Software powering Falcon 9 & Dragon – Simply Explained

Software powering Falcon 9 & Dragon – Simply Explained


Hey there! My name is Xavier and as you might know I’m
a developer. But I’m also a huge SpaceX fan and that
got me thinking: what software and hardware powers the Falcon 9, Falcon Heavy and Dragon? Let’s first take a look at what challenges
the hardware and software of a spacecraft faces when it is being launched into space. First of all its very hard to get your craft
into orbit around the earth. A launch on top of a rocket causes a lot of
vibrations and that means that the craft itself and the electronics have to be able to withstand
that. And once you get in orbit, you are welcomed
by even more challenges. Dragon for instance has to be able to cope
with intense heat when it’s facing the sun but also intense cold when sunlight is blocked
by earth. These temperatures range from -150°C all
the way up to 120°C But the biggest problem for the electronics
is radiation. This radiation comes from high-energy particles
that are ejected by our sun, particles trapped in Earth’s magnetic field and even cosmic
rays or particles from outside our solar system. These particles can have pretty severe effects
on the systems inside a spacecraft. One of the biggest problems is whats called
a bit flip. This occurs when a high energy particle hits
the memory or the processor of the spacecraft. If it hits the memory it can cause a 0 to
become a 1, essentially corrupting a part of the memory. Luckily though the software onboard SpaceX
vehicles can detect these bit flips and fix the corrupted memory by using parity bits. No big deal. However when the processor is hit with radiation
it can cause the result of a calculation to be completely incorrect. To demonstrate this, let’s ask a processor
to calculate 10+10. In binary that would look like this and the
result is obviously 20. No surprises there! But let’s now take a look at what happens
when a bit flip occurs while performing this calculation. We still ask the processor to calculate 10
+ 10 but because of the bit flip the processor is actually calculating something completely
different. Right now it will say that 10 + 10 equals
24 because one of the bits flipped while running the calculations… Wrong calculations can have very severe effects
on a spacecraft. This was demonstrated by the maiden flight
of the Ariane 5 rocket in 1996. It didn’t suffer from a bit flip, but 40
seconds into the flight, the rocket’s software tried to put a 64 bit number into a 16 bit
address causing the number to be truncated and be completely different. The rocket’s avionics then continued to
perform their calculations with this wrong number and performed an abrupt course correction
because it thought it was going to wrong way. The vehicle eventually broke up because the
aerodynamic stress was simply too high. Now back to SpaceX: how do they handle the
problem of radiation? Well they assume that you can’t protect
electronics completely from radiation and they design their systems with this in mind. Instead of using expensive, radiation-hardened
parts, SpaceX uses off-the-shelf components. Let’s look at Dragon first. According to John Muratore, previous director
of SpaceX vehicle certification, each Dragon is equipped with three flight computers. Each of these flight computers is powered
by a dual core x86 processor. The computers however don’t use the multicore
capability. Instead they execute each calculation on the
two cores individually and compare the results. So three flight computer with each a dual
core processor can be seen as 6 independent computers that are constantly checking each
others calculations. If one of the flight computers is hit with
radiation and produces a wrong calculation, the others will spot it. When that happens the malfunctioning computer
will be rebooted automatically to prevent further errors. After rebooting the computer has to perform
whats called a re-sync. It has to get up to speed with what the vehicle
is doing, so it copies the memory of the other two computers and runs the same programs. A bit like rebooting your computer with the
option to restore all your windows when you log back in. Dragon can even handle a situation where all
three of its computers are hit by radiation at the same time although thats very unlikely
to happen. Besides 3 flight computers, Dragon has 18
other systems onboard that also use triple redundancy computers. That brings the total amount of processors
up to 54! And that’s just for a single Dragon capsule. But Dragon isn’t alone, also the Falcon
9 has redundant systems. It has 3 computers for each engine (9 x 3)
and triple-redundancy flight computer which means that it carries 30 processors. At least that was the situation in 2012. Right now it’s possible that Falcon 9 has
even more processors to handle the landing. Now at this point you might be thinking: hang
on… Does NASA really allow SpaceX to use regular
hardware components? The ones you and I can buy on Amazon? Well actually yes! NASA doesn’t require the use of radiation-hardened
components. Instead they require SpaceX to do extensive
research into what effects the radiation can have on their spacecrafts. If they know how they’ll be affected, they
can compensate for it. In fact this is called a radiation-tolerant
design and is different from a radiation-hardened design. In fact NASA itself doesn’t use radiation-hardened
parts everywhere. The International Space Station for instance
uses a mix of radiation-hardened parts but they also use regular laptops for some controls. Even some parts on the Space Shuttle were
radiation-tolerant instead of radiation-hardened. But back to SpaceX: how do they select their
parts? Well they have two conditions: first of all
the parts have to be capable enough to handle their tasks – pretty obvious – and secondly,
they take into account what tooling is available for that particular part. Tooling determines what kind of people SpaceX
can hire. Off-the-shelf hardware is pretty generic and
uses software and tooling that a lot of developers already know. And that means that SpaceX has less trouble
finding great engineers. Radiation hardened parts however only work
with special programming languages that few people know, thus limiting the ability to
hire new people. Off-the-shelf hardware is also cheaper and
that allows SpaceX to extensively test these systems. John Muratore said that at one point over
40 flight computers were sitting on people’s desks for testing and development. You simply cannot do that with expensive and
hard to come by hardware. But enough about all this hardware, what about
the software that controls everything? Well the operating system of choice at SpaceX
is Linux. It runs on the desktops of the engineers and
powers its vehicles. Using Linux everywhere allows them to streamline
the development process and use the robust tools that come with it. The programming language of choice is C++
and they use it for two main reasons. First it allows SpaceX to hire a lot of brilliant
people because the language is still relatively popular. Secondly, they benefits from the large C++
ecosystem. No need to create custom software when you
can just use tools that developers already know like gcc, and gdb. But Linux isn’t the only platform that is
being used. They also use LabView a graphical programming
tool that runs on Windows. It is used to visualise telemetry that they
get from a Falcon 9 or Dragon during flight. Ground teams use it to keep an eye on important
metrics. Another interesting fact is that SpaceX tries
to share as much code as possible between its vehicles. The biggest advantage of this is that bug
fixes for one vehicle are automatically pushed to the other vehicles as well. Oh and another interesting fact is that game
developers are usually a good fit for SpaceX because they are used to writing code that
runs in environments where memory and processing power are constrained. The last thing we’ll take a look at is how
SpaceX monitors their software and vehicles. Engineers are encouraged to add metrics to
everything they can think about. When a vehicle is being used, all these logs
are collected and analysed by programs who raise an alarm if something is not within
the safety margins. All these metrics are stored together with
the source code that was running at that time. If something goes wrong with the vehicle,
SpaceX can recreate the exact environment to reproduce the problem and fix it. And finally they are using continuous integration
to automatically test all the code that is being written by the engineers. They even have test stands with all the components
of a Falcon 9 bolted on so they can simulate a complete flight to discover potential problems. More details about the used hardware and software
aren’t really available and that’s because the United States government considers it
classified. A rocket like the Falcon 9 is basically a
missile that goes to space. So in the wrong hands, the technology could
be misused and cause harm. But even with limited information we got a
pretty good view at what software and hardware is being used at SpaceX and what challenges
the teams face, considering the harsh environment in space. That was it for this video! If you liked it, hit the thumbs up button
and consider subscribing. Also follow me on Twitter for more updates
and as always: thank you so much for watching!

