NASA Office of Logic Design

NASA Office of Logic Design

A scientific study of the problems of digital engineering for space flight systems,
with a view to their practical solution.

4.2 System Design

The selection of the computer organization and configuration depends upon the mission requirements; the choice should be most carefully and thoroughly planned in light of available technology. The designer should consider the available diagnostic capability before partitioning the computer in terms of physical modules since the diagnostic program is sensitive to module size and functional consistency. Multiple processors should be considered since they may be capable of continuous performance despite failures in single units and have additional potential in areas such as onboard autonomy, checkout, and flexibility. If a group of computers is to be used, it is not possible to recommend any one organization since paths and functions are not uniquely related. However, the following organizations should be considered: federated, dedicated, multicomputer, multiprocessor, distributed processor, and combinations of these. If dedicated computers are used, backup compatibility should be provided for critical functions. Similarly, if degraded modes are permitted in any organization, the design should provide sufficient reliability to insure that critical functions will not be affected. If a multiprocessor is being considered, development of the executive software required for the assignment of tasks must not be neglected. The use of special purpose data processors controlled by a central computer should be considered for routine and repetitive tasks because of 1) bandwidth of circuits, 2) need for computer availability in case of anomaly, and 3) fewer interface circuits and simplified subsystem testing.

Working with system designers and a knowledge of the mission requirements, a list of functions which the computer must perform should be prepared. Typical computational tasks which might be mechanized on a digital computer system for a long-range manned mission are shown in table 5 (ref. 85). A list of this type can be used as a basis for the block diagrams of the system programs as well as for preliminary estimates of the speed and memory requirements of the computer.

Table 5. Typical Computational and Data Processing
Functions of Spaceborne Computers (ref. 85)
wpe3.gif (238205 bytes)

The next step to be taken in the design process is the preparation of a block diagram showing the relation of the digital computer to the complete system. All I/O paths between the computer and the other major subsystems should be shown in this diagram in order that the overall functioning of the computer is apparent. An I/O system concept should be developed to satisfy the functional requirements. A detailed functional block diagram should then be drawn in which the individual I/O signals are shown and the overall blocks of the prior diagram are broken into specific components. When the functional block diagram has been prepared, the types of signals which each of the input devices will present to the computer and which the computer must deliver to other parts of the system must be specified. These specifications should include 1) the levels of the analog signals and their expected ranges, 2) the desired terminating impedances, 3) the required precision of the signals, 4) the frequencies at which the signals must be sampled, and 5) the grounding, shielding, and cabling requirements.

Restart capability in case of operational difficulties should be considered for all applications. Such provision should be made as early in the development program as possible, and the effects on the computer memory should be evaluated. At the same time, the effects of power supply transients should be estimated and provisions made to provide the computer with a recovery mode in case of temporary power failures. The power supply should be protected from injurious stress being imposed by an overload. Electronic limiting is recommended over fusing because it leaves the system operational if the overload is removed. Early consideration should be given to the number and size of voltage levels required. Primary and secondary power supplies should also be designated.

When the functions the computer must perform and the details of the I/O data have been specified, a block diagram of the software for the system should be drawn to estimate the characteristics of the programs required. A preliminary estimate of the program memory size should be made by roughing out the steps in the programs. The number of operands required by the subprograms should be summed to obtain an initial estimate of the variable memory requirements. If a scratchpad or a small high-speed working memory is to be used, the optimal size should be approximated. Initial estimates for the speed of the computer should be obtained from this block diagram. However, such estimates should be verified by simulation as early in the program as possible.

4.2.1 Physical Features

The size, weight, and power limitations of the computer should be specified to the designer, and, if possible, the relative priorities of these should also be provided to guide the designers in tradeoff studies. Design risks should not be taken in order to save small amounts of weight. The environment in which the computer is expected to operate, and to which it will be subjected in acceptance tests, should be specified including acceleration and vibration, mechanical shock, humidity, ambient pressures and temperatures, corrosive atmospheres, electromagnetic interference, radiation, and human factors. A means for heat dissipation from the computer is essential. Cooling methods which should be considered include conduction to a cold plate, convection (if an atmosphere is available), direct radiation, and combinations of these. Other systems, such as a wet system using ethylene glycol, should be considered.

Transients produced by relays and other electrically actuated devices should be defined and tested. EMI problems can usually be reduced by very careful design, especially in the areas of grounding, shielding, filtering, and impedance levels. Impulse noise on power lines, ground lines, and signal lines should be considered, as should the potential deleterious effect of long cables on both pulse amplitude and waveform of high frequency systems. EMI design and test requirements are difficult to specify; the use of MIL Standards 461 to 463 is suggested if no other specifications are available.

