Safety-Design Package for IEC 61508 Safety Critical Applications

April 30, 2018 by Paul Shepard

STMicroelectronics is helping technology brands design safer applications, more quickly and cost-effectively, with new software for its successful STM32 microcontrollers. Created for designers of STM32-based devices in the field of industrial controls, robots, sensors, medical, or transportation, which must be certified up to Safety Integrity Level (SIL) 2 or 3 of the recognized safety standard IEC 61508, ST's STM32 SIL Functional-Safety Design Package simplifies system development and certification.

"To help our customers deliver safety-certified new products to market quickly and efficiently, we are making this high added-value, ST-designed comprehensive package including certified software available free of charge; an industry-first," said Daniel Colonna, Microcontroller Division Marketing Director, STMicroelectronics.

"Moreover, by providing this offer on our STM32 microcontroller portfolio, the SIL Functional-Safety Design Package will give extra flexibility to our customers and help optimize their bill of materials," Colonna added.

The SIL Functional-Safety Design Package, which comprises documentation and the X-CUBE-STL, a software Self-Test Library certified to IEC 61508 SIL3, is initially available for the STM32F0 series. ST will continue to introduce equivalent packages for all other series in the STM32 family throughout 2018 and 2019.

There are currently more than 800 STM32 microcontroller variants that give product developers unique flexibility to optimize price, performance, and feature integration.

TÜV Rheinland, a leading international certification institute for functional safety certification to relevant international standards, has positively assessed X-CUBE-STL-F0 according to the functional safety standard IEC 61508:2010.

Swiss-based sensor manufacturer Contrinex is the first to use ST's Functional-Safety Design Package to certify safety products based on STM32F0 microcontrollers. "The proven robustness of ST microcontrollers, combined with the SIL functional-safety design package, is a comfortable choice for our safety product development," said Nicolas Jouanne, Embedded Software Development Project Leader at Contrinex.

The Functional-Safety Design Package for STM32F0 microcontrollers is available from, free of charge, subject to Non-Disclosure Agreement (NDA) with ST. Equivalent packages for other STM32 series will be introduced throughout 2018 and 2019.

ST's STM32 SIL Functional Safety Design Package contains full documentation to support development of STM32-based embedded systems to meet IEC 61508 requirements for functional safety. The documentation comprises safety manuals that detail all applicable safety requirements, or conditions of use, with implementation guidelines to help developers certify their products to SIL 2 or SIL 3 in accordance with IEC 61508.

Also included are the mandatory Failure-Modes Effects Analysis (FMEA), containing the detailed list of microcontroller failure modes and related mitigation measures, and Failure-Mode Effects and Diagnostics Analysis (FMEDA), which gives a static snapshot reporting IEC 61508 failure rates, computed at both the microcontroller and basic functions detail levels.

The software self-test library, X-CUBE-STL, is a software-based diagnostic suite for detecting random hardware failures in STM32 safety-critical core components comprising the CPU, SRAM, and Flash memory. The Diagnostic Coverage is verified by state-of-the-art ST proprietary fault injection methodology.

Integrated with the familiar and proven STM32Cube workflow, it is application-independent thereby allowing use with any user application, and is delivered as compiler-agnostic object code.

X-CUBE-STL-F0 has been positively assessed by TÜV Rheinland according to the functional safety standard IEC 61508:2010, verifying that it fulfils the software systematic capability SC3.

In addition, the institute has verified the Diagnostic Coverage (DC), making the X-CUBE-STL-F0 suitable for integration into SIL2, HFT=0 and SIL3 HFT=1 applications.