4QD - DC Motor Control
MOSFETs are well known to be prone to inexplicable failures - to the effect that the alternative expansion of the MOSFET acronym is 'Magically Obliterated, Smoke and Fire Emitting Transistor'. The truth is that MOSFETs are incredibly robust - but that they fail very fast indeed if any of their rating are exceeded. There are a few ratings which are very difficult to get sensible information on, and which can cause problems. This page (which can never be complete) is a start on trying to explain some of these.
It is always very difficult to be certain of exactly what caused any one failure: the problem is that failures are very difficult to promote in any well designed controller, and customers are not usually aware of exactly what happened to cause the failure. Furthermore once a MOSFET fails - it is now dud and will not work properly so it promptly goes into another failure mode, obliterating the original evidence. The examples here should be treated as helpful examples only - do not assume that, because your MOSFET looks just like a particular example, then that is what caused the failure!
Here are a few of the failure modes that can occur:
If the maximum operating voltage of a MOSFET is exceeded, it goes into Avalanche breakdown. This is not necessarily destructive. The MOSFET specifications will state a maximum energy the MOSFET can take in avalanche mode. Energy is 1/2LI2 where L is the inductance and I is the current. Fortunately, in most circuits, the energy the MOSFET may have to clamp is that contained in the rather small (lumped) inductance of the battery and its leads. See the article on PWM controllers in the 4QD TEC archives.
If the energy contained in the transient over-voltage is above the rated Avalanche energy level, then the MOSFET will fail. The device fails short circuit, initially, with no externally visible signs.
The problem with this failure mode is that, once it occurs, there is likely to be a chain reaction which will probably disintegrate the MOSFET, obliterating the evidence and probably blowing other devices to boot. So it's of vital importance to report exactly what events occurred at the point of failure.
The controllers in normal use are generally incapable of generating spikes of enough energy to blow them. So the necessary high energy spikes are usually generated by external events. These can be things such as
This effect is probably the least understood and most mysterious of all MOSFET failures. It is also probably the biggest cause of all those otherwise inexplicable failures that let out the "Magic Smoke and Fire"! It is also one of the hardest failures to study as it is an extremely high-speed failure, so requires very expensive transient capture equipment. The good news is that, as MOSFET technology improves, it seems to be getting more rare than once it was!
It is also a failure mode which is probably more common on industrial control systems. These tend to be wired for neatness and appearance, so wires tend to be longer than is ideal and routing tends to be bad. There are also sources of noise other than the motor, such as relays and contactors. See the page on machine wiring.
The cause of this failure is a very high voltage, very fast transient spike (which may be positive or negative going). If such a spike gets onto the drain of a MOSFET, it gets coupled through the MOSFETs internal capacitance to the gate. If enough energy gets coupled, the voltage on the gate rises above the maximum allowable level - and the MOSFET dies instantaneously. The process less than a nano-second! The initial spike destroys the gate-body insulation, so that the gate is connected to the body. Once that has happened, the MOSFET explodes in a cloud of flame and black smoke. We have one documented case where the battery wire worked loose, causing a spark. It must have been this that caused the gate breakdown for the explosion of flame and smoke did not happen until the battery wire was re-connected some time later! Which demonstrates how very difficult cause and effect can be to connect!
So where can such a spike come from? Noise. Noise is generated by an arc - Marconi used an arc and a tuned circuit to first transmit a radio signal across the Atlantic ocean. Arcs are very good generators of wide-band (random) noise. Random noise from an arc has a statistical probability of containing an energy spike of just the right parameters to blow a MOSFET. Whatever you do - there is still a statistical probability, but you can reduce it to near vanishing point!
Motor commutators and brush gear are arc generators: look at the brush gear on any motor and you will almost certainly see it arcing. Maybe you wonder how a motor controller can ever work?
Motors are probably at their noisiest when regenerating!
However much noise the motor actually generates, for it to cause damage the wiring has to be such that it can transmit a very fast (i.e. very high frequency) transient. Properly designed wiring will not do this but bad wiring can - if you are unlucky - act as a transmission line delivering the whole energy of he transient back to the controller!
Do not over-react here. Statistics are such that a properly designed motor controller can go on working continuously for years without such a transient occurring. With production machines, the maker is using new, good condition motors. Noise is much less likely here.
But may be it's your controller that's next! Especially if (like many of our retail customers) you are using a second hand motor - which is much more likely to be worn and noisy! Knowledge of what happens can help you reduce the probability!
Since dV/dt failure is generally caused by noise generated by the motor brush gear, what faults and effects in the motor cause noise, and how can you reduce the problem?
The following problems cause or make motor noise worse:
Good things to do are:
Exactly what happens depends on how excess the power is. It may be a sustained cooking. In this case, the MOSFET gets hot enough to literally unsolder itself. Much of the MOSFET heating at high currents is in the leads - which can quite easily unsolder themselves without the MOSFET failing! If the heat is generated in the chip, then it will get hot - but its maximum temperature is usually not silicon-restricted, but restricted by the fabrication. The silicon chip is bonded to the substrate by soft solder and it is quite easy to melt this and have it ooze between the epoxy and the metal of the body, forming solder droplets. This may well not destroy the chip!
Yes - if you put too much current through a MOSFET - it will fail. Exactly how it fails will depend on how high the excess current is and for how long it flows and on the exact circumstances at the time.
All controllers made by 4QD have a fast-acting current limit: this turns the speed down (or up if it's excess regen braking current) so that the MOSFET current is always well within their safe handling ability.
Power dissipation due to current is I2R - the current times the current times the resistance. But the heat dissipated is the power times the time, so I2R.t, there t is the time.
