- The Orion spacecraft uses eight processors executing identical instructions simultaneously
- Security design prevents faulty computers from sending incorrect commands
- Triple-redundant memory automatically corrects single-bit errors upon access
NASA’s Artemis II mission relies on a computer system designed to remain operational in extreme conditions and in the event of hardware failures.
Unlike the Apollo program, where onboard computers performed limited functions, the Orion spacecraft manages life support, navigation and communication through integrated flight software.
The Orion capsule carries one of the most fault-tolerant computer systems ever built for spaceflight, operating 250,000 miles from Earth, where no repairs are possible.
Article continues below
From the limits of Apollo to total control of the Orion system
The Apollo astronauts relied on a 1 MHz computer with just 4 kilobytes of memory, but today’s spacecraft need much more, given the distance.
The Orion spacecraft uses two vehicle management computers, each containing two flight control modules.
Each module consists of a pair of processors that continually check each other’s outputs, resulting in 8 processors executing the same instructions simultaneously.
If a processor produces an incorrect result, the coupled design immediately detects the disparity and prevents the output from being used.
“We always design to cover hardware failures,” said Nate Uitenbroek, software integration and verification manager with NASA’s Orion program.
“In addition to physically redundant cables, we have logically redundant network plans. We have redundant flight computers.”
Instead of relying on a majority vote, the system selects available module outputs based on a defined order of priority.
The system is designed to tolerate rapid failures during flight. Uitenbroek said: “We can lose three FCMs in 22 seconds and still safely move to the last FCM…A faulty computer will fail silently, rather than transmit the wrong answer.” »
Failed modules are reset and resynchronized, allowing them to rejoin the system during the mission.
Orion uses a time-triggered Ethernet network that distributes a shared time reference throughout the system. So, if a module misses its execution deadline, it is automatically isolated, reset and resynchronized before returning to operation.
The computer system includes triple-redundant memory capable of correcting single-bit errors during each read operation.
Network interfaces use two communication paths that are constantly compared to detect inconsistencies, while the overall network is replicated across three independent planes.
Orion has a separate backup flight software system that runs on different hardware and software, running constantly in the background.
“It is intentionally different from ensuring that a common-mode software failure in the primary flight software is not also implemented incorrectly on the backup,” Uitenbroek said.
The spacecraft also includes procedures for total power loss scenarios, allowing systems to restart, stabilize and reestablish communication once power is restored.
The system is over-engineered by any commercial standard, but deep space offers no second chances.
Whether the 8 processors will perform as expected under real radiation conditions has not yet been tested and the backup software has never faced a real emergency.
Yet for a mission where the nearest hardware store is 250,000 miles away, this architecture makes brutal sense.
Via ACM Communications
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
