414results about "Fault response safety measures" patented technology

An apparatus for deterministically killing one of redundant servers integrated into a network storage appliance chassis along with at least one storage controller is disclosed. Each server can generate a kill signal on a backplane of the chassis to the other server in response to a stopped heartbeat of the other server in order to disable the I / O ports of the other server on a network so the live server can reliably take over the identity of the other server on the network. Unlike conventional kill paths, such as an Ethernet cable connecting the two servers in separate chassis, the present invention does not require the failed server to be operational since the kill path is substantially a direct reset to the I / O ports of the failed server. One server raises a shield before killing the other server to avoid both servers killing each other simultaneously.

The Advanced Logic System (ALS) is a complete control system architecture, based on a hardware platform rather than a software-based microprocessor system. It is significantly different from other PLC-type control system architectures, by implementing a FPGA in the central control unit. Standard FPGA logic circuits are used rather than a software-based microprocessor which eliminate problems with software based microprocessor systems, such as software common-mode failures. It provides a highly reliable system suitable for safety critical control systems, including nuclear plant protection systems. The system samples process inputs, provides for digital bus communications, applies a control logic function, and provides for controlled outputs. The architecture incorporates advanced features such as diagnostics, testability, and redundancy on multiple levels. It additionally provides significant improvements in failure detection, isolation, and mitigation for the highest level of integrity and reliability.

Embodiments of the invention provide a distributed task scheduling method and device, electronic equipment and a readable storage medium. The method comprises the following steps of: receiving task pulling requests sent by a plurality of task execution nodes at a preset frequency by a main node; distributing a task to a target task execution node by the main node according to the received task pulling request, wherein the target task execution node is a task execution node in the plurality of task execution nodes; receiving a task execution result sent by the target task execution node after executing the distributed task by the main node; and when the fact that the target task execution node has a fault is perceived, transferring an in-execution task queue of the target task execution node to other survived task execution nodes. According to the method and device, the electronic equipment and the readable storage medium, single-point faults can be avoided and the stability and availability of systems can be improved.

The invention discloses a dynamic current limiting method, an NGINX server, a storage medium and a device. In the dynamic current limiting method, performance parameters are collected. The performanceparameters are used to represent a running status of the Nginx server, a preset current limit threshold is modified according to the performance parameters, and the modified preset current limit threshold is set as a target current limit threshold; when each access request in a concurrent state is received, the number of the access requests is counted, whether the number of the access requests islarger than the target current limit threshold is determined; and when the number of the access requests is larger than the target current limit threshold, current limit operation is performed. The current limit operation can be adaptively performed flexibly according to real-time running conditions of the NGINX server, and thus the technical problem that the current limit operation cannot be performed flexibly according to the operation status of the NGINX server in an existing current limiting method is solved.

A clustered computer system, apparatus, program product and method utilize a group member-initiated shutdown process to terminate clustering on a node in an automated and orderly fashion, typically in the event of a failure detected by a group member residing on that node. As a component of such a process, node leave operations are initiated on the other nodes in a clustered computer system, thereby permitting any dependency failovers to occur in an automated fashion. Moreover, other group members on a node to be shutdown are preemptively terminated prior to local detection of the failure within those other group members, so that termination of clustering on the node may be initiated to complete a shutdown operation.

A facility is provided for dynamically adjusting operating level of server processing within a computing environment including one or more servers processing multiple types of server tasks. The facility includes, responsive to detection of a failure at a server of the environment, determining a situational severity threshold for continued computing environment task processing, and automatically comparing the threshold against priority metrics for the multiple types of server tasks processed within the environment. Server processing of one or more types of server tasks having a priority metric below the situational severity threshold is then automatically blocked. The facility can also include dynamically adjusting of at least one priority metric associated with at least one type of server task to reflect a cause of the failure of the server, wherein the dynamically adjusting occurs prior to the automatic comparing of the situational severity threshold against the priority metrics.

The Advanced Logic System (ALS) is a complete control system architecture, based on a hardware platform rather than a software-based microprocessor system. It is significantly different from other PLC-type control system architectures, by implementing a FPGA in the central control unit. Standard FPGA logic circuits are used rather than a software-based microprocessor which eliminate problems with software based microprocessor systems, such as software common-mode failures. It provides a highly reliable system suitable for safety critical control systems, including nuclear plant protection systems. The system samples process inputs, provides for digital bus communications, applies a control logic function, and provides for controlled outputs. The architecture incorporates advanced features such as diagnostics, testability, and redundancy on multiple levels. It additionally provides significant improvements in failure detection, isolation, and mitigation for the highest level of integrity and reliability.

