Sneak Circuits of Power Electronic Converters E-Book

Table of Contents

Title Page

Copyright

About the Authors

Preface

Acknowledgments

Chapter 1: Sneak Circuit and Power Electronic Systems

1.1 Reliability of Power Electronic Systems

1.2 Sneak Circuit

1.3 Sneak Circuit Analysis

1.4 Power Electronic System and Sneak Circuit Analysis

1.5 Arrangement of this Book

References

Part One: Sneak Circuit Phenomena

Chapter 2: Sneak Circuits of Resonant Switched Capacitor Converters

2.1 Introduction

2.2 Sneak Circuits of Basic RSC Converter

2.3 Sneak Circuits of High-Order RSC Converter

2.4 Summary

References

Chapter 3: Sneak Circuits of DC-DC Converters

3.1 Introduction

3.2 Buck Converter

3.3 Boost Converter

3.4 Buck-Boost Converter

3.5 Sneak Circuit Conditions of Buck, Boost, and Buck-Boost Converters

3.6 Cúk Converter

3.7 Sepic Converter

3.8 Zeta Converter

3.9 Sneak Circuit Conditions of Cúk, Sepic, and Zeta Converters

3.10 Summary

References

Chapter 4: Sneak Circuits of Soft-Switching Converters

4.1 Introduction

4.2 Sneak Circuits of Full-Bridge ZVS PWM Converter

4.3 Sneak Circuits of Buck ZVS Multi-Resonant Converter

4.4 Sneak Circuits of Buck ZVT PWM Converter

4.5 Summary

References

Chapter 5: Sneak Circuits of other Power Electronic Converters

5.1 Introduction

5.2 Sneak Circuits of Z-Source Inverter

5.3 Sneak Circuits of Synchronous DC-DC Converters

5.4 Summary

References

Part Two: Sneak Circuit Path Analysis Methods

Chapter 6: Sneak Circuit Path Analysis Method for Power Electronic Converters

6.1 Introduction

6.2 Basic Concepts

6.3 Sneak Circuit Path Analysis Based on Adjacency Matrix

6.4 Sneak Circuit Path Analysis Based on Connection Matrix

6.5 Sneak Circuit Path Analysis Based on Switching Boolean Matrix

6.6 Comparison of Three Sneak Circuit Path Analysis Methods

6.7 Summary

References

Chapter 7: Sneak Circuit Mode Analysis Method for Power Electronic Converters

7.1 Introduction

7.2 Mesh Combination Analytical Method

7.3 Sneak Operating Unit Analytical Method

7.4 Sneak Circuit Operating Mode Analytical Method

7.5 Results of Sneak Circuit Mode Analysis Method on Cúk Converter

7.6 Summary

References

Part Three: Elimination and Application of Sneak Circuits

Chapter 8: Elimination of Sneak Circuits in Power Electronic Converters

8.1 Introduction

8.2 Sneak Circuit Elimination for RSC Converters

8.3 Sneak Circuit Elimination for Z-Source Inverter

8.4 Sneak Circuit Elimination for Buck ZVT PWM Converter

8.5 Summary

References

Chapter 9: Application of Sneak Circuits in Power Electronic Converters

9.1 Introduction

9.2 Improvement of Power Electronic Converter Based on Sneak Circuits

9.3 Reconstruction of Power Electronic Converter Based on Sneak Circuits

9.4 New Functions of Power Electronic Converter Based on Sneak Circuits

9.5 Fault Analysis of Power Electronic Converter Based on Sneak Circuits

9.6 Summary

References

Index

End User License Agreement

Pages

xi

xiii

xiv

xv

xvii

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

102

101

103

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

132

131

133

134

135

136

137

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

199

200

201

202

203

204

205

206

207

208

209

210

211

212

214

213

215

216

217

218

219

220

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

277

278

279

280

281

282

283

Guide

Cover

Table of Contents

