In a self-driving autonomous vehicle, a controller architecture includes multiple processors within the same box. Each processor monitors the others and takes appropriate safe action when needed. Some processors may run dormant or low priority redundant functions that become active when another processor is detected to have failed. The processors are independently powered and independently execute redundant algorithms from sensor data processing to actuation commands using different hardware capabilities (GPUs, processing cores, different input signals, etc.). Intentional hardware and software diversity improves fault tolerance. The resulting fault-tolerant/fail-operational system meets ISO26262 ASIL D specifications based on a single electronic controller unit platform that can be used for self-driving vehicles.

The voter circuit and method determines a voted output among plural inputs each carrying circular data. To supply the voted output, a statistical average (e.g., mean or median) is computed by grouping the plural inputs into pairs, and for each pair generating a minimum angular difference by selecting the minimum of (a) the absolute difference between the pairs of inputs, and (b) the conjugate of the absolute difference between the pairs of inputs. The voted output is a statistical average generated from the minimum angular difference.

A first plurality of replicated state machines may execute a sequence of ordered agreements to make mutations to a data stored in a first data storage service of a first type. A second plurality of replicated state machines may execute the sequence of ordered agreements to make mutations to the data stored in a second data storage service of a second type. First metadata of the mutated data stored in the first data storage service may then be received and stored, and second metadata of the mutated data may be stored in the second data storage service. The stored first and second metadata may then be compared when the data have settled, and a selected action carried out based upon the result of the comparison.

A method and system for performing a flexible Byzantine fault tolerant (BFT) protocol. The method includes sending, from a client device, a proposed value to a plurality of replica devices and receiving, from at least one of the plurality of replica devices, a safe vote on the proposed value. The replica device sends the safe vote, based on a first quorum being reached, to the client device and each of the other replica devices of the plurality of replica devices. The method further includes determining that a number of received safe votes for the proposed value meets or exceeds a second quorum threshold, selecting the proposed value based on the determination, and setting a period of time within which to receive additional votes. The method further includes, based on the period of time elapsing without receiving the additional votes, committing the selected value for the single view.

The voter circuit and method determines a voted output among plural inputs each carrying circular data. To supply the voted output, a statistical average (e.g., mean or median) is computed by grouping the plural inputs into pairs, and for each pair generating a minimum angular difference by selecting the minimum of (a) the absolute difference between the pairs of inputs, and (b) the conjugate of the absolute difference between the pairs of inputs. The voted output is a statistical average generated from the minimum angular difference.

A networked database management system (DBMS) is disclosed. In particular, the disclosed DBMS includes a plurality of nodes, one of which is elected as a designated leader. The designated leader is elected using a consensus algorithm, such as tabulated random votes, RAFT or PAXOS. The designated leader is responsible for managing open coding lines, and determining when to close an open coding line.

The voter circuit and method determines a voted output among plural inputs each carrying circular data. To supply the voted output, a statistical average (e.g., mean or median) is computed by grouping the plural inputs into pairs, and for each pair generating a minimum angular difference by selecting the minimum of (a) the absolute difference between the pairs of inputs, and (b) the conjugate of the absolute difference between the pairs of inputs. The voted output is a statistical average generated from the minimum angular difference.

Methods, systems, and computer-readable media for a cell-based storage system with failure isolation are disclosed. A first subset of storage nodes is selected from a set of storage nodes of a data store and assigned to a first partition of data. Replicas of the first partition are stored using the first subset. A second subset of storage nodes is selected from the set of storage nodes and assigned to a second partition of data. The second subset is selected based (at least in part) on the membership of the first subset, and the second subset comprises at least one node not present in the first. Replicas of the second partition are stored using the second subset. Access requests associated with the first partition are routed to the first subset of storage nodes. Access requests associated with the second partition are routed to the second subset of storage nodes.

A method and system for performing a flexible Byzantine fault tolerant (BFT) protocol. The method includes sending, from a client device, a proposed value to a plurality of replica devices and receiving, from at least one of the plurality of replica devices, a safe vote on the proposed value. The replica device sends the safe vote, based on a first quorum being reached, to the client device and each of the other replica devices of the plurality of replica devices. The method further includes determining that a number of received safe votes for the proposed value meets or exceeds a second quorum threshold, selecting the proposed value based on the determination, and setting a period of time within which to receive additional votes. The method further includes, based on the period of time elapsing without receiving the additional votes, committing the selected value for the single view.

In a self-driving autonomous vehicle, a controller architecture includes multiple processors within the same box. Each processor monitors the others and takes appropriate safe action when needed, Some processors may run dormant or low priority redundant functions that become active when another processor is detected to have failed. The processors are independently powered and independently execute redundant algorithms from sensor data processing to actuation commands using different hardware capabilities (GPUs, processing cores, different input signals, etc.). Intentional hardware and software diversity improves fault tolerance. The resulting fault-tolerant/fail-operational system meets ISO26262 ASIL-D specifications based on a single electronic controller unit platform that can be used for self-driving vehicles.