I'd love to get some deeper insight into how NASA writes and tests software, I can only guess it's a million miles from how most of us work. Anyone know of any good talks, articles from engineers there?
The PDF linked to in the discussion is no longer there, but I found it on standards.nasa.gov here: https://standards.nasa.gov/standard/nasa/nasa-gb-871913
There are also some interesting product management related guidelines from NASA, like this from 2014: https://snebulos.mit.edu/projects/reference/NASA-Generic/NPR...
It initially seems kind of ridiculous to me that everything has an acronym, but I suppose it's no more ridiculous than choosing a name that sounds like a Pokemon. Maybe less so.
In any case, thanks for sharing that.
> The development and verification of the Charring Ablating Thermal Protection Implicit System Solver (CATPISS) is presented. [...]
Not sure industry would try this one either, though it is very memorable.
Which is not to say that what NASA and its contractors do isn’t cool or that they don’t spent ungodly amounts of time and money on testing and verification, but you also don’t load one line of code more than is absolutely necessary onto a machine that absolutely must work at all times.
It’s an important lesson to learn and a good skill to exercise from time to time, but honestly it’s also something that doesn’t apply to most of our work as software engineers. For most software most people are willing to knock a couple of nines off the reliability of a piece of software in exchange for higher-quality output, lower costs, and more features. If my data analysis pipeline fails one time in ten because an edge case can use all the memory in the world or some unexpected malformed input crashes the thing but yields more useful output than if I kept it simple and hand-verified every possible input, well, that can be a fine trade off. If your machine learning model for when to retract the solar panel occasionally bricks and leaves the panel out to be destroyed, that’s less acceptable.
Coincidentally, I spent the weekend banging around with an old TRS-80 Model 100, and it's been very interesting to see what workarounds and compromises were made to conserve space.
For example, the machine ships with no DOS at all, so if you're working with cassettes or modem only, you don't have that overhead.
If you do add a floppy drive, when you first plug it in, you flip some DIP switches on the drive and it acts like an RS-232 modem, and you can download a BASIC program from the drive into the computer that, when run, generates a machine-language DOS program and loads it out of the way into high memory.
I don't have one of those sewing machine drives, so I went with a third-party DOS, which weighs in at... wait for it... 747 BYTES.† An entire disk controller with command line interface in 2½ tweets.
† http://bitchin100.com/wiki/index.php?title=TEENY.CO_MANUAL
I can see how you would ensure reliability through proper requirements specification, a good software development process, separate independent implementations and extensive verification.
However, every time I read a popsci article about space flight software, they talk about this capability to push new code to the spacecraft while it is in flight.
I'm really curious to learn what this looks like in practice (technical details). Do they really have the ability to do an "ad-hoc" upload and execution of arbitrary code on these systems? If so, how are the ad-hoc programs tested and verified?
My understanding is that some spacecraft launch with beta/alpha equivalent software. Correct me if I'm wrong, but I believe that the rovers do this, with simple software installed first, then more complicated versions installed once they know everything is working.
It's somewhat similar to updating your iphone, but instead you use a huge dish to do the transmission and the bitrate is pretty horrendous.
I'm going to need a definition of "ad-hoc" here; no-one "deploys straight to production" on a spacecraft. Any patches have to be thoroughly tested on simulators and models of the spacecraft on earth before they are transmitted.
To answer your question about software upload, the PSP has 3 redundant CPUs (primary, hot spare, backup spare), and each has multiple boot images. To upload software, the team uploads it to an inactive image of the backup spare CPU, promotes it to hot spare for long enough to collect the data it needs, reboots it into the new image, and then rotates it into the primary role, which is a seamless transition unless something goes wrong, and then the new hot spare takes over again within a second. Once they're sure the software is working, they can update the other CPUs. Before any of this, new software is tested on identical hardware set up on the ground with physics simulations.
See also, "Solar Probe Plus Flight Software - An Overview" from http://flightsoftware.jhuapl.edu/files/_site/workshops/2015/
Amazing that they had the ability to just run ad-hoc LISP on the spacecraft. It appears their method to ensure safety in the face of arbitrary code execution was to divide up the spacecraft into isolation zones and run the parts that have a REPL on a non-essential CPU. From [1]:
> To protect the main DS-1 mission from possible misbehaviors of RA, the design included a “safety net” that allowed the RA experiment to be completely disabled with a single command, issued either from the ground or by on-board fault protection.
