Chips in spaaaaace: old tech is in I hate to say it, but most of what you think about space-age technology is a total fabrication. It’s the stuff of sci-fi. Perhaps the biggest misconception of all is that spacecraft are equipped with cutting-edge computing platforms that any self-respecting technophile would commit unspeakable acts to get their mitts on. …
Actually an alpha emitter would be completely useless to mimic cosmic radiation etc. Regular alpha particles don't even pass through skin, so unless you took the lid off your chip and attached the Americium directly to the silicon it wouldn't have any effect.
I'm assuming levering the lid off a chip would cause some problems anyway, but maybe the teardown sites could give it a go :-)
There was an article here on the Reg about some computer crashing on the last space shuttle. The NASA folks said something to the effect that peoples laptops don't have to sustain several times the force of gravity, suffer the radiation, and land back on earth to be reused again.
Tripple redundancy is used in a lot of places, and not only digitally. In flight computers, sometimes you will see 3 different processor types, running software from different teams to ensure that there is no common failure mode between different branches. Sometimes you will see higher redundancy too, for example a number of flight computers running in parallel with each implementing it's own redundancy; this helps planes to continue flying with a large number of failures, for example caused by bullets...
Very likely you are right - but there's no harm in pitching at a lower level, it not only helps those not as knowledgeable and clever as you and I, but, even better, emphasizes to us how much better informed we are, because We Know It Already!
Your in extreme smugness and superiority, :-)
After chips, particularly complex digital ones, have been in use for several years the oddities such as soft errors become known and this helps with risk managment.
On an earthbound note I had soem 8051 code that couldn't subtract properly and it turned out that the borrow flag wasn't set by the SUBB instruction at a particular address which was in turn cured by emilinating clock noise!
I assume this story was prompted by the recent news that SpaceX had suffered a failure of one (of 3) of their flight computers on the Dragon capsule as a result of choosing to use non radiation hardened, modern kit:
As reported here: www.spaceflightnow.com/falcon9/004/121114anomalies
I was a little surprised to find no reference to this in the text.
Trouble is, there are some particles that can travel through all sorts of matter before deigning to interact with something you don't want them to.
Even on Earth we can be affected by them, so some safety-critical applications use ECC RAM. The Wikipedia article on ECC RAM has information about single-bit error rates in orbit, from tests aboard the Cassini–Huygens spacecraft.
Most of which seem to have been fixed by turning them off and then back on (or "cycling the power" as NASA seem to be fond of saying).
IIRC the going rate for a BAe 750 board is something like $750k.
Note it's not *just* the size of the transistors it often includes things like all registers having 3 way voting and (possibly) a special mfg process which is more rad hard than normal IC mfg processes.
But software mitigation techniques (and hardware add ons to assist the software) have been known for *decades* and $750k buys a *lot* of modern hardware.
Note only *one* of the Dragon processors was hit, the other 2 ran without a hitch.
Shuttle taught *many* lessons about complex processor design and (*just* as importantly) the software to *support* it.
The question I'd have about the Dragon processor is, did the failure occur in 'quite' space conditions? Should we expect one of the computers to freak out in a general day to day space operation over the people of $X time? If so that does not bode well for the times that space gets noisy. The sun likes blowing off earth sized chunks of hot gas at times. You never know when a gamma ray burst from god knows where is going to show up either.
The quote
"Engineers believe radiation also shut down one of Dragon's three GPS navigation units, a propulsion computer and an ethernet switch during the flight. Controllers at SpaceX's headquarters in Hawthorne, Calif., recovered those systems to full operability, Suffredini said. "
I'd tell you three times but I'm not sure *how* they were recovered to "full operability" Cycling the power is just a guess (but a popular one). Most embedded stuff which is mission critical has some kind of watchdog timer. If the software goes haywire when it times out the hardware re-boots.
Unless of course the prgram in ROM is corrupted as well...
24 port, wire-speed, non-blocking Gigabit Ethernet switch - how many of those can you get off the shelf that will work reliably in space? Or even survive the take-off and landing? Let-alone turn on and work at -45C and +85C case temperature without fans, or survive ballistic shock, or sea water immersion!
@John Smith 19
"Note only *one* of the Dragon processors was hit, the other 2 ran without a hitch."
Would be more accurate to say "the other two ran with **no hitch detected**", surely?
Elsewhere, triple modular redundancy has been mentioned, as has its even more expensive relative, dissimilar redundancy (different hardware, different software, and (ideally) independent design teams).
These things are relatively widely known in the relevant industries but can and often do cost lots of money. As any follower of the Ford Pinto history knows, there are tradeoffs to be made between costs and risks.
I'd love to hear about an example where TMR is in routine use in (e.g.) safety-critical flight systems. I'm not aware of it in routine use in safety-critical commercial systems such as aircraft (the industry I'm most familiar with) or vehicles. Last place I heard of it was in oil rig safety shutdown systems but I've lost touch with that industry. If it is in use in the rail industry I'd be pleased to read about it.