Components which usually pass initial qualification testing but deteriorate with use should be avoided. Examples of suggested alternatives are 1) the use of solid state devices to avoid mechanical contacts in relays and choppers, circuit simplification, and layout to minimize the number of connectors and conductor terminations, and 2) the use of circuitry that does not require fine wire transformers. Connectors should be keyed to prevent incorrect interconnection of modules.

4.2.2 Memory Features

To protect the system from additional demands on the memory, either the memory must be initially specified with an ample margin, or some provision for expanding its capacity must be made. The latter option is generally to be preferred, and most designs make provision for expansion at the onset. The importance of allowing ample margin for growth in the computer's memory capacity cannot be overemphasized. This margin should be a function of how well the computer requirements have been defined and is particularly important in developmental programs, such as Gemini and Apollo, in which expanded capabilities are added as the requirements evolve. To aid in evaluating the memory capacity, the expected variance in mission and function requirements should be determined. General purpose design is enhanced by electrically alterable program storage; therefore, mechanically altered "read-only" techniques, such as core-rope or missing core memory systems, should be selected with caution. Consideration should also be given to providing onboard bulk storage devices. Tape storage should be used for non time-critical items only.

Since the memory often consumes the bulk of the system power, techniques for reducing memory power requirements should be considered, such as the use of smaller cores, or partial switching of the memory elements. To reduce power consumption on long-duration missions, the computer should be capable of powering down at least part of its operation during inactive periods.

4.2.3 Processor Features

Instructions should be provided for the following basic operations: load, store, add, subtract, multiply, I/O, branch conditional, branch unconditional, and shift. As the use of additional hardware becomes feasible, serious consideration should be given to instructions for loop control, indexing, masking, and additional branching. Addition of these functions usually results in decreased program size and increased performance as well as improved programmability. For guidance and navigation applications, divide, subroutine linkage, and extended precision arithmetic should be considered as well (ref. 46).

Two's complement is recommended for data representation since it provides a unique representation for zero, does not require recomplementation, and simplifies multiple precision arithmetic. Fixed-point arithmetic should be used whenever hardware is at a premium and mission requirements are relatively stable. Floating-point arithmetic, using either hardware or software implementation, should be considered to ease the programmer's burden and to simplify software verification.

The expected rate at which inputs will arrive should be defined, and the types of signals to be provided to external devices should be stipulated. If the system must provide communication between the computer and the crew, the devices for manual data insertion and for display should be specified in detail. Data conversion techniques for manual displays should be specified; they may be handled by hardware or software.

Increased speed usually results in increased power consumption; therefore, sophisticated arithmetic algorithms should be investigated to reduce the requirement for a very high clock rate. The following techniques are recommended for enhancing the speed of the computer: 1) separate adders in a parallel machine for indexing and arithmetic, 2) parallel circuits to speed up multiplication by processing several multiplier bits at a time, and 3) single tailored instructions which perform complex jobs.

The precision requirements should be stipulated early in the design so that the optimum tradeoff between word length and double precision can be resolved. Moreover, the necessary precision of all I/O data should be established early for the same purpose.

4.2.4 Input/Output Features

System interrupts should be accommodated either by frequently executed test instructions to detect service requests from peripheral devices, or by an interrupt system which forces a branch from the main program to a servicing routine upon demand. When multiple channels may attempt to interrupt simultaneously, an interrupt priority system should be established. A tradeoff is required between the use of additional hardware to decrease instruction execution time and thus permit programmed polling of requests, or to implement the interrupt system without altering instruction execution time. To the extent possible, the location of all possible interrupts during a program should be determined and their effect on the program operation examined, including interrupts within interrupts. Protection against interrupts should be provided at points in programs where their occurrence would be harmful. Direct control of I/O data should be considered for computations in which the data output is small compared to the amount of calculation, since I/O-to-memory channels are cumbersome to start and stop. An adequate number of external test points should be provided, even at the expense of a small weight penalty.

The interface between the computer and all subsystems with which the computer must communicate, including test equipment, should be specified functionally, mechanically, and electrically. Standardization of interfaces is emphatically recommended. Moreover, the interface should be asynchronous or self clocking to minimize hardware changes due to system modification. Whenever possible, the interface design should be independent of cable length or logic delays internal to the peripheral equipment. If the computer is to be self checking or tested manually, the I/O techniques which are to be used should be specified. The tradeoff between performing routine I/O format calculations at the peripheral device or within the central processor should be investigated. If A/D devices external to the computer are provided, both the output levels of these devices and the technique for interfacing them with the computer should be specified. The sampling rate should be designated as well as the ability of the A/D converters to buffer information during intervals in which the computer cannot respond immediately.

Home - NASA Office of Logic Design
Last Revised: February 03, 2010
Digital Engineering Institute
Web Grunt: Richard Katz