A method to detect hardware and software errors in an embedded system is disclosed. The method includes: detecting or measuring, by a plurality of sensors, an operating state of the embedded system; operating a plurality of replicated computation engines in group synchrony, wherein the plurality of replicated computation engines are replicated instances of a single computation engine and wherein the plurality of replicated computation engines are grouped into one or more groups such that, for each group, each member of the group starts in a same processing logic state and processes same events in the same order; intercepting output of the plurality of sensors and transmitting the output to each replicated computation engine of a group in a defined order; and actuating selected computation engines of the plurality of replicated computation engines and arbitrating between outputs of the selected computation engines.

An interrupt controller, and method of operation of such an interrupt controller, are provided. The interrupt controller has an interrupt source interface for receiving interrupts from one or more interrupt sources, and a plurality of output interfaces, where each output interface is associated with a processing device that can execute an interrupt service routine to process an interrupt request issued to that processing device. The interrupt source interface has transaction generation circuitry to generate, for each received interrupt, an original transaction to represent the interrupt and a duplicate transaction to represent the interrupt. Buffer circuitry then buffers the original transaction and the duplicate transaction for each received interrupt, and selection circuitry is provided for selecting transactions from the buffer circuitry, and for routing each selected transaction for receipt by the output interface identified by an address portion of the selected transaction. Each output interface has queue storage comprising a plurality of queue entries, where each queue entry is allocated to a transaction received by the output interface and is used to store interrupt identifying information provided by a data portion of the transaction. The queue storage is arranged to maintain duplication tracking information to identify when both the original transaction and its associated duplicate transaction have been received by the output interface. Each output interface inhibits issuing an output signal that would cause an interrupt request for the original transaction to be sent to the associated processing device, until the duplication tracking information identifies that both the original transaction and the associated duplicate transaction have been received by that output interface. This provides an efficient functional safety compliant design for an interrupt controller.

A multichannel apparatus for exchanging channels and an operating method of the multichannel apparatus are provided. The apparatus includes reception nodes configured to receive input signals of an analog domain, main signal processors configured to perform a signal processing operation on the input signals, and auxiliary signal processors configured to replace the main signal processors and perform at least a portion of the signal processing operation in response to a replacement condition being satisfied. The reception nodes, the main signal processors, and the auxiliary signal processors are implemented in a single integrated circuit (IC) package.

Mechanisms for reducing memory inconsistencies between two synchronized computing devices are provided. A first hypervisor module of a first computing device iteratively determines that content of a memory page of a plurality of memory pages has been modified. The content of the memory page is sent to a second hypervisor module on a second computing device. At least one other memory page of the plurality of memory pages is identified, and a verification value based on the content of the at least one other memory page is generated. The verification value and a memory page identifier that identifies the at least one other memory page is sent to the second hypervisor module on the second computing device.

A method for managing communications involving a lockstep processing comprising at least a first processor and a second processor can include receiving, at a data synchronizer, a first signal from a first device. The method can also include receiving, at the data synchronizer, a second signal from a second device. In addition, the method can include determining, by the data synchronizer, whether the first signal is equal to the second signal. When the first signal is equal to the second signal, the method can include transmitting, by the data synchronizer, the first signal to the first processor and the second signal to the second processor. Specifically, in example embodiments, transmitting the first signal to the first processor can occur synchronously with transmitting the second signal to the second processor.

A system for diagnosing a register of a lockstep module of a slow clock domain, includes a functional intellectual property (IP) core and a lockstep IP core configured to work in the slow clock domain, a fast bus module configured to read a value of a register of the functional IP core and a value of a register of the lockstep IP core, and record a state change of the register of the functional IP core, and a central processing unit (CPU) configured to determine whether the register of the functional IP core and the register of the lockstep IP core are normal according to the value of the register of the functional IP core, the value of the register of the lockstep IP core, and the state change of the register of the functional IP core.

A method for managing communications involving a lockstep processing comprising at least a first processor and a second processor can include receiving, at a data synchronizer, a first signal from a first device. The method can also include receiving, at the data synchronizer, a second signal from a second device. In addition, the method can include determining, by the data synchronizer, whether the first signal is equal to the second signal. When the first signal is equal to the second signal, the method can include transmitting, by the data synchronizer, the first signal to the first processor and the second signal to the second processor. Specifically, in example embodiments, transmitting the first signal to the first processor can occur synchronously with transmitting the second signal to the second processor.

The present technology proposes techniques for generating globally coherent timestamps. This technology may allow distributed systems to causally order transactions without incurring various types of communication delays inherent in explicit synchronization. By globally deploying a number of time masters that are based on various types of time references, the time masters may serve as primary time references. Through an interactive interface, the techniques may track, calculate and record data relative to each time master thus providing the distributed systems with causal timestamps.

Techniques are described herein that are capable of updating a state of a client device using a limited event size protocol. An initial state of the client device is stored. The initial state is defined by first records that identify first respective binaries associated with the client device at a first time. A first event of multiple events, which are configured in accordance with the limited event size protocol, is received from the client device. Each event includes a respective subset of second records, which identify respective second binaries associated with the client device at a second time. The first event is parsed to identify a first subset of the second records that is included in the first event. An updated state of the client device is generated by replacing a first portion of the first records with the first subset of the second records.

Technologies for ensuring functional safety of an electronic device include receiving data by a primary and secondary hardware unit and performing a function on the data. Each of the primary and secondary hardware unit perform the same function on their respective set of data to generate corresponding results. A determination is made whether the hardware units are synchronized and the results can be compared. If so, the results are compared and an alert is generated if the results do not match.