The TLDR: Too busy to read? Here's a quick summary of article The article presents a Failure Mode and Diagnostic Analysis (FMEDA) of the power supply module of an Arduino™ UNO Rev3 to evaluate its design robustness and estimate its lifespan when powered continuously. The results led us to conclude that a component failure affecting the operation of this board's stage is very rare (approximately every 1400 years), while the system's safe failure fraction is approximately 58%. Based on this information, we estimate that the Arduino's power supply stage could qualify for SIL2. We also recommend using the power jack and USB together for the board's supply to minimize the risk of Arduino power interruption.
Having an Arduino is a very good starting point for learning electronics or prototyping. Indeed, the board was designed to provide an inexpensive and easy way for hobbyists, students, and professionals to create devices that interact with their environment using sensors and actuators [1]. Among other things, the simplicity of use of an Arduino is remarkable for its powering options: the board can be supplied by a power jack or directly by the USB port used to program the board.
Although the Arduino power selector stage ensures protection against simultaneous powering, the components of this stage are not spared by wear and construction defaults. In this article, a failure mode and diagnostic analysis (FMEDA) of the power supply module of an Arduino™ UNO Rev3 is presented in order to assess the robustness of its design and estimate its lifetime when being uninterruptedly powered. The following analysis is based on the process industry standard for the functional safety of electrical, electronic, and programmable systems (E/E/PS) systems:
- IEC 62061 for components failure modes;
- SN29500 (Siemens’s standard) for components failure rates;
- IEC 61508 for the application of the above-mentioned standards and the SIL determination.
Powering input specification and modeling
The Arduino™ UNO Rev3 can be powered via:
- the power jack with a [7.00; 12.00] V voltage (datasheet recommended voltage);
- or the USB port with a [4.40; 5.25] V voltage (USB min/max power pin voltage).
When supplied simultaneously by a power jack and USB, the Arduino board will favor the power jack input voltage to supply the board. The selection of the input power is made through the use of the T1 MOSFET and U1 comparator (see figure above).
A 500mA fuse is connected to the USB power pin to protect the board from overcurrent.
A visual indication of the board being powered is given to the user through the lightning of a green light emitting diode (ON LED). The overall system behavior is summed up below:
| Power jack port | Power USB port | +5V voltage | +3.3V voltage | ON diode |
| [7.00; 12.00] V | Disconnected | ~5V | ~3.3V | ON |
| Disconnected | [4.40; 5.25] V | ~5V | ~3.3V | ON |
| [7.00; 12.00] V | [4.40; 5.25] V | ~5V | ~3.3V | ON |
| Disconnected | Disconnected | 0V | 0V | OFF |
The power supply stage of the Arduino™ UNO Rev3 has been modeled and simulated using LTspice®, a SPICE simulation software provided by Analog Devices. The circuit model (see Figure 2) was built from the circuit diagram provided by the Arduino company [3].
Load resistances (Rload_P5V0 and Rload_P3V3) have been added to the +5V and +3.3V output of the circuit to model the impedance of the circuit to which the Arduino power supply stage is connected.
Failure mode effects
The effects of the component failure mode on the system are associated with a criticality (safe or dangerous):
- the safe effects: will result in minor functional default but won’t prevent the Arduino board to work autonomously. For instance, an erroneous indication of the ON diode is not considered as dangerous. Melting of the fuse F1 is considered as safe since it does not prevent the board to be powered (in such a case, the power jack can still be used).
- the dangerous effects: will endanger the integrity of the board and may entail dangerous situations for the user. For instance, the overcurrent of the ON diode or overvoltage of the integrated circuits is considered as dangerous.
