Safety critical control systems are required in various applications such as aircraft controls, nuclear shutdown systems, medical instruments, etc. In such applications, since even a single failure could cause human causalities or financial losses, much effort has been made to mitigate failures by using redundant computing channels allowing detections of the failures or back-up in case where at least one channel fails. Each redundant computing channel typically includes a command lane and a monitor lane and employs dissimilar processor cores for each lane's computing block to contribute to the design diversity between the lanes to mitigate the effect of a common mode fault that may cause loss of primary control availability.
The embedded controls industry is migrating towards use of multicore processors to meet the ever demanding increase in throughput capability while lowering dissipated power and increasing reliability. In some prior efforts, respective dissimilar processor cores corresponding to the two lanes of each redundant computing channel are implemented on different system-on-chip (SOC) devices. In this design, however, the separate SOC devices may be implemented on heterogeneous integrated circuits or supplied by different manufactures, thus making it difficult to obtain a similar level of safety or integrity to both lanes.