YTread Logo
YTread Logo

Light Years Ahead | The 1969 Apollo Guidance Computer

Jun 02, 2021
I would like to welcome our speaker, Robert Wills, he is an engineer at Cisco and HAARP ndon and writes software for the Internet. Reuters has a great interest in the history of computing and users and what they really did with

computer

s and is fascinated by Apollo guide

computer

for the last ten

years

and is still learning things about it today he is going to tell us about the stages ends of the lunar descent that was fifty

years

ago in July and the three exciting seconds in which it seemed that the mission would have to be aborted so without further ado Robert Wales July 20,

1969

Neil Armstrong and Buzz Aldrin were in the lander lunar at 30,000 feet above the surface and descending rapidly everything seemed to be going well when suddenly the onboard computer indicated a program 1202 alarm and the computer rebooted Neil Armstrong as always remained calm and collected and radioed Houston with just a touch urgency in his voice asking for an update on that alarm 1202 three seconds later Houston returned and gave Armstrong the go-

ahead

to continue shortly after another The Aladdin program occurred this time at 12:01 and again and again and another in total during the descent of Apollo 11 there were five program alarms and the last one was reset just 2,000 feet above the surface of the moon there couldn't have been a worse moment on the f

light

to I'm having computer problems now, at the moment the press gleefully reported how Armstrong took manual control of a broken and failing onboard computer and managed to heroically and single-handedly land the spacecraft on the surface of the Moon.
light years ahead the 1969 apollo guidance computer
Against all odds, nothing could be further from the truth. Yes, Neil Armstrong was an outstanding and brilliant pilot, but the Apollo

guidance

computer worked perfectly on this mission and every other mission Italy flew thanks to pioneering hardware and software design principles that were used to make the system was robust against any failure, no matter what happened. and those design principles, although quite revolutionary at the time, now form the basis of all kinds of highly reliable software that we use every day, so in this presentation I would like to use the story of Apollo 11 to tell you a little about the Apollo guide. computer, so I'm going to start by introducing you to the computer and then I'm going to explain to you in detail how you land on the moon and then I'm going to show you the computer and the role it played in the landing.
light years ahead the 1969 apollo guidance computer

More Interesting Facts About,

light years ahead the 1969 apollo guidance computer...

We'll talk about some of those revolutionary design principles that we use to make the software robust and finally, once we have all that background, I'll go back to the Apollo 11 landing and we'll get to the bottom of those program scares. and I'll show you that the Apollo

guidance

computer saves the mission instead of ruining it first, it's a little bit about me, so as we said in the introduction, I've worked at Cisco for the last 10 years in the service provider business . unit, so we write software for top-tier readers that you wouldn't normally see, these things are at the core of a data center or an entire country's network, so it's very important that these Reuters are very reliable .
light years ahead the 1969 apollo guidance computer
There are many links between the things I do as part of my job and some of the topics I'm going to talk about today in my free time. I love the history of computing and believe that old computers should not sit on a shelf and collect dust where they should be plugged in, turned on, come to life and demonstrated in the context for which they were designed to be used or if you don't have an Apollo computer and a spaceship at hand, at least try. and demonstrate it on the screen and spent 10 years researching the Apollo guidance computer.
light years ahead the 1969 apollo guidance computer
It's my favorite for all kinds of reasons, including the story I'm going to tell you today. Well, first let me introduce you to this amazing machine. It is on the screen and was designed in the MIT Instrumentation Laboratory. It was actually the first contract that NASA awarded as part of the Apollo program, so just six weeks into the Apollo program, NASA awarded this contract and they realized that some kind of on-board computer would be needed. on board and was responsible for almost all of the guidance, navigation and control of the Apollo missions, so it managed to put you into orbit around the Earth, it took you to the Moon, it put you into orbit around the Moon. takes you down to the surface, takes you back again, managed to reunite the two ships again, brought the whole caboodle back to earth and managed to re-enter the same hardware, but different software was used in both command modules, so that's it The mothership and the lunar module, which is what landed on the moon, weighed only 32 kilograms.
This is really important because you pay for the weight three times, you pay to get it out of the earth, you pay to land on the moon and you pay to turn it off again it consumed only 55 watts and every time I give this presentation I check that number because I just don't believe it and it took up only one cubic foot now in an era where most computers took up entire rooms and consumed huge amounts of power and required enormous amounts of cooling. I think those three numbers are really remarkable and it ran between 50 and 100 thousand instructions per second.
This is where the claim comes from that there is more power in your pocket calculator than in Nepal's orienteering computer. We're going to look at a lot of junk, so being a little more technical now, it was built completely from scratch from one type of logic gate, the three inputs and the gate, so this is the simplest possible logic gate that can be built. You can imagine and they were able to connect about five and a half thousand of these logic gates together and it turns out that you can connect them to make any digital circuit you can imagine now it was actually built from integrated circuits, so it had two of those gates. logical. on each integrated circuit, so the computer was made up of just under 3000 integrated circuits, now the choice to use integrated circuits was truly

ahead

of its time, for example, in 1963, 60% of all integrated circuit production from the United States went to MIT for the Apollo Guidance Computer, that's how radical it was that they used integrated circuits, did they solder them together?
Oh no, they soldered them together to form these modules and then 26 modules were connected to a backplane and the backplane connected all the modules together and made the final computer there is a s

