A safety-relevant computer system, in particular a railway safety system, contains at least two hardware channels. A memory check results of the channels are fed to at least one comparator, which triggers an error response if the memory check results are not equal. In order to be able to use diverse software programs created by compilers, memory check results of the diverse software programs of each channel are fed to the comparator. The memory check results of a first software program of the first and second channels are compared with each other and the memory check results of a second software program of the first and second channels are compared with each other.

A device for displaying a document includes a display screen, a human-machine interface, a first memory zone and at least one second memory zone separate from the first memory zone. The zones are configured to contain similar information. A processor is configured to execute a first process and at least one second process when a display request is received via the human-machine interface. Those processes include respectively reading first information in the first memory zone and second information in the second memory zone. That information corresponds to the display request. The processes also include respectively producing a first display layer and a second display layer associated with the display screen, the first display layer and the second display layer being displayed on the display screen superimposed.

The present disclosure relates to a verification apparatus for a vehicle-mounted control apparatus having a first program processing unit that executes a current program, based on an output of a sensor and outputs a processing result to an actuator unit. Because the verification apparatus has a second program processing unit that executes the current program and outputs a processing result, a third program processing unit that shares the output of the sensor unit with the second program processing unit and that executes a new program and outputs a processing result, and a comparison determination unit that compares the respective outputs, it is made possible to perform a regression test effective for the new program at low cost, without affecting operation of the vehicle-mounted control apparatus.

In accordance with embodiments of the present disclosure, a management controller configured to provide management-domain management of an information handling system may include a processor and a key management utility embodied in non-transitory computer-readable media. The key management utility may be configured to issue one or more commands to a cryptoprocessor for storing and sealing a key encryption key on the cryptoprocessor, wherein the key encryption key is for decrypting a media encryption key for encrypting and decrypting data stored to a storage resource of a host domain of the information handling system. The key management utility may also be configured to issue one or more commands to the cryptoprocessor for unsealing and retrieving the key encryption key from the cryptoprocessor.

In order to provide simple, fast, and reliable verification of the functioning and processing of an automation task in the form of software in a multi-channel safety-oriented automation component (1), the software (SW1) is run in one channel (K1) of the automation component (1) in an active unit (P1) of the hardware of the channel (K1), and first diversity software (SW3) redundant relative to the software (SW1) is run in a verification unit (V1) in this channel (K1), wherein in a processing step (Z1) input data (E.sub.z) associated with the software (SW1) and first output data (A.sub.z) computed by the software (SW1) in this processing step (Z1) are temporarily stored in a memory unit (M1), and the diversity software (SW3) in the verification unit (V1) computes second output data (A.sub.z) based on the stored input data (E.sub.z) independently of the processing of the software (SW1) in the active unit (P1), and the second output data (A.sub.z) computed by the diversity software (SW3) is compared with the stored first output data (A.sub.z) of the software (SW1) in order to verify the processing.

A method for operating a vehicle having a plurality of environmental sensors for acquiring a surrounding environment of the vehicle, including acquiring a surrounding environment of the vehicle using each of the environmental sensors, ascertaining of object data, corresponding to objects, for each environmental sensor, based on the raw data of the corresponding environmental sensor, fusion of the respective object data of the environmental sensors with one another, so that fused object data are ascertained, fusion of the respective raw data of the environmental sensors with one another, so that fused raw data are ascertained, ascertaining of raw object data, corresponding to objects, based on the fused raw data, comparison with one another of the fused object data and the raw object data, controlling of at least one vehicle system as a function of the comparison. A device for operating a vehicle and a computer program are also described.

A method and device for performing failsafe computation, and a method of compiling code to perform a failsafe computation are provided. The method includes performing a first calculation (212) to generate a first result (214). A second calculation (218) is performed using a scalar (216) and the first calculation (212) to generate a second result (220). The second calculation (218) includes multiplying the first calculation (212) by the scalar (216) to generate a scaled result, and dividing the scaled result by the scalar (216) to generate the second result (220). The first result (214) and the second result (220) are compared to determine if they are equivalent.

Described are techniques for processing inputs. A plurality of rules engines is provided. Each of the rules engines is written in a different programming language. Input validation processing is performed of a first set of one or more inputs by a first of the plurality of rules engines using a first portion of a set of validation rules. Input validation processing is performed for the first set of one or more inputs by a second of the plurality of rules engines using the first portion of validation rules.

An industrial controller system comprises an encoder unit receiving application code of an industrial control program and converting the application code into a coded-processed application code; wherein the encoder unit receives input data for the industrial control program and converts the input data into coded-processed input data. The industrial controller system further comprises a first interpreter unit adapted to receive the application code and the input data and to convert the application code and the input data into a first industrial control code; and a second interpreter unit adapted to receive the coded-processed application code and the coded-processed input data and to convert the coded-processed application code and the code-processed input data into a second industrial control code; and a combination unit adapted to combine the first industrial control code and the second industrial control code into a resulting industrial control code for the industrial control program.