Preface

Begin Reading

List of Illustrations

Figure 1.1

Figure 1.2

Figure 1.3

Figure 1.4

Figure 1.5

Figure 1.6

Figure 2.1

Figure 2.2

Figure 2.3

Figure 2.4

Figure 2.5

Figure 2.6

Figure 2.7

Figure 2.8

Figure 2.9

Figure 2.10

Figure 2.11

Figure 2.12

Figure 2.13

Figure 2.14

Figure 2.15

Figure 2.16

Figure 2.17

Figure 2.18

Figure 2.19

Figure 2.20

Figure 2.21

Figure 2.22

Figure 2.23

Figure 2.24

Figure 2.25

Figure 2.26

Figure 2.27

Figure 2.28

Figure 2.29

Figure 2.30

Figure 2.31

Figure 2.32

Figure 2.33

Figure 3.1

Figure 3.2

Figure 3.3

Figure 3.4

Figure 3.5

Figure 3.6

Figure 3.7

Figure 3.8

Figure 3.9

Figure 3.10

Figure 3.11

Figure 3.12

Figure 3.13

Figure 3.14

Figure 3.15

Figure 3.16

Figure 3.17

Figure 3.18

Figure 3.19

Figure 3.20

Figure 3.21

Figure 3.22

Figure 3.23

Figure 3.24

Figure 3.25

Figure 3.26

Figure 3.27

Figure 3.28

Figure 3.29

Figure 3.30

Figure 3.31

Figure 3.32

Figure 3.33

Figure 3.34

Figure 3.35

Figure 3.36

Figure 3.37

Figure 4.1

Figure 4.2

Figure 4.3

Figure 4.4

Figure 4.5

Figure 4.6

Figure 4.7

Figure 4.8

Figure 4.9

Figure 4.10

Figure 4.11

Figure 4.12

Figure 4.13

Figure 4.14

Figure 4.15

Figure 4.16

Figure 4.17

Figure 4.18

Figure 4.19

Figure 4.20

Figure 4.21

Figure 4.22

Figure 4.23

Figure 4.24

Figure 4.25

Figure 4.26

Figure 4.27

Figure 4.28

Figure 5.1

Figure 5.2

Figure 5.3

Figure 5.4

Figure 5.5

Figure 5.6

Figure 5.7

Figure 5.8

Figure 5.9

Figure 5.10

Figure 5.11

Figure 5.12

Figure 5.13

Figure 5.14

Figure 5.15

Figure 5.16

Figure 5.17

Figure 6.1

Figure 6.2

Figure 6.3

Figure 6.4

Figure 6.5

Figure 6.6

Figure 6.7

Figure 6.8

Figure 6.9

Figure 6.10

Figure 6.11

Figure 6.12

Figure 6.13

Figure 6.14

Figure 6.15

Figure 6.16

Figure 6.17

Figure 6.18

Figure 6.19

Figure 6.20

Figure 6.21

Figure 7.1

Figure 7.4

Figure 7.2

Figure 7.3

Figure 7.5

Figure 7.6

Figure 7.7

Figure 7.9

Figure 7.8

Figure 7.10

Figure 7.11

Figure 7.12

Figure 8.1

Figure 8.2

Figure 8.3

Figure 8.4

Figure 8.5

Figure 8.6

Figure 8.7

Figure 8.8

Figure 8.9

Figure 8.10

Figure 8.11

Figure 8.12

Figure 9.1

Figure 9.2

Figure 9.3

Figure 9.4

Figure 9.5

Figure 9.6

Figure 9.7

Figure 9.8

Figure 9.9

Figure 9.10

Figure 9.11

Figure 9.12

Figure 9.13

Figure 9.14

List of Tables

Table 2.1

Table 2.2

Table 3.1

Table 3.2

Table 4.1

Table 7.1

Table 7.2

Table 7.3

Table 7.4

Table 7.5

Table 8.1

Table 8.2

Table 9.1

Table 9.2

Table 9.3

SNEAK CIRCUITS OF POWER ELECTRONIC CONVERTERS

This edition first published 2015

© 2015 John Wiley & Sons Singapore Pte. Ltd.

Registered office

John Wiley & Sons Singapore Pte. Ltd., 1 Fusionopolis Walk, #07-01 Solaris South Tower, Singapore 138628.

For details of our global editorial offices, for customer services and for information about how to apply for permission to reuse the copyright material in this book please see our website at www.wiley.com.

All Rights Reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as expressly permitted by law, without either the prior written permission of the Publisher, or authorization through payment of the appropriate photocopy fee to the Copyright Clearance Center. Requests for permission should be addressed to the Publisher, John Wiley & Sons Singapore Pte. Ltd., 1 Fusionopolis Walk, #07-01 Solaris South Tower, Singapore 138628, tel: 65-66438000, fax: 65-66438008, email: [email protected].