light

ly larger image of the tray with some modules connected to it and there is an image of the other side which is the backplane those blue lines you can see some small cables that connect all the modules to each other in terms of memory there was a really very small amount of memory in the computer, so there were 2000 words of one expandable memory that we would call RAM and that is where the variables would be stored.
In English, that means you can store 2000 different numbers on your computer, for example, you could store where you are, you can store where you're going to land, you can store other bits of information, like your speed, so you can store just two thousand of those. numbers, which, believe me, is not much and it had 36 thousand fixed words. memory what we would call ROM and that's where the program was stored and more in English again, that means you can store 36 thousand instructions on your computer, so there really isn't much of any of that stuff now fixed memory is pretty good, so it's actually here on the slide and you can see there are these very thin copper wires, this is all magnified, these very thin copper wires go through these rings and generally speaking, if a wire went through a ring, it was a 1 and if not, it was a 0, so the software was literally woven together to form the fixed memory.
There is a photo of a Raytheon engineer who does indeed have the program list in front of her and is very carefully weaving those tiny copper wires through the even smaller rings to translate the program into fixed memory that the computer can then read, I wouldn't want to make a mistake, would I do it now? Since it was composed of only five and a half logic gates, it was surprisingly feature-rich, it had real time. the clock features parity checking and extensive input and output connectivity, but it also had some quirks, it had a 15-bit word size, which means the numbers it can store are not very large, it used complement of ones for integers which will surprise any mathematician because you can have two different values ​​for 0 positive 0 and minus 0 and believe me no computer system is used today for obvious reasons it didn't have floating point numbers so you can have anything with a decimal point, everything had to be an integer, but it actually turns out that it's not that bad, you can work with it and in many ways it's preferable and instead of having a lot of different instructions, it did quite a bit with these strange memory locations, for example, instead of a special instruction to change a number one location. on the left, which turns out to be a really useful thing to be able to do on a computer instead of a special instruction to do it, you would type your number into the special location 20 and then magically when you read it back you would get the The number shifted one place to the left, so it was another peculiarity of the instructions, as we have seen that it had a very small amount of memory, no battery, and a strange and awkward instruction set if you gave a modern systems engineer the Las z instructions for the Apollo guidance computer would really scratch their heads trying to figure out how to use those instructions to make a program.
Well, let's talk about IO, so this thing on the screen called the e-disk was the main way the astronauts interacted. with the guidance computer and you can see that it has a screen on the top right, it can show you some numbers, it has a keyboard on the bottom to enter some data and on the top left you can see that it has some special lights on the disk . We use a verb-noun format to enter commands and display data and there are many other human interface devices present on the spacecraft, for example the 8-ball indicator lamps and hand controllers, and I will show you all of these later in the computer, it could also communicate by radio. data back to Houston and receive data from Houston and of course a spacecraft has many very interesting things for example a rocket engine is IO the computer can control the rocket engine and can also read data from many instruments specialized, which again.
We'll talk about that later, so one of the things that the guidance computer is really good at because it had to be input and output, okay, so that's the computer. Now I would like to tell you a little about how they landed on the moon. With Apollo, first of all, we are going to need a spaceship, so here is our spaceship and the first thing we need is a beer rocket engine and that rocket engine will give us a lot of thrust and we will use it to slow down. down, that will take us out of orbit and gently bring us to the surface, so there will be our big rocket engine.
However, we also need to be able to steer it and that's the job of these little RCS thrusters. RCS thrusters allow the computer to steer the spacecraft in any direction. the main source of data is this thing called IMU. The IMU can tell you which direction the spacecraft is pointing and it can tell you which direction the spacecraft is accelerating and with those bits of information it can calculate position and velocity. landing radar that uses a radar to measure the height of the spacecraft above the surface of the moon there is the window the window is very important I will have a lot to say about that later at the feet of the spacecraft are these little probes called lunar contact probes and in the middle tying it all together sits our best friend, the Apollo guidance computer, so that's our spacecraft.
I'll talk very quickly about a couple of things that may be less familiar to you first: the RCS thrusters, so in the four corners of the spacecraft are these quads of RCS thrusters, one pointing up, one pointing down, and two pointing in. right angle, and the computer can give little jets of thrust through these little thrusters and using those little jets it can steer the spacecraft in any direction, the computer one time and the other. What's worth talking about quickly is the IMU. The IMU was a remarkable piece of engineering, it was a sphere and inside the sphere were two pitiful three concentric rings that could rotate relative to each other and then right in the middle of the IMU was something called a stable. member, the stable member had three gyroscopes mounted at right angles to each other and because they were gyroscopes, that keeps the stable member completely fixed in space so the spacecraft can move however it wants and the stable member now stays completely in the same place.
There are sensors on the concentric wings and you can use those sensors to see how the spacecraft hasrotated around the stable member that is always fixed and by taking those measurements you can measure which direction the spacecraft is pointing and there were also three accelerometers. a bit like on your phone that can measure acceleration in three directions, okay, enough about the spaceship, that's all you need to know next. I need to give you a two-minute course. I need to condense hundreds of hours of NASA training into two. minutes and I'll tell you how they landed on the moon, so let me set the stage for you.
We will arrive at the mission at the point where the astronauts are in what was called the descent orbit. This is a really misleading name because the descent orbit. It doesn't actually take you to the surface of the Moon, the descent orbit is an ellipse and the lowest points of the descent orbit are nine nautical miles above the surface and the so-called lunar module rotates happily around that descent orbit forever and ever. To land on the moon we need to execute a series of maneuvers starting from that lowest point in the orbit and those maneuvers will take us out of orbit and gently descend towards the surface.
Those maneuvers are the most difficult parts of the landing and that's the point. I'm going to talk about today, which comes in three phases, the first is p63, the braking phase. Now the goal of p63 is to slow down the spaceship and as the spaceship slows down it will also lose a lot of altitude so the spaceship starts. nine nautical miles or fifty thousand feet above the surface and it's going very fast at 1670 meters per second during p63 we fire that huge rocket motor which slows us down we lose most of our altitude so at the end of P 63 we are much lower .
