- Malderi
- Nov 27, 2005
-
There are three fundamental forces in this universe: matter, energy, and enlighted self-interest.
|
As I understand it, the "documentation" wasn't ordinary either -- it was detailed to the level of nearly being pseudocode.
Another interesting detail: The Shuttle flight software was naturally a safety critical system, and everything safety-critical on the Shuttle was engineered using highly detailed fault trees to estimate the probability of loss of mission, loss of vehicle, loss of vehicle and crew, etc. Relying on just one implementation of the software spec was considered too risky -- they had some target defect rate per line of code, and even though it was really low, fault tree analysis suggested the risk of loss of life was too high. So they implemented all the software twice, with independent and semi-firewalled teams, in hopes that if one version had a potentially devastating implementation bug, the other version might not share it.
In flight, both versions were always running simultaneously. The primary version ran on a cluster of three redundant computers, using majority vote to decide on the correct control outputs. The secondary backup software ran on a 2-way redundant set (so, 5 computers in total). Handoff from the 3-way to the 2-way was automatic if the 3-way self-detected severe problems with itself, and could also be forced manually.
The redundant set was 4 computers in PASS (Primary Avionics Software System) and the 1 BFS (Backup Flight Software) did not have the capability to run on more than one computer. BFS was also never engaged in flight, but did run some useful displays.
The details of the redundant set synchronization and vote-out procedures were absolutely fascinating. Pretty much a miracle, given that it was all designed in the mid 70's.
|
#
¿
Oct 22, 2014 04:55
|
|
- Adbot
-
ADBOT LOVES YOU
|
|
|
#
¿
Apr 24, 2024 20:19
|
|
#
¿
Oct 22, 2014 04:55
