

Space Shuttle computer has 1MB of RAM - MikeCapone
http://astroblog.cosmobc.com/2010/03/27/did-you-know-the-space-shuttle-runs-on-only-one-megabyte-of-ram/

======
tomkinstinch
Here is an article about developing the 'perfect' software that runs the
shuttle:

"They Write the Right Stuff"

<http://www.fastcompany.com/node/28121/print>

~~~
aidenn0
And it's 260 engineers to write 420 KLOC. This is why software is buggy; it's
to expensive to make it not buggy.

~~~
izend
And it required 380 engineers to build the Burj Dubai.

The only difference is for most software projects it is acceptable to have
"bugs" as customers will still pay for it, even if it's in a poor state of
quality. But "bugs" in a 2,717 ft tower are unacceptable.

It comes down to, in general the cost of a bug in most software is relatively
low compared to other engineering disciplines. Of course if the software is
critical support systems for Astronauts that's a different story.

~~~
kjhgfvgbjnm
The Burj Dubai, like any other structure is full of bugs.

The point of engineering is to make a system that is resilient to a certain
level of faults. That's why the tower doesn't collapse if there is a 0.1 mm
crack in one of the bolts.

~~~
Groxx
It also depends on how you define a "bug". A car that crumples too much and
injures the driver when hit at this angle or that angle within these speeds
could be considered a bug. In which case, counting the number of knobs that
fall off, plastic that cracks, and parts that wear out prematurely, not to
mention discoveries of toxic fumes / paint / etc, cars _do_ have thousands of
bugs.

~~~
kjhgfvgbjnm
The main problem with software 'engineering' is the fragility of software. In
a structure you know there will be cracks, so you choose a material that is
ductile enough that a crack can't grow to dangerous size in the lifetime of
the component. The problem with software is that generally a single bit wrong
is a total failure.

I was involved in a case with a turbine blade fracture. The user claimed that
there must have been a flaw, and yes the crack must have started at a single
atom sized crystal flaw in the meta. But the choice of alloy was such that the
crack would have grown at a rate which means it was under the failure size for
at least twice the inspection interval - where the customer missed it.

~~~
abstractbill
_The problem with software is that generally a single bit wrong is a total
failure._

This doesn't mesh with my experience to be honest. I often come across code
that contains nasty bugs but is still somehow working accidentally. And even
more often, there are bugs that stop just _one feature_ from working while the
rest of a large system pretty much acts as if the bug didn't exist.

------
wallflower
I remember my Digital Circuits prof saying the Apollo Flight Computer was
constructed out of thousands of NOR-gates.

At the time I was struggling to comprehend how to construct a basic circuit,
so I was wow'd (and still am).

<http://en.wikipedia.org/wiki/Apollo_Guidance_Computer>

~~~
sandGorgon
That is'nt very surprising for a person working the semiconductor design
industry. Actually there are no AND/OR/NOT gates fabricated on a modern IC.

They are all NAND gates, since they have better electrical characteristics and
are Universal Gates (they can form AND/OR/NOT gates in some combination).

What is surprising is that they used NOR gates - while they are Universal
Gates as well, their fabrication apparently leads to poorer electrical
properties.

~~~
sparky
NAND gates have two PMOS (pull-up) transistors in parallel and two NMOS (pull-
down) transistors in series. This matches well with most CMOS processes, in
which NMOS are faster. NOR gates have two PMOS in series and two NMOS in
parallel, so either your pull up time will be significantly longer than your
pull down time, or you're going to have to make the PMOS pretty big.

None of this really mattered at the time; the Apollo used resistor-transistor
logic (RTL), which in turn used bipolar junction transistors (BJTs) instead of
the CMOS (C is for complementary, meaning NMOS and PMOS) used for most digital
logic today. In RTL (there are analogous logic families using CMOS too),
instead of having a pull-up network of transistors, there is a weak pull-up
resistor that makes the output high by default, unless it is pulled down by a
network of (usually NPN) BJTs. In the case of an RTL NOR gate, it is just a
bunch of NPN BJTs in parallel for the pull-down network, so it's pretty
efficient ( <http://www.play-hookey.com/digital/experiments/rtl_nor4.html> ).

Sorry for the longish post.

~~~
sandGorgon
oh wow.. I had completely forgotten about RTL.

Thanks for the explanation.

------
icefox
"Similarly, the Russian Soyuz capsule’s computer ran on only 6 kilobytes of
RAM until it was replaced with newer systems in 2003, which most probably was
the cause of its subsequent crash-landing in Kazakhstan."

Really? Really?

~~~
ugh
Really (<http://en.wikipedia.org/wiki/Soyuz_TMA-1>). That was the first flight
of the new Soyuz TMA with a glass cockpit.

The capsule’s failsafe mechanisms where triggered and the it fell back to the
harsher ballistic reentry instead of the normal controlled one (nobody was
harmed). It seems that a system which has been in use since 1979 somehow got
confused by the sensory data. Some sort of odd bug, they have never been able
to reproduce it.

