NASA Office of Logic Design

NASA Office of Logic Design

A scientific study of the problems of digital engineering for space flight systems,
with a view to their practical solution.

2.1.6 Computer Self-Test

A special case of systems checkout is the checkout of the computer itself, which generally requires the running of a self-test program. When an error is detected, its cause may be diagnosed and the error corrected or the computer reconfigured to minimize its effects. This task generally has a minor impact on the computer speed requirements since the self-test program is typically executed every one to two seconds, and is assigned a relatively low priority. However, additional hardware requirements for diagnosis and reconfiguration may be substantial and memory must be provided to store the checking routines.

Typically, a self-test program for checkout or restarting is a boot-strapping procedure which begins with the verification of the most elementary set of instructions, i.e., those which rely on only a fraction of the computer hardware in order to operate. These instructions are then used to construct a decision-making subroutine which verifies some primitive condition on a YES-NO basis. Once verified, this subroutine (or several similarly constructed) is used to check all other instructions and variations in sequence, beginning with the next least complex instruction and working up to the most complex instruction. After all instructions are verified, input/output (I/0) and memory self-test programs check the remaining hardware.

Self-test routines are also important for detecting malfunctions during operation. In the Gemini project, for example, diagnostic subroutines were interleaved in the operational computer program. When they detected a fault, a discrete command was issued to light a malfunction indicator lamp on the control panel. The circuit had a manual reset capability to test whether it was set by a transient malfunction. Three self checks were performed during flight (ref. 15):

In addition, a prelaunch mode check was included to verify the contents of memory syllable 2 by summing them. Since this syllable was "read-only" (after loading the memory by ground equipment), the sums could be checked against their known values to insure correct data.

 The Apollo guidance computer is equipped with a restart feature comprising alarms to detect malfunction and a standard initiation sequence which leads back into the programs in progress. The AGC has six malfunction detection devices that cause a restart (ref. 26), as follows:

Home - NASA Office of Logic Design
Last Revised: February 03, 2010
Digital Engineering Institute
Web Grunt: Richard Katz