While there many solutions for a given problem, often they create more complexity than needed. This comes from the fact that the complexity reflects the learning process. In the beginning, the information looks confused and overlapping and not well structured.
Gradually, order will come forward as insight will have been gained. This comes from analyzing how it really works and taking a step back. In engineering we call this formalization. What it comes down to is building abstract models that help in getting rid of the confusing details. Complexity is a sign of a problem not well understood.
Architecture is the forgotten art of engineering. Clean architectures make a difference.
StarFish © Fault Resilient computing
There was a time when mechanical solutions were dominant. Bulky and heavy, but mostly inherently safe because operating in the continuous domain, they had the benefit of graceful degradation.
Now digital electronics and software dominates because it makes things smarter, more flexible, cheaper and lighter. The issue is that we are here in the digital domain and every clock pulse (often billions per second) a single glitch can make things go wrong.
The solution again is the architecture and concurrency. Concurrency provides more performance but also redundancy when needed.
Such a safe architecture cannot be put as a layer on top of an unsafe one. The underlying basis must be correct be design. Therefore OpenComRTOS was formally developed as well as formally proven.
Less code means also lower probability of error. Scalability by design also means that transparent parallel processing makes distributing the work for redundancy is built in. No clumsy middleware to deal with gives better performance.
Safe Systems = SIL4
Making systems safe by design is not easy. It requires thinking up front about behavior that should never happen. Even when done properly, there is still the so-called common mode failure. It symbolizes that the unthinkable can happen and that it will happen is a certainty.
Therefore we disagree with safety thinking that goes for so-called fail-safe states when a fault is detected. An impaired system that is no longer fully functional is no longer a safe system.
In safety terms systems should be designed for a SIL4 level, impaired by a fault but still fully functional in SIL3 mode.