Zener to limit voltage to 1.2V

[paulca]

So if I have a control input in a circuit that I want to limit to 1.2V and the voltage divider feeding it might provide 1.6V maximum, I should be able to "clamp" the voltage to 1.2V by using a 1.2V zener with a current limiter resistor to gnd?

The trouble is 1.2V Zeners seem hard to find.  I can find 1V and 1.8V and even then anything under 3.1V seem rare.

Assuming they cannot be series/parallel to alter their values similar to resistors, is there anyway you could suggest I create a 1.2V limiter?  Not a regulator, I want the voltage below 1.2V to be completely unaltered.

The circuit is feeding the input to an op amp which controls a dummy load.  The sense resistor has a 15W max power rating and I wanted to place a limiter right at the op amp input so that no matter what mistake (or deliberate act) I make with the control circuitry the zener (or whatever) would dump any over voltage instead of allowing the high side Mosfet+Sense resistor to smoke itself.

Note I will accept the answer, "This is a fools game" or "Are you mad?"

Is there some magic I can do with an opamp and a voltage reference?

[Benta]

I don't know of any 1.2 V Zeners, IIRC 2.4 V is the lowest I've seen.
There are 1.2 or 1.3 V "voltage regulator diodes", but they are not Zeners, but two forward-biased diodes in series.

The usual way of solving this issue, is to divert overvoltage onto the positive supply rail with a diode. If you choose a Schottky, the forward drop will be around 0.1 V.

[Vtile]

Do you have possibility to regulate the voltage before the the voltage divider (ie. with zener), so that the output of the divider is always correct?

Also can you give us a bit more information. What type is the voltage source you are using? A battery pack? 

Also roughly 1.2 volts can be constructed from two series diodes (see picture), it is not as accurate though as typical zener.

[paulca]

The PSU will be a bench supply.

I'm toying with dummy loads.  The voltage divider will be a basic 5% resistor followed by a 1k, 10k or 100k trim pot.  Based on the selection of resistors I have I won't be able to get an exact maximum figure on the pot, so it leaves me open to tweaking it too far and overloading things.  I am looking for a general way to clamp a control voltage so that any overvoltage provided out of the divider can be dumped before it sets the control input too high for the heat rating of the components.

Basically a way to do this:

if( control_voltage > MAX_CONTROL_VOLTAGE ) {
   control_voltage = MAX_CONTROL_VOLTAGE;
}

I suppose chaining dividers could make things better.  The first divider provides as close to the maximum control voltage as it can and the second divides it via the trim pot to get the variable output.  Just adding another resistor to what I already have.

I find when I come up with these questions and there aren't easy to pick off a shelf components to do it that I'm trying to do something wrong.

How does the dumping the overvoltage to the positive rail with a diode work?  If I try that in a sim it just floods current through the diode.  Think I'm missing something there.

[Kalvin]

How about this one. Adjust the trimmer until you get the desired maximum output voltage. You may need to tweak the actual resistor and trimpot values, but you should get the idea.

[capt bullshot]

If you don't mind using an active circuitry for the limiter, you could take a look at this idea:

http://www.electronicdesign.com/analog/op-amps-make-precision-clipper-protect-adc

They use an op-amp as a precision clamp, quite common if you want to limit a voltage to a precise limit.

For 1.2V there's no zener afaik, two series connected silicon diodes may work and give a coarse clamping somewhere between 1V and 1.4V (depending on the forward current). Might be good enough for your goal.

[Benta]

How does the dumping the overvoltage to the positive rail with a diode work?  If I try that in a sim it just floods current through the diode.  Think I'm missing something there.

It's simply a diode with the anode connected to the input and the cathode to the positive supply rail. Mostly you do it for both rails to also clamp under-zero input voltages (cathode to input, anode to ground).

[SeanB]

How about using a TL431 programmable zener, which will naturallly clamp at 1V2 without much extra circuitry. 2 terminals, and will handle 100mA with ease, though you might need to have a lowish supply impedance to cover the bias current of the device.

[Zero999]

How about using a TL431 programmable zener, which will naturallly clamp at 1V2 without much extra circuitry. 2 terminals, and will handle 100mA with ease, though you might need to have a lowish supply impedance to cover the bias current of the device.

The TL431's minimum voltage setting is 2.495V. I think you meant the TLV431 or LM4041 but they're not rated to such a high current.
http://www.ti.com/lit/ds/symlink/lm4041-n.pdf
http://www.ti.com/lit/ds/symlink/tlv431.pdf

[mzacharias]

Am I missing something? Just use two silicon diodes in series for a 1.2 volt drop - effectively a 1.2 volt zener.

