“A system in which input data is
processed within milliseconds
so that it is available
virtually immediately
Slide 8
Slide 8 text
No content
Slide 9
Slide 9 text
No content
Slide 10
Slide 10 text
CPU cores run one thing at a time
(yes, computers are basically a giant lie)
Slide 11
Slide 11 text
Program 2
Program 3
Program 1
Slide 12
Slide 12 text
Scheduling
The art of running multiple things at once
Slide 13
Slide 13 text
Program 2
Program 3
Program 1 300 cycles
300 cycles
300 cycles
Slide 14
Slide 14 text
Program 2
Program 3
Program 1 300 cycles
Restore
Save
Restore
Save
Restore
Save
30 cycles
30 cycles
300 cycles
30 cycles
30 cycles
300 cycles
30 cycles
30 cycles
Slide 15
Slide 15 text
Context switching is expensive
The more you have, the worse it gets
Slide 16
Slide 16 text
Python's threading has this problem!
The more you have, the worse it gets
“
Don Eyles
...when the guidance system
was first being conceived, the
onboard software was
almost an afterthought
Slide 24
Slide 24 text
No content
Slide 25
Slide 25 text
No content
Slide 26
Slide 26 text
Priority-based Executive
Please do write avionics software like this.
Slide 27
Slide 27 text
Job Priorities
Higher numbers beat lower
Limited job "RAM"
Only 7 running at once
Interrupts from hardware
Descent radar, keyboard, etc.
Slide 28
Slide 28 text
Predictable Software
They knew exactly what ran and what it took
Slide 29
Slide 29 text
...Unpredictable Hardware
It's never easy, especially in space.
Slide 30
Slide 30 text
No content
Slide 31
Slide 31 text
Two differently phased 800Mhz clocks
This is really bad, trust me.
Slide 32
Slide 32 text
False detections stole computer time
The radar system had to update the guidance computer
Slide 33
Slide 33 text
Descent Phase: 85% load
Capsule orientation and thrust calculations
Hardware Bug: 13%
Caused by the descent radar
Display Routine: 5%
Astronauts trying to see how far to go
Slide 34
Slide 34 text
103%
Slide 35
Slide 35 text
No content
Slide 36
Slide 36 text
SERVICER never gets to run
But the system keeps trying to schedule it
Slide 37
Slide 37 text
Alarm 1202
The computer self-restarts, but keeps crashing
Slide 38
Slide 38 text
Buzz Aldrin works it out
Turns off the display routine to bring the load under 100%
Slide 39
Slide 39 text
Apollo 11 was almost a failure
...but good software design prevented it
Slide 40
Slide 40 text
Apollo 9
First flight test of Lunar Module
Apollo 10
Second test and partial descent of Lunar Module
Apollo 11
First Moon landing
Slide 41
Slide 41 text
“
Eugene A. Cernan, recounting Apollo 10
Don't give those guys an
opportunity to land,
'cause they might!
Slide 42
Slide 42 text
Building for Failure
Software is only as good as its worst outing
Slide 43
Slide 43 text
“
Don Eyles
During simulations we
sometimes pushed the
[restart] button randomly
Slide 44
Slide 44 text
We often only design for the good cases
After all, that's what we're expecting to happen
Slide 45
Slide 45 text
Hardware is always unpredictable
Disks, networks, even keyboards and mice
Slide 46
Slide 46 text
Can your software survive a crash?
Or does it need a clean shutdown to work?
Slide 47
Slide 47 text
How will you handle the unexpected?
Weird input. Slow network connections. Emoji.
Slide 48
Slide 48 text
“
Don Eyles
When Hal Laning designed the
Executive and Waitlist system, he
made it up from whole cloth with
no examples to guide him.
The design [...] still represents the
state of the art.
Slide 49
Slide 49 text
All software has consequences
We may not all be designing spacecraft, but we affect lives.
Slide 50
Slide 50 text
doneyles.com/LM/Tales.html
Tales from the Lunar Module Guidance Computer, 2004
Slide 51
Slide 51 text
Thanks.
Andrew Godwin
@andrewgodwin // aeracode.org