The Hidden Gem of IEC 61508: Unveiling the Advantages of the 1oo2D Structure in Embedded Systems

Embedded systems are used in a wide range of applications, many of which are safety-critical. A failure in such systems can cause significant issues related to safety, functionality, and the overall availability of the application. To meet safety requirements, it is often necessary to develop safety-critical embedded systems in compliance with the IEC 61508 functional safety standard. This standard outlines various architectures for safe hardware design, with common safety structures including 1oo1, 1oo2, and 2oo3, which are widely implemented for safety functions. The optimal solution depends on several factors, such as the desired Safety Integrity Level (SIL), cost constraints, and application availability. This paper emphasizes the rarely applied 1oo2D structure as an excellent compromise between cost, assembly space, safety, and availability. The 1oo2D architecture consists of two redundant channels continuously monitoring themselves for hardware failures. With intelligent testing mechanisms, hardware failures can be isolated to the relevant channel, allowing the faulty channel to be deactivated while the system continues to operate in a reduced 1oo1 configuration. This approach helps prevent spurious trips of the safety function without the need for the more costly 2oo3 structure. To demonstrate the advantages of the 1oo2D structure, a newly developed prototype of an optical smoke detector is introduced, which highlights the advantages of the 1oo2D structure based on a new intelligent fault detection concept for sensor and actuator sub-systems. A Failure Modes, Effects, and Diagnostic Analysis (FMEDA) shows that all potential hardware failures can be safely detected and assigned to the corresponding channel, thereby avoiding false fire alarms while ensuring the availability of the safety function. Digital embedded systems are particularly well-suited for implementing the 1oo2D structure, as hardware failures can typically be detected and isolated to the relevant channel. This reduces spurious trips of the safety function while ensuring high reliability, low costs, compact assembly, and availability.

Keywords: Functional safety, IEC 61508, Reliability, Electronic embedded systems, Optical smoke detector.