[1] https://ti.arc.nasa.gov/m/pub-archive/176h/0176%20(Havelund)...
But: Once you include a REPL or another mechanism to push and execute arbitrary code "ad-hoc", I wonder how that could possibly be tested an validated? Surely as soon as you add the ability to run arbitrary code, there is no way of testing for all possible states of the system as part of the validation process?
In other words, how do you allow the user to push arbitrary code, but prevent them from putting the spacecraft into a condition from which it can not be recovered? The only way I could naively think of would be to only allow the user to push code to a completely isolated CPU that has a remote-reset functionality from the main/comms CPU.
Still, the popsci articles I read made it sound like there might be more to it. It would be excellent to find some first-hand accounts/sources on how this looks like in reality.
It is complete overkill when "all" you're going to lose is a robot and some pride, as with a space probe you want to have lots of features and this level of safety is very restrictive on development effort.
More than likely, the spacecraft in question is written in C or C++ with the help of RTEMS or VxWorks. It is probably running a radiation hardened, very slow processor.
If anyone is interested JPL publishes their code standards doc for C: https://lars-lab.jpl.nasa.gov/JPL_Coding_Standard_C.pdf
But really, it's cool that they're using carbon-carbon protection similar to that which was originally developed for the leading edges of the Space Shuttle. And I really want to know how they built foamed carbon for the interior.
I'm guessing that they're using white ceramic paint on top instead of a reflective foil shield (like the Webb uses) because the foil would be shredded by the solar particles.
In the video, Thermal Protection System Engineer Betsy Congdon says it's 97% "air."
I can't say whether it's actually air, or she's simplifying things for the general public or not.
She also says twice that "water" is used in the radiators. But I'd have to believe that NASA's using something that absorbs/dissipates heat a little more efficiently. Perhaps whatever it is will end up in desktop gaming rig cooling systems eventually.
The temperature range is about 15C to 125C, at high pressure this is most ideal for use with water and water itself is a rather good coolant.
> “After launch, Parker Solar Probe will detect the position of the Sun, align the thermal protection shield to face it and continue its journey for the next three months, embracing the heat of the Sun and protecting itself from the cold vacuum of space.”
What a phenomenal piece of engineering! The article was not only fascinating to read as a non-astronomer/lay person, but it also makes it all look like child’s play, the way they decided what materials to use and how.
> “And to withstand that heat, Parker Solar Probe makes use of a heat shield known as the Thermal Protection System, or TPS, which is 8 feet (2.4 meters) in diameter and 4.5 inches (about 115 mm) thick.“
So is someone going to be bothering someone else about TPS Reports [1] over the expected seven year span of this probe? Sorry, I couldn’t resist making that reference! :)
> One key to understanding what keeps the spacecraft and its instruments safe, is understanding the concept of heat versus temperature. Counterintuitively, high temperatures do not always translate to actually heating another object.
> In space, the temperature can be thousands of degrees without providing significant heat to a given object or feeling hot. Why? Temperature measures how fast particles are moving, whereas heat measures the total amount of energy that they transfer. Particles may be moving fast (high temperature), but if there are very few of them, they won’t transfer much energy (low heat). Since space is mostly empty, there are very few particles that can transfer energy to the spacecraft.
So space has high temperature, but since matter is far apart the temperature isn't transferred very much.
Seems the answer is that you don't need matter for heat radiation.
Space is cold, but it doesn't feel cold.
Normal convective cooling (think your computers CPU or your phone's backside) or evaporative cooling (sweat on your skin, discardable heatsinks) work by transferring heat to some medium. In case of CPUs you do it twice, once from CPU to metal and then from metal to Air to get a larger cooling surface.
In space you don't get that, or atleast not without having it be expensive af. The only way to loose heat energy is by radiating it away naturally (infrared light that our bodies like to emit carries heat away from our body).
This is very slow and requires a very different cooler design and some design metrics overall (if your CPU points it's heat surface at some other components of the craft, that component might overheat due to that).
yeah, this article was a masterpiece of science writing. all of the difficult concepts were boiled down into very fruitful analogies and metaphors which clarified things succinctly.
The difference is that the water molecules are more tightly packed, than the air molecules in the oven. In space, they are quite far apart.
..and: please don't! :)
> Temperature measures how fast particles are moving, whereas heat measures the total amount of energy that they transfer.
I don’t want to downplay the good design and engineering that went into this, but should we be so confident without actually having done something like this thousands of times?
