75

Paper 10

BASIC DESIGN-DESIGN FOR SAFETY By I?. M. Wilks* and F. Shawt To consider the basis of incorporating safety and reliability into design, it is necessary to understand the design function. We must think in terms of a complete activity, not one concerned only with the safety of automobiles. This is the narrow, present-day popular aspect of safety. I t is equally important that safety and reliability shall be of vital concern whether the article being designed is a can-opener or a battleship; both are for the use of people, who must have neither their lives nor their comforts jeopardized by a careless fundamental approach. Good basic design depends on a sound knowledge of the engineering principles, and a clear picture of all available data and facts about the case being considered. I t is essential that design begins by giving engineers training in basic principles, and making quite certain that they are able to get at all the relevant facts and knowledge which gives a background to the correct approach. They must also be freely advised of any new methods which may influence the thinking process. The next important aspect of safety and reliability in design is prediction. Without the ability and knowledge to predict how a part will function in practice, even moderately good design is impossible.

INTRODUCTION

IT IS NOT the intention of this paper to teach the design process, nor is it the aim to introduce yet another fundamental design method. The purpose is to show (a) how considerations of safety and reliability can be incorporated into basic thinking, and (b)the best approach for predicting how satisfactorily these considerations will have been met when the parts are eventually produced and put into service. Good design is ‘the optimum solution to the sum of the true needs of the particular set of circumstances’. For the sake of brevity it is assumed that the optimum (or best and most elegant) solution is being attained, and that all needs of the particular circumstances, other than safety and reliability, are being met. It is taken for granted that those who read the papers from this Conference do not need instruction in stress calculation, etc. An educational foundation, consisting of a complete knowledge and understanding of the basic principles of Engineering Science, is essential for anyone to properly fulfil the role of designer; but we have shown a lamentable tendency over the past The M S . of this paper was received at the Institution on 27th February 1969 and accepted far publication on 21st March 1969. 23. * Technical Director, The Rover Company, Lode Lane, Solihull. f Chief Designer and Deputy Chief Engineer of Transmission. (Address as above.) Proc Instn Mech Engrs 1969-70

few years to over-state the case for an extremely high technological approach to every problem, whether it needs it or not. We are becoming over-computerized, over-regulated, over-specialized and, as a result, are starting to ‘under-think’. ‘Under-thinking’ is the major curse of the sixties! Its effect can be traced in all the ills and troubles which plague us ! Not least is this apparent in the field of safety and reliability. By all means, let us not belittle the computer. It is invaluable for ‘quick-think!’; it is essential for the rapid checking of alternative methods; and in some instances, time, even measured in decades, would be insufficient to consider the variations on a theme, whereas the computer can complete the process in a very short period. By all means supply the designer with every aid available, but let these be used to eliminate the time spent in mechanical and routine activities and not to reduce, in any way, his natural inclination towards thinking. The aim should be, at all times, to organize things in such a way that the designer has as much time as possible for deep, basic, logical thinking. If all designers perfected the process of obtaining ‘the optimum solution to the s u m of the true needs of the particular set of circumstances’, there would be no safety problems, and there would be no need for even such a word as ‘reliability’. Testing and Vol 184 Pt 3B

P. M. WILKS AND F. SHAW

76

developing would be reduced to a minimum, and fewer prototypes would be required to prove the design. Thinking is the basis on which all good design depends. A long apprenticeship in engineering has made it clear that there is no substitute for experience. Nature supplies the brain, and training develops the art of thinking logically and well (up, down, and sideways); formal education provides the basic fundamental facts on which experience may build, but experience alone provides the intuition that is necessary to establish the requirements for safety and reliability, and the means by which prediction can be made. RELIABILITY

Every calculation contains within it at least one empirical value that is the result of experience. Often this is looked upon, mistakenly, as a constant when, in fact, its value may vary widely under different circumstances. The coefficient of friction is an excellent example. It is only constant for any material when all other things-such as surface finish, temperature, relative speeds, surface unit loading, etc.-are also constant. Even the surface finish may show a constant figure when measured in microinches, and yet differ in the effect obtained by grinding, rolling, polishing, burnishing, or turning. It is clear that the most inconstant constant in the world is p. What is said of p is equally true of yield and ultimate stress figures for different materials. The effect of temperature is not always considered, especially for plastics, and the alterations in the empirical figures used when parts are cold-formed, forged, ground, shot-peened, or otherwise specially treated is very often not appreciated, let alone acted upon. It is quite easy to take a lower grade of steel, for instance, and cold extrude it to obtain mechanical properties that are equal to, if not better than, those obtained from a more exotic steel which has undergone expensive heat treatment processes. Even more dangerous, it is possible to take a part which has been performing quite satisfactorily and, by adding a process for some entirely different reason, reduce its properties in another respect altogether and create a failure problem. For instance, an assembly comprising small parts brazed together may, at a later date, be plated or rust-proofed by a process which is believed to be not hot enough to damage the brazing, but which in fact reduces the strength, causing a failure in service. Alternatively, a pressed steel loadsupporting member may have done its job well for years, until an extra bracket is welded to it without stress relieving. Changes in hardening technique causing retained austenite to be present and the alterations in material section of a part which may cause hardening deformation cracks are other examples. It is also vitally important to be able to differentiate, by experience, those parts which are subjected to repeated reversals of stress and those which are stressed normally, or lightly, or only infrequently. A few years ago there was a theory that a useful saving Proc Instn Mech Engrs 1969-70

