Die Neufassung des Softwareteils der DIN/IEC 61508 betrifft neben der Korrektur allfälliger Schwächen der vorhandenen Fassung die Betonung der Möglichkeit von Sicherheitsnachweisen mit Hilfe von Betriebserfahrung, das Sicherheitshandbuch, Änderungen durch den Betreiber, die deutlichere Herauskehrung der verschiedenen Betrach-tungen von kontinuierlich arbeitender und auf Anforderung arbeitender ...

Which Software Reliability Engineering (SRE) methods should be applied during the various phases of the lifecycle of a product? The answer given here centres on learning from errors. The classification and evaluation of methods is strictly based on causal analyses of disasters, accidents and incidents with undesired outcome. The lifecycle model of IEC Standard 61508 has been adopted as a classi...

Industrial automation applications across all segments—from factory, machine, and process automation to energy generation, distribution, and transportation—require an increasing amount of safety-enabled equipment. This white paper explores a case study on industrial system on a chip (SoC)—a drive on a chip—to explain how engineers can save up to 18 months of design time in achieving product cer...

We recently discussed the danger of using cell phones on gas station forecourts on a mailing list of professionals interested in safety-critical systems involving computers, to which I belong. Participants in the discussions include some of the world’s best-known computer-related safety researchers, as well as some of those who participated in writing the new standard IEC 61508 for the developm...

IEC 61508-2010 puts special limits on the on-chip redundancy of one single chip, for example the safety integrity level (SIL) is limited up to SIL 3. About this, however, there are no specific explanations. Based on the safety-critical system of on-chip redundancy for a typical programmable logic device (FPGA), this paper proves that the highest SIL is 3; analyses the factors that may impact th...

The paper describes a pragmatic solution to the parallel execution of hard real-time tasks on off-the-shelf embedded multiprocessors. We propose a simple timing isolation protocol allowing computational tasks to communicate with hard real-time ones. Excellent parallel resource utilization can be achieved while preserving timing compositionality. An extension to a synchronous language enables th...

Most safety regulations and standards concentrate their efforts on intrinsic safety – the possibility that injury or damage could occur due to electric shock, fire, mechanical instability, sharp edges, etc. In this paper we are concerned with functional safety – where the hazards and risks depend upon the correct operation of devices, equipment, systems or installations. IEC 61508 [3] is the ba...

With the advent of comprehensive safety standards for software-dependent safety related systems, such as IEC 61508 and its specialisations for particular industry sectors (medical, machinery, process, etc), there is a need to establish combinations of techniques which can be used by industry to demonstrate conformance to these standards for particular developments. In this paper we describe par...

The architectural concept of a programmable electronic system is presented, which is particularly suited for highly safety-critical applications. Its most essential characteristics are taskoriented real-time execution without the need for asynchronous interrupts and the ability for state restoration at runtime. The concept of task execution without the use of asynchronous interrupts combines th...

In this paper we propose a UML profile that extends the Unified Modeling Language (UML) to support the development of safety-critical embedded software in accordance with the safety standard IEC 61508 [5]. Our profile enables software developers to precisely express certification-related information using the UML notation. This improved information density in software models can be exploited as...