In part, the disclosure relates to a real-time fault tolerant system. The system may include a first computing device, a second computing, and a hardware interconnect. The first computing device may include one or more memory devices, one or more processors, a first network interface operable to receive device data and transmit output data over a time-slot-based bus, wherein the output data is generated from processing device data, and a first real-time checkpoint engine. The second computing device may include similar components or the same components as the first computing device. The hardware interconnect is operable to permit data exchange between the first computing device and the second computing device. Checkpoints may be generated by checkpoint engines during lower-priority communication time slots allocated on the time slot-based bus to avoid interfering with any real-time communications to or from the first and second computing devices.

A system, method and computer program product synchronize a plurality of processes of one or more applications executed by a plurality of processors. In addition to the processors, the system includes a plurality of memories with each memory associated with a respective process and configured to maintain a local count representative of a message of the respective process with which the memory is associated and at least one remote count representative of a message of a corresponding process executed by another processor. The system also includes a reflector configured to reflect the local count of the respective process to a remote count of the corresponding process. For synchronization, a first process of a first application executed by a first processor is configured to enter a delay period if the local count and at least one remote count maintained by the memory associated with the first process fail to match.

Systems, methods, and apparatuses relating to circuitry to implement lockstep of processor cores are described. In one embodiment, a hardware processor comprises a first processor core comprising a first control flow signature register and a first execution circuit, a second processor core comprising a second control flow signature register and a second execution circuit, and at least one signature circuit to perform a first state history compression operation on a first instruction that executes on the first execution circuit of the first processor core to produce a first result, store the first result in the first control flow signature register, perform a second state history compression operation on a second instruction that executes on the second execution circuit of the second processor core to produce a second result, and store the second result in the second control flow signature register.

A method to detect hardware and software errors in an embedded system is disclosed. The method includes: detecting or measuring, by a plurality of sensors, an operating state of the embedded system; operating a plurality of replicated computation engines in group synchrony, wherein the plurality of replicated computation engines are replicated instances of a single computation engine and wherein the plurality of replicated computation engines are grouped into one or more groups such that, for each group, each member of the group starts in a same processing logic state and processes same events in the same order; intercepting output of the plurality of sensors and transmitting the output to each replicated computation engine of a group in a defined order; and actuating selected computation engines of the plurality of replicated computation engines and arbitrating between outputs of the selected computation engines.

A data synchronization method includes checking first to-be-checked information stored in an active area of a first board to obtain a first check result and second to-be-checked information stored in an active area of a second board to obtain a second check result before data synchronization, where the first board and the second board are include in an out-of-band management device, determining an active board and a standby board from the first board and the second board according to the first check result and the second check result, and synchronizing data in an active area of the active board to a standby area of the standby board. Hence, the method can be implemented to ensure validity of data synchronization.

A method for creating a redundant automation system, a computer program and a computer-readable medium, wherein the redundant automation system includes at least one automation installation to be controlled that is installed at an installation location and two control applications that are communicatively interconnected via a synchronization path, and includes a plurality of communication hubs and communication paths connecting these to one another, where one of the control applications operates as the master and the other control application operates as a reserve, such that when the control application operating as the master fails, the control application operating as the reserve function as the master, and where the locations of the computing resources for the control applications are selected such that the control applications are connected to the at least one automation installation via two different communication paths preferably having no or a minimal number of common communication hubs.

Circuitry comprises control circuitry to control an operating state of a data handling device of a set of two or more redundant data handling devices configured to perform identical data handling functions; the control circuitry being configured to control an operating state of the respective controlled data handling device as a state transition from a current operating state of that data handling device to a target operating state in response to the issue of a respective state change signal; the control circuitry comprising a detector responsive to issue of the state change signal in respect of a first threshold number representing some but not all of the data handling devices, to detect whether the state change signal is issued in respect of a further one or more of the devices so that a second threshold number of data handling devices is reached.

A system, method and computer program product synchronize a plurality of processes of one or more applications executed by a plurality of processors. In addition to the processors, the system includes a plurality of memories with each memory associated with a respective process and configured to maintain a local count representative of a message of the respective process with which the memory is associated and at least one remote count representative of a message of a corresponding process executed by another processor. The system also includes a reflector configured to reflect the local count of the respective process to a remote count of the corresponding process. For synchronization, a first process of a first application executed by a first processor is configured to enter a delay period if the local count and at least one remote count maintained by the memory associated with the first process fail to match.

A control apparatus includes a synchronization state transmission/reception unit configured to transmit and receive a synchronization state to and from another control apparatus via a network, and a state data transmission/reception unit configured to transmit and receive state data to and from the another control apparatus via the network. Thus, the control apparatus can grasp the synchronization state of the another control apparatus. Further, even when the control apparatus is restarted due to a failure, the control apparatus receives state data from another control apparatus that has been synchronized with the control apparatus and is in operation so that the control apparatus can recover without stopping the entire system.

A semiconductor device includes first and second CPUs, first and second SPUs for controlling a snoop operation, a controller supporting ASIL D of a functional safety standard and a memory. The controller sets permission of the snoop operation to the first and second SPUs when a software lock-step is not performed. The controller sets prohibition of the snoop operation to the first and second SPUs when the software lock-step is performed. The first CPU executes a first software for the software lock-step, and writes an execution result in a first area for the memory. The second CPU executes a second software for the software lock-step, and writes an execution result in a second area of the memory. The execution result written in the first area is compared with the execution result written in the second area.