How flash-based FPGAs simplify functional safety requirements

June 19, 2018

Ted99-June 19, 2018

As the quantity of industrial equipment controlled by electronics grows, so do concerns over the equipment failing and causing personal harm and property damage. Safety functions are built into equipment to prevent functional failure and ensure that if a system does fail, it fails in a nonharmful way. Examples of safety systems in industrial equipment include train brakes, sensors monitoring hazards to air quality or the physical environment, assembly line assistance robots, and distributed control in process automation equipment, just to name a few. These systems often include field programmable gate arrays (FPGAs) that, when supported by safety data packages for calculating failure rates, can play a pivotal role in streamlining safety assessments.  When these devices are also flash-based and therefore immune to single event upsets (SEUs), FPGAs enable safety system developers to dramatically simplify their designs.

Standards and Regulations

Concerns over functional safety spawned the growth of functional safety standards and regulations. In 1998, the International Electrotechnical Commission (IEC) published “IEC 61508 Functional Safety of Electrical/Electronic/Programmable Electronic (E/E/PE) Systems,” establishing the global functional safety standard for industrial equipment. While it is impossible to produce electronic equipment that never fails, it is possible to take steps to reduce the risk of a harmful failure. The idea behind the safety standard is to lower the probability of a harmful failure in the system to an acceptable level. To do this, functional safety standards place requirements on the design, processes and techniques, and measures of developing the equipment under control (EUC) and their control systems. To be compliant with IEC 61508, functional safety systems must not exceed the failure rates set by the standard for the safety integrity level (SIL) of the system.

While it is possible for a company to proclaim its product meets IEC 61508 requirements, many customers require certification by a neutral, third party such as Germany’s TÜV Rheinland Group, a leading provider of technical services worldwide. Founded in 1872 and headquartered in Cologne, Germany, the group’s mission and guiding principle is to achieve sustained development of safety and quality in order to meet the challenges arising from the interaction between humans, technology and the environment. Today TÜV enjoys the highest reputation in certifying IEC 61508 devices and software design tools. This certification group ensures the highest acceptance of devices by machine builder and plant owners worldwide.

Functional Safety System Life Cycle and V-Model

To meet the requirements in IEC 61508, the safety lifecycle illustrated in Figure 1 must be rigorously followed. EUC and the EUC control system are typically composed of multiple subsystems with many standard and customized parts. The system, including safety requirements, are defined during early development and then flowed down to the various subsystems.

click for larger image

Figure 1. Safety Lifecycle (Source: Microsemi)

As the requirements and architecture are decomposed into smaller and smaller and smaller units, verification and validation plans are created for use in the corresponding stage in the buildup of the system. This is a V-model of development and it is required by IEC 61508. Figure 2 shows a generic V-model.

click for larger image

Figure 2. Generic V-model (Source: Microsemi)

One or more of these parts in the functional safety system may be an FPGA. An FPGA that is to be part of an IEC 61508 qualified system is also required to have followed a V-model of development. One example is the Microsemi FPGA V-model, which is qualified by TÜV Rheinland as meeting the development life cycle requirements of IEC 61508.

Continue reading on page two >>


< Previous
Page 1 of 2
Next >

Loading comments...