[time-nuts] Space mission comes to an end becuase of a "computer time tagging" problem

Sat Sep 21 07:45:35 EDT 2013

On 9/20/13 5:12 PM, Bob Camp wrote:
> Hi
>
> Low bid wrist watch used as time base?
>
> ---------------------------------
>
> I'd bet there is some form of master time tick in their RTOS that
> keeps everything pumping. Loose the time tick (or the time tick
> count) and it all goes away…

yes and no.

Most spacecraft have a default strategy if everything got reset, so they 
don't need to know what time it is. They go into "safe hold" mode.

There's several steps in the strategy.  If you have attitude knowledge, 
you'll sun/earth point the high gain antenna and wait to hear from the 
ground.

If you don't have attitude knowledge, you shift to the low gain omni 
antenna, and wait to hear from the ground.

DSN cranks up the Tx power, and they transmit at a very low rate (10 
bits/sec) to try and get a command in through the LGA.

If you've totally lost attitude control, and you're slowly rotating, you 
still might not get a command it, because there's no such thing as a 
truly omni antenna pattern: it has lumps and bumps and nulls.

However, unless there's no attitude control authority (e.g. if you have 
wheels and they've failed, or you've run out of propellant), you don't 
need to know the time to be able to stabilize the spacecraft in one 
attitude. And once you're stabilized, you can get that command in.

So there's some other more complex problem.

>
> As the onboard computers accumulate radiation induced faults, there's
> a lot of software patching that goes on to map around the faulty
> sections. They may have done one to may patches.

I don't think that is the case with DI. Radiation causes upsets, but 
they're usually a transient thing, and rewriting the memory fixes it. 
Most of the time it's using EDAC on the memory, and scrubbing.

One can send commands from the ground that will kill it accidentally. 
Spacecraft have typically very simple command structures.  A lot of 
commands are basically "poke this value at this address" and with 
knowledge on the ground of which control paramters are stored at which 
addresses, you can build your commands.  However, if you poke the wrong 
address, or send the wrong value, you can command the spacecraft to do 
something that is irrecoverable.  One of the Mars spacecraft was lost 
because of this.

People often ask "why doesn't it have range checking and validation on 
the parameters".  Well.. that would take more code, and memory is a 
limited resource.  And, it's not like there's a "command parser" in the 
sense of a shell that interprets and validates commands.  The spacecraft 
checks the checksum on the received message, and does it.

This comes from a long history where spacecraft had very simple control 
systems (no computer).  You'd have a bunch of relays and the message 
that comes up has a bit for each relay or control line.  The "command 
detector unit" sees the frame sync bit sequence and then just loads the 
bits into a big register, and when the checksum is ok, it latches them 
all in.   It's much like how 1553 works.  You assign each word or bit to 
some actuator or sensor, and it's more like "remote memory access" than 
actual commanding.

The whole process works the same on downlink.  In fact, even though we 
now use computers, it's still called "decommutation"

>
> Bob
>