
SpaceX processing units, radiation-tolerant by design (2012) - ash
http://www.aviationweek.com/Blogs.aspx?plckBlogId=Blog%3a04ce340e-4b63-4d23-9695-d49ab661f385&plckPostId=Blog%3a04ce340e-4b63-4d23-9695-d49ab661f385Post%3aa8b87703-93f9-4cdf-885f-9429605e14df
======
moocowduckquack
_" The reason we have three is when operating in proximity of ISS, we have to
always have two computer strings voting on something on critical actions. We
have three so we can tolerate a failure and still have two voting on each
other. And that has nothing to do with radiation, that has to do with ensuring
that we're safe when we're flying our vehicle in the proximity of the space
station._

 _I went into the lab earlier today, and we have 18 different processing units
with computers in them. We have three main computers, but 18 units that have a
computer of some kind, and all of them are triple computers – everything is
three processors. "_

This detail so reminded me of Clarke's Rama series.

 _" And on far-off Earth, Dr. Carlisle Perera had as yet told no one how he
had wakened from a restless sleep with the message from his subconscious still
echoing in his brain:

The Ramans do everything in threes."_

------
doe88
I think this paragraph resume their philosophy:

> So building the computer for the Dragon isn't just about building the
> computer for the Dragon, it's about building a whole suite of tools,
> techniques, people and processes to then go to the next vehicle, and the
> next vehicle. And our equipment crosses lines. Falcon designs go into
> Dragon, we're currently retrofitting the Dragon design into the new Falcon,
> so our designs constantly keep evolving, and that's why we don't want to get
> into lines that have limited growth capacity.

Their approach is all about reusability, evovability and scalability. And I
think using a maximum of common code between all the different systems will
only make this code stronger. They seem to counterbalance the hardware faults
and software dangerousness of C++ by implementing a generalized voting
mechanism where all decisions must be validated by two different computers. In
this area and at this scale it seems to me that it's disruptive.

~~~
foobarqux
> In this area and at this scale it seems to me that it's disruptive.

It seems disruptive because you have no background in aerospace. This is bog
standard.

------
JshWright
The last question and answer sum up SpaceX perfectly:

Q; So you're not breaking a mold here.

A: We're taking it to an extent previously not done, but we're operating in a
well known set of techniques and capabilities.

~~~
foobarqux
I don't understand to what extent this hasn't been previously done. The design
is pretty standard.

------
kristoffer
It would have been interesting to hear more about their future road map since
they are currently only doing low earth orbit but aim for Mars. The radiation
environment is quite different of course.

Maybe certain fabrication technologies (geometry/SOI/packaging) will produce
COTS semiconductors which can take a lot of total dose. I'm not sure of the
status of this. Does anybody have any insights?

I would think that the biggest benefit of using COTS is performance and
developer efficiency. It is certainly possible to run Linux on the available
rad hard parts (PPC, SPARC, MIPS) but due to low usage the development
environment will not be as good.

~~~
shabble
If they manage to depress the cost-to-orbit sufficiently, they'll maybe be
able to take more shielding along. It might even be dual-use stuff like
carefully placed water tanks or stacks of prefab building materials, which can
then be used on the journey or at the destination.

On the hardening ICs specifically, I recall that SOI is potentially a better
performing technology than bulk silicon wafers, the actual performance drop is
due to much larger feature sizes to better handle low-energy rad strikes.

I suspect (but haven't looked in a long time) that the performance could be
radically improved if they could develop the process to modern equivalents,
but the economics just aren't there.

I was just wondering if it would be possible to use ECC on the core internals
rather than just the RAM, and it looks like someone has considered it for the
register file[1] I suppose it might be useful on the instruction pipeline as
well, and other places.

Then again, it may be just easier all round to take the SpaceX current
approach of many simple cores, and redundancy in software.

[1]
[http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4708869](http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4708869)

~~~
kristoffer
The register file and cache is typically protected with some kind of ECC. The
other parts of the CPU are protected by using rad hard flip flops (be it
either TMR or other means).

But this is the road SpaceX is not taking ...

And all these techniques only protect against soft errors. I was more
interested in how to mitigate against permanent errors (latchup) and
tolerating high total dose when using commercial components. Will they do this
by screening components which are manufactured using potential good
fabrication process e.g. SOI.

~~~
XorNot
It seems like if they can on average use smaller parts and more of them, then
it just comes down to statistics - permanent chip damage isn't impossible in
rad-hard electronics, just less likely.

I suspect it'll come down to a test though - at some SpaceX are going to
launch an unmanned Dragon to Mars, and that will be more then anything a
fascinating exercise in really understanding the deep space radiation
environment, which we still do not know nearly enough about.

------
notjustanymike
This feels all too like a video game.

Radiation-hardened is a tank spec. Tons of health, tons of armor, but slow
moving without a lot of DPS.

Radiation-tolerant is an assassin spec. Not a lot of health or armor, but has
crazy health regen and a diverse skillset.

