ECC? Yes, but that's not all; safety-critical applications like automotive often use two cores running the same code in lockstep, each with their own memory. If the behavior of the two CPUs goes out of sync, the processor can be configured to take corrective actions, such as resetting, halting, and/or going into a failsafe mode.
TI has an overview of the safety features in their Hercules microcontrollers here:
Don't you need at least three actors, such that in a single failure condition you can use an election algorithm? I guess two are enough if you do regular snapshotting and the worst case time to restore from a snapshot is lower than the real time bounds you need to comply with.
It depends if, when two processors disagree, you can perform a simple 'stop' action.
For example, if something goes wrong with the processor on your industrial robot arm, you just stop all the motors and activate all the brakes. No need to figure out which of the processors is right, have an engineer come out and fix the bug that caused the disagreement.
On the other hand, if something goes wrong with the processor during your space shuttle launch, it would not help to turn off all the rockets - better to have an election algorithm so things can keep working.
Is a self-driving car more like the first case or the second? Depends if the driver is ready to take the wheel :)
There are far too many situations where a switchover time of [user initial reaction time + initial response time] is high enough to be rather dangerous.
Generally the system will fall back to a 'limp home mode' running on a simpler algorithm on a watchdog microcontroller. See for example, Freescale's reference design for an airbag controller.
TI has an overview of the safety features in their Hercules microcontrollers here:
http://www.ti.com/lit/wp/spry178/spry178.pdf