A system for executing functionally equivalent applications. The system includes a cloud system including a plurality of cloud instances, the plurality of cloud instances being set up in each case to execute a functionally equivalent application in each case based on the same input data, the respective execution including a processing of the input data by the respective application in order to output an application result in each case, and a comparison device, which is set up to compare the respective application results in order to ascertain a comparison result and to output the comparison result that has been ascertained. A method for executing functionally equivalent applications, a computer program, and a machine-readable storage medium, are also described.

A vehicular control system includes a plurality of electronic control units (ECUs), each providing a respective quantity of computational units representative of an amount of processing power of the respective ECU. The ECUs operate a vehicle in a nominal autonomous operational mode when a sum of the quantity of computational units exceeds a threshold. The system, while the ECUs operate the vehicle in the nominal autonomous operational mode, and responsive to detecting a failure of one of the ECUs, determines whether a sum of the quantity of computational units of the remaining ECUs that do not have a failure exceeds the threshold. The ECUs, responsive to the system determining that the sum of the quantity of computational units of the remaining ECUs fails to exceed the threshold, switches from operating the vehicle in the nominal autonomous operational mode to operating the vehicle in a degraded autonomous operational mode.

A data processing system includes a system interconnect, a first master, and a bridge circuit. The bridge circuit is coupled between the first master and the system interconnect. The bridge circuit is configured to, in response to occurrence of an error in the first master, isolate the first master from the system interconnect, wherein the isolating by the bridge circuit is performed while the first master has one or more outstanding issued write commands to the system interconnect which have not been completed. The bridge circuit is further configured to, after isolating the first master from the system interconnect, complete the one or more outstanding issued write commands while the first master remains isolated from the system interconnect.

The invention relates to this method comprising the following steps, for at least one input/output parameter: duplicating and inserting a list of graphical commands associated with said parameter within a calculation module of said chain, from a current value of said parameter, obtaining a current cyclic redundancy code associated with a current micropattern, generated by executing said at least one list, comparing said current cyclic redundancy code with a reference cyclic redundancy code stored in a dedicated memory space for a substantially identical value of said parameter within a tolerance threshold, in the event of a difference in cyclic redundancy code value, automatic sanctioning of said chain at least by suspending its execution.

A processing system comprising a first processing domain and a second processing domain. Each of the first processing domain and the second processing domain comprises a multi-threaded processor core arranged to output a set of internal state signals representative of current states of internal components of the respective processor core. The processing system further comprises a supervisor component arranged to receive the sets of internal state signals output by the processor cores of the first and second processing domains, compare internal state signals output by the processor core of the first processing domain to corresponding internal state signals output by the processor core of the second processing domain, and upon detection of a mismatch between compared internal state signals to initiate a reset of a thread under the execution of which the detected mismatch of internal state signals occurred.

An apparatus has a processing pipeline (2) comprising an execute stage (30) and at least one front end stage (10), (20), (25) for controlling which micro operations are issued to the execute stage. The pipeline has an intra-core lockstep mode of operation in which the at least one front end stage (10), (20), (25) issues micro operations for controlling the execute stage (30) to perform main processing and checker processing. The checker processing comprises redundant operations corresponding to associated main operations of at least part of the main processing. Error handling circuitry (200), (210) is responsive to the detection of a mismatch between information associated with given checker and main operations to trigger a recovery operation to correct an error and continue forward progress of the main processing.

A system for executing a data flow graph comprises: at least two first actors each comprising means for independently executing a computation of a same data set comprising at least one datum, and producing a quality descriptor of the data set, the execution of the computation by each of at least two first actors being triggered by a synchronization system; a third actor, comprising means for triggering the execution of the computation by each of at least two first actors, and initializing a clock configured to emit an interrupt signal when a duration has elapsed; a fourth actor, comprising means for executing, at the latest at the interrupt signal from the clock: the selection, from the set of at least two first actors having produced a quality descriptor, of the one whose descriptor exhibits the most favorable value; the transfer of the data set computed by the selected actor.

A method includes: detecting a potential security breach associated with at least one component of a network environment; in response to detecting the potential security breach, determining a restorable state of the at least one component, wherein the restorable state is a state prior to the potential security breach; restoring the at least one component to the restorable state; and resuming operation of the at least one component of the network. Corresponding systems and computer program products are also disclosed.

Mechanisms for reducing memory inconsistencies between two synchronized computing devices are provided. A first hypervisor module of a first computing device iteratively determines that content of a memory page of a plurality of memory pages has been modified. The content of the memory page is sent to a second hypervisor module on a second computing device. At least one other memory page of the plurality of memory pages is identified, and a verification value based on the content of the at least one other memory page is generated. The verification value and a memory page identifier that identifies the at least one other memory page is sent to the second hypervisor module on the second computing device.

A fault detection system includes a sensor configured to measure a physical quantity and generate a measurement of the physical quantity; a first processor configured to receive the measurement, execute a first firmware based on the measurement, and output a first result of the executed first firmware; a second processor configured to receive the measurement from the sensor, execute a second firmware based on the measurement, and output a second result of the executed second firmware, wherein the first firmware and the second firmware provide a same nominal function in a diverse manner for calculating the first result and the second result, respectively, such that the first result and the second result are expected to be within a predetermined margin; and a fault detection circuit configured to detect a fault when the first result and the second result are not within the predetermined margin.