could be made in material if designers permitted stresses up to ultimate instead of only a proportion of yield. This theory was popular, because it meant that small units could be made to carry out duties where larger units had been considered necessary. Profit yields would be higher, and capital expenditure on new plant could be avoided. The theory was quite sound when applied to parts that were infrequently loaded, and where ultimate stresses were reached only occasionally. It is not permissible when parts are subjected to stress reversals or repeated applications above yield. When subjected to high stress reversals the design figure for complete reliability should be no more than half yield. Care should also be taken to understand the difference between yield in shear and yield in tension. Information on the shear strength of steels appears to be lacking and we carried out an investigation into the determination of the double shear strength of various steels. The results of these investigations show that there is no general relationship between the yield point of the steel and its strength in double shear, nor did there appear to be any relationship between the ductility of the material, a s measured by the elongation test, and the double shear strength. In general terms the double shear strength of a steel is approximately related to its tensile strength. The double shear strength/maximum strength (d.s.s./m.s.) ratios range from 0.60 to 0.70 with a recommended average of 0.65. An interesting point is that silver steel in the spheroidized condition has a high d.s.s./m.s. ratio of 0.74, whereas the double shear strength is low at 28.38 ton/in2. 4034 manganese molybdenum steel has a low d.s.s./m.s. ratio of 0.60, but the double shear strength is 36.96 ton/in2. Generally speaking the approximate double shear strength may be taken as equal to maximum strength x 0.65. Where the utilization lies somewhere between high stress complete reversals and low stress infrequent applications, it is necessary for the designer to call on his experience of the service history of the part and to assess what proportion of yield or ultimate stress may be allowed. Fortunately most designers saw the fallacy of the theory when it was propounded, but others did not, and it resulted in some very strange fatigue failures for a period. There were many instances of fatigue failure in aeroplane structures which were partly the result of not allowing for repeated applications of stress reversal and partly through not thoroughly understanding the effects of using ultimate as a criterion instead of yield. A case comes to mind of trouble with golf-irons when the heads snapped off for the same reasons. We are all aware of the shorter life of electric light bulbs when used bulb upwards, so that the element is not supported by the hooks placed there for this purpose, and the consequent higher-than-intended stresses involved. Without naming names it is difficult to mention some of the better known examples, but it is certain that everyone here must have personal knowledge of at least one case of fatigue failure due to using ultimate instead of yield, Vol184 Pt 3B

BASIC DESIGN-DESIGN

and not allowing for stress reversals. Designers must familiarize themselves with the utilization of components and units. Sometimes it appears, at first glance, that more load is being applied to a part in one case than in another, but later experience shows that the reliability in the apparently heavier loaded case is much improved over the earlier lighter loaded application. We could cite a hypothetical case of a wall can-opener. Let us say that these have functioned reliably for years, and were designed to open cans produced in up to 0-015-in thick material. An order is then received for 5000 units specifically for opening cans in up to 0.025-in thick material. Calculations are made to discover the load at the handle to open these particular cans and show that the equipment is capable of doing the job satisfactorily, with a handle effort well within the average human endeavour. It is also shown that the average person applying an effort higher than necessary, but still within his capacity, could speed up the operation to such an extent that the anticipated life expectancy could be reduced considerably when applied to cans of thicker material. Do we reply regretting that the order cannot be fulfilled ? Not when we are given the additional information that the requirement is for supplying cookery schools attended only by girls under 14 years of age! One must know the full and complete facts of the 'true needs of the particular set of circumstances' and only then, after effective thinking, can one bring mathematical analysis into play. Designing for environmental conditions is another vitally important sector which involves some very difficult decisions, especially when local specifications are not allowed and one basic design must be universally acceptable. Perhaps 'universal' is not exactly the right word, and one may assume that special specification will be allowed for use on Mars or Venus. Materials do not always show compatibility in extremes of temperature. A substance which is satisfactory at -20°C may not be tolerant of anything above 100°C. This range of temperature variation, from -20°C to lOO"C, or more, is well known to the motor car engineer. Any automobile quality engineer will tell you that it is one of his major difficulties. It is not unknown for car interior trim to be subjected to 50-70°C in a closed car on an ordinary summer's day in Britain, and there are parts of the world where temperatures of 110°C may be reached inside the car. There is at least one place (Verkhoyansk) where the temperature in January and December is as low as -50°C and in July is +8O"C, and there are many places ranging from -20°C to +90"C. The automobile engineer must cater for these variations, whereas most other engineers have a better idea of the temperatures likely to be encountered, and how frequently. Apart from deterioration, the physical properties are radically affected, and it may be necessary to design for a very low stress because of the reduction in the properties at temperature extremes, when a much smaller section would be absolutely satisfactory under normal British conditions. Hydrolysis, resulting in chemical decomposition or Proc Instn Meeh Engrs 1969-70

