IEEE Workshop on Reliability & Safety Supported by iMAPS UK and NMI University of GreenwichLondon14 April 2011

Microelectronics International

ISSN: 1356-5362

Article publication date: 2 August 2011

Citation

Ling, J. (2011), "IEEE Workshop on Reliability & Safety Supported by iMAPS UK and NMI University of GreenwichLondon14 April 2011", Microelectronics International, Vol. 28 No. 3. https://doi.org/10.1108/mi.2011.21828caa.010

Publisher

:

Emerald Group Publishing Limited

Copyright © 2011, Emerald Group Publishing Limited


IEEE Workshop on Reliability & Safety Supported by iMAPS UK and NMI University of GreenwichLondon14 April 2011

Article Type: Conferences and exhibitions From: Microelectronics International, Volume 28, Issue 3

It was probably appropriate that the 05.15 train down to London was cancelled. This would have made it possible to reach Greenwich in time to hear the first speaker of the day talking about reliability in transportation systems. There ought perhaps to have been a paper on reliability in people, but that is another matter altogether.

Peter Nolan is the man responsible for ATM Systems and Technology for Irish Aviation Authority, and came to describe to the many delegates the issues of introducing large and complex software systems into operation for air traffic control. Whilst most of the airspace that the Irish have responsibility for is over the Atlantic, it pretty much looks after all the air traffic between Europe and North America, and operates out of ten centres including Shannon, Dublin, and Mount Gabriel. Flight data processing is complex; they have an automated information exchange system that covers many different airspaces, and they are about to introduce a new one under the name of COOPANS; for this they have been running the hardware since 2008, and the software allows their safety objectives to be met, being qualitative rather than quantitive. The IAA had their baptism of fire at 11.30 a.m. on the 9 July 2008, when, thanks to a faulty network card caused by major data flooding, they lost all communications with the traffic for which they were responsible, an alarming situation that they were determined should never happen again. A case of unreliability jeopardising safety, clearly.

Michael Pont runs TTE Systems in Leicester and presented a paper on embedded systems and their role in predictability, reliability and safety. Embedded systems are ubiquitous – they are in automotive, aerospace, defence, medical-you name it, they are there. Embedded processer design really matters, it has taken 100,000 man days to develop, and has resulted in a product with a 30-50 year service life. In most cases, his company endeavours to make the software fit the hardware, they conform to DO-178 safety levels, and their processors have a response time on 1 μs. Michael felt that it would be the automotive industry, not aerospace, which would determine the future complexity of projects, and here real-time computer systems are needed to monitor potential failures. Detecting failures is one thing, but detecting foreign cyber raids is another. Michael mentioned WCET, which stands for worst case execution time, but he then mentioned 35 μs, which sounds pretty fast. Matching software architecture to hardware architecture is important, as is functionality, and their COTS system mismatch is only 5 per cent.

Craig Hillman is the CEO of DfR Solutions, based in College Park, Maryland, the USA. His challenge is automotive electronics, which have to be many things to many people. They have to operate in severe environments, they have a direct engagement with the public, they have to have a 10+ year warranty, they need to be state-of-the-art technology, be of low cost but available in high volume, and be safety critical to boot. In a car, the passenger compartment can exceed 80°C, and electronics mounted under the bonnet can meet temperatures of 150°C. There could be over 1,000 temperature cycles per year, and door mounted electronics experience 40G shock over 100,000 times.

Are automotive electronics succeeding? Yes, for as the electronics content of a car has soared, so there has been a consistent drop in problems as the components industry accepts the AEC quality and reliability requirements.

Reliability, said Craig, is a product’s ability to perform the specified function at the customer’s place of use over the desired lifetime. Or, as one delegate said, it is consistent quality. Craig steered us through the Physics of Failure, which his university says is founded on the conviction that failures are governed by fundamental processes (mechanical, electrical, thermal, chemical, and radiation) that inflate when the applied stress exceeds the material strength. NASA and the US Army have their own definitions but they are not far removed. Craig summarised by saying that the automotive industry does need to improve existing performance of electronics in regards to reliability, and therefore safety.

Bob Page is the men to listen to if you wish to know about HALT and HASS.

He runs a company called Reliability+Plus and knows about these things probably better than anyone else. HALT is a Highly Accelerated Life Test, and HASS is Highly Accelerated Stress Screening. They are techniques, not specifications. Bob had his own definitions – reliability is a prerequisite for safety, and failure derives from insufficient attention to design for reliability.

Robustness is the key to reliability, whereby a component or system is impervious to factors which can affect its’ function and performance. The public has a high expectation of electronics equipment being robust, and the basic premise of HALT is to find weaknesses, not to comply with specifications. Under HALT, the principles are to apply stepped levels of appropriate stress to find the fundamental limit of the technology. Here, one can apply stress, analyse failure, and improve design, or repair and strengthen. Bob did not specify what thermal cycling programme was needed, nor what vibration levels were required, as these are dependant upon the product and the end use. But his company can implement HALT and HASS for a manufacturer, and in most cases product performance has been improved by over 30 per cent.

