Safety computations in integrated circuits

Abstract

In order to ensure the safety of software-based railway control systems, MATRA TRANSPORT has developed at the beginning of the eighties an "informational redundancy" technique associating arithmetic coding and signature checking, with the adequate environment interfaces (generally fail-safe devices). Compared to traditional redundancy, the "coded processor" has the advantage of a rigorous mathematical safety demonstration, independent of the reliability of the underlying hardware, but there is an important cost to pay in terms of execution speed. One of the (strongly) desired evolutions of our systems is to have a unique centralized wayside equipment, the immediate corollary being the decentralization of inputs/outputs. In order to reach this goal, a new generation has been designed, replacing the software code calculations and the discrete numeric components used in coded input acquisition/coded output command by ASICs. Our experience shows that it is possible to perform safe computations in an ASIC, and even that in some cases ASICs are more adaptable to the safety constraints than software computations.