Skip to content

Self Checking

Prime #
1169
Origin domain
Computer Science & Software Engineering
Subdomain
reliability and verification → Computer Science & Software Engineering

Core Idea

Self-checking is the structural pattern in which a system detects errors in its own output or state by computing the answer through two or more partially-independent paths and comparing, rather than relying on an external observer to flag inconsistency. The defining structure is a triple: a primary computation producing some result; one or more redundant representations of the same underlying fact computed by a partially-independent path — a check digit, a duplicate calculation, a parity bit, a ledger entry, an immune signature, a peer-reviewer judgment, a type derivation; and a comparator that flags disagreement and either halts, retries, or hands off to recovery. The comparator's verdict is the error signal; without divergent representations, no error signal exists.

The structural force comes from three commitments that survive across substrates. First, self-checking is internal: the comparator lives inside the same overall system as the primary computation, so detection happens without external audit. Second, the redundancy must be partially independent — fully independent paths give the strongest detection guarantees, fully dependent paths (the same computation done twice) give none. Third, detection is decoupled from correction: self-checking detects, recovery responds, and the two can be separately engineered. The result is a system that knows when it has gone wrong, within the coverage of its checks, without needing to be told. This pattern recurs whenever a system must operate without continuous external supervision — distributed computation, double-entry accounting, biological cell-cycle checkpoints, immune self/nonself discrimination, peer review, blockchain validation. It is bare redundancy-and-comparison structure, carefully distinguished from broader redundancy, fault tolerance, and verification, and it imports no home context.

How would you explain it like I'm…

Check It Twice

When you add up your candy two different ways and both give the same number, you can trust it. But if one way says 7 and the other says 9, you instantly know you made a mistake somewhere. Doing it twice in two ways lets you catch your own goof without anyone telling you.

Catch Your Own Mistakes

Self-Checking is when a system spots its own mistakes by working out the same answer through two or more different paths and comparing them, instead of waiting for an outsider to point out the error. If the two paths agree, all good; if they disagree, that mismatch is the alarm telling you something went wrong. A good example is the extra digit on a credit card or barcode: it's computed from the other numbers, so a typo makes it not match and the machine rejects it. The two paths have to be at least a little independent — doing the exact same calculation twice catches nothing, because both would make the same mistake. And catching the error is separate from fixing it: first you detect, then you decide whether to redo it, stop, or recover.

Two Paths, One Comparator

Self-Checking is the structural pattern in which a system detects errors in its own output or state by computing the answer through two or more partially-independent paths and comparing, rather than relying on an external observer to flag inconsistency. The structure is a triple: a primary computation producing a result; one or more redundant representations of the same underlying fact computed by a partially-independent path — a check digit, a duplicate calculation, a parity bit, a ledger entry, an immune signature, a peer review; and a comparator that flags disagreement and halts, retries, or hands off to recovery. The comparator's verdict is the error signal, and without divergent representations there is no error signal at all. Three commitments give it force: it is internal (the comparator lives inside the same system, so no external audit is needed); the redundancy must be partially independent (fully independent paths give the strongest guarantees, the same computation twice gives none); and detection is decoupled from correction. The result is a system that knows when it has gone wrong, within the coverage of its checks, without being told.

 

Self-Checking is the structural pattern in which a system detects errors in its own output or state by computing the answer through two or more partially-independent paths and comparing, rather than relying on an external observer to flag inconsistency. The defining structure is a triple: a primary computation producing some result; one or more redundant representations of the same underlying fact computed by a partially-independent path — a check digit, a duplicate calculation, a parity bit, a ledger entry, an immune signature, a peer-reviewer judgment, a type derivation; and a comparator that flags disagreement and either halts, retries, or hands off to recovery. The comparator's verdict is the error signal; without divergent representations, no error signal exists. The structural force comes from three commitments that survive across substrates. First, self-checking is internal: the comparator lives inside the same overall system as the primary computation, so detection happens without external audit. Second, the redundancy must be partially independent — fully independent paths give the strongest detection guarantees, fully dependent paths (the same computation done twice) give none. Third, detection is decoupled from correction: self-checking detects, recovery responds, and the two can be separately engineered. The result is a system that knows when it has gone wrong, within the coverage of its checks, without needing to be told. The pattern recurs wherever a system must operate without continuous external supervision — distributed computation, double-entry accounting, biological cell-cycle checkpoints, immune self/nonself discrimination, peer review, blockchain validation — and it is bare redundancy-and-comparison structure, carefully distinguished from broader redundancy, fault tolerance, and verification.

