Radiation Hardened flight computers
Aaron Smith
average off-the-shelf laptop computer, going through the Van Allen belts
and for a 2 week lunar mission?
Aaron Smith
Student
1- Can the hard drive handle the launch shocks?
2- Do you have means of disposing the heat generated by the CPU? ( it can
cook the whole thing in minutes )
3- Do you have to have a LCD panel in the spacecraft? or a keyboard?
I found out for most satellite activities, a 386 CPU with a modest amount of
ram and solid state hard drive will be more than enough. Intel's 386 class
chips produce relatively low amount of heat. The are still the backbone of
industrial automation systems.
There are complete computers built on a small PCB. You may find it easy to
simply use one of them in your project.
hope this helps
"Aaron Smith" <tt...@gte.net> wrote in message
news:394828EF...@gte.net...
rk
> There are several issues to be addressed:
>
> 1- Can the hard drive handle the launch shocks?
Hard drives have flown before. Note that it wouldn't, in most cases, be
operating during launch and that makes them more survivable.
======================================
> 2- Do you have means of disposing the heat generated by the CPU? ( it can
> cook the whole thing in minutes )
Correct.
=======================================
> 3- Do you have to have a LCD panel in the spacecraft? or a keyboard?
I don't think they keyboard would care about radiation; I know nothing about the
LCD. But laptops are used on the Shuttles all the time and have been for many
years, so launch wouldn't be a problem..
=======================================
> I found out for most satellite activities, a 386 CPU with a modest amount of
> ram and solid state hard drive will be more than enough. Intel's 386 class
> chips produce relatively low amount of heat. The are still the backbone of
> industrial automation systems.
Yes, they produce a "relatively low amount of heat." Perhaps my memory is off,
but a 16-20 MHz 386 is around 5 watts or so. While perhaps relatively modest in
power compared to some Pentium or Alpha designs, it is still significant. If
the operation is in vacuum, it may be considered a lot.
Of course, that has nothing to do with its hardness for radiation. That has
been fairly well studied and documented.
Have a good weekend,
----------------------------------------------------------------------
rk History will remember the twentieth
stellar engineering, ltd. century for two technological
stel...@erols.com.NOSPAM developments: atomic energy and
Hi-Rel Digital Systems Design space flight. -- Neil Armstrong, 1994
Mark Miller
Stu...@ncsu.edu (Student) wrote in <8id6vf$f4l$1...@gaddy.interpath.net>:
>There are several issues to be addressed:
>1- Can the hard drive handle the launch shocks?
Weirdly, common PC hard drives are amazingly shock-resistant. Maxtor
claims that theirs will take hundreds of G's (shock load) if they're not
running at the time.
>2- Do you have means of disposing the heat generated by the CPU? ( it
>can cook the whole thing in minutes )
This is a depressingly big deal if it's operating in a vacuum. If it's in
a pressurized cabin, then it's no different than operating it on the
ground. Okay, maybe in an airplane; I assume they pressurize spacecraft
cabins to significantly less than 1 atmosphere.
>3- Do you have to have a LCD panel in the spacecraft? or a keyboard?
>
>I found out for most satellite activities, a 386 CPU with a modest
>amount of ram and solid state hard drive will be more than enough.
>Intel's 386 class chips produce relatively low amount of heat. The are
>still the backbone of industrial automation systems.
Very, very dependent on what he wants to do with it, and he didn't say.
Most of the spacecraft up there are carrying CPUs with no more than 2 MIPS
capability, and your 386 would certainly be capable of that.
>There are complete computers built on a small PCB. You may find it easy
>to simply use one of them in your project.
>
>hope this helps
>
>"Aaron Smith" <tt...@gte.net> wrote in message
>news:394828EF...@gte.net...
>> What kind of radiation sheilding would be required to protect your
>> average off-the-shelf laptop computer, going through the Van Allen
>> belts and for a 2 week lunar mission?
