Potential of Fault-Detection Coverage by means of On-Chip Redundancy - IEC61508: Are There Royal Roads to SIL 4?

This paper investigates potential to improve faultdetection coverage by means of on-chip redundancy. The international standard on functional safety, namely, IEC61508 Ed. 2.0 Part 2 Annex E.3 prescribes the upper bound of βIC (common cause failure (CCF) ratio to all failures) is 0.25 to satisfy frequency upper bound of dangerous failure in the safety function for SIL (Safety Integrated Level) 3. On the other hand, this paper argues that the βIC does not necessarily have to be less than 0.25 for SIL 3, and that the upper bound of βIC can be determined depending on failure rate λ and CCF detection coverage. In other words, the frequency upper bound of dangerous failure for SIL3 can also be satisfied with βIC higher than 0.25 if the failure rate λ is lower than 400 [fit]. Moreover, the paper shows that on-chip redundancy has potential to satisfy SIL 4 requirement; the frequency upper bound of dangerous failure for SIL4 can be satisfied with feasible ranges of βIC, λ and CCF coverage which can be realized by redundant code. key words: on-chip redundancy, fault-detection, common cause failure, functional safety, IEC61508

[1]  Nobuyasu Kanekawa,et al.  Fault detection and recovery coverage improvement by clock synchronized duplicated systems with optimal time diversity , 1998, Digest of Papers. Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing (Cat. No.98CB36224).

[2]  G.E. Moore,et al.  Cramming More Components Onto Integrated Circuits , 1998, Proceedings of the IEEE.

[3]  Nobuyasu Kanekawa,et al.  Self-checking and fail-safe LSIs by intra-chip redundancy , 1996, Proceedings of Annual Symposium on Fault Tolerant Computing.

[4]  Shigeru Yamada,et al.  A calculation method for software safety integrity level , 2010, EDCC-CARS.

[5]  T. J. O'gorman Field testing for cosmicray soft error in semiconductor memories , 1996 .

[6]  Kotaro Shimamura,et al.  A Single-Chip Fail-Safe Microprocessor with Memory Data Comparison Feature , 2006, 2006 12th Pacific Rim International Symposium on Dependable Computing (PRDC'06).

[7]  Kotaro Shimamura,et al.  A fail-safe microprocessor using dual synthesizable processor cores , 1999, AP-ASIC'99. First IEEE Asia Pacific Conference on ASICs (Cat. No.99EX360).

[8]  Yoshinobu Sato,et al.  Availability of systems with self-diagnostic components - applying Markov model to IEC 61508-6 , 2003, Reliab. Eng. Syst. Saf..

[9]  Mehrdad Sabetzadeh,et al.  Characterizing the Chain of Evidence for Software Safety Cases: A Conceptual Model Based on the IEC 61508 Standard , 2010, 2010 Third International Conference on Software Testing, Verification and Validation.

[10]  Andreas Steininger,et al.  Power supply induced common cause faults-experimental assessment of potential countermeasures , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.