If you slightly overload the MOSFET - it will get very hot. If you don't remove the heat - the MOSFET will, quite literally, melt. At 60 amps, the leads on a TO220 (the commonest MOSFET housing) will literally unsolder themselves. Though the current needed for this depends on how long the leads are and how big an area of track they are soldered too. 4QD boards all have extra thick copper to act as a heatsink for the FET leads.
Then there is the inside of the MOSFET. The silicon chip can get very hot. It is bonded to the MOSFET's case with - soft solder. If you get the MOSFET hot enough, this solder bonding literally melts and oozes out between epoxy of the case and the metal insert of the base. The MOSFET can easily be working after this - but of course its thermal performance is shot as the soft solder bond is damaged.
Then if you really put too much current through, the internal bond wires (which carry current from the external leads to the chip) fuse in a flash and explode - probably forcing a chunk of epoxy into space a high speed. Cratered MOSFETs are not uncommon, but it's difficult to tell if this is from bond wire explosion or the chip has exploded - both seem to occur pretty much in unison.
The circuit of a controller does not and cannot include the effects of water, dirt, metal filing, stray nuts and bolts etc.
Since the electrical properties of such objects cannot be defined, nor can their position in the circuit, it is very likely that any such extraneous material will cause malfunction and/or death of the controller.
Since the MOSFETs do most of the work in the controller, they are the components most likely to suffer from such abuse!
You must therefore house the controller to prevent such occurrences. Furthermore, if 4QD suspect such a cause of failure, we may not be prepared to service the controller.
Blocking a motor is suddenly jamming it by means of a mechanical seizure or failure such that a rotating motor is very suddenly stopped.
Of course, you cannot bring a mechanical load, such as a rotating motor, to a sudden halt. Even if you throw a crowbar suddenly in the gears, much more happens than a sudden stop! There will be bounce in the system and the armature will certainly bounce. Probably the brushes will rock in their holders - there is always some clearance!
A sudden increase on the electrical load as would be caused by a straightforward, non-bouncy, seizure will simply engage the controller's current limit. Yes - the controller will quickly get hot, but you should have time to turn down the speed.
Any failure caused by blocking is likely to come because of the armature bounce: this will (of course) be at high current and will be accompanied by arcing at the commutator, so it will generate lots of electrical noise. See dV/dt failure. Because this noise occurs at full current limit, it will likely be of high energy, so dangerous. Much depends on the motor, brush and commutator and the mechanics as well as the wiring.
If you've read the typical dV/dT failure, above, you will also realise that the worst thing you can do in the event of a sudden jam is to pull off a motor lead! Turn down the speed, turn of the ignition, or if you must, disconnect the battery lead. Never disconnect the motor lead!
If you are making a machine which has mechanical travel limits - you have, of course, got electrical 'end stops' which slow the motor and stop it before it hits any mechanical limit...
If failure from blocking the motor occurs because of armature bounce, it must also be dangerous to apply too fast an acceleration to a motor. Any mechanical system has a response time. If you try to accelerate the system faster than this response time, you are 'shocking' it into a state where there may well be a 'bounce'. This is one of the reasons why a controller always has an acceleration and deceleration ramp: for smooth take-up the power must always be applied to a mechanical system slightly slower than the system can respond. Apply power faster than the system's response time and you are, in effect, shock exciting it! However - in most applications, the controller's current limit will engage if the acceleration is too fast, and this will apply an effective ramp. So we've never seen a failure that we would care to attribute to this fault!
If the battery voltage ever falls too low, controller internal voltage may fail and the switching may get confused. Of course controllers are designed not to do this under conceivable and testable low voltage conditions.
However - batteries can sometimes fail in unpredictable ways. We have seen ones with faulty cells that go open circuit above a particular current. Of course, the current then falls to zero (as the cell is open-circuit) so the cell starts to oscillate.
This sort of unpredictable battery fault is - unpredictable. So how to predict and test that it won't damage the controller?
So if you have problems, always get your battery properly tested at high discharge current. It should be able to supply more current than the controller's motor current limit, without showing distress.
The current limit engages after about 2µSeconds. During these two microseconds, the MOSFET is switching on and 'feeling' the load. It is a period of extreme dissipation for the MOSFET. The MOSFET can survive this stress quite happily - but it gets extremely hot. If the load is too small, the MOSFET's insides will get hot enough that the heat cannot get out quickly enough and the soft-solder used inside the package to bond it together will melt and ooze out between the base of the MOSFET and the insulator (you can usually see it on the insulator afterwards). The MOSFET will then fail.
The time to failure is entirely dependant on the severity of the short-circuit, but is quite long enough for a human to react (30 seconds to several minutes). However the current and voltage conditions in the MOSFET are entirely dependant on the wiring (both motor and battery) as the motor is shorted out, so the time is completely unpredictable
These are detailed on a separate page.
If you've read all this you'll be tempted to examine your next MOSFET failure and state, "that's failed from excess dV/dt". But it really isn't that simple. Even if you were to return the damaged MOSFETs to the manufacturer, they could not examine them and state the cause of failure. When I quote a reason for failure, I'm combining several sets of information:
As 4QD have learned more about failures, we've altered our circuits appropriately. As we've done that, the failure rate has reduced. It would be nice to think this was simple cause and effect. However it's not at all simple to see a correlation between our changes and the failure rates. In part that's because the customers are getting more knowledgeable about controllers, but in part also it has to be that MOSFETs themselves are getting more reliable with time, as you wold surely expect from any high-tech product. But we are always loath to blame a dud MOSFET as the cause of any failure!