Version 5

    Functional Safety is the study of methods and measures to reduce risk of harm to people and equipment when machines malfunction or when their operating environment is interrupted. If we apply this to a game of football, referees have the ability and power to halt a game when they feel a violation occurs, but don’t always see everything and don’t always make the right call. These errors could make or break a game depending on which side of the field you’re on, so in ideal sporting world we could anticipate these erroneous calls and avoid them all together. Functional Safety seeks to address a similar issue in systems design, where the cost of error could be catastrophic or fatal, such as a machine failing to detect an open panel and causing injury to the human operator. Essentially, Functional Safety design tries to anticipate ways that systems can fail, and when they do, implement Plan B.


    Increasing Demand For Functional Safety Systems

    Functional Safety is not a new field. Functional Safety systems design has been around for decades, but has gotten little attention until more recently. Market demand, an increasing number of government mandates, and rising applications of Artificial Intelligence (which inherently calls for safety standards) are driving original equipment manufacturers (OEMs), especially, to act or risk going out of business. Functional Safety systems design is in demand, but implementing such designs is no easy feat due to complex and ‘old school’ methodologies employed in this area, as well as cost.


    As one might expect, Functional Safety system design is subject to standards, issued either by official governing bodies or widely accepted authorities. Well known authorities are UL, ISO, and IEC who exist to create and promote safety specifications such as Safety Integrity Level (SIL), which defines a target level of risk reduction. The work of these authorities is what drives state-of-the-art design and evolves Functional Safety across many different industries. Aircraft and automobiles, unsurprisingly, follow very strict government mandated safety standards; examples are air bags and rear-view cameras in cars. In housing construction, home remodels must abide by building codes and complete new builds must have UL-approved electrical distribution. As technology evolves, and systems become more complex, the list of industries and end applications that will be subject to Functional Safety standards will also grow. The era of self-driving cars and ‘co-bots’ is here and these systems must demonstrate that they cannot (and will not) do harm to people.


    Functional Safety Is Complex

    Making systems safe seems like it’d be a ‘no brainer’, but it’s not simple. Functional Safety system design can be highly complex—it is a top-down, requirements-driven formal method not taught in schools today, and not exactly a popular field of study. Though there is demand for talent, without knowing ANSI C or machine coding, candidates are out of luck. Functional Safety is also not something that can be picked up overnight. Undergoing Functional Safety training, though topically interesting and relevant, will not impart the years of experience required to do the job properly. The qualified talent pool is quite small. Finding talent isn’t the only hurdle for companies. Functional Safety design is largely based on the application of redundancy, where critical system components are duplicated as a fail-safe and to increase reliability. A software program, for example, can be executed on two separate processors to check if the outcomes are the same. If one processor produces a non-expected result, the system knows that there is an error. Multiple components, however, usually introduces challenges in power efficiency and performance while driving up cost. 


    Luckily, big semiconductor companies like Intel, Texas Instruments, and Xilinx offer packaged solutions around their device portfolios to help overcome the complexity of Functional Safety system design and meet certification requirements outlined by standards such as IEC 61508, DO-254 or ISO 26262. These pre-architected and validated solutions can dramatically shorten development timeframes for companies and eliminate the cost/risk associated with trying to implement a functional safety on their own. What it comes down to for an OEM, then, is which device option to go with. When it comes to performance and power efficiency, general purpose CPUs and GPUs really cannot compete with ASICs or FPGAs, especially in real time tasks. ‘Modern FGPAs’ or Programmable System-on-Chips (SoCs) like Xilinx Zynq-7000 SoCs offer the best overall cost-to-performance effectiveness, with ability to integrate several ARM CPUs on a single device while offering flexibility and scalability to size up/down according to the task at hand.


    Fault-Tolerant Design

    Xilinx devices also feature hardware isolation, which allows both safety and non-safety functions to run on the same chip at the same time and make design updates without disturbing or touching already certified parts.The ability to control system failure modes through fault-tolerant design requires an implementation methodology that ensures fault propagation can be controlled. Xilinx Isolation Design Flow (Figure on Left) provides fault containment at the FPGA module level, enabling single-chip fault tolerance.


    There is no doubt that interest in Functional Safety system design will continue to grow as companies are being held more and more accountable for their products and services these days. With this, hopefully comes reduced complexity and simpler ways to design safe systems, but until then, there are reliable and cost-effective solutions to help companies along. Also, readers may want to tip off someone higher education bound about a ‘really hot’ area of study they might want to look into.