A processor system includes a master processor that successively processes a plurality of tasks, a checker processor that successively processes at least one of the plurality of tasks, and a control circuit that performs control so that the checker processor operates when the master processor and the checker processor perform a lock-step operation, and the checker processor stops its operation when the master processor and the checker processor do not perform the lock-step operation, the lock-step operation being an operation in which each of the master and checker processors processes the same task, in which the control circuit performs control so that a period from when a task is processed by the lock-step operation to when another task is processed in the next lock-step operation is equal to or shorter than a maximum test period, the maximum test period being a test period acceptable to the processor system.

An apparatus and a method for the parallel and independent operation of a normal program and a secure program on the basis of a runtime system structure have all components that are relevant to the control integrated on a hardware component with a specific hardware architecture and be isolated from one another by a runtime system structure for two dual runtime systems for making changes to non-security-relevant components without restriction. The isolation can be provided by prioritizing one of the runtime systems. Such a runtime system structure or hardware architecture eliminates the need for follow-up certification of user-programmable controllers and the certification of the security-critical component is valid even when changes to the non-security-relevant components are made.

A method for managing processing power in a storage system is provided. The method includes providing a plurality of blades, each of a first subset having a storage node and storage memory, and each of a second, differing subset having a compute-only node. The method includes distributing authorities across the plurality of blades, to a plurality of nodes including at least one compute-only node, wherein each authority has ownership of a range of user data.

A method for configuring a computer system memory, includes powering on the computer system; retrieving options for initializing the computer system; assigning to a first segment of the memory a first pre-defined setting; assigning to a second segment of the memory a second pre-defined setting; and booting the computer system.

An arrangement for redundant data processing has an integrated circuit in which the functionality of a multi-core processor is implemented. Processor cores (40; 50) of the multi-core processor are each designed to execute a useful program. The results which emerge from the execution of the useful program by the different processor cores are compared by a comparison module of the arrangement. The processor cores differ from one another with respect to an address or data structure (AS1, AS2; DS1, DS2) which is used by a processor core to respectively store and read data in or from a memory area (70; 80) that is assigned to the particular processor core. In terms of hardware, the individual processor cores are at least partially implemented separately in the integrated circuit.

A fail-operational control system includes a migrating controller having a non-volatile memory, a RAM, and a CPU. The migrating controller includes software code stored in the non-volatile memory of the migrating controller. The software code stored in the non-volatile memory of the migrating controller executed by the CPU of the migrating controller is dedicated to a respective system. The respective system is not under the control of a primary controller from another system. In response to an enablement of a system operation of the primary controller of another system that requires a backup controller during execution of the system operation, fail-operational software code stored in the non-volatile memory of the primary controller of the other system is transferred to the RAM of the migrating controller. The migrating controller temporarily functions as a backup controller during the execution of the system operation in the primary controller of the other system.

A method for implementing native snapshot capabilities on non-native snapshots includes generating a virtual disk container having both native snapshot functionality and functionality of the non-native snapshot, including redo-log snapshot functionality. Redo-log parent disk chains may be preserved, along with subsequent native snapshot data, in virtual disk container objects. A virtual root node of a copy-on-write data structure of a virtual disk container object enables snapshotting and traversal between a redo-log disk chain and a native snapshot disk chain. Throughout backup and reversion operations, the virtual disk container object may be reparented as necessary, and a constant running point may be maintained for the virtual disk container object.

Exemplary embodiments provide a way to manage data recovery in a distributed system having multiple data store nodes. A storage system comprises: a first node including a first processor; and a plurality of second nodes coupled to the first node, each of the plurality of second nodes including a second processor and one or more second storage devices. The first processor is configured to control to store data and replication of the data in the second storage devices of two or more second nodes. If at least one of the second nodes has failed and a storage capacity of the plurality of second nodes is below a given threshold, one of the second nodes is configured to receive a first data, which is replication of data stored in a failed second node, from another of the second nodes, and create parity data based on the received first data.

A method for managing data transfer for a plurality of processors. Transfer messages exchanged between processor units and an external node in an integrity manager located in hardware in communication with the processor units and the external node are received. An exchange of the transfer messages is managed by the processor units with the external node based on a selected mode in mixed integrity modes such that redundantly calculated outputs from the processor units in a high integrity mode match.

It is possible to achieve monitoring of a processor element while suppressing the cost. A multiprocessor system 1 includes a bus mechanism including a storage unit 6 configured to store bus access information when a first processor element 2 has executed a process to be monitored, a requesting unit 7 configured to request a second processor element 3 to execute a monitoring process after the first processor element 2 has completed the execution of the process to be monitored, and a comparing unit 8 configured to compare bus access information regarding access of the first processor element 2 stored in the storage unit 6 with bus access information input from the second processor element 3 when the second processor element 3 has executed the monitoring process. The second processor element 3 executes the monitoring process in an idle time.