123 Main Street, New York, NY 10001

Submit Your BOM

Gate Driver Protection Response Time (DESAT to Safe Deactivation)

Gate Driver Protection Response Time (DESAT to Safe Deactivation)

← Back to: Gate Driver ICs

Protection response time is the complete timing chain from fault onset to verified safe state (t_safe), not just a fast /FLT.

By budgeting t_detect + t_action and verifying with consistent markers and evidence, targets can be set and accepted with clear pass criteria (t_safe, E_sc_meas, and repeatability).

H2-1 · One-sentence Thesis

Purpose

This page defines protection response time as a measurable timeline from fault onset to safe-off, then turns it into an acceptance-ready budget for DESAT detect, filtering/blanking, soft turn-off, and safe deactivation.

The goal is a consistent engineering answer to: How fast is protection, where is the delay, and what pass criteria proves it?

Acceptance-ready model

Use a single top-level metric for review and bring-up: tSAFE (fault → device stress removed). Then decompose it into auditable segments:

  • tdetect: fault becomes a valid protection decision (crossing + blanking + filter + path latency)
  • tsoft_off: controlled gate discharge begins and drives current down without excessive overshoot
  • tdisable: output stage forces a non-recoverable safe state (latch/ignore EN, clamp gate)
  • trecovery: re-arm / auto-retry window (if enabled) without re-hit or oscillation
tSAFE = tdetect + tsoft_off + tdisable tdetect ≈ tcross + tBLK + tfilter + tpath Evidence = scope markers + thresholds
Protection Timing Chain Map A left-to-right timeline from fault onset to safe state confirmed, segmented into detect, blanking/filter, propagation, soft turn-off, off, disable, and safe-off. Fault onset t0 DESAT threshold crossed Blanking + Filter valid Gate discharge start ID falls VCE/VDS rises Disable Safe-off tDS(detect) tBLK tFLT(prop) tSOFT tOFF tDIS tSAFE (fault → device stress removed) Measurement focus: endpoint is safe-off (ID below limit & gate clamped), not only /FLT timing.
Figure: Protection Timing Chain Map (segment-level timing ownership for this page)

H2-2 · Scope & Non-Scope

Boundary rules

This page owns time budgets, latency sources, measurement definitions, and acceptance criteria for protection response time. Any mechanism detail that belongs to a dedicated page is referenced briefly and linked out.

Do (owned content)

  • Define endpoints: t0 (fault onset) and tSAFE (device stress removed).
  • Budget latency by segments: crossing → blanking/filter → propagation → soft turn-off → disable → recovery.
  • Specify how to measure: signals, trigger points, bandwidth, alignment across isolation, and evidence format.
  • Set targets: initial values and iteration rules to converge on a stable tSAFE without false trips.
  • Write pass criteria: threshold placeholders X/Y/N tied to scope markers and test conditions.

Don’t (link-only references)

Non-negotiable definitions
  • Endpoint rule: safe-off is defined by stress removal (ID reduced & gate clamped), not only /FLT assertion.
  • Single-owner rule: mechanisms live in their dedicated pages; this page standardizes time + measurement + acceptance.
  • Evidence rule: every timing claim maps to a scope capture and a numeric threshold (X/Y/N placeholders).
What This Page Owns A central owner box labeled Protection Response Time, surrounded by referenced topic boxes such as DESAT, Two-level, Miller clamp, CMTI, Topology, Switch Technology, Isolation, all pointing to the owner as inputs. Protection Response Time Owner: time + measurement + acceptance Outputs: tSAFE, budgets, pass criteria DESAT Referenced Two-level turn-off Referenced Miller clamp Referenced Topology HB/FB/3φ/VR CMTI / dv/dt Referenced Switch tech IGBT/SiC/GaN Isolation path latency Solid box = owner content · Dashed box = link-only reference
Figure: Ownership Map (prevents cross-page duplication)

Note: internal links above are placeholders for the site structure; the ownership rule keeps this page focused on response-time metrics.

H2-3 · Definitions & Timing Terms

Goal

Protection speed is only meaningful when every team uses the same time markers and the same endpoint definition. This section standardizes the measurement timeline (t0–t6), then defines the page-level key specs (tdetect, taction, tdisable, tsafe).

Non-negotiable rules
  • Endpoint rule: tsafe ends at stress removal (ID reduced & gate clamped), not only /FLT timing.
  • Marker rule: each time point must map to a signal + threshold (X/Y placeholders) so scope evidence is unambiguous.
t_detect = t2 − t0 t_action = t4 − t2 t_disable = t5 − t2 t_safe = t4 − t0 (primary)

Note: datasheet “prop delay” values are budget components; acceptance uses system-level markers.

