Computer systems are increasingly being used in applications where they are entrusted with functions upon which human life can depend. Such safety relevant computer systems may be implemented into medical devices, anti-lock braking systems in automobiles, shut-down systems at nuclear power plants, etc. Safety relevant computer systems may be coupled with sensors configured to sense operations of the systems, and to react to possible dangerous situations with a speed and dependability that is unmatched by human capabilities. Accordingly, in safety relevant computer systems, hardware based failure is unacceptable and the timely detection of any such failure is important.
The International Electrotechnical Commission (IEC) regulates the integrity of safety relevant computer systems. The integrity of a computer system processor may be measured according to safety integrity levels (SIL). In general, there are four different safety integrity levels as defined by IEC 61508. The safety integrity levels range from a minimum of SIL1 to a maximum of SIL4. Devices having various safety importances are required to meet the standards set forth in a corresponding SIL. For example, airplanes, nuclear reactors, and the like have a high safety importance and therefore are required to use computer systems meeting the most stringent safety standard, SIL4.
To achieve a given SIL a device must meet targets for the maximum probability of dangerous failure and a minimum safe failure fraction. For example, a SIL3 device (e.g., used for automobiles) has probability of dangerous failure per hour of 1e-7 to 1e-8 and must detect more than 99% of all possible dangerous failures.