We're only 8,000 feet above the surface and we're going much slower, 210 meters per second, so P 63, next up is P 64, the approach phase. Up to this point, astronauts are generally face up with the rocket engine pointing inward. in front of them and they can't really see where they're going, so the first thing that happens at the beginning of P 64 is that pitching maneuver and that allows the astronauts to look forward out the window to see where they're going. to land, which is somewhat useful during page 64, the astronauts and the computer work together to fine-tune the landing site.
Finally, when the lunar module is about 200 feet off the ground and is basically above the landing site, we enter page 66. phase the goal of p 66 is to land nice and smoothly vertically and without any side to side or dips or backward movement, so those are the three landing phases p 63 the braking phase where we slow down and lose most of our heights p 64 the approach phase where the astronauts and the computer work together to fine-tune the landing sites and p 66 the final phase where we want to land in a nice, smooth way, okay, this is how they did it now.
I'd like to rewind the clock and show you the computer in action doing it. Now there are a lot of details here and you don't need to remember any of the details to enjoy the rest of the talk. I just want to demonstrate to you the kind of things that we astronauts and the computer are doing so you can get an idea of ​​what's happening, okay so let's rewind the clock, we're back in descent orbit and we're about ten minutes early To begin the landing maneuver at 10:00 a.m. and the astronauts have the key to the disk in front of the room, remember that this is the main way in which they interact with the computer and the first thing they must do is load the landing software.
To do this, they write the verb 37 which means please load this program and then write the program number so that in program 63 press ENTER and the computer loads the landing software. Now the computer has been programmed in advance with where the landing site should be and the computer calculates exactly what time it needs to start firing the rocket engine to start the landing maneuver, so the computer shows it to the astronauts using verb 6 noun 61, which means I have information about the landing to show you and the most interesting number if you are excited to arrive. the surface is second in time to ignition, so it says here that there are 600 seconds left before the computers calculate that we need to start the engine, so let's fast forward now to one hundred seconds before ignition and the computer has an important message, so To indicate this to the astronauts, the key release light on disk II illuminates.
The astronauts can see that message by pressing the key release button and the message is verb 50 noun 18 well, what does that mean? Well, that's the computer asking for permission to maneuver. the spaceship now, if you remember at the beginning of P 63, we need the spaceship face up with the rocket engine pointing forward, so the computer asks for permission to do this, if the astronauts are happy, they press the continue button. and then the computer automatically maneuvers the spacecraft to point in the right direction. The next thing the computer does is call Alec and fire a small jolt through some of the RCS thrusters and that jolt deposits the rocket fuel to the bottom of the fuel tanks. so the rocket engine would fire cleanly the first time so they really thought of everything now came for the clock again now we are five seconds before ignition and the computer shows the verb 99 now and 62 now all the Apollo astronauts can tell you what verb 99 noun 62 means what means are you sure you want to land on the moon? so that the astronauts have five seconds to calmly approach and press the Go key to authorize the computer to perform the landing, so that we are all ready to go, just to remind you.
Where in our descent orbit are we now at the lowest point and is exactly the right time that the computer will begin landing maneuvers, so here we go. We know how it works. It starts with P 63 and the first thing the computer does. It's my favorite part of the whole software and it made my year when I discovered it turns on the rocket motor it has a very measly 10% thrust so you barely notice the thrust and it does it for 30 seconds and what the hell is it doing good? the computer is measuring to see if that thrust causes the spacecraft to spin and if the spacecraft starts to spin the computer spins the rocket motor to make sure the thrust acts perfectly through the center of gravity and that will stop the spin after about 30 seconds of gently starting the engine and gently spinning the rocket motor, once the computer is happy it increases thrust, oh yeah there's my spin everyone which is exciting and there we are so computers increased the drive and for reasons you can ask me in the questions and answers.
The total thrust is 94%. Now this is not just a question. Fire up a huge rocket engine and hope for the best throughout the landing. The computer is running sophisticated guidance calculations and always has two points in mind: the first. In green is the desired landing site, so that is the landing site that has been programmed into the computer and that desired landing site can actually move as I will show you later. The other is the landing site projected in blue and that's where the computer thinks it is. go to land based on your current position, your current speed and do some orbital mechanics to extrapolate the trajectory and the reason for the computer's existence is to direct the spacecraft to try to move the projected landing sites towards the desired landing site, So sophisticated things, okay?
Again, don't worry about the details, just enjoy the computer doing cool things at the top of page 63, the landing radar is too high above the surface to be able to see the surface, so the only source of data it has the computer is from the IMU now the IMU is extremely accurate, but it loses precision during accelerated flight and of course nothing says accelerated flight more than having a huge illuminated rocket engine on your butt for the computer to tell the astronauts who doesn't know exactly where he is. or exactly how fast the altitude and speed lights on the dial are illuminating.
II. Okay, we're still at P 63, but we're a little lower now, at 40,000 feet above average, at which point we're low enough for landing. The radar can lock onto the surface and start providing data to the guidance computer, so when that happens, the computer clears those two lights and the astronauts wait anxiously for the moment when it happens, they type the verb six now 63, which which means please show me the discrepancy between how high you thought you were based on the inaccurate IMU data and how high you actually are based on the very precise landing radar measurement and it was common for at 40,000 feet above the surface to have a thousand foot discrepancy between where the computer thought it was and where it is now, obviously when you're 40 feet above the moon, a thousand feet here or there doesn't make much of a difference, but as you start to descend, it really you want to start using more precise numbers so astronauts check this data, make sure it looks vaguely good, and if they're happy, they do something called incorporate to incorporate, they write the verb 57, which means you guessed it, incorporate and The guidance computer will then combine the very precise height information from the landing radar with the information it already has from the IMU to get a much more accurate position and then over time the guidance computer will steer the spacecraft to correct any discrepancy now that you know exactly where it is.
Okay, through a mid-landing model, now towards the end of P 63, the computer automatically reduces thrust to accurately calculate the time to keep the spacecraft on trajectory and then when it reaches 8,000 feet, automatically enters program 64, that's the next bit. landing, we know what happens from our two minutes of training at NASA, the first thing the computer does is perform that pitching maneuver to make the spacecraft more vertical now, if you remember, during P 64, the astronauts and the computer work together to fine-tune the landing site so the computer needs some way to tell the astronauts exactly where it is going to land.
