A Space & astronomy forum. SpaceBanter.com

Go Back   Home » SpaceBanter.com forum » Space Science » Technology
Site Map Home Authors List Search Today's Posts Mark Forums Read Web Partners

Operating systems used in spacecraft?



 
 
Thread Tools Display Modes
  #21  
Old November 6th 03, 04:08 AM
Keith F. Lynch
external usenet poster
 
Posts: n/a
Default Operating systems used in spacecraft?

Michael J Wise wrote:
3) Redundant CPUs, one of which is running a different operating
system, so if the other two get frotzed by Yet Another Windows
Exploit in deep space, the Penguin can Save The Day. Or the Mac,
as the case may be.


Henry Spencer wrote:
Only if the Windows machine(s) haven't already fired the pyros, left
the gas valves open, pointed the camera at the Sun, etc.


Doesn't the Shuttle have three computers all running in parallel, with
majority vote ruling? That sounds like a good system. Two machines
would have to have the same bug for anything to go wrong.

Of course bugs in the *specification* from which the three programs
were all independently written are possible.
--
Keith F. Lynch - - http://keithlynch.net/
I always welcome replies to my e-mail, postings, and web pages, but
unsolicited bulk e-mail (spam) is not acceptable. Please do not send me
HTML, "rich text," or attachments, as all such email is discarded unread.
  #22  
Old November 6th 03, 09:17 PM
Henry Spencer
external usenet poster
 
Posts: n/a
Default Operating systems used in spacecraft?

In article ,
Jan C. =?iso-8859-1?Q?Vorbr=FCggen?= wrote:
The Space Shuttle uses different
control systems which back each other up but the software is very,
very closely related to each other (the backup is a stripped down
version of the original) and it all runs on the same hardware.


That is not the case - the BFS is completely indepedant, in software
development, tools and history - from PASS.


Which is not an accident -- considerable efforts were made to ensure
independence. This shows in design differences, too; for example, the
main software runs under a preemptive multitasking system, whereas BFS
uses a "commutator multiplexing" scheme where the scheduling is completely
predetermined.
--
MOST launched 30 June; first light, 29 July; 5arcsec | Henry Spencer
pointing, 10 Sept; first science, early Oct; all well. |
  #24  
Old November 7th 03, 09:49 PM
Henry Spencer
external usenet poster
 
Posts: n/a
Default Operating systems used in spacecraft?

In article ,
Keith F. Lynch wrote:
3) Redundant CPUs, one of which is running a different operating
system, so if the other two get frotzed by Yet Another Windows
Exploit in deep space, the Penguin can Save The Day...
Only if the Windows machine(s) haven't already fired the pyros, left
the gas valves open, pointed the camera at the Sun, etc.


Doesn't the Shuttle have three computers all running in parallel, with
majority vote ruling?


It's actually four, with elaborate arrangements for cross-connecting
things as desired. (There are only three of some of the more important
subsystems, so if one computer is acting up, you can cross-connect to put
the other three in charge of those.) The majority-rules voting is done
in hardware.

This works only because all four are running the *same* software, bit for
bit identical, in lockstep. You couldn't get the necessary low-level
timing synchronization on machines running different code.
--
MOST launched 30 June; first light, 29 July; 5arcsec | Henry Spencer
pointing, 10 Sept; first science, early Oct; all well. |
  #25  
Old November 10th 03, 10:54 AM
Jan C. Vorbrüggen
external usenet poster
 
Posts: n/a
Default Operating systems used in spacecraft?

Actually they share tools too. Both BFS and PASS use the same
compiler (HAL/S).


I always thought that was not the case, that BFS used assembler instead
and quite different run-time support...?

Jan
  #26  
Old November 11th 03, 04:50 AM
Keith F. Lynch
external usenet poster
 
Posts: n/a
Default Operating systems used in spacecraft?

"Keith F. Lynch" wrote:
Doesn't the Shuttle have three computers all running in parallel, with
majority vote ruling? That sounds like a good system. Two machines
would have to have the same bug for anything to go wrong.


Kevin Willoughby wrote:
Alas, multiple machines with the same bug is common, since four of
the Shuttle's computers are running identical code.


Oh. I guess that redundancy is only meant to protect against hardware
failures. The right thing to do would be to have them run completely
different code. Of course the code would have to all be written from
the same specification, and that specification could contain bugs.

The fifth Shuttle computer is running very different code written
from a very different specification, to minimize the chance of
common-mode bugs.


When does the Shuttle rely on that fifth computer, and ignore the
other four? Obviously it will never win a majority vote, unless three
of the other four all simultaneously go berserk in different ways,
which seems unlikely.

