In a self-driving autonomous vehicle, a controller architecture includes multiple processors within the same box. Each processor monitors the others and takes appropriate safe action when needed, Some processors may run dormant or low priority redundant functions that become active when another processor is detected to have failed. The processors are independently powered and independently execute redundant algorithms from sensor data processing to actuation commands using different hardware capabilities (GPUs, processing cores, different input signals, etc.). Intentional hardware and software diversity improves fault tolerance. The resulting fault-tolerant/fail-operational system meets ISO26262 ASIL-D specifications based on a single electronic controller unit platform that can be used for self-driving vehicles.

The present disclosure relates to an assembly including a first processor having a first core, a second core and a controller, and a second processor having a first core, and wherein the first core and the second core of the first processor, and the first core of the second processor are configured to execute a first procedure. The controller of the first processor is configured to compare a first result from executing the first procedure on the first core of the first processor with a second result from executing the first procedure on the second core of the first processor; and comparing each of the first and second results with a third result from executing the first procedure on the first core of the second processor, if the first and second results differ from one another.

A method and device for allocating a distributed lock is provided. A globally unique service process ID (SPI) is introduced for each distributed application service process while guaranteeing correctness of a distributed lock, and the SPI is used to directly manage ownership of the distributed lock. The service replacement process sends to the server a request for inheriting ownership of the distributed lock before the lifecycle of the lock file expires, the inherit request including the SPI.

A triple modular redundancy (TMR) flip-flop includes a set of master-gate-latch circuits including a first set of inputs to receive a first digital signal, and a second set of inputs to receive a clock; and a voting logic circuit including a set of inputs coupled to a set of outputs of the set of master-gate-latch circuits, and an output to generate a second digital signal based on the first digital signal. Another TMR flip-flop includes a set of master-gate-latch circuits to receive a set of digital signals in response to a first edge of a clock, respectively; and latch the set of digital signals in response to a second edge of the clock, respectively; and a voting logic circuit to receive the latched set of digital signals; and generate a second digital signal based on a majority of logic levels of the latched first set of digital signals, respectively.

A triple modular redundancy (TMR) flip-flop includes a set of master-gate-latch circuits including a first set of inputs to receive a first digital signal, and a second set of inputs to receive a clock; and a voting logic circuit including a set of inputs coupled to a set of outputs of the set of master-gate-latch circuits, and an output to generate a second digital signal based on the first digital signal. Another TMR flip-flop includes a set of master-gate-latch circuits to receive a set of digital signals in response to a first edge of a clock, respectively; and latch the set of digital signals in response to a second edge of the clock, respectively; and a voting logic circuit to receive the latched set of digital signals; and generate a second digital signal based on a majority of logic levels of the latched first set of digital signals, respectively.

A method and system for performing a flexible Byzantine fault tolerant (BFT) protocol. The method includes sending, from a client device, a proposed value to a plurality of replica devices and receiving, from at least one of the plurality of replica devices, a safe vote on the proposed value. The replica device sends the safe vote, based on a first quorum being reached, to the client device and each of the other replica devices of the plurality of replica devices. The method further includes determining that a number of received safe votes for the proposed value meets or exceeds a second quorum threshold, selecting the proposed value based on the determination, and setting a period of time within which to receive additional votes. The method further includes, based on the period of time elapsing without receiving the additional votes, committing the selected value for the single view.

Technologies for efficiently providing reliable compute operations for mission critical applications include a reliability management system. The reliability management system includes circuitry configured to obtain conclusion data indicative of a conclusion made by each of two or fewer compute devices of a host system. The conclusion data from each compute device pertains to the same operation. Additionally, the circuitry is configured to identify whether an error has occurred in the operation of each compute device, determine, in response to a determination that an error has occurred, a severity of the error, and cause the host system to perform a responsive action as a function of the determined severity of the error.

A computer system that has two or more processing engines (PE), each capable of performing one or more operations on one or more operands but one or more of the PEs performs the operations unreliably. Initial results of each operation are debiased to create a debiased result used by the system instead of the initial result. The debiased result has an expected value equal to a correct output where the correct output is the initial result the respective operation would have produced if the respective operation performed was reliable.

Apparatuses and methods for writing data to a memory array are disclosed. When data is duplicative across multiple data lines, data may be transferred across a single line of a bus rather than driving the duplicative data across all of the data lines. The data from the single data line may be provided to the write amplifiers of the additional data lines to provide the data from all of the data lines to be written to the memory. In some examples, error correction may be performed on data from the single data line rather than all of the data lines.

Apparatuses and methods for writing data to a memory array are disclosed. When data is duplicative across multiple data lines, data may be transferred across a single line of a bus rather than driving the duplicative data across all of the data lines. The data from the single data line may be provided to the write amplifiers of the additional data lines to provide the data from all of the data lines to be written to the memory. In some examples, error correction may be performed on data from the single data line rather than all of the data lines.