NASA Office of Logic Design

NASA Office of Logic Design

A scientific study of the problems of digital engineering for space flight systems,
with a view to their practical solution.

References: Software





Use of Free and Open-Source Software (FOSS) in the U.S. Department of Defense



Computers Take Flight; A History of NASA's Pioneering Fly-By-Wire Project

James E. Tomayko

One hundred years after the Wright brothers, first powered flight, airplane designers are unshackled from the constraints that they lived with for the first seven decades of flight because of the emergence of digital fly-by-wire (DFBW) technology.

New designers seek incredible maneuverability, survivability, efficiency, or special performance through
configurations which rely on a DFBW system for stability and controllability. DFBW systems have contributed to major advances in human space flight, advanced fighters and bombers, and safe, modern civil transportation.

The story of digital fly-by-wire is a story of people, of successes, and of overcoming enormous obstacles and problems. The fundamental concept is relatively simple, but the realization of the concept in hardware and software safe enough for human use confronted the NASA-industry team with enormous challenges. But the team was victorious, and Dr. Tomayko tells the story extremely well.

The F-8 DFBW program, and the technology it spawned, was an outgrowth of the Apollo program and of the genius of the Charles Stark Draper Laboratory staff. The DFBW program was the high point of my own career, and it was one of the most difficult undertakings of the NASA Dryden Flight Research Center. It was not easy to do the first time in the F-8 and it will not be easy to do in the next new airplane. I hope the history of this program is helpful to the designers of the DFBW systems that will enable new and wonderful aerospace vehicles of the future.

Kenneth J. Szalai, F-8 DFBW Principal Investigator
Former Director, NASA Dryden Flight Research Center, 5 October 1999

Books by Ben "VHDL Cohen"


VHDL Modelling Guidelines

european space research and technology centre

ASIC/001, Issue 1
September 1994

Prepared by P. Sinander


   This document defines requirements on VHDL models and testbenches, and is intended to be used as an applicable document for ESA developments involving VHDL modelling. It is mainly focused on digital models; specific requirements for analog modelling have not been covered.
   The requirements concern simulation and documentation aspects of VHDL models delivered to ESA; specific rules and guidelines for logic synthesis from VHDL have not been included. Nevertheless, the requirements of this document are compatible with the use of logic synthesis. The requirements are not applicable for the case when a design database is transferred in VHDL format.
   The purpose of these requirements is to ensure a high quality of the developed VHDL models, so they can be efficiently used and maintained with a low effort throughout the full life-cycle of the modelled hardware.
   The requirements are based on the VHDL-93 standard, to minimise future maintenance efforts for updating models. However, in an initial stage the models shall be backward compatible with VHDL-87 as far as possible, since some tools will not be updated immediately.
   The requirements have been structured in a general part applicable to all VHDL models, and additional requirements applicable to different kinds of models. In addition, VHDL code examples and a list of common problems encountered have been included in order to provide some guidance to the VHDL developer. If not stated which kind of model is to be developed, the default kind is a model for Component simulation.  (Added March 20, 2001)


4 JUNE 1985



This Military Standard sets forth practices for the preparation, interpretation, change, and revision of program-peculiar specifications prepared by or for the Departments and Agencies of the Department of Defense.

This Military Standard was prepared to establish uniform specification practices in response to the need for a document comparable to DOD-STD-100 covering engineering drawing practices and in recognition of the configuration identification concepts of the DOD Configuration Management Program established by DOD Directive 5010.19 and DOD Instruction 5010.21.

This Military Standard is arranged in six sections and 15 appendixes. Section 1 states the scope of the standard. Section 2 lists the referenced documents. Section 3 states broad requirements, concepts, and practices applicable to specifications in general. Section 4 states general requirements for each of the six sections of a specification. The second digit of the paragraph numbering of Section 4 corresponds with the numbering of the six specification sections. Section 5 invokes the detailed requirements of the appendixes which are outlines for various types of specifications. Section 6 contains a list of Data Item Descriptions (DIDs) applicable to this standard. (Added March 21, 2001)


Reliability Papers: Software Software papers that are reliability-oriented.  Topics include n-version programming, diverse design, etc.

ESA Software Initiative

May 7, 2003
Kjeld Hjortnaes

Why the ESA Software Initiative
  • Late 2000 an analysis of the results from Technical Reviews of more than 18 ESA projects was conducted and reported to the ESA Management Board.
  • Top technical problem areas was on- board software:
    • Most ESA programmes experience significant development problems of on- board software. Software development schedules are often on the critical path even at the PDR stage.
    • Worldwide major failures in space programmes have been attributed to bad engineering and verification of software.
    • The software complexity, size and verification are severely under estimated.
  • ESA Management Board instructed D/ TOS, in cooperation with ESA project teams, to analyse the problem, its causes and issue appropriate recommendations.

The Role of System Safety In Software

Raymond T. LeBon and Thomas L. Fagan
Space Division
General Electric Co.
Philadelphia, Pennsylvania

Paper 69-962
AIAA Aerospace Computer Systems Conference
Los Angeles, California
September 8-10, 1969

The use of computer software in spacecraft technology is increasing.  A major difficulty plaguing other technologies is to keep abreast of this software growth. This is especially critical for system safety when involved in manned aerospace efforts.  The concepts of system safety must now be employed in the major areas of aerospace software development.  These areas include ground checkout software, command and control software, and on-board programs.  Each has its own specific safety problems which must be recognized, interpreted and solved.  The complexities associated with each area must be understood fully before the Safety Engineer is in a position to make recommendations.  Software design reviews and configuration control are also explored in the light of their applicability to astronaut safety and mission success.

Predictions for Increasing Confidence in the Reliability of the Space Shuttle Flight Software

Ted Keller1, Norman F. Schneidewind2, and Patti A. Thornton1
1LORAL Space Information Systems
2Naval Postgraduate School

Paper AIAA-95-0951-CP
A Collection of Technical Papers
AIAA Computing in Aerospace 10
March 28-30, 1995
San Antonio, TX

We show how software reliability predictions can increase confidence in the reliability of the NASA Space Shuttle Primary Avionics Software.  These predictions, along with other methods of reliability assurance, such as inspections and fault tracking, provide a quantitative basis for achieving reliability objectives.     Without a quantitative reliability assessment, software managers have no objective basis for deciding whether the software has been tested sufficiently to be ready for a flight or whether a serious failure during flight is likely.  Our prediction methodology provides bounds on test time, remaining failures, program quality, and time to next failure that are necessary to meet Shuttle software reliability requirements.  We also show that there is a pronounced asymptotic characteristic to the test time and program quality curves that indicate the possibility of big gains in reliability as testing continues; eventually the gains become marginal as testing continues.  We conclude that the prediction methodology is feasible for the Shuttle and other safety critical applications.

Home - NASA Office of Logic Design
Last Revised: February 03, 2010
Digital Engineering Institute
Web Grunt: Richard Katz