lunes, agosto 08, 2005
Ordenadores espaciales
El otro día hablaban en Barrapunto de la cancelación indefinida de los vuelos de los transbordadores espaciales y el editor enlazaba el documento que generó Feynman tras el accidente del Challenger, en el que investigaba por qué los gestores creían que había una probabilidad de fallo de 1 en 100.000 mientras los ingenieros creían que estaba más en 1 en 100, es decir, que eran mucho más pesimistas los ingenieros que los gestores.
Lo más interesante para mí es la descripción que hace del sistema informático:
Flipante eso de que funcionasen (estamos hablando de 1986) todavía con memorias de núcleo de ferrita.
El proceso de revisión del software es tremendo:
Lo más interesante para mí es la descripción que hace del sistema informático:
The computer system is very elaborate, having over 250,000 lines of code. [...]
In brief, the hardware reliability is ensured by having four essentially independent identical computer systems. Where possible each sensor also has multiple copies, usually four, and each copy feeds all four of the computer lines. [...]
There is not enough room in the memory of the main line computers for all the programs of ascent, descent, and payload programs in flight, so the memory is loaded about four time from tapes, by the astronauts.
Because of the enormous effort required to replace the software for such an elaborate system, and for checking a new system out, no change has been made to the hardware since the system began about fifteen years ago. The actual hardware is obsolete; for example, the memories are of the old ferrite core type. It is becoming more difficult to find manufacturers to supply such old-fashioned computers reliably and of high quality. Modern computers are very much more reliable, can run much faster, simplifying circuits, and allowing more to be done, and would not require so much loading of memory, for the memories are much larger.
Flipante eso de que funcionasen (estamos hablando de 1986) todavía con memorias de núcleo de ferrita.
El proceso de revisión del software es tremendo:
The software is checked very carefully in a bottom-up fashion. First, each new line of code is checked, then sections of code or modules with special functions are verified. The scope is increased step by step until the new changes are incorporated into a complete system and checked. This complete output is considered the final product, newly released. But completely independently there is an independent verification group, that takes an adversary attitude to the software development group, and tests and verifies the software as if it were a customer of the delivered product. There is additional verification in using the new programs in simulators, etc. A discovery of an error during verification testing is considered very serious, and its origin studied very carefully to avoid such mistakes in the future. Such unexpected errors have been found only about six times in all the programming and program changing (for new or altered payloads) that has been done.