Disclosed embodiments relate to automatically providing updates to at least one vehicle. Operations may include receiving, at a server remote from the at least one vehicle, Electronic Control Unit (ECU) activity data from the at least one vehicle, the ECU activity data corresponding to actual operation of the ECU in the at least one vehicle; determining, at the server and based on the ECU activity data, a software vulnerability affecting the at least one vehicle, the software vulnerability being determined based on a deviation between the received ECU activity data and expected ECU activity data; identifying, at the server, an ECU software update based on the determined software vulnerability; and sending, from the server, a delta file configured to update software on the ECU with a software update corresponding to the identified ECU software update.

A graphics processing system includes a plurality of processing units for processing tasks, each processing unit being configured to process a task independently from any other processing unit of the plurality of processing units; a check unit operable to form a signature which is characteristic of an output of a processing unit on processing a task; and a fault detection unit operable to compare signatures formed at the check unit; wherein the graphics processing system is configured to process each task of a first type first and second times at the plurality of processing units so as to, respectively, generate first and second processed outputs, wherein the check unit is configured to form first and second signatures which are characteristic of, respectively, the first and second processed outputs, and wherein the fault detection unit is configured to compare the first and second signatures and raise a fault signal if the first and second signatures do not match.

Disclosed embodiments relate to opportunistically updating Electronic Control Unit (ECU) software in a vehicle. Operations may include receiving, at a controller in a vehicle, a wireless transmission indicating a need to update software running on at least one ECU in the vehicle; monitoring an operational status of the vehicle to determine whether the vehicle is in a first mode of operation in which an ECU software update is prohibited; delaying the ECU software update when the operational status is prohibited; continuing to monitor the operational status of the vehicle to determine whether the vehicle is in a second mode of operation in which the ECU software update is permitted; and enabling updating of the at least one ECU with the delayed ECU software update when it is determined that the vehicle is in the second mode of operations.

An error recovery method and apparatus, and a system are disclosed. At least two CPUs in a lockstep mode can exit the lockstep mode when an error occurs in at least one CPU, and the CPU in which the error occurs and a type of the error are determined. When the error can be recovered, the CPU in which the error occurs can be recovered according to a correctly running CPU. This helps the at least two CPUs run again at a position at which a service program is interrupted.

Disclosed embodiments relate to perform operations for receiving and integrating a delta file in a vehicle. Operations may include receiving, at an Electronic Control Unit (ECU) in the vehicle, a delta file, the delta file comprising a plurality of deltas corresponding to a software update for software on the ECU and startup code for executing the delta file in the ECU; executing the delta file, based on the startup code, in the ECU; and updating memory addresses in the ECU to correspond to the plurality of deltas from the delta file.

A method of improving integrity of a computer system includes executing certifiable and qualifiable software applications. The certifiable software application is composed of static program instructions executed sequentially to process input data to produce an output, and the qualifiable software application uses a model iteratively built using a machine learning algorithm to process the input data to produce a corresponding output. The certifiable software application is certifiable for the computer system according to a certification standard, and the qualifiable software application being non-certifiable for the computer system according to the certification standard. The method also includes cross-checking the output by comparison with the corresponding output to verify the output, and thereby improve integrity of the computer system. And the method includes generating an alert that the output is unverified when the comparison indicates that the output differs from the corresponding output by more than a threshold.

A computer system installed on board a carrier, communicating in a network with a data concentrator and with a monitor, and implementing at least one service that is critical for the operating safety of the carrier, the critical service being redundant in at least two instances (δ.sub.1, . . . δ.sub.m) on different respective computers (C.sub.1, . . . , C.sub.m) connected to the network, each computer (C.sub.k) implementing at least one software task implementing an instance (δ.sub.k) of the critical service being configured to implement the critical service by way of time control.

Disclosed embodiments relate to automatically providing updates to at least one vehicle. Operations may include receiving, at a server remote from the at least one vehicle, Electronic Control Unit (ECU) activity data from the at least one vehicle, the ECU activity data corresponding to actual operation of the ECU in the at least one vehicle; determining, at the server and based on the ECU activity data, a software vulnerability affecting the at least one vehicle, the software vulnerability being determined based on a deviation between the received ECU activity data and expected ECU activity data; identifying, at the server, an ECU software update based on the determined software vulnerability; and sending, from the server, a delta file configured to update software on the ECU with a software update corresponding to the identified ECU software update.

Disclosed embodiments relate to perform operations for receiving and integrating a delta file in a vehicle. Operations may include receiving, at an Electronic Control Unit (ECU) in the vehicle, a delta file, the delta file comprising a plurality of deltas corresponding to a software update for software on the ECU and startup code for executing the delta file in the ECU; executing the delta file, based on the startup code, in the ECU; and updating memory addresses in the ECU to correspond to the plurality of deltas from the delta file.

Disclosed embodiments relate to generating an update package for updating software on an Electronic Control Unit (ECU) in a vehicle. Operations may include accessing a plurality of attributes of a software update to be stored on the ECU in the vehicle; accessing a corresponding plurality of attributes of current software stored on the ECU in the vehicle; comparing the plurality of attributes with the corresponding plurality of attributes; generating a delta file representing differences between the plurality of attributes and the corresponding plurality of attributes determined in the comparison; and providing the delta file to the ECU, wherein the delta file is configured to be processed by startup code in the ECU that enables the delta file to execute in the ECU in the vehicle.