Time marker t0 · Fault onset
  • Definition: the fault is initiated (short-circuit onset or equivalent injected event).
  • Typical range: application-defined (X–Y); used as the global reference point.
  • How to measure: trigger from the fault-injection control or a defined transition on PWM/SC switch (threshold X).
Time marker t1 · DESAT crossing
  • Definition: VCE/VDS reaches the DESAT trigger condition (crossing event).
  • Typical range: X–Y (depends on device physics and circuit rise behavior).
  • How to measure: observe VCE/VDS (or DESAT node) and mark the first threshold crossing (X).
Time marker t2 · Valid fault decision
  • Definition: blanking ends and the filter confirms a valid fault (decision becomes actionable).
  • Typical range: X–Y (blanking + filter window are primary contributors).
  • How to measure: mark the internal fault-valid output if available, or the earliest external indicator after blanking (X).
Time marker t3 · Soft turn-off begins
  • Definition: controlled gate discharge starts (soft-off / two-level off stage-1 boundary).
  • Typical range: X–Y (driver output stage and configured discharge path).
  • How to measure: gate voltage shows a defined slope change or falls below a threshold (X).
Time marker t4 · Safe region reached
  • Definition: device stress is removed: ID falls below the safety limit and VCE/VDS is under control.
  • Typical range: X–Y (dominated by gate discharge shape, parasitics, and clamp behavior).
  • How to measure: ID crosses below Isafe (X) and remains stable for a hold time (Y).
Time marker t5 · Disable / latch complete
  • Definition: driver enforces a non-recoverable safe output state (latch/disable ignores EN).
  • Typical range: X–Y (logic + output stage completion + isolation path if present).
  • How to measure: /FLT asserts and the output remains disabled despite EN toggling (criterion X/Y).
Time marker t6 · Re-arm / retry window
  • Definition: the system can re-enable safely (manual re-arm or auto-retry window ends).
  • Typical range: X–Y (application policy; must avoid re-hit oscillation).
  • How to measure: verify the earliest allowed re-enable time and confirm no repeated fault (pass X/Y/N).
Energy tie-in (reason for timing)

Short-circuit stress grows with the time window: Esc = ∫ v(t)i(t)dt over the interval from t0 to t4. This page uses energy only to justify strict timing definitions; detailed SOA modeling remains out of scope.

Timing Markers on VCE/ID/VG Three simplified waveforms for VCE/VDS, ID/IC, and VG with vertical markers t0 through t6 and brackets for t_detect, t_action, t_disable, and t_safe. VCE/VDS ID/IC VG t0 t1 t2 t3 t4 t5 t6 DESAT crossing ID below Isafe soft turn-off begins t_detect t_action t_disable t_safe (primary) Markers are measurement definitions tied to thresholds (X/Y), not only logical flags.
Figure: Timing markers (t0–t6) on VCE/VDS, ID/IC, and VG

H2-4 · The Protection Timeline Model

Goal

Protection response time becomes controllable when the total delay is decomposed into stages. Each stage must answer three questions: what causes the delay, which knob reduces it, and what side effect the change introduces.

Stage mapping → measurable markers Knobs → speed vs robustness Side effects → EMI / overshoot / false trips
6-stage decomposition (auditable)

Stage 1 · Fault physics latency (t0→t1)

  • What it is: the fault develops until a detectable electrical signature appears.
  • Dominant contributors: device saturation behavior, bus voltage, stray inductance.
  • Knobs: system constraints (limit di/dt path), define detection point (threshold X).
  • Side effects: redefining t1 can change apparent speed without improving true stress removal.

Stage 2 · Sense path latency (t1→t2 component)

  • What it is: sensing chain propagates information to the decision point.
  • Dominant contributors: DESAT node dynamics, shunt/CT bandwidth, isolation prop delay.
  • Knobs: minimize path delay (layout + routing), choose low-latency isolation where required.
  • Side effects: faster paths can increase dv/dt coupling sensitivity and false triggers.

Stage 3 · Blanking & filtering (tBLK + tfilter)

  • What it is: intentional ignore window and validation to avoid spurious trips.
  • Dominant contributors: blanking time (tBLK), filter window/threshold logic.
  • Knobs: shorten tBLK, tune filter window to the noise profile (X/Y).
  • Side effects: too short → false trips; too long → energy window grows (Esc risk).

Stage 4 · Decision & output stage (t2→t3)

  • What it is: decision is latched and the driver output stage begins action.
  • Dominant contributors: logic latency, output stage enable/disable sequencing.
  • Knobs: prioritize hardware interlock path, reduce internal gating delay where configurable.
  • Side effects: aggressive gating can reduce diagnosability (/FLT semantics change).

Stage 5 · Gate discharge shape (t3→t4)

  • What it is: controlled turn-off removes stress while managing overshoot and ringing.
  • Dominant contributors: sink current, Rg_off path, clamp timing, parasitic L/C.
  • Knobs: increase sink strength, tune Rg_off, coordinate clamp/two-level off timing.
  • Side effects: too fast → overshoot/EMI; too soft → t_safe grows (Esc risk).

Stage 6 · Safe-state confirmation (t4→t5→t6)

  • What it is: safe state is enforced, reported, and re-enable policy is applied.
  • Dominant contributors: /FLT propagation, latch behavior, retry window policy.
  • Knobs: define evidence rules (hold time Y), set retry spacing to avoid re-hit oscillation.
  • Side effects: overly tight retry windows can create repeated stress events.
6-Stage Latency Decomposition A left-to-right chain of six stages. Each stage shows 2–3 key parameters as chips, mapping to measurable markers and the overall t_safe budget. tSAFE budget = Stage1 + Stage2 + Stage3 + Stage4 + Stage5 + Stage6 Stage 1 Fault physics t0→t1 Lstray Vbus/Isc Stage 2 Sense path tpath tiso BW Stage 3 Blank + filter tBLK tfilter threshold Stage 4 Decision + out tlogic tdrv interlock Stage 5 Gate discharge Isink Rg_off clamp Stage 6 Safe confirm /FLT latch retry Each stage exposes: delay owners → knobs → side effects, enabling targeted optimization without cross-page duplication.
Figure: 6-stage latency decomposition (owners, knobs, side effects)

