An information processing device is provided with: a first processing unit that generates first information by performing first processing with respect to sensor information acquired from a sensor; a second processing unit that generates second information by performing, with respect to the first information, second processing that is different from the first processing; and a third processing unit, which generates third information by performing, with respect to the first information, third processing, i.e., processing that corresponds to at least a part of the second processing, and which acquires the second information, and outputs the second information and the third information.

A method to detect hardware and software errors in an embedded system is disclosed. The method includes: detecting or measuring, by a plurality of sensors, an operating state of the embedded system; operating a plurality of replicated computation engines in group synchrony, wherein the plurality of replicated computation engines are replicated instances of a single computation engine and wherein the plurality of replicated computation engines are grouped into one or more groups such that, for each group, each member of the group starts in a same processing logic state and processes same events in the same order; intercepting output of the plurality of sensors and transmitting the output to each replicated computation engine of a group in a defined order; and actuating selected computation engines of the plurality of replicated computation engines and arbitrating between outputs of the selected computation engines.

Methods, system, non-transitory media, and devices for supporting safety compliant computing in a heterogeneous computing system, such as a vehicle heterogeneous computing system are disclosed. Various aspects include methods enabling a vehicle, such as an autonomous vehicle, a semi-autonomous vehicle, etc., to achieve algorithm safety for various algorithms on a heterogeneous compute platform with various safety levels.

An information processing device is provided with: a first processing unit that generates first information by performing first processing with respect to sensor information acquired from a sensor; a second processing unit that generates second information by performing, with respect to the first information, second processing that is different from the first processing; and a third processing unit, which generates third information by performing, with respect to the first information, third processing, i.e., processing that corresponds to at least a part of the second processing, and which acquires the second information, and outputs the second information and the third information.

A real-time data processing system is provided comprising a memory device with computer-readable program code stored thereon, a communication device in communication with a network, and a processing device operatively coupled to the memory device and the communication device. The system establishes an operable communication linkage with a first entity system and a second entity system, the first entity system and the second entity system sharing access to a resource repository stored on the second entity system. The system generates a repository image of the resource repository and tracks an interaction with the resource repository in real-time. Based on the tracked interaction, the system synchronizes the repository image with the resource repository, wherein synchronizing the repository image comprises mirroring the interaction on the repository image and updating the first entity system based on the repository image.

A method for operating a controlled object that is embedded in a changing environment. The controlled object and its environment are periodically observed using sensors. Independent data flow paths (DFP) are executed based on the data recorded through the observation of the controlled object and its environment. A first DFP determines a model of the controlled object and the environment of the controlled object and carries out a trajectory planning in order to create possible trajectories that, under the given environmental conditions, correspond to a specified task assignment. A second DFP determines a model of the controlled object and of the environment of the controlled object and determines a safe space-time domain (SRZD) in which all safe trajectories must be located. The results of the first and the second DFP are transmitted to a deciding instance to verify whether at least one of the trajectories is safe.

A monitoring method includes: performing, by a first arithmetic and logic unit of an electronic circuit unit, a first processing rule to obtain a first processing result, performing, by a second arithmetic and logic unit of an electronic circuit unit, a second processing rule to obtain a second processing result, and, using a protection module of a safety area of the electronic circuit unit, identifying an error-free state of the electronic circuit unit in response to the first and second results having a predefined relationship to each other and/or the first and second results having a predefined relationship to a predefined criterion, where the protection module is configured to ensure that algorithms are carried out in a manner that is better protected from an incorrect execution than the first and second arithmetic and logic units.

A monitoring method includes: performing, by a first arithmetic and logic unit of an electronic circuit unit, a first processing rule to obtain a first processing result, performing, by a second arithmetic and logic unit of an electronic circuit unit, a second processing rule to obtain a second processing result, and, using a protection module of a safety area of the electronic circuit unit, identifying an error-free state of the electronic circuit unit in response to the first and second results having a predefined relationship to each other and/or the first and second results having a predefined relationship to a predefined criterion, where the protection module is configured to ensure that algorithms are carried out in a manner that is better protected from an incorrect execution than the first and second arithmetic and logic units.

A method of improving integrity of a computer system includes executing certifiable and qualifiable software applications. The certifiable software application is composed of static program instructions executed sequentially to process input data to produce an output, and the qualifiable software application uses a model iteratively built using a machine learning algorithm to process the input data to produce a corresponding output. The certifiable software application is certifiable for the computer system according to a certification standard, and the qualifiable software application being non-certifiable for the computer system according to the certification standard. The method also includes cross-checking the output by comparison with the corresponding output to verify the output, and thereby improve integrity of the computer system. And the method includes generating an alert that the output is unverified when the comparison indicates that the output differs from the corresponding output by more than a threshold.

A redundant and diverse secondary control system mirrors a primary control system but has some fundamental structural difference as compared to the primary control system to prevent a spread of a security breach from the primary control system to the secondary control system. The secondary control system may operate on different hardware built on different software written with different programming language as compared to the primary control system while performing the same function as that of the primary system. By hardware coding the algorithm to produce actuation signals, software based viruses and worms cannot interfere with the secondary control system's operation. A monitor device receives actuation signals from both the primary and secondary controls signals to determine whether an error occurred and to provide correct actuation signals to the controlled system.