To guard against common-mode failure, the two processors are oriented at 90° to one another, and a two-cycle delay is introduced in the signals before comparison. (Image courtesy of Texas Instruments.)
And when dealing with saftey cost is geneally less of an issue. Great article by the way as well. Often saftey is so focused on the mechanical that the electrical can be missed. Much less individual components within the electrical system.
Sounds like TI built up a pretty impressive, layered diagnostic and self-testing architecture for this MCU series. Is this kind of layered approach common or is this a capability that's fairly unique to the Hercules line? If so, seems like it would give TI quite a competitive edge.