Author Topic: Human Spaceflight Single Board Computer Solicitation  (Read 1996 times)

Offline alk3997

  • Full Member
  • ***
  • Posts: 380
  • Liked: 29
  • Likes Given: 27
(Let's see if I can stay within forum guidelines - I'm sure Chris will help me if I did not.  I am trying to...)

OK, on another web site (referenced below), the blogger states that JSC is looking for a single board computer for human spaceflight and seems to be surprised that there is only one source available for the single board computer. 

The surprise (or indignation) at this being a sole source fails to take into account the description of the computer.  First of all it is being used for human spaceflight and is spec'ed to have a failure rate of 1 in 3,000 years!  Secondly, the single board computer spec calls for Single Event Upset protection.  This is very difficult to find on the ground.  Luckily most people do not walk through a particle radiation environment, therefore manufacturers don't build their computers to handle particle radiation.

There is a big difference to memory between particle radiation and electromagnetic radiation.  For instance (in the old days), I used to leave my laptop running while putting it through the airport X-ray machine.  Never had an upset (and I was running my SEU checking program).  However, the exact same model laptop would have multiple bit flips during a 90 minute orbit due to particle radiation.

Now SEUs do rarely occur on the ground and more frequently on airplanes, but not enough to cause an industry to spring-up.  In the case of the solicitation, the SEU protection has three layers of redunancy.  I'd be hard-pressed to even guess where I could find another single board computer like that.

So, please when you read the other web site, try to take into account that these specs in the solicitation are very unique.  I'm actually surprised JSC didn't have to build this themselves.

Unfortunately the blogger in question rarely seems to correct errors on his website.  So, I figured stating the facts here would be a good alternative.  Hopefully I have stuck to just the facts.

http://www.spaceref.com/news/viewsr.html?pid=39731

Andy

Offline synchrotron

  • Member
  • Full Member
  • ***
  • Posts: 300
  • Liked: 5
  • Likes Given: 13
Re: Human Spaceflight Single Board Computer Solicitation
« Reply #1 on: 01/31/2012 08:14 pm »
JSC's solicitation commentary is consistent with a SBC survey that my team did during the development of an autonomous fault-tolerant mission-critical system. Although the Maxwell was "one year away" from having the board ready for several years at the time. Note that the Maxwell only provides TMR at the board level, so there's even more cost coming down the pipe for implementing an end-to-end fault tolerant system around that SBC.
For interest, here's a robust implementation (for X-38) of this kind of fault tolerance (which also includes a full GN&C incarnation):
http://ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa.gov/20100033681_2010036677.pdf
Out of Draper labs. Lovely. Expensive. But Lovely.
« Last Edit: 01/31/2012 08:23 pm by synchrotron »

Offline HIPAR

  • Member
  • Full Member
  • ****
  • Posts: 586
  • NE Pa (USA)
  • Liked: 0
  • Likes Given: 0
Re: Human Spaceflight Single Board Computer Solicitation
« Reply #2 on: 01/31/2012 11:45 pm »
So can someone provide software development tools and then actually write software that exhibits a fault tolerance commensurate with that level of hardware reliability.

---  CHAS
« Last Edit: 01/31/2012 11:47 pm by HIPAR »

Offline alk3997

  • Full Member
  • ***
  • Posts: 380
  • Liked: 29
  • Likes Given: 27
Re: Human Spaceflight Single Board Computer Solicitation
« Reply #3 on: 02/01/2012 12:48 am »
synchroton, thanks for the link.  I'll take a look.

HIPAR, we were always trying to compute an MTBF for Shuttle flight software and really had a rough calculation.  But, it wasn't anywhere close to 1 in 3,000 years. 

No need to worry - autocoders are perfect, aren't they?  :-)

Offline HIPAR

  • Member
  • Full Member
  • ****
  • Posts: 586
  • NE Pa (USA)
  • Liked: 0
  • Likes Given: 0
Re: Human Spaceflight Single Board Computer Solicitation
« Reply #4 on: 02/01/2012 01:17 am »
synchroton, thanks for the link.  I'll take a look.

