The Legacy of Space Shuttle Flight Software

[rdale]

http://ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa.gov/20110014946_2011015696.pdf

The initial goals of the Space Shuttle Program required that the   
avionics and software systems blaze new trails in advancing avionics system technology. Many of the requirements placed on avionics and software were accomplished for the first time on this program. Examples include comprehensive digital fly-by-wire technology, use of a digital databus for flight critical functions, fail operational/fail safe requirements, complex automated redundancy management, and the use of a high-order software language for flight software development. In order to meet the operational and safety goals of the program, the Space Shuttle software had to be extremely high quality, reliable, robust, reconfigurable and maintainable. To achieve this, the software development team evolved a software process focused on continuous process improvement and defect elimination that consistently produced highly predictable and top quality results, providing software managers the confidence needed to sign each Certificate of Flight Readiness (COFR). This process, which has been appraised at Capability Maturity Model (CMM)/Capability Maturity Model Integration (CMMI) Level 5, has resulted in one of the lowest software defect rates in the industry. This paper will present an overview of the evolution of the Primary Avionics Software System (PASS) project and processes over thirty years, an argument for strong statistical control of software processes with examples, an overview of the success story for identifying and driving out errors before flight, a case study of the few significant software issues and how they were either identified before flight or slipped through the process onto a flight vehicle, and identification of the valuable lessons learned over the life of the project.

[alk3997]

Glad this got out already.  This will be presented at AIAA Space 2011 in Long Beach.  We added as much detail as we could given the time available. 

One little interesting side note is that two of the authors are no long employed in the space program.  This was written in the weeks just prior to the layoff.

Hope those of you who have been curious about how Space Shuttle flight software worked and why it had such a high level of quality (and capability for its size) will enjoy the details included in the paper.

Andy

[mikegi]

Loved this part:

With the computers in control of virtually all critical space shuttle functions, software changes were often considered as a solution to address risks and problems with the hardware sub-systems. Software changes also proved to be a cost-effective method of optimizing the behavior of each sub-system as operational data became available. When the cost and schedule associated with procurement and recertification of a hardware sub-system were considered, software changes often became a very attractive option.

Classic. Hardware guys throw a bunch of crap over the fence and expect the software guys to fix it!

Many moons ago I was working on PC OS graphics SW and ran into an issue where one manufacturer's graphics chips made in Malaysia behaved differently from the same ones made in the Philippines (some process issue). There was no way to tell the difference internally (same ID, etc.) and these things were already on the market. I jokingly suggested having users point a camera at the motherboard during installation so we could use OCR to read the markings on the chips and act appropriately! I don't remember how I solved this problem.

[alk3997]

The updated AIAA Space 2011 agenda has finally been posted:

http://aiaa-mspace11.abstractcentral.com/societyimages/aiaa-mspace11/AIAA-MSPACE11_Program_Matrix_NEW.pdf

The Space Shuttle Flight Software retrospective is scheduled for Thursday, September 29, 2011 at 11:30AM PDT (just before lunch).  This is part of session: 100-SSP-7, "Space Shuttle: Living Aboard."

If you get an opportunity to attend Space 2011 in Long Beach and you're curious about how the Space Shuttle flight software was created, please try to make it to this session.

Andy

[andy_l]

This is a great paper - thanks.

[EirikV]

Wow -

Risk is an inherit component of developing software for a manned space vehicle like the Space Shuttle.  Every
available action was taken to eliminate risk.  Every issue identified was pounded flat before a system was certified
as ready for flight.   Historically, the moment of greatest risk to a crew from a PASS fault occurred on June 26, 1984
when the STS-41D launch countdown was aborted at T – 6 seconds when PASS detected an anomaly in orbiter's
main engine number three.  Without the fortuitous SSME anomaly, STS-41D would have launched with about a  1
in 6 chance of being unable to separate the Solid Rocket Booster (SRB) or the External Tank (ET) which could have
resulted in the loss of crew and vehicle.

(Page 35)

[alk3997]

This is just another piece of evidence that no matter how hard you try, you can't make perfect software.  And, we tried hard...

On the plus side I believe we never came this close to a high severity flight software problem flying after this point in 1984.

Andy