Fallback to ballistic reentries also happened later with TMA-10 and TMA-11 –
in those two cases a damaged cable and a pyro bolt malfunction (which nearly
got the crew killed) were responsible respectively.

------
russss
The guidance computer doesn't have enough RAM to contain the code for the
entire mission, though. They have to load in a new program once the the
orbiter is in space, and another one before it de-orbits.

There's a fascinating (and very detailed) series of lectures on the Shuttle's
design online on MIT's OpenCourseware site:
[http://ocw.mit.edu/OcwWeb/Aeronautics-and-
Astronautics/16-88...](http://ocw.mit.edu/OcwWeb/Aeronautics-and-
Astronautics/16-885JFall-2005/CourseHome/index.htm)

------
henning
For those interested in software issues in aerospace, you might want to listen
to Episode 100 of Software Engineering Radio: [http://www.se-
radio.net/podcast/2008-06/episode-100-software...](http://www.se-
radio.net/podcast/2008-06/episode-100-software-space)

It features an extensive interview with a guy from DLR, the German equivalent
of NASA. They talk at length about culture (freedom to fail), practices
(extensive re-use), and ballpark performance metrics (on the order of < 10 LOC
per programmer per day).

------
vital101
The shuttle computer does what computers do best: crunch numbers. I'd be
interested in knowing what sort of hardware that RAM plugs in to, and also
exactly how fast operations need to be completed in order for the shuttle to
not fall out of the sky.

~~~
Retric
The shuttle uses 4 separate 1.2MHz IBM AP-101 operating in lockstep /
redundant systems, with a 5th running an independent system. I assume the
fifth is setup in case of software failures.

<http://en.wikipedia.org/wiki/IBM_AP-101>

<http://en.wikipedia.org/wiki/Space_Shuttle>

PS: It's easy to forget just how old and hacked together the Space Shuttle is:
_Historically, the Shuttle was not launched if its flight would run from
December to January (a year-end rollover or YERO). Its flight software,
designed in the 1970s, was not designed for this, and would require the
orbiter's computers be reset through a change of year, which could cause a
glitch while in orbit. In 2007, NASA engineers devised a solution so Shuttle
flights could cross the year-end boundary.[38]_

~~~
skoob
That's weird. Why would they even need date logic in the flight software?

~~~
sophacles
It probably has something to do with where to point the thing during re-entry.
The shuttle would need to be able to land on different days in case something
went wrong. Actually, the date stuff is probably used for all sorts of orbital
calculations.

------
zandorg
Always when this story comes up, I reference this:
<http://www.dreamsongs.com/LessonsFromNothing.html> \- a Lisp guru talking
about this story.

------
bmalicoat
Pretty interesting. Designing the whole system from scratch and being able to
remove all unused overhead associated with 'modern' OSs certainly helps being
able to fit it all in 1MB.

~~~
jcromartie
That, and it was built a few decades ago.

------
ThomPete
The kind of programs that go into space shuttles and airplanes are quite
different than the windows and os x systems out there.

Their task are very specific not really leaving room for flexibility. You can
almost compare the importance of these systems working exactly as expected
with the physical parts of the shuttle.

------
dschn
Some (if not most) of the on-board shuttle programs are written in HAL/S.

<http://history.nasa.gov/computers/Appendix-II.html>

<http://en.wikipedia.org/wiki/HAL/S>

------
jorgecastillo
I just hope they don't follow the example of the British Navy(installing
Windows XP in nuclear subs).

P.S. A BSoD would indeed really become a Blue Screen of Death.

------
ugh
And now it’s going to the junkyard. Together with the shuttles that never
lived up to their aspirations. Sad, really.

~~~
robryan
Given budget constraints and the level of safety required in something like
the shuttle I think they have lived up to realistic aspirations.

~~~
ugh
The Shuttle did well for what it was. I still think, though, that the original
plan for a lean little ship which can bring people into orbit would have led
the Shuttle to a better future. Instead it became this overblown space truck.

But, yeah, it’s not all black and white. Building the ISS would have been very
hard without the overblown space truck.

------
code_duck
I wonder how that was all written. Is it mainly hardware, assembly or a
language such as Forth?

~~~
ChillyWater
Most of it is written in a custom language called HAL/S (High Level Assembly
Language / Shuttle). Some of the nitty gritty is written in assembly.

HAL/S looks a little bit like basic or FORTRAN. It was designed to be very
readable and uses some interesting formatting. When you print out a module
(lets say GG1ASC), it uses three lines for each line of code so that the
superscripts and subscripts are above and below like they should be.

------
imd
I'd like to hear how the code of the new commercial space companies, like
SpaceX, compares.

~~~
kjhgfvgbjnm
They use the same industrial computers ands real-time OSs that modern
airliners use, and which Nasa uses on more modern kit.

The shuttle software isn't necessarily a good engineering solution.Spending
the same time/effort/budget on a more critical part might have saved some of
the shuttle failures.

If you think of it in aircraft terms, is it better to spend $ making the
avionics software 99.9999% reliable rather than 99.999% or is it better to fit
smoke hoods/more exits/better weather radar etc.

------
protomyth
an probably some of the most audited code on the planet