You need a very large surface area to obtain a device. Yes, it's the window. The window has these two axes marked like this, a bit like a graph. paper at school and during the program 64 the computer shows the verb 6 noun 64 and that means I'm telling you where you're going to land and it works like this, you see that 5 in the top row of the e disk that tells Armstrong to look at 5 along the horizontal axis on the windy day and that 40 on the right side tells Armstrong to look 40 up on the vertical axis and then Armstrong imagines red dots looking out the window and that red dot is the computer that tells him tells Armstrong exactly where the spacecraft will land, so during this part of the landing the birds will call out numbers like 5 40 and Armstrong will look out the window using those axes to imagine the red dot and he'll be able to see, oh, that's where we are.
Let's land, what if I'm drawing? He doesn't like the look of where the computers will land. He can move his hand controller and if he moves his hand controller, that moves the desired landing spot and then the guide is Graydon. will direct the spacecraft to move the projected landing sites toward the new desired landing site and it was common throughout P 64 for that imaginary red dot to move around the window, especially if Armstrong was using his hand controller to change the landing site. landing, so the gusts could be saying 5:45 5:45 0 etc. and Armstrong all the time is using his hand controller to adjust the landing site if he wants equipment throughout the 64 program, the hand controller is connected to these very sophisticated guidance algorithms because the hand controller does not directly steer the spacecraft, it moves the desired landing sites and then the guidance algorithms will calculate how the spacecraft should be steered to achieve that and then those steering commands go down to the much lower level attitude control software which takes those steering commands and turns. those in commands that are given to the thrusters, so there is a lot of sophisticated code between the hand controller and the thrusters once the lunar module is practically above the landing sites.
Armstrong moves that pings mode, switches from auto to attitude hold, and generally speaking, that automatically. puts the computer into program 66, at which point the hand controller disconnects from the sophisticated guidance algorithms and instead connects directly to the steering software, meaning that when you move your hand controller instead of changing location landing,is directly directing the spaceship. It's much more: Rhett's control relationship in the final stages of landing, but what I want to point out is that it's not full manual control at all times, there is code running between Armstrong's manual controller and the thrusters, eventually once than the lunar module.
It's too close to the ground, a lot of dust kicks up, and Armstrong can no longer see out the window, so he looks at two instruments inside the cockpit, both controlled by the guidance computer. The first one is the 8 ball and that tells you it's the spaceship. the right way up and the other is the crosshair pointer display that tells you if there is any speed side to side or forward and backward and Ultron looks at these two instruments to make sure the spacecraft is completely vertical and not It's sort of moving from side to side or forward or backward and this is very similar to how a pilot would land a plane in fog.
Finally you remember these little probes at the feet of the spacecraft, once they hit the ground. , a blue contact light illuminates in the cockpit the astronauts quickly shut down the engine they breathe a sigh of relief and that's how you land on the moon and that's my demonstration of the Apollo guidance computer however what about those pesky programming labs at modern Tate as if it were a serious problem which is a bit like seeing? that or if you're a little more old school something like that or worst of all alarm 1202 was nothing to laugh at if you're on the spaceship now of course they always have the option of aborting but an aborting It was by no means something trivial, obviously, you lose billions of dollars that have been spent there or at least hundreds of millions on the mission, you lose a lot of national pride and your own pride, but apart from all that , it is actually technically very difficult to cancel, so if they pressed the cancel button the pyrotechnic rays that would have exploded, they would have separated the lunar module, so the entire descent stage would have disappeared, leaving the ascent stage , a fifth pyro would have fired, which would have shot a guillotine through all the cables connecting the two stages, so it's completely separating the spaceship into two, so you could only abort one, see if Nanami can't try again and then of course Mike Collins in the Command Module has a big orbital mechanics problem to solve because he has to go pick up his friends, so aborting was non-trivial and not safe, so the question of what do we do with the tower: the alarm was a very serious one and that's what I'd like to talk about in the second half of the presentation, so first I want to talk a little bit about the mission software and it will leak back into the cockpit and they will get to the bottom of those program alarms.
First, though a little bit about the software, now it's a slightly more boring ten minutes of chat, but bear with me, let me say what I have to say and then we'll jump back into the spaceship and have some fun. For the last 15 minutes, the lunar module software was called Luminaria and I hope my demonstration convinced you that it was a sophisticated piece of equipment that controlled all phases of the mission, so it put the lunar module into that descent orbit elliptical. He handled the whole landing, that's what I just talked about, he took you off the moon again and reunited you with the command module, so he did everything and, as we've seen, he controlled that huge rocket engine.
He fired up the RCS thrusters, he was updating information on Disk II, he was moving the eight ball on the crosshair display, reading data from the IMU on the landing radar, doing all sorts of things at the same time, so he ran a very simple real process. real-time operating system that they wrote from scratch as part of luminary and I want to talk very quickly about six design principles that they used in that real-time operating system to make it reliable. Oh, I always forget this part of the source of luminaries one gets. It hurts yes very good okay number one it uses a high level language so like I said at the beginning the Apollo z guidance computer instructions were very primitive and difficult to use and that meant you had these algorithms complicated guidebooks and were difficult to translate.
Those in the code that were correct also 15-bit integers and the small numbers that the computer can store were not large enough to give the exact type of precision that the computer needed, so their solution to this was something called an interpreter, this provided a sort of virtual set of instructions that were much more powerful, for example, they gave you matrix and vector operations which are really useful if you're doing orientation calculations, they gave you luxuries like being able to index in a matrix and they gave you a stack. which is good for writing much more structured readable code.
