For safety reasons it is known that a control system for a railway system can be diversified in the form of processing branches having different computation circuit configurations. On the basis of the same input data each processing branch carries out the same applications or application algorithms, but using different forms of computation.
In the situation where each branch is functioning correctly, identical commands are issued as outputs from each branch.
If there should be a failure in the circuitry of one of the branches different commands are produced.
In the case where several branches fail simultaneously, different commands are also produced because of the lack of breakdown correlation between branches having different computation circuit configurations. This conventional arrangement is particularly advantageous when complex algorithms are used.
One well-known simple implementation of this secure control system, from the physical point of view, comprises providing a processor of identical architecture in each branch.
In this well-known implementation each processor runs a different set of instructions or object program originating from a different source program depending upon the language of the different associated compiler, each different source program emulating the same application defined by the same inputs, the same outputs and the same application algorithms.
However, this implementation, which is simple from the physical point of view, remains complex from the software point of view, requiring the development of many software components in proportion to the number of different languages or compilers used.
The specific problem arising with such a conventional control system rendered secure through diversification is the complexity of the development of the software components using several compilation languages.