. I feel like if there was some event large enough to take out one of the FETs, if they were in parallel, the event would take them both out. So I would need a separate system. Lemme know what you guyses think.

Thanks
 
Last edited:
Engineering news on Phys.org
You could use latching relays. That way once they close, even if the driver ckt blows out, it does not affect them.

For the back up system, I would go with a "separate system".
Maybe use a PMOS as back up, which kicks in only when the primary mosfet fails.
 
¡MR.AWESOME! said:
I was thinking of using a logic gate to compare the state of the MCU's output pin with the state of the FET to determine if a fault occurred. I would a voltage divider from the drain-side of the FET to one of the inputs of the logic gate and the other side of the logic gate to the gate-side of the FET. Doing this would require me to clamp the voltage down to a lower level than what is provided by the MOSFET, so I would add an external TVS from Drain to Source as well. How does that sound?

Now the real trouble I'm having is deciding on whether to just wire up two FETs in parallel and monitor if one of them goes bad to alert the operator, or if i need a completely separate backup system that is unused in normal operation, but would kick in in case of the primary MOSFET failing. I feel like if there was some event large enough to take out one of the FETs, if they were in parallel, the event would take them both out. So I would need a separate system. Lemme know what you guyses think.

You need to stop and think what the real risks are. Risk has two parts, the probability of somethinig happening and the consequences of it happening.

You are right that "single point failures" are important. None of these complications will have any effect if your power supply fails, for example.

I would think that lilkelihood of electronic components failing if they are used within their correct operating parameters would be negligible compared with the chance of mechanical failure in an "average" automotive system, and the consequence of even complete engine failure is not necessarily serious, though obviously annoying!

Another thing to consider is "what are you going to do after you detect a failure". If the answer is "you can't do anything much", there was not much point trying to detect it.
 
Thanks for the replies.

Relay's are great, but then I would need some extra overcurrent/short circuit protection circuit. The FETs already have that built in. I was thinking of using a NC relay that, when all was functioning fine, would have power to it and be open, but as soon as something wasn't right, the power would be cut off and the circuit would close. The only problem with that is if the FET is short circuited and it's ovetemp shutdown kicks in, then whatever circuit I had to detect when the FET was 'Off' when it should be 'On' will close the relay's contacts and then the relay or the wires would burn up due to the short circuit. To get around that, I would need either a different (more expensive) FET with a diagnostic pin that would indicate that it shutdown due to overtemp or I would need another short circuit detection circuit.

None of these options are very appealing.

I'm curious as to what OEM's do. Do they just design to keep all electrical aspects within the devices parameters? Or do they also employ fail-safe redundant systems? I've never heard of an ECU needing to be replaced due to a situation that didn't involve a person fiddling around with it.

Thanks
 

Similar threads

Parallel MOSFET safety diagnostics circuit
  • · Replies 1 ·
Replies
1
Views
2K
Bidirectional current switching with single type transistor
  • · Replies 42 ·
2
Replies
42
Views
5K
Mosfet SSR, flyback shunt/crowbar safety circuit
  • · Replies 1 ·
Replies
1
Views
2K
Channel length modulation in a MOSFET
  • · Replies 4 ·
Replies
4
Views
5K
Can a Floating Voltage be Generated Without an Auxiliary Low Voltage Battery?
  • · Replies 18 ·
Replies
18
Views
6K
Bipolar totem-pole mosfet driver
  • · Replies 7 ·
Replies
7
Views
8K
Sanity check.... Current limiting MOSFET driver
  • · Replies 12 ·
Replies
12
Views
3K
Reverse polarity protection circuit. Help with component values?
  • · Replies 17 ·
Replies
17
Views
11K
Need a force-like unit for classical particle system simulation
  • · Replies 4 ·
Replies
4
Views
1K
LTC4440 LTSpice simulation problems?
  • · Replies 3 ·
Replies
3
Views
5K