Space shuttle technology. (includes related article)
by Philip Chien
Space shuttle computer system. The words probably bring visions of a high-tech, state-of-the-art computer command system to mind. Or perhaps you think of the most advanced flight simulators designed for aerospace use.
Surprisingly, each of the shuttle's five on-board computers has the equivalent of only 400K--less than most micros!
When the space shuttle's General Purpose Computer (GPC) was originally designed in January 1972, NASA chose state-of-the-art flight computers, similar to those proposed for the F-16 fighter. Unfortunately, state of the art for the 1970s wasn't state of the art for the 1980s when the shuttle was first launched.
In earlier spacecraft, astronauts could take manual control if their computers failed. Neil Armstrong and Buzz Aldrin overrode their Lunar Module computer when it almost landed them in a crater. However, the shuttle is a much more sophisticated vessel, combining the capabilities of a spacecraft, a truck, and a glider, and it's much more computer dependent.
The GPC in Its Infancy
The earliest General Purpose Computer, the AP-101B, has 104,000 32-bit words of iron-core memory (small iron rings threaded on a loom and magnetized to determine ones and zeros). It uses 650 watts of power, weighs 51.8 kilograms (114 pounds), performs 400,000 benchmark tests per second, and has an MTBF (Mean Time Between Failures) of 5200 hours.
Each shuttle has more than 300 electronic "black boxes" with over 300 miles of wiring and 120,400 wire segments with 6,491 connectors. The total weight of the black boxes, wiring, and connectors is 7,780 kilograms (17,116 pounds)--heavier than a fully loaded Apollo Command Module spacecraft.
Since the computers are essential, NASA decided to use five identical computers in operation for critical periods like launch and landing. Four of the units operate together, and if one has a different result, it's presumed wrong and is "outvoted." The fifth computer is programmed separately from the other four and acts as a backup to prevent possible generic software errors from causing problems. In addition, an offline spare--a sixth GPC--is carried, which can be swapped with a malfunctioning GPC in orbit if necessary.
The OPS 101 program controls the shuttle from T--20 minutes in the countdown-through-orbit insertion sequence. All five computers must be in sync and working properly; otherwise, the launch is scrubbed (see the sidebar, "Fewer GPC Failures for the Future?").
When the shuttle arrives in space, the crew reconfigures the computers for orbital operations. Two GPCs run the on-orbit program, and one GPC is dedicated to payload operations. One GPC is powered down but has the landing program loaded in case an emergency requires the crew to return in a hurry. The final GPC is powered down until needed.
If one GPC fails in orbit (or even two), the mission won't necessarily be aborted if the problem isn't expected to affect the other GPCs. In theory, any of the five computers has the capability to land the shuttle safely. During reentry and landing, all five GPCs operate together again. Sophisticated control loops command the shuttle's aerodynamic surfaces and respond to the pilot's inputs.
While the original GPCs have worked well, their age is showing, and their limited capabilities now put a strain on the shuttles' operations.
A New GPC Is Launched
For the past six years, NASA has been designing, building, and testing upgraded AP-101S computers. One of the most important requirements in the new computers' design is that they're functionally compatible--in both physical connections and software.
Functional Test and Instruction Set Test Programs have verified that the hardware and CPU will produce the same results. Astronaut Kenneth Reightler explained that one of the key factors in implementing the new computers was to make the change completely transparent to the astronauts, although software differences would be necessary at the programmers' level.
The new GPCs were tested for functionality in the avionics laboratories with the actual flight software, and hardware validation tests were performed before they were installed in the shuttle simulator. In all, the AP-101S computers were tested for three years.
Atlantis was the first orbiter to launch with the new GPCs. STS-37 (Space Transportation System is NASA's designation for the shuttle program) was launched on April 5, 1991, just a week shy of the tenth anniversary of the first shuttle's launch. Launch director Bob Sieck said, "We couldn't tell any difference during the countdown. We didn't have to alter our procedures or software, so [the change] was essentially transparent after we installed the [new GPCs]."