In total, a list of 8 effects is tracked:
| System effect | Description (Example of induced treat) | Criticality |
| ON LED stuck off | The ON LED is always off. | Safe |
| ON LED destruction by overcurrent | The ON LED is destroyed by overcurrent (Risk of fire). | Dangerous |
| Fuse melting | The fuse F1 melts because of overcurrent. | Safe |
| +5V output low when board powered | The +5V output of the power supply stage is low when the Arduino board is correctly supplied by Jack or/and USB. | Safe |
| +5V output overvoltage | The +5V output of the power supply stage is too high which may damage the Arduino board. (Risk of fire or destruction of the Arduino board) | Dangerous |
| +3.3V output low when board powered | The +3.3V output of the power supply stage is low when the Arduino board is correctly supplied by Jack or/and USB. | Safe |
| +3.3V output overvoltage | The +3.3V output of the power supply stage is too high which may damage the Arduino board. (Risk of fire or destruction of the Arduino board) | Dangerous |
| 5V voltage regulator (NCP1117) incorrect supply | The NCP1117 voltage regulator is supplied out of its recommended input voltage range [6.50; 12.00] V. (Risk of fire or destruction of the component) | Dangerous |
Failure modes effects and diagnostic analysis
Over the 74 failure possible modes listed for the Arduino’s power supply stage, 40 are found to lead to system effects, among which 12 are considered dangerous. The study of 46 of the failure mode effects was automated, leading to an automation rate of 62%. A view of the FMEDA sheet generated during this study is given in Figure 3 (please contact support@modelwise.ai for the detailed FMEDA result sheet).
Based on the above-cited norm and the provided circuit, a safe failure fraction (SFF) higher than 58% is found for the Arduino power supply stage while the system is expected to fail around every 1375 years as highlighted in the table below:
| Safe Failure Fraction (SFF) | 58.35% | |
| Safety Function Failure Rate [1/h] | 7.90E-08 | FIT: 79 |
| Device Failure Rate [1/h] | 8.30E-08 | FIT: 83 |
| Mean Time Between Failures (MTBF) [h] | 1.20E+07 | 1375 years |
More precisely, we found that the dangerous effects are mostly brought by the failure modes of the fuse (approx. 68%), followed by the 5V voltage regulator (approx. 14%) and the operational amplifier (approx. 7%) as depicted below:
Although the dangerous failure rate of the system (34.6 FIT = (1- SFF)*Device Failure Rate) is good enough to pretend to be the safety integrity level (SIL) of class 3 or 4, its safe failure fraction is too low for such a qualification assuming a hardware fault tolerance (HFT) of 0. Indeed, for a 0 HFT, SIL 3 requires an SFF of at least 90% which leads the Arduino power supply stage to qualify for SIL 2.
Conclusion
The failure modes effects and diagnostic analysis presented in this study aimed at accessing the robustness and lifetime of the Arduino UNO Rev3 power supply stage. The investigation performed in this study aimed at exploring the system’s design assuming single points of failure and helped us to identify the main contributors to dangerous effects. From these results, we were led to the conclusion that a component failure affecting the operation of this board’s stage is very rare (roughly every 1400 years) while the system’s safe failure fraction is approximately 58%. Regarding this information, we estimated that Arduino’s power supply stage could qualify for SIL2.
As visible in Figure 4, the F1 fuse of the system is the most problematic component for the Arduino powering for the slow and fail-to-open failure modes due to overcurrent. To reduce the risk of Arduino powering interruption, we recommend using the power jack and USB conjointly for the board’s supply.
Comments, suggestions? Brickbats, bouquets? Please send your feedback to our editor.
References
[1] Louis, Leo. (2018). Working Principle of Arduino and Using it as a Tool for Study and Research. International Journal of Control, Automation, Communication and Systems.
[2] Arduino.cc. 2021. Arduino – ArduinoBoardUno. [online] Available at: https://www.arduino.cc/en/Main/arduinoBoardUno>[Accessed 5 July 2021].
[3] Arduino.cc. 2021. Arduino UNO Rev3 circuit schematics. [online] Available at: https://docs.arduino.cc/static/c1593a4c4960ff7b51d1083cb8e45812/schematics.pdf [Accessed 5 July 2021].
