Welcome to EDAboard.com

Welcome to our site! EDAboard.com is an international Electronic Discussion Forum focused on EDA software, circuits, schematics, books, theory, papers, asic, pld, 8051, DSP, Network, RF, Analog Design, PCB, Service Manuals... and a whole lot more! To participate you need to register. Registration is free. Click here to register now.

Register Log in

H-Bridge during processor fail

Status
Not open for further replies.

jjwsei

Newbie level 2
Joined
Mar 28, 2008
Messages
2
Helped
0
Reputation
0
Reaction score
0
Trophy points
1,281
Activity points
1,307
I am looking for any advice on how to best address the following issue:

A generic 8-bit microcontroller using an external crystal for clocking has two I/O pins being used to drive a discrete MOSFET h-bridge. If the controller should be at a point in the code that is commanding the h-bridge to be in an active state (one I/O line high and the other low) and the crystal of the microcontroller fails, the I/O lines will remain in the last set state. This means that the h-bridge will continue to run unimpeded which could be bad. Obviously the microcontroller WDT will be of no use since the crystal has died.

Thoughts or experiences on addressing this scenario would be welcome.
 

crutschow

Advanced Member level 5
Joined
Feb 22, 2012
Messages
3,789
Helped
903
Reputation
1,804
Reaction score
888
Trophy points
1,393
Location
L.A. USA Zulu -8
Activity points
21,349
Crystal failure is highly unlikely. Why are you worrying about that?

If you are really concerned about any failure that could hang the bridge, you could use an external Missing Pulse Detector circuit to shut the bridge off if the signal to the bridge quits.
 

jjwsei

Newbie level 2
Joined
Mar 28, 2008
Messages
2
Helped
0
Reputation
0
Reaction score
0
Trophy points
1,281
Activity points
1,307
Crystal failure is highly unlikely. Why are you worrying about that?

If you are really concerned about any failure that could hang the bridge, you could use an external Missing Pulse Detector circuit to shut the bridge off if the signal to the bridge quits.
I understand that crystals are relatively reliable but I have seen the case that I mentioned happen to a product that was using a BJT to drive a DC motor. Luckily the motor running uncontrolled, while bad, was not dangerous. Seeing this just brought to mind my question of what, if anything, people typically do to protect such a runaway situation.

My assumption would be that the reliability of an internal oscillator, built into more and more microcontrollers these days, is even more reliable than a crystal but I have no data to back up my assumption.

The missing pulse detector approach was my first thought also. However could it be even more simple than that? For example what if the motor drive transistor where PWM controlled and you coupled the PWM signal to the base of the drive transistor through a capacitor, then as long as the PWM signal were active the motor would be driven. If the PWM signal failed, do to a microntroller failure or the microcontroller halting the PWM signal, then the motor would stop. Seems simply and easy enough to do as a safety backup so why is it not implemented by default in most drive circuits i have seen? What am I missing?
 

Tahmid

Advanced Member level 5
Joined
Jun 17, 2008
Messages
4,758
Helped
1,791
Reputation
3,574
Reaction score
1,650
Trophy points
1,393
Location
Silicon Valley, California, USA (from Dhaka, Bangl
Activity points
30,545
You can enable IESO in the (PIC) configuration settings (if it exists in the microcontroller you're using). There's a fail-safe clock monitor that monitors the external clock source (LP, XT, HS, RC, EC) and switches to the internal oscillator when it detects the failure of the external clock source.

Hope this helps.
Tahmid.
 
Last edited:

FvM

Super Moderator
Staff member
Joined
Jan 22, 2008
Messages
47,851
Helped
14,118
Reputation
28,491
Reaction score
12,799
Trophy points
1,393
Location
Bochum, Germany
Activity points
277,744
I don't understand why you don't utilize the watchdog to handle the claimed problem. A watchodg reset will tristate the outputs, with respective external circuitry the system will fall into a safe state. This would be also the case for a number of more likely failure scenarios.
 

crutschow

Advanced Member level 5
Joined
Feb 22, 2012
Messages
3,789
Helped
903
Reputation
1,804
Reaction score
888
Trophy points
1,393
Location
L.A. USA Zulu -8
Activity points
21,349
...................................
The missing pulse detector approach was my first thought also. However could it be even more simple than that? For example what if the motor drive transistor where PWM controlled and you coupled the PWM signal to the base of the drive transistor through a capacitor, then as long as the PWM signal were active the motor would be driven. If the PWM signal failed, do to a microntroller failure or the microcontroller halting the PWM signal, then the motor would stop. Seems simply and easy enough to do as a safety backup so why is it not implemented by default in most drive circuits i have seen? What am I missing?
Certainly a capacitor would suffice if you biased the transistor to be off with no input. You may also need a diode to ground at the transistor input to act as a clamp and avoid excursions below ground.

It's likely not included in most designs because of the extra cost and complexity, and that the probability of such a failure occurring is considered very small. When is the last time you heard of a processor failing in a PC?
 

Status
Not open for further replies.
Toggle Sidebar

Part and Inventory Search

Welcome to EDABoard.com

Sponsor

Top