100 thoughts to “Software powering Falcon 9 & Dragon – Simply Explained”

  1. Also gamedevelopers: no life, used to close dead lines, working overtime(a lot).
    (Btw i hate LabView and NI software in general, but their hardware is great(bit overpriced)).

  2. I don't get what the big deal is.

    import rocket

    jsbjskj = Rocket(f9)

    jsbjskj.launch()

    while true
    if jsbjskj.offCourse()
    jsbjskj.getBackOnCourse(now)

  3. Low earth orbit doesn't require much rad-hard chips. We need them more for deep space missions (like the deep space gateway in the next decade). Source: I work at NASA on rad-hard camera systems.

  4. You are awesome, This video has a in-depth information than other videos. I doubt where did you find this info, Great work.

  5. I was impressed with these topics you mentioned CI, Linux, Monitoring, Code sharing. Thanks for clearing my curiosity

  6. Interesting to know that general purpose cpu are now being used in space x…..don't agree with That PC game developers have strict memory constraints…it's is embedded systems developer who have strict memory constraints….. aren't space is using any kind of RTOS…starange… because space missions are time critical..you didn't mention a single embedded systems being use in space x……..😅😅👍🤗

  7. Would it be accurate to describe this hardware arrangement as a 3-node blockchain? Or, is there no hashing going on there?

  8. Being in the Test & Evaluation industry for the DOD I really like the telemetry systems SpaceX uses. I know quite a bit of it is still on the NASA/DOD side but damn some of their feeds are amazing and most don’t even know just how good it is. It’s definitely taken for granted.

