1、 MIL-HDBK-504 NOT MEASUREMENT SENSITIVE 10 February 2004 DEPARTMENT OF DEFENSE HANDBOOK GUIDANCE ON SAFETY CRITERIA FOR INITIATION SYSTEMS This handbook is for guidance only. Do not cite this document as a requirement. AMSC N/A FSC:13GP DISTRIBUTION STATEMENT A: Approved for public release; distribu
2、tion is unlimited. Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-MIL-HDBK-504 FOREWORD 1. This handbook is approved for use by all departments and agencies of the Department of Defense. 2. This handbook is for guidance only. This handbook cannot be
3、 cited as a requirement. If it is, the contractor does not have to comply. 3. This handbook contains reference comments for the definitions and requirements in the Military Standards MIL-STD-1316, Safety Criteria for Fuze Design and MIL-STD-1911, Safety Criteria for Hand Emplaced Ordnance Design. It
4、 should be noted that a large part of the technical content is specific to MIL-STD-1316E and MILSTD-1911A, and that the applicable paragraphs are annotated accordingly. It will be expanded soon to include MIL-STD-1901, Safety Criteria for Munition Rocket and Missile Motor Ignition System Design. The
5、 comments are based on lessons learned about initiation safety systems and are intended for use by both contractor and government personnel. The comments further document for readers the historical basis of some requirements, especially where technology advances could require updating of the require
6、ments. 4. The text assumes that the reader is familiar with the differences between an initiator, a detonator, and a squib, and the technology and nomenclature used in the design of initiation systems, such as the term in-line. 5. The following format is used throughout this document: a requirement
7、from the cited reference document is presented and then comments are presented. A reader only need review the requirement(s) of interest. Suggested additions and changes should be limited to comments that would be useful to the entire community. Additions should have concise text, since lengthy comm
8、ents will reduce usage of the document. 6. Comments suggestions, or questions on this document should be addressed to: Commander, US Army Armament Research Development and Engineering Center, Attn.: AMSRD-AAR-AIC-S, Picatinny Arsenal, NJ 07806-5000 or emailed to vcharlespica.army.mil. Since contact
9、information can change, you may want to verify the currency of this address information using the ASSIST Online database at www.dodssp.daps.mil. iiProvided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-MIL-HDBK-504 PARAGRAPH PAGE Forward ii 1 SCOPE.1 1.1 Sc
10、ope.1 2 APPLICABLE DOCUMENTS2 2 General2 2.2 Government document2 2.2.1 Specifications, standards, and handbooks 2 2.2.2 Other Government documents, drawings and publications2 3 DEFINITIONS3 3.1 Detent.3 3.2 Lock 3 4 COMMENTS ON MIL-STD-1316 SAFETY CRITERIA FOR FUZE DESIGN4 4.1 Analyses4 4.1.1 Comme
11、nts on Analyses 4 4.2 Application .6 4.2.1 Comments on Application 6 4.3 Approved explosives 9 4.3.1 Comments on Approved explosives .9 4.4 Armed .9 4.4.1 Comments on Armed9 4.5 Arming delay 10 4.5.1 Comments on Arming delay.10 4.6 Common mode failure 10 4.6.1 Comments on Common mode failures .11 4.
