Robust configuration memory

It was considered a feature, not a bug - the guidance/avionics software for the main computers was extremely complex with millions of lines of code, absolutely no way to guarantee there wasn't a showstopper bug lurking there somewhere. All four main computers ran the same code developed by IBM; the fifth backup computer's code was written entirely independently IIRC by the Rockwell team.

The most likely cause of a "majority-rule" fault was considered to be a hardware issue, but a 2-2 deadlock was more likely to be a software problem, and in that situation you simply can't trust the four main computer's software to do anything correctly anymore so you bring up the fifth computer to run the critical sections using an independent codebase.

The probability of both a showstopper bug in the main code and another one in the backup causing a loss of vehicle accident was considered to be so remote as to be an eventuality that wasn't addressable by any reasonable amount of engineering effort. AFAIK a 2-2 split never occurred in practice

Reply to
bitrex
Loading thread data ...

Also, redundant systems are only useful when the failure modes are different. Just connecting 3 memory devices and do a majority vote does not cover the case where all 3 fail at the same time due to a common cause (such as a supply voltage spike, a gamma radiation event, etc)

So you would need 3 memories of different technology to at least attempt to cover such things.

Same goes for running redundant computers: they should at least have different hardware, and preferably also run independently developed software. Else you will encounter the Ariane-501 mode of failure where both computers fail at the same time due to software error.

Reply to
Rob

Four main guidance computers plus a backup on standby was considered the minimum to achieve a fail-continue/fail-safe mission profile in the case of one and two computer failures, respectively.

Three would have only been enough to achieve fail-safe in the case of a single failure. Five active main computers plus a backup was too heavy.

Reply to
bitrex

Yep. A triple-redundant system with common software and/or common failure modes that can only recover from a single-point failure is probably not that much more reliable than a single device.

There were a number of systems even on the Space Shuttle that didn't have any redundancy and were "must-work" systems that if they failed would intrinsically lead to a LOV incident. The SRBs were one, and the payload bay door latching system was another.

If the payload bay doors failed to latch prior to descent the only contingency plan was to get every guy available down to work on prepping the next shuttle's turn-around around-the-clock as fast as possible, launch as soon as possible, maybe see what assistance the Russians could provide via Soyuz, and pray.

Reply to
bitrex

after Columbia they added a cable harness so the flight computer and controls could be connected and the shuttle landed via remote control. The crew would stay at the ISS until they could get down in some other way

Reply to
Lasse Langwadt Christensen

That's an option on mission profiles where the ISS was the destination; that was most missions in the final years of the program but not all of them, including the ill-fated Columbia mission.

The Shuttle doesn't have the ability to reach the ISS from any arbitrary orbit.

Reply to
bitrex

Punched paper tape or cards?

Reply to
Robert Baer

Yes; use an ANALOG sum, the rest of that solution should be obvious.

Reply to
Robert Baer

They were prone to tearing. I still remember disassembling and re-assembling one card reader with a hefty card jam.

--

-TV
Reply to
Tauno Voipio

I'll take plastic.

Reply to
krw

Not all plastics are created equal. Teflon (PTFE) is close to indestructible (until you get it hot enough) but it does flow.

formatting link

--
Bill Sloman, Sydney
Reply to
bill.sloman

MMMmmm with embedded chip..

Reply to
Robert Baer

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.