US Patent 10078565 Error recovery for redundant processing circuits

Methods and circuits are disclosed for error recovery in redundant processing systems. Respective instances of a software program are executed in lockstep on redundant processing circuits. Using a control circuit, in response to detecting a non-fatal error, an interrupt is generated and non-functioning ones of the processing circuits are disabled. The interrupt is serviced using the functional processing circuits operating in lockstep. In servicing the interrupt, a processing state of the processing circuits is stored and a reset of the processing circuits is triggered. Following the reset, the processing circuits are configured to operate in lockstep. The state of the processing circuits is restored to the stored processing state and a return from the interrupt is signaled. In response to the signaled return from interrupt, execution of the software program is resumed on the processing circuits in lockstep at a point at which the non-fatal error was detected.