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.

Designations used by companies to distinguish their products are often claimed as trademarks. All brand names and product names used in this book are trade names, service marks, trademarks or registered trademarks of their respective owners. The Publisher is not associated with any product or vendor mentioned in this book. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold on the understanding that the Publisher is not engaged in rendering professional services. If professional advice or other expert assistance is required, the services of a competent professional should be sought.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. It is sold on the understanding that the publisher is not engaged in rendering professional services and neither the publisher nor the author shall be liable for damages arising herefrom. If professional advice or other expert assistance is required, the services of a competent professional should be sought.

Library of Congress Cataloging-in-Publication Data

Zhang, Bo, 1962–

Sneak circuits of power electronic converters / Bo Zhang, Dongyuan Qiu.— First edition.

pages cm

Includes bibliographical references and index.

ISBN 978-1-118-37994-3 (hardback)

1. Electric current converters. I. Qiu, Dongyuan. II. Title.

TK7872.C8Z4335 2014

621.31'3— dc23

2014022265

About the Authors

Dr. Bo Zhang was born in Shanghai, China, in 1962. He received a BS degree in Electrical Engineering from Zhejiang University, Hangzhou, China, in 1982, a MS degree in Power Electronics from Southwest Jiaotong University, Chengdu, China, in 1988, and a PhD degree in Power Electronics from Nanjing University of Aeronautics and Astronautics, Nanjing, China, in 1994.

He is currently a Professor and the Vice Dean with the School of Electric Power, South China University of Technology, Guangzhou, China. He has authored or co-authored more than 350 papers and 17 patents. His current research interests include nonlinear analysis and control of power electronics and ac drives.

Dr. Dongyuan Qiu was born in Guangzhou, China, in 1972. She received BSc and MSc degrees from the South China University of Technology, Guangzhou, China, in 1994 and 1997, respectively, and a PhD degree from the City University of Hong Kong, Kowloon, Hong Kong, in 2002.

She is currently a Professor with the School of Electric Power, South China University of Technology, Guangzhou, China. Her main research interests include design and control of power converters, fault diagnosis, and sneak circuit analysis of power electronics.

Preface

The so-called ‘Sneak Circuit’ is defined as an unexpected path or operational status in an electric or electronic circuit due to the limitation or oversight in design. Such sneak circuit can be triggered to operate under certain conditions. Whenever the unwanted or unintended operation corresponding to the sneak circuit emerges, the desired functions are likely to be degraded or inhibited. Undoubtedly, the phenomenon of sneak circuit also exists in power electronic converters, which are artificially designed to convert electric energy. In fact, sneak circuits in power electronic converters are not uncommon. For example, the discontinuous-conduction mode (DCM) in DC-DC converters is a type of sneak circuit corresponding to its continuous-conduction mode (CCM) counterpart, and vice versa.

However, the phenomenon of sneak circuit was not well-known in the past, largely due to unawareness of their conception in power electronics. In recent decades, power electronics has undergone intense development in many areas of technology. Better functionality, safety, and reliability of the power electronic system have become increasingly important in the present application of power electronics. In view of catastrophic results, which might be caused by the operation of a sneak circuit under certain conditions, it is necessary for power electronic engineers to understand thoroughly the sneak circuit in power electronic converters designed under all possible practical conditions.

The authors' understanding of sneak circuits in power electronic converters came from an accidental experiment on the basic step-down RSC (resonant switched capacitor) converter early in 2004. In that experiment, the control strategy for switches was not changed and only some parameters (i.e., the switching frequency, the load, and the input voltage) were adjusted. It was surprising to observe that the converter changed its status from four normal operating stages to six operating stages, and the adjusting process was completely reversible. Such an observation implied that two unexpected or undersigned operating stages had appeared.

Moreover, when the converter worked in six operating stages, we observed obvious hazards of sneak circuit operation in a basic step-down RSC converter, including decrease in the output voltage and increase in the stress of the inductor current and switched capacitor voltage. Apparently, the six operating stages we observed were an example of a sneak circuit in a basic step-down RSC converter. It could be considered as the starting point of our study on sneak circuits in power electronic converters, and this book is a periodic summary of our research achievements in this field over the past ten years.

