A method/device for recognizing a microprocessor hardware error, including comparing a first application's first result, running on a first microprocessor, with a second application's second result, running on the first/second microprocessor, with a microcontroller, providing comparison strategies, the hardware error being recognized as a function of the comparison, the microcontroller receiving a first message from the first microprocessor, and receiving a second message from the first microprocessor if the second application runs on the first microprocessor, or receives a first message from the second microprocessor if the second application runs thereon, the first message containing first comparison strategy information and first result information of a first function calculation, the second message containing second comparison strategy information and second result information of a second function calculation, the first and second strategy information being compared, the first and second result information being compared if the information about the comparative strategy coincides.

The disclosure relates to at least two processor cores of a multicore processor for dual-lane computing of a security-critical application. The two processor cores are used to full capacity in different working cycles for computing operations of different applications, rather than computing operations being redundantly carried out by both processor cores in each computing cycle. This advantageously avoids duplication of the computational capacity required. For the processor cores to monitor each other, the computing operations are alternatingly carried out by the two processor cores. Any errors may be avoided by the error detection mechanisms described. Although the quality of the error detection is somewhat lower than the dual-lane operation known from the prior art with parallel, redundant multi-lane calculations, the quality of the error detection may satisfy the requirement of lower computational outlay, (e.g., when an economic implementation of the control system is required). The disclosure therefore combines the requirements of a sufficiently secure error detection with an economic distribution of the computational capacity.

Embodiments for automated testing of a virtualization management system are described. An example computer-implemented method for automated testing of a virtualization management system includes sending, by a test server, a test case to a plurality of instances of the system under test, the test case sent to each instance of the system under test via each interface from a plurality of interfaces supported by the system under test. The method further includes, for each instance of the system under test, performing multi-interface comparison. The comparison includes comparing, by the test server, responses to the test case from each of the interfaces. The method also includes in response to the responses from each of the interfaces being identical, storing the responses in an instance-response file corresponding to the instance. The method also includes reporting, by the test server, an error in response to the responses from each interface not being identical.

Embodiments for automated testing of a virtualization management system are described. An example computer-implemented method for automated testing of a virtualization management system includes sending, by a test server, a test case to a plurality of instances of the system under test, the test case sent to each instance of the system under test via each interface from a plurality of interfaces supported by the system under test. The method further includes, for each instance of the system under test, performing multi-interface comparison. The comparison includes comparing, by the test server, responses to the test case from each of the interfaces. The method also includes in response to the responses from each of the interfaces being identical, storing the responses in an instance-response file corresponding to the instance. The method also includes reporting, by the test server, an error in response to the responses from each interface not being identical.

The technology is generally directed to detecting silent data corruption by selectively re-executing instructions. A renamer may receive decoded instructions from an instruction cache. The renamer may identify one or more of the decoded instructions that can be performed out of order. The reorder buffer may be configured to track instructions that are to be re-executed for purposes of computing their value a second time and comparing the value from the second computation with a value from a first computation. Prior to retiring, or completing, an instruction, an initial result of executing the instruction a first time may be compared with a re-execution result of re-executing the instruction a second or nth time. If the comparison indicates there is a different initial result than the re-execution result, an indication of possible silent data corruption may be generated for the instruction.

An information processing device that executes an arithmetic process includes a first processing circuit and a second processing circuit. The first processing circuit executes the arithmetic process N times consecutively. The second processing circuit executes the arithmetic process N times consecutively. N is an integer of 2 or more. The first processing circuit and the second processing circuit continue to operate according to a match between at least one result among the results of the N arithmetic processes executed by the first processing circuit and at least one result among the results of the N arithmetic processes executed by the second processing circuit. As a result, it is possible to suppress an increase in cost required for hardware and to suppress a temporary stop due to a temporary failure.

Methods of performing post-manufacturing adaptation of a data processing apparatus manufactured in accordance with a processor design and corresponding data processing apparatus configurations are provided. Post-manufacturing testing of the data processing apparatus determines any dysfunctional instructions by comparison between component usage profiles for each instruction and a component fault-detection procedure applied to the data processing apparatus. The data processing apparatus can be determined nevertheless to be operationally viable when any dysfunctional instructions can be substituted for by emulation using other functional instructions. The data processing apparatus can be provided with dysfunctional instruction handling circuitry configured to identify occurrence of a program instruction instance of a dysfunctional instruction and to invoke an interrupt handling routine associated with the dysfunctional instruction to emulate the instance of a dysfunctional instruction.

The present invention discloses a data reading method, including: receiving, by a controller of a memory, a read operation request carrying a first address, where the read operation request is used to instruct the controller to perform a read operation on the first address; performing, by the controller of the memory, N read operations on the first address, and obtaining N pieces of data read by the N read operations; and determining, by the controller of the memory, whether the N pieces of data are consistent; and if the controller determines that the N pieces of data are consistent, sending, by the controller, response information used to respond to the read operation request, where the response information includes any one of the N pieces of data. Embodiments of the present invention further provide a memory.

A railway safety critical application system substitutes commercial off-the-shelf (COTS) hardware and/or software for railway-domain specific product components, yet is validated to conform to railway safety critical system failure-free standards. The safety critical system uses a pair of tasks executed on a controller of a COTS personal computer or within a virtual environment with asymmetric communications capability. Both tasks receive and verify safety critical systems input message data and security code integrity and separately generate output data responsive to the input message. The first task has sole capability to send complete safety critical system output messages, but only the second task has the capability of generating the output security code. A failure of any of systems hardware, software or processing capability results failure to transmit a safety critical system output message or an output message that cannot be verified by other safety critical systems.

Embodiments for automated testing of a virtualization management system are described. According to one aspect, a method includes generating a test case including a plurality of instances of commands and sending the test case to a plurality of interfaces supported by the virtualization management system. The method also includes generating a response file corresponding to each command in the test case. The method also includes comparing results from each interface to an instance of a command and in response to the results from each interface being identical, storing, the results in the response file corresponding to the command. The method also includes reporting an error in response to the results from each interface of the virtualization management system not being identical. The present document further describes examples of other aspects such as systems, computer products.