Thread: Operating systems used in spacecraft?
View Single Post
  #26  
Old November 11th 03, 03:50 AM
Keith F. Lynch
external usenet poster
  
Posts: n/a
Default Operating systems used in spacecraft?
"Keith F. Lynch" wrote:
Doesn't the Shuttle have three computers all running in parallel, with
majority vote ruling? That sounds like a good system. Two machines
would have to have the same bug for anything to go wrong.

Kevin Willoughby wrote:
Alas, multiple machines with the same bug is common, since four of
the Shuttle's computers are running identical code.

Oh. I guess that redundancy is only meant to protect against hardware
failures. The right thing to do would be to have them run completely
different code. Of course the code would have to all be written from
the same specification, and that specification could contain bugs.

The fifth Shuttle computer is running very different code written
from a very different specification, to minimize the chance of
common-mode bugs.

When does the Shuttle rely on that fifth computer, and ignore the
other four? Obviously it will never win a majority vote, unless three
of the other four all simultaneously go berserk in different ways,
which seems unlikely.

I very briefly taught programming. I took a fiendish delight in
developing test cases for student's programs. I was surprised to
see multiple programs all fail on the same test case. The details
of the failures differed, but the programs tended to fail on the
same test cases.

I'm not surprised. Tough cases are tough. Presumably, space Shuttle
and space probe code would be written by excellent programmers, and
then thoroughly tested. The redundancy isn't to make crappy code
marginally usable, but to make good code even better. To add one more
"9" at the end of the software reliability. Of course you'll never
get all the nines to roll over and give you 100% reliability. But you
can get arbitrarily close.

Formal research by experts in N-version programming have found
the same thing: N-version programs are *not* N-times better than
1-version programs.

I'm not sure what N-times better *means*. What twice as good as 99%
reliable? 198% reliable?
--
Keith F. Lynch - - http://keithlynch.net/
I always welcome replies to my e-mail, postings, and web pages, but
unsolicited bulk e-mail (spam) is not acceptable. Please do not send me
HTML, "rich text," or attachments, as all such email is discarded unread.