Other Parts Discussed in Thread: SN74AHC1G09, SN74HCS09
My circuit is part of a safety system. When ESTOP_1_IN and ESTOP_2_IN are both high, ESTOP_OUT should be high as well, basic AND-gate functionality.
In order to reduce risks of unsafe failure of this system (ie. shorted input/output to 3V3 inside the package/die or an output driver stuck at HIGH), I have decided to add 2 more AND gates. This way, at least 2 AND gates need to fail in an unsafe manner in order to get an unsafe state at ESTOP_OUT. To achieve this, I'm powering the 2nd and 3rd AND-gates with the output of the 1st and 2nd AND-gate.
My question is:
Are there any risks in this design that I'm overlooking?
The risks I have thought of so far:
Risk 1: Voltage drop at output
The SN74LVC1G11's datasheet shows the voltage drop between VCC and OUT at different voltages and loads. The risk here is that cascading the AND-gates will results in a too low voltage on ESTOP_OUT after the 3rd AND-gate. I do not expect there to be a problem here, the datasheet shows a drop of 0.7V at VCC=3V with a 24mA load. The load will be way lower in my case, as I'm only powering the other AND-gates (several uA) and pulling down with a 10kOhm resistor.
Risk 2: Failure of pulldown resistors
When one of the pulldowns fails, it might leave the AND-gate input stuck at GND or floating. A short to GND would be considered "safe" in my application. However, a floating state would be unsafe as the AND-gate's behavior could be unstable. For this, I have chosen to use MELF resistors for their higher stability, moisture resistance, and operating temperature.
A production error such as tombstoning could still lead to a floating input, but I'm sure our production house can cover this with QC.