Described are embodiments of an invention for blocking write access to memory modules of a solid state drive. The solid state drive includes a controller access module or a memory access module that controls write access to the solid state drive and the memory modules of the solid state drive. Upon determining that a memory module has failed, the failed memory module or the entire solid state memory device is configured to be read only to prevent an errant write of data over critical data. Further, a failed memory module, or solid state device memory having a failed memory module, may be replaced upon failure.

An integrated circuit device contains a flash memory, a flash control unit for controlling the rewriting and reading on the flash memory, and a processor unit. The processor unit includes a normal mode and a fail-safe mode as the operating states. In normal mode, when a defect is detected during the verify operation after writing data onto the flash memory then any further use of the flash memory is stopped. In fail-safe-mode, when a defect is detected during the verify operation after writing data onto the flash memory, the error is corrected and flash memory usage continues. The operating state is normal mode, and when the verify operation detects a defect after normal mode erase operation, the operation shifts to fail-safe mode.

An apparatus for deterministically killing one of redundant servers integrated into a network storage appliance chassis along with at least one storage controller is disclosed. Each server can generate a kill signal on a backplane of the chassis to the other server in response to a stopped heartbeat of the other server in order to disable the I / O ports of the other server on a network so the live server can reliably take over the identity of the other server on the network. Unlike conventional kill paths, such as an Ethernet cable connecting the two servers in separate chassis, the present invention does not require the failed server to be operational since the kill path is substantially a direct reset to the I / O ports of the failed server. One server raises a shield before killing the other server to avoid both servers killing each other simultaneously.

In at least one embodiment of the disclosure, a method includes detecting an error in a local memory shared by redundant computing modules executing in delayed lockstep. The method includes pausing execution in the redundant computing modules and handling the error of the local memory. The method includes resuming execution in delayed lockstep of the redundant computing modules in response to the handling of the error.

A processing / control apparatus has a first processing unit with a first data processor / controller; an input port for input data received from a remote unit; an output port for output data to be transmitted to a remote unit. The first unit comprising device for generating an unique code for functional control of the processing / receiving / transmitting steps being performed and a port for transmission of generated checkwords. A functional checker / protection unit comprises a second processing unit, a program for checking functional steps of the first unit and a program for checking the correctness of functional control codes and time sequence thereof. The functional unit communicates with the first unit and generates signals for enabling it when checkwords are correct and for disabling the first unit and / or for forcing transmission of predetermined output data for fail-safe remote unit control, or generates predetermined output data for fail-safe remote unit control and / or enables / disables vital functions of the remote unit and / or of the first unit.

A method for operating a vehicle having a plurality of environmental sensors for acquiring a surrounding environment of the vehicle, including acquiring a surrounding environment of the vehicle using each of the environmental sensors, ascertaining of object data, corresponding to objects, for each environmental sensor, based on the raw data of the corresponding environmental sensor, fusion of the respective object data of the environmental sensors with one another, so that fused object data are ascertained, fusion of the respective raw data of the environmental sensors with one another, so that fused raw data are ascertained, ascertaining of raw object data, corresponding to objects, based on the fused raw data, comparison with one another of the fused object data and the raw object data, controlling of at least one vehicle system as a function of the comparison. A device for operating a vehicle and a computer program are also described.

Disclosed is a system for handling errors. A system managed by a processor processes an error in the system. The system then generates an interrupt to the processor indicating that an error occurred and executes an error mode before the processor interprets the interrupt. As part of the error mode, the system prevents data from transferring between the system and the processor and processes a read request from the processor to the system by returning data to the processor unrelated to the requested data. The processor would then process the interrupt indicating the error and execute a diagnostic mode to diagnose the error in the system.