It got around the 15-bit word size by giving you double and triple position integers, so it gave you much larger numbers to work with and that gave you the precision you really needed for those calculations. knowing how to calculate the landing site and how the spacecraft should be directed, etc. It also meant that the same algorithm took up a lot less space because each action did a lot more things for you, so you needed little to get the job done, and if you remember, there wasn't much memory, so if your program took up less space, that was A really good thing, it also made it easier to write the correct code because the instructions were easier to use, but the downside of the interpreter was that it actually ran. slowly, so the final software was a combination of both, the really time-critical things, like controlling the thrusters or reading data from the IMU, which had to be done all the time and in a really timely manner, were written and They are difficult to use.
The low-level language and the interpreter itself also had to be written in the hard-to-use language, but then all the Sed Deluxe guidance algorithms that did complicated math were written in the interpreter and they could do that because those guidance algorithms only they had to recalculate things every second or every three seconds, so it didn't matter if they ran slowly. Number two, they divided their system into jobs, the guide computer was doing a lot of things at the same time, so they divided the system into jobs where each job did something like different apps on your phone, for example there was a job called reading act that read data from the IMU and used it to calculate the position and speed of the spacecraft.
A whole set of works was used. to implement digital autopilot there was a job with a lovely name called pinball and pinball updated the numbers on disk II there were jobs for high level tasks like P 63 P 64 etcetera and dozens of other jobs that I haven't even included here If you remember one thing, remember that each job had a small area of ​​memory that it could use as temporary storage, a bit like if it was doing some calculations, it had some space where it could show that it was working and there was enough memory. have seven jobs running at the same time and they designed the system very carefully, very carefully, so that you never had more than seven jobs running at the same time, number three restarts on failure, now speaking, it's a software engineer of gray hair, it is a It is a sad reality that all software will find faults.
I'm not talking about mistakes where the programmer didn't understand what the program was supposed to do or the programmer was lazy. Those things would be detected much earlier during testing. I'm talking about one in a million. once in a blue moon events that are really rare and those really rare events can trigger unusual code flows through the software which can cause the software to crash if you don't think about those eventualities and often don't find these things during testing because they only happen once in a million, so you would have to be very lucky during testing to reach the error condition.
If your software failed, it can't be trusted to recover on its own, it failed, so all bets are off. restart the part of the software that failed and the hope is that if you restart the software, whatever transient condition occurred that caused the failure will be gone, the software can try again and hopefully this time it will work and the system will recover . The weapon's computer provided several reset levels so you could restart only the failed job. You could restart a job group. You could reset everything, but leave vital information like where you are and where you land intact.
That was called pudy. You can not. You can also ask about this in the Q&A or you can literally turn the hardware off and on again, which was called a fresh start, okay we're halfway through so bear with the design principles, period control number four, you're good, so restart. It's great, but you lose whatever your job was doing, so when your job reaches a sensitive point called a checkpoint, it can save that point for later and then if the job restarts, it can read what it saved and continue from where. stayed, for example, if you are the job that reads a lot of data from the IMU and then eventually calculates the position, you will do a lot of calculations and then eventually get a result, and once you have sensible results you can check the point to that if your job restarts you can read in the position it's not computed and continue from there, you could tell what happens if the checkpoint is wrong and in that case more draconian restarts like PD and Fresh Start would clean up checkpoint, so jobs would have to do more work to get back up and running, but at least they would start from a blank slate number five.
The hardware monitors the software and this is the most technical. the weapons computer to make it look like we were running a lot of things at the same time it used cooperative multitasking and this is different than most modern software systems with cooperative multitasking if you are a job and you are running then each very often you have to explicitly check if there is another job waiting to run and if there is you have to give control to the job that is waiting and in the weapons computer code the way you did it was that your job had to check a special variable called new job if the new job had nothing then your job could continue running happily if the new job had a value then it had to immediately hand over control to whoever was waiting and the type of coding guidelines for Apollo If a job had You have to write code to check this new job every 20 milliseconds so that there were explicit checks in the code to check the new job, you could say, "Oh, isn't this a little garbage because you have to add these checks to your code and, in First of all, it depends on people doing the checks, but keep in mind that this software was written by a team, everyone was on the same side and the software has a very specific and well defined purpose, so in those situations it is really simpler. to reason about this kind of multitasking and besides it was the only feasible way to do it now you might ask, but what happens if for some reason a job crashes and does an infinite jump and never checks back properly for a new job in that?
In this case even if there are many jobs waiting they will never be able to run because the new job is never verified well, the solution to this is in the hardware so the hardware knows the special variable of the new job and therefore , if the software gets stuck and I never checked the new job again, then the hardware will restart the computer after 640 milliseconds, that's how the system stopped hanging and finally number 6, the central lemma tree, so in the demo I was showing you disk II and, if you remember, it's like noun verb and three. numbers, so that's enough for astronauts, but it's a pretty primitive way of understanding what's happening.
Houston needed much more information for the weapon's computer to periodically send its internal state to Earth and there would be around 100 numbers that would give the state of the computer, for example, where is the speed at which it is going, what is desired, where is it going to landing, the current schedule that is running the number of jobs, etc., etc., so a lot of information and then back in Houston there was a whole team of people completely dedicated to searching. after the guidance computer and spent the day looking at this telemetry to make sure the system was working correctly.
To summarize, use a high-level language to make complicated algorithms easy to write. Split your system into jobs where each job simply does one thing if the software crashes, restart it, hopefully whatever caused the error will be gone. We can have another game checkpoint. You are in good conditionso that if you restart it, you can continue from a good place where you left off. The hardware monitors the software to make sure the system doesn't hang and sends telemetry about your system to a group of experts who can understand it and make sure it's working well, so now I'd like to get back in the cockpit and explain those annoying alarms of the program first.
