Convective heat transfer in metal would be a worrying event on the Space Shuttle!
FYI - The link for Peter Kogge is broken and should probably link to https://en.wikipedia.org/wiki/Peter_Kogge
I wonder if the very low density (relatively speaking to today) make them more robust against gamma-rays and other radiation problems once outside the atmosphere?
if I remember correctly, and it's been decades of course
four of the computers ran in parallel with the exact same instructions in case one failed or came up with a wrong answer
and the fifth computer was the "decider"
is that understanding correct?
ah I see now you mention
Eight networks were assigned to flight-critical systems,
with each CRT display and engine controller connected to four networks for redundancy.As far as redundancy, it's complicated. During critical flight phases, four computers would run the main software (PASS, Primary Avionics Software System), while the fifth computer was ready with the Backup Flight Software (BFS). The backup software was written by a completely different team to ensure that a software bug couldn't crash all the computers at once. In orbit, they used fewer redundant computers to free up computers for payload operations and stuff.
The four computers constantly checked the results from each other and would vote out a faulty system. Voting ensured that a bad computer couldn't vote out the good ones (Byzantine failure). Moreover, the actuators hydraulically voted on the results from the computers: if one computer tried to push a valve in a different direction, the three good computers would physically overpower the bad computer's action at the level of the hydraulic pistons.
Thanks so much for the information. I am familair with the voting logic (I've worked on systems that implemented the same thing, odd-number of processor cores and the majority wins).
One question, were any "misbehaving" processor or actuation requests ever logged? As in, were there examples where one actuator or CPU didn't agree in the Shuttle flights?
[1] Search for "GPC" in the Mission Summary report: https://newspaceeconomy.ca/wp-content/uploads/2023/05/space-...
Mission STS-9 had two computer failures, causing landing to be delayed by 7 3/4 hours. They carried a sixth computer as a backup for following missions.
As far as how the voting works, each computer has a signal indicating what it thinks the status is of each computer, including itself. (Computers can detect many failures from self-checking, such as parity errors.) Each IOP uses these votes to determine the "redundant set", calculating the votes in hardware. The status is also displayed to the astronauts in a 5×5 grid. Astronauts can power down a computer or reboot it.
do you know anything about the military's secret space-shuttle still in operation?
I'm sure it's either been very modernized or runs on completely different design since it's supposedly remote-control
Yes. Large size transistors (and other IC components) are less impacted by the radiation problems that exist outside the relative security of the atmosphere. Most radiation hardened IC circuity is many process sizes larger than whatever the current state of the art tiny process sizes happen to be at any given time.
But note I said "less impacted". Given sufficient radiation, things will have issues, which is why items like the Shuttle carried the redundant computers, to cover for the possible lucky-strike impacts.