Anne Vanhoestenberghe of UCL came to talk about Active Medical Implants – anything worth having is worth implanting. Implants do not harm the body, and once implanted, and all the time that they are working, they are safe. However, reliability is critical for safety. Safety goes further than just adequate design. But if you put electronics in a body, you are putting electronics in a moist environment, and moisture and electronics are not basically compatible.

To eliminate water vapour, you need a hermetically sealed enclosure, such as a Ti or ceramic envelope with metal in glass feed-throughs. Silicone elastomer is also a contender; it has been in use for more than 30 years. Avoiding corrosion and avoiding condensation is key. and for that you need to avoid voids. How small can it be? 2-mm high and 1.2 cms Ø. In her department, they are working on embedding integrated circuits within the silicone mount by two methods, either by gold ball bonding or an Au-Si eutectic. However, there is no leak testing method that can guarantee long-term (50 years) dry operating conditions. But her question was what would be an acceptable level of RH? We await the news.

Suzanne Costello at Heriot-Watt University MicroSystems Engineering Centre has been working with Professor Marc Desmulliez on ultra low leak detection methods for MEMS packaging. A hermetic package protects a device from external environmental stresses whilst providing an environment within the human body for good operational device performance; it increases reliability and prolongs the lifetime. They are used therefore to keep the ambient environment free of contaminants, and to prevent oxidation. Her time to package failure chart looked promising, the ultra fine could give up to one year without changing. Suzanne described various test methods, including the cumulative helium leak detection, the Q-factor test method (for free-standing structures), copper test patterns which can be deposited inside the package and the extent of copper oxidation is observed to detect leak rate, and Fourier transform infra-red reflectometry which is successful for packages down to 5 mm3.

Professor Chris Bailey of the University of Greenwich looked at corrosion induced failures and their impact on reliability and safety. The mechanics of corrosion are essentially a chemical attack, and can come in various forms, and modes of corrosion include galvanic and microbiological influenced corrosion. Corrosion costs the USA 3 per cent of GDP. Reliability testing comes under various headings such as JEDEC, ASTM B119. Corrosion can be fatal, examples were shown of crevice corrosion and pitting corrosion. Corrosion will disrupt the strength distribution, causing stress on the non-corroded parts which leads to failure. Corrosion can be monitored by various means and although it cannot be stopped or prevented altogether by electro-plating or paint, it can be monitored by sensors, by visual inspection, and by ultrasonics, thermal stress and hydroscopic stress can be measured by modelling, and the description of the work being done on the Cutty Sark, but sadly not by the University of Greenwich, was most interesting. The relationship between safety and reliability was never more clearly indicated than with corrosion, which has a significant impact on both virtues.

Keith Armstrong is the Chairman of the IET WEorking Group on EMC and Functional Safety. EMC is linked to safety. All electronic devices all suffer from electro-magnetic interference. Electronic devices are becoming more complex, and there is increasing electro-magnetic pollution; Keith maintains that manufacturers comply with the minimum of standards required by law, so there are increasing risks for users and third parties. So, Keith introduced the workshop to the IET’s 2008 Guide on EMC for Functional Safety, a practical guide written in a way that allows it to be used with any functional safety standard. You cannot afford to reply solely on EMC testing to control risks, but you can use it to meet IEC 61508 for the functional safety of electrical/electronic/programmable electronic safety-related systems.

Managing the reliability “Time bombs” of Modern Electronics and Photonics was the subject of a warning from the mightily experienced and knowledgeable Nihal Sinnadurai who is the CEO of ATTAC in Felixstowe, and who is also an iMAPS UK stalwart.

Cutting corners can be dangerous. Inadequate reliability of outsourced and cheap manufactured products has led to failures, and Germany is now more concerned about the quality of products which will give a better service. Simulation on its own is not good enough. Dumbing down reliability standards is also dangerous if the products cannot be fit for purpose. Nihal had an interesting list of subtle and “hidden” causes of component unreliability which were many and varied. And worrying.

He concluded with something to take away from the meeting which very aptly summarised the whole focus of the day. “If we keep going for the cheapest, we may get the worst. In a market economy, it is the consumers who must pay the cost, or suffer the penalty”. One fears they may just do that.

Summary

A thoroughly worthwhile event held within the magnificent buildings of the University of Greenwich, comprising a thoughtful programme of papers from a wide variety of speakers, all of whom held to the one theme announced in the banner – reliability and safety. For those who might have had their Toyota recalled, or who recall oil rigs exploding, or who have read about airliners crashing in mysterious circumstances into the ocean, or who have been stuck on a train as the motive power unit fails, such topics have a resonance.

John LingAssociate Editor, Microelectronics International