I lied to you, there was an extra radar on the spacecraft called a rendezvous radar and the rendezvous radar was completely useless when you landed on the moon, completely useless, but when you took off again, the rendezvous radar is what was used to find the command module and I must say that in this section I am making a couple of simplifications, but I am telling it better than most people, so you will still get the best story in the master, now that we have seen that everything is complicated. It runs the software that does all this landing stuff and it was actually the most processor-intensive part of the flight, so I set the computer to about 80%, which for any engineer is pretty close to the wire, but that's okay, The problem was the rendezvous radar. they had a hardware bug that they never found during testing, but hey, the moon landing is a one in a million event and of course, join them in the actual landing, they found the hardware bug.
The hardware error meant that the rendezvous radar sent a stream. of data to the computer and the data flow was I can't see anything I can't see anything I can't see anything I can't see anything it's a bit like having a really annoying friend tapping you on the shoulder they turn around and have nothing to say and they continue to do so. Hardware Berg puts the computer below 15%, so it puts an additional 15% load on the computer. Now 80 plus 15 is 95 percent, even I can do that, so it's actually okay, this is Hardware Berg, but the computer can still wobble, it's totally fine and this means that when they were in descent orbit and, in fact even in the early bits of p63 they didn't notice anything was wrong because the computer was just overcrowded to handle the load so what changed well what changed was Buzz Aldrin.
Buzz Aldrin was clearly very excited to get to the mean and so he typed the verb 16 now 68 into the computer, which means please show me additional information about the landing and please recalculate that constantly and refresh the screen now. I'm making fun of Buzz here, but this was completely, it was a perfectly good thing for him to do and he had done it in training hundreds of times without any problems, however, in order to handle that request, an additional piece of code is started to handle verb 16, noun 68 tasks and that puts the computer under an additional 10% load, so now the computer is overloaded, it's only slightly overloaded, but it's overloaded and so on for a course.
Within a couple of seconds, it falls into slow motion, like this, the jobs pile up and the computer, because it's overloaded, can't send them fast enough, so seven jobs are scheduled and when the eighth job arrives, it never arrives. should happen, there is a problem there is no memory to store that work and that is what the program 1202So what does Berthsy mean? Well, he has typed in the verb 16 ounces 68 and is studying the record and rubbing his hands. He's going to have his place in the story and then a couple seconds later he sees two lights that you'll never want. look when you are landing on the moon, first thing is the program alarm lights, quickly followed by the reset light, now the birds need to diagnose this quite accurately to do that, write verb 9 and verb 5, now 9 , which means, please show me the program. alarms, then the computer says that a 1202 alarm has occurred and 3 is the reset type, but the system recovers and the spacecraft continues flying, so how did it work well?
If you remember, that's the situation we got to. There is some extra code that runs Buzzy's. 1668 with the 10% extra load, it happens 1282, the computer resets several bits to try to recover, but most importantly it doesn't reset what the birds asked for because it is not considered important enough and therefore that extra load disappears, computers are no longer overloaded. and the spaceship is still flying, so that's the first alarm 1202, but the birds of course are really upset because it's on the last 4 verse 16 of mound 68 and it's gone from disk II, instead it's with Scott, this annoying program lab, so he comes over and writes in verse. 16 now 68 again, sure enough, the same thing happens, this extra piece of code starts up and is the same as before, it puts a 10% load on the computer, the system slowly crashes once it gets to shelling the 8th job and then a program alarm sounds. triggered the very similar 1201 alarm once again, the computer resets parts of the software to desperately try to recover it, it doesn't reset what the buzz requested because it is not considered important enough, the system recovers so that is the second alarm of the program , but the hum just can't take the hint.
Type the verb 16,968 again, which activates the third alarm in exactly the same way. Now it's this brilliant moment in the mission footage where the coin slowly drops and Buzz realizes the connection and he looks a little embarrassed. She says it seems. what will happen when we get a 1668, now from that point I can assure you that Buzz is sitting in his hands, he never touches the floppy disk again, he never writes the verb 16 again, now 68, because he correctly realizes that for some reason. reason. is causing these problems even though the spacecraft is still flying fine, so that's half the story, but there were five program alarms in total, the last two occurred much later in the mission, so the first I have to say they were over 25,000 feet up, so I mean, it's bad that it happened, but when you're at 25 thousand feet, you have a lot of time to diagnose the problem and determine if it's safe for the latter to happen at 2,000 feet. on the surface much later, during P 64, why did it happen? happen well, we know how it works P 64 that's the computer calculating the imaginary red dots Armstrong is moving the hand controller to change the landing site the computers do all kinds of calculations to figure out how the spacecraft should be steered, naturally he's just doing more work and so the load that the software is under naturally increases and the computer along with the Burgh hardware gets naturally overloaded without any intervention from the hum, so the fact that P 64 is more complicated than P 63 causes the last two alarms of the program, but there is one last mystery why.
Was it when Armstrong heroic Lee took manual control why the program alarm stopped? Well, that's simple, he didn't leave manual control at all. What he did, he entered p66 to have a much more direct direction of the spacecraft and, in fact, he entered. p66 early because he wasn't, he really wasn't happy with where the spaceship was landing, they were quite distracted by the program alarms and he wanted to quickly take control of the spaceship and reposition it quickly, so he went into p66 early and we know that. happens when you enter p66, the hand controller connects to the much lower level code, which naturally reduces the load the computer is under, so Armstrong, by entering P 66, reduces the load.
He doesn't know that's going to happen, but the burden is reduced and that's it. Why weren't more program alarms seen during the final stages of landing? So going back to those design principles, how did they help? We start with a failure. These program alarms occurred in parts of the software where we started and that allowed the computer to function. To recover he divided his system into jobs, which meant that even though some parts of the software were restarted, the really crucial landing software, particularly the software that kept the spacecraft stable, always kept running and it also meant that non-essential things as the 1668 buzzes were not executed. reset the checkpoint, it's healthy, so even though some parts of the autopilot were reset, the autopilot was using the checkpoint, so the autopilot would boot up and say, well, what do you do?
What am I supposed to do? and he would look at his checkpoint. and I'd say oh we're landing on the moon where we put Big O here he's at the checkpoint where are we oh he's here at the checkpoint so even though the autopilot reset I could recover roughly from where it was and eventually send telemetry back to Earth, so I hope I've persuaded you. Even diagnosing the program's alarm was a real mistake, but the fact that the computer was sending a lot of information to Houston gave Houston the authority and confidence to give Armstrong the go-ahead.
