A method for validating incoming data to a computer system is provided. The method receives the incoming data, simultaneously, by the computer system and a mirror computer system, wherein the computer system is separate and distinct from the mirror computer system, wherein the computer system lacks a communication connection to the mirror computer system, and wherein the mirror computer system lacks a communication connection to the computer system; processes the incoming data by the mirror computer system, to produce output; and when the output comprises an acceptable result, processes the incoming data by the computer system.

A control apparatus includes a first controller configured to generate control signals for controlling an engine or other machine, a second controller configured to generate the control signals for controlling the machine, a transfer circuit, and an arbiter circuit. The transfer circuit is coupled between the machine and the controllers, and is configured to switch from a first state, where the transfer circuit passes the control signals from the first controller to the machine, to a second state, where the transfer circuit passes the control signals from the second controller to the machine, responsive to receiving a first failure signal from the first controller. The arbiter circuit includes three (or more) arbiters, and is configured to control the transfer circuit from the first state to the second state responsive to any two of the three arbiters generating second signals indicative of failure of the first controller.

A module health system includes a module health circuit comprising a hardware register that is set to a first value in response to the system starting, an application register that is set to the first value in response to the system starting and a watchdog timer register that is set to the first value in response to the system starting. The system further includes a power on self-test that determines whether the system has passed a plurality of tests and that selectively sets the hardware register to a second value based on the determination, an external software application that determines whether a safety critical system is healthy and selectively sets the application register based on the determination, a watchdog timer application that selectively sets the watchdog timer register, a central processing unit that determines whether to de-assert a module health signal.

An exemplary memory includes a first sub-wordline (SWL) driver configured to provide first data from a memory cell array, a second SWL driver configured to provide second data from a memory cell array, and an input/output (I/O) circuit configured to receive the first data and the second data from the first and second SWL drivers, respectively. The I/O circuit including a data terminal mapping circuit configured to selectively route the first data and the second data to different respective data terminal based on a data terminal mapping setting.

A multi-core processor having a first operation mode in which processors perform the same task and a second operation mode in which the processors perform different tasks includes first and second processors configured to write an operation mode value to a first register or second register when a function called in executed software requests the first or second operation mode, a manager configured to assign core IDs of the first and second processors according to the operation mode value stored in the first register or second register, and a reset controller configured to reset the first and second processors in response to the function, wherein the manager assigns the same core ID to the first and second processors when the operation mode value indicates the first operation mode, and allocates different core IDs to the first and second processors when the operation mode value indicates the second operation mode.

This disclosure provides an automation controller method, system and apparatus including a redundant watchdog utilizing a safety partner controller. According to an exemplary controller, the controller includes a first processing unit, a second processing unit, and an integrated circuit configured to receive as inputs fault indicator signals from the first and second processing units, and the integrated circuit configured to disable I/O communications for a fault condition detected by the first or second processing units.

A safety-relevant computer system, in particular a railway safety system, contains at least two hardware channels. A memory check results of the channels are fed to at least one comparator, which triggers an error response if the memory check results are not equal. In order to be able to use diverse software programs created by compilers, memory check results of the diverse software programs of each channel are fed to the comparator. The memory check results of a first software program of the first and second channels are compared with each other and the memory check results of a second software program of the first and second channels are compared with each other.

Examples may include intercepting packets outputted from a primary virtual machine (PVM) hosted by a first server and converting one or more fields of protocol headers for each intercepted packet such that output-packet-similarity may be increased between the PVM outputted packets and packets outputted by a secondary virtual machine (SVM) hosted by a second server.

Data is sent from a memory buffer device to a host device over a link. An error in the data is determined. A read response cancellation signal is sent to the host device to indicate the error to the host device, where the read response cancellation signal is to be sent subsequent to the data being sent from the memory buffer device to the host device.

A module health system includes a module health circuit comprising a hardware register that is set to a first value in response to the system starting, an application register that is set to the first value in response to the system starting and a watchdog timer register that is set to the first value in response to the system starting. The system further includes a power on self-test that determines whether the system has passed a plurality of tests and that selectively sets the hardware register to a second value based on the determination, an external software application that determines whether a safety critical system is healthy and selectively sets the application register based on the determination, a watchdog timer application that selectively sets the watchdog timer register, a central processing unit that determines whether to de-assert a module health signal.