# Is it possible to detect mosfet failure?

#### kiler129

Aug 10, 2011
6
Hi everyone!
Currently Im building a Segway clone and after analysis of many project over the internet I have one conclusion - many of that projects are not so safe.
Most safe and well build is Zzag.org project but there is still no redundancy (even on strategical components like mosfets).
Project is splited into two PCBs - one with CPU etc and second with mosfets and its drivers; so I plan to have one logic board and two identical boards with drivers&mosfets (chance for cpu and watchdog failure is marginal).

So heres the question - is it possible to fast detect (max 10-12ms) failure of one of four mosfets and switch to another pair?
In my opinion switching should be done using standard transistors on data lines and relays on "power" lines.

p.s. Sry for my language - my native one is Polish

#### climatex

Jul 14, 2011
37
Why don't you build a real circuit with proper FETs that will work below their maximum ratings ... ?

"Nice" logic you're using. Smart as in throwing money, for which you bought the FETs, in the sewer.

#### kiler129

Aug 10, 2011
6
What do you mean by proper circuit?
My motors can eat up to 30 amps peak and 21-22 amps in normal operation, I plan to use 169A mosfets for each motor (I forget the model at this moment).
Ofc every channel is secured by fast diode but there are few confirmed cases when mosfets still explodes and driver hit the ground

#### duke37

Jan 9, 2011
5,364
There is a whole science dealing with reliability and risk. Do you have two or four engines on an aircraft? There has been a shift from eight to four to three to two.

Adding a change over circuit will add unreliabiliy and, if the first circuit failed, would the second circuit survive. It would be better to find what caused problems in the past and then to improve the system in this area or, preferably, eliminate it.

#### kiler129

Aug 10, 2011
6
@up: so you think redundancy is bad?
If we are talking about aircrafts - ofc theres is no double engines but cables, sensors and other circuits always have backup one.

Im absolutely agree with you about safety and desing which minimize failure chance but why not to add second one if first fail? If first one fail and I switch to second one and give beep user for sure reduce speed, drive to destination and think how to repair it.

#### duke37

Jan 9, 2011
5,364
Redundancy is good but if you have two sensors that do not agree, what do you do? In some cases, three inputs are used and a vote is taken on which of the two of the three match best. Then, how reliable is the voting system?

In your case, perhaps the fets failed due to over current caused by a wheel bearing seizing. Switching to a second circuit would not help. The solution here would be to add another wheel or two to stop tip over, this has been done.

My experience with relays has not been good, I would not include them in a safety critical application. Years ago I was involved with adding microswitches to the safety system on an x-ray set. These were condemned by the health and safety inspectorate since they could stick in the danger position. Its just that a lot of thought is needed me dook.

#### poor mystic

Apr 8, 2011
1,074
What about putting silicon fuses in line with the fets?

#### climatex

Jul 14, 2011
37
As I used to say, fuses will always blow up at the very end.

Get a twenty volt Zener with anode on ground, cathode on gate; add an RC protecting circuit (with a fast diode, if needed) and use adequate heatsinks combined with active cooling, if needed. You might as well say goodbye to the destruction of your mosfets if you follow this.

#### kiler129

Aug 10, 2011
6
Thanks guys for constructive criticism and good tips how to secure it right.

@climatex - can you sketch a sample schematic for that or could you give me a dork to google how to find some about this?
btw. In my opinion active cooling - if you mean fan - is useless here if I use whole (metal) case of segway as heatsink

#### poor mystic

Apr 8, 2011
1,074
That sounds like a pretty good result. Great post from climatex.
Just the same, I have seen silicon fuses protect triacs from lightning strike.

#### kiler129

Aug 10, 2011
6
@poor mystic - yeah, fuses are good for general failures when cutting power off helps. In this case cutting power is worst case

#### BobK

Jan 5, 2010
7,682
I did a search on homemade Segway's. One guy who designed and built his own mentioned that he used mosfets with a higher current rating than the battery could supply. That, coupled with the gate protection already proposed should pretty much cover it.

Bob

#### kiler129

Aug 10, 2011
6
@BobK - hmm its good idea. I plan to use 2x12V/20Ah bats to get 24V and 1-2h of riding so maybe 2x169A mosfet will be enough - short-circuit current for these batteries is around 170Amps.

#### climatex

Jul 14, 2011
37
@climatex - can you sketch a sample schematic for that or could you give me a dork to google how to find some about this?

I'm sure this forum is full of professionals, less "obnoxious" than me, ey, who are ready to help you with a friendly advice. But your question was unanswered to this date, so, maybe not.

Good luck blowing up diodes, bipolars, MOSFETs and other semiconductors, folks. Just don't use anything over 12 volts or even dare to suggest efficient circuits than the pre-approved ones, or you will be asked to f**k off nicely; then combined with a ban. Like if the staff here have eaten the whole wisdom of this world. Sadly, even the site administrator didn't trouble himself with answering to my complaints about mod abuse, which is fairly prevalent here. I believe being polite here is just not enough, so I think I'm just not welcome.

In conclusion, this is my last post here. I have now left the building.

#### (*steve*)

##### ¡sǝpodᴉʇuɐ ǝɥʇ ɹɐǝɥd
Moderator
Jan 21, 2010
25,505
In case anyone is wondering, I have just permanently banned Climatex.

The moderators don't claim to know everything, but we do know that a little knowledge can be dangerous, and that appropriate warnings are good practice.

Having said that, let's try to assist with this problem.

The first thing to note is that there are a number of mosfets that have rated current carrying capacities in excess of the current carrying capacity of the leads of the package! From memory the legs of a TO-220 device will melt at about 60A, so a TO-220 device with a maximum current in excess of this is unlikely to be carrying that amount of current for any length of time. I may be wrong about the 60A figure, but it's around this.

Massive overrating of the mosfets is good insurance, but you also need to ensure that you have good protection from inductive transients, and this will require diodes with fast responses and similar current carrying capacity. In fact, due to their higher voltage drop, the peak power dissipation in these diodes may well be much higher than the mosfets. Failure of these diodes may cause failure of the mosfets in fairly short order. You probably also need to look at the avalanche rating of the mosfets to see how they will cope if the diodes fail. In some cases the body diodes will *help*, but they are generally very poor diodes (slow) and may not begin to conduct until after the mosfet breaks down.

If your normal voltage is quite low and the current reasonable (say up to 30A) then there are a number of schottky diodes available that are used in switchmode power supplies which could be used in this application. This is especially true if your frequency of operation is not greater than commonly found in SMPS's.

The other thing is to detect failures and try to ensure a safe shutdown prior to catastrophic (for the device or the user) failure. This is all sensors and software.

Also remember that big fat mosfets in parallel will require *huge* gate currents in order to switch quickly. So you're going to have to provide good gate drivers, and you may consider several of these, so that failure of one will not disable ALL the mosfets on that leg.

Depending on how fault tolerant you want to be, you can place mosfets in series as well as parallel so that a failure which causes a mosfet to be always on (either driver issue or drain/source short) will not cripple the device. In this case you'd need at least 3 drivers controlling 6 mosfets. The failure of any one mosfet or driver would not kill the device as long as EACH mosfet was fully capable of operating that leg of the H Bridge.

If you went the route above, and your software detected a mosfet failure, it could shut the device down safely (knowing that the remaining mosfet(s) could operate the device) and then refuse to let it start up again.

Replies
13
Views
778
Replies
17
Views
1K
Replies
3
Views
725
Replies
8
Views
885