[Search for users]
[Overall Top Noters]
[List of all Conferences]
[Download this site]
| Title: | Space Exploration | 
| Notice: | Shuttle launch schedules, see Note 6 | 
| Moderator: | PRAGMA::GRIFFIN | 
|  | 
| Created: | Mon Feb 17 1986 | 
| Last Modified: | Thu Jun 05 1997 | 
| Last Successful Update: | Fri Jun 06 1997 | 
| Number of topics: | 974 | 
| Total number of notes: | 18843 | 
500.0. "Space shuttle computer problems, 1981-1985." by SMOOT::ROTH (Swiss cheese will suffice in most cases.) Tue Jan 24 1989 10:19
This was extracted from RISKS-FORUM digest from the Internet.
Lee
From:	UFP::ROLL::USENET  "USENET Newsgroup Distributor  23-Jan-1989 1811" 23-JAN-1989 18:51
To:	@SUBSCRIBERS.DIS
Subj:	USENET comp.risks newsgroup articles
Newsgroups: comp.risks
Path: decwrl!labrea!agate!ucbvax!KL.SRI.COM!RISKS
Subject: RISKS DIGEST 8.13
Posted: 23 Jan 89 06:16:49 GMT
Organization: The Internet
Approved: [email protected]
 
RISKS-LIST: RISKS-FORUM Digest  Sunday 22 January 1989   Volume 8 : Issue 13
 
        FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS 
   ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
 
Contents:
  Gigabit superhighway/worms (Vint Cerf)
  IAB Ethics DRAFT (Vint Cerf)
>>Space shuttle computer problems, 1981--1985 (Jon Jacky)<<
  F-16 that can't stall falls from sky (Scot E Wilcoxon)
  Re: China accused of software piracy (Jim Olsen)
  Losing systems (Dale Worley, Chris Lewis)
  Re: Structured Programming (John Mainwaring, Mark Rosenstein, Steve Pozgaj)
 
The RISKS Forum is moderated.  Contributions should be relevant, sound, in good
taste, objective, coherent, concise, and nonrepetitious.  Diversity is welcome.
* RISKS MOVES SOON TO csl.sri.com.  FTPable ARCHIVES WILL REMAIN ON KL.sri.com.
CONTRIBUTIONS to [email protected], with relevant, substantive "Subject:" line
(otherwise they may be ignored).  REQUESTS to [email protected].
FOR VOL i ISSUE j / ftp KL.sri.com / login anonymous (ANY NONNULL PASSWORD) /
  get stripe:<risks>risks-i.j ... (OR TRY cd stripe:<risks> / get risks-i.j ...
  Volume summaries in (i.j)=(1.46),(2.57),(3.92),(4.97),(5.85),(6.95),(7.99).
 
----------------------------------------------------------------------
[text deleted]
 
Date: 20 Jan 1989 15:27:13 EST
From: [email protected]
Subject: Space shuttle computer problems, 1981--1985
 
Here are excerpts from an article that appeared a week before the flight
of the space shuttle Discovery last September:
 
NASA's close calls: lessons learned? by Richard Doherty, ELECTRONICS
ENGINEERING TIMES, September 6, 1988, pps. 4,8.
                               
... The House Science and Technology committee convened its own investigation
of the (January 1986 Challenger accident) just days after the Rogers commission
concluded its four-month effort.  (Its findings are reported in) `Investigation
of the Challenger Accident, House Report 99-1016'.  That report indicates ...
dozens of failures in the shuttle's General Purpose Computer (GPC) and Avionics
systems. ... NASA has reviewed these flight anomalies and decided that they fit
within the acceptable risk criteria.  Thus, it has not made any significant
changes to system hardware or software for Discovery's launch. ... Most
engineers tracking the shuttle program can recall very few reported avionics
and computer-system failures during the program's 24 completed missions.
Nevertheless, more than 700 anomalies involving computers and avionics have
been logged by NASA. ... 
 
[Here follow just a few of many examples from the EE TIMES article.  Most seem
to involve hardware or sensor failures. Several examples in the article are not
computer- or even avionics-related. ] 
 
STS-6, April 4, 1983: ... Landing gear must be manually deployed after computer
fails to trigger its descent.
 
STS-9, November 28, 1983: Four hours before re-entry, pilot orients orbiter
using RCS (Reaction Control System) steering jets. After jets fire, one
computer crashes.  A few minutes later, a second goes down [ There are four
redundant GPC computers running identical software plus a fifth GPC running
different backup software - JJ].  Pilot John Young delays landing while craft
drifts in space.  Then one of three Inertial Measurement Units fails.  (Young
testified three years later: `Had we then activated the Backup Flight Software,
loss of vehicle and crew would have resulted.'  He now says problems have been
resolved.  Post-flight analysis shows each GPC failed when RCS jet motion
jarred a piece of solder, shorting CPU boards). 
 
Before landing, the second of three APU's (Auxilliary Power Units) fails.  Fire
and explosion occurs while orbiter is parked at its landing site.  ... NASA
engineers label this incident a `double-failure scenario that just beat all the
probability odds.' ...
 
STS-19 (51-F) July 29, 1985:  Three minutes into ascent, a failure in one
of two thermocouples directs computer shutdown of center engine.  Two minutes
later, engine chamber pressure is indicated as zero.  Mission control decides
to Abort to Orbit. ... Challenger is in orbit 70 miles up, 50 miles lower
than planned.  Had shutdown occured a half-minute earlier, mission would
have had to abort over the Atlantic.  (NASA has reset some of the binary
thermocouple limits via software changes).
 
STS-13 (41-G), November 5, 1984: ... Landing gear must be manually deployed
after computer fails to trigger its descent.
 
