Safety critical systems are used to monitor condition values and parameters of a system within specified operational limits. For example, some safety critical systems include high level units such as processors or central processing units, and low level units such as input/output (“I/O”) modules or replicas of high level units. When a risk condition occurs, such as an indication that a low level unit or a device associated with the low level unit is malfunctioning, safety critical systems are often configured to trigger an alarm and/or place the system in a safe condition or a shutdown condition.
Safety critical systems rely on various voting principles such as a two out of two (“2oo2”) voting principle, a two out of three (“2oo3”) voting principle, another voting principle, or combination thereof, to determine whether a system is operating normally or if there is a cause for concern. Usually, for systems with a voting function, all input is distributed between all units. Then, each unit within the system processes the input independently, and determines an output. The output is voted by exchanging the information between all voting units. The voting units have to agree on an output. Any unit that disagrees from the majority among the voting units is restricted from generating an output. Voting functions are usually limited to high level units in safety critical systems because of the complexity of the voting function, which requires exchanging information between all of the voting units.
Communication between high level units and low level units are often complicated. For example, in safety critical systems that employ the 2oo2 voting principle, to maintain communication between multiple high level units and multiple low level units in a safety critical system, the 2oo2 voting principle requires that at least two communication channels are available at all times within the system. Similarly, a safety critical system that employs a 2oo3 to 2oo3 voting principle also requires that at least two communication channels are available at all times to maintain operation. Some safety critical systems employ combinations of voting principles such as a 2oo3 to 2x2oo2. These systems require a single communication channel to be available between high level units and low level units, but also require two communication channels to each low level unit to be available.
Though voting rights are generally limited to high level units in safety critical systems, some safety critical systems are configure to include low level units that employ voting capabilities that require cross-communication channels, and relatively complex software, to exchange information between the low level units and the high level units, which further complicates communication within the safety critical system.