A data processing apparatus (2) has scalar processing circuitry (32-42) and vector processing circuitry (38, 40, 42). When executing main scalar processing on the scalar processing circuitry (32-42), or main vector processing using a subset of said plurality of lanes on the vector processing circuitry (38, 40, 42), checker processing is executed using at least one lane of the plurality of lanes on the vector processing circuitry (38, 40, 42), the checker processing comprising operations corresponding to at least part of the main scalar/vector processing. Errors can then be detected based on a comparison of an outcome of the main processing and an outcome of the checker processing. This provides a technique for achieving functional safety in a high end processor with better performance and reduced hardware cost compared to a dual/triple core lockstep approach.

Technologies for ensuring functional safety of an electronic device include receiving data by a primary and secondary hardware unit and performing a function on the data. Each of the primary and secondary hardware unit perform the same function on their respective set of data to generate corresponding results. A determination is made whether the hardware units are synchronized and the results can be compared. If so, the results are compared and an alert is generated if the results do not match.

A method is provided for ensuring transactional integrity of a system that includes a first subsystem and a second subsystem. Each of the subsystems receive the same request to process a transaction. An indicia engine at each subsystem computes indicia of the outcome of the processing of the same request. The computed indicia from each of the subsystems is compared. An action is completed at one of the subsystems when the computed indicia does not match. The action completed at one of the subsystems is one or more of issuing a database rollback on one of the subsystems, executing self-diagnostics on one of the subsystems, shutting down one of the subsystems, taking one of the subsystems offline, aborting the transaction executing on one of the subsystems, and generating an error indication for one of the subsystems.

According to one embodiment, a control device includes one or more processors. The one or more processors receive a message. The one or more processors determine whether the received message has been replicated and transmitted. The one or more processors instruct recording of difference information between a message before replication and the received message when it is determined that the received message has been replicated and transmitted.

A monitoring device is mounted in each of a plurality of operational systems constituting a fault-tolerant system. The plurality of operational systems have an identical configuration including a processor system. The monitoring device includes a processor. The processor executes instruction to read data from a predetermined storage area in a memory of an accessory device to be monitored, connected to the processor system. The processor further executes instruction to compare the read data with reference data held in advance. The processor further executes instruction to separate the processor system connected to the accessory device to be monitored from the fault-tolerant system when the read data is different from the reference data.

A system includes a first fail-safe chassis (FSC) receives module health signals from a plurality of modules and generates a first chassis health signal. The chassis health signal includes first and second portions. A plurality of modules receives the chassis health signal. The FSC determines whether one or more of the module heals signals indicates an associated module is unhealthy by comparing the module health signals and a predetermined health value. The FSC selectively de-asserts the first chassis health signal based on the comparison. A second FSC operates similarly. A safety relay box determines the health of the system in accordance with the first and second chassis health signals.

A programmable electronic computer embedded in an avionics environment on board an aircraft for implementing at least one critical function and associated electronic device, method and computer program are disclosed. In one aspect, the electronic computer includes at least one control module configured to implement a respective critical function and configured to deliver at least one output data item associated with the critical function, and at least one monitoring module of a control module of another electronic computer. Each monitoring module configured to implement the same respective critical function as the one implemented by the monitored control module.

An information processing system includes a first determining unit, a second determining unit, and a processing unit. The first determining unit determines a result indicating a second fixed state for data when a first condition is satisfied, the first condition indicating that t2 or more results of a first recommended state or a first fixed state are selected for the same data. The second determining unit determines the result indicating the first fixed state for the data when a second condition is satisfied, the second condition indicating that t1 or more results indicating the second fixed state are selected for the same data. The second determining unit also determines the result indicating the first recommended state for the data when a third condition is satisfied, the third condition indicating that (b+1) or more results indicating the second fixed state are selected for the same data.

A circuit (100) for detecting faults for a motor vehicle electronic computer, comprising: a main microcontroller (110) having, at least two microcontroller cores (111, 112) configured to execute the same instructions in parallel, andat least a first software module (113) providing a critical function of a motor vehicle, the first software module comprising a predetermined input point (Pin) and a predetermined output point (Sout) a supervision microcontroller (120) and a synchronous communication interface (130) for coupling the main microcontroller (110) and the supervision microcontroller (120) in such a way as to allow mutual supervision. The detection circuit makes it possible to detect systematic and random faults.

A management system for a plant facility is disclosed. The system includes a first field device that measures a process value, a first control node that calculates a first control value based on the process value, a second field device that operates according to the first control value, and an application node that configures one or more parameters for calculating the first control value. The first control node compares the first control value with a second control value calculated by one of the first field device, a second control node, and the application node. When determining that the first and the second control value are identical, the first control node sets the first control value to the second field device.