Depends a lot on how much shielding it's going to get from the spacecraft
walls, but if it's just a couple of weeks, there's a good chance it'll
simply survive that long. BTW - different processors have very different
rad tolerances. Older (larger circuit element!) processors tolerated it a
lot better, but the correlation between trace size & rad tolerance isn't as
simple as I'd have thought.
--
"Oh!" said Alice. She was too much puzzled to make any other remark.
-Lewis Carroll, Through the Looking Glass
rk
> Depends a lot on how much shielding it's going to get from the spacecraft
> walls, but if it's just a couple of weeks, there's a good chance it'll
> simply survive that long. BTW - different processors have very different
> rad tolerances. Older (larger circuit element!) processors tolerated it a
> lot better, but the correlation between trace size & rad tolerance isn't as
> simple as I'd have thought.
Yes, not that simple. Most modern processes have very thin gate oxides, for
example, that make the gates rather hard to total dose. The lower operating
voltages may eventually help with single event latchup, a common problem for
many commercial CMOS devices.
----------------------------------------------------------------------
rk We had dodged bullets before, but
stellar engineering, ltd. this time we caught one in midair and
stel...@erols.com.NOSPAM spit it out.
Hi-Rel Digital Systems Design -- Gene Kranz after Apollo 5
Henry Spencer
Mark Miller <dasm...@pacbell.net> wrote:
>>2- Do you have means of disposing the heat generated by the CPU? ( it
>>can cook the whole thing in minutes )
>
>This is a depressingly big deal if it's operating in a vacuum. If it's in
>a pressurized cabin, then it's no different than operating it on the
>ground. Okay, maybe in an airplane; I assume they pressurize spacecraft
>cabins to significantly less than 1 atmosphere.
Yes, generally the pressurization is equivalent to an altitude of about
8,000ft. Most commercial electronic equipment is rated for a maximum
altitude of 10,000ft or thereabouts, if you read the fine print. (That
is also about the limit for most sea-level *people* to function reasonably
well without acclimatization.)
Quite a number of items in the standard laptop probably would not work
well in vacuum; CPU cooling would be the least of your worries. For one
thing, the hard drive needs air inside it -- the head is supported above
the disk surface aerodynamically -- and while it is sealed against
contamination, it's not built to take any significant pressure difference
between inside and outside. (There is a small vent, with a fancy filter
on it, to equalize air pressure.)
--
Microsoft shouldn't be broken up. | Henry Spencer he...@spsystems.net
It should be shut down. -- Phil Agre | (aka he...@zoo.toronto.edu)
Mark Wong
The amount of radiation hardening for the computer really depends on the
mission requirements. How long a duration, what altitude, is the computer
required for flight safety, etc. By addressing these questions you can set
bounds on what you can stand for the probability of some radiation event
causing a problem. For a typical shuttle mission with a mission specialist
at the keyboard, an ordinary off the shelf computer will do. You may in
fact find it hard to distinguish between a radiation event and the typical
crash of Windows or the F00F bug in the Intel processor. A little bit
better than doing nothing would be to write your software using redundant
and different areas in memory with appropriate real time checks. This
still leaves the CPU as a single point failure.
If your requirement is longer duration or must be operable without a human
finger on the reset or on/off switch, then more stringent measures must be
taken. These measure could amount to simply choosing RAD hard or
JAN qualified space parts all the way to redesigning the processor
architecture with multiple redundancy, fault detection, isolation, and
reconfiguration. If you have to design for high radiation environments, a
full FMECA (Failure Mode Effects and Criticality Analysis)
may be necessary. Search on the web for the military handbook on reliability.
So you can see, anything that requires you to have more reliability than that
found in a benign office environment will cause you to expend a lot of money
rather quickly.
Mark Wong
Physicist
Austin Info Systems
formerly at (Raytheon Systems Company - Electronic Systems Division)
formerly at (Texas Instruments - Defense Systems Electronics Group)
John Schilling
>What kind of radiation sheilding would be required to protect your
>average off-the-shelf laptop computer, going through the Van Allen belts
>and for a 2 week lunar mission?
Nobody really knows for sure, due to a distinct lack of flight test data.