I very briefly taught programming. I took a fiendish delight in
developing test cases for student's programs. I was surprised to
see multiple programs all fail on the same test case. The details
of the failures differed, but the programs tended to fail on the
same test cases.


I'm not surprised. Tough cases are tough. Presumably, space Shuttle
and space probe code would be written by excellent programmers, and
then thoroughly tested. The redundancy isn't to make crappy code
marginally usable, but to make good code even better. To add one more
"9" at the end of the software reliability. Of course you'll never
get all the nines to roll over and give you 100% reliability. But you
can get arbitrarily close.

Formal research by experts in N-version programming have found
the same thing: N-version programs are *not* N-times better than
1-version programs.


I'm not sure what N-times better *means*. What twice as good as 99%
reliable? 198% reliable?
--
Keith F. Lynch - - http://keithlynch.net/
I always welcome replies to my e-mail, postings, and web pages, but
unsolicited bulk e-mail (spam) is not acceptable. Please do not send me
HTML, "rich text," or attachments, as all such email is discarded unread.
  #27  
Old November 11th 03, 05:31 AM
Keith F. Lynch
external usenet poster
 
Posts: n/a
Default Operating systems used in spacecraft?

Keith F. Lynch wrote:
Doesn't the Shuttle have three computers all running in parallel,
with majority vote ruling?


Henry Spencer wrote:
It's actually four, with elaborate arrangements for cross-connecting
things as desired. (There are only three of some of the more
important subsystems, so if one computer is acting up, you can
cross-connect to put the other three in charge of those.) The
majority-rules voting is done in hardware.


This works only because all four are running the *same* software,
bit for bit identical, in lockstep. You couldn't get the necessary
low-level timing synchronization on machines running different code.


Why would you need low-level timing synchronization? So what if one
computer wants to take an action a tenth of a second before the
others? Just how critical is timing? Will disaster happen if
anything happens even a whole second too early or too late?

Each action will take place as soon as two of the three computers
decide it should happen.
--
Keith F. Lynch - - http://keithlynch.net/
I always welcome replies to my e-mail, postings, and web pages, but
unsolicited bulk e-mail (spam) is not acceptable. Please do not send me
HTML, "rich text," or attachments, as all such email is discarded unread.
  #29  
Old November 11th 03, 11:47 PM
dave schneider
external usenet poster
 
Posts: n/a
Default Operating systems used in spacecraft?

"Keith F. Lynch" wrote:
[...]
Formal research by experts in N-version programming have found
the same thing: N-version programs are *not* N-times better than
1-version programs.


I'm not sure what N-times better *means*. What twice as good as 99%
reliable? 198% reliable?


Turn it around -- 99% reliable means 1 failure in 100 tries. Twice as
good would be 1 failure in 200 tries (or 1/2 in 100) or 99.5%
reliable.

/dps
  #30  
Old November 11th 03, 11:57 PM
dave schneider
external usenet poster
 
Posts: n/a
Default Operating systems used in spacecraft?

"Keith F. Lynch" wrote:
[...]
Why would you need low-level timing synchronization? So what if one
computer wants to take an action a tenth of a second before the
others? Just how critical is timing? Will disaster happen if
anything happens even a whole second too early or too late?

Each action will take place as soon as two of the three computers
decide it should happen.



1) I've seen references to control responses needing to control
millisecond behaviours (oscillations in guidance, for instance).
Think about going down the freeway and being late by a second in
spotting your exit. At 60 mph, you can correct for that. At 120 mph,
maybe. At Mach 25 ---

2) How long it takes to decide "it" is a function of how fine "it" is
-- if "it" is something like giving a green light to an operator, you
have more time to decide then if you're running stepping motors to
align something, and so on. If you're comparing the actions of
modules on the same bus, say for a 2-of-3 or Quad Mode Redundancy
scheme among processors or memory modules, you have nanoseconds to
decide (and that's for old processors; Pentium 1's may have started
pushing on picoseconds).

/dps
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Decision on the Soyuz TMA-4 spacecraft prelaunch processing Jacques van Oene Space Station 0 April 1st 04 01:12 PM
Voyager Spacecraft Approaching Solar System's Final Frontier Ron Baalke Science 0 November 5th 03 07:56 PM
Soyuz TMA-3 manned spacecraft launch to the ISS Jacques van Oene Space Station 0 October 21st 03 09:39 AM
The Final Day on Galileo Ron Baalke Science 0 September 19th 03 07:32 PM
BAE Systems Microprocessors Enroute To Mars Ron Baalke Technology 0 July 29th 03 10:40 PM


All times are GMT +1. The time now is 10:45 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 SpaceBanter.com.
The comments are property of their posters.