Tuukka Turunen

Overview of Functional Safety

Published Monday April 18th, 2016
3 Comments on Overview of Functional Safety
Posted in Biz Circuit

Qt is used in an extremely wide variety of use cases across over 70 industries, and sometimes there is a need to use Qt in a safety critical system. When a system, be it a medical device, railway control system, nuclear power plant or an automobile, can potentially cause harm to humans, the concept of functional safety helps in assessing the risk and taking the necessary measures to steer the risk to an acceptable level. In this blog, I will explain the key concepts for functional safety and list a few industry standards of functional safety. 

What is Functional Safety?

The objective of functional safety is freedom from unacceptable risk of physical injury or of damage to the health of people. In many systems, there is always risk and the aim is to bring it down to a tolerable level and to reduce the impact of failure. At its simplest a functional safety system detects a potentially dangerous condition and causes corrective or preventative action to be taken.

Functional safety relies on active systems, for example the detection of smoke by sensors and the initiation of fire extinguisher systems or a mechanism in a revolving door to detect a person that stands still to prevent hitting the person.

Functional safety does not only affect software. On the contrary most systems can be implemented with very limited or no software functionality at all. But when it comes to systems using Qt, we of course are mainly interested in how functional safety affects the system’s software architecture and implementation.

Industry Standards for Functional Safety

Different industries have defined their own standards for addressing functional safety, for example, EN 50128 for Railway applications, IEC 60601 for Medical devices and ISO 26262 for the Automotive sector. The ‘mother’ of all functional safety standards is IEC 61508, which defines the basic concepts of functional safety as well as the means to achieve the desired level of safety, so called Safety Integrity Level (SIL).

functional_safety_standards

Figure 1. Examples of industry specific functional safety standards derived from IEC 61508.

In IEC 61508, there are four different SIL levels of functional safety, that have different requirements for achieving them. The required SIL level is determined based on likelihood for injury or death, for example. If a potential hazard is likely to happen or can cause a lot of damage, the required SIL level is higher. The highest levels are often more relevant for non-UI software, but this is of course a matter of system design.

Achieving Functional Safety

Functional safety can’t be determined without considering the system as a whole and the environment in which it interacts. It is always the final product that needs to be analyzed for impact to functional safety aspects. It is possible to certify any component of a system, which will help in certification of the final system. Still, making a system out of certified parts does not exempt it from a system certification.

Finally, it should be stated that even though only some systems are subject to functional safety certification, it is often beneficial to consider the advice given in the functional safety standards also for systems that are not intended to be certified. The standards can give good instructions and best practices for design, implementation and quality assurance of any systems that can potentially cause harm.

Achieving full functional safety certification is often challenging and costly as some of the requirements, especially for the higher levels, cause significant restrictions to software functionality. Therefore, it is essential to determine what is the safety critical functionality of the system that needs to be certified. If it is possible to separate the safety critical parts of the software from parts that are not safety critical, it is permitted to limit the certification activity only to the required subset of the system functionality.

Functional safety is a large topic, so I wanted to have just the introduction in this post. In the second part of the blog post I will continue on this topic and focus into using Qt in systems that need to be certified for functional safety. If you are interested in discussing more on creation of functional safety certified systems with Qt, please contact us, or stay tuned for the second part.

 

Do you like this? Share it
Share on LinkedInGoogle+Share on FacebookTweet about this on Twitter

Posted in Biz Circuit

3 comments

Lilian says:

Kind of on the same topic.
Could you guys please entertain the idea of running the tests with sanitizers?

YA says:

I evaluated Qt for a safety critical application some time ago. However I don’t think that it can be used in such applications, because even simple problems like the one mentioned QTBUG-26877 are not fixed since years. They are seen as kind of “cosmetic” problems.

@YA: You are correct that items such as fixing compiler warnings definitely do affect the overall quality and are important to address in safety critical systems. And I do agree that these as well as coverage of the QA measures have an important role in this domain. However, these alone are not sufficient to enable, or prevent, usage of Qt in a system requiring functional safety certification. When creating a system with safety critical functionality, one rarely needs to use all of Qt and some further work is always needed. In the following blog post, I will provide two approaches for leveraging Qt in certified systems.

Commenting closed.

Get started today with Qt Download now