H2-5 · DESAT Detect Time Budget

Goal

DESAT “speed” must be evaluated as a system-level detect budget, not a single datasheet number. This section defines the detect-time components and the acceptance-friendly timing model without expanding DESAT circuit internals.

t_detect ≈ t_cross + t_blank + t_filter + t_path t_path = t_iso + t_logic (+ t_io) Endpoint = valid fault (t2), not only pin noise
Budget formula (audit-ready)
  • What it is: t_detect is the time from t0 (fault onset) to t2 (valid fault decision).
  • Dominant contributors: VCE/VDS crossing physics, blanking window, filter/debounce, propagation across domains.
  • Knobs: t_blank (primary), filter window, sensing/iso path latency, decision priority path.
  • Side effects: shorter windows reduce energy but raise false-trip risk; longer windows reduce false trips but grow Esc.
Component meanings (time ownership)

t_cross · Physics to threshold crossing

  • What it is: time for VCE/VDS (or DESAT node) to reach the detection condition.
  • Dominant contributors: stray inductance, current rise, device saturation behavior, bus voltage.
  • Knobs: detection marker definition (threshold X), test repeatability (same harness/layout).
  • Side effects: changing the marker can change apparent speed without reducing true stress.

t_blank · Forced ignore window (primary knob)

  • What it is: a deliberate window that ignores DESAT activity to survive switching transients.
  • Dominant contributors: configured blanking time, dv/dt injection environment.
  • Knobs: blanking range placeholder: X ns – Y µs (select by switch tech & topology).
  • Side effects: too long → Esc window grows; too short → dv/dt spikes can false-trigger.

t_filter · Validation / debounce window

  • What it is: confirmation that the crossing persists (reject noise and short spikes).
  • Dominant contributors: RC-equivalent time constant or counter window length, threshold logic.
  • Knobs: filter placeholder: X ns – Y ns (or equivalent window count).
  • Side effects: window too large → late detection; too small → chatter and unstable fault decisions.

t_path · Propagation to the decision point

  • What it is: delay from sensing domain to the decision/output domain.
  • Dominant contributors: isolation propagation (t_iso), decision latch (t_logic), optional I/O.
  • Knobs: shorten critical path; keep fault handling on a hardware priority route where required.
  • Side effects: faster paths can become more sensitive to dv/dt coupling and require stronger immunity checks.
Common pitfall (acceptance breaker)
  • Symptom: short-circuit stress fails even though /FLT timing looks “fast”.
  • Likely cause: t_blank is set too long, stretching the energy window before action begins.
  • Quick check: compare t_cross vs t2 on scope; measure Esc from t0→t4.
  • Fix / Pass criteria: reduce blanking (X), tighten filter window (Y), and pass t_safe ≤ X and Esc ≤ Y.
DESAT vs VCE with Blanking Window Two simplified cases showing a blanking mask over DESAT activity: short blanking causing a false trip and long blanking causing late detection. Includes t1 crossing and t2 valid fault markers. Blanking masks transient activity: short → false trip, long → late detect (Esc grows) Case A · Short blanking Risk: false trip from dv/dt spike VCE DESAT blanking t1 t2 false trip Case B · Long blanking Risk: late detection, Esc window grows VCE DESAT blanking t1 t2 late detect Use the same markers (t1 crossing, t2 valid) and thresholds (X/Y) to keep acceptance repeatable.
Figure: DESAT detection with blanking mask (false trip vs late detect)

H2-6 · Soft Turn-Off & Safe Deactivation Time

Goal

“Soft turn-off” must map to measurable time intervals that remove device stress. This section defines t_action as the interval from t2 (valid fault) to t4 (safe region reached), then decomposes it into gate fall, current fall, and voltage settling.

t_action = t4 − t2 t_gate_fall + t_current_fall + t_settle Trade-off: speed ↔ overshoot/EMI ↔ Esc
Acceptance endpoint (do not confuse with /FLT)
  • Definition: “safe deactivation” ends when ID ≤ I_safe (X) for a hold time Y and the gate is clamped/held.
  • Anti-metric: /FLT timing alone does not prove stress removal.
  • Evidence: capture VG, ID, and VCE/VDS on the same time base.
  • Pass criteria: t_safe ≤ X, overshoot ≤ Y, and settle within Z (placeholders).
Measurable sub-times inside t_action
  • t_gate_fall: VG drops from drive level into the threshold region (marker uses threshold X).
  • t_current_fall: ID falls below I_safe (X) and stays below for Y (hold rule).
  • t_settle: VCE/VDS overshoot and ringing settle into a stable band (≤X within Y).
  • Interpretation: faster gate fall often increases di/dt, which can worsen overshoot and EMI.
Knobs → outcomes (3-line rule)

I_sink (controlled sink current)

  • Affects: reduces t_gate_fall and often t_current_fall by discharging the gate faster.
  • Risk: too strong increases di/dt, causing overshoot, ringing, and EMI.
  • Pass criteria: overshoot ≤ X, settle ≤ Y, and ID ≤ I_safe within Z (placeholders).

R_g,off (discharge path impedance)

  • Affects: shapes the slope that dominates t_settle and the overshoot/ringing profile.
  • Risk: too small worsens EMI and voltage stress; too large grows t_safe and E_sc.
  • Pass criteria: overshoot ≤ X and ringing band ≤ Y within Z, while t_safe ≤ N.