12、7 Credible environment .11 4.7.1 Comments on Credible environment 12 4.8 Credible failure mode .12 4.8.1 Comments on Credible failure mode12 4.9 Design approval12 4.9.1 Comments on Design approval.12 4.10 Design for Quality control, inspection, and maintenance, MIL-STD-1316.12 4.10.1 Comments on Des
13、ign for Quality control, inspection, and maintenance 13 4.11 Electrical firing energy dissipation.13 4.11.1 Comments on Electrical firing energy dissipation .13 4.12 Electrical initiator sensitivity14 4.12.1 Comments on Electrical initiator sensitivity 14 4.13 Electromagnetic environment.15 4.13.1 C
14、omments on Electromagnetic environment15 iiiProvided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-MIL-HDBK-504 4.14 Electronic logic function 16 4.14.1 Comments on Electronic logic functions16 4.15 Environment .16 4.15.1 Comments on Environment 16 4.16 Exp
15、losive compositions17 4.16.1 Comments on Explosive compositions.17 4.17 Explosive ordnance disposal 17 4.17.1 Comments on Explosive ordnance disposal .17 4.18 Explosive train interruption17 4.18.1 Comments on Explosive train interruption.18 4.19 Launch cycle.18 4.19.1 Comments on Launch cycle18 4.20
16、 Main charge 18 4.20.1 Comments on Main charge.19 4.21 Maximum no-fire stimulus .19 4.21.1 Comments on Maximum no-fire stimulus19 4.22 Non-armed condition assurance option 19 4.22.1 Comments on Non-armed condition assurance options .19 4.23 Non-interrupted explosive train control .20 4.23.1 Comments
17、 on Non-interrupted explosive train control 20 4.24 Post safe separation safety20 4.24.1 Comments on Post safe separation safety.21 4.25 Safe separation distance21 4.25.1 Comments on Safe separation distance 21 4.26 Safety and arming device22 4.26.1 Comments on Safety and arming device 22 4.27 Safet
18、y feature22 4.27.1 Comments on Safety feature.22 4.28 Safety redundant .24 4.28.1 Comments on Safety redundancy .24 4.29 Safety system failure rate24 4.29.1 Comments on Safety system failure rate 25 4.30 Sterilization.25 4.30.1 Comments on Sterilization .26 4.31 Stored energy26 4.31.1 Comments on St
19、ored energy.26 4.32 Visual indication.26 4.32.1 Comments on Visual indication27 5. COMMENTS ON MIL-STD-1911 SAFETY CRITERIA FOR HAND-EMPLACED ORDNANCE DESIGN28 5.1 Analyses28 5.1.1 Comments on Analyses. .28 5.2 Application .30 ivProvided by IHSNot for ResaleNo reproduction or networking permitted wi
20、thout license from IHS-,-,-MIL-HDBK-504 5.2.1 Comments on Application 30 5.3 Approved explosives. 30 5.3.1 Comments on Approved explosives. 30 5.4 Armed. 31 5.4.1 Comments on Armed31 5.5 Arming delay 32 5.5.1 Comments on Arming delay.32 5.6 Arming or firing-control delay. 32 5.6.1 Comments on Arming
21、 or firing-control delay32 5.7 Common mode failures.32 5.7.1 Comments on Common mode failures .32 5.8 Credible environment. 33 5.8.1 Comments on Credible environment33 5.9 Credible failure mode. 33 5.9.1 Comments on Credible failure mode33 5.10 Design for Quality control, inspection, and maintenance
22、 34 5.10.1 Comments on Design for Quality control, inspection, and maintenance 34 5.11 Electrical firing energy dissipation.34 5.11.1 Comments on Electrical firing energy dissipation .34 5.12 Electrical initiator sensitivity35 5.12.1 Comments on Electrical initiator sensitivity 35 5.13 Electrical/el
23、ectromagnetic environments. 36 5.13.1 Comments on Electrical/electromagnetic environments 36 5.14 Environment. 37 5.14.1 Comments on Environment 37 5.15 Explosive compositions37 5.15.1 Comments on Explosive compositions.37 5.16 Explosive ordnance disposal 38 5.16.1 Comments on Explosive ordnance dis
24、posal. 38 5.17 Explosive train interruption.38 5.17.1 Comments on Explosive train interruption.38 5.18 Explosive trains without interruption. 39 5.18.1 Comments on Explosive trains without interruption39 5.19 HEO safety system failure rate.39 5.19.1 Comments on HEO safety system failure rate39 5.20
25、Intended use.40 5.20.1 Comments on Intended use.40 5.21 Maximum no-fire stimulus. 43 5.21.1 Comments on Maximum no-fire stimulus43 5.22 Safety approval. 43 5.22.1 Comments on Safety approval43 5.23 Safe separation43 vProvided by IHSNot for ResaleNo reproduction or networking permitted without licens
26、e from IHS-,-,-MIL-HDBK-504 5.23.1 Comments on Safe separation 44 5.24 Safety feature44 5.24.1 Comments on Safety feature.44 5.25 Safety redundancy. .45 5.25.1 Comments on Safety redundancy. 45 5.26 Sterilization.46 5.26.1 Comments on Sterilization .46 6. NOTES.47 6.1 Intended use.47 6.2 Subject ter
27、m (key word) listing 47 APPENDIX A US Army Fuze Safety Review Board guidelines for safe separation distance analysis.48 B Fuze Management Board Joint Agreement on safe separation distance analysis for air-launched weapons.52 C Army Fuze Safety Review Board guidelines for evaluation of electronic saf
28、ety and arming (Sr, Code 6001E, Port Hueneme, CA 93043-4307) (Source for DH 1-6 is: ASC/ENOI, 2530 Loop Road West, Wright Patterson AFB, OH 45433-7101) (Copies of Nuc Reg 0492 can be obtained from the following sources: 1)GPO Sales Program, Division of Technical Information and Document Control, U.S
29、. Nuclear Regulatory Commission, Washington, DC 20555; 2) The NRC Public Document Room, 11555 2Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-33 Rockville Pike, Mail Stop O1F13, Washington, DC 20555-0001 and 3) http;/www.nrc.gov/reading-rm/doc-colle
