An embodiment relates to fault tolerant control systems.
Systems which provide safety functions typically utilize redundant controllers to ensure safety by shutting down functions that have experienced a fault or failure. Such systems are known as fail-silent systems. If a fault is detected, controls are shut down for the feature and the feature will no longer be operable in the system.
Some systems try to implement control systems utilizing a fail-operational system where additional controllers are used to ensure that a safe operation can be continued for a duration of time, such as dual duplex controllers. If a first controller fails and falls silent, a second controller will be activated and all actuators will switch over to rely on requests from the second controller. The issue with duplex designs is that due to fact that the controllers are essentially identical, they carry the same defects, particularly software defects. Since the software is identical, both controllers will inherently have the same issues if a software related defect occurs. As a result, in a system that uses symmetrical implementation of controllers, which are essentially exact copies of each function, such systems provide little assistance with respect to software faults.
Other types of systems that utilize non-symmetrical implementation of controllers may avoid duplicative hardware and software faults; however, utilizing a second non-symmetric controller that includes the necessary software and hardware for controlling all features controlled by the first non-symmetrical controller is costly.