Continue because in Houston with the telemetry they could see that the flying part of the software was still working, so to conclude, I would like to pick two people out of the 400,000 that worked on the Apollo projects. The first is Steve Bales. He accepted the NASA Group Achievement Award on behalf of the entire Apollo 11 mission operations team. This is a much more exciting award than one might think from the name in Nixon's words. This is the young man when the computer seemed to be. confused and when he could have said stop or he could have said wait he said go it was Steve Bales who understood the technical meaning of alarm 1202 it was he who recognized that the spacecraft was still flying correctly and it was he who realized that the system in this exact situation would be recovered and eventually Margaret Hamilton, who led the MIT team that developed all this incredible software and was ultimately awarded the US Presidential Medal of Freedom in 2016 for her work on Apollo and her entire career developing reliable software , robust and fault tolerant.
This is the highest civilian award you can get in the United States and finally we relate it to today, so these pioneering techniques that I have taught now form the basis of all kinds of solid software that we use every day, like the best - of the Reuters range I work in, for example, there are all sorts of weird things that can happen to these Reuters, maybe a particularly strange or bad package is sent, maybe the user enters some unusual configuration, maybe Maybe the client wants to correct the code. without disrupting the flow of traffic, using all these techniques in modern software in 2019 is not as good as Apollo, but it's still really awesome, so thank you very much for listening and I'll answer any questions if we have time. the grid on the window in a lot of Apollo movies and what I've always wondered is that surely it matters where your head is and how they did it, so on windy day it had double or triple glazing and in two of the panes there was a transverse window.
So Armstrong would make sure to watch for the two crosses to merge, and again, that's common in airplane cockpits today. The Apollo program started in the early 60's and I wonder if there was much focus on this computer system you voted on. on the descent, but from Apollo 1 to Apollo 10, where they were just trying to travel to the moon, but no, it's not earth, at what stage was this computer system developed and what role did it play, if any, in Apollo 1 to 10. I don't know. I don't have a precise answer to that, so the only thing the computer didn't do was take you off Earth.
There was a separate computer on the Saturn 5 rocket that did that, so they're a very early thing, let's just get out of it. on Earth they didn't need this computer because there were two major types of iterations of this computer, block one and block 2, block 2 was the computer that took you to the moon, block one was a more primitive machine. I suspect they blew up some blocks during some of the early Apollo, possibly Apollo 8, but one of the problems they had was that the software requirements became more complex and so they realized in '63 or '4 that the Apollo machine block one wasn't going to cut so they had to redo a lot of things for the block team, so it flew on some of the first missions, but I don't know exactly what good question in the descent programs you had p63, yes, and what is the correct one, that little question from the mother. was that in the first image that stack of books was that the program for the landing this is actually a that that image that image so this is so I have often asked you this photo and two months ago I thought I should finally look into it.
I read an interview with Margaret Hamilton. They basically came to the office and said we'd like a photo of you and took any copy of the source code they could, so this is the source code, but it's probably more than one copy. I think I can imagine Lee when he would fit into one of those folders, but I'm not entirely sure, so yeah, every day I spent p65 so that,In principle, the lunar module could land only in the middle and that. That was the role of the p65 pieces if I was the automatic last part of the descent.
One of the really interesting things about all the computers on the stick was that there was some tension between the astronauts and the engineers and mathematicians that the astronauts wanted to be. able to fly the ship manually all the way, the engineers wanted everything to be fully automated and the compromise was what I showed on the screen. It turns out that humans aren't very good at doing orbital mechanics intuitively, so the computer is better. fly most of the descent, but then the kind of compromise was that the astronauts would do the last part so that p65, in theory, could take you to the ground automatically, but the astronauts would always take over and switch to p66, which would just let me do.
Please thanks. You mentioned about the person who developed the techniques they used to develop this. How would you know? I obviously work in a safety-critical software world today, so I assume this would be back then or at least today. thought would be considered some kind of critical security, I don't know if it would be or not, maybe you can answer that and then what would be the type of techniques that they use to develop it in terms of similar development models and lifestyle because they used in comparison. With the way safety-critical software is developed today, my career is based on soft real-time systems, non-safety-critical systems.
I don't know much about safety-critical software, so I'd be interested in talking to you afterwards to get your thoughts on it, however, I think this was definitely a difficult real-time system and quite safety-critical. You would be a better judge of whether the techniques I talked about would actually apply today generally speaking, would you agree or not? Yes. So one of Margaret Hamilton's contributions to the project that she was developing was turning the software development process into a kind of engineering process and starting to put some of those processes that you've been talking about because before it was much more kind of a wild west, less controlled environment for writing programs, so he recognized that this really had to be described as an engineering discipline and a lot of people laughed in his face when he said that, but he got results, so I guess I think The Apollo project, among others, was the beginning of these rigorous processes, but they have clearly evolved over time.
Hey, the answer may be the same as above, but you mentioned at the beginning: do these limitations compute ads specifically? I'm thinking like Ram, yes, the idea of ​​writing a program now with 2000 words of RAM in space was a little scary, so how did the programmers make sure they weren't violating those restrictions, and more generally how do they do it? rigorous testing to ensure that the program goes through the program where it is safe, yes the set of trade-offs they made when writing the software was a little different compared to modern times, for example, to be able to do and have enough space for all variables, if you remember, I said there is room for two thousand variables in RAM, they had to reuse the same memory location for different variables and they would prove to themselves that you would never need both uses. of memory location at the same time, today it would be like that is completely crazy - just put more RAM in the system and don't risk reusing the same part of RAM, but back then they had to do several things . so to make it all fit on the other side, I think it was a pretty small, close-knit team of software engineers, they talked a lot to each other and often in software the trick is for everyone. your engineers have to talk to each other to get everyone on the same page, so I think, but by keeping it really close to NIT, they made sure that even though they were making concessions, the system would still conform to the constraints.
Yes, Sheridan William, one of the volunteers here. He was 21 years old when Apollo 9 to 11 landed on the moon. I'm very envious and I actually saw the Apollo 17 takeoff and I also went to see which obviously I was. I'm incredibly incredibly interested in the whole thing, especially my computer science degrees, but when I met someone from NASA, probably a few years after

