Talk:Embedded Control Systems Design/Design criteria

Maybe we should add something to the following topic "Safe failure modes: embedded systems can always fail, but the result of the failure should be predictable and safe. For example, an error is a car's motor control unit should result in halting the motor, not in making it accelerate uncontrollably."

Add the folowing:

"However, critical embedded systems (of a car) can have substantial different failure modes. For example, the steering assistance system should not shut down upon a failure. It should rather go into a standard mode to make sure that the car is still steerable to a safe haven. The same philosophy applies to the braking assistance of a car."

Something like this. Maybe you can make it a little bit briefer. Anyway, my point is to make the reader clear that a safe mode not always consists of shutting down the systems completely, but rather follow a safe shut-down procedure, like in a nuclear power plant. --VanVlem (talk) 19:37, 23 March 2008 (UTC)