Functional safety of complex programmable systems

The concept of functional safety was introduced with the IEC 61508 standard. This concept currently appears inevitably in the most diverse sectors involving applications critical to safety. The diversity of standards is very wide and poses challenges to the user, primarily when reconfigurable systems are used:

  • Nuclear industry: IEC 61513
  • Process industry: IEC 61511
  • Railway sector: CENELEC EN 50126, EN 50128, EN 50129
  • Automotive: ISO 26262
  • Machinery: ISO 13849, IEC 62061.

On the one hand, the standards typically require compliance with a complete system life-cycle process, extending from the concept phase to the risk analysis all the way up to decommissioning; on the other hand requirements are imposed on functions critical to safety in the form of a safety-integrity level (SIL, ASIL, PL, …).

We deal intensively with concerns involving the use of the concept of functional safety and are happy to support you in your projects.

Reconfigurable logic

The rapid technological progress in the area of electronic, programmable systems currently makes it possible to implement complex and dynamic process control systems in highly integrated and reconfigurable systems. The use of FPGA, for example, with embedded Power-PC cores, DSP slices, or ARM Cortex dual-core processors, such as the Xilinx ZYNQ-7000 series, makes it possible to develop high-performance generic hardware platforms which can be reconfigured for virtually any task by adapting the firmware and software.

Along with the economic benefits, technical advantages such as the opportunity to achieve a higher level diagnostics coverage, also represent important reasons for the use of such generic hardware platforms in applications relevant to safety. The programmable systems for applications relevant for safety are only approved when they meet stringent and complex requirements.

Standards here only partially provide suitable guidance and often lag behind the effective state of the art. Although, for example, special architectural requirements for integrated electronic components as well as processes and measures for preventing errors during design and development are explained in IEC61508-2:2010, making these requirements concrete and implementing them is far from trivial.

The research constantly focuses on the use of reconfigurable components such as FPGAs and CPLDs in applications relevant to safety. The error modes of these components are central in this context. On the one hand, radiation-induced error modes must be considered, such as:

  •     Single-Event Transient (SET)
  •     Single-Event Upset (SEU)
  •     Single-Event Latch-Up (SEL)
  •     Single-Event Function Interrupt (SEFI)

Actions which have been long used for microprocessors are placed in opposition; these include not only such measures as the scan-path analysis, the built-in self-test or the quiescent current test, but also methods specifically developed for FPGAs and CPLDs such as Triple Modular Redundancy (TMR), which is frequently combined with other methods (e.g. configuration scrubbing) and techniques (e.g. phase-shifted clocks).