There sure is. At least two of the systems (positioning and water cooling) are active systems that could fail.
> but should we be so confident without actually having done something like this thousands of times?
"we" are confident enough that we rely on it to protect a > 1 billion USD probe. What's the use in adding a lot of ifs and maybes to some piece of marketing/explanation?
If it fails, adding some ifs and maybes to a marketing video won't really change anything.
But I'm also curious about what happens in the event of a solar flare or similar - from an engineering standpoint, what's their safety margin? Solar density goes up two hundred percent?
It appears the heat shield is a carbon sheet sandwich. At first I was guessing some form of tungsten-carbine, but that is the traditional material of NASA heat shields.
> Why is the solar wind a breeze closer to the sun but a supersonic torrent farther away? Why is the corona itself millions of degrees hotter than the surface?
I suspect the answer to all those questions is simply gravity, but it will be nice to verify such things with data.
I suspect the answer to all those questions is simply gravity, but it will be nice to verify such things with data"
Can you explain your hypothesis a bit?
The Sun has enormous gravity. It comprises 99.86% of the solar system's total mass. It would seem heat can be greater expressed where it is more free upon the vacuum of space upon escaping the gravity that confines the high density mass. https://en.wikipedia.org/wiki/Sun
As for solar wind momentum it would make sense that a particle is accelerating away from the Sun at a near constant energy that is less confined by gravity over distance... at least until it hits termination shock at the edge of the solar system.
Of course these are all speculations and hopefully the probe will provide the data to qualify more valid conclusions.
https://www.nasa.gov/feature/goddard/sounding-rockets/strong...
It explains the temporal heating behavior at some scales. But it doesn't give a mechanism of heating. It could be electron beam target heating. But it could also be mediated by plasma waves.
The electron beams need acceleration and the most common suggestion is x-point magnetic reconnection providing up and down voltage gradients due to changing magnetic field. But the amount of electrons needed is unphysically large; the entire electron contents of the relevant volume of the corona.
There are plasma wave models that don't require unphysically large parameters.
These two (and a couple other) options aren't clarified by the observation of heating profiles. With the launch of Parker Solar Probe and the DKIST (diffraction limited solar telescope) the two models above will finally be testable. Spectroscopy of ion species by DKIST will tell what kind of heating is happening and Solar Probe will be there to measure the input from the corona.
Heat resistant material will eventually reach equilibrium where the back side is almost as hot as the front side unless it's cooled somehow.
The corona can be expected to be out to ~12 solar radii, which suggests about a day of really severe conditions. (The data pass is 30 hours, which suggests that's about right.) That's why it needs to be a really good head shield.
It's smallest orbit has a period of 88 days.
are these wires on the outside of the spacecraft? but what about the silicon of all the electronic stuff that this thing must be keeping? The cooling surface would also get a bit hot (it would always get some more energy at some rate), so how does the coolant transmit any heat away from the probe?
I imagined they would try to save weight in some places if it allows them more freedom in others. Although I have no idea how much water is used in the first place so it might be a moot point.
I'm just the inquisitive type. Explaining that something is used always makes me wonder "why not something else" :).
Basically, there are two ways you can design a cooling system: one that involves phase change, and one that simply transports heat from A to B by moving a heat carrier, usually a liquid.
Phase change systems typically have a higher efficiency, because the phase change has larger relative energy than heat capacity. But it also has two disadvantages: it only works near the boiling point of the medium, and you need to deal with all the pressure changes that come with a phase change.
The Parker probe seems to use a "mere" transport, and there the heat capacity and the working range of the medium is very important, and water is a pretty good choice on both of these criteria.
Oh, and you also don't want something very corrosive to destroy your expensive space craft from the inside :-)
IIRC the ISS uses two cooling systems, one based on water that is used throughout the station, and then an ammonium-based system that takes the heat off the water and transports it to the heat radiators. But on the ISS, maintenance is possible.
That explains why energy is not transferred by conduction or convection to the spacecraft. But what about energy (heat) transfer by radiation? Why won't the spacecraft get all the energy from radiation and have its temperature shoot up?
I’m American and I’m embarrassed by this. This is science, make it easy for people to understand. Use SI units, please.
91cm and 10cm, to save anyone else doing the conversion. Also, it seems to understate the closeness: Closest approach is 6.1 million km, which is 1/24th of 1 astronomical unit, but four inches is 1/9th of a yard-stick.
I hope that kind of materials can be mass-produced on the short term future to be used as insulation for homes!