1969

, they just gave me the simple answer that what went wrong was because they forgot to turn off the docking radar. Was it that simple? so this this is all this so say yes you were saying that the problem was they forgot to turn off the radar and this has always bothered me because I thought I thought there was If you look at all the things all the planning that went into Apollo, I can't imagine a situation where an astronaut would have deliberately left the raid on when it should have been off, that just never made sense to me and me.
I've never been satisfied with that explanation, so my opinion is that there was a rare hardware error that was definitely discovered, they definitely discovered that hardware error, so it definitely existed and the solution was to add an item to the checklist that it says: make sure this radar is turned off, so my opinion is that it was a workaround to fix this hardware error rather than the actual course. 99 times out of 100 they could have left the radar on, which they probably did during training. and there would never have been a problem because the Burgh hardware wouldn't activate well.
It is a difficult story to tell accurately. It's a difficult topic to get to the bottom of because there are conflicting sources of information, but I can't imagine a world where an astronaut. I would have simply forgotten to turn off the radar and that's the end of the story that doesn't make sense to me. Just one more observation about restrictions. I think I wrote my first code around 1967 and you know we were used to the fact that we had very little memory in the first place, so the whole piece about how to fit everything together in some ways was a minor challenge that could be seen from the perspective today because we certainly couldn't do what you described. that it was just Excel or ramen, you know that very well, yeah, that's a really good point.
We thought we had almost forgotten how to write, or in some sense we can't write software. Yes, I couldn't write a greeting. world that took less than 100 kilobytes. I was going to return to the topic of radar and he said that one of the points was telemetry. Yes, who sees this information coming and could they also debug the problem? from the ground or they didn't know that that information was overloading the system. That is a good question. My belief, but without any evidence, is that Houston couldn't see this was happening and the reason is because The way the radar sends information to the computer is by pausing the computer, so the computer stops very quickly, giving the message "I can't see anything" to the computer and then restarting the computer, it was a very strange way. from doing IO and because it basically stopped the computer's clock from the computer's point of view it was like the computer had been cryogenically frozen and then thawed out, the computer woke up again and had no idea it had been frozen. paused because the ai was at a very low level and How strange, I don't think Houston would have named, yeah, so the question was if they had made a P65, would it have worked?
I don't know, although actually, if they had made a P65, they would have landed in their rock field. because and that's the other complicated part of the story, people conflate computer problems with Armstrong not landing in a rock field and those are two completely different things that are often completed together. Do you know how many real physical instances of the computer there were how many they built there were obviously two for each mission on the moon one of which came back I think it's like in total even test units are hundreds 100 200 most of them tragically melted down and discarded, so nowadays they are incredibly rare, yeah why is it called poop?
You're my favorite person so I love it when people ask the questions you tell them to ask us so let me take a picture of the disk door so we can see it on disk II the top number is the program number, okay, and you know like on your computer, if you turn on your computer, you might have programs running, but if there's nothing running, it's like the desktop and the equivalent on disk II was something called program zero and that would just mean that the computer isn't really doing anything and that was cool, because it was like program zero, so they nicknamed it "poo", and when the computer did that kind of reset, it closed the whole program, so I closed all the applications and what was left was just the desktop poop, so it was called Pudi, so it's because they nicknamed the inactive poop for program zero.
I can also say that no one has asked me that question even though I said to ask me. the question, so it's a big shout. I love it. I guess they fixed it for Apollo 12, the hardware book, so for Apollo 12 the fix was to make sure the radar went down properly and they also actually knew about some kind of cosmic ray. Blows during the computers because even though they were, they were actually flying at a time when the Sun was very active so that would actually keep a lot of the galactic cosmic rays away, but I was wondering if you knew about them, the computer It was definitely designed to be radiation hardened and used parity checking, so every time it read numbers from memory, it checked to see if they had been affected by external radiation and I think the hope was that those parity checks and the Radiation hardening would be good enough and if a party error occurred the computer would reboot, I'll just say it's a cool memory right?
It is naturally resistant to electromagnetic interference. Yes, interestingly, the parity type of calculation permeated many of the digital circuits. So I'm wondering if they were also trying to protect the actual digital logic from being reversed, but rather anything that forces James, so the question I asked him is that a common fallacy is that people assume it's less powerful than the calculator. In your pocket was the terminology used. Could you give your version of what is actually true Lex or what in modern terms what is the relative power what can we compare it to if the calculator example is so far from the problem?
It really can't be compared to any other machine because it had such a special purpose that it was made for one thing only. You'd be hard pressed to find another machine with that amount of iron, for example, and my point was more. that saying that using the computer's clock speed as a way to compare its power is meaningless because the real power of the computer comes from the ingenuity with which it was used to make it special for the actual mission, so it's like apples and oranges, yes. Going back to the number of units built, was there any redundancy built into the actual kit that was on board?
There was only one computer, so it wasn't redundant. I'm trying to remember if there was more than one IMU, there were certainly things that weren't. It was not redundant and there was only one computer, they could only afford one computer, but if during the lunar descent or any other stage they wanted to abort, a separate much smaller computer would take over and during the landing one of Buzzy's jobs was to read manually . numbers from disk II and writing them into the spare computer, but the spare computer was much simpler, all you could do was, um, do the guillotine and then get away from the moon and then fix everything else later.
I wonder during development if they had a software emulation or something at MIT. People were working on hardware. They had both, but presumably it was quite difficult because, as you said, the hardware. closely tied to inputs and outputs and real-time behavior must be very different, yes, everything about how we do things today, so one of the wonderful things about this computer is that it has hundreds of thousands of pages of documentation and test records and all types. of things, so it's a real hidden gem. One of the things I found was a lot of pages of simulation results for them to simulate the operation of the computer landing in the middle, so they clearly had the ability to simulate things like the IMU in a sophisticated way of testing the software. .
I would give my right arm for a copy of that simulation software, but as far as I know, no one has found it, but I understand they did extremely sophisticated simulations and your other question was how does that relate? To this day, yes we do, yes we would run software simulations and hardware simulations. Yes, I would say that the level of testing they did for the software is comparable to thosetests that I would do, for example, for the software of an airplane today as it was. very well tested great excellent good once again I would like to thank Robert for an absolutely fascinating talk and could I say thank you very much for coming.
It's a real pleasure to be able to talk about something that really interests me, so okay. for people seeking status

If you have any copyright issue, please Contact