We begin in Chapter 1 as an introduction of sneak circuit, outlining moves onto power electronic converters on sneak circuit phenomena, and an overview of definition, history, and analysis methods for sneak circuits. The following chapters are divided into three parts. The first part, consisting of Chapters 2 to 5, mainly describes sneak circuit phenomena in some typical power electronic converters. In Chapter 2, we present sneak circuit phenomena in families of RSC converters, and derive their expression of output voltage and operational conditions as they were first discovered. In Chapter 3, based on the summary and analysis of CCM and DCM of Buck, Boost, Buck-Boost, Cúk, Sepic, and Zeta DC-DC converters, we argue that DCM can be regarded as a sneak circuit in terms of the definition of these phenomena. In this way, the in-depth understanding on the physical mechanism of the DCM is presented from the viewpoint of a sneak circuit. In Chapter 4, we discuss some sneak circuit phenomena in soft-switching converters, specifically taking the full-bridge ZVS PWM converter, the Buck ZVS multi-resonant converter, and the Buck ZVT PWM converter as examples. The purpose of this chapter is to illustrate that sneak circuit phenomena are more complex and abundant in soft-switching converters due to the existence of the resonant tank. The sneak circuit here must be eliminated, otherwise it will give rise to unpredicted effects on the converters. In Chapter 5, we consider two novel power electronic converters, that is, the Z-source inverter and the synchronous rectifier DC-DC converter. The detailed investigations on these two converters further demonstrate that sneak circuit phenomena inevitably exist in a large number of power electronic converters under certain conditions.

The second part includes Chapters 6 and 7, where we propose some analysis methods, which are used to investigate sneak circuit phenomena in power electronic converters. In Chapter 6, we use graph theory to study sneak circuit paths. Firstly, the adjacency matrix, connection matrix, and switching Boolean matrix are respectively employed to find all circuit paths in the converters. Then, we identify the sneak circuit paths according to the operating principle of power electronic converters. In Chapter 7, we suggest a systematic method for discovering the sneak circuit phenomena in power electronic converters, which is essentially a method of mode analysis of the sneak circuit and can be taken as the complement of Chapter 6.

Chapters 8 and 9 are the last part of this book. In these two chapters, we focus on the guidelines concerning elimination and application of sneak circuits in power electronic converters. In order to eliminate the sneak circuit in power electronic converters, we propose two methods in Chapter 8. One method is to restrict the parameter variation of the converter so that the sneak circuit cannot become active, whereas the other method completely cuts off the circuit path corresponding to the sneak circuit. Since the aim of understanding the sneak circuit is to fully utilize it, this issue is addressed in Chapter 9, where we demonstrate the utilization of a sneak circuit to achieve performance improvement, topological reconfiguration, new function, and fault diagnosis of power electronic converters with specific examples.

We hope this book will help researchers and engineers in power electronics and other related industrial fields to understand that sneak circuits definitely exist in power electronic systems, and further guide them to carry out analysis on the sneak circuit to improve the reliability of power electronic systems at the design stage.

Bo Zhang and Dongyuan QiuSouth China University of TechnologyGuangzhou in ChinaOctober 2013

Acknowledgments

For the successful completion of this book, we are indebted to a number of people, institutions, and organizations. First of all, we must thank the National Natural Science Foundation of China (NSFC) for funding our research work in this field. When we first found and confirmed the existence of sneak circuit phenomena in power electronic converters early in 2004, the NSFC immediately funded our research work in 2005 (No. 50507004). Then we successively obtained funding from the NSFC (No. 50937001 and No. 51277079) to support our research in this subject. In addition, we also obtained funding from the Natural Science Foundation of Guangdong Province (No. 8251064101000014), the National High Technology Research and Development Program of China (No. 2007AA05Z299), and the National Key Technology Support Program (No. 2008BAF34B09). There is no doubt that this book would not have come about without the support of these organizations.

We would also like to thank our former graduate students, Chunfang Zheng, Jianyuan Li, Wenjuan Tu, Lili Qu, Yi Mei, Li Zhang, Yu Dai, Genyun Yi, and Bin Liu, not only for their wonderful work in verifying our conjecture on sneak circuits in power electronic converters, but also for their inquiring minds, which have prompted us to pay attention to many important but easily overlooked problems.

