- SpaceX vehicles are powered by dual-core x86 processors.
- In addition to the Linux operating system, they use LabView, a graphical programming tool that runs on Windows.
- Programmers at SpaceX prefer using C++ (and sometimes Python).
- The vehicle code is on the order of a couple of hundred thousand lines.
What started in 2002 to reduce the cost of rocket development, now dominates the space industry. SpaceX is currently pursuing numerous programs, which include building reusable launch vehicles, a global telecommunications network, and an interplanetary transport system.
The company manufactures two types of rocket engine in-house — hypergolic fueled SuperDraco vernier thruster and kerosene-fueled Merlin engines. Since we’re a big fan of SpaceX, it got us thinking: what hardware and software power Dragon spacecraft and Falcon rocket.
Most of the details about software and hardware are not really available, as the US government considers it classified. The advanced rockets, like Falcon 9 and Falcon Heavy, are basically a missile that goes into space. So the technology could be easily misused and cause serious damage if it falls into the wrong hands.
But even with limited data, we got a pretty good idea about what kind of hardware/software is being used at SpaceX, and what challenges the team is currently facing, considering the extreme space environment.
Hardware Issues Because of Radiation
Both software and hardware go through harsh conditions, which include a lot of vibrations and intense heat. The situations get even worse once the equipment enters the Earth’s orbit. For instance, Dragon copes with an enormous amount of heat and cold, ranging from 120°C (when facing the Sun) to -150°C (when sunlight is blocked by the Earth).
However, one of the biggest issues for electronic instruments is radiation, which comes from Earth’s magnetic field, high-energy particles ejected by Sun, and particles from outside our solar system.
These particles could cause a bit flip. It occurs when high-energy particles hit the processor or memory of the spacecraft machine. If particles hit the memory, they can cause a “1” to become a “0” and vice versa, corrupting a specific part of the memory.
If particles hit the processor, they can cause the computation results to be completely incorrect. Because of a single bit flip, processors can have severe effects on a spacecraft.
This was illustrated in 1996 by the maiden flight of Ariane 5, Flight 501. Although it did not suffer from a bit flip, the software tried to put a 64-bit number into a 16-bit address, truncating the number and causing a completely different result. The rocket veered off its flight path 37 seconds after launch and eventually self-destructed by its automated flight termination system. Bottom line: a simple software bug resulted in a loss of over $370 million.
Coming back to the topic, the software onboard SpaceX vehicles can easily detect and correct these bit flips by inserting parity bits, which is the simplest form of error detecting code. They also assume that you cannot completely protect electronic instruments from radiation, and they build their vehicles with this in mind.
Hardware They Use
Rather than using expensive, radiation-hardened components, SpaceX uses off-the-shelf parts. According to the former director of SpaceX vehicle certification, John Muratore, each Dragon spacecraft is equipped with 3 flight computers. Each of these computers run on a dual-core x86 processor.
The systems do not utilize the multicore capabilities of a processor. Instead, they perform each computation on the two cores separately and compare the results. Therefore, 3 flight computers with dual-core processors act as 6 independent computers that are regularly verifying each others’ calculations.
If one of the flight computers outputs a different value (due to radiation), the others detect it. In this case, the malfunctioning processor is automatically rebooted to prevent further errors. It copies the memory from other processors and executes the same programs to get up to speed with what other systems are executing. This is called re-sync.
What if all 3 flight computers were hit by radiation at the same time, although it’s very unlikely to happen. Well, Dragon is designed to handle extreme situations, including this one. Other than these 3 flight computers, Dragon is equipped with 18 other systems onboard that too use triple redundancy computers, which brings the total number of processors to 54. And this is just for a single spacecraft.
The Falcon 9 rocket is packed with 3 flight computers for each engine, and triple redundancy computer, which overall carries 30 processors. We are presenting 2012 data, so it is possible that SpaceX is using even more processors in their spacecraft and vehicles to handle the landing.
It sounds very unusual that SpaceX uses regular hardware modules that anyone can buy on Amazon. This is because there is no need for extensive usage of radiation-hardened components. Both NASA and SpaceX are studying what effects the radiation could have on their spacecraft. If they know how things will be affected, they can compensate for it.
This is what they call a radiation-tolerant design, and it’s much different than a radiation-hardened design. Even NASA does not use radiation-hardened components everywhere. For instance, ISS (International Space Station) uses a mix of both radiation-hardened and radiation-tolerant components, along with conventional laptops for some basic controls.
Mating Octaweb of Falcon Heavy center core to the tank | SpaceX
But if you’re wondering how SpaceX select their rocket components, they’ve two conditions –
- The first one is pretty obvious – all components much be capable enough to handle their tasks.
- What tooling is available for that particular component.
Off-the-shelf hardware uses software and tooling that most of the developers are familiar with. Radiation hardened parts, on the other hand, only works with certain programming languages that few people know.
Moreover, Off-the-shelf hardware is less expensive and allows SpaceX to test these systems extensively. Muratore once told that at one stage, more than 40 flight computers were sitting on engineers’ desks for testing and development. One can’t simply do this with expensive hardware.
Software That Control Everything
SpaceX uses the Linux operating system – it runs on almost all desktops and powers its vehicle. It allows engineers to streamline the development process while using the robust applications that come with it.
The programmers at SpaceX prefer using C++. Because it’s one of the most popular programming languages, SpaceX can hire a lot of brilliant programmers to test already-written code and write new ones. Also, they benefit from the large C++ ecosystem.
There is no need to develop custom software (saves time and extra work) when you can just use existing tools that developers already know, such as gcc (C and C++ compiler) and gdb (debugger).
Game developers are usually a good fit for SpaceX, as they have a good experience of writing code for a specific environment where the processing power and memory are constrained.
Other than Linux, SpaceX uses LabView, a graphical programming tool that runs on Windows. This helps engineers better visualize the telemetry that they get from Dragon and Falcon during flight. This visualization makes it simple to build data analysis algorithms, represent complex logic on the diagram, and integrate measurement hardware from any vendor. The ground team uses it to track crucial metrics. They also use Matlab on the ground as an analysis tool.
SpaceX also tries to share the maximum amount of code between its vehicle. What’s the benefit of this, you asked? Well, the bug fixes of one module can be easily pushed to other modules as well.
Monitoring and Logging
Engineers and analysts at SpaceX are encouraged to add metrics to everything they can think of. All these logs are gathered and examined by software that raises the alarm if something is not under safety margins.
All these data are captured and stored together with the program that was executing at that time. If something goes wrong with the rocket, the company can regenerate the same environment to investigate further and fix the issue(s).
Moreover, SpaceX uses continuous integration to test the entire code being written by programmers automatically. In fact, they have test stands bolted on all Falcon 9 components so they can simulate a whole flight to figure out potential problems.
The rocket code is on the order of a couple of hundred thousand lines. Engineers at SpaceX perform “Cutting the strings” task, where they shut off a computer mid simulation randomly, to observe how it responds.
SpaceX McGregor, TX
Read: NASA’s 10 Coding Rules for Writing Safety Critical Program
SpaceX has its Rocket Development and Test Facility in McGregor, Texas. As of 2012, the McGregor facility has 7 test stands that are operated 18 hours a day, six days a week. Since the production is rapidly growing and they have a vast manifest in the upcoming years, SpaceX is building more test stands.