Over-temperature Fault Tolerance

one-zero

I am designing a circuit where the Propeller chip is used to monitor many voltages and currents. I want to make the design as fault tolerant as possible. However, it seems by using the Propeller as the central processor, it becomes the weak link. Things I can think of that could go wrong in the Propeller are (1) code goes off into the weeds, (2) supply voltage is too low/high, (3) current draw is too high, (4) temperature is too high. I can handle #1 with a watchdog circuit and #2 and 3 with a separate hardware supervisory circuit. In the event of a fault, my strategy is to power down the circuit and light a fault LED with a separate discrete circuit. That leaves item #4 -over temperature. Does the Propeller have any sort of built in thermal protection or will it keep going up until it fries? Theoretically, there's a good chance the watchdog timer will catch the overtemp condition but it may not happen before the chip is damaged. Ideally, if the temperature goes above a certain threshold, I'd like all I/Os to become inputs which will essentially shut down all activity in the circuit. If there is no internal temperature monitoring and limit threshold, it seems my only option is to use a discrete thermal sensor attached to the top of the chip. Will the Propeller 2 have an internal temperature sensor?

Tracy Allen

You might find something of interest this early thread on Propeller-Temperature-range. Post #25 has this link to an amusing uTube video of Paul Baker running the Prop to the exteme in the Parallax environmental test chamber.

D.P

I think #1 can be overcome with peer code review and sufficient boundary testing, I don't think that prop1 has any weed registers to "run of" to. That video is classic, at 375F we are making french fries no?

LoopyByteloose

In general, the Propeller will run cool. If you were to over-clock it, it would run hot.

The other source of excess heat, and/or electrical stress is loading i/o pins with too much current. While the Propeller i/o can withstand 25ma use on an individual basis for a few pins, the total current load for the Propeller should stay under 300ma. With all 32 i/o in use, that might only work with loads of 8 ma or less.

In other words, if you need to drive a lot of power, use a buffer chip or a MOSfet or a transistor to deliver the power and let the Propeller deliver the control at 5ma or less. In that way, you won't have to worry of thermal stress.

And of course, use the recommended 80Mhz. People have gone up to 125Mhz with good results, but I wonder for how long.

In general, it is the voltage regulators that have thermal protection from excessive loads. Microcontrollers do not usually have internal thermal shutdowns... if they did, we couldn't have all the fun of overclocking. Of course, Intel device are microcomputer CPUs and those do have thermal sensors, maybe even shutdown though some of that is in the motherboard as well.

jmg

one-zero wrote: »

That leaves item #4 -over temperature. Does the Propeller have any sort of built in thermal protection or will it keep going up until it fries? Theoretically, there's a good chance the watchdog timer will catch the overtemp condition but it may not happen before the chip is damaged. Ideally, if the temperature goes above a certain threshold, I'd like all I/Os to become inputs which will essentially shut down all activity in the circuit.

The Prop is not magically suddenly going to operate fine, but needing more current, however there are failure modes you could catch, by simply checking the Icc of the Prop. The temperature will be directly predictable from the Icc.

What Icc Sense gives you, is much earlier warning, and if you are truly failure-mode-paranoid, then you need to cover modes where Icc climbs and the CPU is no longer working (a classic CMOS latch-up scenario).

I recall Alarm companies often specify Power-Removal-Watchdogs for exactly this scenario. A simple reset will not do.
Their watchdogs completely remove Vcc and recycle the power.