MOSFET Redundancy/Fail-Safe in Automotive System

Click For Summary

Discussion Overview

The discussion revolves around the implementation of redundancy and fail-safe mechanisms for N-MOSFETs used in automotive systems, specifically focusing on ensuring that relays controlling the 'Run' circuit maintain power in the event of a FET failure. Participants explore various design considerations, including circuit protection, fault detection, and the reliability of electronic components in automotive applications.

Discussion Character

  • Exploratory
  • Technical explanation
  • Debate/contested
  • Conceptual clarification

Main Points Raised

  • One participant suggests using a logic gate to compare the MCU's output with the FET's state to detect faults, proposing a voltage divider and external TVS for voltage clamping.
  • Another participant recommends using latching relays to maintain circuit integrity even if the driver circuit fails, advocating for a separate backup system using a PMOS that activates upon primary FET failure.
  • A participant raises concerns about the risks associated with single point failures and emphasizes the importance of considering both the probability and consequences of component failures.
  • One participant discusses the potential complications of using relays, noting the need for additional overcurrent protection and the challenges posed by FETs shutting down due to overtemperature or short circuits.
  • There is curiosity about OEM practices regarding the design of electrical systems in vehicles, questioning whether they rely solely on component specifications or also implement fail-safe redundancies.

Areas of Agreement / Disagreement

Participants express differing opinions on the best approach to redundancy and fail-safe mechanisms, with no consensus reached on whether to use parallel FETs or a completely separate backup system. The discussion remains unresolved regarding the optimal design strategy for ensuring reliability in automotive applications.

Contextual Notes

Participants highlight the importance of understanding the risks associated with electronic component failures and the limitations of various proposed solutions, including the need for additional protective circuitry and the implications of component behavior under fault conditions.

¡MR.AWESOME!
Messages
35
Reaction score
0
Yohoho. I've got an N-MOSFET driving some relays that control the 'Run' circuit in a vehicle. If a FET fails, these relays must not cut off power while the car is running. The FET's I'm using are ON Semi's NCV8402. They are pretty heavy duty as it is, but I want to implement some sort of redundant or fail-safe system to make sure.

I have an MCU with CMOS output of 3.3V driving the gate. There is a series resistor on the gate as well as a pull-down resistor. I will probably include a diode to block any voltage to the MCU that may arise out of a Drain-Gate short failure. How does that sound to you guys? Did I miss anything so far?

I was thinking of using a logic gate to compare the state of the MCU's output pin with the state of the FET to determine if a fault occurred. I would a voltage divider from the drain-side of the FET to one of the inputs of the logic gate and the other side of the logic gate to the gate-side of the FET. Doing this would require me to clamp the voltage down to a lower level than what is provided by the MOSFET, so I would add an external TVS from Drain to Source as well. How does that sound?

Now the real trouble I'm having is deciding on whether to just wire up two FETs in parallel and monitor if one of them goes bad to alert the operator, or if i need a completely separate backup system that is unused in normal operation, but would kick in in case of the primary MOSFET failing. I feel like if there was some event large enough to take out one of the FETs, if they were in parallel, the event would take them both out. So I would need a separate system. Lemme know what you guyses think.

Thanks
 
Last edited:
Engineering news on Phys.org
You could use latching relays. That way once they close, even if the driver ckt blows out, it does not affect them.

For the back up system, I would go with a "separate system".
Maybe use a PMOS as back up, which kicks in only when the primary mosfet fails.
 
¡MR.AWESOME! said:
I was thinking of using a logic gate to compare the state of the MCU's output pin with the state of the FET to determine if a fault occurred. I would a voltage divider from the drain-side of the FET to one of the inputs of the logic gate and the other side of the logic gate to the gate-side of the FET. Doing this would require me to clamp the voltage down to a lower level than what is provided by the MOSFET, so I would add an external TVS from Drain to Source as well. How does that sound?

Now the real trouble I'm having is deciding on whether to just wire up two FETs in parallel and monitor if one of them goes bad to alert the operator, or if i need a completely separate backup system that is unused in normal operation, but would kick in in case of the primary MOSFET failing. I feel like if there was some event large enough to take out one of the FETs, if they were in parallel, the event would take them both out. So I would need a separate system. Lemme know what you guyses think.

You need to stop and think what the real risks are. Risk has two parts, the probability of somethinig happening and the consequences of it happening.

You are right that "single point failures" are important. None of these complications will have any effect if your power supply fails, for example.

I would think that lilkelihood of electronic components failing if they are used within their correct operating parameters would be negligible compared with the chance of mechanical failure in an "average" automotive system, and the consequence of even complete engine failure is not necessarily serious, though obviously annoying!

Another thing to consider is "what are you going to do after you detect a failure". If the answer is "you can't do anything much", there was not much point trying to detect it.
 
Thanks for the replies.

Relay's are great, but then I would need some extra overcurrent/short circuit protection circuit. The FETs already have that built in. I was thinking of using a NC relay that, when all was functioning fine, would have power to it and be open, but as soon as something wasn't right, the power would be cut off and the circuit would close. The only problem with that is if the FET is short circuited and it's ovetemp shutdown kicks in, then whatever circuit I had to detect when the FET was 'Off' when it should be 'On' will close the relay's contacts and then the relay or the wires would burn up due to the short circuit. To get around that, I would need either a different (more expensive) FET with a diagnostic pin that would indicate that it shutdown due to overtemp or I would need another short circuit detection circuit.

None of these options are very appealing.

I'm curious as to what OEM's do. Do they just design to keep all electrical aspects within the devices parameters? Or do they also employ fail-safe redundant systems? I've never heard of an ECU needing to be replaced due to a situation that didn't involve a person fiddling around with it.

Thanks
 

Similar threads

Parallel MOSFET safety diagnostics circuit
  • · Replies 1 ·
Replies
1
Views
2K
Bidirectional current switching with single type transistor
  • · Replies 42 ·
2
Replies
42
Views
6K
Mosfet SSR, flyback shunt/crowbar safety circuit
  • · Replies 1 ·
Replies
1
Views
2K
Channel length modulation in a MOSFET
  • · Replies 4 ·
Replies
4
Views
5K
Can a Floating Voltage be Generated Without an Auxiliary Low Voltage Battery?
  • · Replies 18 ·
Replies
18
Views
6K
Bipolar totem-pole mosfet driver
  • · Replies 7 ·
Replies
7
Views
8K
Sanity check.... Current limiting MOSFET driver
  • · Replies 12 ·
Replies
12
Views
4K
Reverse polarity protection circuit. Help with component values?
  • · Replies 17 ·
Replies
17
Views
11K
Need a force-like unit for classical particle system simulation
  • · Replies 4 ·
Replies
4
Views
1K
LTC4440 LTSpice simulation problems?
  • · Replies 3 ·
Replies
3
Views
5K