−V_GOFF (negative gate off rail)

  • Affects: improves turn-off margin against dv/dt induced turn-on, reducing tail events after t4.
  • Risk: negative rail must remain within gate reliability limits and layout must avoid coupling noise.
  • Pass criteria: no re-hit (N=0), stable clamp hold, and improved t_safe or EMI margin (X/Y).

Clamp timing (Miller clamp on/off boundary)

  • Affects: stabilizes the post-turn-off region, reducing unintended gate movement that prolongs t_settle.
  • Risk: mistimed clamp can either be ineffective (late) or distort the gate profile (early).
  • Pass criteria: VG stays below threshold (X) during dv/dt events and ID remains below I_safe for Y.
Fast Off vs Soft Off vs Two-Level Off A comparison on a shared time axis showing how fast off reduces current quickly but increases overshoot, soft off reduces overshoot but slows current fall, and two-level off balances both. Trade-off view: speed vs overshoot/EMI vs energy window (t_safe) VCE/VDS ID Fast (solid) · Soft (dashed) · Two-level (dash-dot) t2 t4 overshoot time-to-I_safe settle t_action (t2→t4)
Figure: Off strategy comparison under a common timing axis (t2→t4)

H2-7 · Worst-Case Energy vs Time

Goal

Time budgets exist to avoid violating short-circuit energy and SOA limits. This section ties t_safe to an energy window using an engineering acceptance lens (no deep device physics derivations).

E_sc_budget ≈ V_bus · I_sc · t_safe · k_shape Acceptance uses ∫v(t)i(t)dt (t0→t4) t_safe is the primary limiter
Energy–time relationship (engineering mouthpiece)
  • What it is: short-circuit stress is dominated by the energy accumulated before safe deactivation completes.
  • Budget model: E_sc_budget ≈ V_bus · I_sc · t_safe · k_shape (k_shape = waveform-shape factor placeholder).
  • Acceptance model: E_sc_meas = ∫ v(t)i(t) dt over t0→t4 using scope evidence.
  • Why it matters: even if /FLT asserts quickly, t_safe and the measured ∫v·i decide survival.
Device sensitivity (time window awareness)
  • IGBT: system can appear tolerant, but energy growth before t4 still dominates pass/fail (thermal and tail behavior are not ignored by reality).
  • SiC MOSFET: short-circuit withstand windows are often tighter; t_safe becomes highly sensitive to blanking and action latency.
  • GaN HEMT: emphasis shifts to shoot-through prevention and very fast deactivation; control interlock and action path priority are critical.
  • Implication: the same t_safe can be acceptable for one technology and catastrophic for another under identical V_bus and I_sc.
Back-calculate t_safe target from datasheet (3–5 steps)
  • Step 1 — Freeze worst-case corner: define V_bus(max), temperature corner, fault type, switching state, and gate drive conditions.
  • Step 2 — Extract withstand clue: identify short-circuit withstand guidance (time window / SOA note / protection time hint). If not explicit, set a conservative placeholder target.
  • Step 3 — Apply guard bands: subtract margins for measurement uncertainty, unit-to-unit spread, temperature drift, and layout variance.
  • Step 4 — Allocate budgets: distribute the t_safe target across t_detect and t_action using the timing chain (avoid over-spending on blanking/filter).
  • Step 5 — Define acceptance: set placeholders for t_safe ≤ X, E_sc_meas ≤ Y, and overshoot/settle constraints, with evidence requirements.
Energy Accumulation Window from t0 to t4 Block-style diagram showing v(t) and i(t) feeding a multiplier to form p(t)=v·i, with shaded area under p(t) between t0 and t4 representing energy. t_safe is marked as the integration window length. Energy is the shaded area of p(t)=v(t)·i(t) within the t0→t4 window (t_safe) v(t) i(t) × p(t)=v·i t0 t4 t_safe Acceptance evidence E_sc_meas = ∫ v(t)i(t)dt (t0→t4), with the same markers and thresholds (X/Y).
Figure: Energy accumulation window under p(t)=v·i between t0 and t4

H2-8 · Measurement & Verification Playbook

Goal

Measurement must be repeatable and audit-friendly to prevent review disputes. This section defines the minimum instrumentation set, marker rules (t0–t4), bandwidth pitfalls, isolation alignment, and a pass/fail template.