Last, but by no means least, we wish to express our sincere appreciation to the editors of this book, Clarissa Lim and Mingxin Hou, and the staff of John Wiley & Sons for their professional and enthusiastic support of this project.

Chapter 1Sneak Circuit and Power Electronic Systems

1.1 Reliability of Power Electronic Systems

Power electronics has already found an important place in modern technology, because it helps to meet the demands of energy, particularly in electrical form and efficient use of electricity. Application of power electronics is expanding exponentially in many areas, from computer power supply to industrial motor control, transportation, energy storage, electric power transmission, and distribution. Nowadays, over 70% of electrical loads are supplied through power electronic systems in the United States and Europe, and almost all electrical and electro-mechanical equipment contains power electronic circuits and/or systems. In the next 5 years, renewable energy systems (wind and solar, etc.) will show a sharp increase throughout the world, the needs of power electronic systems grow rapidly as a result. Therefore, the reliability of these systems should be a concern in its fundamental place in energy conversion and management.

A basic concept in reliability engineering is that part failure may cause system failure, and preventing part failure is effective in preventing system failure. Likewise, in power electronic systems, it is found that many system failures do result from component failures. The main factor affecting reliability at part level is the electrical and thermal stress of a component, such as device voltage, current, temperature, or temperature rise due to power dissipation, since the failure rate of the components will double with a 10°C increase in temperature. In order to achieve good reliability, system designers always apply effective reliability assurance techniques, for example, component derating, and thermal and electrical stress analysis, to manage the levels of component voltage, current, and power dissipation, and keep them well within rating limits.

However, not all system failures are caused by component failure. In some situations, no part has failed, yet the system performs improperly or initiates an undesired function. For example, an inadvertent launching of the Redstone rocket on 21 November 1961 resulted from an undetected design error in the electrical path. Such events may cause hazardous and even tragic consequences, which have been proven by many serious accidents in aerospace, navy, nuclear, and military industries in the last century.

A significant cause of such unintended events is named “sneak circuit,” which is the unexpected electrical path or logic flow that can produce an undesired result under certain conditions [1]. Opposed to component failure, a sneak circuit happens without any physical failure in the system, causing an undesired effect in that system, although all parts are working within design specifications.

It is well established in reliability engineering that the more parts there are in a system, the more likely it is to fail. Complexity is considered as the main factor that causes sneak circuit, because it is difficult for the designers to have a complete view of the detailed interrelationship between components and functions in a complex system. As a consequence, sneak circuits may exist in a complex system, and produce undesired results or even prevent intended functions from occurring under certain conditions.

Nowadays, power electronic systems are being designed and manufactured with increased complexity to satisfy specific functions. Similar to other systems, the sneak circuit will affect the reliability of the power electronic system as well as part failure. Therefore, sneak circuit situations in different kinds of power electronic converters should be investigated and identified, which will have a positive impact on the reliability of the power electronic system.

1.2 Sneak Circuit

1.2.1 Definition of Sneak Circuit

A sneak circuit is a designed-in current path or signal flow within a system, which inhibits desired functions or causes unwanted functions to occur without a component having failed. Sneak circuits are not the result of component failures, electrostatic, electromagnetic or leakage factors, marginal parametric factors or slightly out-of-tolerance conditions. They are present but not always active conditions inadvertently designed into the system, coded into the software program, or triggered by human error [2].

Based on the definition of a sneak circuit, the sneak conditions may consist of hardware, software, operator actions, or any combinations of these elements. Thus, sneak circuits are a family of design problems, which includes four categories as follows [1]:

Sneak path

:

unexpected path along which current, energy, or logic sequence flows by an unintended route, resulting in unwanted functions or inhibiting a desired function.

Sneak timing

:

events occurring in an unexpected or conflicting hardware or logic sequence, which may cause or prevent activation or inhibition of a function at an unexpected time.

Sneak indication

:

ambiguous or false display of system operating status that may cause the system or operator to take an undesired action.

Sneak label

:

incorrect or imprecise nomenclature or instructions on system inputs, controls, displays, or buses, which may cause the operator to apply an incorrect stimulus to the system.

