alt Hacker NewsIn redundant systems like these, how do you avoid the voting circuit becoming a single point of failure?
Eg. I could understand if each subsystem had its own actuators and they were designed so any 3 could aerodynamically override the other 2, but I don't think that's how it works in practice.
Replies
AlphaSite • today at 7:31 AM
Voting can be coordinated between the N cpus rather than an external arbiter (even making that redundant eventually required the CPUs to decide what to do if they disagree so may as well handle it internally).
exe34 • today at 7:45 AM
if the issue is radiation bit flipping, you could make that part overly shielded?
➕ show 1 reply
My understanding is you're roughly right: the actuators will have their own microcontroller. It receives commands from the say 3 flight computers, then decides locally how respond if they mismatch. Ie for 2 out of 3 matching it may continue as commanded, but with only 1 out of 3 it may shift into a fail safe strategy for whatever that actuator is doing.