Markers: t0 defined, t4 proven by ID + hold Do not use /FLT alone as proof Evidence = channel map + waveform capture
Signals to capture (marker ownership)
  • VCE/VDS: defines crossing and overshoot/settle evidence for t1/t_settle.
  • ID: defines t4 (ID ≤ I_safe (X) for hold time Y) and supports E_sc_meas.
  • VG: defines action start t3 and confirms clamp/hold behavior post turn-off.
  • DESAT node: validates blanking/filter behavior; not a substitute for t_safe evidence.
  • /FLT, /EN, /RDY: supports t5/t6 state evidence; align across isolation where relevant.
Trigger (t0) definition (must be declared)
  • Type A — Fault injection edge: external short switch edge used as t0 (most controllable).
  • Type B — PWM event: a defined PWM edge used as t0 (repeatable but may not equal physical onset).
  • Type C — Load/command step: a commanded step used as t0 (system-realistic but less deterministic).
  • Rule: the report must state t0 type and marker threshold X/Y for every t_safe/E_sc claim.
Bandwidth & probe pitfalls (why numbers disagree)
  • Bandwidth limit: edge and spike rounding shifts the perceived crossing marker (t1/t2 can move).
  • Probe loading: extra capacitance on VG/DESAT changes the waveform being measured.
  • Current path latency: CT/current probe phase delay can offset t4 unless validated.
  • Channel skew: scope channel timing mismatch must be checked before claiming ns–µs budgets.
Isolation alignment (time base consistency)
  • Primary time base: power-side VCE/VDS, ID, VG on the same scope time base drive t_safe and E_sc evidence.
  • Isolated flags: /FLT across isolation may include fixed propagation Δt; declare whether Δt is calibrated.
  • Calibration approach: create a known reference event and measure Δt once, then annotate the report.
  • Rule: acceptance cannot mix calibrated and uncalibrated timing claims without explicit labeling.
Test checklist (no tables, audit-friendly)
  • Setup: V_bus corner, temperature corner, fault type, switching state, gate drive (VG_on/off).
  • Instrumentation: channel map, probe type, bandwidth setting, sampling rate/timebase, channel skew check.
  • Procedure: t0 type, trigger rule, repeat count N, worst-case selection rule (max/percentile), saved waveform IDs.
  • Markers: thresholds for t1/t2, I_safe and hold time for t4, overshoot and settle bands for acceptance.
  • Evidence: scope screenshots + raw waveform export + annotated channel wiring map.
Acceptance template (copy/paste)

Acceptance Record

Test condition

V_bus = X, temperature corner = Y, fault type = Z, switching state = (X), gate drive = (X/Y), layout revision = (X).

Marker definition

t0 = (Type A/B/C + definition), t2 = valid-fault rule (X/Y), t4 = ID ≤ I_safe (X) for hold time (Y), overshoot band = (X).

Pass threshold

t_safe ≤ X, E_sc_meas ≤ Y, VCE/VDS overshoot ≤ Z, settling ≤ N.

Evidence

Scope file IDs (X), screenshots (X), channel map (X), waveform export (X), Δt calibration (yes/no).

Worst-case rule

Repeat N runs; report worst-case (max) or specified percentile (X) with justification.

Instrumentation Wiring Map for Timing Verification Block diagram showing DUT power stage and gate driver, isolation boundary, probe blocks, and scope channels mapping to VCE/VDS, ID, VG, DESAT, and flags. Highlights reference ground domains and whether isolated flag delay is calibrated. Instrumentation map: signal ownership, isolation boundary, and scope channel evidence DUT Power stage VCE/VDS node Current path Reference: Power-side GND Gate driver VG DESAT node /EN /FLT /RDY Iso boundary Probes Diff V probe Current probe Gate probe Logic probe Δt note /FLT Δt calibrated: yes/no Scope CH1: VCE/VDS CH2: ID CH3: VG CH4: DESAT CH5: /FLT CH6: /EN Evidence rule: include channel map + raw capture + marker thresholds (X/Y) in every timing claim.
Figure: Instrumentation wiring map (signals, isolation boundary, and scope channel evidence)

H2-9 · Parameter Planning: How to Set Targets (by switch & topology)

Goal

Target setting should be a repeatable process, not a fixed number copied from a datasheet. This section provides a branching workflow that outputs a t_safe target band, a blanking initial value, and a soft-off profile based on switch technology, priorities, and topology.

Inputs: switch + goal + topology Outputs: t_safe band + blanking init + soft-off profile Verify via Ch8 evidence template
Decision workflow (what it outputs)
  • Step A — Select goal priority: Protection-first / EMI-first / Reliability-first.
  • Step B — Apply switch sensitivity: IGBT / SiC / GaN / LV MOSFET to weight the allowable t_safe and false-turn-on risk.
  • Step C — Apply topology weight: HB/FB / 3-phase / Multiphase VR to weight matching, consistency, and false-trip cost.
  • Output set: t_safe band (X–Y) + blanking init (X) + soft-off profile (Fast / Soft / Two-level) + clamp hold rule.
Three-phase planning loop (Design → Bring-up → Production)
  • Design: allocate budgets for t_detect and t_action from a t_safe target; pick conservative initial blanking/filter and a safe soft-off profile.
  • Bring-up: tune blanking/filter to control false-trip vs late-detect; tune soft-off to meet overshoot/settle while keeping E_sc_meas within target.
  • Production: freeze parameters with guard bands; define Δt alignment rules and evidence fields; apply worst-case reporting rules (max/percentile).
  • Lock criteria: t_safe ≤ X and E_sc_meas ≤ Y with consistent results across corners (placeholders).
Target-setting Decision Tree for Protection Timing Flowchart-style decision tree with inputs (Switch, Goal, Topology), rule engine, three priority branches, and outputs (t_safe band, blanking init, soft-off profile). Includes a verification hook to the evidence template. Decision tree outputs: t_safe band + blanking init + soft-off profile (verify with evidence) Switch IGBT · SiC · GaN · LV Goal Protection · EMI · Reliability Topology HB/FB · 3φ · VR Target-setting rules Allocate t_safe → t_detect + t_action Protection-first t_safe tighter blanking shorter EMI-first overshoot controlled soft-off gentler Reliability-first guard bands larger more consistency t_safe target band X – Y blanking init X soft-off profile Fast · Soft · Two-level Verify: same markers + evidence template → t_safe ≤ X and E_sc_meas ≤ Y (placeholders)
Figure: Target-setting decision tree (inputs → rules → target set)

H2-10 · Design Hooks & Pitfalls

Goal

This section lists timing-specific pitfalls that cause protection delays and review disputes. It focuses on time ownership (detect/action/safe), not layout implementation details.