Provided are a method, device, apparatus, and computer readable storage medium for fusing service resources. The method comprises the following steps: according to the state information of the serviceinvoking resources, presetting the fuse parameter to judge whether the fuse condition is satisfied or not; If the fusing condition is satisfied, the resource is fused and the fusing information is recorded; Judging whether the fuse restoration condition is satisfied according to the preset fuse restoration parameter, If yes, calling the resource by the restoration service, and recording the restoration information; Determining a fuse parameter and / or a fuse recovery parameter according to the fuse information and the recovery information; A preset fuse parameter is updated according to the fuse parameter, and / or a preset fuse recovery parameter is updated according to the fuse recovery parameter. In the scheme of the invention, the fuse parameters can be determined according to the fuse information and the fuse recovery information, and the fuse recovery parameters can be updated according to the fuse parameters, and the preset fuse parameters can be updated according to the fuse recovery parameters, and the preset fuse recovery parameters can be preset, so that the problem that the parameters need to be manually adjusted in the prior art can be solved.

The invention discloses a protection processing method, a device and a system for mobile terminal drop. The method comprises steps: through acquiring drop information of multiple types of mobile terminals, according to the drop information, a drop policy in one-to-one correspondence with each type of mobile terminal is generated, and the drop policy is pushed to the corresponding type of mobile terminal. Thus, through integrating and analyzing the drop information of multiple types of mobile terminals, a corresponding drop policy is generated and pushed to the corresponding type of mobile terminal; when drop happens during a process during which the user uses the mobile terminal and the drop is unavoidable, the mobile terminal carries out drop according to the drop policy with the minimum damage degree, and thus, damages to the mobile terminal by the drop can be reduced to the maximum degree.

Described are embodiments of an invention for blocking write access to memory modules of a solid state drive. The solid state drive includes a controller access module or a memory access module that controls write access to the solid state drive and the memory modules of the solid state drive. Upon determining that a memory module has failed, the failed memory module or the entire solid state memory device is configured to be read only to prevent an errant write of data over critical data. Further, a failed memory module, or solid state device memory having a failed memory module, may be replaced upon failure.

A method, computer program product, and computing system for operating an autonomous vehicle; monitoring the operation of a plurality of computing devices within the autonomous vehicle; and in response to detecting the failure of one or more of the plurality of computing devices, switching the autonomous vehicle from a nominal autonomous operational mode to a degraded autonomous operational mode.

Described are embodiments of an invention for blocking write access to memory modules of a solid state drive. The solid state drive includes a controller access module or a memory access module that controls write access to the solid state drive and the memory modules of the solid state drive. Upon determining that a memory module has failed, the failed memory module or the entire solid state memory device is configured to be read only to prevent an errant write of data over critical data. Further, a failed memory module, or solid state device memory having a failed memory module, may be replaced upon failure.

The invention discloses a system for improving dual-network card NCSI management system switching efficiency. The system comprises an NCSI Switch; the NCSI Switch is an alternative data selector and comprises A, B and C groups of data chains; the A group of NCSI data is connected with a controller with an NCSI function, namely, a BMC MAC module; the B group of the data chains are connected to an onboard network card end; the C group of the data chains are connected with an external network card slot; the NCSI Switch further comprises a Select pin; and the Select pin is connected with an online detection pin of the external network card slot through a logic conversion circuit. According to the method, adaptive switching of NSCI management system lines is realized, so that the switching no longer depends on a conventional external manual active triggering mode, and the switching efficiency is improved; speaking from a project development stage, the software design difficulty is lowered and the manpower input is reduced; and seen from product operation and maintenance, the product error tolerance rate is increased, the operation difficulty of operation and maintenance personnel is lowered, and the product stability is enhanced.

The present invention aims at preventing loss of the most recent data even if backup processing ends abnormally.A computer system includes: a first storage system having a data storage extent for storing data sent from a host computer; a second storage system having at least one actual replicated data storage extent associated with the data storage extent; an archive appliance having a storage medium associated with the replicated data storage extent in the second storage system; a data copy unit for controlling copy processing for reading data from the data storage extent in the first storage system and writing the read data to a first actual replicated data storage extent in the second storage system in accordance with specific configuration information; and a connection switching unit for changing the specific configuration information so that a second actual replicated data storage extent, instead of the first actual replicated data storage extent, is associated with the data storage extent.

