An embodiment relates to fault tolerant control systems.
Systems which provide safety functions typically utilize redundant controllers to ensure safety by shutting down functions that have experienced a fault or failure. Such systems are known as fail-silent systems. If a fault is detected, controls are shut down for the feature and the feature will no longer be operable in the system.
Some systems try to implement control systems utilizing a fail-operational system where additional controllers are used to ensure that a safe operation can be continued for a duration of time, such as dual duplex controllers. If a first controller fails and falls silent, a second controller will be activated and all actuators will switch over to rely on requests from the second controller. Other types of systems that utilize non-symmetrical implementation of controllers may avoid duplicative hardware and software faults. However, in either case, utilizing a second controller that is dedicated solely for the purpose of only being a backup controller to the primary controller is inefficient, and potentially more costly, in terms of resource usage (e.g., memory or CPU usage).