A microcontroller includes two processing blocks that respectively have a Central Processing Unit (CPU) and a peripheral circuit, where an access to the peripheral circuit in each of the processing blocks, that is, to a Read-Only Memory (ROM) or a Pulse Width Modulator (PWM) signal generator, is limited only from the CPU disposed in the same processing block. Thereby a fail-safe functionality of the microcontroller is improved.

A processing subsystem for providing diagnostic of a processing system is provided. The processing subsystem includes a real-time processing unit that receives a first input that includes data from one or more sensors and processes the first input to generate first output that controls an actuator. The processing subsystem also includes a power and safety management unit that receives a second input and processes the second input to generate second output for testing of the first output. A method and a system for providing diagnostic for a processing system are provided as well.

The disclosure herein describes a method and a system for message based communication and failure recovery for FPGA middleware framework. A combination of FPGA and middleware framework provides a high throughput, low latency messaging and can reduce development time as most of the components can be re-used. Further the message based communication architecture built on a FPGA framework performs middleware activities that would enable reliable communication using TCP/UDP between different platforms regardless of their deployment. The proposed FPGA middleware framework provides for reliable communication of UDP based on TCP as well as failure recovery with minimum latency during a failover of an active FPGA framework during its operation, by using a passive FPGA in real-time and dynamic synchronization with the active FPGA.

Apparatuses of systems that provide Safety Integration Levels (SILs) and Hardware Fault Tolerance (HFT) include a first die, the first die including first processing logic connected to a first connection and the first connection connected to second processing logic of a second die. The first die may further include a second connection to an input/output (I/O) channel where the second connection is coupled to the first processing logic. The apparatuses may further include a second die, the second die including second processing logic and a third connection from a secondary device coupled to the second processing logic. The secondary device is outside the system. The second processing logic is configured to select among three configurations based on signals from the second processing logic and the secondary device: sending first output data on the I/O output channel, sending second output data on the I/O output channel, or de-energizing the I/O channel.

Systems, methods, and apparatuses relating to circuitry to implement lockstep of processor cores are described. In one embodiment, a hardware processor comprises a first processor core comprising a first control flow signature register and a first execution circuit, a second processor core comprising a second control flow signature register and a second execution circuit, and at least one signature circuit to perform a first state history compression operation on a first instruction that executes on the first execution circuit of the first processor core to produce a first result, store the first result in the first control flow signature register, perform a second state history compression operation on a second instruction that executes on the second execution circuit of the second processor core to produce a second result, and store the second result in the second control flow signature register.

Systems and methods may be used for monitoring and identifying failure in flight management systems. For example, a method may include: calculating, using a first flight management system, a first value of a guidance command for controlling an aircraft for an RNP AP procedure; receiving a second value of the guidance command from a second flight management system; comparing the first value with the second value to determine whether the first value matches the second value; upon determining that the first value does not match the second value, using a flight management system monitor to determine, from the first flight management system and the second flight management system, a flight management system that has computed a correct value of the guidance command; and generating a message indicating that the determined flight management system is to be used to guide the aircraft.

The present disclosure relates to a method for monitoring a first processor using a second processor in a field device, comprising the following method steps: calculating verification data on the basis of specified input data using a test algorithm on an external computing unit storing the input data and the verification data computed by the test algorithm; transferring the specified input data stored in the sensor module and the verification data; transferring the specified input data; executing the test algorithm on the first processor; making the calculated output data available on the second processor; checking the output data with the verification data using the second processor and, if the output data do not correspond to the verification data, establishing a malfunction.

A computer system that has two or more processing engines (PE), each capable of performing one or more operations on one or more operands but one or more of the PEs performs the operations unreliably. Initial results of each operation are debiased to create a debiased result used by the system instead of the initial result. The debiased result has an expected value equal to a correct output where the correct output is the initial result the respective operation would have produced if the respective operation performed was reliable.

A processor system comprises at least a program counter structure, an interrupt control device, a memory, and an apparatus. The interrupt control device is configured to respond to an interrupt request by providing the program counter structure with an address associated with the interrupt request. The program counter structure is configured to output the address to the memory via a memory interface. The apparatus is configured to protect the program counter structure in case of an interrupt request, the apparatus includes an interface, a comparing device, and an outputting device.

According to one embodiment, a control device includes one or more processors. The one or more processors receive a message. The one or more processors determine whether the received message has been replicated and transmitted. The one or more processors instruct recording of difference information between a message before replication and the received message when it is determined that the received message has been replicated and transmitted.