Fault detector ("watchdog" review request, take 2)

[sparkydog]

I have a "box" containing a 12V PSU and a bunch of logic that eventually results in three signal wires that are either open-circuit or essentially shorted to the PSU's +12V.

Under normal operation, the signal wires will briefly become "live" (i.e. connected to +12V). If a fault occurs, they will go "live" and stay that way. This circuit is meant to detect if that happens and close the relay K1 to signal the fault. (T2 'GND' connects to the other side of the aforementioned PSU.)

Timing is not super-critical, but it's important that short signal pulses do not close K1. ("Normal operation" pulses should be on the order of 100 ms.) According to simulation, this should "trip" after about 2 s. (I may end up increasing that through some combination of fiddling with R1/R2, increasing R3, and/or increasing C1.)

Complete schematic and PCB are attached. (PCB is approx. 90mm×50mm, traces ≥1.0mm, clearance ≥ 0.5mm. This is intended for hand assembly of at most a few units.)

Some specific questions:

• Do I need another resistor between the R1/R2 divider and U1? (Something mutter something bias current, which, frankly, I don't understand in the slightest.)
• Does the pull-up resistor R7 look reasonable?

...but mostly, does the overall design look okay, or am I missing something stupid?

[redkitedesign]

- You've shorted the three sense signals, are you sure they can handle that (i.e. one "essentially connected to 12V, the other two floating.)?
- What is the function of D3? If it is for polarity reversal on the sense connector, should be before the opamp. If it is for inductive spikes from the relay, it should be antiparrallel to the relay.
- Don't worry about the opampp bias current, its effect is smaller than the resistor tolerance
- D4 is useless
- Isn't the LM393 inverting?

[CountChocula]

How often do the pulses occur during normal operation? Does C1 have enough time to discharge to avoid the situation where a sufficiently rapid sequence of pulses causes it to charge up and trip the watchdog?

Also, have you considered a simpler design? The '393 seems a bit overkill to my (admittedly inexperienced) eyes. Would using the RC network to turn on an NPN transistor to steal current from the gate of Q1 be sufficient?


—CC

[sparkydog]

- You've shorted the three sense signals, are you sure they can handle that (i.e. one "essentially connected to 12V, the other two floating.)?

I'm not sure why there would be a problem. The PSU +12V connects to a bunch of stuff separate from this circuit, and to three SSRs (actually, identical SSR networks) in parallel. Each SSR [net] connects to one of the sense pins. If the SSRs are open, why would floating voltage be a problem? If they're closed, I have two parallel paths from the PSU +12V to SENSE.

- What is the function of D3? If it is for polarity reversal on the sense connector, should be before the opamp. If it is for inductive spikes from the relay, it should be antiparrallel to the relay.

Not exactly.

The way this is intended to work; the coil loses current and voltage starts to climb. D3 rejects the spike entirely, not allowing any voltage to be seen. Its job is to mainly to protect U1 (also, everything else "over there"), as my reading of the data sheet made it seem as if the LM393 would be very unhappy about any reverse voltage spike. Meanwhile, Q1 on the other side "sees" the spike, but IIUC should be able to handle it. "Eventually", the reverse voltage hits 30V, at which point D1 starts to conduct, clamping the spike at 30V. (Which allows the magnetic field to dissipate faster than a flyback diode.)

- Don't worry about the opampp bias current, its effect is smaller than the resistor tolerance

Okay, thanks!

- D4 is useless

According to the simulation, it is critical, or the whole thing doesn't work. Before reading further, try removing it from the linked simulation and observing the results. Then see if you can figure out why there's a difference.

Back? If you tinkered with the simulation, you'll at least know what goes wrong. I didn't have D4 originally, and it took me a while to see why it's needed, so don't feel too bad that you missed it. If you look very carefully at the schematic, you can see that, without D4, R3 forms a voltage divider with (hold on tight) R5+R6+R7+R1+R2 (whee!). As a result, C1 can only ever charge to ≈4.5V, not the intended 12V, which completely wrecks the intended timing. (Also, I've since swapped R2 for another 3k, which makes V_ref 6V, and K1 would never be energized.)

- Isn't the LM393 inverting?

...I don't know? Do you mean pin 1 (1OUT) is going to be 12V when pin 2 (1-) is greater than pin 3 (1+)? If not, I'm not sure what you're asking.

How often do the pulses occur during normal operation? Does C1 have enough time to discharge to avoid the situation where a sufficiently rapid sequence of pulses causes it to charge up and trip the watchdog?

It should. That's why D2 and R4 are there, to pull down C1 very quickly as soon as +12V goes away. According to the simulation, C1 should be ≈0.6V or less after 150 ms of SENSE going open-circuit. (Tested by replacing V1 with a constant 12V and a voltage-controlled switch driven by a 0.3 Hz square wave.)