Structural Signature

the primary computation producing a resultthe partially-independent redundant path computing the same factthe comparator emitting an error signal on divergencethe coverage profile of detectable error classesthe internal locus of the comparatorthe detection-correction decoupling

A system is self-checking when each of the following holds:

  • A primary computation. Some process produces a result or state whose correctness is at stake.
  • A redundant representation. One or more additional paths compute the same underlying fact — a check digit, duplicate calculation, parity bit, ledger entry, type derivation, second judgment.
  • Partial independence. The redundant path shares less than full dependence with the primary; fully independent paths give the strongest detection, fully dependent paths (the same computation twice) give none, so common-mode coupling degrades the guarantee.
  • A comparator. A rule compares the representations and emits an error signal on disagreement; without divergent representations no error signal can exist.
  • An internal locus. The comparator lives inside the same overall system as the primary, so detection happens without external audit.
  • A coverage profile. The comparator detects only the error classes its check can see; what falls outside coverage passes silently, making the profile a first-class property.
  • Decoupled correction. Detection is separable from the response (halt, retry, correct, escalate); the two are independently engineerable.

The components compose a system that knows when it has gone wrong within its coverage: divergence between independent representations of one fact, surfaced internally by a comparator, separated from whatever recovery follows.

What It Is Not

  • Not verification. verification establishes that an artifact meets a specification, often by an external authority or proof before deployment. Self-checking is internal and runtime: the system computes a redundant representation of its own live output and compares, detecting error without an external auditor.
  • Not validation. validation asks whether the right thing was built (fitness for purpose against intent). Self-checking asks only whether the output is internally consistent across redundant paths — it can pass while the whole system solves the wrong problem.
  • Not redundancy in general. redundancy is spare capacity that lets a function survive a component loss. Self-checking uses redundancy but adds a comparator that extracts an error signal from divergence; pure redundancy masks faults silently, self-checking surfaces them.
  • Not fault tolerance. fault_tolerance is continued correct operation despite faults — it must also correct or mask. Self-checking is the detection half only; detection and correction are deliberately decoupled, and a halt-on-divergence design detects without tolerating.
  • Not monitoring. monitoring observes a system from outside against expected behavior. Self-checking's comparator lives inside the same system as the primary computation, recomputing the same fact by a partially-independent path rather than watching from a vantage point.
  • Common misclassification. Reading "the check passed" as "the output is correct." A comparator detects only the error classes inside its coverage profile — parity is green over a double-bit error, a trial balance balances over a wrong-account posting; passing means "no error of the covered class," not "correct."

Broad Use

Self-checking, read as primary-plus-redundant-plus-comparator, recurs across substrates that must catch their own errors. In hardware reliability it appears as parity bits, error-correcting memory, CRC checksums, and lockstep processors comparing outputs. In software engineering it is assertions, invariants, runtime contracts, property-based tests, and type checking, where the type derivation is a redundant path against the value computation. In distributed systems and blockchains, every node independently re-validates blocks before extending the chain, and one node's disagreement with the majority is the error signal. In accounting, double-entry bookkeeping records every transaction twice, and the requirement that the books balance is the comparator. In scientific practice, peer review and replication recompute claims by partially-independent paths, with disagreement triggering revision. In biology, cell-cycle checkpoints check replication and chromosomal attachment against expected state and halt on disagreement, while immune self/nonself discrimination compares circulating antigens against tolerized self-signatures. In communications, error-detecting and error-correcting codes add structured redundancy so receivers detect corruption without retransmission. In aviation, triple-modular redundancy with majority voting identifies the divergent module as the one in error. And in reasoning and dialogue, "show your work" and "explain it back to me" reconstruct a claim from two angles and treat disagreement as evidence of error.

