Automated control systems for the safety integrity levels 3 and 4

Programs employed for purposes of safety related control must be formally safety licensed, which constitutes a very difficult and hitherto not satisfactorily solved problem. Striving for utmost simplicity and easy comprehensibility of verification methods, the programming methods cause/effect tables and function block diagrams based on verified libraries are assigned to the upper two Safety Integrity Levels SIL 4 and SIL 3, resp., as they are the only ones so far allowing to verify highly safety critical automation software in trustworthy, easy and economic ways. For each of the two SILs a dedicated, low complexity execution platform is presented supporting the corresponding programming method architecturally. Their hardware is fault detecting or supervised by a fail safe logic, resp., to initiate emergency shut-downs in case of malfunctions. By design, there is no semantic gap between the programming and machine execution levels, enabling the safety licensing of application software by extremely simple, but rigorous methods, viz., diverse back translation and inspection. Operating in strictly periodic fashion, the controllers exhibit fully predictable real time behaviour.