The invention provides an operation protection method of a server rear panel. The operation protection method comprises the following steps: establishing a self-adaptive setting mechanism of an overcurrent protection point of the server rear panel; establishing a rear panel operation overcurrent protection unit on a server main board to collect load information of the current rear panel; adjusting the overcurrent protection point of a power supply path, which is supplied to the rear panel by the main board, according to the load information; establishing an automatic current limiting mechanism after overcurrent of the rear panel; establishing an abnormal control unit of the server rear panel; placing the abnormal control unit of the server rear panel on the server rear panel; controlling a power MOS (Metal Oxide Semiconductor), which is input into a power supply input end of each hard disk, to be switched on and off, so as to realize independent power supply control on each hard disk. When the change of partial temperature is too rapid, power supply of a corresponding path is automatically switched off, so that isolation of an abnormal region is realized, the control of an abnormal process of the rear panel is realized and the reliability of a system is guaranteed.

There is provided a drive control apparatus that can maintain a drive control system to be in a safe state even in a case where operational abnormality of avoiding a normal reset of a control processor or operational abnormality of avoiding solution even after resetting the control processor occurs in the control processor. The control processor includes an actuator control processing unit configured to generate a control signal for a drive circuit being a control target apparatus and an actuator, and a diagnosis processing unit configure to diagnosing the actuator control processing unit. The diagnosis processing unit cyclically outputs a reset signal to WDT in a case where the operation of the control processor is normal. The WDT continuously outputs a cutoff signal for cutting off a supply of the control signal from the control processor to the control target apparatus when the cyclic reset signal stops.

This document discloses a method, apparatus, and computer program for automatically detecting unallowed continuation of a communication protocol procedure in a communication device. The method comprises in a test tool: marking an invalid input applied to the communication device in a sequence of operations of the communication protocol procedure; marking, with a sequence marker, a location that should not be reached in the sequence of operations of the communication protocol procedure as a result of the invalid input; and upon detecting that the communication protocol procedure has reached the location marked with the sequence marker, outputting an indication that the communication device operates in an unallowed manner.

A management system that generates a plan which is a countermeasure against an event occurring in a computer system includes: a plan generating unit configured to generate a plan according to the event; and an indicator generating unit configured to generate, as a performance change evaluation indicator of the plan, information on a change in performance of a resource of the computer system, which can occur due to other subject's process executed by the other subject different from a subject of the plan when the plan generated by the plan generating unit is executed.

In a conventional control apparatus, the control apparatus cannot be correctly set into a fail safe mode upon failure of a temperature sensor itself mounted in the control apparatus. Also, when the control apparatus has a plurality of elements having a concern of heat generation, a plurality of temperature sensors are required corresponding to the elements having a concern of heat generation. The requirement of the plurality of temperature sensors causes an increase in the cost and mounting area. The present invention measures an instructed current value from a CPU to an element mounted in a control apparatus and having a concern of heat generation (typically, a current control element), calculates power consumption from the measured current value and a monitored source voltage, and predicts a temperature rise of the control apparatus by multiplying the power consumption by a thermal resistance parameter of the control apparatus. The control apparatus can be set into a fail safe mode for protection when it is estimated that the control apparatus could be heated beyond an upper limit of a guaranteed operation temperature range defined therefore.

A method and device offering a software diversity of the cited type for floating-point arithmetic, which is applicable in a realtime environment, wherein the method and a device for high-performance validation of the calculation use floating-point numbers of any accuracy within the context of functional safety in accordance with International Electrotechnical Commission (IEC) standard 61508. The method utilizes a specific form of software diversity and has effects on both the runtime environment and the engineering environment.

The invention provides a safety control system, which aims to reduce the number of processor units so as to realize the low cost and small occupation space. Meanwhile, the safety function of a dual-structure can be reliably realized. The safety control system comprises a first processor unit for performing the control function and the safety function, and a second processor unit for only performing the safety function. The first processor unit comprises a safe data transmission module and a safe data execution module. When the communication data contains the safe data, the safe data transmission module generates an internal interruption signal and an external interruption signal sent to the second processor unit. Meanwhile, the safe data are sent to the second processor unit by the safe data transmission module.

This invention relates to a system for processing redundant signals, an associated method, as well as an aircraft comprising such a system, from a viewpoint of monitoring and passivation of erratic or oscillating failures affecting the sources of these redundant signals.The system comprises a module for calculation of a current useful signal from redundant signals; a monitoring / passivation module, able to detect an erroneous signal and to exclude the said erroneous signal from the calculation according to a criterion; and a means for toggling, as soon as an erroneous signal is detected, to a freeze mode freezing the output useful signal, and for returning, as soon as an erroneous signal no longer is detected, to a transmission mode where the current useful signal is transmitted as output useful signal.