International standards regarding the safety of electric, electronic, and programmable electronic functions have been established in the process industry (see Non-Patent Literature 1). The Non-Patent Literature 1 targets electric and electronic devices of which the function or malfunction/failure has significant influence on human lives. For example, these targets include the safety of functions of transport machines, chemical plants, and medical devices.
Influential factors on the safety presumably include, in regard mainly to hardware, deterioration in parts and/or materials and random hardware failure due to variation among products. The Non-Patent Literature 1 sets forth necessity of improvement in system reliability by redundant and/or diversified configuration and measures such as provision of self-diagnostic functions. Furthermore, the Non-Patent Literature 1 prescribes that the safety integrity level (SIL) of a safety device should be determined by probabilistic risk analysis or the like so that the entire system risk falls below an acceptable risk. The Non-Patent Literature 1 sets forth four required safety integrity levels from the relatively low level, SIL 1, to the highest level, SIL 4. The Non-Patent Literature 1 recommends failure detection and diagnostics for the SIL 2 and strongly recommends failure detection and diagnostics for the SIL 3 and SIL 4.
With devices in which a CPU (central processing unit) runs programs for processing, the programs are generally read from a ROM (read-only memory) to a high access-speed RAM (random-access memory) for high speed program operation. Therefore, both data subject to change and data not subject to change while the programs are running are present in the RAM.
Data stored in a RAM may be subject to unintended change due to malfunction of the RAM, defects upon manufacturing, or cosmic radiation. In order to routinely confirm that the data stored in a RAM is normal, diagnostics using a program or some other logic circuit is necessary.
For example, the Patent Literature 1 describes a method of checking a storage means while a control target is controlled. The method of checking a storage means of the Patent Literature 1 is a method of checking a RAM bank comprising the banks of multiple RAMs storing data, wherein the banks of two RAMs to be checked are subject to the same checking procedure (control operation and monitor operation) and it is determined whether the results of the two operations (check results) are equal. The results of control operation and monitor operation are written in the banks of the RAMs, the written values are read, and it is determined whether their values are equal.