Clarity

Naming self-checking as its own pattern separates three things commonly conflated under "the system catches its own bugs." It separates detection — the divergent-representation-plus-comparator structure — from correction — the recovery action taken after detection — and both from prevention — the upstream design choices that make errors less likely. A self-checking design might have excellent detection but no correction (halt-on-divergence), strong detection and correction (error-correcting memory), or strong detection with deliberately limited correction (a blockchain rejects rather than repairs an invalid block). Without the distinction, "the system is reliable" muddles together what kind of reliability is on offer. A second clarifying move: self-checking exposes the coverage question that purely-prescriptive "make it reliable" loses. A check covers only the discrepancies its comparator can detect. Parity catches single-bit errors but misses double-bit; type checking catches type errors but not logic errors; double-entry catches transposition and omission but not collusion that preserves the balance. Every self-checking design has a coverage profile — what classes of error its comparators can and cannot catch — and that profile is a first-class design property.

Manages Complexity

Self-checking compresses an enormous range of reliability-engineering practices — parity, error-correcting codes, checksums, double-entry, peer review, type checking, replicated execution with voting, blockchain validation, immune surveillance — into a single three-role schema: primary computation, redundant representation, comparator. Once the schema is named, otherwise-unrelated practices become commensurable, and the design questions become portable. What is the redundant path's degree of independence from the primary, since independent paths have stronger detection and dependent paths none? What is the comparator's coverage — what error classes can it see, and what classes are invisible? What is the response on detection — halt, retry, correct, escalate? And what is the overhead — compute, storage, bandwidth, latency? The complexity managed is the surface diversity of reliability techniques: rather than a separate craft for circuits, ledgers, cells, and journals, there is one schema with four design questions that applies to all of them, so an analysis built in one domain transfers as those questions to any other, and a novel reliability mechanism can be read off against the same template.

Abstract Reasoning

Treating self-checking as the unit enables substrate-independent reasoning about the value of redundant representation as information about correctness. The coverage-versus-overhead trade: stronger comparators — more independent paths, finer-grained checks — detect more errors at proportional cost, and the engineering question is where on the curve to sit. The independence argument: redundant paths are only as useful as they are statistically independent of the primary, so common-mode failures — the same bug in both copies, the same misconception in both reviewers — destroy the detection guarantee, which is the structural reason for diverse implementation in safety-critical systems, blinded peer review, and adversarial training. The inside-versus-outside argument: self-checking gives the system agency over its own error signal, whereas external audit puts that agency outside, with consequences for response time, scalability, and trust. And the silent-failure pathology: a self-checking system whose comparator itself has failed can produce false confidence — the checkpoint that always returns "OK" because it has stopped checking is worse than no checkpoint at all, which motivates checking-the-checker patterns such as negative selection of thymocytes, randomly injected test cases, and attestation of the validator. The reasoner who holds the prime therefore treats independence, coverage, and the integrity of the comparator as the three things any self-checking claim must defend.