[Benta]

Am I missing something? Just use two silicon diodes in series for a 1.2 volt drop - effectively a 1.2 volt zener.

See reply #1.

[KL27x]

I should be able to "clamp" the voltage to 1.2V by using a 1.2V zener with a current limiter resistor to gnd?

FYI, you have the resistor backwards.

The resistor would be in series between the Vsupply and the Vload. (This drops some of the voltage, yeah. As long as the value is small enough so that the load gets the min voltage it needs at its maximum current draw, this isn't any problem.) And the clamping diode(s) would go between Vload and ground without any resistor. In this way, Vload would be firmly limited to the drop across the diode, and any variation in Vsupply would result in more or less power wasted through the diode. You have to calculate the value of this series resistor to waste minimal power yet provide the load with its minimum voltage requirement.

If you did it your way, the Vload and Vsupply are the same. And if Vsupply is higher than the drop of the diode when under load, Vsupply-under-load/Vload will still exceed the voltage drop of the diode by some finite amount. And any variation in Vsupply would result in a variation of Vload, because they are one and the same. Furthermore, any variation in impedance/resistance of Load will result in a variation of Vload/supply. In your description, you are trying to pull the entire Vsupply rail down to what you want. And that is going to suck. You might as well use just a resistor and leave the diode out of it. That's not regulating/limiting. That's just fudging. In very specific instance, it might work brillilantly. But this would be where Vsupply is very stable and can be pulled lower without wasting a lot of power, and it is only supplying a static load. Dividing/separating Vsupply from Vload with a resistor allows you to tailor Vload without pulling down the entire supply rail.

I get it, your Vsupply is high impedance resistor network. But the case still stands. It doesn't matter where your Vsupply is coming from. Series resistor between Vin/out and clamp the Vout side directly to ground.

In this specific case, if you are ONLY using the voltage divider to power this one circuit, then what you would do is remove the bottom half of the ladder and REPLACE it with your clamping diode(s). Calculate the top half as your series resistor. See? Same thing I described in the first paragraph. This is essentially a voltage divider that tops out at the voltage drop of your clamping diode.

[T3sl4co1l]

Two diodes
TLV431
Vbe multiplier
op-amp + diode (precision clamp)
etc.

Or just use a lower divider ratio in the first place!

Lots of options, some better than others.  You need to define how accurately and sharply the limit acts.  The function you provided is piecewise continuous, but no real function has missing derivatives, i.e., there is always some curve bridging between the regions.  How wide that region is -- uV or 100s mV -- determines the selection.

How fast the change occurs is also a matter.  A voltage transfer function is DC only.  There is no accounting for speed, for bandwidth.  A real circuit takes time to respond, whether it's nanoseconds for the diodes (forward and reverse recovery), or microseconds for the op-amp (which includes TLV431, an active circuit).

Tim

[paulca]

I thought it was a simple question   It seems it isn't

The purpose was just to create a hard limiter on a control input. 

I believe I seen other uses on my google travels around inputs to ADCs where anything over 5V was dumped with a 5V Zener to GND so the >5V never got to the ADC.  Although 5V Zeners are easier to find.

The 1.2V was just the example I was working with at the time.  I suppose my question was really wondering if there was anything you could do with multiple zeners to alter the clamp voltage if you couldn't find a zener for the exact voltage you wanted.

Assuming you can't really build Zener networks to create custom reverse breakdown voltages, what would the solution be to hard limit a control voltage?

Say for example you are providing a control input on a product and while you specify it in documentation as being, say, 0-3.3V how would you hard limit that to 3.3V in case some body put 5.2V into it?

[macboy]

Change the circuit so that the control range is 0 to 2.5 V, then you can use a TL431A, with adjust pin connected to Cathode pin, as an 2.5 V zener substitute that performs much better than an actual 2.5 V zener. The TL431A has lower dynamic resistance, so the clipped voltage will be more stable as cathode current (input voltage) varies.

[danadak]

As stated earlier Vbe multiplier -





Regards, Dana.

[drussell]

I thought it was a simple question   It seems it isn't

I don't see why it isn't simple...  I believe it is rather simple...

Assuming you can't really build Zener networks to create custom reverse breakdown voltages, what would the solution be to hard limit a control voltage?

