Industrial control programs may run on industrial controllers for real-time control of industrial processors, such as control of machinery or industrial processes. In many applications, industrial control programs are written in a high-level language in a programming environment, are compiled and then stored and run on an industrial controller unit that directly controls an associated machinery or industrial process.
Oftentimes, industrial controllers are employed to control machinery or equipment that need to fulfill safety requirements. For instance, safety requirements are intended to ensure the safety of the personnel operating the machinery. Components of an industrial control environment that pose safety requirements may be a sensor adapted to sense the presence of a human in the vicinity of machinery and trigger a corresponding stop signal, an emergency button, or a door lock system. The use of such safety systems and their properties and technical specifications are sometimes prescribed by law or industry regulation. Safety-relevant components of a machinery for industrial process may need to be certified or pass a certain security classification for them to obtain statutory approval. This translates into corresponding safety and statutory requirements for the industrial control software used in the control of these components. Such an industrial control system may also require certification.
However, in many applications industrial control software comprises both functionalities that require safety certification, and others that do not. For instance, an industrial control software comprise both control of safety features such as safety sensors or door locks that require certification, and an interface for exchanging licensing data with a manufacturer, which does not require a safety certification. If the industrial control software can be decomposed into safety-relevant and safety-irrelevant parts, only the safety-relevant parts need to be assessed and certified. However, safety-irrelevant components or elements of the industrial control software may potentially affect the overall system safety if they are called from within a safety-relevant element. This poses a particular burden on the programmer who writes complex industrial control software.
What is needed is an improved method and system to provide industrial control software that complies with a given safety classification, and in particular avoids undesired backlash of safety-irrelevant elements of the industrial control program on safety-relevant elements.