Functional safety and AI in industry: can they coexist?

11th June 2021
Alex Lynn

Functional safety is often applied in a binary way, where defined operational parameters are considered in an absolute way. It is unlikely that an algorithm that responds with a probability level rather than 'yes' or 'no' would fulfil functional safety requirements, but that is precisely what is happening.

By Mark Patrick, Mouser Electronics

There is a growing interest in using AI in functional safety applications; it is implicit in autonomous vehicles and mobile robots, so why not industrial automation?

Functional safety in the industrial domain

Functional safety is omnipresent for electromechanical equipment. It protects us from harm in our homes, workers' safety in a factory, and when we drive our car. Regional and international functional safety standards exist to protect users from apparatus misuse, equipment failure, or unanticipated system behaviour.

The need for functional safety standards has been in place for years. The degree of automation and industrial robots has steadily risen within the industrial domain, particularly in smart factories. Initiatives to improve operation efficiency, such as Industry 4.0, increase the amount of electronically controlled equipment used and blurs the physical barriers with human workers. The hybrid model, where skilled human workers work alongside collaborative robots, increases the potential safety risks.

Previously, many production processes used safety cages and mechanical interlocks to prevent operator harm. In today's modern factory, industrial robots and automation offer enormous flexibility and 360-degree reach, allowing better use of costly factory floor space but reducing the scope of safety barriers. Safety must therefore be a built-in function of an industrial production asset rather than relying on physically separation.

Any functional safety feature's prime requirement is to immediately stop the equipment from causing any operator harm and damage to other equipment or materials should an unplanned event or action occur. The safety feature's required functions will be derived by evaluating the potential risks during normal or abnormal operations and serve to stop the equipment safely. Before considering how AI can implement functional safety systems, let's identify the relevant functional safety standards.

Functional safety standards

Several functional safety standards apply to industrial equipment. IEC 61508 is a foundational functional safety standard that covers electrical, electromechanical, and electronically operated equipment. From it, market-specific standards have been derived. IEC 60601 covers medical equipment, and ISO 26262 is for automotive systems.

For industrial equipment, IEC 62061 applies and is supplemented with several other equipment-specific standards. These standards include IEC 61131 for PLCs, IEC 61511 for process control applications, and IEC 61800-5 for variable speed drives. Another safety standard that applies to industrial equipment is ISO 13849. It has a broader scope that includes any form of a safety function's operation, not only those electrically operated.


Figure 1: Functional safety standards derived from 61580.

Reflecting the increasing use of robots and collaborative robots, or ‘cobots’, for industrial applications has led to developing a relatively new functional safety standard ISO 10218. Cobot behaviour is also covered by the technical specification ISO/TS 15066.

Functional safety basic concepts

There are two fundamental aspects to functional safety: safety functions and safety integrity. A safety function defines a feature that is used to ensure the safe operation of machinery. For example, a photodiode may detect the presence of a lock-out device that stops an operator from accessing a moving belt. If the photodiode indicates the safety feature is not enabled, it must immediately stop the belt from moving. The safety integrity metric is a measure of the certainty the belt will stop moving instantly. IEC 62061 stipulates four distinct safety integrity levels (SIL1, SIL2, SIL3, and SIL4) that define how potential safety risks are minimised to an acceptable level. ISO 13849 takes a slightly different approach to SILs, allocating five safety performance levels (PL A, PL B, PL C, PL D, and PL E).


Figure 2: Safety integrity levels as stipulated by ISO 61508.

Implementing functional safety

Embedded systems are at the heart of most industrial automation applications. Any functional safety compliance needs to involve both hardware and software techniques. Microcontrollers, microprocessors, and programmable logic devices may represent the core processing device within the hardware domain.

Silicon vendors are increasingly adept at providing processing devices and sensors that integrate functional safety elements within their architecture. For the industrial equipment manufacturer, incorporating such devices into a design will help speed the development and validation process. An example is the Xilinx dual lockstep MicroBlaze processor. A lockstep architecture provides two fail-silent redundant processors running the same code in step with each other and sharing memory.

A formal approach to embedded software design is mandated by IEC 61508. It proposes a structured design architecture, validation, and testing methods as a principal element of incorporating functional safety features. Adopting a formal coding methodology is also recommended, but apart from MISRA C for automotive applications, there are no functional safety or industrial-related standards available. Xilinx, for example, recommends an isolation design flow as a way of separating safety and non-safety-related functions.

Industrial applications using AI

AI is in use across a broad range of industrial applications, from vision processing to vibration monitoring. AI works based on probability. For example, an object identification task can differentiate different types of fruit. A more advanced application might identify the condition of a particular fruit. Is the fruit just right or overripe? In each case, it will determine based on the probability it has correctly identified the fruit and its condition according to the reference image data used during neural network training.

On the first inspection, the non-binary world of probability-based AI could conflict with the binary world offered by traditionally hardware-based safety systems. The basic tenants of functional safety originate in mechanical lock-out methods. Even when implemented with a processor, this approach relies on a go/no go response to a pre-defined set of risks.

The applicable functional safety standards highlight the need to identify all potential risks when using an item of machinery, and typically, it relates to solely the operator. The risks can be identified for each distinct phase of equipment operation. However, the implication is that the machine is mounted in a fixed position on the factory floor. As such, the number of identified risks may be finite. What if it can move?

Another consideration is a previously unidentified equipment condition that might pose a risk to the user. For example, bearing wear means the physical extent of a hazardous tool goes beyond the safety perimeter.

Dealing with an exponential increase in potential risks

As developers of autonomous vehicles know, the number of potential risks involved in automatically driving a vehicle at speed in an urban environment are too many to quantify. AI systems using vision, LiDAR, and RADAR sensing subsystems become the eyes of the automated driver.

Together, the sensing functions constantly scan for potential risks and visual clues, pedestrians, objects in the road ahead, or traffic lights. Functional safety is focused on the reliability and integrity of the systems that drive the car. Dual and triple lockstep processors and systems redundancy are paramount.

AI-based industrial functional safety

Will AI form the foundation of industrial functional safety? Yes. AI can learn to adapt to a changing production environment. AI is already in use in predictive maintenance applications, where, for example, changing vibration signatures indicate potential wear or different motor load conditions. Equipment condition is highly relevant for functional safety, making sense that AI is employed to monitor both the equipment status and safety risks.

AI can learn too, by observing different operator patterns and by constantly monitoring the location and movement of human co-workers. Moreover, only AI can continuously adapt to, accommodate, and make sense of a deluge of data.

Design verification is key

The use of AI-based functional safety will deliver a host of new risk identification and safety management capabilities to the world of industrial automation. In turn, this places paramount importance on the adherence to hardware design verification and formal software development architectures and methodologies.

Systems compliance to established functional safety standards is essential, and for that, the semiconductor industry can assist. Silicon vendors are already acutely aware of the trust placed in their products, and many are implementing development tools for functional safety.

Featured products

Product Spotlight

Upcoming Events

View all events
Latest global electronics news
© Copyright 2021 Electronic Specifier