A data processing apparatus (2) has scalar processing circuitry (32-42) and vector processing circuitry (38, 40, 42). When executing main scalar processing on the scalar processing circuitry (32-42), or main vector processing using a subset of said plurality of lanes on the vector processing circuitry (38, 40, 42), checker processing is executed using at least one lane of the plurality of lanes on the vector processing circuitry (38, 40, 42), the checker processing comprising operations corresponding to at least part of the main scalar/vector processing. Errors can then be detected based on a comparison of an outcome of the main processing and an outcome of the checker processing. This provides a technique for achieving functional safety in a high end processor with better performance and reduced hardware cost compared to a dual/triple core lockstep approach.

A system, method, and computer readable medium for consistent and transparent replication of multi process multi threaded applications. The computer readable medium includes computer-executable instructions for execution by a processing system. Primary applications runs on primary hosts and one or more replicated instances of each primary application run on one or more backup hosts. Replica consistency between primary application and its replicas is provided by imposing the execution ordering of the primary on all its replicas. The execution ordering on a primary is captured by intercepting calls to the operating system and libraries, sending replication messages to its replicas, and using interception on the replicas to enforce said captured primary execution order. Replication consistency is provided without requiring modifications to the application, operating system or libraries.

A system, method, and computer readable medium for asynchronous live migration of applications between two or more servers. The computer readable medium includes computer-executable instructions for execution by a processing system. Primary applications runs on primary hosts and one or more replicated instances of each primary application run on one or more backup hosts. Asynchronous live migration is provided through a combination of process replication, logging, barrier synchronization, checkpointing, reliable messaging and message playback. The live migration is transparent to the application and requires no modification to the application, operating system, networking stack or libraries.

A method for synchronizing processor units. An external synchronizer is communicated with to determine whether an undesired amount of skew is present between a first processor unit and a second processor unit in communication with a synchronization system. The first processor unit is selectively directed to perform an action without generating a needed result such that the undesired amount of skew between the first processor unit and the second processor unit is reduced when the undesired amount of skew is present in the first processor unit. The first processor unit and the second processor unit are associated with each other for a high integrity mode in which integrity checks are performed on corresponding messages generated by the first processor unit and the second processor unit.

A method to check for redundancy in two or more data lines comprises receiving data on a first data line, computing a first cyclic redundancy check (CRC) value on the data of the first data line, performing an exclusive OR (XOR) function on the first CRC value with a stored memory value, and updating the stored memory value with a result of the XOR function, and repeating on additional data lines until a last line is processed such that an error is indicated if a final stored memory value is not zero. An apparatus to check that two cores are operating in lockstep comprises a first core comprising a first data checker, a second core comprising a second data checker, and a lockstep checker to compare an output of the first data checker with an output of the second data checker.

A method of transferring memory from an active to a standby memory in an FT Server system. The method includes the steps of: reserving a portion of memory using BIOS; loading and initializing an FT Kernel Mode Driver; loading and initializing an FT Virtual Machine Manager (FTVMM) including the Second Level Address Translation table SLAT into the reserved memory. In another embodiment, the method includes tracking memory accesses using the FTVMM's SLAT in Reserved Memory and tracking L2 Guest memory accesses by tracking the current Guest's SLAT and intercepting the Hypervisor's writes to the SLAT. In yet another embodiment, the method includes entering Brownout by collecting the D-Bits; invalidating the processor's cached SLAT translation entries, and copying the dirtied pages from the active memory to memory in the second Subsystem. In one embodiment, the method includes entering Blackout and moving the final dirty pages from active to the mirror memory.

A method of transferring memory from an active to a standby memory in an FT Server system. The method includes the steps of: reserving a portion of memory using BIOS; loading and initializing an FT Kernel Mode Driver; loading and initializing an FT Virtual Machine Manager (FTVMM) including the Second Level Address Translation table SLAT into the reserved memory. In another embodiment, the method includes tracking memory accesses using the FTVMM's SLAT in Reserved Memory and tracking L2 Guest memory accesses by tracking the current Guest's SLAT and intercepting the Hypervisor's writes to the SLAT. In yet another embodiment, the method includes entering Brownout by collecting the D-Bits; invalidating the processor's cached SLAT translation entries, and copying the dirtied pages from the active memory to memory in the second Subsystem. In one embodiment, the method includes entering Blackout and moving the final dirty pages from active to the mirror memory.

In a process synchronization control system for performing a synchronization process of synchronizing a process among redundant channels, each of the channels includes an input unit; an output unit; a processing unit; a process execution timer which is used for executing a process in the channels; and a waiting time measurement timer which measures a waiting time in the synchronization process, in which the processing unit executes: a synchronization signal output process of outputting the synchronization signal to other channels at the start of the synchronization process; a synchronization signal input process of waiting for the synchronization signal input from the other channels until a predetermined waiting time by the waiting time measurement timer elapses; and a timer synchronization process of synchronizing the process execution timer if the synchronization signal of the other channels is input after the elapse of the waiting time.

A system and related method for I/O synchronization in a high integrity multi-core processing environment (MCPE) incorporates logical computing units (LCU) of two or more homogeneous processing cores, each core running a guest operating system (GOS) and user applications such that the homogeneous cores concurrently generate the same output data (which the GOS loads to an I/O synchronization engine (IOSE)) or receive the same output data from the IOSE. The IOSE verifies data integrity by comparing the concurrently received datasets and selects a verified dataset for routing to other cores or externally to the MCPE. The IOSE receives and atomically replicates input data for synchronous transfer to, and consumption by, the user applications running on the cores of the LCU.

The present invention realizes a functional safety of a multiprocessor system without tightly coupling processor elements. When causing a plurality of processor elements to execute the same data processing and realizing a functional safety of the processor element, there is adopted a bus interface unit that performs control of performing safety measure processing when the non-coincidence of access requests issued from the processor elements has been fixed, and of starting access processing responding the access request when these access requests coincide with one another.