On Fri, Dec 14, 2012 at 7:17 AM, Dwayne Reid wrote= : > Part of my problem is that I simply have NOT yet done any > hazardous-location projects without including an external > watchdog. Most of those past projects involve copious amounts of > Natural Gas (the largest ovens that we have done run at 30 million > BTUs) and I simply won't do a controller that doesn't have redundant > watchdogs. But that limits my experience with modern PICs, simply > because most projects DO have watchdogs. Actually my first project with PIC is for the hazardous (Zone 2, Class 1 Div 2, EEx ia, intrinsic safety isolated barriers) using 16C72A and without external watchdog or power monitor IC. On the other hand, I do make sure the internal power supply guarantee the spec of the PIC power requirment. The product family have been running in the field (mostly oil and gas industry) for more than 10 years and the run rate is about 100k to 200k pcs per year. It has also SIL 2 (Functional Safety) certification. I have also used the 16F872A in the other hazardous location application (Zone 0, Class 1 Div 1, NAMUR sensor) with external reset circuitry. It needs to run at very low current to fulfill the NAMUR sensor standard. Again the product have been out in the field for quite a few year and run fine. So it depends on the application. Usually the MCU failure will not cause hazardous conditions since it is not a safety component anyway and the other circuits will protect against the hazardous conditions (eg: limited U, I, L and C in the case of Intrinsic Safety). > I'm willing to take a chance with these tiny heaters because a > failure won't cause a hazardous situation (the extra hardware > over-temperature cutout protects against this) - a failure would just > cause customers to be unhappy with us. But if anyone can tell me > that they did something to make one of these newer PICs to lock up or > hang, I would very much like to hear about it so that I can try to > duplicate the situation here. > > Moving to a small PIC lets me to reduce the BOM cost by a few percent > and allows me to do some neat things that the current all-analog > design can't do. But I don't want to jeopardize reliability by > making the change. The current product we produce are not as stringent in terms of hazardous application but we make it a rule to use external power monitoring circuitry and watchdog (to shutdown the output in case the MCU hang). --=20 Xiaofan --=20 http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist .