Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!stanford.edu!agate!ucbvax!CMR.NCSL.NIST.GOV!roberts From: roberts@CMR.NCSL.NIST.GOV (John Roberts) Newsgroups: sci.space.shuttle Subject: Re: New Shuttle computers Message-ID: <9103111905.AA09702@cmr.ncsl.nist.gov> Date: 11 Mar 91 19:05:33 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: National Institute of Standards and Technology formerly National Bureau of Standards Lines: 149 >From: cabp10@vaxa.strath.ac.uk (Theora Jones, In Person!) >Newsgroups: sci.space.shuttle >Subject: Re: New (!?!?!?!) Shuttle Computers >Date: 7 Mar 91 14:23:11 GMT > Excuse me for my ignorance in this matter, but I'm still a student and I find >it completely unbelievable that NASA are using technology that even 'toy' >home computers no longer use... > Core memories???? I was under the impression they went out about the same time >as gas street lights and computers that took up a whole building just to add >two numbers ! "Went out" of what? Went out of *fashion*??? You feel the Shuttle computers must have the newest technology, the shiniest chrome, the biggest tailfins, just to *impress* people? [Note 1]. I'd say a much better criterion is the question of what it takes to do the needed job. For the Shuttle flight control system, I gather that the actual processing requirements are fairly low - what's really critical is reliability. Part of the assurance of reliability is having a good "track record", particularly in the specific expected mode of operation. The inevitable result is that systems with the highest reliability requirements tend to use considerably older technology than systems that are only concerned with performance. The situation is extreme in the case of the Shuttle, because a reliable system had to be specified back in the 1970s, and having found a system that works, there had to be considerable incentive to find a replacement, because of the effort in verifying compatibility. Magnetic memory has a longer history than semiconductor memory, and has features that recommend it for high-reliability space applications. It's interesting that semiconductor memory reliability has advanced to the point that it can be considered as a valid replacement for core for this purpose. Regarding the new computers, I suspect it was the longer MTBF rather than the faster operation that prompted the change. > Magnetic Tape???? what about disks????? even floppies, with up to 20MB on a >single 3.5" provide a sturdier, more convenient answer.. and how about the >DATAPac technology? 100MB and more hard disks, especially suited to being >roughed around? Relatively few storage media have actually disappeared from use. Often, the different technologies develop application niches for which they offer better performance for price than other technologies. Disk drives are for random access, high throughput and fairly low access latency, and are good where intermixed reading and writing are desired. Magnetic tapes are for serial access, moderate data rate, usually reading *or* writing but not both, low price, and massive quantities of data. Archiving and loading software are often better served by tape. Just as an example, we recently obtained a tape drive that uses 8mm video tapes. Now we can go to local stores and buy a cartridge about the size of a standard audio cassette, which costs about $5.00 and will store about 2.3 gigabytes of data. I don't know of any disk technology that comes anywhere close in price/capacity. Similarly, the application for which the Shuttle uses its tape drive sounds like one of those better handled by tape. > I would be looking at, AT THE LEAST, radiation hardened datapacs, storing the >flight programs (with 3 backups,each one oriented a different way so that a >sharp manuver that might just crash the heads on one will only move them on >another) Right now, the Shuttle computers are not reliant on any mechanical storage media during use. Do you propose to change this? Can you think of a reason to justify the increased risk if the nonmechanical storage for runtime use already does a completely satisfactory job? Given that we don't want a failure of any one processor or processor-disk assembly to bring down the whole system, do you want 15 separate disk drives, or just the one set with an extremely complex safety interlock mechanism? >I would expect radiation hardened processors, of an industry sstandard >type (80x86, or 680x0 series) Why - so high school students can write the Shuttle flight programs? This is a very highly specialized software package, with all sorts of constraints that do not apply to most other software. It makes sense to build a computer to run the particular intended application, and making special- purpose computers out of standard bit-slice components is a long-established industry standard. Also, there may be operational constraints we do not know about. For example, if pipelined instruction fetch were deemed undesirable, this would eliminate most of the latest commercial microprocessors from consideration. >for easy replacement, and a well tested and >trusted product. I hope you don't think they would just buy one off the shelf and stick it in without at least weeks of intensive testing. Remember the stakes if the system fails at the wrong time. >As has been suggested by someone else already, EAROMS or just >straight ROMS can be used for holding much of the non changing code in memory >during a flight. They tend to be slower than RAM, and at least EAROMs are probably less reliable than RAM - certainly fewer write cycles. > as for RAM needs, if in 1991, the leading manufacturers of semiconductors can >put upwards of 10^6 transistors on a chip, but can't make radiation resistant >store, then we shouldn't be puttin people into space, we should be putting them >into the space inside some peoples heads, to find the technology we need!!!! Remember that "radiation resistant" does not mean the same thing as "radiation proof". I'm sure radiation resistant DRAM exists, even though static RAM is likely to be more resistant. (Static RAM also tends to be faster.) But I think you're missing the point of the choice of static RAM: it's much simpler to use in a real-time system. Considerable research has been done in recent years on how to make computer programs more reliable. It's almost impossible to eliminate all bugs in a complex control system, but with great effort the effect can be minimized. It has been remarked that the Shuttle control software is one of the most nearly perfect large pieces of code ever written. Part of this is due to the effort to make it as nearly deterministic as possible. For instance, I believe branches are forbidden, and probably also interrupts. DRAM requires frequent periodic refresh, "independent" of the state of execution. This can be done externally via a DRAM controller, but since this forces wait states on the processor at unpredictable times, it would not be acceptable for this use. The alternative is to perform refresh every few milliseconds under processor control, so every part of the code must include provisions for the refresh. Also remember that you have several processors running in lock-step mode, so the refreshes must not throw off synchronization, and yet you want as few single points of failure as possible, so an external clock periodically polled is probably not acceptable. In short, I presume the designers felt that DRAM was not worth the additional trouble compared to static RAM at this time. There's no guarantee that this will always be the case. >Theora Jones Strathclyde University, SCOTLAND || " I can fly higher than an >CABP10@uk.ac.strath.vaxa (somewhere on JANET) || Eagle, with you as the >CABP10%vaxa.strath.ac.uk (elsewhere, hopefully) || wind beneath my wings " >CABP10%vaxa.strath.ac.uk@ukacrl (just might work)|| 8:-) 1990 >WE SUPPORTED DESERT STORM ! KUWAIT IS NOW FREE ! || "Lets be MAWS!" [Note 1]: What's latest and most fashionable is not always the best guide for selection of an item for a specific application. For instance, in comparison to analog display watches, digital display watches are at least as accurate, usually more durable, generally easier to read, and considerably cheaper - and yet many people would rather die than be caught wearing a digital display watch (unless it reads "SPORTS WATCH" in big letters, and can calculate multiple lap intervals, etc.), because the analog display watches are all the fashion rage now. I suppose they do make better jewelry, but for the most part the digital displays are the superior choice for the basic function of telling time. Similarly for circuit designs, we sometimes still use the venerable 555 timer and 74120 digital pulse synchronizer. They were both designed more than 20 years ago, and yet for some applications they're still a very good choice. John Roberts roberts@cmr.ncsl.nist.gov