Air France flight AF447 came down with the loss of 200+ people for various nominally-unrelated reasons, most of which were said by the authorities to have negligible probability, which therefore didn't need to incur costs to mitigate, all of which actually happened on the same flight. How likely is that?
Now that there is a lot of interest in nano sats how about sending up a fleet of minimally shielded smartphone based processors as a LEO distributed computing experiment with one of of the programs running a diagnostic routine that watches for errors from the other members of the fleet? Would be an interesting experiment to deduce just how minimal the shielding and other techniques need to be for any given situation..... Could have a positive impact on estimating the cost of space missions.
The ISS while needing to be human rated, also has the benefit of having someone around to fix it if it goes wrong.
A communications satellite that needs to last say 15 years, say 7 or 8 to be commercially viable, doesn't have this option.
When you're spending $300m+ on a satellite, $200k on a critical component isn't that drastic.
I realise the component is mission critical, but as you haven't described the mission, this could just be an experiment and not a component of the life support system.
"In any case, spacecraft don’t really concern themselves with lightweight stuff like alpha radiation."
Hardly... it's the heaviest (most mass) radiation by far, and the most dangerous to humans. Luckily our skin, a handy layer of dead or soon to be dead cells, coated on the outside in oils and bacteria and then for the most part topped off with clothing, is impervious to alpha radiation. Ingest a source of alpha radiation and you'll be in trouble though.
Yeah, "lightweight" is an unfortunate choice of words here.
Overall it works out about the same for an IC. Alpha particles won't penetrate the packaging of the IC, but internalized alpha emitters can cause problems. Some small level of alpha emissions from the packaging material due to contamination (much less of a problem now than in the early days of IC manufacture) or isotopic activity is to be expected, but this isn't a problem unique to space-bound electronics.
I remember doing some work on the then state of the art Seawolf missile system (about 1986)
Although our experimental kit used the wonders of, IIRC, a Z80 cpu the ships Seawolf computers were some huge Ferranti(?) size of a room computers fore and aft. They used core memory and the programme was loaded from paper tape which did not seem to work very well as it took hours to get it working.
The final bit of tape to be loaded was taped to the side of a filing cabinet and I was told it was this that informed the launcher were the various bits of superstructure were on this particular ship, without this bit the launcher could launch into masts etc....
I was gobsmacked.
I work in the rail automation industry and even in this field extremely out of date electronics are used. Why? Because the general consensus is after 10+ years all defects in the circuitry are known and can be worked around (look at the errata for the 80386...). When developing systems on which lives are at stake (or at which billions of dollars are at stake as in space flight) you want to limit the unknown as much as possible. Using older tech goes a long way to ensuring this.
@Helstrom,
It's a lesson the Chinese rail industry could do with learning. Their recent crashes have apparently been caused by signalling failures. Someone's not being paying enough attention to small but important details like i) what happens when lightning disables half the signalling system? ii) does that CPU actually do what the data sheet says it does?
In my experience it's becoming harder for none mainstream processing systems to keep going. There's so much money in the consumer / commodity markets that few semicon firms are interested in something worthy but ultimately profit-less like better railway signal electronics and space hardened processors. For example, Intel weren't thinking much about high shock 'n' vibe environments when they came up with the LGA sockets.
Interesting comment there about sticking to old technology in part because it's widely used and understood. Relays lasted a surprisingly long time in some safety-related sectors because their failure modes were trivial to characterise.
So, if someone from outside the rail industry but with a knowledge of safety concerns from another sector wanted to read about (say) what makes ERTMS robust reliable and safe, where might one look for starters? Other examples welcome, but ERTMS seems to be relatively widespread (icbw).
" work in the rail automation industry and even in this field extremely out of date electronics are used. Why? Because the general consensus is after 10+ years all defects in the circuitry are known and can be worked around (look at the errata for the 80386...). When developing systems on which lives are at stake (or at which billions of dollars are at stake as in space flight) you want to limit the unknown as much as possible. Using older tech goes a long way to ensuring this."
I once went for a job with a company that tested embedded software. The SoA in commercial jet engine controllers was basically a Sinclair spectrum.
The *upgrade* for the Space Shuttle Main Engine controller was basically the guts of an early Mac (actually 2 M68k processors made on special order from Motorola on the same *chip* to avoid synchronization delays, not exactly COTS).
I think people often over estimate how *little* processing power is needed *if* your responses are not filtered through 35 layers of OS and app functionality (a claim made about Windows 95 IIRC).
" The SoA in commercial jet engine controllers was basically a Sinclair spectrum."
Been in the industry on and off since the 1980s, working with people who were there before that, and that's the first time I've heard reference to a Z80-based aircraft engine controller, if that's what you meant (not sure what SoA means in this context).
