|
|
|
|
|
|
by ethbro
2514 days ago
|
|
|
See above comment. With 2, you don't. With 3, you do. But if there's a human in the loop and a manual alternate control pathway, detecting a disagreement allows you to cue the manual operator and transfer control to them. Or fall back to a much simpler system of computer aid. With 1, hardware failures are extremely hard to detect at all, as even your computational checks for internal consistency are subject to mutation. |
|
|
Unless all 3 different give different results, two failures and one correct.
IIRC the shuttle had a 3+1 system 3 as a cohort with voting and if they couldn't reach consensus the 1 was a minimal system that could keep the lights on.