A method is provided by which a complex electronic system for controlling a safety-critical technical process, for example driving an autonomous vehicle, can be implemented. A distinction is made between simple and complex software, wherein the simple software is executed on error-tolerant hardware and wherein a plurality of diverse versions of the complex software are implemented simultaneously on independent fault containment units (FCU). A consolidated environmental model is developed from a number of different environmental models and represents the basis for trajectory planning.

A method to detect hardware and software errors in an embedded system is disclosed. The method includes: detecting or measuring, by a plurality of sensors, an operating state of the embedded system; operating a plurality of replicated computation engines in group synchrony, wherein the plurality of replicated computation engines are replicated instances of a single computation engine and wherein the plurality of replicated computation engines are grouped into one or more groups such that, for each group, each member of the group starts in a same processing logic state and processes same events in the same order; intercepting output of the plurality of sensors and transmitting the output to each replicated computation engine of a group in a defined order; and actuating selected computation engines of the plurality of replicated computation engines and arbitrating between outputs of the selected computation engines.

System, methods, and other embodiments described herein relate to improving detection of program faults. In one embodiment, a method includes executing, in parallel, an extended program and an instrumented program. The instrumented program is an instrumented version of a baseline program that implements runtime checks. The extended program is an extended version of the baseline program with intentional delays inserted into source code of the baseline program to match an execution time with the instrumented program. The method includes supervising execution states of the instrumented program to identify an occurrence of mismatched states between the extended program and the instrumented program. The method includes managing the mismatched states to mitigate effects of the program faults on the functioning of an associated device.

In accordance with embodiments of the present disclosure, a management controller configured to provide management-domain management of an information handling system may include a processor and a key management utility embodied in non-transitory computer-readable media. The key management utility may be configured to issue one or more commands to a cryptoprocessor for storing and sealing a key encryption key on the cryptoprocessor, wherein the key encryption key is for decrypting a media encryption key for encrypting and decrypting data stored to a storage resource of a host domain of the information handling system. The key management utility may also be configured to issue one or more commands to the cryptoprocessor for unsealing and retrieving the key encryption key from the cryptoprocessor.

A real-time data processing system is provided comprising a memory device with computer-readable program code stored thereon, a communication device in communication with a network, and a processing device operatively coupled to the memory device and the communication device. The system establishes an operable communication linkage with a first entity system and a second entity system, the first entity system and the second entity system sharing access to a resource repository stored on the second entity system. The system generates a repository image of the resource repository and tracks an interaction with the resource repository in real-time. Based on the tracked interaction, the system synchronizes the repository image with the resource repository, wherein synchronizing the repository image comprises mirroring the interaction on the repository image and updating the first entity system based on the repository image.

A computer-implemented method, in accordance with one embodiment, includes generating multiple versions of software from the same source code. Each of the versions is installed onto a corresponding, unique hardware system, the hardware systems being redundant relative to one another. When the versions are run on the respective hardware systems, the resulting respective executions of the versions are different.

A safety-relevant computer system, in particular a railway safety system, contains at least two hardware channels. A memory check results of the channels are fed to at least one comparator, which triggers an error response if the memory check results are not equal. In order to be able to use diverse software programs created by compilers, memory check results of the diverse software programs of each channel are fed to the comparator. The memory check results of a first software program of the first and second channels are compared with each other and the memory check results of a second software program of the first and second channels are compared with each other.

A system and method that detects hardware and software errors in an embedded system that includes detecting or measuring an operating state; causing one or more computation engines to operates in group synchrony; causing one or more active monitors that monitor the computation engines to an automotive integrity level to operate in group synchrony; synchronizing the communication between and from the plurality of computation engines and the plurality of active monitors, respectively; and arbitrating the output generated by the computation engines and the active monitors.

A data processing method and a system for performing the data processing method, in which data are transferred between various network subscribers of a network in a communication cycle and multiple data processing devices are provided as network subscribers. A respective process cycle is run through by each of the multiple data processing devices. The communication cycle is synchronized here with the process cycle of at least one of the multiple data processing devices such that, during a temporal run-through of the communication cycle, a predetermined process step of the process cycle of at least one of the multiple data processing devices is carried out during a time interval, assigned to this predetermined process step, of the communication cycle.

A method for identifying and isolating faults in versioned microservices includes a request replicator receiving an original request, and determining whether to replicate the original request. The request replicator replicates the original request creating one or more replicated requests, including a first replicated request. In an example, the request replicator dispatches the original request to a stable production system, and dispatches the first replicated request to a first modified production system. The stable production system produces a first reply to the original request. The first modified production system produces a second reply to the first replicated request. A fault detector performs a comparison of the second reply and the first reply and determines, based on the comparison, that the first modified production system has a verification status. Then, the stable production system is replaced with first modified production system.