One example of a basic functional safety standard is IEC 61508, published by the International Electrotechnical Commission (IEC) and entitled “Functional safety of electrical/electronic/programmable electronic (E/E/PE) safety-related systems.” IEC 61508 is an international standard of rules for the creation of such systems that carry out safety functions. IEC 61508 prescribes specific hardware-technical minimum values, e.g., for FIT (failure in time) and SFF (safe failure fraction), for safety integration level 3, which can generally only be attained by additional software-technical measures. In particular, verification of protection against computer failure of the CPU accounts for a significant part of the overall verification of safety integrity.
Typically, two different micro-controller chips, or at least two parallel computational paths on one micro-controller chip, have been used. Inverted computational paths, described for example in the DE 42 19 457 A1, have also been used occasionally. The two-chip solution is expensive in mass production. In the parallel computational paths on a single chip solution, the functional safety can only be limited, or can only be verified with additional hardware, because the CPU computes incorrectly in the same manner in the case of internal errors in the parallel or inverted computational paths. CPU errors can thus remain undiscovered under certain circumstances. Direct verification is absent that the CPU has not made the same error in both computational directions resulting in two identical but false results being obtained in the comparison of the results, or that in the case of inverted computational paths the CPU erroneously ignores both computational directions, for example, and directly compares two input variables.