I don't know what you're trying to say by "network" but you most certainly can put Zeners in series to make custom unusual values or high voltage variants.

As an aside, most diodes that we usually call Zener diodes, aren't really true Zeners, they're actually usually avalanche diodes.  True Zener reverse breakdown is caused by electron quantum tunnelling.  Only the ones down below about 5.6 volts are actually true Zeners and yeah, they are only common down to a bit below 3 volts... Things like 3.6, 4.8, 5.2, and 5.6 are commonly used all over the place but for below a couple of volts you normally use other methods. 

You can use the difference between, say, a standard 5.6 and a 6.8 volt Zener to get 1.2 volts for something in a circuit when you're applying an operating bias to a transistor or whatnot, but that isn't going to work easily when you just want a "clamp".  Normally for that you would use one or more regular diode junctions in series but in the forward direction mode rather than reverse like you would apply a "Zener".  Different constructions have different typical voltages, 0.5-0.7 for Si, 0.2-0.4 for Ge, etc. depending on circuit conditions.  This works for clamping or shunt voltage regulation situations.

If you need more precision than a diode (or diodes in series) can provide, whether it be Zener or "regular" diode, a glow tube like the old OA3/VR-75,OC3/VR-105 regulator tubes, some other kind of gas discharge tube or whatever other kind of shunt element you're applying then obviously you're going to need some kind of active circuitry.  If this is a voltage regulator then you need more of a "voltage reference" rather than a simple diode.  If it is a clamp, you need some kind of crowbar circuit or active voltage regulator, buffer, conditioner, etc.

[T3sl4co1l]

I thought it was a simple question   It seems it isn't

The crux of the matter is a simple question:

How hard does the limit actually need to be?

Say for example you are providing a control input on a product and while you specify it in documentation as being, say, 0-3.3V how would you hard limit that to 3.3V in case some body put 5.2V into it?

I'd use an input voltage divider, a 2.5V ADC reference, 3.3 or 5V supply, and let schottky clamp diodes handle ESD or overvoltage.

Actually not schottky, or yes but with tweaks.  Schottky diodes are leaky enough that they might introduce error in the measurement.  But that's just engineering, there are plenty of ways to deal with that.

Point being, it's easy enough to guard band the design, so that in the 0-2.5V operating range, there is negligible error to the measurement, and somewhere outside of the MINVAL to MAXVAL range, diode clamping occurs, preventing forward-bias of the ADC input protection diodes (which will cause errors between input channels).

Between those limits (say, MAXVAL and VDD), there is ample room for the diode to begin to conduct: a relatively soft, sloppy clamp is sufficient.  It can also be very fast, capable of clamping ESD.

There is absolutely, positively nothing wrong with operating an ADC's input beyond its REF range.  All ADCs I've seen will simply report MINVAL or MAXVAL, and some have an "over range" logic pin to go with.

Tim

[paulca]

For me this stems from my roots in software.  There we often do what is called Pre-conditions and post-conditions.  It depends of course on the criticallity of what you are designing.  But if you have two software components, depending on the your granularity of your view point they could be actual software components deployed separately (two electronic independent products) or just functions/methods within one (two electronics sub circuits).  It is important to note you may or may not have control over one or other, one could be a 3rd party closed proprietary 'black box'.

If a function expects to operate on a value between 0 and 3.3 it would often verify it's input before proceeding with it's task.  Often it might also verify the it's own output succeeded as expected, the post-condition.  A crude text book analogy might be the following:

function debitAccount( account, amountToDebit ) {
   // pre-condition
   assert account.getBalance() >= amountToDebit

   // operation
   balance = account.getBalance()
   account.setBalance( balance - amountToDebit )

  // post-condition
  assert account.getBalance() = balance - amountToDebit()

  return account 
}

In this example it would throw an assertion error if there wasn't enough money in the account or for some reason the account rejected the new balance (concurrency problems if using optimistic locking for example).

In other cases you can just "clamp" the inputs.  eg:

if( account.getBalance() < amountToDebit ) {
   account.setBalance( amountToDebit )
}

Which, although we would all like our bank accounts to do this, it's inappropriate.  However you get my point.

In electronics, if I interconnect various different components, say a control logic circuit to an actuator or op amp driving circuit, I would imagine it is important to validate the inputs are within range before proceeding with potentially damaging or dangerous voltages/currents or values.

