Various processes are governed by international standards relating to safety and risk reduction. For example, IEC 61508 addresses functional safety of electrical, electronic, and programmable electronic devices, such as microcontrollers or other computers used to control industrial or other safety critical processes. IEC 61508 defines Safety Integrity Levels (SIL) based on a probabilistic analysis of a particular application. To achieve a given SIL, the application, including constituent components, is designed to meet targets for the maximum probability of “dangerous failure” and a minimum “safe failure fraction.” The concept of “dangerous failure” is defined on an application-specific basis, but is based on requirement constraints that are verified for their integrity during the development of the safety critical application. The “safe failure fraction” determines capability of the system to manage dangerous failures and compares the likelihood of safe and detected failures with the likelihood of dangerous, undetected failures. Ultimately, an electronic device's certification to a particular SIL requires that the electronic device provide a certain level of detection of and resilience to failures as well as enable the safety critical application to transition to a safe state after a failure.
Another functional safety standard is ISO 26262, which addresses the functional safety of road vehicles such as automobiles. ISO 26262 aims to address possible hazards caused by malfunctioning behavior of automotive electronic and electrical systems. Similar to SILs defined by IEC 61508, ISO 26262 provides an automotive-specific risk-based approach to determine risk classes referred to as Automotive Safety Integrity Levels (ASIL). ASILs are used to specify a particular product's ability to achieve acceptable safety goals.
An electronic device that controls a process—industrial, automotive, or otherwise—may be used to perform multiple functions, some of which are “safety functions” while others are “non-safety functions.” A safety function is a function whose operation impacts the safety of the process; for example, a closed-loop control system that drives an electric motor used for power steering is a safety function. A non-safety function is a function whose operation does not impact the safety of the process; for example, debug functionality built into the electronic device that is used to develop software for the control functions, but is not used when the electronic device is integrated into a vehicle, is a non-safety function.