Honestly, I don't know for certain, but in theory the worst case would be six signal pulses exactly overlapping so as to produce the equivalent of one long pulse, which should still be well under the "trip" time threshold. More likely I'll see three slightly-extended pulses (the logic upstream of this board already combines two pulses into one signal line) several seconds (if not significantly more) apart. Also, the "fault" is "the box didn't turn itself off". If the box does turn off, but somehow trips a fault anyway, that's completely harmless. (AC-L is actually driven by the "box", so a false positive is indistinguishable, to AC-T, from a true negative.) However, until I actually build and test the whole system, some of this is guesswork and it's possible I'll find out I need to further tweak the timing.

Also, have you considered a simpler design? The '393 seems a bit overkill to my (admittedly inexperienced) eyes. Would using the RC network to turn on an NPN transistor to steal current from the gate of Q1 be sufficient?

If you look at the disaster that was my first attempt at a review request, that close to what I had originally. Note especially the FDP3682 in place of the BS170; that's needed because the BS170 shows a rather slow transition from "fully off" to "fully on" as the voltage crosses its gate threshold. The FDP3682 is better, but still not perfect. Now, IIUC, you're not suggesting to drive the transistor directly, but I'd be worried that you'd still have the same problem. (I'm told transistors don't like being help in "partially on" state, nor is it ideal for the relay to see a gradual voltage ramp.) A comparator gives a very "digital" signal (either high or low with very fast transition) and allows for hysteresis as a guard against noise.

That said, if you have a schematic in mind, I'd be interested in taking a look.

[sparkydog]

Also, have you considered a simpler design? The '393 seems a bit overkill to my (admittedly inexperienced) eyes. Would using the RC network to turn on an NPN transistor to steal current from the gate of Q1 be sufficient?

Did you have something like this in mind?


As I suspected, this slows the switching time of K1 from ~10 ms to ~20 ms, and the ramp-up is a full sigmoid rather than an upper half of a sigmoid. (I'm simplifying here by just using a voltage function generator to stand in for the RC delay.) If you compare the original simulation from 2.1 s - 2.3 s, and this one from 0.15 s - 0.35 s (change the step to 0.001 s), you can see the difference. Another problem, whose cause is not immediately obvious, is that K1 in this one only gets up to about 24 mA; it should be seeing 33 mA. I would surmise that the internal resistance of Q2 is relatively high?

It's also far less controllable, as the threshold voltage of the voltage comparator (here, Q1; note that Q2 here functions as Q1 in the original, while Q1 replaces U1) can vary quite a bit, whereas the LM393 lets me tune the threshold voltage. That's not necessarily fatal for my application, but it is less convenient.

[CountChocula]

Hiya! You're using a low-side P-MOS transistor in your circuit, which is not going to work (the transistor will be off when it's pulled high, thus interrupting the coil circuit). Also, I'm not sure that your simulation is reflective of real-world conditions, where the relay controls the circuit's own power supply—which means that, as soon as its contact is interrupted, your entire circuit will become de-energized.

I had something a little closer to this in mind:



I didn't pick any specific components, but pretty much anything stock should work, I think. The idea here is that, when the coil is on, R4 pulls up the gate of Q3, keeping it on. When SENSE goes to +12V, CD starts charging through RD until it reaches the Vgs(th) of Q2, at which point Q2 starts conducting and steals current from R4, bringing the voltage on the gate of Q3 low and turning off the circuit. When SENSE is off, the base of Q1 is pulled low by R2, which discharges CD until it reaches around 0.6V (you'll have to keep this in mind when calculating your RC constant and selecting Q2, where you'll want a reasonably high Vgs(th) so that you don't need a giant capacitor).

If you prefer to use a comparator, you could use a TL431 in place of Q2:



This circuit works more or less the same way, except that U1 will bring the gate of Q2 to ground when the RC network reaches a voltage that exceeds its reference voltage of ~2.495V. The '431 is cheap and tiny, which should at least save you some board space.

I didn't simulate either of these circuits (FWIW, if I were you, I would just try building them… a sim seems overkill for something so simple), so they may or may not work; also, please keep in mind that I'm fairly inexperienced (especially with things connected to mains), so I may just be sending you down a rabbit hole, but hopefully this gives you some ideas to work off on.


—CC

[sparkydog]

@CountChocula, I think you misunderstood some things. For starters, AFAICT, the circuits you showed will immediately energize K1 and turn it off after a delay. That's backwards; K1 should stay open until SENSE is high for some delay.