FOR SAFETY

77

ionic dissociation, may be experienced in aquatic conditions or in some parts of the world, e.g. Singapore. The effect of salt or other chemicals is worthy of mention. Salt, in particular, is the enemy of the motor car, and the preoccupation of automotive engineers with the subject was well demonstrated by the attendance at the Corrosion Symposium which was organized by the Automobile Division last year, Dr Hoar, on that occasion, defined corrosion as 'the interaction of a metal or alloy with its environment, to form chemical compounds'. He summarized by saying : 'The fundamental chemical and electro-chemical processes of corrosion, although very complex in detail, are in broad outline simple and well understood by those who study them. The fundamental principles of protection from corrosion, and of its avoidance, are perhaps even simpler, though they cannot always be followed in practical situations.' There is no difficulty at all in dealing with the prevention of corrosion. The problem is essentially one of balancing cost against complete protection. Again one must understand the full situation. The Swedes went mad on providing heated garages for their cars, and the corrosion situation grew very much worse. With the Swedish winter it is much safer to let the car freeze, and stay frozen. Special attention must be given to vessels or equipment used for processes where acids are involved, and may require a knowledge of acidity in fruits and vegetables, and even of the animal and human body functions and skin secretions-especially at certain times and in different degrees of health. Sometimes there is a h i e balance between designing to accommodate local environmental features and keeping the cost down for the other 9.5 per cent of consumers. Every designer must learn to identify when an adverse service return is in fact of this nature, and that world-wide action is not warranted. Satisfying the requirements of one man who is living at the bottom of a well, on the top of a mountain in the Himalayas, and suffering from jaundice, is the function of the Sales and Service people, and designers should not cater specifically for him and make everyone else pay. One is reasonably aware of special areas where the environmental characteristic is a natural phenomenon, but can often be caught out by special cases like an abnormally high sulphur content in the centre of Sheffield, or an excessive rainfall in Seathwaite, which is one of the wettest places on earth. The design of chromium-plated doorknockers in Sheffield or of plastic raincoats in the Lake District could be seriously affected. SAFETY Reliability is, by definition, closely akin to safety, but it is only part of the problem. Designers are responsible for drawing up the specification of the parts, whether they are for can-openers, battleships, or the Severn Bridge, and in all cases they are to be used by people. They must have neither their lives nor their comforts jeopardized by a careless attitude and approach by the designer. Vol 184 Pt 3B

P, M. WILKS AND F. SHAW

78

Unguarded cutting elements; exposed ragged edges ; fractures resulting in death-dealing splinters; badly designed shopping precincts resulting in pneumonic gales ; inadequate road systems and illumination; poorly designed traffic control; protruding grids in pavements; badly designed insulation for electrical appliances; lethal chip pans ; pruning shears with inefficient safety catches ; shockingly dangerous oil and bottled gas stoves; badly designed parking brakes on perambulators ; umbrellas without see-through panels and with eye-piercing stays; hot-water bottles that splutter scalding water when being filled; over-powered wheeled vehicles (especially those with less than four wheels); kettles that send a searing stream of steam through the lid vents; rainwear without a pagoda effect, where the hat drips water down one’s neck and the coat pours it into completely inadequate shoes. ... One can go on for ever quoting examples of a complete lack of any considerations of safety in the design of articles in general use, and the reason is not always poor design. Sometimes it is due to cheese-paring for maximum profit, and sometimes it is sheer negligence or incompetence, either through boys doing men’s jobs or through a lack of a designer of the right calibre to do the job properly. Consideration should perhaps be given to making professional chartered engineers responsible at law for negligence, and for designing for profit alone, where safety is in any way affected. Negligence should be criminal, and prostituting one’s profession should also be criminal. One could also consider whether it should be incumbent at law upon all manufacturers to ensure that any design is approved by a chartered engineer, qualified in the discipline concerned. If the companies employ designers who are not chartered, then C.E.I. should set up a panel of engineers who are willing to provide the facility as required. It is quite apparent that there is no better tool to ensure complete absence from safety hazards than a trained mind analysing the ‘true needs of the particular set of circumstances’, and that experience is the major element in this thought process. T o a great extent it is also true that a top-grade designer should be able to apply his basic fundamental knowledge and analytical training to almost any design problem, always providing that the local knowledge and specialized background information is available for him to assimilate and that he is given time to absorb it completely. PREDICTION

