A computer implemented method, apparatus, and computer program product for transferring information with an aircraft. A connection is established between an onboard electronic distribution system executing in an aircraft data processing system in the aircraft and an on ground component. Responsive to a request for a command from the on ground component, the command for execution is identified. The identified command is sent to the onboard electronic distribution system from an on ground component. A transaction identifier is assigned to the command. A transaction associated with the command is maintained on the onboard electronic distribution system and the on ground component using the transaction identifier. An uplink is initiated by the on ground component. An aircraft software part is sent to the onboard electronic distribution system from the on ground component to perform the uplink. A status of a transfer of the aircraft software part on ground component is stored.

A failure detection circuit for a motor vehicle electronic computer, including: a main microcontroller having at least two microcontroller cores configured to execute the same instructions in parallel, and at least one first software module providing a critical function of a motor vehicle. The first software module includes a predetermined input point and a predetermined output point a supervision microcontroller and a synchronous communication interface for coupling the main microcontroller and the supervision microcontroller so as to enable mutual supervision. The detection circuit makes it possible to detect systematic and random failures.

A fault detection system includes a sensor configured to measure a physical quantity and generate a measurement of the physical quantity; a first processor configured to receive the measurement, execute a first firmware based on the measurement, and output a first result of the executed first firmware; a second processor configured to receive the measurement from the sensor, execute a second firmware based on the measurement, and output a second result of the executed second firmware, wherein the first firmware and the second firmware provide a same nominal function in a diverse manner for calculating the first result and the second result, respectively, such that the first result and the second result are expected to be within a predetermined margin; and a fault detection circuit configured to detect a fault when the first result and the second result are not within the predetermined margin.

A smart exception handler system for safety-critical real-time systems is provided. The system is configured to: receive a plurality of parameters at a plurality of nodal points in a real-time execution path; analyze the received parameters using a trained exception handling model, wherein the trained exception handling model has been trained using machine learning techniques to learn the critical path of execution and/or critical range of parameters at critical nodes, wherein the critical range of parameters comprises a learned threshold at a node; compute, using the trained exception handling model, a probability of fault at the critical nodes; compare the probability of fault at a critical node against a learned threshold at the node; and take proactive action in real-time to avoid the occurrence of a fault when the probability of fault at the node is higher than the learned threshold at the node.

A peripheral integrated circuit (IC) device for providing support to a data processing IC device. The peripheral IC device comprises a fault detection component arranged to detect an occurrence of fault conditions within the data processing IC device. The peripheral IC device further comprises a safe state control component. Upon detection of a fault condition occurring within the data processing IC device by the fault detection component, the safe state control component is arranged to cause at least one I/O cell of the data processing IC device to be configured into at least one scan-chain, and cause at least one predefined control signal to be scanned into the at least one scan-chain to configure the at least one I/O cell into a state corresponding to the predefined control signal.

The present invention provides a method of managing shut down of a motor vehicle (100) comprising the steps of determining (S207) by means of a computing device that it is required to shut down the vehicle and, responsive to the determination that it is required to shut down the vehicle (PM=1), forcing shutdown of the vehicle (S212) by means of the computing device after a prescribed time period has elapsed (S211) if the motor vehicle has not shut down within the prescribed time period.

An abnormality monitoring circuit of an ECU includes a microcomputer, a reset circuit that resets the microcomputer, a monitor circuit that monitors the operation of the microcomputer, and an output circuit that activates an external actuator. The monitor circuit has an abnormality decision signal output section that outputs an abnormality decision signal to the output circuit when not being able to confirm that an output of a normal monitor signal of the microcomputer has occurred within an abnormality decision time. The monitor circuit has a reset decision signal output section that outputs a reset decision signal to the reset circuit when not being able to confirm that an output of the normal monitor signal of the microcomputer has occurred within a BIST (Built In Self Test) completion time of the microcomputer and a reset decision time set to a time longer than the abnormality decision time.

Provided is an onboard electronic control unit. A CPU regularly performs a memory check and, if a determination has been made that there is an error in the memory content, writes the number of times an error has been determined to an error count storage unit, and resets itself. Immediately after the CPU has been reset and before the first memory check is performed, an error determination unit determines whether or not the error count stored in the error count storage unit is at least an error determination threshold. If the error count is at least the error determination threshold, an error response unit causes the CPU to execute a specific error response program, out of the programs in the memory.

This on-board unit is an on-board unit that is attached to a vehicle, stores information about the vehicle, and performs a process using the information about the vehicle, and includes a state information acquisition unit that acquires state information indicating a state of the on-board unit, a storage unit management unit that stores state information in a storage unit when the on-board unit is powered off, and a fault determination unit that determines whether or not state information acquired when the on-board unit is powered on matches the state information stored in the storage unit, and determines a fault when the fault determination unit determines that the state information acquired when the on-board unit is powered on does not match the state information stored in the storage unit.

A software component assigning system for a vehicle includes electronic control units connected to a common network in the vehicle, one of the electronic control units being an integrated control electronic control unit which is configured to: acquire a first rank value of each of the electronic control units, the first rank value becoming higher as a probability of occurrence of a malfunction is higher; acquire a second rank value of an additional software component that is additionally arranged in any one of the electronic control units, the second rank value becoming higher as a level of importance; and decide an electronic control unit to arrange the additional software component from among the electronic control units such that the additional software component is arranged in the electronic control unit of which the first rank value is lower as the second rank value of the additional software component is higher.