I'm looking into precedence of FPGA use in safety applications and wonder if cRIO with FPGA as a PAC can be used in safety-credited systems requiring fast (decades of us) response. To be specific, I'm looking for the following:
- Are there examples of cRIO use in systems with SIL 2 and higher?
- If yes, how is the proper level of functional safety achieved? How redundancy/diversity can be introduced into hardware or logic?
- What would be the verification/validation process?
What are you trying to do with it? (end application)
Also, what inputs are you using to determine required overall response time? E.g. sensor read time + wire traversal to module + read time + application processing time + output to pin + wire traversal + actuator
10's of us is very fast for SIL. 100's of us is still pretty fast for SIL applications. Is this being specified to you (e.g. as a system requirement)?
Thanks Andrew for the prompt response.
There are voltage signals from detectors that have to be digitized at 25kHz or more, 16 bit.
The reading should be accumulated over a running integration window.
A buffer can be used for this with new sample added, the oldest removed, so that if the sum of the buffer exceeds certain level, action should be taken.
Overall budget from event to action is 200 us, some time should be reserved for signal propagation (hundreds of meters) and mitigation devices to act on system trip.
This leaves 100us or less for processing electronics.
We used a cRIO on an application with a high degree of safety criticality - a moving motion compensation gangway for personnel transfer (see this case study - http://sine.ni.com/cs/app/doc/p/id/cs-14813). We didn't develop the safety case or the detailed safety functionality (we just implemented it, our skills is more in the control), but the safety methodology was reviewed, approved and certified (once built and tested) by a marine certification body. I am sure some SIL rating could have been developed for the system, but I wasn't aware that.
In this case the safety functionality was handled by a combination of:
This was all verified as part of a very detailed acceptance test, approved and witnessed by the certification body.
This was all very specific to this system, and probably not easily transferable to other applications. These white papers may be helpful for some basic insight, but I expect you are beyond that:
Hope this helps
Thanks for the post, Andy.
OP, do you need to pursue & receive an ACTUAL SIL certification for your end system?
Occasionally questions about SIL come up, but they end with the realization that MTBF numbers are sufficient. I don't know of any customers who have actually certified a cRIO to a SIL.
Understood, thank you all for the replies
The MTBF in our application should be the same as in other SIL2 systems, no other requirements specified.
My main argument for the cRIO use so far is that it is "proven in use". Also fail-safe operation can be explicitly programmed.
The downside is that there is no diversity in signal processing.
We have MTBF numbers for many of our cRIOs. If this is what you need, start a conversation with your local support (Applications Engineering) office (can email firstname.lastname@example.org). Please let them know which hardware model you're working with and reference this thread when creating your support request.
Just in case this is helpful - I was talking to one of NI sales engineers and they said NI will be launching a couple of SIL 3 rated C-Series modules (Digital IO and some limited analogue IO) that can be used for safety systems. These are configurable to provide logic solver functionality, but note they are not at all integrated into LabVIEW or the cRIO FPGA - they use the cRIO chassis simply to house them.
Having a COTS SIL 3 IO modules would be nice, but if they are not going to talk to FPGA and/or LabVIEW, they will act as a safety PLCs (probably with faster signal processing).
After talking to local FPGA sales engineers, I'm inclining to make a redundant FPGA design on two chips from scratch.
Thanks everybody for the help!