The traditional approach separates safety controllers from the application (communication and compute) processors. Figure 1 shows how two separate safety controller devices facilitate safety channel 1 and safety channel 2 . Control and communication applications run on an application processor while two separate devices with individual data, clock, and power paths serve as the checker for safety.

Figure 1 Dual external safety controller.

In addition to the trend toward miniaturization and lower cost, there has been a corresponding movement toward the integration of safety functions. Having multiple types of processing cores (such as Arm Cortex-A, Cortex-R5F and Cortex-M) and implementing the appropriate functional safety capabilities (such as isolated power and clock domains for different cores, hardware diagnostic functions, freedom from interference) can offer system designers flexibility in implementing safety architecture.