Spurious events at input pins can cause functional failures to a chip. Critical pins like reset and interrupt can have glitch filters to stop noise and transient spikes from getting in.
Redundant critical on-chip modules like processor, ISO, DMA controller, internal clock generator, and communications peripherals can improve reliability should a primary hardware module become non-functional while the vehicle is running. Such a system can have in-built error detection mechanisms and on-the-fly switching to redundant hardware to mitigate threats to passenger safety.
But this kind of redundant hardware architecture comes with the penalty of increased area and higher power management in silicon. Area penalties can be minimized by intelligent selection of which functions need to be duplicated in silicon. Power can be minimized by adopting power and clock gating in the redundant modules. Some in-vehicle computers can be implemented in lock-step of each other, where primary and redundant modules process the same input. Mismatch in the output of the lock-step modules indicates a defect in either of the modules. The system can switch itself off or take appropriate safety measures to avoid any real-time failure. Redundant hardware should be placed quite far in silicon from the primary embedded systems to avoid tampering of both modules together.