I have no knowledge about SpaceX avionics architecture, but I'd be shocked beyond words if it were ARM based today.
You can use rad hardened hardware but if you want to carry humans you have to work on shields.In the long run it could be "smarter" for SpaceX to focus on shields and gain experience on it, investing bucks on it and saving on not rad hardened electronics.
I "believe" in redundancy , but a strong event (rad storm ?) could destroy all your redundant parts and leave you naked.
That paper says Hydrogen rich materials shield better: could it be feasible to put CPU boards and ram in a sphere inside the future methane tanks for free shielding?
And what about redundant CPU boards put in orthogonal direction to minimize the damage in case of directional rays (sun bursts)?
Last thought, modern CPUs and RAM are way smaller, so they lessen the chance of a hit, but I presume the smaller transistors are damaged by smaller energy levels than bigger ones, is it true ?
Replying to two items from this thread:I watch flight flight boards get populated/placed and assembled in unit quantities down to qty=1 in the lab next to mine- on a regular basis.Space rated PWA and PWB assembly is a different game than nearly anything commercial and absolutely everything high-volume.
Quote from: mlindner on 11/20/2012 03:11 pmA properly designed system should be plug-n-play being able to drop any number of computational "modules" into the loop as you want. As long as they didn't hardcode the 3 modules of 2 computing units architecture, it may already be capable of dropping additional modules into the loop.This sounds like something a software engineer would say Once you start adding hardware inputs/outputs into the equation, it becomes much harder to abstract your 'modules' in such a way.
A properly designed system should be plug-n-play being able to drop any number of computational "modules" into the loop as you want. As long as they didn't hardcode the 3 modules of 2 computing units architecture, it may already be capable of dropping additional modules into the loop.
Quote from: Robotbeat on 11/20/2012 02:42 pmQuote from: Go4TLI on 11/20/2012 02:40 pmQuote from: Robotbeat on 11/20/2012 02:35 pmWith added redundancy, you have the additional benefit of more "near misses," which gives you more opportunities to improve the system. Without redundancy, you either succeed or you fail hard, much fewer near misses.As far as I can tell not a single person has suggested there should be no redundancy. Redundancy is obvious thing to have.The discussion is wheter or not unlimted redundancy should be the anwer-all for unreliability. I suggest there is a middle ground where reliability is high but redundancy is there because things happen. Nobody disagrees with you on the idea there should be a middle ground. Or at least, nobody should.I agree with this as well. The problem is there is a very large range of possible middle grounds. The inflection point could be much further out than conventionally thought. I trust SpaceX to do this calculation. My personal belief though is that there has to be a better solution rather than using 15 year old technology.Following Moore's law there have been 10 doubling's in transistor density since then. Which implies a roughly 1024x fold increase in computation power since then. Meaning assuming you do distributed computing (even more radiation prone) and assuming that distributed computing scales linearly (it doesn't) you need roughly 1000 of these processors to get to the speed of one modern processor.
Quote from: Go4TLI on 11/20/2012 02:40 pmQuote from: Robotbeat on 11/20/2012 02:35 pmWith added redundancy, you have the additional benefit of more "near misses," which gives you more opportunities to improve the system. Without redundancy, you either succeed or you fail hard, much fewer near misses.As far as I can tell not a single person has suggested there should be no redundancy. Redundancy is obvious thing to have.The discussion is wheter or not unlimted redundancy should be the anwer-all for unreliability. I suggest there is a middle ground where reliability is high but redundancy is there because things happen. Nobody disagrees with you on the idea there should be a middle ground. Or at least, nobody should.
Quote from: Robotbeat on 11/20/2012 02:35 pmWith added redundancy, you have the additional benefit of more "near misses," which gives you more opportunities to improve the system. Without redundancy, you either succeed or you fail hard, much fewer near misses.As far as I can tell not a single person has suggested there should be no redundancy. Redundancy is obvious thing to have.The discussion is wheter or not unlimted redundancy should be the anwer-all for unreliability. I suggest there is a middle ground where reliability is high but redundancy is there because things happen.
With added redundancy, you have the additional benefit of more "near misses," which gives you more opportunities to improve the system. Without redundancy, you either succeed or you fail hard, much fewer near misses.
If your hardware elements (transistors, memory cells, etc) are 1000 times smaller, wouldn't that make them much more susceptible to individual rad hits, perhaps of lower energy?Also, I wonder if a hit that would have affected one component before might now affect multiple?
