By Wolfgang Kattermann, Altera Corporation
The rise of highly-automated systems in transportation and manufacturing has caused a profound change in the philosophy of system design. Increasing automation has shifted the responsibility for the safety of humans and property from the machine operator to the machine builders. This responsibility, and the processes and systems necessary to fulfill it, have become known collectively as functional safety.
The main goal of functional safety is to prevent the risk of injury or death as a result of the operation of the system. This risk may arise from external circumstances, such as a human wandering into an unsafe area. To these events the system must respond by making the situation safe again, often by shutting itself down or changing its operating mode. Or the risk may arise from random, systematic, or common-cause failures in the system itself. Random failures are caused by a malfunction of the safety system’s parts or components, while systematic failures are a result of a wrong or inadequate specification of the functionality of the machine. A common cause failure is the simultaneous malfunction of several parts of the system caused by a single reason, like a single power rail failure powering multiple components on a board.
Typically the goal for product development is to get a low probability of failures during operation, or in other words, to achieve a high level of quality and reliability. Functional safety goes further, and defines qualitative measures for this quality and reliability of the entire system, typically in terms of a probability-of-failure measure called Safety Integrity Level (SIL). SILs range from SIL0—essentially an unprotected system—to SIL4—one expected failure in 110,000 years.
Unfortunately, this admirable goal can impose huge additional complexity on the system design team. Every step of the design process, from defining requirements to final verification, is not only made more complex, but is governed by strict external certification requirements under International Electrotechnical Commission (IEC) standard 61508. If there were no way to simplify this process, functional-safety requirements would put system design beyond the reach of many design teams.
Click here to read more ...