Functional safety is often applied in binary terms, with defined operating parameters being regarded as absolute. There is growing interest in using AI in functional safety applications; it is implicit in autonomous vehicles and mobile robots, so why not in industrial automation as well?
Functional safety is omnipresent in electromechanical devices. It protects us from damage in our homes, it protects workers in a factory and it protects when driving a car. There are regional and international functional safety standards for users to protect against incorrect operation, device failure or unforeseen system behaviour. The need for functional safety standards has existed for years. The degree of automation and the use of industrial robots has increased steadily in the industrial sector, especially in smart factories. Initiatives to improve operational efficiency, such as Industry 4.0, are increasing the number of electronically controlled devices in use and blurring the physical boundaries to human workers. The hybrid model, in which skilled human workers work alongside so-called cobots (collaborating robots), increases the potential security risks. In the past, safety cages and mechanical interlocks were used in many manufacturing processes, to avoid endangering employees. In today’s factories, industrial robots and automation offer tremendous flexibility and 360-degree reach, allowing better use of expensive factory space while reducing the reach of safety barriers. Security must therefore be an integral part of an industrial production facility, rather than relying on physical separation.
The primary requirement of any functional safety function is to immediately prevent the facility from causing damage to the operator and other equipment or materials in the event of an unplanned event or action. The safety functions required for this are derived by evaluating the potential risks during normal or abnormal operation and serve to stop the device safely.
AI in functional safety
The use of AI-based functional safety brings a wealth of new opportunities for risk detection and safety management to the world of industrial automation. This in turn makes compliance with hardware design verification and formal software development architectures and methodologies imperative. Adhering to established standards for system reliability is imperative, and the semiconductor industry can help with that. Semiconductor manufacturers are already aware of the trust placed in their products, and many manufacturers are implementing functional safety development tools.
Functional safety standards
There are several functional safety standards that apply to industrial equipment. IEC 61508 is a fundamental functional safety standard covering electrical, electromechanical and electronically operated devices. Market-specific standards were derived from it. IEC 60601 covers medical devices, ISO 26262 applies to automotive systems. For industrial devices, IEC 62061 applies, which is supplemented by a number of other device-specific standards. These standards include IEC 61131 for PLCs, IEC 61511 for process control applications and IEC 61800-5 for variable speed drives. ISO 13849 is another safety standard that applies to industrial equipment. It has a broader scope that includes any form of operation of safety functions, not just electrically operated.
The increasing use of robots and cobots for industrial applications has led to the development of a relatively new functional safety standard, ISO 10218. Likewise, the technical specification ISO/TS 15066 addresses the behaviour of robots.
Basic concepts of functional safety
There are two fundamental aspects of functional safety: safety functions and safety integrity. A safety function defines a feature that is used to ensure the safe operation of a machine. For example, a photodiode can detect the presence of a locking device that prevents an operator from accessing a moving belt. If the photodiode indicates that the safety function is not activated, it must stop the movement of the belt immediately. The safety integrity metric is a measure of the safety that the belt stops moving immediately. IEC 62061 specifies four different safety integrity levels (SIL1, SIL2, SIL3 and SIL4) that define how potential safety risks can be minimized to an acceptable level. ISO 13849 takes a slightly different approach to SILs, assigning five security levels (PL A, PL B, PLC, PL D, and PL E).
Implementation of functional safety
Embedded systems are at the heart of most industrial automation applications. Any fulfilment of functional safety must include both hardware and software techniques. Microcontrollers, microprocessors, and programmable logic devices can represent the heart of processing within the hardware domain. Semiconductor manufacturers are increasingly able to offer processing devices and sensors that incorporate elements of functional safety into their architecture. For the manufacturer of industrial equipment, the integration of such devices into a design means an acceleration of the development and validation process. An example is Xilinx’s dual lockstep Micro Blaze processor. Lockstep architecture offers two fail-safe, redundant processors,
A formal approach to the design of embedded software is specified by IEC 61508. It provides a structured design architecture, validation and testing methods as a key element for the integration of functional safety functions. The use of a formal coding methodology is also recommended, but apart from MISRA-C for automotive applications, there are no functional safety or safety standards for industrial applications. For example, Xilinx recommends an isolation design flow to separate security and non-security functions.
Industrial applications with AI
AI is used in numerous industrial applications, from image processing to vibration monitoring. AI works on the basis of probabilities. So can z. B. distinguish between different types of fruit in an object recognition task. A more advanced application can detect the condition of a specific fruit. Is the fruit just ripe or overripe? In both cases, the determination is made based on the probability that the fruit and its condition were correctly identified, according to the reference image data used in training the neural network.
At first glance, the non-binary world of probability-based AI might conflict with the binary world traditionally offered by hardware-based security systems. The basic ideas of functional safety have their origins in mechanical locking methods. Even when implemented with a processor, this approach relies on a pass/fail response to a predefined set of risks.
Current functional safety standards emphasize the need to identify all potential risks when using a machine, and typically this relates solely to the operator. The risks can be determined for each individual phase of machine operation. However, this assumes that the machine is installed in a fixed position in the production hall. Therefore, the number of identified risks may be limited. But what if the machine moves can?
Another possible consideration is a previously unrecognized device condition that could pose a risk to the operator. Bearing wear, for example, means that the physical extent of a dangerous tool is beyond the safe area
Dealing with an exponential increase in potential risks
As autonomous vehicle developers know, the number of potential risks associated with driving a vehicle autonomously at speed in an urban environment is too great to quantify. AI systems with vision, lidar and radar sensor subsystems become the eyes of the autonomous vehicle. Together, the detection functions constantly scan for potential risks and visual cues, pedestrians, objects on the road or traffic lights. Functional safety is based on the reliability and integrity of the systems that control the car. Dual and triple lockstep processors and system redundancy are paramount.
AI-based functional safety in industry
Will AI form the basis of functional safety in the industry? Yes. AI can learn to adapt to a changing production environment. AI is already being used in predictive maintenance, where, for example, changed vibration signatures indicate possible wear or different engine load conditions. The condition of the system is highly relevant for functional safety. Therefore, the use of AI makes sense to monitor both asset health and security risks. AI can also learn by observing different operator patterns and constantly monitoring the location and movement of human workers. In addition, only AI can continuously adapt to and process a flood of data and find meaning in it.