Computer-implemented methods and systems are provided for detecting a failed server. The computer-implemented method includes detecting a plurality of servers within a network, allowing each of the plurality of servers to monitor a state of other servers of the plurality of servers, and in response to detecting a failed server, allowing another server of the plurality of servers to complete remaining work of the failed server.

A redundant computer system utilizing comparison diagnostics and voting techniques includes a plurality of redundant channels. Each pair of the processors receives/obtains process information from I/O modules via dual redundant sensors (DRS). The processors execute an application program, whereby output module is utilized for comparing output data of the two processors. Output module receives output data from neighboring modules, if there is a deviation or other disparity in the output data. Each pair of processors, a voter and an improper sequence detector component disables the output module, if a majority of signals vote that output module fails. In addition, the system uses 2-of-3 voting, the system remains operational in the presence of up two transient or hard failures.

A module health system includes a module health circuit comprising a hardware register that is set to a first value in response to the system starting, an application register that is set to the first value in response to the system starting and a watchdog timer register that is set to the first value in response to the system starting. The system further includes a power on self-test that determines whether the system has passed a plurality of tests and that selectively sets the hardware register to a second value based on the determination, an external software application that determines whether a safety critical system is healthy and selectively sets the application register based on the determination, a watchdog timer application that selectively sets the watchdog timer register, a central processing unit that determines whether to de-assert a module health signal.

Techniques for repair and/or recovery of computer program(s) installed on a programmable device using a distributed ledger that is based on cryptography and blockchain technology are described. One or more self-reliance logic/modules can commit, to a distributed ledger that resides on interconnected devices, records of watchdog communications between the devices. One or more of interconnected devices may include a respective self-reliance logic/module. The logic/modules can use the records of the distributed ledger to check that computer program(s) on the interconnected devices are operating as expected. When a self-reliance logic/module fails to respond to a watchdog communication, the distributed ledger can be updated to include this failure. A self-reliance logic/module can determine, based on the distributed ledger and/or the failure, that an installed computer program is faulty. Furthermore, a self-reliance logic/module can initiate one or more software recovery services based on the determination. Other advantages and embodiments are described.

A controlling device 501 includes a controller 502 that executes control to functionally activate of, at least, a part of transmission lanes in multiple transmission lanes connecting a plurality of subsystems which run based on a lock-step method and an embedder 503 that executes an embedding operation to realize a multiplexing state using the part of transmission lanes controlled to functionally activate by the controller and the plurality of the subsystems, wherein, the controller determines whether or not the embedding operation succeeds, determines, when the embedding operation fails, whether or not an embedding operation using another part of transmission lanes, of the multiple transmission lanes, different from the part of transmission lanes used in the failure embedding operation, and executes, when the corporation processing succeeds, control to functionally activate the another part of transmission lanes.

An information processing device that executes an arithmetic process includes a first processing circuit and a second processing circuit. The first processing circuit executes the arithmetic process N times consecutively. The second processing circuit executes the arithmetic process N times consecutively. N is an integer of 2 or more. The first processing circuit and the second processing circuit continue to operate according to a match between at least one result among the results of the N arithmetic processes executed by the first processing circuit and at least one result among the results of the N arithmetic processes executed by the second processing circuit. As a result, it is possible to suppress an increase in cost required for hardware and to suppress a temporary stop due to a temporary failure.

A sensor system for providing a main signal and an error signal, comprising: a sensor unit providing a sensor signal; a first signal processor downstream of the sensor unit, adapted for receiving a second signal equal to or derived from a sensor signal, and for performing a first operations on the second signal so as to provide a first processed signal; a second signal processor for receiving the first processed signal and for performing second operations inverse of the first operations, so as to provide a second processed signal; and an evaluation unit for receiving the second signal and the second processed signal, and for evaluating whether the second signal matches the second processed signal within a predefined tolerance margin, and for providing the error signal.

A first processing element is configured to execute a first thread and one or more second processing elements are configured to execute one or more second threads that are redundant to the first thread. The first thread and the one or more second threads are to selectively bypass one or more comparisons of results of operations performed by the first thread and the one or more second threads depending on whether an event trigger for the comparison has occurred a configurable number of times since a previous comparison of previously encoded values of the results. In some cases the comparison can be performed based on hashed (or encoded) values of the results of a current operation and one or more previous operations.

A control system includes an arithmetic device configured of an A system arithmetic unit including a data dividing unit, a B system arithmetic unit including a data dividing unit, and an A system communication control unit including a data combining unit and a collation unit, wherein the A system arithmetic unit and the B system arithmetic unit have a duplex configuration, the A system arithmetic unit and the B system arithmetic unit are separated by a gap, a frame output from the A system arithmetic unit is transmitted to a B system communication control unit through the A system communication control unit and an interface element, and a frame output from the B system arithmetic unit is transmitted to the A system communication control unit through the B system communication control unit and an interface element.

A vehicle safety electronic control system includes a first microcontroller having a lockstep architecture with a lockstep core and a second microcontroller having at least two processing cores. The lockstep core of the first microcontroller is configured to monitor and control outputs of said at least two cores of the second microcontroller.