Electronic Design

What's All This Safety Margin Stuff, Anyhow?

Sometimes it's easy to tell if you have a safety margin. With a voltage regulator, or any linear amplifier, if it was oscillating, you could add a fix - often, a simple series R-C network from the input or output to ground. Good. But is it good enough?

To be safe, you should put in a square wave of voltage (or pull out a square wave of current through a little R-C network) and make sure that there isn't any bad ringing. Now, to be quite sure, you would have to exercise this linear amplifier over its expected range of voltage and current (and temperature) - and make sure the ringing stays far away, as I said in Pease's Principle on page 99 of my book.1

But how about for a buzzing comparator? If you put in hysteresis, it seems okay. But how can you make sure it is going to run safely? I don't think anybody has a solid answer on this. But here is my solution: change a resistor to cut the hysteresis by about half. If it still runs safely without any oscillation or screaming as the input signal passes the threshold, that is a good indication.

So restore the proper amount of hysteresis, and you are probably safe. Unlike the amplifier problem, this is unlikely to be affected by temperature. But it is likely to be affected by layout, so don't let anybody fool around with the layout.

In the real world, those of us who have to drive with snow have learned that you have to do some practice skidding at the start of each season and every time there is significant snowfall. As I said on p. 224-246 of my other book, practice hitting the gas and the brakes too hard and cornering a little too hard in an empty parking lot and on the road, too, where snow conditions may be a lot different.2 I don't have to spell that out, unless you are a new arrival to snowy territory.

Judging Power
Next, how do you make sure you have enough power-supply bypass capacitance? I have seen a couple of analytical studies, and they have come to the same conclusion as my rule-of-thumb solution: Use one ceramic disc cap, 0.02 or 0.1 µF per IC (on each supply, if it is an op amp with + and - supplies), and add one 2- or 10-µF electrolytic or tantalum cap per four or five ICs. But how do you know that it's safe?

My solution is to lift out (or snip out?) half of the capacitors. Study some of the critical waveforms before and after you snip and see if the circuit seems to be okay. Study the amount of ringing on each power bus. Then, put the caps back in. Of course, some amplifiers are so slow and docile, they aren't very dependent on a lot of bypass caps. But you never know until you check it out.

Why not just leave the capacitors out? Well, you might save a dime or two. But you would lose your safety factor. You would have to do a lot more testing at hot and cold to be sure you were safe. And after your electrolytics have aged, you could lose your safety factor even at room temperature.

More on Flying
What if you are approaching a mountain pass? "If the pass looms smaller and smaller behind the cowl, you are probably going to make it. But if the pass looms bigger and bigger, you know you are not going to make it," one pilot explained.

That may be literally true, but that doesn't sound like nearly enough safety margin for me. Several pilots said they like at least a 3000- or 5000-ft margin over the pass to allow for downdrafts.

Here in the U.S., updrafts often go up the west slope of a mountain, and downdrafts come down the east side - but not always. And altimeters usually tell the truth, but not always. So when piloting a plane, you have to have your own rules for determining what to use for a safety margin and when to trust it.

(1) Troubleshooting Analog Circuits, Elsevier, R. Pease, 1991, p. 99
(2) How to Drive Into ACCIDENTS - and How Not to, Pease Publishing, 1997, p. 224-246

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.