In my beginner level stuff this would apply to a current limiter in a dummy load or power supply.  Should I want to hook it up to a DAC to test, learn, tinker I would like a way to physically set an absolute limit on the input to the current sensed driver opamp.  Thus when my code or interface to the DAC goes tits up and I send the value of 9V to the opamp I do NOT get 9V worth of output and fry the mosfet and cabling.  The driver circuit would clamp itself to a set limit.  Obviously I would like that clamped limit to be configurable by swapping in and out a few components or by tweaking a pot.

I will read up on the suggestions above today if I get a chance in work.

[T3sl4co1l]

In electronics, if I interconnect various different components, say a control logic circuit to an actuator or op amp driving circuit, I would imagine it is important to validate the inputs are within range before proceeding with potentially damaging or dangerous voltages/currents or values.

YES!  Thank you!

It is very unusual for a beginner (to electronics) to understand intuitively that domain (input) and range (output) should match up.

And, accordingly, the domain and range should perform proportionally, to whatever extent the circuit is supposed to be proportional (or not, as the case may be).  Example: an analog level shifter (nothing more than an amplifier with whatever voltage offset and gain settings) should not only match up input and output ranges, but they should be smooth, proportional and linear, to as much extent as is required.

In a control loop, the requirement might not be too strict (feedback solves modest errors), but a gross discrepancy (like a 2:1 difference in slope over the range) is just dumb.

The classic EEVBlog example being any of the linear bench supply circuits floating around, which illustrate why a common-emitter transistor (with no emitter degeneration) is a bad idea: the input domain is narrow (Vbe of 0.5 to 0.7V, say), the output range is poorly constrained (the maximum collector current might be limited by hFE only), and the gain varies tremendously over that range (maybe 4:1 or worse, because of the exponential Ic(Vbe) curve).

This is equivalent to inserting a nonlinear function in a PID loop, say -- which is utterly pointless and extraneous in a digital system (where you have to go out of your way to make a nonlinearity), but supposing it were more incidental instead, you can see that, if the PID's transfer function is mostly linear, who really cares, but if it's out by a lot, it's going to lead to problems.

Hmm, which is an interesting thing in favor of DSP, that's not usually emphasized: you don't have any incidental nonlinearities.  After the ADC, it's 100% pure math.  You shouldn't need anything besides basic arithmetic in the inner loop (special cases aside), which means zero additional distortion!

So anyway, back to analog ranges: some things are okay with out-of-range, others not so much.  Clearly, you don't want to dump an ampere into a 2N3904, that's not what that's for.  Whereas you can make the software throw an error (or something equivalent, give or take what language you're developing in), analog throws sparks.

So there are ranges where:
1. Expected values in normal operation
2. Unexpected values, leading to normal operation with exceptions (e.g., clamping values to min/max, perhaps with a flag to record this action)
3. Absurd values, leading to abnormal operation (throwing faults, gibberish values, overflow, buffer overruns, and beyond)

In my beginner level stuff this would apply to a current limiter in a dummy load or power supply.  Should I want to hook it up to a DAC to test, learn, tinker I would like a way to physically set an absolute limit on the input to the current sensed driver opamp.  Thus when my code or interface to the DAC goes tits up and I send the value of 9V to the opamp I do NOT get 9V worth of output and fry the mosfet and cabling.  The driver circuit would clamp itself to a set limit.  Obviously I would like that clamped limit to be configurable by swapping in and out a few components or by tweaking a pot.

Precisely how good design is done.  Assume the software is out to get you! 

Some examples:
- Match up DAC and REF range, so the DAC physically cannot produce more than 1.2V for the current limit/setpoint parameter.
- Design the REF range to be opamp MAXVAL: even if the op-amp saturates, or fails shorted to +V or -V, its output cannot exceed the normal operating range (#1 above).
- Put a clamp on the REF input, so that "#1" range is, say, 0 to 1.2V, compression and clipping (the curved segment between linear operation and hard clipping) occurs in the 1.3 to 2.5V (say) range (a "#2" sort of situation), and damage only occurs under extreme conditions (like the very short, 10A+ peak current surge that very high voltage ESD can deliver).


It's perfectly alright to rely on components behavior in this way, like op-amp saturation.  There are many "buts" associated with components themselves -- not all op-amps saturate at the same voltage, not all are even well-behaved in saturation (the usual problem is "phase reversal" for out-of-range inputs), and so on -- but these are all documented in the datasheet (and if they aren't, assume the worst, and pick another one instead!).  Typical RRIO (rail to rail input/output) amps are rated for full range input and output voltage, will saturate very close to +V and -V, and will not suffer from output reversal, or slow saturation recovery.  TLV2372 is a good jellybean-ish example.

