Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday June 05 2020, @09:33PM   Printer-friendly
from the powered-by-systemd? dept.

From Earth to orbit with Linux and SpaceX

SpaceX's Crew Dragon [...] successfully delivered NASA astronauts Bob Behnken and Doug Hurley into orbit. Taking them was SpaceX's reusable Falcon 9, powered by rocket fuel and Linux.

Like supercomputers, Internet of Things (IoT) devices, and many mission-critical devices, the Falcon 9 flies with Linux. SpaceX's software engineers explained several years ago how the Falcon 9 programming works.

[...] The Falcon 9's onboard operating system is a stripped-down Linux running on three ordinary dual-core x86 processors. The flight software itself runs separately on each processor and is written in C/C++.

[...] Because the first stage of the Falcon 9 lands itself, its chips don't need to be radiation hardened.

[...] as explained on StackExchange Space Exploration, SpaceX uses an Actor-Judge system to provide safety through redundancy. In this system, every time a decision is made, it's compared to the results from the other cores. If there's any disagreement, the decision is thrown out and the process is restarted. It's only when every processor comes up with the same answer that a command is sent to the PowerPC microcontrollers.

[...] The point of this triple "tell-me three times" redundancy is to give the fault tolerance it needs without having to pay for expensive space-specific chips. Modern planes, like the newer Airbus planes, use a similar approach in their fly-by-wire systems.

The Dragon spacecraft also runs Linux with flight software written in C++. The ship's touchscreen interface is rendered using Chromium and JavaScript. If something were to go wrong with the interface, the astronauts have physical buttons to control the spacecraft.

Chromium and JavaScript are used for the Dragon 2's interactive displays -- with 100% test coverage.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Insightful) by Anonymous Coward on Saturday June 06 2020, @05:49AM (1 child)

    by Anonymous Coward on Saturday June 06 2020, @05:49AM (#1004102)

    Mathematically speaking, you need 3N+1 independent processors to ensure fault tolerance of N simultaneous faults.

    The Shuttle had five independent systems, so that one could fail, and then they could stop the failed processor and still have a safe system. This didn't allow for two simultaneous failures, but it did allow for two failures that aren't simultaneous.

    Having only three independent systems doesn't really provide true fault tolerance at all. There are going to be failure scenarios where a single node failure will cause a system failure. Three redundant systems is good enough for the most typical failure modes (such as a crash-and-halt), but not all possible failures.

    Starting Score:    0  points
    Moderation   +2  
       Insightful=1, Informative=1, Total=2
    Extra 'Insightful' Modifier   0  

    Total Score:   2  
  • (Score: 3, Interesting) by hendrikboom on Saturday June 06 2020, @01:50PM

    by hendrikboom (1125) Subscriber Badge on Saturday June 06 2020, @01:50PM (#1004190) Homepage Journal

    What puzzled me is that they have all these redundant x86's, but there's no mention of the power chips being redundant. So the judge is a failure point.

    What the space shuttle did was vote by force. Each analog system had three motors driving it, and three sensors for feedback, one set connected to each redundant processor. So if one of the processors went haywire, the others overrode it by simply pushing harder until the analog component was in the state it needed to be in.