1.2.2 Examples of Sneak Circuits

Since the 1960s, many accidents in aerospace, navy, nuclear, military, and modern weapon systems, which caused hazardous and even tragic outcomes, have been found to be the result of sneak circuits. In addition, sneak circuits have also existed in household wiring and automobile electrical systems, which did not perform an intended function or initiated an undesired function. Some examples will be introduced in the following section to explain different types of sneak circuits.

1.2.2.1 Automobile Electrical System

Figure 1.1 shows an example of sneak path found in a mid-1960s automobile electrical circuit [1]. The circuitry design meets the electrical system specification, for example, when the ignition switch is on, power is supplied from the battery to the radio, and if the brake switch is closed, the brake lights receive power from the battery. Also, if the hazard switch (pedal) is on and the ignition switch is off, power will be supplied from the battery to the flasher module causing the brake lights to flash. In summary, all of the design intent had been satisfied.

Figure 1.1 An automobile electrical system [1]

However, a problem with this circuit design remains hidden. Assuming that the ignition switch is set to “off,” the radio is switched to “on” and the hazard switch is enabled, if the brake pedal is depressed, power will be applied to turn the radio on with each flash of the brake lights. The cause of this unintended behavior, a sneak path, is highlighted in Figure 1.1. It is the brake switch (pedal) that provides a current path to the radio and places the radio parallel with the brake lights. In this case, the consequences of the sneak path are not severe; children left in the car by their parents could listen to the radio slowly draining the battery.

1.2.2.2 Household Wiring System

A popular household wiring system in Western European is shown in Figure 1.2a, which is a three-phase 127 V/50 Hz system with an approximately balanced load and no neutral return wire. All devices or appliances are connected between lines and operate at 220 V [3]. If the fuse of phase B blows, a sneak path will appear as in Figure 1.2b, leaving devices in line A–B in series with those in line B–C across 220 V line A–C. Then the lamps on circuit A–B will dim if lamps or bath heater on circuit B–C is on and refrigerator operates erratically when the bath heater is on. Though all devices on circuit A–C work normally as before, phase B has no load, and phases A and C have overload, which will cause the distribution transformer to overheat.

Figure 1.2A household wiring system [3]: (a) normal operating state; and (b) state with broken fuse

1.2.2.3 A Sudden Acceleration Incident

In one kind of US police van, shown in Figure 1.3, the code 3 control switch activates a roof-mounted blue-light bar and causes brake lights and backup lights to pulse alternately at about 2.4 Hz. Diode (D) is used to prevent brake pedal switch from activating the blue-light bar via an alternating flasher relay. On 4 December 1998, an apparent police van shift lock failure combined with suspected misapplication of the accelerator rather than the brake resulted in sudden acceleration, the death of two pedestrians, and injury of nine [4]. It is found that closing code 3 control switch provides a pulsing path (sneak path) through flasher relay and diode D to disengage the shift lock, allowing the vehicle operator to shift into gear while applying the accelerator rather than the brake.

Figure 1.3 Part of control circuit in a police van [3]

1.2.2.4 Redstone Rocket Launch Failure

Figure 1.4a shows the Mercury booster firing circuit of the Redstone rocket [3]. In order to satisfy the launching requirements, the motor is ignited by the on-board fire switch, annunciated by the ignition indicator light through an umbilicus, and the motor ignition coil latches to the on-board power supply (28 V). The on-board motor cutoff coil is energized by an on-board abort switch and latched to the on-board power supply. The abort prior to liftoff is enabled by the pad abort switch and the umbilical connector and tail ground connector are separate for liftoff breakaway. The Redstone rocket had launched successfully 60 times until 21 November 1961. On that day, the Redstone motor fired and began liftoff. After “flight” of a few inches, the motor cut off and the vehicle settled back on the pad. The Mercury capsule jettisoned and impacted 1200 ft away. The rocket was not allowed to be approached until the batteries had been drained down and liquid oxygen evaporated. Fortunately, damage was slight; booster and Mercury capsule were reused later.

Figure 1.4The Redstone booster firing circuit [3]; (a) schematics; and (b) sneak circuit path

This launch failure occurred due to the tail ground connector breaking away 29 ms prior to umbilicus separation, which meant that it was an incident caused by sneak timing. The tail ground connector was disconnected earlier than expected, leaving a current path, as shown in Figure 1.4b, for excitation of the motor cutoff coil through the ignition indicator light and suppressor diode, then the rocket landed back onto its launch pad after lifting just a few inches.

