In safety-relevant systems, such as an ABS (anti-lock braking system) in a motor vehicle, malfunctions of the electronic components must be reliably detected, so redundancies are usually provided for fault detection, e.g., in the corresponding control devices for such safety-relevant systems. Thus, for example, in known ABS systems, the complete microcontroller is duplicated, and all ABS functions are redundantly computed and checked for agreement. If a discrepancy occurs in the results, the ABS system is switched off.
To reduce costs, conventional control systems utilize two CPUs (central processing units) which are implemented on one silicon chip, instead of using two complete microprocessors. In this case, all functions are likewise computed redundantly, and the respective output values are compared. Such a microcontroller is known as a dual-core computer. In a dual-core computer, the two sets of redundantly computed data are usually compared bit for bit. As a result, even in the event of a discrepancy between the lower-order data bits (e.g., least significant bits (LSB)), an error-specific system response, such as shutdown, occurs, although such an error in the lower-order data bits usually would not have a significant effect. An availability problem results, because the system is shut down even in the cases of errors for which a shutoff would not be necessary.
In today's systems, errors are generally handled irrespective of the relevance of the erroneous data. In other words, the same system response results irrespective of whether the fault has occurred in higher-order or lower-order bits, addresses, or data.
A comparable problem also occurs when using today's redundant communication systems, where messages of individual channels are usually provided with a checksum, e.g., CRC, coding and decoding taking place in a communication controller, rather than in the microcontroller itself which is the actual source or destination of the data.