|Figure 1 - Typical Cross checking system.
The block diagram to the left depicts a typical system. Here are two processors, the control and the monitor processors. The system inputs must be identically applied to both processor. They may be sensor inputs, inputs for control, clocking,... In a deterministic system, both of these processors should have identical outputs for identical inputs. Both processors should calculate the same exact system output. Both processors monitor the other processors system output. Both processors compare their calculated output to the other processors output. If they do not match, the output line 'Mismatch' is asserted. The "System Fail" output is asserted if either processor declares a mismatch. There are two interesting things to note with this system. First is that only the output from the Control processor is actually used. The second is that although system integrity is increased, system reliability (which is measured in FIT or MTBF) will decrease. This is because if either processor fails, then the system fails. Although MTBF decreases, what is gained is the knowledge that the system has failed.
In applications such as safety where integrity is important, cross checking systems are a very practical design possibility.