Mark Patrick, Mouser Electronics
Functional safety is usually applied in a binary way: the defined operational parameters are taken into account in absolute terms. An algorithm that returns a probability instead of a yes or no is unlikely to meet functional safety requirements, but that is exactly what is happening. There is increasing interest in AI for functional safety applications and its use is implicit in autonomous vehicles and mobile robots. So, isn't it about time we used them in industrial automation?
Functional safety in the industrial environment
Functional safety is everywhere when it comes to electromechanical equipment. It protects us at home, at work and when we're driving. There are regional and international functional safety regulations to protect the user from misuse of devices, equipment failure, or unexpected system behavior.
There has been a need for functional safety standards for many years. The level of automation and the use of industrial robots has been growing steadily in the industrial environment, especially in small factories. Some initiatives to improve operational efficiency—such as Industry 4.0—have increased the number of electronically controlled equipment and have diluted the physical barriers that separate these equipment from workers. The hybrid model—professional operators working alongside collaborative robots—increases potential security risks. In the past, many production processes used safety cages and mechanical interlocks to protect the operator. In modern factories, automation and industrial robots offer great flexibility and 360° freedom of movement, optimizing the use of factory space (a very expensive asset), but reducing the reach of physical barriers. Therefore, security must be integrated into industrial production and we cannot continue to rely on physical separation.
Any functional safety system must satisfy a basic requirement: immediately stop equipment that could harm the operator and other equipment or materials when something unforeseen occurs. The necessary functions in this security device will be determined by an analysis of the potential risks during ordinary and extraordinary operations, and will serve to stop the equipment in a safe way. Before thinking about how AI can be used to implement functional safety systems, let's talk about the corresponding functional safety regulations.
Functional safety regulations
Different functional safety standards apply to industrial equipment. IEC 61508 is a basic functional safety standard covering electronic, electrical and electromechanical equipment. Other more specific standards for specific markets are derived from it. IEC 60601 covers medical equipment and ISO 26262 is used for automotive systems. In the case of industrial equipment, the IEC 62061 standard applies, along with other more specific standards for specific equipment, such as IEC 61131 (for PLCs), IEC 61511 (for process control applications) and IEC 61800- 5 (for variable speed drives). Another safety standard that is used in industrial equipment is ISO 13849, with a broader scope and which includes any type of operation related to a safety function, and not only those of an electrical nature.
As the use of robots and collaborative robots (or "cobots") has increased, a relatively new functional safety standard has been developed for industrial applications: ISO 10218. The behavior of cobots is also governed by the technical specification ISO/TS 15066.
Functional Safety Basics
Functional safety is made up of two basic elements: safety functions and safety integrity. A safety function is a feature used to ensure that machinery operates in a safe manner. For example, a photodiode detects the presence of a blocking device that prevents a user from accessing a moving tape. If the photodiode indicates that the safety function is not activated, you should stop the treadmill immediately. Safety integrity tells us how certain we are that the treadmill will stop immediately. The IEC 62061 standard specifies four safety integrity levels (SIL1, SIL2, SIL3 and SIL4) and these define how potential safety risks are minimized to an acceptable level. ISO 13849 uses another method with respect to these SILs: there are five safety performance levels (PL A, PL B, PL C, PL D and PL E).
The implementation of functional safety
Embedded systems are the foundation of most industrial automation applications. In order to meet functional safety requirements, it is necessary to employ hardware and software techniques. Microcontrollers, microprocessors, and programmable logic devices are usually the primary processing device when it comes to hardware. It is increasingly common for silicon vendors to offer sensors and processing devices that have functional safety elements within their own architecture. For an industrial equipment manufacturer, incorporating such devices into the design helps speed up the development and validation process. An example of this is MicroBlaze, a double lockstep processor from Xilinx. A "lockstep" architecture consists of two redundant processors that operate silently after a failure ("fail-silent") and that execute the same code in parallel and with shared memory.
The IEC 61508 standard establishes a formal approach to the design of embedded software, which proposes structured methods for design, architecture, validation and testing as a main element when incorporating functional safety functions. The adoption of a formal methodology for programming is also highly recommended, but with the exception of MISRA C for automotive, there are no functional safety or industry standards available. For example, Xilinx recommends an isolated design flow to separate security features from other features.
Industrial applications that use AI
AI is used in a wide range of industrial applications, from vision processing to vibration monitoring. The AI works with probabilities. For example, in an object identification task, the system can differentiate between different types of fruit. A more advanced application would be able to determine the state of a particular fruit, whether it is ripe or overripe. In each case, this determination will be based on the probability of having correctly identified the fruit and its state based on the reference images used during the training phase of the neural network.
On first inspection, the non-binary world of AI (probability-based) could conflict with the binary world of traditional security systems (hardware-based). Basic functional safety originates from mechanical locking methods and, even if a processor is used, it always ends up generating a yes/no response to a predefined set of risks.
The applicable functional safety regulations show that it is necessary to identify all potential risks when using a machine and, normally, only in reference to the operator. Hazards can be identified for each phase of equipment operation. However, this philosophy assumes that the machine is in a fixed position in the plant, so the number of risks is finite. What if the machine can be moved?
Another factor that we must take into account is what happens if the equipment is in a previously unidentified state that may pose a risk to the user. For example, some bearings can wear out, which means that the physical reach of a dangerous tool can exceed the safety perimeter.
How to deal with an exponential increase in the number of potential risks
Autonomous vehicle designers know that the number of potential risks when a vehicle is self-steering and speeding in an urban environment is so great that it cannot be quantified. AI systems employ vision sensing, LiDAR and RADAR subsystems, and these become the eyes of the automated driving system. Together, the sensing functions are continually analyzing potential hazards, visual cues, pedestrians, objects ahead on the road, or traffic lights. Functional safety focuses on the reliability and integrity of the systems that run the car. System redundancy and dual and triple lockstep processors are a must.
AI-based industrial functional safety
Will AI be the foundation of functional safety in the industry? Yes, AI can learn to adapt to a changing production environment and is already used in predictive maintenance applications where, for example, changes in vibration characteristics indicate possible wear or different load states of the engine. Equipment health is extremely important for functional safety, which explains the use of AI to monitor equipment health and security risks. The AI can also learn by observing the various patterns of the operator and by constantly monitoring the location and movement of fellow humans. Furthermore, only AI has the ability to understand, adapt to, and integrate immense volumes of data.
The key: design verification
AI-based functional safety will bring a host of new features for safety management and risk identification in the world of industrial automation. In turn, this means that it is extremely important to adhere to hardware design verification and formal software development architectures and methodologies. It is imperative that systems comply with established safety standards, and the semiconductor industry can be of great help in this regard. Silicon vendors are well aware that people depend on their products, and many are putting development tools in place for functional safety.
