From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,a1eff3a9508d6cba X-Google-Attributes: gid103376,public From: eachus@spectre.mitre.org (Robert I. Eachus) Subject: Re: Space Station S/W in Ada -- No Tasking? Date: 1998/05/06 Message-ID: #1/1 X-Deja-AN: 350972724 References: <354dadfd.2883074@news.mindspring.com> Organization: The Mitre Corp., Bedford, MA. Newsgroups: comp.lang.ada Date: 1998-05-06T00:00:00+00:00 List-Id: In article <354dadfd.2883074@news.mindspring.com> munck@Mill-Creek-Systems.com (Robert Munck) writes: > "To make troubleshooting easier, the software that runs > the trio of computer networks aboard the space station is > written to operate in synchronous, or serial, fashion > rather than the faster but more complex asynchronous." While the rest of the discussion on this sounds correct, I think that what was being implicitly rejected here is the way that the Space Shuttle computers do voting. In the Space Shuttle, voting is based on whether three different computer systems come up with about the same answer at about the same time. If no two agree, the results of a fourth are arbitrarily accepted. (Is that both right and concise?) Since the computers do not get their data synchronously, the actual data values, and the control inputs computed from them, will be slightly different. In the ISS, where voting is required, two out of three computers will have to agree, but based on identical data, and bit for bit compares. The Space Shuttle approach does provide more reliability where the algorithms are not known to be stable, but is a maintenance nightmare. (All computers getting the same overflow is no help, and the SS flight guidance software does go through about 20 different flight regimes during landing. At the boundary between some of those modes, the flight control algorithms are known to be unstable. So that approach is not only appropriate to the shuttle, it seems to be necessary.) -- Robert I. Eachus with Standard_Disclaimer; use Standard_Disclaimer; function Message (Text: in Clever_Ideas) return Better_Ideas is...