SPRADF6A December   2023  – May 2024 AM2432 , AM2434 , AM6421 , AM6422 , AM6441 , AM6442

 

  1.   1
  2.   Abstract
  3. 1Functional Safety Goals and Safety Concepts
  4. 2HARA and Safety Concept Assessment Stage
  5. 3SIL and ASIL Classification
  6. 4Random and Systematic Faults
  7. 5AM243x and AM64x: Safety Diagnostics and Examples
  8. 6AM243x and AM64x: Safety MCU With FFI Support
  9. 7Safety Element Out of Context
  10. 8Functional Safety Resources and Examples

1 Functional Safety Goals and Safety Concepts

Functional safety goals are system-level goals defined at the beginning of the design process focused on reducing the risk of potentially hazardous events. Risk of harm cannot be completely designed out of a system, but with proper design techniques, the risk of harm can be reduced to an acceptable level. Functional safety goals will vary based on the end application, degree of potential harm, and how likely the hazard is to occur. The method of achieving the safety goal at the accepted level of risk of harm is called the safety concept.

To better understand functional safety goals and safety concepts, it can be helpful to examine a modern-day manufacturing plant. On the manufacturing floor both automated and non-automated processes and machinery coexist along with a number of people operating, monitoring, and servicing the equipment. The manufacturing equipment varies from fast moving robotic arms to simple test and measurement stations all of which under the right set of conditions could result in potential harm to an individual.

To reduce the risk of harm on the manufacturing floor, safety goals were defined early in the design process for both the manufacturing equipment and factory processes. To address the potential hazard of a person getting hit by a robotic arm, a safety goal was defined to reduce the occurrence of such a hazard to < 1x per billion hours of operation. A safety concept was then defined to support this safety goal that uses a laser based light curtain to create a keep-out zone around the robotic arm, a Machine Learning (ML) based vision system that tracks the position of the operator relative to the keep-out zone, and a fail-safe method of stopping the robotic arm if an operator is detected entering the keep-out zone. The Safe Torque Off (STO) and Safe Brake Control (SBC) safety functions are used to perform the emergency stop of the robotic arm. STO removes power from the motor and SBC applies an external brake to the motor. STO and SBC (as well as other motor specific safety functions) are commonly used to support safety concepts in motor control applications. The next section (Section 2) details the process used by system integrators to define safety goals and safety concepts.