Examples include a first computer system operating in lockstep with a second computer system. The first computer system includes a first signature generator to generate a first digital signature representing a first write operation by a first memory controller to a first memory, the first write operation to store data at an address in the first memory, and a first signature register to store the first digital signature. The second computer system includes a second signature generator to generate a second digital signature representing a second write operation by a second memory controller to a second memory, the second write operation to store the data at the address in the second memory, and a second signature register to store the second digital signature. The first digital signature is compared to the second digital signature and a lockstep error is detected when the first digital signature does not match the second digital signature.

A system is configured to ensure transactional integrity thereof. The system includes a first subsystem and a second subsystem. Each of the subsystems receive the same request to process a transaction. An indicia engine at each subsystem computes indicia of the outcome of the processing of the same request. The computed indicia from each of the subsystems is compared. An action is completed at one of the subsystems when the computed indicia does not match. The action completed at one of the subsystems is one or more of issuing a database rollback on one of the subsystems, executing self-diagnostics on one of the subsystems, shutting down one of the subsystems, taking one of the subsystems offline, aborting the transaction executing on one of the subsystems, and generating an error indication for one of the subsystems.

A field programmable gate array (FPGA) including a root of trust architecture. The architecture includes a system controller providing system control commands for the architecture and a cryptography processor for performing a hash or key operation for authentication of controller-embedded software and attestation of correct firmware in external system resources. The architecture also includes a lock-step fault-tolerant processor being responsive to messages from the system controller, and including a plurality of soft lock-step cores. Each soft core including separate memory and resources and operating on the same input, where each soft core provides output messages that are analyzed by a logic in the fault-tolerant processor that selects one of the messages to be output to the cryptography processor.

A microcontroller includes two processing blocks that respectively have a Central Processing Unit (CPU) and a peripheral circuit, where an access to the peripheral circuit in each of the processing blocks, that is, to a Read-Only Memory (ROM) or a Pulse Width Modulator (PWM) signal generator, is limited only from the CPU disposed in the same processing block. Thereby a fail-safe functionality of the microcontroller is improved.

The present disclosure provides an intelligent roadside unit. The intelligent roadside unit includes: a radar configured to detect an obstacle within a first preset range of the intelligent roadside unit; a camera configured to capture an image of a second preset range of the intelligent roadside unit; a master processor coupled to the radar and the camera, and configured to generate a point cloud image according to information on the obstacle detected by the radar and the image detected by the camera; and a slave processor coupled to the radar and the camera, and configured to generate a point cloud image according to the information on the obstacle detected by the radar and the image detected by the camera, in which the slave processor checks the master processor, and when the original master processor breaks down, it is switched from the master processor to the slave processor.

The disclosure herein describes a method and a system for message based communication and failure recovery for FPGA middleware framework. A combination of FPGA and middleware framework provides a high throughput, low latency messaging and can reduce development time as most of the components can be re-used. Further the message based communication architecture built on a FPGA framework performs middleware activities that would enable reliable communication using TCP/UDP between different platforms regardless of their deployment. The proposed FPGA middleware framework provides for reliable communication of UDP based on TCP as well as failure recovery with minimum latency during a failover of an active FPGA framework during its operation, by using a passive FPGA in real-time and dynamic synchronization with the active FPGA.

A computing device has access to a normal code execution environment and a suspect code execution environment. Suspect code data indicative of code that has been determined to be likely to cause a crash is accessed. Program code is executed using the normal code execution environment until suspect code as indicated in the suspect code data is encountered. Execution of suspect code takes place within the suspect code execution environment where a failure, if any, is contained. If the suspect code executing within the suspect code execution environment completes without failure, the resulting execution context is transferred to the normal code execution environment for continued processing. Otherwise, the suspect code is skipped and processing continues in the normal code execution environment. The code execution environments may be different cores of the same processor, different processors, or different devices.

Apparatuses of systems that provide Safety Integration Levels (SILs) and Hardware Fault Tolerance (HFT) include a first die, the first die including first processing logic connected to a first connection and the first connection connected to second processing logic of a second die. The first die may further include a second connection to an input/output (I/O) channel where the second connection is coupled to the first processing logic. The apparatuses may further include a second die, the second die including second processing logic and a third connection from a secondary device coupled to the second processing logic. The secondary device is outside the system. The second processing logic is configured to select among three configurations based on signals from the second processing logic and the secondary device: sending first output data on the I/O output channel, sending second output data on the I/O output channel, or de-energizing the I/O channel.

Mechanisms for reducing memory inconsistencies between two synchronized computing devices are provided. A first hypervisor module of a first computing device iteratively determines that content of a memory page of a plurality of memory pages has been modified. The content of the memory page is sent to a second hypervisor module on a second computing device. At least one other memory page of the plurality of memory pages is identified, and a verification value based on the content of the at least one other memory page is generated. The verification value and a memory page identifier that identifies the at least one other memory page is sent to the second hypervisor module on the second computing device.

A computing device includes a first unit and a second unit. In response to receipt of a request corresponding to a computing function, the first unit may: determine an execution context; trigger a first execution of the function on the second unit, this delivering a first comparison parameter, a first temporal execution parameter being associated with the first comparison parameter; trigger a second execution of the function on the second unit, this delivering a second comparison parameter, a second temporal execution parameter being associated with the second comparison parameter; compare the first and second comparison parameters, a temporal comparison parameter being associated with the result of the comparison; and determine a computing status.