Can't say I'm sure of the process here, but making ten of anything at once often costs little more than making a single item.
Quote from: mlindner on 11/20/2012 02:53 pmQuote from: Robotbeat on 11/20/2012 02:42 pmQuote from: Go4TLI on 11/20/2012 02:40 pmQuote from: Robotbeat on 11/20/2012 02:35 pmWith added redundancy, you have the additional benefit of more "near misses," which gives you more opportunities to improve the system. Without redundancy, you either succeed or you fail hard, much fewer near misses.As far as I can tell not a single person has suggested there should be no redundancy. Redundancy is obvious thing to have.The discussion is wheter or not unlimted redundancy should be the anwer-all for unreliability. I suggest there is a middle ground where reliability is high but redundancy is there because things happen. Nobody disagrees with you on the idea there should be a middle ground. Or at least, nobody should.I agree with this as well. The problem is there is a very large range of possible middle grounds. The inflection point could be much further out than conventionally thought. I trust SpaceX to do this calculation. My personal belief though is that there has to be a better solution rather than using 15 year old technology.Following Moore's law there have been 10 doubling's in transistor density since then. Which implies a roughly 1024x fold increase in computation power since then. Meaning assuming you do distributed computing (even more radiation prone) and assuming that distributed computing scales linearly (it doesn't) you need roughly 1000 of these processors to get to the speed of one modern processor.If your hardware elements (transistors, memory cells, etc) are 1000 times smaller, wouldn't that make them much more susceptible to individual rad hits, perhaps of lower energy?Also, I wonder if a hit that would have affected one component before might now affect multiple?cheers, Martin
Quote from: jimvela on 11/21/2012 04:44 amReplying to two items from this thread:I watch flight flight boards get populated/placed and assembled in unit quantities down to qty=1 in the lab next to mine- on a regular basis.Space rated PWA and PWB assembly is a different game than nearly anything commercial and absolutely everything high-volume.Which is exactly why they cost so much.
That cost is in the noise compared to the cost of a failure- which is why they are built that way.
Quote from: jimvela on 11/21/2012 02:34 pmThat cost is in the noise compared to the cost of a failure- which is why they are built that way.So it's the QA in design & build coupled with testing *after* mfg and population that soaks up the cash?
I'd guessed it might have something to do with needing some kind of forced flow (either gas or liquid) cooling due to zero g.
This also raises a point. Are layer counts and line widths for space rated PWA's and PWC's (Those sound like IBM terms, I thought most people call them PCB's) behind those of terrestrial boards in the same way as space rated parts tend to be a generation or 2 behind their ground based equivalents?
An uneducated guess: on a slow system the realtime requirements may not be met with Linux and C++.
I think SpaceX is just trying to follow Amdahl's Law in that you shouldn't optimize a small part of the problem.
Quote from: guckyfan on 11/20/2012 07:57 pmAn uneducated guess: on a slow system the realtime requirements may not be met with Linux and C++.I doubt it. You can do cycle-perfect simulations of Apollo hardware in Javascript in a browser nowadays, so that can't be it. Console video games run on limited hardware too, and C++ is the language of choice for that.
Quote from: mmeijeri on 11/21/2012 05:42 pmQuote from: guckyfan on 11/20/2012 07:57 pmAn uneducated guess: on a slow system the realtime requirements may not be met with Linux and C++.I doubt it. You can do cycle-perfect simulations of Apollo hardware in Javascript in a browser nowadays, so that can't be it. Console video games run on limited hardware too, and C++ is the language of choice for that.That is quite a few orders of magnitude slower. Some here on the forum were even surprised they use Linux at all because it is not hard realtime.
Quote from: guckyfan on 11/21/2012 06:28 pmQuote from: mmeijeri on 11/21/2012 05:42 pmQuote from: guckyfan on 11/20/2012 07:57 pmAn uneducated guess: on a slow system the realtime requirements may not be met with Linux and C++.I doubt it. You can do cycle-perfect simulations of Apollo hardware in Javascript in a browser nowadays, so that can't be it. Console video games run on limited hardware too, and C++ is the language of choice for that.That is quite a few orders of magnitude slower. Some here on the forum were even surprised they use Linux at all because it is not hard realtime.Linux is a re-implementation of Unix. Soft real time Unix made its living controlling telephone exchanges. For SpaceX it probably comes down to how fast a rocket engine can gimbal.
I'm pretty sure SpaceX isn't using Linux in that portion of their avionics... probably some other embedded, fully real-time operating system.