1.2.2.5 Three Mile Island Accident

On 28 March 1979, at the Three Mile Island (TIM) nuclear power plant in the USA, a relief valve solenoid excitation was interpreted as valve position, which resulted in destroying the TIM-2 reactor.

The structure of the TIM-2 reactor is shown in Figure 1.5. The accident involved a relatively minor malfunction in the secondary cooling circuit, which caused the temperature in the primary coolant to rise. This in turn caused the reactor to shut down automatically. Within seconds of shutdown, the pilot-operated relief valve (PORV) on the reactor cooling system opened as intended, and at about 10 seconds later it should have closed. But it failed to close and the instrumentation did not indicate the valve's actual position. The operators believed that the relief valve had shut because instruments showed that a “close” signal was sent to the valve. As the valve remained open, so much of the primary coolant drained away that the residual decay heat in the reactor core was not removed and part of the core was melted in the #2 reactor. The core suffered severe damage as a result. Sneak indication has been proved to be the root cause of this accident [6].

Figure 1.5 The #2 reactor of the Three Mile Island nuclear power plant [5]. (Source: Reproduced by permission of World Nuclear Association.)

1.2.2.6 Morgantown Rapid Transit System

The Morgantown Personal Rapid Transit (PRT) system is a one-of-a-kind people mover system in Morgantown, West Virginia, USA. This system entered operation in 1975 and has operated continually with 98% reliability for over 40 years. Even in such a highly reliable system, a sneak label problem was found [6]. As shown in Figure 1.6, a ganged switch S1, which connected both battery and critical system to the bus, was only labeled as “Battery Disconnect.” When the operator disconnected the battery from the bus by turning off switch S1, the critical system was de-energized at the same time.

Figure 1.6 An example of a sneak label

1.2.3 Basic Causes of Sneak Circuit

As mentioned above, a sneak circuit is an unintended system path (e.g., wiring, tubing, software interfaces, operator actions, instrumentation, mechanical interlocks) or a latent condition (e.g., timing incompatibility), which is inadvertently introduced into the system. The principle causes of sneak circuits are system complexity, system changes, and user operations [1]:

System complexity

:

A complex hardware or software system normally requires numerous human interfaces between subsystems that may obscure intended functions or produce unintended functions. Under typical conditions of system design, it is difficult to ensure the understanding of subsystem interactions so completely that no possible variation in the flow of energy or logic, or in the actions of system operators, can fail to be noticed.

System changes

:

The effects of even minor wiring or software changes to subsystems may be undesired system operations. Because of subsystem interaction, a “fix” or corrective action that seems only minor and of local significance may produce changes in system functions that could not reasonably have been anticipated at the design stage.

User operations

:

A system that is relatively sneak-free can avoid desired functions, or generate undesired functions if the user employs improper operating methods or procedures. The cause could be simple human error on the part of the operator or inaccurate information supplied to that operator, for example, by a false indicator display or by an incorrectly labeled control.

With respect to all of these types of causes, complexity is the most common factor that will cause the sneak circuit. However, even a simple system may have sneak circuits as well as the complex one. When systems become more complex, the probability of overlooking potentially undesirable conditions or creating sneak circuits is increased proportionately.

1.3 Sneak Circuit Analysis

1.3.1 Definition of Sneak Circuit Analysis

Sneak circuit analysis (SCA) is a generic term for a group of safety analytical techniques employed to methodically identify sneak circuits in systems, which can lead to anomalous behavior of the system [1, 7]. As described in the last section, a sneak circuit can be caused by inadvertent activation of signals, or the inhibition of signals when they are required to be activated. It can also be caused by the operator controlling the system inappropriately, or wrong information set by the system, such as incorrectly labeled controls or indicators. Therefore, SCA does not look specifically at the effects of component failures, but rather is concerned with the potential effects of latent path or logic flow that may exist in the hardware or software, in operator actions, or in some combination of these elements.

