Software powering Falcon 9 & Dragon – Simply Explained


Hey there! My name is Xavier and as you might know I’m
a developer. But I’m also a huge SpaceX fan and that
got me thinking: what software and hardware powers the Falcon 9, Falcon Heavy and Dragon? Let’s first take a look at what challenges
the hardware and software of a spacecraft faces when it is being launched into space. First of all its very hard to get your craft
into orbit around the earth. A launch on top of a rocket causes a lot of
vibrations and that means that the craft itself and the electronics have to be able to withstand
that. And once you get in orbit, you are welcomed
by even more challenges. Dragon for instance has to be able to cope
with intense heat when it’s facing the sun but also intense cold when sunlight is blocked
by earth. These temperatures range from -150°C all
the way up to 120°C But the biggest problem for the electronics
is radiation. This radiation comes from high-energy particles
that are ejected by our sun, particles trapped in Earth’s magnetic field and even cosmic
rays or particles from outside our solar system. These particles can have pretty severe effects
on the systems inside a spacecraft. One of the biggest problems is whats called
a bit flip. This occurs when a high energy particle hits
the memory or the processor of the spacecraft. If it hits the memory it can cause a 0 to
become a 1, essentially corrupting a part of the memory. Luckily though the software onboard SpaceX
vehicles can detect these bit flips and fix the corrupted memory by using parity bits. No big deal. However when the processor is hit with radiation
it can cause the result of a calculation to be completely incorrect. To demonstrate this, let’s ask a processor
to calculate 10+10. In binary that would look like this and the
result is obviously 20. No surprises there! But let’s now take a look at what happens
when a bit flip occurs while performing this calculation. We still ask the processor to calculate 10
+ 10 but because of the bit flip the processor is actually calculating something completely
different. Right now it will say that 10 + 10 equals
24 because one of the bits flipped while running the calculations… Wrong calculations can have very severe effects
on a spacecraft. This was demonstrated by the maiden flight
of the Ariane 5 rocket in 1996. It didn’t suffer from a bit flip, but 40
seconds into the flight, the rocket’s software tried to put a 64 bit number into a 16 bit
address causing the number to be truncated and be completely different. The rocket’s avionics then continued to
perform their calculations with this wrong number and performed an abrupt course correction
because it thought it was going to wrong way. The vehicle eventually broke up because the
aerodynamic stress was simply too high. Now back to SpaceX: how do they handle the
problem of radiation? Well they assume that you can’t protect
electronics completely from radiation and they design their systems with this in mind. Instead of using expensive, radiation-hardened
parts, SpaceX uses off-the-shelf components. Let’s look at Dragon first. According to John Muratore, previous director
of SpaceX vehicle certification, each Dragon is equipped with three flight computers. Each of these flight computers is powered
by a dual core x86 processor. The computers however don’t use the multicore
capability. Instead they execute each calculation on the
two cores individually and compare the results. So three flight computer with each a dual
core processor can be seen as 6 independent computers that are constantly checking each
others calculations. If one of the flight computers is hit with
radiation and produces a wrong calculation, the others will spot it. When that happens the malfunctioning computer
will be rebooted automatically to prevent further errors. After rebooting the computer has to perform
whats called a re-sync. It has to get up to speed with what the vehicle
is doing, so it copies the memory of the other two computers and runs the same programs. A bit like rebooting your computer with the
option to restore all your windows when you log back in. Dragon can even handle a situation where all
three of its computers are hit by radiation at the same time although thats very unlikely
to happen. Besides 3 flight computers, Dragon has 18
other systems onboard that also use triple redundancy computers. That brings the total amount of processors
up to 54! And that’s just for a single Dragon capsule. But Dragon isn’t alone, also the Falcon
9 has redundant systems. It has 3 computers for each engine (9 x 3)
and triple-redundancy flight computer which means that it carries 30 processors. At least that was the situation in 2012. Right now it’s possible that Falcon 9 has
even more processors to handle the landing. Now at this point you might be thinking: hang
on… Does NASA really allow SpaceX to use regular
hardware components? The ones you and I can buy on Amazon? Well actually yes! NASA doesn’t require the use of radiation-hardened
components. Instead they require SpaceX to do extensive
research into what effects the radiation can have on their spacecrafts. If they know how they’ll be affected, they
can compensate for it. In fact this is called a radiation-tolerant
design and is different from a radiation-hardened design. In fact NASA itself doesn’t use radiation-hardened
parts everywhere. The International Space Station for instance
uses a mix of radiation-hardened parts but they also use regular laptops for some controls. Even some parts on the Space Shuttle were
radiation-tolerant instead of radiation-hardened. But back to SpaceX: how do they select their
parts? Well they have two conditions: first of all
the parts have to be capable enough to handle their tasks – pretty obvious – and secondly,
they take into account what tooling is available for that particular part. Tooling determines what kind of people SpaceX
can hire. Off-the-shelf hardware is pretty generic and
uses software and tooling that a lot of developers already know. And that means that SpaceX has less trouble
finding great engineers. Radiation hardened parts however only work
with special programming languages that few people know, thus limiting the ability to
hire new people. Off-the-shelf hardware is also cheaper and
that allows SpaceX to extensively test these systems. John Muratore said that at one point over
40 flight computers were sitting on people’s desks for testing and development. You simply cannot do that with expensive and
hard to come by hardware. But enough about all this hardware, what about
the software that controls everything? Well the operating system of choice at SpaceX
is Linux. It runs on the desktops of the engineers and
powers its vehicles. Using Linux everywhere allows them to streamline
the development process and use the robust tools that come with it. The programming language of choice is C++
and they use it for two main reasons. First it allows SpaceX to hire a lot of brilliant
people because the language is still relatively popular. Secondly, they benefits from the large C++
ecosystem. No need to create custom software when you
can just use tools that developers already know like gcc, and gdb. But Linux isn’t the only platform that is
being used. They also use LabView a graphical programming
tool that runs on Windows. It is used to visualise telemetry that they
get from a Falcon 9 or Dragon during flight. Ground teams use it to keep an eye on important
metrics. Another interesting fact is that SpaceX tries
to share as much code as possible between its vehicles. The biggest advantage of this is that bug
fixes for one vehicle are automatically pushed to the other vehicles as well. Oh and another interesting fact is that game
developers are usually a good fit for SpaceX because they are used to writing code that
runs in environments where memory and processing power are constrained. The last thing we’ll take a look at is how
SpaceX monitors their software and vehicles. Engineers are encouraged to add metrics to
everything they can think about. When a vehicle is being used, all these logs
are collected and analysed by programs who raise an alarm if something is not within
the safety margins. All these metrics are stored together with
the source code that was running at that time. If something goes wrong with the vehicle,
SpaceX can recreate the exact environment to reproduce the problem and fix it. And finally they are using continuous integration
to automatically test all the code that is being written by the engineers. They even have test stands with all the components
of a Falcon 9 bolted on so they can simulate a complete flight to discover potential problems. More details about the used hardware and software
aren’t really available and that’s because the United States government considers it
classified. A rocket like the Falcon 9 is basically a
missile that goes to space. So in the wrong hands, the technology could
be misused and cause harm. But even with limited information we got a
pretty good view at what software and hardware is being used at SpaceX and what challenges
the teams face, considering the harsh environment in space. That was it for this video! If you liked it, hit the thumbs up button
and consider subscribing. Also follow me on Twitter for more updates
and as always: thank you so much for watching!

51 Comments

Add a Comment

Your email address will not be published. Required fields are marked *