Format: Symptom → Likely cause → Fast check → Fix Timing-only pitfalls (no layout deep dive) Evidence uses t_safe + E_sc_meas
Pitfall cards (timing-only)
t_detectt_safeE_sc
  • Symptom: lab passes at room temp, but hot/field units fail after repeated events.
  • Likely cause: blanking over-spent; t2 is delayed and energy window grows.
  • Fast check: compare (t_cross→t2) vs blanking window; compute E_sc_meas (t0→t4).
  • Fix: shorten blanking (X) and re-verify false trips = 0 under worst dv/dt conditions.
t_filtert_detect
  • Symptom: fewer nuisance trips, but real faults react late or appear “inconsistent”.
  • Likely cause: debounce/validation window too long; valid-fault decision is delayed.
  • Fast check: overlay DESAT crossing vs valid-fault marker t2; check window dominance.
  • Fix: reduce the window (X) and prove stability with N repeats using the same markers.
t_actiont_safeE_sc
  • Symptom: VCE/VDS looks controlled, yet devices overheat or fail the energy window.
  • Likely cause: action is too gentle; ID takes too long to reach I_safe and hold.
  • Fast check: measure t2→t4 and time-to-I_safe; compare to t_safe target band.
  • Fix: strengthen the initial turn-off or use two-level off; enforce E_sc_meas ≤ Y.
metrict_safe
  • Symptom: /FLT timing is fast, but VG/ID shows stress continues longer than expected.
  • Likely cause: wrong endpoint used; t5 (/FLT) is treated as t4 (safe state reached).
  • Fast check: align /FLT with VG and ID; confirm t4 definition = ID ≤ I_safe (X) for Y.
  • Fix: acceptance must use t_safe and E_sc_meas; /FLT is only state evidence.
t_isojittermultiphase
  • Symptom: protection timing spreads run-to-run; multiphase/3-phase channels drift.
  • Likely cause: isolation path Δt is not aligned or varies; mixed calibrated/uncalibrated claims.
  • Fast check: measure Δt on a known reference event; compare Δt spread across runs.
  • Fix: route critical protection on priority hardware path; document Δt rules in reports.
Same /FLT Timing, Different Actual t_safe Two side-by-side cases show identical /FLT edges but different VG and ID behavior, causing different t4 and t_safe. Demonstrates why /FLT cannot be the acceptance endpoint. /FLT can look identical while actual stress removal (t_safe) differs Case A · truly safe fast Case B · not yet safe t2 t4 t2 t4 /FLT VG ID /FLT VG ID clamp rebound I_safe I_safe t_safe (short) t_safe (long)
Figure: identical /FLT timing can hide very different true t_safe (use ID+hold as endpoint)

H2-11 · Engineering Checklist

Goal

Turn timing requirements into gate-based deliverables (Design → Bring-up → Production) with evidence that prevents review disputes. The checklist is time-metric focused: t_detect, t_action, t_safe, and E_sc_meas.

Design gate — budgets, endpoints, and parts that bound timing
  • Freeze acceptance endpoints: define t0/t2/t4 markers; enforce t4 = ID ≤ I_safe (X) for hold time (Y) (placeholders).
  • Allocate a timing budget: set a t_safe target band (X–Y) and split into t_detect + t_action using the latency model.
  • Declare the detection path topology: local vs across isolation; single-channel vs multi-channel; document whether Δt alignment is required.
  • Pick a DESAT-capable protection chain (example MPNs): choose a driver/isolator solution where blanking/filter/soft shutdown knobs exist.
  • Select DESAT front-end discretes (example MPNs): specify HV fast diode class and placeholder RC/blanking parts with voltage rating rules.
  • Define soft-off control knobs (example MPNs): identify whether the driver supports controlled sink / two-level off / clamp timing.
  • Lock the evidence package format: scope channel map + raw waveform export + marker thresholds (X/Y) must be required attachments.
  • Predefine worst-case reporting: repeat N runs; use max or specified percentile; require the same marker rules for every dataset.

Example MPNs (verify ratings & features per application)

  • Isolated gate drivers often used for fast protection workflows: TI UCC21750, Broadcom ACPL-337J, ADI ADuM4135.
  • Digital isolators for /FLT /EN telemetry alignment: TI ISO7721, ADI ADuM1201, Silicon Labs Si8621.
  • DESAT diode examples (HV fast / ultrafast classes): ST STTH1R06, Vishay UF4007 (choose voltage/current/rr per bus).
  • Gate resistor families (pulse-capable thick film examples): Panasonic ERJ series, Vishay CRCW series (select size/derating per pulse).
  • Current sense shunts (low-ohm, high power examples): Vishay WSL2512 series, Isabellenhütte ISA shunts (choose Kelvin type).
Bring-up gate — measurement integrity, iteration order, and lab gear
  • Build the instrumentation map: capture VCE/VDS, ID, VG, DESAT, and /FLT on a single time base; document probe references.
  • Validate scope timing integrity: record sampling rate, bandwidth limits, and channel skew check before comparing ns–µs budgets.
  • Declare fault injection method (t0 type): external short switch edge (A) / PWM edge (B) / command step (C); use one definition per report.
  • Iteration order (must be followed): tune blanking/filter for false-trip vs late-detect first; then tune soft-off to meet overshoot/settle while keeping energy within target.
  • Evidence rule: /FLT is not an endpoint; t_safe must be proven by ID-to-I_safe hold + waveform evidence.
  • Corner sweep discipline: run worst-case corners (Vbus, temperature, load) early; avoid tuning only at “easy” lab conditions.
  • Repeatability: repeat N runs; report worst-case selection rule; include raw exports for independent re-measurement.
  • Record the chosen parameter set: blanking init (X), filter window (Y), soft-off profile (Fast/Soft/Two-level), clamp timing rule.

