THE SPACE SHUTTLE avionics system represents a significant advance in avionics system technology. The system was conceived in the early 1970's, developed throughout that decade, and became operational in the 1980's. Yet even today in 1988, it remains the most sophisticated, most advanced, most integrated avionics system in operational use in the aerospace arena. Some of the more significant "firsts" achieved by the system include the following.
- It represents the first successful attempt to incorporate a comprehensive fail operational/fail safe concept in an avionics system.
- It pioneered the development of complex redundancy management techniques, some of which rival the expert system approaches emerging today.
- It is the first operational aerospace system to use digital data bus technology to perform flight-critical functions.
- It is the first operational system to utilize a high-order language to develop and produce onboard software.
- It is the first operational aerospace program to make extensive use of flight software program overlays from a tape memory to expand the effective size of computer memory.
- It is the first system to integrate the flight control function with the rest of the avionics functions.
- It included the first use of digital fly-by-wire technology in an operational atmospheric flight application.
- It is the first avionics system to use a multifunction cathode-ray-tube display and crew interface approach.
- It is the first avionics system to provide extensive operational services to onboard nonavionics systems.
Such pioneering innovations and concepts are remarkable in that they emerged in a design environment which would be considered archaic by today's standards. For instance, the data processing state of the art has turned over at least four times since the Space Shuttle design was conceived. In 1974, there were no off-the-shelf microcomputers, large-scale integrated-circuit technology was emerging but immature, and the use of data buses for critical functions was considered to be radical and of high risk. Prior to the Space Shuttle, aerospace systems were made up of an essentially independent collection of subsystems, organized along disciplinary lines such as flight control, guidance and navigation, communications, and instrumentation. Each subsystem typically had its own dedicated controls, displays, and command and signal paths. The Space Shuttle avionics system not only integrated the computational requirements of all subsystems in one central computer complex, but introduced the concept of multifunction controls, displays, and command/data paths.
The overall system design was driven by mission requirements and vehicle constraints never before encountered in a space program. Significant among these were the following.
- The requirement for multiple reuse over a 20-year period - The economic and safety-related impacts of aborting after one failure required that the system have a two-fault4olerant fail operational/fail safe configuration.
- The requirement that comparison of data or performance from independent systems or components operating in parallel be the primary means of detecting and isolating failures and assessing system operational status
- To detect the second failure in a system, four parallel strings were required and baselined.
- The use of built-in test was excluded wherever possible as a less reliable fault isolation technique.
- The requirement for an unpowered landing on a runway - The stringent performance required prohibited the use of degraded backup systems.
- The autonomy requirement - Large quantities of instrumentation data, transmitted to the ground on previous programs for spacecraft functional assessment and subsystem management, had to be processed onboard and made available to the crew in usable forms.
- The Space Shuttle vehicle which evolved was an unstable airframe requiring sufficient control authority to cause structural failure if an erroneously applied hardover control actuator command was allowed to remain in effect for as little as 10 to 400 milliseconds.
- Full-time stability augmentation was baselined, direct control modes were excluded, and digital autopilots were designated to accommodate the wide spectrum of control.
- Manual intervention or switching of active/ standby strings proved inadequate to overcome the effects of erroneous hardover commands; therefore, a system approach was baselined in which hardovers were prevented through the use of multiple, parallel- operating, synchronized processors and command paths to drive force-summing control actuators.
- The large size of the Space Shuttle vehicle resulted in the weight of wire, both signal and power, being a significant proportion of the avionics system weight.
- Multiplexed serial digital data buses were used for command and data transmission throughout the vehicle.
- Solid-state remote power control devices were used to reduce the quantity of power cable needed.
A myriad of other mission, vehicle, and system requirements influenced or dictated various aspects of the design; however, the basic system concepts were derived from those described.
The Space Shuttle avionics system which evolved features a five-computer central processing complex, which provides software services to all vehicle subsystems that require them. Each computer is connected to a network of 28 serial digital data buses, which distribute input/output commands and data to/from bus terminal units located throughout the vehicle. Dedicated hardware components, unique to the various subsystems, interface as necessary with bus terminal unit signal conditioning devices. During critical mission phases such as ascent and entry, the system is configured in four redundant, independent but synchronized strings, each controlling one-fourth of the redundant sensors and control effectors required for the operation in progress. A backup, simplex software package is installed in the fifth computer to be used if a generic error causes failure of the total redundant set. During more benign mission phases such as on-orbit, the computer complex can be configured, by loading the appropriate software programs, to perform a wide variety of mission and payload support functions.
The system includes more than 270 components, depending on the mission, and uses approximately 500 000 lines of software code. Although very complex and difficult to describe or understand, the system has proven to be reliable, durable, extremely versatile, and a tribute to the multitudes who contributed to its design, development, and verification.