HIPAR, we were always trying to compute an MTBF for Shuttle flight software and really had a rough calculation.  But, it wasn't anywhere close to 1 in 3,000 years. 

No need to worry - autocoders are perfect, aren't they?  :-)

If you had one of those boards and there occurred an unhandled exception, you could be fairly sure a bug is behind it.

Safety-of-life software and its testing always intrigued me.  Many compiler venders specifically state their software is not fault tolerant and shall not be used for  safety critical applications.

---  CHAS

Offline kevin-rf

  • Elite Veteran
  • Senior Member
  • *****
  • Posts: 8657
  • Overlooking the path Mary's little Lamb took..
  • Liked: 1125
  • Likes Given: 245
Re: Human Spaceflight Single Board Computer Solicitation
« Reply #5 on: 02/01/2012 01:23 am »
Just compiler vendors? Most silicon vendors use the same disclaimers.
If you're happy and you know it,
It's your med's!

Offline dchill

  • Member
  • Posts: 94
  • Liked: 14
  • Likes Given: 0
Re: Human Spaceflight Single Board Computer Solicitation
« Reply #6 on: 02/01/2012 02:24 pm »
As I recall, GD-AIS in Minnesota had some nice initial patents in this area (that Maxwell probably violated), but never got enough internal funding or customers to fully develop. 

Honeywell has some very nice custom solutions involving hot backups with each side being a self-checking pair, utilizing ASICs.  Those probably aren't COTS enough for this solicitation, but maybe they can pull something together. 

I think a Honeywell like solution generally comes out as being more robust than the big-hammer approach that Draper came up with years ago and got MSFC to adopt for SLS.  That might be why CPS/EDS (that might need month/year mission reliability) is always shown as having separate avionics - just so that the Ares IUA ricebowl doesn't get kicked over.
« Last Edit: 02/01/2012 02:25 pm by dchill »

Offline john smith 19

  • Senior Member
  • *****
  • Posts: 7935
  • Everyplaceelse
  • Liked: 1350
  • Likes Given: 8993
Re: Human Spaceflight Single Board Computer Solicitation
« Reply #7 on: 02/01/2012 07:56 pm »
So can someone provide software development tools and then actually write software that exhibits a fault tolerance commensurate with that level of hardware reliability.

---  CHAS
Well...
It might help to note that 3000 years is 26 280 000 hours. IIRC the original spec for blind landing systems was 1 failure in 1 000 000 000 hours of the system operating *somewhere* world wide, about 38x longer.  This is not quite as unreasonable as you might think given fleet sizes in the *hundreds* of vehicles testing the system every day over say a 20 year life expectancy. Those numbers soon start to rack up.

On that basis I'm a bit surprised NASA can only find *one* supplier that can do this. I might believe that they can only find 1 supplier prepared to *certify* they can do this in the US (you might get a different result if you sourced globally) however.

As for standards I'll guess alk3997  is most familiar with the process. DO-178b seems to key to avionics software development but I'm not sure if actually supplies a *number* to test against or just how serious the situation is and if you have to deal with it what sort of outcomes are acceptable.

However I have heard of something called The Kestrel Institute that does a lot of work with the USAF on provably correct systems which are "auto coded" (what a charmingly quaint term) and fairly mathematically demanding. Their core system (not sure if you can buy a copy or if they use it internally only) is called KIDS.

JPL also have a tool (ironically called "Autocoder") which seems to generate code from finite state machine diagrams and which can be fed to a theorem prover.
« Last Edit: 02/10/2012 02:28 pm by john smith 19 »
BFS. The worlds first Methane fueled FFORSC engined CFRP stainless steel structure A380 sized aerospaceplane tail sitter capable of flying in Earth and Mars atmospheres. BFR. The worlds biggest Methane fueled FFORSC engined CFRP stainless steel structure booster for BFS. First flight to Mars by end of 2022. Forward looking statements. T&C apply. Believe no one. Run your own numbers. So, you are going to Mars to start a better life? Picture it in your mind. Now say what it is out loud.

Tags: