摘要 |
The method involves receiving output states determined by one of two intrinsically safe computers (10, 20), and comparing, for each output, the states determined by the two computers. A state of divergent operation is detected, if the two computers have determined two different states for a single secure output. The state of divergent output is determined by preventing any transition from a restrictive state to a permissive state, if a divergence is detected for secure outputs. An independent claim is also included for a processing system comprising two secure computers. |