NASA Office of Logic Design

NASA Office of Logic Design

A scientific study of the problems of digital engineering for space flight systems,
with a view to their practical solution.

2.6 Testing and Checkout

During its development, construction and operation, a spaceborne computer is subjected to extensive testing to insure that it performs its assigned functions properly. Much of this testing is involved with generating, verifying and debugging the software, the details of which are outside the scope of this monograph. This section briefly describes the testing required for hardware development of a typical spaceborne computer. To illustrate the level of testing involved, table 4 (ref. 15) shows the history of the design, development, and flights of the Gemini guidance computer.

table_4.jpg (78653 bytes)

Table 4. History of Gemini Guidance Computer (ref. 15)

As soon as the basic logical configuration of the computer has been determined, a functional simulation of the operation of the proposed design is performed on a general purpose ground- based computer (e.g., ref. 80). A measure of the real time required to execute the program is maintained, and the static and dynamic characteristics of the proposed interfaces to the computer are simulated. The simulation is used to verify that the instruction set is adequate, that the speed and word length are satisfactory, that the I/O provisions will be sufficient, etc. (ref. 81). Since the mission software is generally developed in parallel with the hardware, it is sometimes possible to use preliminary versions of the operational programs in the simulation. Otherwise, programs which duplicate the anticipated mission as closely as possible are used.

Hardware development is started as soon as an initial configuration for the computer has been established. Each testable item of hardware fabricated in the prototype or engineering model state is tested to insure that it is properly designed, that the mechanization of the logic is correct, and that it will perform in the anticipated environment. Generally, several iterations are required at this stage. As soon as a complete computer is available, it is subjected to thorough design qualification tests, including verification of its ability to withstand the anticipated environment while operating, including:

Each production model of the computer is thoroughly tested to insure that no fabrication or design errors were committed. A typical series of tests includes:

Prelaunch checkout of a spaceborne computer typically consists of an extensive series of tests to verify that the computer and all of its interfaces operate properly. Special precautions are required in the checkout of redundant systems to ensure that the redundancy is not masking one or more failed components at the time of launch. In the Saturn LVDC discussed previously, the problem was solved by use of Disagreement Detectors (see fig. 7). A monitoring phase is generally engaged during which the computer runs test routines at regular intervals, interleaved into any operational programs that are required during the prelaunch phase. In some systems, the monitoring phase of checkout involves the loading of a separate program into the computer. In this event, a detailed verification that the program has been loaded properly is performed before the active phase of the testing is finished.

Inflight testing of the computer, one of the major operational functions, has been discussed previously in section, 2.1.6.

Home - NASA Office of Logic Design
Last Revised: February 03, 2010
Digital Engineering Institute
Web Grunt: Richard Katz