Discovery also carried the new GPCs, and Endeavour and Columbia will have them installed for their next flights, which are scheduled for mid 1992. The last flight of the original GPCs was the STS-40, Columbia's Spacelab Life Sciences (SLS) mission which was scheduled to launch in May, but eventually went up in June after several delays. One of the old GPCs failed early in the countdown and had to be replaced. While Columbia was controlled by five of the old AP-101SL computers, it also carried modified versions of the AP-101S, which were used to control its Spacelab cargo.
On the previous Spacelab mission, both 1970s-era French-built DDS (Data Display System) computers failed halfway into the mission, forcing the controllers and flight crews to control the telescopes manually. Spacelab managers were glad to replace the DDS computers with the brand-new AP-101SL models.
The AP-101S GPC has 256,000 32-bit words (roughly equivalent to 1MB of RAM) of CMOS (Complementary Metal Oxide Semiconductor) memory. It uses 550 watts, weighs 29 kilograms (64 pounds), and performs 1.2 million benchmarks per second. It has an MTBF of 10,000 hours, and fits into one box instead of two. In other words, the new GPCs have 2-1/2 times as much memory, use less power, weigh less, operate up to three times faster, take up half the volume, and are twice as reliable as their 18-year-old cousins, the AP-101B.
More Memory, Less Risk
Iron-core memory, used in the original GPCs, is slow and bulky and uses a lot of power, but it does have two advantages over silicon memory. It doesn't require power to retain its contents, and it isn't sensitive to radiation.
CMOS memory requires constant power, and cosmic rays can easily flip a bit. However, the AP-101S memory has a fail-safe battery backup and an automatic error-correction circuit that constantly scans the memory for upsets and corrects errors.
The programmers were ecstatic to double their memory. (Remember when you doubled your computer's memory?) The additional memory will be used for routines that couldn't fit within the earlier limitations, and now multiple programs can be combined, unlike before.
Will the additional capabilities really be useful? The STS-26 launch in September 1988, the first since the Challenger accident, was delayed due to unexpectedly calm upper-level winds. The GPCs were programmed for higher winds, but there was neither enough memory to permit more than one wind profile nor enough time to load another profile into the GPCs. The launch was delayed for almost two hours until the winds picked up enough for a positive safety margin.
While delays due to memory limitations can be annoying, a lack of memory can also cause life-threatening problems during an emergency abort.
The original GPCs have just enough memory for the OPS 101 program from T -- 20 minutes through launch, potential launch aborts on the launch pad, and the dangerous RTLS (Return To Launch Site) abort mode in which a shuttle would literally make a U-turn and land back at the Kennedy Space Center if something were to go wrong early in flight.
All of these functions have to be squeezed into RAM, which doesn't leave enough additional memory for the TransAtlantic Landing (TAL), another abort mode. In a TAL abort, the shuttle would continue to fly across the Atlantic Ocean, but the main engines would shut down early, and the shuttle would land in either Africa or Europe, depending on the flight path and fuel reserves.
While neither abort mode has been needed, a TAL is preferable to the RTLS abort since it's much less stressful on the orbiter's structure and doesn't require a U-turn. Unfortunately, the original GPC doesn't have enough memory to store the launch and TAL programs simultaneously.
Astronauts must change programs during the abort. It takes 15 to 20 seconds to load in the TAL software--time during which the pilots have to control the shuttle manually and anything can go wrong.
The next version of the flight software, which will use the capabilities of the AP-101S, will store the TAL program in an unused portion of memory and move it into active memory if it's required--similar to using a RAM disk on a micro. In addition, dozens of other improvements are planned that wouldn't have been possible with the earlier GPCs.
The additional speed, reliability, and memory all make the AP-101S computers much more useful. But one of the best features is that at $1 million for each flight unit, they're half the price of the original GPCs.