Every designer should ensure that somewhere within his organization there is a clear, concise record of service returns, allied to test records of fatigue failures, maximum loading, and multiple applications of a function. He should be able to read across the relationship of service and test results. Textbook calculations alone are not enough; nor are they of sufficient worth on which to base a prediction of satisfactory operation of newly designed parts. Without background knowledge the designer is often at a loss when called upon to fix empirical values. Sometimes his intelProc Instn Mech Engrs 1969-70

ligent guesses are so near the mark that one would not be aware of the original doubts. Sometimes he tends to overdesign, at a cost penalty. A wise designer will adopt the ‘Principle of Similarity’ and base his prediction on the accumulated evidence of past experience. Where a problem is new, and apparently original, some thought will usually bring to light an application similar enough to give a guide for a more reliable assessment than the intelligent guess, but only if a bank of knowledge has been built UP. Every piece of evidence about wind-up of shafts, repeated bending, torque reversals, wear characteristics, impact tests, fretting corrosion, effects of shot-peening, variations in case depth and hardness and their effects on strength, etc. should be carefully tabulated and consulted. These should be compared, correlated, and analysed alongside service history, and kept constantly in mind. More important still, they must be up-dated as further information indicates the necessity. It is not normally an error in the method of calculation which results in a design failure; it is because the empirical figures are wrong, and because we do not always know sufficiently well how much of the power from the prime mover, or from nature, is getting through to the component concerned. Are little girls or big strong women operating the can-openers ? Nor are we always aware of how many times the operation may be performed. True, there are some occasions when the background knowledge is insufficient and the designer must then call upon all the available data and all his basic fundamental science to make an intelligent first effort. It will then be necessary to produce models, which may be of any form from mathematical to full-scale prototypes. The modern plastics are invaluable for this exercise. Quite often it is possible to prove the point with simple cardboard cut-outs and drawing pins. It is also feasible to produce models on a computer sketch screen, which will show immediately the result of a load applied at any point, or what the effect would be of increasing or reducing the supporting structure. Functional prediction can be assisted by simulating the new feature within the framework of an existing component or unit. Rigs can be made up using quite inexpensive pieces of hardware. Rubbing tests to determine wear characteristics, or repeated applications to establish the life factors, are comparatively easy to devise. For anyone setting up this sort of rig shop there is no more useful piece of equipment than a few windscreen wiper motors. Add to these a box of angle iron, clevis joints, lengths of control rods and cables, and a variety of levers, and one can work wonders as an aid to prediction. Many small manufacturers do not carry out rig tests because they consider the cost to be prohibitive. It need not be if the designer uses his ingenuity and makes use of a conglomeration of bits and pieces gathered from junk yards and ex-government surplus stores, etc. Market research is essential, not only to establish the public requirement for the particular commodity being designed but also to feed the designer with reliable factual data on Vol I84 Pt 3B

BASIC DESIGN-DESIGN

which to base his approach to the problem. From the reliability aspect he needs to know the conditions under which it will be used, and for safety, who will use it, what it will be used for, and when. Most important of all, a designer must act at all times with absolute integrity. If a concept is wrong, and it will not work or sell, he should say so clearly and without fear. Only when instructed by his superiors should he then try to make the best possible job out of the poor basic conception. He is paid to do the best he can within the directions from his management !

Proc Instn Mech Engrs 1969-70

FOR SAFETY

79

If the conception, however, is such that it will put people in jeopardy, then he must refuse to be a party to it until the offending feature is eliminated. If the danger is great enough, he cannot even be content with walking out; he must take personal action to see that no one else pushes it on to an unsuspecting public. It is clear, in the end, that safety and reliability in design depends entirely on how well the designer practises his profession, and how well thought out and considered are his instructions from top management-which, in fact, they usually are!

Vol I84 Pt 3B