Reliability and Safety Software Download
Get a quote
Reliability and Safety Software Demo


 
 
 
 
Reliability Software, Safety and Quality Solutions / Services / Sneak Circuit Analysis

Sneak Circuit Analysis Service

SoHaR is a pioneer in the effort to streamline sneak circuit analysis and reduce the effort and cost involved in a comprehensive analysis. SoHaR has developed a method/algorithm that does not require or even make use of traditional network trees, but rather focuses on circuit components which can conduct current in either direction depending upon the switching state of the circuit thus allowing for sneak paths. This method lends itself to automation which has been implemented in our tool SCAT The automated procedure provides the design engineer or reliability analyst with a simple yet powerful tool for rapidly identifying and correcting sneak paths.  Furthermore, the analyst's task is reduced to evaluating the significance of specific potential sneak paths rather than applying "clue lists" to circuit patterns for identifying the sneak paths. 

Sneak Circuit Analysis - The What and How

Sneak Circuit Analysis is a vital part of the safety assurance of safety-critical electronic and electro-mechanical systems.

Sneak conditions are defined as latent hardware, software, or integrated conditions that may cause unwanted actions or may inhibit a desired function, and are not caused by component failure.  

Sneak Circuit Analysis (SCA) is used in safety-critical systems to identify sneak (or hidden) paths in electronic circuits and electro-mechanical systems that may cause unwanted action or inhibit desired functions. The analysis is aimed at uncovering design flaws that allow for sneak conditions to develop. The sneak circuit analysis technique differs from other system analysis techniques in that it is based on identification of designed-in inadvertent modes of operation and is not based on failed equipment or software.

 SCA is most applicable to circuits that can cause irreversible events. These include: 

  • Systems that control or perform active tasks or functions

  •  Systems that control electrical power and its distribution.

  • Embedded code which controls and times system functions.

 Sneak conditions are classified into four basic types:

  1. Sneak paths - unintended electrical (current) paths within a circuit and its external interfaces.
  2. Sneak timing - unexpected interruption or enabling of a signal due to switch circuit timing problems which may cause or prevent the activation or inhibition of a function at an unexpected time.
  3. Sneak indications - undesired activation or deactivation of an indicator which may cause an ambiguous or false display of system operating conditions.
  4. Sneak labels - incorrect or ambiguous labeling of a switch which may cause operator error through inappropriate control activation.

Typically Sneak Circuit Analysis has been advocated by the defense and aerospace communities and current standards and guidelines include NASA's Sneak Circuit Analysis Guideline for Electromechanical Systems (PD-AP-1314); AIAA's Performance-Based Sneak Circuit Analysis (SCA) Requirements (BSR/ANSI/AIAA S-102.2.5-2xxx); and the older MIL-STD-1543: Reliability Program Requirements for Space and Launch Vehicles.

Sneak Circuit Example

A very simple example of a sneak circuit analysis considers an aircraft cargo door release latch. The normal cargo door control (CARGO OPEN) is powered in series with the GEAR DOWN switch in order to prevent unintended opening of the cargo door in flight.  This is the normal intended use when on ground. Consider now an emergency that requires jettisoning cargo while in flight. For this contingency there is an EMERGENCY CARGO OPEN switch that may be guarded with a safety wire to prevent its unintended operation.

Now lets consider a hypothetical situation that can lead to a sneak circuit: Let's assume that an in-flight emergency occurs and the flight personnel attempt to open the cargo door. Let's consider the case that at first they try the normal CARGO OPEN switch and nothing happens (since the GEAR DOWN switch is open). Then they realize that it is actually necessary to flip the EMERGENCY CARGO OPEN switch. When they do this the cargo door latch is indeed released, permitting the door to be opened. However, because the CARGO OPEN switch was not reopened, this will cause the landing gear to be lowered, not a desired action and one that probably will aggravate the emergency. The condition that permits this undesired lowering of the landing gear to occur when both cargo door switches are closed is a sneak circuit.

 

Figure 1-1  Sneak Circuit in Cargo Door Latching Function

 

Two observations about this sneak circuit apply generally:

1.      Switches or other control elements are operated in an unusual or even prohibited manner

2.      The unintended function (in this example the lowering of the landing gear) is associated with current flow through a circuit element that is opposite to the intended current flow.

The latter of these conditions permits elimination of the sneak circuit by inserting a diode as shown: 

 

 

 Conventional SCA Techniques

The original SCA techniques depended on recognition of circuit patterns or "clues" for the detection of potential sneak circuits.  The most common of these circuit patterns are the H-Pattern, Y-Pattern and Inverted-Y:
 

 


The box symbols represent arbitrary circuit elements; in many cases the individual legs of the patterns include switches. (The CARGO OPEN switch is the middle horizontal leg of an H-pattern).  The inverted Y is also called a ground dome; note that the two bottom legs terminate in different ground levels, such as chassis ground and signal ground.  The Y-pattern is also called a power dome. The two upper legs terminate at different power sources, such as V1 and V2.

To facilitate the recognition of these patterns or clues, the schematic diagrams were redrawn as "network trees", with power sources at the top and grounds at the bottom. In sneak circuit analysis both positive and negative sources will be shown at the top of the figure.  Despite the aid of computers, SCA remained a very expensive and lengthy activity, and it is usually conducted only after the circuit design was frozen to avoid having to repeat it after changes.  However, at this point usually the circuit board or cabling are already in production and it becomes very expensive to fix.  In order to reduce the effort involved in SCA and thus enable its use earlier in the design SoHaR developed (within a USAF Research :Laboratory contract) as technique that would permit SCA to be conducted as part of the design activity. The technique is based on a "bi-path" methodology which focuses on bi-directional paths rather than particular topologies. The technique reduces the effort by an order of magnitude and has allowed for the development of our automated tool, SCAT.

 Editing

Editing is used to eliminate paths that cannot contribute to operation of sensitive elements (elements that can lead to critical actions). Circuits that control squibs or latches usually contain computational, instrumentation, and switching elements.  An example of the integration of these functions is the hypothetical and simplified missile detonation system shown below. The computational elements at the top of the figure establish the conditions for operation of the pre-arm, arm, and detonate switches. The heavy lines constitute the switching elements. The instrumentation functions are shown in the lower part of the figure.  Sneak circuit analysis encompasses only the switching functions; the computational and instrumentation elements are eliminated from the traced paths.

This editing is justified because the connection between the computational elements and the switches (shown as dashed lines in the figure) is non-conducting. In most cases the output of the computational element goes to the gate of a MOSFET while the switching function uses the source-drain path.  The computational elements are typically quite complex and their failure probability is much higher than that of the switching path. Thus safeguards are provided to tolerate the worst failure modes of these devices and sneak circuit analysis of the computational elements is not required.

 

The elimination of the instrumentation functions is justified by the isolation resistors at the connection with the switching function.  The resistance values are typically of the order of 10k ohms. Since the switching voltage is in the 20V - 30V range, the current flow through the isolation resistors cannot exceed a few milli-amperes, while squibs fire only above 1 ampere. In addition to this editing of major blocks, individual elements connected to the switching circuit may have to be eliminated or modified by editing as in the example below of an intentional bi-path through the feedback resistor Rf. This is not a sneak path; its high resistance prevents significant current flow. In part b. of the figure a mechanical connection keeps switches S1 and S2 from being closed at the same time, preventing a power-to-power tie, hence not a sneak path.

 

 


 
 
Customers
OOPS. Your Flash player is missing or outdated.Click here to update your player so you can see this content.