OSDev.org

I am pretty sure that voting systems are already in use for various mission critical applications where a mistake could mean loss of life. E.g. A nuclear power plant may have three scada controllers for a critical process and if one returns a different result to the other two, they can determine at the plant that there is a fault in the process. Of course all three controllers would be identical, and this is oversimplification but I am sure you get the idea. AI isn't needed for this solution which is a solution to a problem many have already solved who I am sure are way above our pay grades

Note that voting system is slighting different with redundancy. For nuclear plant it sound like if any one of the three systems return false, the result is false, instead of 2/3 true => true for a voting system. It is otherwise more like an authorizing system requiring "pass" from all authority, and if any of them say no it's a no-go.

bluemoon wrote:Note that voting system is slighting different with redundancy. For nuclear plant it sound like if any one of the three systems return false, the result is false, instead of 2/3 true => true for a voting system. It is otherwise more like an authorizing system requiring "pass" from all authority, and if any of them say no it's a no-go.

That's not really a good analogy: while sometimes unanimity is a desired feature, it's not always. A nuclear power plant uses control rods and the position of the rods determines if the power output is increasing, decreasing or (almost) constant. If a single defective system causes a veto there, the feedback loop will just keep going until the reaction either shuts down or until meltdown.
Instead it'd be better to have one system per individual rod and not have them communicate with each other at all (other than with main engineering that says what the power output should be). In that case a defective system could put the rod in whatever state it pleases, but the numerous other control rods would be able to compensate.

Also, both cars and propeller planes (used to) have a steel wire connecting the gas control to the engine. As a safety, there's a spring on the engine that puts the gas in a certain position in case the cable snaps and manual control is lost. In the car, the spring shuts down the gas intake, and the car will come to a halt rather than suddenly going full gas with the dangerous consequences thereof. In a plane, it does the exact opposite: it'll open the gas to full, because a plane needs velocity to stay airborne, and the pilot can later shut down the crippled engine when the landing strip is in range and glide down.

The problem is that veto systems become inoperable when one of its constituent components enters that "veto" state, and both the car and airplane needs mechanical servicing before they can resume proper operation (the car can only go walking speed and the airplane lost it's ability to taxi), whereas the nuclear plant can keep running with a few defective components - that's what redundancy is actually meant to do.

How are these personalities different? If you code all three yourself, you're likely to use the same logic in all of them.