A controlling device includes a controller that executes control to functionally activate of, at least, a part of transmission lanes in multiple transmission lanes connecting a plurality of subsystems which run based on a lock-step method and an embedder that executes an embedding operation to realize a multiplexing state using the part of transmission lanes controlled to functionally activate by the controller and the plurality of the subsystems, wherein, the controller determines whether or not the embedding operation succeeds, determines, when the embedding operation fails, whether or not an embedding operation using another part of transmission lanes, of the multiple transmission lanes, different from the part of transmission lanes used in the failure embedding operation, and executes, when the corporation processing succeeds, control to functionally activate the another part of transmission lanes.

The invention relates to network nodes comprising: a first computing unit (CPU.sub.a); at least one second computing unit (CPU.sub.b); an internal switch (Sw.sub.i); and an external switch (Sw.sub.e), wherein the internal switch (Sw.sub.i) is connected to the first computing Nunit (CPU.sub.a), the at least second computing unit (CPU.sub.b) and to the external switch (Sw.sub.e) and wherein the external switch (Sw.sub.e) has at least one port for data originating from other network nodes. The invention also relates to a control module and an Ethernet ring.

A system is configured to ensure transactional integrity thereof. The system includes a first subsystem and a second subsystem. Each of the subsystems receive the same request to process a transaction. An indicia engine at each subsystem computes indicia of the outcome of the processing of the same request. The computed indicia from each of the subsystems is compared. An action is completed at one of the subsystems when the computed indicia does not match. The action completed at one of the subsystems is one or more of issuing a database rollback on one of the subsystems, executing self-diagnostics on one of the subsystems, shutting down one of the subsystems, taking one of the subsystems offline, aborting the transaction executing on one of the subsystems, and generating an error indication for one of the subsystems.

According to an aspect of the invention, a computerised system, in particular control system is provided, which is configured, from an input vector (I.sub.n) which represents a discrete number of input variables and from a state vector (Z.sub.n) which represents a discrete number of state variables, to determine a new state vector (Z.sub.n+1) whose state variables are updated, as well as an output vector (O.sub.n) which represents a discrete number of output variables, wherein the output variables are provided for controlling at least one appliance and/or for outputting information. The system comprises a plurality of computation units which in parallel determine the new state vector and the output vector from the input vector and the state vector. According to the invention, the system is configured such that at least all news state vectors are exchanged between the computation units after each cycle.

A network includes a plurality of nodes and a plurality of links communicatively coupling each of the nodes to at least one respective adjacent node via a first communication channel and to another respective adjacent node via a second communication channel. The nodes and links have a braided ring topology. First and second nodes of the plurality of nodes source data, are adjacent nodes, and at least one is a source node. The first node sends a first communication to the second node via a third node that is adjacent the first node and via a fourth node that is adjacent the second node. The second node sends a second communication to the first node via the third node and via the fourth node. At least one of the first and second nodes terminates transmission of the first and second communications when the first and second communications do not match.

A graphics processing system includes a plurality of processing units for processing tasks, each processing unit being configured to process a task independently from any other processing unit of the plurality of processing units; a check unit operable to form a signature which is characteristic of an output of a processing unit on processing a task; and a fault detection unit operable to compare signatures formed at the check unit; wherein the graphics processing system is configured to process each task of a first type first and second times at the plurality of processing units so as to, respectively, generate first and second processed outputs, wherein the check unit is configured to form first and second signatures which are characteristic of, respectively, the first and second processed outputs, and wherein the fault detection unit is configured to compare the first and second signatures and raise a fault signal if the first and second signatures do not match.

Systems and methods for command line voting are provided. Aspects include obtaining, by an output logic device, a plurality of memory blocks from a plurality of buffers, each of the plurality of memory blocks including two or more output commands generated from a processing circuit based on a sensor data input, generating, by a hash function, a hash value for each of the plurality of memory blocks, comparing the hash value for each of the plurality of memory blocks to determine an output memory block from the plurality of memory blocks, and outputting, to an output hardware, the two more output commands from the output memory block.

A system includes a central processing unit (CPU), a first input/output (I/O) module, and a second I/O module. The first I/O module includes a first module health controller operatively connected to the CPU. The second I/O module includes a second module health controller operatively connected to the first module health controller and the CPU. One of the first module health controller and the second module health controller is configured to assert a paired module health signal to the CPU indicating that the first I/O module and the second I/O module are health.

The invention relates to a system (1), comprising at least two asynchronous computers (2-i), on each of which at least one application (A) is executed, which provides control data (SD) for at least one actuation system (3), wherein the provided control data (SD) are transmitted by a control-authorized computer (2-i) that assumes a master computer status (M-RS) to the actuation system (3) for the control thereof, wherein the computers (2-i) of the system (1) cyclically exchange state data (ZD) and performance data (LD) with each other by means of a data interface in a data exchange (DAS), wherein the computers (2-i) each determine, on the basis of the state and performance data (ZD.sub.opp, LD.sub.opp) received from other computers (2-j) and on the basis of the computer's own state and performance data (ZD.sub.own, LD.sub.own, in a master/slave selection (MSA) performed on the computer (2-i), a computer status (RS) as a control-authorized or non-control-authorized computer (2-i) to be assumed by the particular computer (2-i) itself.

Devices systems and methods are disclosed providing a highly fault tolerant Command, Control, and Data Handling (CC&DH) system immune to byzantine faults. The system includes a plurality of High Integrity Computing Elements each capable of delivering data immune to byzantine faults, an arbitrary communication interface, and a number of peripheral devices providing input and output to the system. The system is capable of providing high integrity data immune to byzantine faults throughout the system. Using one greater High Integrity Computing Elements than the number of faults required allows for implementation of a wide range of redundant systems including dual, triple, quad, and beyond redundancy using voting computers. The system is implemented using any number of standard computing elements, which is greater than two, a communication abstraction, data exchange, mission algorithm, and data comparison producing data immune to byzantine errors to the remaining peripherals in the system.