The answer might be "none whatsoever", if you use an operating system
with a good deal of redundancy and error-checking and don't mind shutting
the system down and rebooting from time to time. Obviously, Windows
isn't going to cut it here...
Pragmatically, until someone does fund the experiments people are going
to dramatically overshield their electronics just to be on the safe side.
--
*John Schilling * "Anything worth doing, *
*Member:AIAA,NRA,ACLU,SAS,LP * is worth doing for money" *
*Chief Scientist & General Partner * -13th Rule of Acquisition *
*White Elephant Research, LLC * "There is no substitute *
*schi...@spock.usc.edu * for success" *
*661-951-9107 or 661-275-6795 * -58th Rule of Acquisition *
Jan Panteltje
>The answer might be "none whatsoever", if you use an operating system
>with a good deal of redundancy and error-checking
You can do error checking on the IO to the harddrive, yes, but in a multitasking
kernel scheduler things get tricky if a bit changes.
Any ideas?
Watchdog timers could come in, and reboot the system (memory checks etc.)
Then maybe assigng a different part of memory for the kernel..
Have two ROM's with the code to compare and then boot from.
So: which OS does all that?
Must sureley be specific written, in fact it would not be the OS so much as
the hardware it is running on.
So? whatdoyouthink?
Jan
Aaron Smith
additional 20-30 g/cc sheilding on it? Use external monitors and keyboard
and stuff. This would probably almost eliminate the radiation damage to
the actual computer.
Aaron Smith wrote:
> What kind of radiation sheilding would be required to protect your
> average off-the-shelf laptop computer, going through the Van Allen belts
> and for a 2 week lunar mission?
>
> Aaron Smith
Ian Stirling
>>Nobody really knows for sure, due to a distinct lack of flight test data.
>>The answer might be "none whatsoever", if you use an operating system
>>with a good deal of redundancy and error-checking
>Now which one would that be?
>You can do error checking on the IO to the harddrive, yes, but in a multitasking
>kernel scheduler things get tricky if a bit changes.
>Any ideas?
Take three AMD K6-mobile chips (or chips with the functionality I'm
about to describe.
The K6 can be put into a mode, in which it only snoops on the bus,
and does executes instructions it finds there, comparing what it sees,
with what it's computed, and raises a flag if there is an error.
Put two of these wired across the main CPU, and put on a couple of wait
states, for write access.
Now, tie this onto the reset line, so that if something goes wrong,
the processor gets reset, before it can do any damage.
Add another thing, that can power down, and up, if it continues to misbehave
after a reset.
This changes things from "any bit can change", to "the processor can be
reset, at any time, and powered down occasionally", a rather easier thing
to program for.
IIRC, the K6 can do single bit error recovery on read, so if the error
rate is low enough, a simple loop that reads, and rewrites all memory every
second or two should suffice to keep memory clean.
Otherwise, the above, and putting in three ram chips, with majority voting
(resistor network), should work.
This could all be done on a more or less standard motherboard.
Though it would be better to use a system with less well integrated
features, as you don't want the onboard sound card going mad, and recording
over RAM.
Alternatively, you move the checking hardware outside the CPU.
If you are clever enough, with 3 CPU's, you can seamlessly recover
from single faults occurring over a microsecond or so apart, and
slightly less elegantly if any happen closer together (see above)
The K6-mobile has nothing special, I was just reading the datasheet, as
I was considering upgrading my laptop with one.
It depends how much complexity you are willing to live with, I suppose.
I could imagine a system, that multitasked between five virtual CPU's,
all executing copies of the same code.
Whenever a write instruction was executed, each virtual CPU had to present
a key, based on the address and data to write, and a key known only
to that CPU, which was then passed to an external verifyer, before the
write is performed.
If a mismatch is found by the external hardware, the CPU is told to copy
another correct CPU over the broken one.
If the watchdog writes don't come from the virtual CPU's on time, it's
powered down, and on again.
It really depends on what kind of error is common, I suppose.