My go-to example is a switching power supply, where an oscillator and comparator are used to generate a PWM waveform.  This is amplified with a power transistor, driving an inductor.  The inductor current is sensed, and an error amplifier (or PID loop, if you like -- this could all be pure digital) controls PWM% to set output current.  The current reference/setpoint is, in turn, controlled by another error amp, which senses output voltage, thus producing a stable voltage regulated output.  Well, the voltage error amp can only "request" a setpoint between 0V and +V (the saturation limits of the opamp output), so it's a simple matter of designing the current loop for the same range (or scaling the ranges appropriately, with a voltage divider or preamp).

More discussion of that example here: https://www.eevblog.com/forum/projects/building-a-simple-switching-circuit/msg1252706/#msg1252706

Tim

[paulca]

not all op-amps saturate at the same voltage, not all are even well-behaved in saturation (the usual problem is "phase reversal" for out-of-range inputs), and so on -- but these are all documented in the datasheet (and if they aren't, assume the worst, and pick another one instead!).

I got caught out by this by not reading a datasheet properly, or not knowing how to interpret it and had an op amp 'saturate' to it's top rail when it's inputs where below the minimum range.  I can only assume it interrupted the non-inverting input above it's inverting input and produced it's maximum output.  Thankfully only a small amount of magic smoke was released from a component with plenty to spare (a wire).  It partly inspired this post about how to set and clamp limits at various points in circuits so that if one component miss-behaves others further along can be tolerant of the error or self correct /limit for it.

Your idea of using this to my advantage is interesting.  I have used similar mathematical solutions in software.  I don't know the mathematical term for such equations, but whatever you put in will never result in a value outside of a given range, they are self limiting.  Usually it involves dividing things down to get a 0 to 1 range and then multiplying by the maximum value.  Taking the input as a ratio in terms of the min and max values.

In electronics (and referring last night back to the origins of the circuit I am working on), the original author uses a control circuit opamp buffer but then divides the output by a ratio of 10:1 and runs the drive circuit off the output of that divider.  Thus if the control circuit erroneously slams into it's upper rail the result is divided by 10 preventing the drive circuit from getting completely out of whack.  In the control circuit he uses a voltage reference which is fixed to a 5V value regardless of supply upper limit and then divides that with the control pot.  So there are two limits.  The control pot, even shorted out, can only produce a 5V output.  This is then buffered with an opamp then divided by 10 so the drive circuit can only ever receive 500mV.   In a worst case scenario and the incorrect op amp is used as the buffer it could technically slam into it's upper rail and produce 12V output.  Which would give a 1.2V input to the drive circuit.    This would still result in a over current and fried leads/mosfet.  I suppose if I wanted to extra careful I could limit the power rails on the opamp buffer with dividers so it's upper rail is 5V limiting the worst case to 500mV.

The downside is, this particular circuit has an external input (most likely from a function generator or DAC) which goes straight to the 10:1 divider.  However, as you elude to the DAC feeding that will have a design maximum of 5V so even if it crashes and slams to it's max value it will/can only ever output 5V.  Obviously if I connect that input to a 12V reference all bets are off.

It seems things are the same as in software.  The actual functional code/circuit starts out very simple and concise, but when you then add in preconditions, post conditions, limits, checks, balances, exceptions, configuration, metrics and abstractions it grows in size considerably.  As an aside, one of my pet hates in software design is the "death star phenomena" which a very simple bit of software is abstracted and design patterned into a huge complicated object orientated behemoth.  Designing for extensibility and flexibility creates numerous problems which then require elaborate abstractions and design patterns to solve which in turn result in more problem which need to be solved.  Soon a project that should have been 100 lines of carefully written code done in a week, is 10,000s of lines of overly complex abstract code taking months and as in the emperors new clothes at the end it's still not totally flexible or extensible and the code changes they were trying to avoid in the first place may have been addressed, but code changes are still required to extend and now they are to a highly complex abstracted framework instead of to some simple belt and braces functional code that anyone could understand.  I'm sure the same thing happens in enterprise grade modular electronics engineering.

[T3sl4co1l]

Your idea of using this to my advantage is interesting.  I have used similar mathematical solutions in software.  I don't know the mathematical term for such equations, but whatever you put in will never result in a value outside of a given range, they are self limiting.  Usually it involves dividing things down to get a 0 to 1 range and then multiplying by the maximum value.  Taking the input as a ratio in terms of the min and max values.

