A computing device includes a first unit and a second unit. In response to receipt of a request corresponding to a computing function, the first unit may: determine an execution context; trigger a first execution of the function on the second unit, this delivering a first comparison parameter, a first temporal execution parameter being associated with the first comparison parameter; trigger a second execution of the function on the second unit, this delivering a second comparison parameter, a second temporal execution parameter being associated with the second comparison parameter; compare the first and second comparison parameters, a temporal comparison parameter being associated with the result of the comparison; and determine a computing status.

A method for managing communications involving a lockstep processing comprising at least a first processor and a second processor can include receiving, at a data synchronizer, a first signal from a first device. The method can also include receiving, at the data synchronizer, a second signal from a second device. In addition, the method can include determining, by the data synchronizer, whether the first signal is equal to the second signal. When the first signal is equal to the second signal, the method can include transmitting, by the data synchronizer, the first signal to the first processor and the second signal to the second processor. Specifically, in example embodiments, transmitting the first signal to the first processor can occur synchronously with transmitting the second signal to the second processor.

A method for managing communications involving a lockstep processing comprising at least a first processor and a second processor can include receiving, at a data synchronizer, a first signal from a first device. The method can also include receiving, at the data synchronizer, a second signal from a second device. In addition, the method can include determining, by the data synchronizer, whether the first signal is equal to the second signal. When the first signal is equal to the second signal, the method can include transmitting, by the data synchronizer, the first signal to the first processor and the second signal to the second processor. Specifically, in example embodiments, transmitting the first signal to the first processor can occur synchronously with transmitting the second signal to the second processor.

A system that may include multiple driving related systems that are configured to perform driving related operations; a selection module; multiple fault collection and management units that are configured to monitor statuses of the multiple driving related systems and to report, to the selection module, at least one out of (a) an occurrence of at least one critical fault, (b) an absence of at least one critical fault, (c) an occurrence of at least one non-critical fault, and (d) an absence of at least one non-critical fault; and wherein the selection module is configured to respond to the report by performing at least one out of: (i) reset at least one entity out of the multiple fault collection and management units and the multiple driving related systems; and (ii) select data outputted from a driving related systems.

Conventional semiconductor devices are problematic in that an operation cannot be continued in the event of a failure of one of CPU cores performing a lock step operation and, as a result, reliability cannot be improved. The semiconductor device according to the present invention includes a computing unit including a first CPU core and a second CPU core that perform a lock step operation, wherein the first CPU core and the second CPU core respectively diagnose failures of internal logic circuits, and a sequence control circuit switches the CPU core that outputs data to a shared resource, in the computing unit based on the diagnosed result.

The invention relates to a time-controlled distribution unit (30, 31) for the distribution of messages in a distributed computer system for safety-critical applications. Said distribution unit is designed as a self-testing functional unit and comprises input channels (201 . . . 222) for receiving time-controlled periodic input messages from node computers (20, 21, 22) upstream in the data flow, and output channels (301 . . . 333) for transmitting time-controlled periodic output messages to the node computers (50, 51, 52) downstream in the data flow, a computer (40) being provided in the distribution unit and being designed to analyze, by means of a simple software, useful information contained in the input messages, and to decide whether output messages are output and, if so, which useful information is contained in the output messages.

A resilient system implementation in a network-on-ship with at least one functional logic unit and at least one duplicated logic unit. A resilient system and method, in accordance with the invention, are disclosed for detecting a fault or an uncorrectable error and isolating the fault. Isolation of the fault prevents further propagation of the fault throughout the system. The resilient system includes isolation logic or an isolation unit that isolates the fault.

Aspects disclosed herein relate to periodic non-intrusive diagnosis of lockstep systems. An exemplary method includes comparing execution of a program on a first processing system of the plurality of processing systems and execution of the program on a second processing system of the plurality of processing systems using a first comparator circuit, comparing the execution of the program on the first processing system and the execution of the program on the second processing system using a second comparator circuit, and running a diagnosis program on the second comparator circuit while the comparing using the first comparator circuit is ongoing.

A method of verifying processing logic of a graphics processing unit receives a test task including a predefined set of instructions for execution on the graphics processing unit, the predefined set of instructions being configured to perform a predetermined set of operations on the graphics processing unit when executed for predefined input data. In a test phase, the test task is processed by executing the predefined set of instructions for the predefined input data first and second times at the graphics processing unit so as to, respectively, generate first and second outputs. A fault signal is raised if the first and second outputs do not match.

A computer-implemented method for managing storage devices in a storage subsystem having an array of storage devices, according to one embodiment, includes determining that at least one storage device in the array of storage devices has failed. Storage device characteristics of the failed storage device are compared with storage device characteristics of each of a plurality of candidate devices, and an attempt is made to identify a first candidate storage device having storage device characteristics that match the storage device characteristics of the failed storage device. A second candidate storage device having storage device characteristics most similar to the storage device characteristics of the failed storage device is identified in response to not identifying a candidate device that matches the failed storage device.