An information processing device and information processing method with improved error tolerance are implemented. There is included a data processing unit that executes lockstep processing in which a plurality of processing systems executes the same task and error verification is performed by comparing execution results. In a case where an error is detected in the lockstep processing, the data processing unit increases supply voltage to a CPU circuit system that executes the task, processing of lowering a supply clock, or the like, as control for improving noise tolerance of the CPU circuit system, and moreover, performs re-execution processing of the task by using more processing systems than the processing systems before the error detection.

A medical device arrangement (100) tests processing of data sets to be processed during operation of the medical device arrangement. The arrangement includes a data interface (110), analysis modules (120) and a test module (130). The analysis modules process a received medical data set (105). Each analysis module (122, 123, 124) forms a processing instance (390) for the medical data set or for the medical data set (125, 125′) already preprocessed by at least one other analysis module. The test module outputs a test data set (132) to one of the analysis modules during operation such that this analysis module processes the test data set in the same manner as the medical data set. The test module compares a correspondingly outputted, processed test data set (134) with a reference result (136) associated with the test data set and determines a test result (137) based on this comparison.

In a self-driving autonomous vehicle, a controller architecture includes multiple processors within the same box. Each processor monitors the others and takes appropriate safe action when needed. Some processors may run dormant or low priority redundant functions that become active when another processor is detected to have failed. The processors are independently powered and independently execute redundant algorithms from sensor data processing to actuation commands using different hardware capabilities (GPUs, processing cores, different input signals, etc.). Intentional hardware and software diversity improves fault tolerance. The resulting fault-tolerant/fail-operational system meets ISO26262 ASIL-D specifications based on a single electronic controller unit platform that can be used for self-driving vehicles.

An integrated circuit includes a safety processor and a secure computing module including a secure processor, first and second cryptographic units for encrypting and decrypting data, and first and second data transfer units for transferring data between a memory and the first and second cryptographic units respectively. The first cryptographic unit and the first data transfer unit provide a first cryptographic data handling system and the second cryptographic unit and the second data transfer unit provide a second cryptographic data handling system. The secure computing module includes selector circuitry for selectively coupling and uncoupling the first and second cryptographic units in response to control signals from a switch. In a first mode, the first and second cryptographic data handling systems are uncoupled and operable independently of each other. In a second mode, the first and second cryptographic data handling system are coupled and operable together to provide hardware redundancy.

A system for executing functionally equivalent applications. The system includes a cloud system including a plurality of cloud instances, the plurality of cloud instances being set up in each case to execute a functionally equivalent application in each case based on the same input data, the respective execution including a processing of the input data by the respective application in order to output an application result in each case, and a comparison device, which is set up to compare the respective application results in order to ascertain a comparison result and to output the comparison result that has been ascertained. A method for executing functionally equivalent applications, a computer program, and a machine-readable storage medium, are also described.

An embodiment device comprises a first processing unit configured to process an initial data line and deliver a first processed data line, a first delay unit coupled to the output of the first processing unit and configured to deliver a delayed first processed data line delayed by a first delay, a second delay unit configured to deliver the delayed initial data line delayed by a second delay, a second processing unit coupled to the output of the second delay unit and configured to process the delayed initial data line and deliver a delayed second processed data line, and a comparison unit configured to compare the contents of the delayed first and second processed data lines and deliver a non-authentication signal if the contents are not identical, the first and second delays being equal to a variable value.

A circuit and method for verifying the operation of error checking circuitry. In one example, a circuit includes a memory, a first error checking circuit, a second error checking circuit, and a comparison circuit. The memory includes a data output. The first error checking circuit includes an input and an output. The input of the first error checking circuit is coupled to the data output of the memory. The second error checking circuit includes an input and an output. The input of the second error checking circuit is coupled to the data output of the memory. The comparison circuit includes a first input and a second input. The first input is coupled to the output of the first error checking circuit. The second input is coupled to the output of the second error checking circuit.

An error recovery method and apparatus, and a system are disclosed. At least two CPUs in a lockstep mode can exit the lockstep mode when an error occurs in at least one CPU, and the CPU in which the error occurs and a type of the error are determined. When the error can be recovered, the CPU in which the error occurs can be recovered according to a correctly running CPU. This helps the at least two CPUs run again at a position at which a service program is interrupted.

An exemplary fault-tolerant computing system comprises a secondary processor configured to execute in delayed lock step with a primary processor from a common program store, comparators in the store data and writeback paths to detect a fault based on comparing primary and secondary processor states, and a writeback path delay permitting aborting execution when a fault is detected, before writeback of invalid data. The secondary processor execution and the primary processor store data and writeback may be delayed a predetermined number of cycles, permitting fault detection before writing invalid data. Store data and writeback paths may include triple module redundancy configured to pass only majority data through the store data and writeback path delay stages. Some implementations may forward data from the store data path delay stages to the writeback stage or memory if the load data address matches the address of data in a store data path delay stage.

Techniques are disclosed for processor synchronization within a reconfigurable computing environment for processor array redundancy. Processing elements are configured within a reconfigurable fabric to implement two or more redundant processors, where the two or more redundant processors are enabled for coincident operation. An agent is loaded on each of the two or more redundant processors, where the agent performs a function requiring data validation. The agent is fired on each of the two or more redundant processors to commence coincident operation. The coincident operation can include a lockstep operation. An output data result from each of the two or more redundant processors is compared to enable a data validation result. The data validation result is propagated. The propagating the data validation result can be based on comparing valid output data or can be based on comparing invalid output data.