--
http://inquisitor.i.am/ | mailto:inqui...@i.am | Ian Stirling.
---------------------------+-------------------------+--------------------------
Windows 2000, software for next millenia. <latin pun alert> - Ian Stirling.
rk
> Aaron Smith <tt...@gte.net> writes:
>
> >What kind of radiation sheilding would be required to protect your
> >average off-the-shelf laptop computer, going through the Van Allen belts
> >and for a 2 week lunar mission?
>
> Nobody really knows for sure, due to a distinct lack of flight test data.
> The answer might be "none whatsoever", if you use an operating system
> with a good deal of redundancy and error-checking and don't mind shutting
> the system down and rebooting from time to time. Obviously, Windows
> isn't going to cut it here...
>
> Pragmatically, until someone does fund the experiments people are going
> to dramatically overshield their electronics just to be on the safe side.
Just to follow up, there are a few things to consider. In general, shielding
is ineffective against cosmic ray, for example, which can cause single event
latchup (SEL). Protons in some cases can also cause SEL but it is less
likely. SEL can be either destructive or non-desstructive and requires
either current limiting or power cycling, assuming the part is not damaged.
>From a circuit point of view, an SCR gets turned on; rebooting a computer
won't help.
Additionally, there are a number of experiments that are designed, built, and
flying to study the effects of environment on commercial parts. There is a
lot of work going on to characterize commercial parts, and CPUs in
particular, in ground based test facilities. If any one is interested, I can
post some references.
Have a good day,
----------------------------------------------------------------------
rk The ability to carry out scientific
stellar engineering, ltd. observations at a distance is
stel...@erols.com.NOSPAM developing so rapidly that I don't
Hi-Rel Digital Systems Design see any unique role for man in
planetary exploration.
-- Gordon MacDonald, National
-- Academy of Sciences, 1968
Jan Panteltje
>>>Nobody really knows for sure, due to a distinct lack of flight test data.
>>>The answer might be "none whatsoever", if you use an operating system
>>>with a good deal of redundancy and error-checking
But anyways, I will look up the K6 datasheet one day.
In cases like you describe, you could use 3 computers, like for example seems
to be the case in the Concorde, and compare output.
Then you would have redundancy.
That was a very old designg, but a good idea probably.
Hotswap the defective one perhaps in a manned mission?
Jna
Mark Wong
Just restart the computer and hope there is no permanent circuit
damage from the radiation events. If that laptop fails, start up
your spare you brought along. You brought a spare didn't you?
Don't spend the launch weight on dumb sheilding. Get a spare
laptop for the same weight. You can't reboot lead sheilding.
>From a practical matter, you can't haul up enough sheilding
to stop cosmic rays or other high energy particles. We are
somewhat sheilded on the earth from above by the atmospheric
mass and a little more sheilded from below by the EARTH's
MASS!! YES, comic rays do pass through the earth and
come up from below. So, don't worry so much about
stopping radiation events and start thinking about what to
do when you get them. That is, rearchitecture your system
for reliability, redundancy, and contingency.
You can find measures of electron and proton fluency
in the Earth space environment on the Web. Radiation
sheilding attenuation can be had from the free
"Particle properties databook " printed by CERN
or Berkeley (do a search).
The military and NASA have done lots of ground
and space experiments on semiconductors. A full
FMECA study is time consuming for the newer
complicated processors. Fortunately, its cheaper
to design for 128 redundant processors and have 8
surviving the total mission with a high probability.
Again, design for reliability, redundancy, and contingency.
Good Luck
Mark Wong
Physicist
maw...@flash.net
Aaron Smith wrote:
> What about making a lead box just for the laptop (folded) with an
> additional 20-30 g/cc sheilding on it? Use external monitors and keyboard
> and stuff. This would probably almost eliminate the radiation damage to
> the actual computer.
>
> Aaron Smith wrote:
>
> > What kind of radiation sheilding would be required to protect your
> > average off-the-shelf laptop computer, going through the Van Allen belts
> > and for a 2 week lunar mission?
> >
> > Aaron Smith