Computers have long been an integral part of spaceflight – both for those on the ground and inside spacecraft. SpaceX has taken this connection to the next level.
In this article, we’ll hear from Steven Gerding, Dragon’s software developer, about the unique challenges in creating software systems for SpaceX’s missions.
On April 23, 2021, SpaceX and NASA performed the second mission of the Dragon spacecraft (Crew-2) to the International Space Station (ISS), marking the first manned flight to bring astronauts. to space by Falcon 9 rocket and Dragon spacecraft. About 24 hours later, the Dragon spacecraft automatically docked with the ISS, and this was also the first time that two Crew Dragons were connected to the laboratory in orbit around this Earth. The event is seen as the beginning of a new era for SpaceX, with missions to bring astronauts to the ISS expected to be periodically carried out by Elon Musk’s company in the future.
The real work of a software development engineer like Gerding is mainly done in C++, which has been the programming language that SpaceX has trusted since the early days of its operation. Their software will read textual configuration files, which, according to Gerding, his team “have developed simple specialized languages to express those things, so that other engineers who are not specialized in the software in the company can read and understand”.
The flight software inside SpaceX’s rockets is designed around the concept of a “control cycle”. “You read all the inputs: sensors that we read in through an ADC, data packets from the network, data from an IMU, updates from a star tracking sensor. or navigation sensors, commands from the ground,” Gerding said. “You’re going to process some of that to determine your state, like where in the world you are, or the state of your life support system. This will determine the output signal of your system. you – you write them, wait until the next moment, and then do everything again”
The control cycle represents some performance requirement of the software. “On the Dragon, some computers run control cycles at 50Hz and some run at 10Hz. The main computer runs at 10Hz. It’s the computer that manages the overall mission and sends commands to the other computers. . Some of them need to react faster to certain events, so they run at 50Hz”
There are many different types of machines that communicate with the central flight system. “We have input from sensors all over the ship, all sorts of different sensors.” Many sensors are used to measure internal values, which are important for the condition of the ship and crew. “Temperature is paramount. For crewed vehicles, we have oxygen and carbon dioxide sensors, cabin pressure sensors, and the like.”
Another set of sensors will monitor external conditions to aid in navigation and telemetry. “They are IMU, GPS, and star tracking sensors.” Once they get close enough to the space station, they will use a laser range finder system.
Another component of the control cycle is the output data. “There are two different types of output data. One is for “opening or closing a valve” or “turning the knob off or on.” The other is telemetry data, which is essentially a stream of price pairs. key value, every 20-100 milliseconds tells you the value of a certain thing”
Sometimes the results come directly from the sensors as raw data. But most of the time they will be processed first. “It can be some kind of value that has been calculated from the software, like the current value of the machine’s condition or the result of an algorithm that produces the output data”
When the device is on the ground, data travels through a wired transmission line at a high transfer rate. “Once it takes off, there will be different communication systems that will allow us to access multiple telemetry data sets from the ground.” When it returns to the ground, there will be systems in place that will allow operators to assess instantaneous values and make decisions regarding vehicle control. There is also a system to store critical data for future missions, which is important if you plan to reuse boosters and space shuttles in the future.
Dragon is now automatically docking to the ISS, and SpaceX’s ultimate goal is for the vehicle to be fully automated. “We have a mechanism for the astronauts to control and steer the vehicle if necessary – that’s a capability we demonstrated during the Dragon Demo-2 mission,” Gerding said.
When asked about what would happen if there was an unexpected failure, he said: “We have copies of the hardware, including computer hardware or sensors or actuators, and so they I can spot errors and find ways to fix them.”
Gerding points out that there is no way to protect the system against software failures caused by negligence. “We try to design the software in such a way that if it fails, the impact will be minimal.” For example, if a software bug affects the propulsion system, it will not affect the life support system or navigation system functions such as steering a spacecraft and vice versa. “Isolating different subsystems is the key to solving the situation”
The software is designed to be defensive, to the point that even within a component, SpaceX finds a way to isolate the effects of a failure. “We always check for error codes and return values. We can also allow operators or crews to bypass various parts of the algorithm.”
An important part of the software development process is validation and approval. “Writing software is only a small part of getting ready for space flight”
For the first test flight mission (Demo-1) to the ISS, the software required by NASA could only have a maximum of 2 errors in the system. “We implemented a three-computer architecture that was chained together and needed a system to control it,” Gerding said. His experience in distributed systems after working at Google makes him the right choice for this new job. “There were only 10 people on the software team at the time. I managed and worked with them. I found distributed systems really interesting.”
At Google, the time requirements are very different. “You’re going to want your process to fail, if something unusual happens. Then one of thousands of similar processes will be restarted. If you fail enough, you’ll reap the rewards. information and can spend time researching the problem, then building a solution to solve it”
At Google, those risks are a useful signal among many other things. But that approach is not suitable for manned missiles. “At SpaceX, we really don’t want processes to fail due to a software bug. We need to continue with the rest of the software that hasn’t been impacted by the bug. We still need to know what the error is and that’s it. when telemetry data comes into play, but we want things to continue, control it in the best way possible.”