Knowledge Transfer

Because self-checking is bare redundancy-and-comparison structure, a technique built in one substrate transfers to another by re-identifying the primary, the redundant path, and the comparator, and the prime's reach is the reach of that re-identification. Parity and error-correcting arithmetic transfer to double-entry accounting: both add a redundant aggregate — a parity sum, a balance constraint — that valid operations must preserve, so violation locates an error class before its source is known, and accountants and circuit designers solved the same structural problem with the same structural answer. Lockstep and triple-modular redundancy transfer to blockchain validation, where replicated execution with comparison is the same structure as independent nodes re-validating a block and rejecting majority-disagreement, and the Byzantine-fault thresholds are inherited from the underlying self-checking-under-faulty-comparator analysis. Type checking transfers to cell-cycle checkpoints: both compute a redundant property of the state — well-typedness, correctly-replicated DNA — and halt the next step on disagreement, and both suffer false confidence if the checker is compromised, by an unsound type system or a mutated checkpoint protein. Peer review transfers to adversarial collaboration, since replicating a finding by a partially-independent path is structurally the comparator step, and shared methodology, training, or incentives reduce independence and undermine detection, which is why deliberate independence-engineering is needed. Immune negative selection transfers to unit testing, since tolerizing the comparator against legitimate self-signatures is baselining tests against known-good outputs, with the calibration itself a high-stakes step where a false positive is autoimmunity and a false negative is an accepted bad output. And checking-the-checker transfers to attestation chains, bounding the regress by ultimately trusting some path or by combining independent comparators whose joint failure becomes implausibly improbable. In every transfer the practitioner runs the same diagnosis — identify the primary computation, construct a partially-independent redundant path, define the comparator and its coverage, set the response policy, and guard the comparator against silent failure — and the transfer holds because none of these steps names the substrate: a flight computer voting three CPUs and a journal recombining a reviewer's reconstruction with a paper's conclusion are running the same detection, distinguished only by what is being recomputed and compared.

Examples

Formal/abstract

The Luhn check digit on a credit-card number is self-checking compressed to a single appended symbol, and it lets every role of the prime be read off arithmetic. The primary computation is the bare account number a clerk or terminal enters. The redundant path is a deterministic function of those same digits: alternate digits are doubled, the digit-sums are summed, and a final check digit is chosen so the total is congruent to zero modulo ten. The comparator recomputes that sum from the entered digits including the check digit and emits an error signal whenever the result is not zero mod ten. The independence is partial and deliberate — the check digit is computed from the very digits it guards, so the redundancy is internal, but its weighting structure (the alternating doubling) is engineered to be sensitive to exactly the human entry errors that matter. This is what makes the coverage profile concrete and inspectable: the scheme catches every single-digit substitution and almost all adjacent-transposition errors (the dominant typing mistakes), while it is blind by construction to certain twin-digit swaps and to any error that preserves the weighted sum. The detection-correction decoupling is visible too: a failed Luhn check tells the terminal that the number is wrong but never which digit, so it halts and re-prompts rather than repairing. The diagnosis the prime forces is the right one — when a fraudster generates a Luhn-valid number, the lesson is not that the check failed but that validity is inside its coverage and authorization (a partially-independent path with far broader coverage) is the comparator that catches it. The intervention space is the prime's: widen coverage by adding a more independent redundant path, or accept the residual error class and place a second comparator downstream.

Mapped back: The Luhn digit is the primary-plus-redundant-plus-comparator triple in miniature — entered number, weighted modular checksum, mod-ten comparator — with a precisely characterized coverage profile (catches substitutions and transpositions, misses sum-preserving errors), showing the prime's coverage and detection-correction-decoupling commitments in pure arithmetic.