30、ctions/nuregs/staff/sr0492) 3 DEFINITIONS 3.1 Detent. A mechanical device that directly restrains an explosive train interrupters motion prior to arming. It is coupled to the interrupter, and is overcome by the force or torque exerted on it by the interrupter through its interaction with the interru
31、pter during arming. An example of a detent is a spring clip or shear pin that retains a rotor or slider in place when subjected to the environments which are normally experienced prior to arming, but is overcome by the energy that moves the rotor or slider to the armed position. It is not to be conf
32、used with a lock. 3.2 Lock. A mechanical device that directly restrains the explosive train interrupter(s) in the safe position during all credible environments including the direct application of the arming energy to the interrupter. It releases the interrupter when it senses the proper environment
33、. The proper environment must be one that is unique to the intended initiation of the launch or emplacement sequence. An example of a lock is a spring loaded spin lock, that restrains the interrupter under all environments normally experienced prior to arming, but is overcome by a centrifugal force
34、indicative of spin induced by gun launch. In addition, if the torque derived from the centrifugal force is applied only to the interrupter with the spin lock engaged, the lock will still restrain the interrupter. 3Provided by IHSNot for ResaleNo reproduction or networking permitted without license f
35、rom IHS-,-,-MIL-HDBK-504 4. COMMENTS ON MIL-STD-1316 SAFETY CRITERIA FOR FUZE DESIGN This section is organized with paragraphs, using the same title as the requirement or definition as quoted in MIL-STD-1316E. The paragraphs are listed alphabetically. 4.1 Analyses: “MIL-STD-1316E, Analyses. The foll
36、owing analyses shall be performed to identify hazardous conditions for the purpose of their elimination or control. a. A preliminary hazard analysis shall be conducted to identify and classify, hazards of normal and abnormal environments, as well as conditions and personnel actions that may occur in
37、 the phases before safe separation distance. This analyses shall be used in the preparation of system design, test and evaluations requirements. (See 6.5) b. System hazard analyses and detailed analyses, such as fault tree analyses, and failure mode effects and criticality analyses, shall be conduct
38、ed to arrive at an estimate of the safety system failure rate and to identify any single point or credible failure modes. c. For fuzing systems containing an embedded microprocessor, controller or other computing device, the analyses shall include a determination of the contribution of the software
39、(see 4.2.4) to the enabling of a safety feature. d. Where the software is shown to directly control or remove one or more safety features, a detailed analysis and testing of the applicable software shall be performed to assure that no design weakness, credible software failures, or credible hardware
40、 failures propagating through the software can result in compromise of the safety features. 4.1.1 Comments on Analyses: a. An early step in the process of designing of a safety system that is often overlooked is the performance of a hazard analysis. A detailed analysis, such as a Fault Tree Analysis
41、 (FTA), is required at the completion of a program for design verification by the safety review authorities. However, other analyses should be performed before the design is so mature that it is difficult to correct. Even when early analyses are conducted, a common mistake is to assume hardware will
42、 fail selectively, or to trivialize the evaluation. An example is to assume an internal failure in an IC will be safe because the same IC BIT logic will prevent an unsafe failure. It is a mistake to conclude that a failed hardware component can correctly and safely detect its own fault. b. There are
43、 several analysis tools that could be included in the preliminary hazard analysis before any hardware is built or bread boarded. 1) Credible circumstances. A list of reasonable munition scenarios and environments should be developed. This is not the list of normal life cycle environments; an acciden
44、t is usually caused by a combination of environments, and the stress from accident environments 4Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-MIL-HDBK-504 often significantly exceed those of normal environments. Some services have baseline lists o
45、f environments they use for internal purposes, but there are no complete lists available. Judgment is required to generate this list, based on the characteristics of the system under review, and the anticipated manufacture-to-target sequence of events. 2) Credible circumstance review. A first analys
46、is tool is to systematically predict the behavior of the safety system during and after each credible circumstance. This is similar to a conventional potential hazards review, except it is at the safety and arming device (S it is not a failure analysis. 4.2 Application: “MIL-STD-1316E, Application.
47、This standard applies to the design of fuzes and S (1) Warhead applications - the “safety system“ is the aggregate of devices included in the fuze/S an abnormal force sufficient to overcome one safety may defeat all the safeties to the same unsafe condition. b. Traditional methods to reduce the risk from common mo