Fully testing all inputs to a function is also very helpful, when it's feasible.  Which is more and more, these days -- a whopping 32 bit function needs a mere 4 billion checks to fully verify, a few days of CPU time.

Of course, your test needs to be correct, which can be a bit of a challenge.

I'd explored this, with a fairly mundane example:
https://www.seventransistorlabs.com/Calc/Thermistor.html
Technically, the input range (at real temperatures) can only be within so-and-so, but the ADC reads 0...4095, so it's easy not only to test all values, but to pick a method that gives not-terrifically-off values there as well.

The sum-of-reciprocals method would've given some...interesting results, over that range, IIRC.  The polynomial fit did very well in all respects.

(Above is also an example of premature optimization, if you like.  Hey, it wasn't for a job, just a fun project. )

<snip>

I suppose if I wanted to extra careful I could limit the power rails on the opamp buffer with dividers so it's upper rail is 5V limiting the worst case to 500mV.

Another point, relevant to this special case: semiconductors tend to turn on over a similar voltage range.  A 5V zener diode is sharper than a stack of PN diodes.  At 1.2V, the best you can do with diodes is two or three in series.  But if you put a zener diode at the opamp output, you can clamp it more accurately.

Indeed, you can also put it inside the loop, if you do it right.  That way, there is zero* error until the op-amp hits its limit!

*Give or take opamp offset and gain.

This looks something like this,



Now, this is used for compensating against capacitive loads (C3, which in practice might be something like an EMI filter cap, or a transmission line), a nice tip by the way.  Suppose we replaced C3 with a zener diode, and we won't need C1 and R2, just ignore them for now.  Then the op-amp will try to deliver whatever voltage and current is needed, to develop the input voltage across C3.  It will keep going up until it can't go anymore: if R3 is small, then it will hit its current limit; otherwise, it will saturate at maximum output voltage.

We can refine this further, by comparing against an accurate reference voltage, and using that to turn on a transistor that pulls up on -in.  In effect, fooling the op-amp into saturating, without actually having it saturate.  (Which is a good trick to play on those op-amps that have naughty saturation behavior.)

Here's an example:



This is a bit more complicated than the description suggests, on account of managing the level shifting so it works for general purpose inputs.  (The feedback network is shown indicating the op-amp can be used as usual, say as an amplifier, filter, error amp, etc.  We're essentially wrapping an op-amp around an op-amp, so compensation is needed for the limiter as well, hence R7+C1.)

Of course, you might then ask, what if the limiter reference fails?  What if the limiter itself fails?  It's turtles all the way down, alas...

It seems things are the same as in software.  The actual functional code/circuit starts out very simple and concise, but when you then add in preconditions, post conditions, limits, checks, balances, exceptions, configuration, metrics and abstractions it grows in size considerably.

Yeah, and edge cases are just as critical.  They're more obvious in analog circuits, at least -- you have straight bounds and that's it.  But a complicated circuit with many inputs and outputs, may not exhibit obvious behaviors.  Each input is essentially a real numbered axis, and together they trace out a multidimensional volume that is the operating space.

In software, the spaces can be modeled in various ways.  On the lowest level, it's N dimensions for N bits, each axis having a position of 0 or 1 (Hamming space), but grouping bits into longer axes is natural.  In any case, exploring all the corners of that operating area, can quickly get intractable.

As an aside, one of my pet hates in software design is the "death star phenomena" which a very simple bit of software is abstracted and design patterned into a huge complicated object orientated behemoth.  Designing for extensibility and flexibility creates numerous problems which then require elaborate abstractions and design patterns to solve which in turn result in more problem which need to be solved.  Soon a project that should have been 100 lines of carefully written code done in a week, is 10,000s of lines of overly complex abstract code taking months and as in the emperors new clothes at the end it's still not totally flexible or extensible and the code changes they were trying to avoid in the first place may have been addressed, but code changes are still required to extend and now they are to a highly complex abstracted framework instead of to some simple belt and braces functional code that anyone could understand.  I'm sure the same thing happens in enterprise grade modular electronics engineering.

Yep.  I've seen plenty of industrial equipment with all manner of things bolted on over the years...

Haven't had to maintain any huge PCBs, at least.  Do have a regular customer that does updates about every year, but it's a modest board (~500 components).

Tim