Digital systems can never be proved safe enough by testing

15 Apr 2019

Any signal, control or data that is acted upon by software running on a microprocessor, microcontroller, FPGA, or the like, has an unquantifiable risk of error, malfunction or failure that cannot be assessed by testing.

Not only is it impossible to ever determine the likely probability of the error, malfunction or failure occurring by testing, it is also impossible for testing to determine which functions are likely to go wrong – so we cannot predict the likely severity of the hazard either.

This situation arises because of the huge numbers of possible digital states that can exist in even the simplest systems. Even testing a very simple system at the rate of one digital state every microsecond would take tens of years to test them all.

To fully test some complex digital systems, such as video processors designed for autonomous, self-driving cars, would require many times longer than the age of the universe (13.8 Billion years), even if they could be tested at the rate of one digital state every 10 nanoseconds.

Because digital systems are non-linear, even if we could test 99.9% of all their possible digital states – which we can’t – the results would tell us nothing about the safety of the 0.1% of states that were not tested.

The above is true for digital systems operating in a normal test laboratory environment.

So, it is even more impossible to try to prove a digital system will be safe enough in real-life environments by testing in EMC, shock and vibration, or climatic test chambers – because we would need to run through all of its digital states each time we subject the system to a range of different electromagnetic, climatic, and shock/vibration environments.

Of course, such testing is essential – but the point is that it can never be sufficient to prove that human life is not being put at unacceptable risk.

For more details, visit the EMI/EMC Risk Management page at EMC Standards: here, here and especially here!

« Back to Blog