Applied/industry

Two unrelated applied domains — double-entry bookkeeping in finance and the spindle-assembly checkpoint in cell biology — run the same detection structure. In double-entry, the primary computation is the recording of a business transaction; the redundant representation is that every transaction is entered twice, once as a debit and once as a credit, by the partially-independent logic that money has both a source and a use. The comparator is the trial balance: the requirement that total debits equal total credits. A nonzero difference is the error signal, surfaced internally without any external auditor, and it locates an error class — a transposition, an omission, a one-sided entry — before its source is known. The coverage profile is exactly as the prime predicts: the balance catches arithmetic and posting errors but is blind to errors that preserve the equality, such as a transaction posted to the wrong account of the right type, or collusive fraud that books an offsetting fake entry — which is precisely why an independent audit (a more independent redundant path) is layered on top. The cell-cycle checkpoint maps cleanly: the primary computation is mitosis proceeding toward chromosome separation; the redundant path is a molecular sensor that checks whether every chromosome's kinetochore is correctly attached to spindle microtubules — a representation of "is the state ready?" computed independently of the machinery driving division. The comparator halts anaphase while any attachment is unsatisfied, the error signal being the sustained "wait" output of unattached kinetochores. The prime's silent-failure pathology is the clinical punchline: when the checkpoint protein is mutated so the comparator always returns "OK," division proceeds with mis-segregated chromosomes, producing the aneuploidy characteristic of cancer — a comparator that has stopped checking is worse than none. In both domains the intervention the prime names is the same: protect and audit the comparator itself, and add a more independent redundant path to widen coverage.

Mapped back: Double-entry's debit-credit duplication with a trial-balance comparator and the checkpoint's independent attachment-sensor with an anaphase-halt comparator are the same primary-redundant-comparator triple operating internally, and both display the prime's coverage limits and silent-comparator failure mode, so the fixes — independent audit, protected checker — transfer between accounting and cell biology unchanged.

Structural Tensions

T1 — Independence versus Cost (coupling). Detection strength rises with the independence of the redundant path, but fully independent paths are the most expensive to build — a separate team, a diverse implementation, a different sensor. The failure mode is duplicating the same computation to save cost (recompute with the identical code, re-review by a like-minded colleague), which catches transient faults but is blind to the shared bug or shared misconception. Diagnostic: ask what error class both paths could commit together. If a common-mode failure — same library, same training, same assumption — would corrupt both representations identically, the comparator's guarantee is illusory regardless of how many copies exist.

T2 — Coverage versus Completeness (scopal). A comparator detects only the error classes its check can see; everything outside the coverage profile passes silently. The failure mode is reading "the check passed" as "the output is correct," when it only means "no error of the covered class was present" — parity green while a double-bit error sits underneath, trial balance balancing over a wrong-account posting. Diagnostic: enumerate what the check is provably blind to. If the residual error classes outside coverage include the failures that actually matter (sum-preserving fraud, logic bugs that type-check), a passing check is false reassurance and a second, differently-scoped comparator is needed.

T3 — Detection versus Correction (scopal). Self-checking detects; it does not by itself repair, and the two are separately engineerable. The failure mode is assuming that catching an error means handling it — a halt-on-divergence design that detects faults but has no recovery, leaving a flagged-but-unfixed system worse off than one that degraded gracefully. Diagnostic: trace what happens after the error signal fires. If the response policy (halt, retry, correct, escalate) is unspecified or absent, the design has bought detection without resolution; reliability claims must state which kind of reliability — detection or recovery — is actually on offer.

T4 — The Comparator's Own Integrity (measurement). The check assumes the comparator works; a comparator that has silently failed returns "OK" unconditionally and is worse than no check, because it manufactures false confidence. The failure mode is trusting a green light from a checker that has itself broken — the mutated checkpoint protein, the assertion compiled out, the validator that no longer runs. Diagnostic: ask who checks the checker, and how a stuck-pass comparator would be noticed. If nothing tests the test — no injected fault, no attestation, no negative control — the system cannot distinguish "no errors" from "detection has died," and the regress must be bounded by an independent guard.

T5 — Calibration of the Baseline (sign/direction). Comparators that check against a tolerized baseline (immune self-signatures, known-good test outputs) depend on that baseline being correct; a mis-set baseline inverts the verdict. The failure mode is symmetric and opposite — too tight a baseline flags legitimate variation as error (false positives, autoimmunity, flaky tests), too loose accepts genuine faults as normal (false negatives, accepted bad output). Diagnostic: examine how the known-good reference was established and whether it has drifted. If the baseline was calibrated against possibly-faulty data or has not been re-validated, both error directions are live, and the calibration step is itself a high-stakes computation needing its own check.

