| CPC G06F 11/0772 (2013.01) [G06F 11/0739 (2013.01); G06F 11/0796 (2013.01)] | 11 Claims |
|
1. A method of operation of a vehicle, the method comprising the following steps:
receiving over time, via one or more receivers of the vehicle, a plurality of instances of a pair of time signals that includes a first time signal from a first time source and a second time signal from a second time source, the first time source and the second time source being independent of each other;
for each of the instances, comparing, by a hardware processing system of the vehicle, the first and second time signals with each other;
while results of the comparisons are that the compared first and second time signals of the instances are within a predefined tolerance range of each other, operating, by the processing system, the vehicle in a normal mode in which safety operations are controlled by the processing system based on at least one of the first and second time signals of a most recent one of the received instances of the pair of time signals; and
subsequently transitioning the vehicle to an error mode in which the safety operations are controlled by the processing system based on at least one of the first and second time signals of one of the instances of the pair of time signals that is not the most recent one of the received instances, wherein performance of the transitioning is triggered as a response to results of each of one of more of the comparisons being that there is, between the first and second time signals of the respective received pairs subject to the respective comparison, a deviation that is outside of the predefined tolerance range.
|