My previous circuit (this one with a PNP+NPN) "worked" as intended, at least as far as K1 seeing current when intended. The rise time is suboptimal, and the total current is fishy, but current is present when it should be, and absent when it should be. (I strongly encourage you to check out the time-domain simulation if you didn't.)

You said "the relay controls the circuit's own power supply". This is not precisely false, however... K1 closing will affect the power supply (by turning it off, hopefully!), but that control is indirect. More to the point, seeing voltage on SENSE depends on K1 being open, whereas you seem to have somewhere gotten the idea that the opposite is true.

Maybe you would "just build" circuits 🙂. Maybe you have a fully-equipped electronics lab in your basement. I have neither a stash of parts, nor (at the moment) a viable workspace. Besides, simulations carry extremely low risk, and I doubt I could throw something together on a breadboard half as fast as I can simulate it. YMMV, of course.

Thanks for introducing me to the use of a transistor to draw down a capacitor! I'm not sure I'll use that, though; it's at least as many parts as the diode+resistor pair I was using, and while it looks like it ought to be able to drain the cap faster, simulation doesn't support that (and, more importantly, shows the cap never fully discharging at all). It seems if I really needed to drain the cap as quickly as possible, some sort of NC relay would be the way to go. For this, that's probably overkill.

[CountChocula]

Hiya!

@CountChocula, I think you misunderstood some things. For starters, AFAICT, the circuits you showed will immediately energize K1 and turn it off after a delay. That's backwards; K1 should stay open until SENSE is high for some delay.

I did! I thought you simply wanted the power to be on unless SENSE stayed stuck high for a period of time. Sorry about that.

You said "the relay controls the circuit's own power supply". This is not precisely false, however... K1 closing will affect the power supply (by turning it off, hopefully!), but that control is indirect. More to the point, seeing voltage on SENSE depends on K1 being open, whereas you seem to have somewhere gotten the idea that the opposite is true.

What I meant was that the simulation should take into account the fact that, when the relay is closed (see, got it right this time ), the circuit itself will lose power. I don't know if it will make a difference, but I thought I would point it out.

Maybe you would "just build" circuits 🙂. Maybe you have a fully-equipped electronics lab in your basement. I have neither a stash of parts, nor (at the moment) a viable workspace. Besides, simulations carry extremely low risk, and I doubt I could throw something together on a breadboard half as fast as I can simulate it. YMMV, of course.

I'm sorry, I didn't meant to imply that your ideas are less valid because you run simulations! I simply meant that simulations are an imperfect tool, and ultimately what matters is how well the circuit behaves in real life—hence, if you have the opportunity, trying things out for real is often easier.

Thanks for introducing me to the use of a transistor to draw down a capacitor! I'm not sure I'll use that, though; it's at least as many parts as the diode+resistor pair I was using, and while it looks like it ought to be able to drain the cap faster, simulation doesn't support that (and, more importantly, shows the cap never fully discharging at all). It seems if I really needed to drain the cap as quickly as possible, some sort of NC relay would be the way to go. For this, that's probably overkill.

Don't thank me too much… my circuit was clearly wrong

It's missing a diode and has one resistor too many. For completeness (just in case someone reads this in the future and wonders), I think this might actually work:

[sparkydog]

I thought you simply wanted the power to be on unless SENSE stayed stuck high for a period of time. Sorry about that.

Er... yes? Ah! I think I see the problem; I'm thinking of "the power" as "power to the box", not power to K1's coil. Sorry for the confusion!

You said "the relay controls the circuit's own power supply". This is not precisely false, however... K1 closing will affect the power supply (by turning it off, hopefully!), but that control is indirect. More to the point, seeing voltage on SENSE depends on K1 being open, whereas you seem to have somewhere gotten the idea that the opposite is true.

What I meant was that the simulation should take into account the fact that, when the relay is closed (see, got it right this time ), the circuit itself will lose power. I don't know if it will make a difference, but I thought I would point it out.

That's fair. However, once the input power is shut off, this circuit doesn't need to do anything, so it shouldn't be an issue.

I'm sorry, I didn't meant to imply that your ideas are less valid because you run simulations! I simply meant that simulations are an imperfect tool, and ultimately what matters is how well the circuit behaves in real life—hence, if you have the opportunity, trying things out for real is often easier.

No worries, I didn't take it that way, and I agree with the need to prototype. For me, I prefer to simulate first before moving on to live build, since if the simulation doesn't work, building a physical prototype is probably a waste of time (and, possibly worse, of components, especially if you accidentally kill something, or if a prototype requires ordering something exotic that isn't likely to be usable for something else if it ends up unused).

As to the cap-draining circuit, IIRC the old one did work. The new one also works (according to simulation), and I agree it looks "more correct", but it does still exhibit the same characteristics of discharging somewhat less thoroughly compared to the simpler design using just a resistor+diode pair:


(I put the drain resistor — my R3, your R2 — "before" Q1 rather than after, but it doesn't seem to make a difference, nor would I expect it to matter.)