T6 — Detection Latency versus Damage Window (temporal). A check that fires only after the erroneous result has already propagated detects the fault too late to prevent its consequences. The failure mode is placing the comparator downstream of the irreversible action — validating a transaction after funds moved, checking a cell-cycle stage after mis-segregation occurred — so detection is real but post-hoc. Diagnostic: compare when the comparator runs to when the output commits to something irreversible. If the error signal can only arrive after the damage is done, the check needs to move upstream of the commit point, or a compensating rollback path must be added, because late detection without rollback merely documents the failure.

Structural–Framed Character

Self-checking sits at the structural end of the structural–framed spectrum. Although it originates in computer-science reliability engineering, the pattern it names — a system detecting errors in its own output by computing the same fact through partially-independent paths and comparing — is bare redundancy-and-comparison structure, and on every diagnostic it reads structural, matching the frontmatter's all-zero criteria and aggregate of 0.0.

Walking the five diagnostics with this prime's substrates: vocabulary travels freely. The same primary-redundant-comparator triple is told in parity bits and CRC checksums in hardware, in type derivations and assertions in software, in the trial balance in accounting, in cell-cycle checkpoints and immune self/nonself discrimination in biology, in replication and peer review in science, and in majority voting in aviation — each substrate names the parts in its own words, importing no "verification" lexicon. Evaluative weight is absent: a comparator's verdict is value-neutral machinery; the structure is the same whether it guards a flight computer or a fraudulent ledger, and "good" enters only when one specifies what is being checked. Institutional origin is formal — the structure is fully stated as divergence between independent representations of one fact surfaced by an internal comparator, with no appeal to human institutions; double-entry is an institutional practice, but the underlying redundancy-and-comparison schema is not. It is not human-practice-bound: it runs indifferently in error-correcting memory, in mitotic checkpoints that no human mediates, and in blockchain nodes re-validating blocks. And invoking it recognizes a pattern already wired in rather than importing a frame — to call something self-checking is to point to a real second path and a real comparator one can test by injecting a fault, not to lay an interpretation over inert facts. Every diagnostic points the same way, and the prime is structural without qualification.

Substrate Independence

Self-Checking is about as substrate-independent as a prime can be — composite 5 / 5 on the substrate-independence scale. Its signature — a primary path, an independent redundant path, and a comparator that flags disagreement — is stated in pure relational terms with no commitment to any medium, so it is recognized rather than translated when it turns up in a new field. Its domain breadth is maximal: the identical primary/redundant/comparator triple recurs in fault-tolerant hardware (parity, ECC, lockstep cores), software (checksums, assertions, invariant checks), distributed systems (quorum and replica agreement), accounting (double-entry reconciliation), science (peer review and replication), biology (cell-cycle checkpoints, immune self/non-self discrimination, DNA proofreading), error-correcting coding, aviation (cross-checks and redundant instruments), and dialogue (confirmation and read-back). Its structural abstraction is complete because the pattern carries no domain-specific commitments — it only requires two pathways computing the same quantity and a means of comparison, which any medium can supply. And the transfer is concretely documented through the shared formalism of redundancy and error-detection codes that move intact between hardware, communications, and software engineering. Maximal breadth, a fully relational signature, and documented transfer all align on a canonical 5.

  • Composite substrate independence — 5 / 5
  • Domain breadth — 5 / 5
  • Structural abstraction — 5 / 5
  • Transfer evidence — 5 / 5

Relationships to Other Primes

One-hop neighborhood: parents above, mutual partners to the right, children below.Self Checkingdecompose: ComparisonComparisondecompose: RedundancyRedundancy

Foundational — no parent edges in the catalog.

Children (2) — more specific cases that build on this

  • Comparison is a decomposition of Self Checking

    The comparator that flags divergence between the redundant representations.

