The probability of successfully completing a mission which requires an onboard computer can sometimes be greatly increased by designing the computer in such a way that it is able to detect certain types of transient failures, errors, or power interruptions and to pick up the processing again after the transient has passed. This is called a restart capability. Sometimes, more than one level of restart capability is prescribed. The Apollo G&N computer, for instance, has two levels, restart and fresh start, which together are able to pick up and continue the program after certain hardware errors (parity error, oscillator fail), software errors (single instruction loop, excessive time in interrupt mode), or external occurrences (loss of power). The Gemini computer and the UNIVAC 1824 also had similar though less extensive capabilities.
Not all computers have this provision nor do they require it. The Saturn LVDC, for instance, is not designed with a restart capability because no practical restarting sequence could recover the mission in the event of a transient problem in the LVDC during the boost phase. Instead, the LVDC uses extensive redundancy, as described earlier, and is designed to be especially resistant to environmental effects such as EMI. To illustrate the success of this design, the LVDC was able to place the Apollo 12 mission into a nearly perfect parking orbit after the vehicle suffered several lightning strikes during the first several seconds after liftoff.
Home - NASA
Office of Logic Design
Last Revised: February 03, 2010
Digital Engineering Institute
Web Grunt: Richard Katz