I have a mosfet controlling power to a heater. I send pulses (akin to pwm) to tell the mosfet to turn on and send current to the heater. The pulses are coming from a Beagle Bone Black. The process on the controller takes the feedback from a thermistor and sets the output pin that's connected to the mosfet high, when necessary. If the program halts or freezes with the pin set to high for more than 10 seconds, then the equipment will catch fire. What kind of circuit can I use to limit the length of the high pulse to only 1.5 seconds? It is expected that the pin will transition from high to low in less than 1.5 seconds (henceforth reffered to as the limit time) but can make multiple transitions (low to high to high to low) many times per second. The frequency could be as high as 250hz.
Electrical – Pulse width limiter Circuit
multivibratorpwm
Related Solutions
switghing_loss_wattage = energy_per_transition x number_of_transitions_per_second
If you are doing PWM using an H-bridge... During each switch, current flows in two diodes during the dead time, two transistos are turning on, two are turning off, and the capacitance of all 4 of them is either charged or discharged. Therefore...
energy_per_transition = 2 x (E_dead + E_cond_on + E_cond_off) + 4 x (E_cgs + E_cgd + E_cds)
Capacitive losses are typically more significant at higher voltages or higher frequencies and can sometimes be ignored.
When using an IGBT the datasheet will often quote an E_on or E_off value that lumps together the various parts of the turn on/turn off losses. The quoted values are typically on valid at specific voltages or currents.
The approximate energy lost in each transistor during each switch comes from the following sources...
1) Each time a you turn on a high-side transistor in an H-bridge you must ensure that the low-side transistor is turned off first and vice versa because if they were both on at once then power and ground would be shorted through the transistors and destroy them. Therefore a small amount of dead-time is usually added between turning off a transistor and turning on the other member of the pair. IGBTs typically have turn off times in the hundreds of ns to microseconds range. During the dead time if driving an inductive load the load current remains about constant and must have a path. The path will either be through the body diode of the transistor or through a separately added Schottky diode. In either case the energy dissipated during the dead time will be
E_dead = diode_voltage x load_current x dead_time.
2) When a transistor in an H-bridge is off it has the entire supply voltage across it but no current, so no power loss. When the transistor is on it has about 0V ocross it and all the load current, but very little power loss. When transistioning from off to on the transistor current remains about constant when driving an inductive load but the voltage across the transsitor moves in an approximately linear fashion between the full supply voltage and 0V. It will take some finite time for the transistor to make the transistion. The turn on conduction losses are approximately
E_cond_on = 1/2 x supply_voltage x load_current x turn_on_time.
Transitioning from on to off will take some finite time. The turn off conduction losses are approximately
E_cond_off = 1/2 x supply_voltage x load_current x turn_off_time.
3) There is losses due to the gate source capacitance charging.
E_cgs = 1/2 x gate_source_capacitance x gate_source_voltage^2.
4) There is losses due to the gate source capacitance charging.
E_cgd = 1/2 x gate_drain_capacitance x gate_drain_voltage^2.
5) There is losses due to the drain source capacitance charging.
E_cds = 1/2 x drain_source_capacitance x drain_source_voltage^2.
In an H-bridge each transistor turns on once and turns off once per switching cycle, and there are 4 transistors.
energy_per_transition = 2 x (E_dead + E_cond_on + E_cond_off) + 4 x (E_cgs + E_cgd + E_cds)
The load_current to use in the calculations should be the average load current, which for a sine-wave is 2/pi x the_peak_load_current.
I see your dilemma. The buck output stage will look something like this: -
For simplicity I'm using the example of a synchronous buck regulator - this is equivalent to both MOSFETs being a kind of high frequency change over switch feeding a low pass filter formed by the L and the C.