  • Redundancy decompose Self Checking

    Self-checking USES redundancy (the partially-independent path) and adds a comparator that extracts an error signal.

Neighborhood in Abstraction Space

Self Checking sits in a sparse region of abstraction space (70th percentile for distinctiveness): few abstractions share its structure, so a faithful description tends to retrieve it precisely rather than landing on a neighbor.

Family — Formal Methods & Idealized Models (31 primes)

Nearest neighbors

Computed from structural-signature embeddings · 2026-06-14

Not to Be Confused With

Self-checking is most often confused with verification, its nearest neighbor, because both establish that a computation is correct. The decisive differences are locus and time. Verification establishes, typically before deployment and often by an external authority, that an artifact conforms to a specification — a proof, a certification, an audit, a formal model-check against requirements. Self-checking happens internally and at runtime: the system itself computes a redundant representation of its own live output and compares, producing an error signal without any external observer and without a prior specification to verify against. Verification answers "does this design meet its spec, once and for all?"; self-checking answers "is this particular execution consistent with an independent recomputation, right now?" The two are complementary rather than identical — a fully verified system can still suffer transient hardware faults that only runtime self-checking will catch, and a self-checking system carries no guarantee that its specification was ever right, only that two of its paths agree. Conflating them leads to the error of assuming that a verified design needs no runtime checks (ignoring transient and environmental faults) or that a self-checking system has been verified (ignoring that its comparator could be coherently computing the wrong thing on both paths).

Self-checking must also be distinguished from redundancy, with which it shares the structural ingredient of duplicated representation. Redundancy is bare spare capacity: a second component, copy, or path that lets a function survive the loss of one — a backup generator, a mirrored disk, a standby server. Redundancy alone masks faults: if one copy fails, another carries on, and nothing in the structure necessarily reports that a failure occurred. Self-checking adds the load-bearing element redundancy lacks — a comparator that extracts an error signal from divergence between the redundant representations. The difference is between silent survival and active detection: triple-modular redundancy with majority voting is self-checking (the voter both masks the minority and identifies it as faulty), whereas a hot standby that silently takes over is pure redundancy and may hide a slowly accumulating fault until both copies are gone. The practitioner's takeaway is that adding copies buys availability, but only adding a comparator buys knowledge that something went wrong — and that the comparator's coverage, not the number of copies, determines what can be detected.

A third genuine confusion is with fault_tolerance. Fault tolerance is the system property of continuing to operate correctly despite faults, which requires both detection and a response that corrects or masks the fault before it reaches the output. Self-checking is specifically the detection half, and the prime deliberately decouples it from correction: a halt-on-divergence design (a lockstep processor that stops on mismatch, a blockchain node that rejects an invalid block) is fully self-checking yet not fault-tolerant, because it ceases rather than continues. Conversely, error-correcting memory is both — it self-checks via parity and tolerates via correction. Keeping the two apart forces the reliability question to be precise: "what kind of reliability is on offer — does this system merely know it has failed (detection), or does it keep working through the failure (tolerance)?" A flagged-but-unfixed system can be worse than one that degrades gracefully, so claiming "fault tolerance" when only detection exists is a dangerous overstatement.

These distinctions matter because each isolates a different commitment a reliability claim must defend. Verification fixes the locus-and-time question (external/pre-deployment versus internal/runtime); redundancy fixes the detection question (silent masking versus a comparator that surfaces an error signal); and fault tolerance fixes the correction question (detection-only versus continued correct operation). A design that confuses them will under-protect (assuming verification obviates runtime checks), over-trust (assuming spare copies report their own failure), or overstate its guarantees (selling detection as tolerance). Holding self-checking as the specific primary-redundant-comparator detection structure keeps the analyst asking its three irreducible questions — how independent is the redundant path, what does the comparator's coverage profile actually catch, and who checks the checker?

Solution Archetypes

No catalogued solution archetypes reference this prime yet.