  9. A really brilliant engineer can work with any coding language. Marginally he may better use the language exotic features. But what makes an efficient program (good architecture, clear code, good understanding of how what you write is executed) is mostly independent from the programming language.

  10. Correction: The Ariane 5 wasn't destroyed due to aerodynamic stress. It was destroyed by its own self-destruction mechanism which was triggered when it detected a massive angle deviation to prevent it from hitting the earth.

  11. I watched this video because I'm a computer science major and I also love astronomy and space. So I wanted to merge computer science with space and it turns out into create software for flight missions. I intend on working at Space X. Who's with me?

  12. here's how to solve for radiation and heat:
    coat the damn computer in water.
    WATER COOLS THE PROCESSOR AND ABSORBS RADIATION.
    SoLUtIon

  13. this.rocket.lunch = true:

    bool flag = rocket.lunch = true:
    if (flag)
    {
    if (rocket = 10,000m)
    {
    rocket.goback():
    }

    if (rocket.goback = true)
    {
    Rocket.landing():
    }
    }
    }

  14. Thanks for sharing. I am a professional embedded SW developer and SpaceX enthusiast; so, I had been curious about their code.
    I was glad to hear they use Unix and that they don't use Python (the horrible preferred choice of a lot of Mechanical types).

    I am a seasoned C++ programmer and do like that choice; but, I think a managed programming language like C++ of Java might have some advantages.
    C++ is a loosely constrained language and is also un-managed; so, it can be more difficult to find subtle bugs (like unassigned pointers, and memory leaks) and much more dangerous when you miss them. There are techniques for limiting this; but, programmers are still people and they can make and miss mistakes and testing every possible code path is often not possible.
    I am sure the developers on the Ariane 5 did lots of testing and still somehow missed the code bug that caused the failure.
    Anyone that claims their code is 100% bug free is either deluding themselves, lying, or not looking. I am not really sure which one of those is worse.

    The advantage of C++; though, can be better real-time determinism. With UNIX and C++ on an X86 core, one project I was on achieved sub-microsecond determinism.
    At the speeds they are flying, that may be the bigger concern. There are ways to build more safety of C++ code, especially if they don't use other people's libraries.

    Thanks for the cool info.

  15. These things are CONTROLLED by software. They are POWERED by chemical reactions, not software. OK, I'm nitpicking, but still…

  16. Software powering Falcon 9 & Dragon – Simple Explained….. Stolen and/or borrowed (without the consent of the owners).

  17. Everything good, only one minor detail as you said they use parity to detect a bitflip in memory, they also use SECDEC technology to detect and repair bitflips – check TMS570 processor family from Texas Instruments.

  18. Game developers don't make a good match merely because of memory and processing power constraints. All developers work in that environment in one way or another. They make a good match because while they have those constraints they also have to make their software perform as fast as possible whereas most other systems can wait a little while.

  19. Ok, now I'm curious about what kinda processors are used in military hardware like f35, f22, Abraham tank, drones etc?????

  20. Game Developers are usually rather bad developers. They adapt very slowly to "new" technology (like 64bit) and are overwhelmed with things like parallelisation, IPC, advanced memory management, asynchronous I/O etc. Often, games would not be able to achieve the performance a given hardware offers by a large margin.

  21. Software or hardware it is all finally what counts is if a shuttle is finished at the cheapest price. SpaceX is very expensive 🤨

  22. in programming the electronics inside it nlike a computer inside the rocket , do software developers do it or software engineers

  23. algorithms are designed by control systems engineers, it's a mathematical field, and it's 80% – 90% of the work, software engineers alone, with just programming knowledge cannot develop this software, it's like those PID controllers used in drones.

  24. Small correction: There are select rad hardened mcus and mpus that have rad hardened models. They work just like any other processor would software-wise. There are some small quirks and handicaps, but they don't require any sort of special software engineer to code. These don't use special programming languages.

  25. Well you left out the interesting part. How do they cope with multiple processor failures? How do they recognise failure on the two remaining processors, if the third ine reboots? This would lead to the rebooting computer copying a possibly failed computers data. How do they prevent this?

  26. Will the BFR use the same X86 processors and sue the same technique to protect them from bit flips or will they use actual shielding?

  27. Hello, thanks for sharing, and I am also curious how they handle real-time tasks, also on Linux with real-time kernel? Or some rtos options? Thanks again

  28. Wait a minute, I heard they use Ada language and also what typeof kernel they use? Micro or mono kernel? Ot maybe just bare metal programming .

Leave a Reply

Your email address will not be published. Required fields are marked *