Example lab instrumentation models (common references)

  • Current probes: Tektronix TCP0030A (with compatible amplifier), Keysight N2820A (select bandwidth/current range to match edges).
  • Differential voltage probes: Tektronix THDP0200, Keysight N2790A (pick CMRR/bandwidth for dv/dt).
  • Oscilloscopes (examples): Tektronix MSO64B, Keysight DSOX6004A (ensure time alignment and export support).
  • Fault-injection switch device examples (use as controlled crowbar where appropriate): Wolfspeed C3M0065090D (SiC MOSFET class), Infineon IPW60R037C7 (650V MOSFET class) — validate SOA/fixture safety.
Production gate — freeze rules, coverage, logging, and report templates
  • Parameter freeze: lock blanking/filter/soft-off/clamp settings with version tags; any change must trigger a t_safe + E_sc_meas regression run.
  • Coverage definition: define which corners are mandatory (Vbus, temperature, load states, topology modes) and what “worst-case” means in production.
  • Logging fields (time-metric focused): record fault type, t2 marker, t4 marker, /FLT timing, retry count, and Δt alignment status (yes/no).
  • Fixture repeatability: standardize probe points, reference grounds, and calibration steps; forbid undocumented fixture variants.
  • Automated repro scripts: maintain a scripted sequence to reproduce faults with consistent t0 definition and consistent enable/disable policy.
  • Acceptance report bundle: require raw waveform exports, screenshots, marker thresholds (X/Y), and channel maps for every formal pass/fail decision.
  • Sampling strategy: define per-lot sampling count and criteria (max/percentile); track drift across temperature/aging.
  • Audit readiness: store evidence under stable IDs; ensure a third party can re-measure t_safe from the raw data.

Example production-friendly sensing components (verify per system)

  • Hall current sensors (non-intrusive options): Allegro ACS758 series, LEM HO series (choose bandwidth and isolation).
  • Digital isolators for control/telemetry consistency: TI ISO7741, ADI ADuM1401 (select channel count and safety grade).
Checklist Gate Map for Protection Timing A three-stage gate map (Design, Bring-up, Production) with deliverable boxes under each stage and a callout that links to the instrumentation map in Chapter 8. Gate map: each stage produces timing deliverables + evidence (no /FLT-only acceptance) Design gate Budget + markers + parts Bring-up gate Measure + iterate + prove Production gate Freeze + cover + audit t_safe band (X–Y) Marker spec (t0/t2/t4) MPN set (driver/diode/shunt) Instrument map + exports Iterated params (blank/filter/off) Proof: t_safe + E_sc_meas Freeze rules + versioning Coverage + sampling plan Audit-ready report bundle Reuse: Chapter 8 instrumentation wiring map for channel ownership and isolation Δt alignment
Figure: Checklist gate map (deliverables and evidence per stage)

Request a Quote

Accepted Formats

pdf, csv, xls, xlsx, zip

Attachment

Drag & drop files here or use the button below.

H2-12 · FAQs

Scope

These FAQs only cover response time (t_detect, t_action, t_safe, E_sc_meas) and acceptance disputes. Each answer is fixed to 4 lines: Likely cause / Quick check / Fix / Pass criteria.

Datasheet shows fast DESAT, but system t_safe is slow — what dominates first?

Likely cause: the dominant delay is not comparator speed but blanking/filter (t_blank/t_filter) and/or a gentle t_action (soft-off profile).

Quick check: measure segment shares using markers: compare (t0→t2) vs (t2→t4); the largest segment is the first suspect.

Fix: tighten blanking/filter within noise margin, then strengthen the initial discharge portion of soft-off while controlling overshoot/settle.

Pass criteria: t_safe ≤ X and E_sc_meas ≤ Y; false trips = 0 over N events.

/FLT asserts quickly, but the device still fails — is the acceptance endpoint wrong?

Likely cause: /FLT timing (t5) is used as “safe” while t4 (stress removal) occurs later; /FLT is not the energy endpoint.

Quick check: align /FLT with VG and ID; verify whether ID remains above I_safe after /FLT transitions.

Fix: redefine acceptance to use t4 = ID ≤ I_safe (X) hold for Y; treat /FLT as state evidence only.

Pass criteria: endpoint definition matches ID-hold rule (Y/N); t_safe ≤ X measured by ID-hold, not /FLT.

Short-circuit survives on bench but fails in inverter — blanking too long or soft-off too gentle?

Likely cause: bench conditions hide worst-case; in-system t_safe grows due to longer t_blank and/or slower t_action under higher Vbus and parasitics.

Quick check: compare t_blank, t_action, and E_sc_meas between bench and inverter at matched Vbus/temperature/fault injection method.

Fix: shorten blanking (X) and/or use a stronger early-off stage (two-level/controlled sink) while keeping overshoot within limits.

Pass criteria: at worst-case corner (Vbus=max, T=hot), t_safe ≤ X and E_sc_meas ≤ Y.

