The “functional safety” of a system relates to the system operating as expected in response to the inputs to the system. Functional safety can be important for avoiding damage to health or physical injury to people. Safety functions for monitoring equipment under control (EUC) can be implemented by electro-mechanical relays, non-programmable solid-state electronics, programmable electronics or any combination of the foregoing. The International Electrotechnical Commission (IEC) set forth standard IEC 61508 to define appropriate means for achieving functional safety.
In order to ensure functional safety, system designers take measures to protect the integrity of the safety functions themselves. Examples of approaches to protecting the safety functions include error detection and correction in SRAMs and executing the same program code in lockstep by redundant processors.
Some processor architectures may not be amenable to using lockstep execution for a safety function. For example, some processors execute instructions out-of-order and some superscalar processors include multiple execution units such as an arithmetic logic unit (ALU), an integer multiplier, integer shifter, a floating point unit (FPU), etc. Some processors may have many instances of each of the different execution units. Implementing redundant processors that execute in lockstep for complicated processors architectures can be unfeasible due to the required replication of every execution unit and voting circuits.