Chips I have seen (or heard of) being used for aircraft (or helicopter) engine control:
Experimentally: Ferranti F100 (16bit), Harris/Intersil 6100 (12bit, a PDP8 on a chip), RCA 1802 (*that* was an 8bit micro).
In volume production: Texas 9900/9989 (16bit). Motorola 680x0 (16/32 bit). AMD/Zilog Z8002 (16bit). PowerPC. Some oddities best left unmentioned. Probably MIL1750, somewhere (I'd have to dig a bit though).
Not seen any ARM yet. Not sure why (there are PPC licencees making PPC for this environment who also have ARM licences for the same process technology, so presumably it can be done). Nor SPARC (the LEON is a rad-hardened and therefore aircraft-engine-environment-friendly implementation of a SPARC. It originates from ESA, so may be a bit expensive for volume engine use).
Not many people realise how many 8 bit computers are all around you down on Earth. For example the computer in your bankers card is most likely to be a Motorola 6805 or an Intel 8051. The touch controller in your Android phone is most likely an Atmel AVR 8 bit processor. The 6805 is very similar to the 6502 microprocessor in the Commodore 64 computer and the BBC micro and the 6809 processor in the the Dragon computer and the Tandy Colour computer. Someone recently estimated that 90% of all computers manufactured are 8 bit microcontrollers and only 2% of all mircoprocessors manufactured find their way into PCs. Intel is therefore arguably irrelevant as a volume microprocessor manufacturer.
I've found it difficult to find definitive references, but about ten years ago, in a DDJ article, Ed Nisley suggested that something like 97% of all CPU cores sold were 8-bit ones. That was before the flood of feature- and smartphones, and the broader move toward new, cheap 32-bit SOCs and the like. But 90% seems within the realm of possibility.
In a conference presentation a couple of years ago I pointed out that the most common computer application is probably "digital clock" - I found twenty or so instances of it running in my home. And an 8-bit CPU does just fine for that. (Hell, discrete logic does fine for it, but since it's a COTS part there's no point in implementing it yourself.)
As far as I can remember Giotto (the spacecraft that went off to take pictures of Halley's comet) had a couple of Inmos Transputers. Apparently they were relatively rad hard, though apparently not by design, just luck in the manufacturing process. Ah, Transputers; so many unhappy memories....
"Apparently they were relatively rad hard, though apparently not by design, just luck in the manufacturing process. "
I think that was first discovered by a Surrey Satellite test sat. The article I read said something about using Tungsten Silicide rather than straight polysilicon for the gate electrodes but it was a *very* long time ago and rad hardness was not a driver.
IIRC Actmel have had a lot of mileage out of using a process for their *standard* chips which is not rad hard but more rad resistant, just using what's known about design rules that make the resulting design more or less prone to SEU and latchup (always a good idea with CMOS).
The people who design the electronics around particle accelerators (bomb level rad levels at science level funding) are *very* interested in finding cheap(ish) ways to build hardware that can survive in this environment.
When it comes to flying a space craft none of the sums are terrible heavy duty nor do they have to be done lightning fast. Almost any old CPU has enough grunt for the job. It's only when you want to start doing other stuff like image processing, SAR radar, etc. that you need something more impressive.
@robin penny,
"I assume this story was prompted by the recent news that SpaceX had suffered a failure of one (of 3) of their flight computers on the Dragon capsule as a result of choosing to use non radiation hardened, modern kit:"
I wonder how sphincter tightening a moment that was for the SpaceX guys?! Even though they've not gone down the rad hardened hardware route I expect that they're not exactly happy to see an exception. This one incident represents a fairly high failure rate considering their total in-space run time. I wonder if they're now asking themselves "how probable is a double failure?". Of course a double failure is much harder to deal with - you don't know which of the three is running correctly...
I'm not sure that they're ready to try to get Dragon rated for human flight. Certainly an astronaut isn't going to want to have to keep hitting reset buttons all the time on kit that's keeping them alive and safe just because some contractor has chosen to buy cheap hardware.
The other key advantage the older CPUs have over current brethren is the power required to operate them. For example the 386 required 400ma at 5V - just 2W - and the radiation-hardened version 460ma at 5V (2.5W at 100% usage). See this doc: http://datasheets.chipdb.org/SEI/space-elec-80386.pdf. And that's the 1995 version so it's probably less now.
Even the lowest-power Intel x64 chips require more than that (17W).
And apart from generating the power, in space we also have only radiation to disperse heat. No convection, evaporation, sublimation, etc; forced cooling with air or water just moves that heat somewhere else to be radiated.
The best example of using old tech (imho) was the Soviets in the Mig 25. When one defected in the 70's, the Americans where laughing their heads off with the use of valves instead of transistors. Until, that is, the British pointed out that the valve is pretty much impervious to EMP and in the event of a nuclear detonation, the Soviet aircraft would still be flying (and free to attack the USA)! Imagine the stampede, as US scientists rushed to harden the electronics of military jets!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