On the other hand (and here we can see the importance of accurate simulation!), it does drain the capacitor much more quickly to start. (I was puzzled why my original setup, with just a voltage function generator, didn't seem sensitive to the drain resistor value. Replacing that with a more accurate constant voltage source plus a switch to interrupt the circuit gives a very different result!)

BTW, why only use a 10k for your R1 (R4 in my version)? The value doesn't seem to matter except to how much leakage current the circuit draws, for which bigger would seem to be better.

[sparkydog]

Now that I've looked at the improved simulation, I think I will actually (try to) use the PNP discharge version... but with one change. The diode actually seems to be counterproductive. Yes, it has a minor effect on the rate at which the capacitor charges, but with it, the capacitor never discharges fully. With the diode removed, there is always a path to allow the capacitor to fully discharge.

[CountChocula]

Now that I've looked at the improved simulation, I think I will actually (try to) use the PNP discharge version... but with one change. The diode actually seems to be counterproductive. Yes, it has a minor effect on the rate at which the capacitor charges, but with it, the capacitor never discharges fully. With the diode removed, there is always a path to allow the capacitor to fully discharge.

The diode prevents the capacitor from feeding current back into the circuit when there is no voltage on SENSE; without it, the transistor will not turn on and effectively prevent the capacitor from draining through the resistor. That's why, with the diode, the capacitor drains faster

The transistor circuit isn't going to drain the capacitor below a diode drop (though this has nothing with the diode itself). That's simply something that you could account for in your design. I'm sure someone with more experience can suggest a smarter approach—this is just what I came up with.

Finally, there's no particular reason for the pull-down resistor to not be larger than 10k\$\Omega\$… I think 100k would work as well like you said.


—CC

[sparkydog]

The diode prevents the capacitor from feeding current back into the circuit when there is no voltage on SENSE; without it, the transistor will not turn on and effectively prevent the capacitor from draining through the resistor. That's why, with the diode, the capacitor drains faster

Finally, there's no particular reason for the pull-down resistor to not be larger than 10k\$\Omega\$… I think 100k would work as well like you said.

Oh, boy, this was fun!

Logically, that first part makes sense... but the simulation insists it ain't so. Is it wrong? Is it right? Why? Well, hold onto your hat...

First, I'm pretty sure RD/R1 (using the designations in your most recent schematic) is acting as a voltage divider, such that, when SENSE goes open-circuit, the voltage the BJT sees is less than the capacitor voltage. Here's where it gets interesting, though; if the BJT sees more voltage on the emitter than on the base, it passes a fair bit of current. When charging, this never happens, because V_E is the capacitor voltage, while V_B = 12V. Thanks to the voltage-dividing effect of R1/RD, however, as soon as SENSE goes open-circuit, the BJT starts letting (a non-trivial amount of) current through, discharging the capacitor, even though V_B ≠ 0.

Check out the DC sweep simulation of this circuit:


So, yeah, as far as I can tell, omitting the diode is fine as long as R1 isn't massively larger than RD; or more to the point, as long as V_B is non-trivially less than V_E (the lower V_B is relative to V_E, the better). Right now I have R1 = 150 kΩ, RD = 510 kΩ, or a 17:5 divider, which has the effect of increasing the resistance of R2 (33Ω) by about 40% (about 47Ω). That's still plenty low to knock the capacitor voltage down to ~500 mV in about 50 ms, even from fully charged. On the other hand, we did discover a reason to keep R1 "somewhat" low. (I originally had R1 = 300 kΩ; swapping it to 150 kΩ not only helps drain the capacitor, but the hysteresis resistor is also 150 kΩ, and that's far less arbitrary. One fewer part number for the BOM. I wanted it big to limit power consumption, but that's dominated by the 3 kΩ / 3 kΩ reference divider... and even with that, the board only draws ~2 mA. Until and unless K1 kicks on, anyway.)

Figuring out what's going on was quite the adventure; thank you for steering me into that (even if unintentionally)! (Oh, and... technically, the capacitor will drain faster, at least initially, with the diode, but it will also stop draining when it runs into the BJT's voltage drop. Since the charge does a pretty good job falling off the proverbial cliff either way, I'm still partial to the version that is able — at least in theory and over infinite time — to fully discharge the capacitor, especially as it has one fewer component. 🙂)

Oh, and... if you're wondering why I'm trying to get you to pay for CircuitLab... block cookies from their domain. There are still limits on what you can do, and in particular you'll get locked out after a while and have to reload the editor, but you should be able to run simulations without having an account. Apologies for not noticing/recalling that problem earlier...