1.3.2 History of Sneak Circuit Analysis

In the past, sneak circuits were often discovered after the unintended effect had been observed in the actual system operation. Detection at this stage in the life cycle not only results in exposing the possibly serious operational effects of the sneak circuit, but may also require a significant expenditure of time and money to correct the problem and to retrofit the existing system. For these reasons, SCA should be developed to assist in the detection of sneak circuit early in system development.

Boeing were the first to develop SCA in the late 1960s, when they were commissioned by the National Aeronautics and Space Administration (NASA) to work on the Apollo and Skylab systems, in order to identify the designed-in conditions that could inhibit desired system functions or lead to catastrophic or otherwise financially costly incidents, such as the Redstone rocket launch failure. At that time, SCA was applied to purely electric circuits, which consisted mainly of discrete components such as relays, resistors, diodes, and vacuum tubes, and so on. Later, SCA was developed further by Boeing to cover computer software and complex designs that integrate hardware and software.

A company named Independent Design Analyses (IDA) has further developed a SCA technique since 1994, and used it to analyze Programmable Logic Devices (PLDs), Complex Programmable Logic Devices (CPLDs), and Application Specific Integrated Circuits (ASICs), and also applied it to software such as Sneak Software Analysis (SSWA). In 1997, the European Space Agency (ESA) published a procedure for implementing SCA, which specifically covered the application of SCA to both hardware and software. It not only described the basic SCA procedure but also included a process which used the application of “clues” directly to components, to ensure that good design practices had been used throughout the system [8].

1.3.3 Methods of Sneak Circuit Analysis

SCA has been used extensively over the last 50 years as a safety analysis technique to verify the functionality of safety critical systems, and to remove any sneak paths that may have been inadvertently designed into the system. It has been used in various applications of differing complexity and make-up, from early electric circuits involving just discrete components, through analysis of software, to systems combining both software and complex integrated circuits. Among the currently available SCA methods, sneak path analysis, digital SCA, and software sneak path analysis have proved to be particularly useful [1].

Sneak path analysis

:

Sneak path analysis is a methodical evaluation of all possible electrical paths in a hardware system, which is used primarily to detect sneak circuits in electrical circuits.

The sneak path analysis process consists of the following steps:

design elements, such as switches, diodes, and resistors, are converted into data inputs;

computer runs path finding programs to identify all possible continuities for each operating mode of interest; and

the program outputs are used to employ recognition of topological or functional patterns, with the aid of a rule base (i.e., sneak clues) derived from previous sneak circuit analyses.

Digital sneak circuit analysis

:

Digital SCA is performed on networks composed of digital functional modules, in which the elements of interest include logic gates, registers, flip-flops, and timers. Unlike sneak path analysis, which seeks to identify undesired paths in hard-wired circuits, digital SCA is concerned primarily with logic errors and inconsistencies, timing races, improper operating modes, and unintended switching patterns.

Software sneak path analysis

:

Software sneak path analysis examines computer program logic flows through an adaptation of the method used in sneak path analysis of hardware systems. Experience has shown that program flow diagrams containing sneak paths often exhibit similar characteristics.

SCA can be realized by the computer automatically, regardless of which SCA method is performed, and the requirement of collection, processing, and evaluation of detailed system design information is common [9]. The SCA results may be used to support the activities of a variety of system functions, but its most important use is to aid in the improvement of design reliability prior to product manufacture and test.

1.3.4 Benefits of Sneak Circuit Analysis

SCA aims to identify the latent conditions within a system during the design process, thus SCA can benefit a system in the following ways [1].

Detection of potentially serious system problems

:

The major benefit of SCA results from the careful examination of a system for problems such as undesired and unintended current or logic paths, out-of-sequence events, false displays, and incorrect function labels. Identification of such anomalies is not the normal result of other analysis methods; generally, it is a unique output of SCA.

Discovery of design oversights

:

An SCA requires a detailed listing of components, connections, and timing sequences as well as current and signal flows, which gives a good chance of uncovering “design concerns” or possible design oversights. Examples of the types of concerns identified from an SCA, or from further investigation are part over-stressing, single failure point, unnecessary or unusual circuitry or components, lack of transient protection, and component misapplications.

Discovery of documentation errors

:

The detailed examination of system interfaces and circuitry required by SCA has, in many cases, uncovered drawing and documentation errors that might otherwise have escaped notice until a later stage of the development process.

Reduction in system-change costs

: