An embodiment relates to fault tolerant control systems.
Systems which provide safety functions typically utilize redundant controllers to ensure safety by shutting down functions that have experienced a fault or failure. Such systems are known as fail-silent systems. If a fault is detected, controls are shut down for the feature and the feature will no longer be operable in the system.
Some systems try to implement control systems utilizing a fail-operational system where additional controllers are used to ensure that a safe operation can be continued for a duration of time, such as dual duplex controllers. If a first controller fails and falls silent, a second controller will be activated and all actuators will switch over to rely on requests from the second controller. Since controllers must execute different functions and redundancies depending on which critical functions are running, efficient utilization of a controller is desired since the both the functions and the number of backup controllers needed to execute those functions will depend on the redundancy mode for the respective function within each controller.