- Jonathan Jacky, University of Washington 
 
------------------------------
[text deleted]
 
End of RISKS-FORUM Digest 8.13
************************
-------
| T.R | Title | User | Personal Name
 | Date | Lines | 
|---|
| 500.1 |  | STAR::HUGHES |  | Tue Jan 24 1989 12:16 | 17 | 
|  |     The shuttle has been plagued by computer problems from the outset.
    
    Anyone else recall watching the first launch attempt of Columbia?
    "Columbia, this is Houston. We want you to try something. Press
    HALT, LOAD ADDRESS, 0, 0, 0, 0, START".....
    
    I think part of their problems stem from the fact that they are
    using very old equipment that is no longer manufactured (IBM AP-701
    avionics processors). Probably the correct decision when it was
    made in the early 70s, but now I suspect they have a hard time finding
    anyone who knows how to program them.
    
    Was STS-19 the flight where the computer wanted to shutdown a second
    engine and the pilot & capcom decided to override and continue to
    orbit?
    
    gary
 | 
| 500.2 | Rambling about details and personal experiences | KVANT::FISHER | Burns Fisher 381-1466, ZKO3-4/W23 | Wed Jan 25 1989 16:37 | 57 | 
|  |     I don't doubt that there have been a number of comp-related problems.
    However, I am mildly suspicious of the stuff related in .0, since
    the incident that I remember well is not reported quite correctly
    (but the details make a difference).  As I recall, in STS-19, the
    sequence was
    
    	1.  1 of 2 thermocouples fails.  GPC rejects bad one and takes
    		good one.
    
    	2.  Second thermocouple fails.  GPC shuts down the engine.
   
    	3.  They immediately declare ABORT ATO (I heard the call...it
    		was one of the most chilling feelings in my life, but
    		that was before Jan 28, 1986).
    
    	4.  Other sensors seem to be doing odd things.  Astros tell the
    		gpc's to ignore the sensors on the remaining engines.
    
        5.  They end up in a too-low orbit and use lots of OMS fuel
    		to get close to the right place.  They are restricted
    		in OMS usage for the rest of the mission, although it
    		did run the normal length.
    
   FYI, the STS-1 problem was a synchronization issue.  I think it was
    between the GPCs and a component called the MDM
    (multiplexer/demultiplexer).  There was a timing window somewhere
    such that if you turned on the MDM during this window (back early
    in the count) then at T-31, the GPCs suddenly notice a timestamp
    skew.  This had happened once before during GPC testing, but IBM
    could never reproduce it nor figure it out.  A lot of midnight oil
    was burned between the first attempt and the second (successful)
    one to understand the problem.  They figured out that if the MDM
    was turned on at the right time, it did not pose a hazzard during
    the rest of the mission.  Thus, STS-1 flew with the bug; it was
    fixed later, after several flights.
    
    And finally, a personal note:  The failure in STS-9 was actually
    a lucky thing for me.  I was in CA (Orange County) that week on
    business, and I decided to take the day off and drive out to EAFB
    for the landing.  This was a high-inclination Spacelab mission,
    so it turned out that there were two landing opportunities that
    day.  They scrubbed the first one, which would have been on the
    ascending node of the orbit (i.e. coming from the south-west). 
    The second opportunity, which they took, was landing from the
    descending node of the orbit (from the north-west).  Because of
    the directions, energy situation, etc, they had to do nearly a 360
    around the HAC (heading alignment circle) which brought them directly
    over the parking lot where they let us civilians watch.  What a
    thrill!!  A beautiful view.  You can believe that the steep angle
    you see the shuttle diving at on TV is not a figment of camera angle
    or anything else.  That sucker is dropping!
    
    Enough rambling,
    
    Burns
    
 | 
| 500.3 | New software worried programmers with STS-26 | MTWAIN::KLAES | N = R*fgfpneflfifaL | Wed Feb 01 1989 11:18 | 23 | 
|  | Newsgroups: sci.space.shuttle
Path: decwrl!Angelo!labrea!rutgers!att!ihlpm!dcn
Subject: Programmers nervous during Discovery mission - IEEE Software
Posted: 30 Jan 89 19:10:19 GMT
Organization: AT&T Bell Laboratories - Naperville, Illinois
 
    I just read a short article in the January 1989 issue of IEEE
Software magazine about changes in the ground software systems that
support the US Space Shuttle program.  It contains part of an
interview with Jack Munson, the vice president and general manager of
Unisys's Houston operations, which runs the ground-based software
systems of the shuttle, including telemetry and simulators.  The
software contains 14 million lines of code (not counting the OS or
compilers), which  went through 3,800 requirements changes and 900
releases, three of which were major upgrades.  The hardware systems
were also updated from 1970s technology to the 1980s.  In spite of all
these changes, only one new bug was found during the Discovery mission
last fall, a 30 second lapse in telemetry recording, which was traced
to a requirements problem.  There were other known non-critical bugs,
averaging about 1,800 (or about 1 bug per 7,700 lines) over time. 
    Dave Newkirk, att!ihlpm!dcn
 | 
| 500.4 | Pressure! | PRAGMA::GRIFFIN | Dave Griffin | Tue Feb 07 1989 17:58 | 18 | 
|  |     re: .2
    
    If you have watched PBS's Fronline report on the Shuttle
    (post-Challenger), the ATO sequence was caught on film (in Mission
    Control).  I don't recall seeing the launch myself, but viewing the
    tape of what happened in Mission Control and the decision that the
    Launch Director (or is it the Mission Director at that point?) had to
    make in the span of about 15 seconds was gut-wrenching.
    
    The astronauts were interviewed afterwards and discussed the abort.
    To say they felt concerned when Houston instructed them to inhibit the
    main engine overrides is one of the bigger understatements of the
    century.
    
    
    How's the song go: "on the leading edge of life"?
    
    - dave
 |