How do you design fault-tolerant embedded systems?

Fault-tolerant design ensures system continues operating despite failures, critical in safety and mission-critical applications. Techniques: Hardware redundancy: Dual/triple modular redundancy (DMR/TMR) with voting. Hot/cold standby systems. Watchdog timers for processor monitoring. Error detection: ECC memory for bit flip correction. CRC on stored data and communications. Parity checking on buses. Software techniques: Defensive programming (assertions, range checks). N-version programming (independent implementations). Recovery blocks (primary with fallback). Checkpoint and restart for long operations. Graceful degradation: Identify critical vs non-critical functions. Shed non-essential loads under failure. Maintain safe state when recovery impossible. Diagnosis: Self-test at startup (BIST). Runtime monitoring of health indicators. Logging for post-mortem analysis. Safety standards (ISO 26262, IEC 61508) define required techniques per safety integrity level.