Safety controllers for safety control are required to be capable of detecting both a hardware failure, which is a permanent failure in a circuit in a processor and a memory, and a software failure, which is a temporary failure, in accordance with, for example, IEC61508, which is the international standard concerning functional safety.
The known methods of internal diagnosis performed by a safety controller, for example, include a method of performing mutual diagnosis in which the computation results from two processors are collated and a method of performing the same computation process twice with one processor and then comparing the processing results. For example, a method is disclosed in Patent Literature 1 in which the results obtained by performing the same computation process twice with one processor are written in different memories.