Aspects include detecting, by an agent of a remote debugging tool that a first controller currently associated with the agent for a debugging session has not responded to a status inquiry from the agent. The first controller interacts with an end user, sends requests to the agent to operate a target program, and processes responses from the agent. Based on detecting that the first controller has not responded to the status inquiry from the agent, the agent identifies a second controller, associates the second controller with the agent for the debugging session, and resumes the debugging session with the second controller in place of the first controller. The associating includes synchronizing a debugging session state between the second controller and the agent. The target program continues to execute during the identifying, associating, and resuming, and the debugging session state is not changed by the identifying, associating, and resuming.

Systems and methods include receiving, values of one or more first external time variables from a first external node and values of one or more second external time variables from a second external node. The values of one or more local time variables of the local node are adjusted based at least upon the values of the one or more first external time variables and the values of the one or more second external time variables.

A control apparatus includes a synchronization state transmission/reception unit configured to transmit and receive a synchronization state to and from another control apparatus via a network, and a state data transmission/reception unit configured to transmit and receive state data to and from the another control apparatus via the network. Thus, the control apparatus can grasp the synchronization state of the another control apparatus. Further, even when the control apparatus is restarted due to a failure, the control apparatus receives state data from another control apparatus that has been synchronized with the control apparatus and is in operation so that the control apparatus can recover without stopping the entire system.

A method of ensuring a correct program sequence in a dual-Processor module that includes Processor A and Processor B. Processor A and Processor B are both coupled to a common memory. Processor A and Processor B each execute a first safety program and each generate an instruction stream therefrom. At one or more points in time while running the first safety program, Processor A reads its program counter value from a current instruction being executed and generates therefrom a current Processor A CRC value, and Processor B reading its program counter value from the same current instruction being executed generates therefrom a current Processor B CRC value. Processor A transfers its current CRC value to Processor B and/or Processor B transfers its current CRC value to Processor A, and these CRC values are compared. A safety action is triggered if the comparing determines non-matching current CRC values.

A transmitting computer for a vehicle is disclosed, and includes a command circuit, a monitor circuit, and a master circuit. The command circuit receives a real-time signal and executes a first set of instructions to analyze the real-time signal, and generates a plurality of command signals based on executing the first set of instructions. The monitor circuit receives the command signals and the real-time signal. The monitor circuit executes a second set of instructions to analyze the real-time signal and generates a plurality of replica signals based on executing the second set of instructions. The monitor circuit generates an initial reset command in response to determining an initial miscompare between one of the plurality of command signals and the plurality of replica signals. The master circuit is in communication with both the command circuit and the monitor circuit and receives an indication that the initial reset command is generated.

A method/device for configuring at least one execution unit for detecting a state of operation of the one execution unit, the method/device comprising at least assigning a first replica of an item of application software for the purpose of execution on at least one computing core of the execution unit depending on information relating to at least one item of hardware or relating to at least one operating system of the execution unit assigning a second replica of the application software for the purpose of execution on the computing core of the execution unit depending on the information relating to the at least one item of hardware or relating to the operating system of the execution unit.

A method for managing communications involving a lockstep processing comprising at least a first processor and a second processor can include receiving, at a data synchronizer, a first signal from a first device. The method can also include receiving, at the data synchronizer, a second signal from a second device. In addition, the method can include determining, by the data synchronizer, whether the first signal is equal to the second signal. When the first signal is equal to the second signal, the method can include transmitting, by the data synchronizer, the first signal to the first processor and the second signal to the second processor. Specifically, in example embodiments, transmitting the first signal to the first processor can occur synchronously with transmitting the second signal to the second processor.

Aspects include detecting, by an agent of a remote debugging tool that a first controller currently associated with the agent for a debugging session has not responded to a status inquiry from the agent. The first controller interacts with an end user, sends requests to the agent to operate a target program, and processes responses from the agent. Based on detecting that the first controller has not responded to the status inquiry from the agent, the agent identifies a second controller, associates the second controller with the agent for the debugging session, and resumes the debugging session with the second controller in place of the first controller. The associating includes synchronizing a debugging session state between the second controller and the agent. The target program continues to execute during the identifying, associating, and resuming, and the debugging session state is not changed by the identifying, associating, and resuming.

Systems, apparatuses, and methods for implementing a safety framework for safety-critical Convolutional Neural Networks inference applications and related convolution and matrix multiplication-based systems are disclosed. An example system includes a safety-critical application, a hardware accelerator, and additional hardware to perform verification of the hardware accelerator. The verification hardware has a lower bandwidth than the hardware accelerator, so more machine cycles are required per calculation. A mismatch in the result indicates a faulty processing element.

A network system includes at least one node configured to exchange messages through a set of communication links. Each node includes a synchronizer, a set of monitors in communication with the synchronizer, a physical oscillator and a state timer clock and a local timer clock, each clock being driven by the physical oscillator and having a variable clock value that locally tracks passage of clock time for the node. The network system is configured to execute a synchronization process when a specified condition occurs. Upon receiving a Sync message, each of the nodes is configured to store an incoming Sync message, increment a local timer clock value, or ignore the Sync message based on a local timer clock value associated with an incoming Sync message.