Fast turn-off saves the device but causes over-voltage trip — what timing knob to relax first?

Likely cause: t_action is too abrupt, driving high di/dt and overshoot before the system settles.

Quick check: overlay VG, ID, and VDS/VCE; confirm whether overshoot coincides with the steepest ID fall segment.

Fix: adopt a two-stage profile: keep the first segment fast enough for energy, then relax the second segment to reduce overshoot/settle.

Pass criteria: overshoot ≤ X and settle time ≤ Y while t_safe ≤ Z and E_sc_meas ≤ W.

Filter stops false trips, but real faults slip through — how to set the filter window?

Likely cause: the validation window is too long (t_filter dominates), delaying t2 and inflating t_detect.

Quick check: measure DESAT crossing vs valid-fault t2; if t2 tracks the window length, filtering is the limiter.

Fix: shorten the window (X), keep blanking separate from filtering, and validate with dv/dt disturbance runs using the same markers.

Pass criteria: t_detect ≤ X; false trips = 0 over N dv/dt events; real fault detect within X (same marker rules).

Across isolation, /FLT looks delayed — propagation delay or scope reference issue?

Likely cause: a mix of true propagation delay (t_iso) and measurement reference mismatch (channel skew / different grounds / different time bases).

Quick check: measure Δt on a known reference edge and compare run-to-run; confirm scope channel alignment before reporting t_disable or /FLT delays.

Fix: apply a documented Δt alignment rule (calibrated yes/no) and report both raw and aligned values consistently.

Pass criteria: Δt_align ≤ X; reporting uses a single alignment rule (Y/N) for all captures.

Only one phase fails in 3-phase — protection-path skew or channel mismatch?

Likely cause: per-phase protection path skew or per-channel timing mismatch inflates worst-phase t_safe even if the average looks fine.

Quick check: capture all phases with the same markers; compare per-phase t2 and t4 and the distribution of (t2→t4).

Fix: align channel delays (Δt), standardize blanking/filter across channels, and ensure the same off-profile starts at the same decision point.

Pass criteria: skew(t_safe) ≤ X across phases; max-phase t_safe ≤ Y (worst-case rule defined).

At hot, failures increase — threshold drift or slower gate discharge?

Likely cause: temperature shifts change the detect margin and slow the discharge path, increasing t_detect and/or t_action.

Quick check: compare hot vs room captures and quantify shifts in (t0→t2) and (t2→t4); check VG fall slope and time-to-I_safe.

Fix: add temperature guard bands, tighten blanking where safe, and adjust off-profile to keep energy under limit at hot corners.

Pass criteria: at T_hot, t_safe ≤ X and E_sc_meas ≤ Y; parameter drift stays within the documented margin (X/Y).

Retry makes it worse — auto-retry window too short causing re-hit?

Likely cause: re-arm/retry timing (t6) allows re-enable before energy fully clears, creating repeated hits inside the device’s recovery window.

Quick check: log retry timing and count consecutive triggers; correlate re-enable timing to residual stress markers (ID/VG behavior).

Fix: extend the re-arm delay, limit retry count, and require evidence that t_safe criteria were met before any re-enable.

Pass criteria: retry count ≤ N; re-arm delay ≥ X; no consecutive hits within Y under the same test condition.

DESAT triggers during dv/dt events — blanking too short or clamp timing wrong?

Likely cause: dv/dt coupling creates a false detect during a window that is not sufficiently blanked or not properly protected by the clamp timing.

Quick check: correlate dv/dt events to the DESAT signal; verify whether triggers occur inside/outside the configured blanking window.

Fix: increase blanking by ΔX only as needed, ensure clamp timing covers the dv/dt window, and re-validate using repeatable dv/dt stress runs.

Pass criteria: false trips = 0 over N dv/dt events; real-fault t_detect ≤ X using the same markers.

Soft-off reduces EMI but E_sc rises — what pass criteria keeps both?

Likely cause: the soft-off profile improves emissions by slowing t_action, but the longer t_safe inflates E_sc_meas beyond the energy limit.

Quick check: compare E_sc_meas and t_action across profiles; identify whether energy growth is dominated by the second-stage slope.

Fix: enforce a hard energy limit and restructure timing: fast early segment for energy, gentler late segment for EMI/settle.

Pass criteria: E_sc_meas ≤ X and overshoot ≤ Y while t_safe ≤ Z (all measured under the same worst-case rule).

Two-level off is enabled, but response time doesn’t improve — stage timing overlap?

Likely cause: stage-1 does not start immediately at t2, or stage-2 dominates the time-to-I_safe; the profile exists but does not reduce t4.

Quick check: capture VG and mark stage-1 start, stage transition, and time-to-I_safe; confirm that t4 uses ID-hold, not /FLT.

Fix: move stage-1 earlier (closer to t2), shorten the transition overlap, and ensure stage-2 does not delay reaching I_safe.

Pass criteria: t_action ≤ X and t_safe ≤ Y; VG profile matches the documented stage timing (Y/N).

icnavigator

ICNavigator helps engineers find verified ICs, alternatives, and fast quotes.

Explore
Categories
  • Power Management
  • MCU
  • Automotive ICs
  • Sensors
  • Interface & Transceivers
  • Analog Front-End
Get in Touch
  • Email: hello@icnavigator.com
  • WeChat/WhatsApp: +86-xxxx

© 2025 ICNavigator. All rights reserved.