Disclosed embodiments relate to identifying Electronic Control Unit (ECU) anomalies in a vehicle. Operations may include monitoring, in the vehicle, data representing real-time processing activity of the ECU; accessing, in the vehicle, historical data relating to processing activity of the ECU, the historical data representing expected processing activity of the ECU; comparing, in the vehicle, the real-time processing activity data with the historical data, to identify at least one anomaly in the real-time processing activity of the ECU; and implementing a control action for the ECU when the at least one anomaly is identified.

An aircraft control system has a flight specification acquisition sensor for acquiring flight specifications of an aircraft and outputting the respective numerical values, and a plurality of flight computers, each having the same control software and performing airframe control based on the flight specification numerical values, thereby constituting a redundant system of flight control functions. Further, the control system includes a noise generator for the plurality of flight computers, which generates a plurality of noises different from each other, and the plurality of noises are individually superimposed on the numerical value of one flight specification output from the flight specification acquisition sensor to generate a plurality of new flight specification numerical values different from each other which are then output to the plurality of flight computers. This configuration ensures redundancy of the aircraft control software against potential bugs using the same control software.

The controlling apparatus for an industrial product of this disclosure has a couple of microcomputers each of which has a CPU and a memory and each of which runs the same controlling program as well as the same diagnostic program sequence parallelly and simultaneously. After the CPU of the microcomputer writes the calculated result of the diagnostic program sequence in the predetermined area of the storing area for monitoring value, such CPU send the same calculated result to the other one of the microcomputers (receiving microcomputer). The CPU of the receiving microcomputer makes a diagnosis for finding whether or not the received result is identical with its own calculated result.

Disclosed embodiments relate to performing updates to Electronic Control Unit (ECU) software while an ECU of a vehicle is operating. Operations may include receiving, at the vehicle while the ECU of the vehicle is operating, a software update file for the ECU software; writing, while the ECU is operating, the software update file into a first memory location in a memory of the ECU while simultaneously executing a code segment of existing code in a second memory location in the memory of the ECU; and updating a plurality of memory addresses associated with the memory of the ECU based on the software update file and without interrupting the execution of the code segment currently being executed in the second memory location in the memory of the ECU.

Disclosed embodiments relate to perform operations for receiving and integrating a delta file in a vehicle. Operations may include receiving, at an Electronic Control Unit (ECU) in the vehicle, a delta file, the delta file comprising a plurality of deltas corresponding to a software update for software on the ECU and startup code for executing the delta file in the ECU; executing the delta file, based on the startup code, in the ECU; and updating memory addresses in the ECU to correspond to the plurality of deltas from the delta file.

A computer-implemented method according to one embodiment includes, in response to a determination that a predetermined operation has been performed on an object of a first file stored on a first cluster site, storing predetermined information about the object of the first file stored on the first cluster site. The predetermined information is stored on an extended attribute of the first file stored on the first cluster site. In response to a determination that the predetermined operation is performed on an object of a first file stored on a second cluster site, the predetermined information is removed from the extended attribute of the first file stored on the first cluster site. In response to a determination that a failure event has occurred on a queue of the first cluster site, a predetermined recovery process is performed, thereby enabling fulfillment of entries of the queue of the first cluster site.

Disclosed embodiments relate to opportunistically updating Electronic Control Unit (ECU) software in a vehicle. Operations may include receiving, at a controller in a vehicle, a wireless transmission indicating a need to update software running on at least one ECU in the vehicle; monitoring an operational status of the vehicle to determine whether the vehicle is in a first mode of operation in which an ECU software update is prohibited; delaying the ECU software update when the operational status is prohibited; continuing to monitor the operational status of the vehicle to determine whether the vehicle is in a second mode of operation in which the ECU software update is permitted; and enabling updating of the at least one ECU with the delayed ECU software update when it is determined that the vehicle is in the second mode of operations.

Disclosed embodiments relate to opportunistically updating Electronic Control Unit (ECU) software in a vehicle. Operations may include receiving, at a controller in a vehicle, a wireless transmission indicating a need to update software running on at least one ECU in the vehicle; monitoring an operational status of the vehicle to determine whether the vehicle is in a first mode of operation in which an ECU software update is prohibited; delaying the ECU software update when the operational status is prohibited; continuing to monitor the operational status of the vehicle to determine whether the vehicle is in a second mode of operation in which the ECU software update is permitted; and enabling updating of the at east one ECU with the delayed ECU software update when it is determined that the vehicle is in the second mode of operations.

Disclosed embodiments relate to adjusting vehicle Electronic Control Unit (ECU) software versions. Operations may include receiving a prompt to adjust an ECU of a vehicle from executing a first version of ECU software to a second version of ECU software; configuring, in response to the prompt and based on a delta file corresponding to the second version of ECU software, the second version of ECU software on the ECU in the vehicle for execution; and configuring, in response to the prompt, the first version of ECU software on the ECU in the vehicle to become non-executable.

An apparatus comprises a plurality of redundant processing units (4) to perform data processing redundantly in lockstep; common mode fault detection circuitry *6, 22) to detect an event indicative of a potential common mode fault affecting each of the plurality of redundant processing units; a memory (10) shared between the plurality of redundant processing units; and memory checking circuitry (30) to perform a memory scanning operation to scan at least part of the memory for errors; in which the memory checking circuitry (30) performs the memory scanning operation in response to a common mode fault signal generated by the common mode fault detection circuitry (6, 22) indicating that the event indicative of a potential common mode fault has been detected.