With no load connected, do you see that the average current from the incoming supply HAS to be zero amps? This is important to grasp so take some time to ponder this. To help you understand, the inductor is recharged with current when the switch is connected to 12V and that current is discharged to a negative value when the switch conects to ground: -
Blue is the switching voltage fed to the left of the inductor and green is the current waveform through the inductor. It has to be this way because there are no power dissipating components connected to the switching node.
When the switch reconnects to the incoming 12 V, the current flow from the 12 V is negative i.e. energy is being returned to the 12 V source.
That current reduces in magnitude rising through the zero ampere point and reaches a positive maximum. After this point, the supply is disconnected and zero current is taken from that supply. Current (in red below) restarts at a negative value and the process repeats: -
Basically, the incoming supply current (red) has an average value of zero amps. As I said earlier, it MUST be this way because there are no power dissipating components that could force an average DC current from the incoming 12 V.
It's worth noting at this point that the output voltage (for a 50:50 duty cycle) will be 6V with a slight amount of ripple voltage. The ripple is due to the L and the C forming an imperfect low pass filter. A low value could be typically 20 mVp-p superimposed on the DC output of 6V.
In effect, the 50% switching process, the inductor and the capacitor behave like an ideal step-down transformer; 12 V is converted to 6 V and, with no load connected, zero average current is taken from the incoming supply.
When you do connect a 6 ohm load, 1 A DC flows into that load (ignore the slight bit of ripple, minimized to trivial amounts through sensible component selection) so, what happens to the inductor current....
Clearly, 1 amp DC has to flow through that inductor to feed the 6 ohm load and that will mean an inductor current that looks like this: -
The lower half of the picture shows the current taken from the 12 V supply - it has exactly the same current as the inductor when the switch connects it to the inductor but, for the other 50% of the time, that current is zero.
Hence, the average current taken is 0.5 amps.
Best Answer
I am a little surprised by the number of answers here recommending a WDT for this task. The WDT can guard against software faults, but implementing a good robust WDT is not trivial, and designing the code to fail to "kick the dog" when a fault occurs is fraught with peril, especially on a complicated multi-threaded system like a BeagleBone running (presumably) Linux. A watchdog timer is not a magic wand that makes software safe - it is a tool that can make software more robust, but only if implemented correctly.
If this were my project, I would implement two hardware mitigations to remove the processor from the equation entirely:
A safety circuit that detects if the GPIO from the processor has latched high for more than ten seconds, and if so, kills the heater. This is your first line of defense.
A one-time use thermal fuse that kills the heater in the event that the temperature rises above a critical threshold. This is your second line of defense.
Why both mitigations? Well, the first option mitigates a particular known failure mode (processor output latches high), but this won't catch all possible failure modes that cause the particular hazard (overheating). It is likely there are other failure modes that can cause this hazard - for example, the PWM output could still be transitioning faster than 0.1 Hz but with a 99% duty cycle, or maybe the relay that operates the heater latches shut.
The thermal fuse detects the hazard directly (by detecting the overheating) and blows, permanently cutting power to the heater and removing the hazard. This would actually be sufficient to catch the GPIO latched condition on its own, but in this case we probably don't want to do that since the thermal fuse is permanent and it sounds like you are dealing with debugging your code (it would be inconvenient to replace a thermal fuse every time the output stayed high during development).
As for the safety circuit, something like this should do the trick:
simulate this circuit – Schematic created using CircuitLab
The circuit works like this: R1 and C1 form an RC circuit, selected such that their time constant allows them to charge to the reference voltage created by R2 and R3 at t=10s when the GPIO voltage is high. Once this happens, the output of the comparator goes to logic low, and when ANDed with the input signal, forces the heater off.
The reverse Schottky diode across the resistor allows the capacitor to drain quickly (ideally instantly) when the GPIO goes low, resetting the time delay circuit. Since the value of C1 might be quite large depending on the value of R1 chosen, it may be prudent to put a small resistor in series with D1 to limit the discharge current to the maximum value the GPIO is allowed to sink.
No fancy timers, no 555s, no watchdog circuits - just some basic components and simple glue logic.