After the recent successes of Space X with The Dragon Heavy Launch vehicle, I thought it would be interesting to understand how the software that is used in these systems is developed.
What languages [and] environments does SpaceX use?
- Examples include: Python, C++, Go, vim, bash, GNU screen, LabView, and a lot of internally-grown technologies.
- They work on everything from large-scale web applications to tiny embedded computing platforms.
How many software teams are there?
There are four software teams:
- The Flight Software team is about 35 people. We write all the code for Falcon 9, Grasshopper, and Dragon applications; and do the core platform work, also on those vehicles; we also write simulation software; test the flight code; write the communications and analysis software, deployed in our ground stations. They also work in Mission Control to support active missions.
- The Ground Software team is about 9 people. They primarily code in LabVIEW. They develop the GUIs used in Mission and Launch control, for engineers and operators to monitor vehicle telemetry and command the rocket, spacecraft, and pad support equipment. They are pushing high bandwidth data around a highly distributed system and implementing complex user interfaces with strict requirements to ensure operators can control and evaluate spacecraft in a timely manner.
- The Avionics Test team works with the avionics hardware designers to write software for testing. They catch problems with the hardware early; when it’s time for integration and testing with flight software it is typically a working unit. The main objective is to write very comprehensive and robust software to be able to automate finding issues with the hardware at high volume. The software usually runs during mechanical environmental tests.
How Big is the current Code Base?
- The vehicle code is ~200,000 Software Lines of code (sloc)
What Operating System and hardware is used?
- Operating System = Linux
- Hardware = Intel x86 for flight controllers and Power PC for hardware controller
- This allows a single workstation to simulate every controller and processor. Hence allowing for automated testing en masse.
- Falcon 9 has:
- Three flight controller strings on the fist stage and three on the second.
- Falcon Heavy has:
- Twelve flight computer strings on lower stages.
- String cores run two instances of Linux and the flight software, one on each core, on the dual core cpus.
- “The triple redundancy gives the system radiation tolerance without the need for expensive rad hardened components. ”
- Most flight control systems are triple redundant for reliability (“triplex”).
- The use of radiation hardened components is not needed for a suborbital FCS system like that used on Falcon rockets as the flight control is not exposed to enough radiation over a long enough period to induce a fault in the processor, bus, etc.
- System that are on-orbit or used for deep space control would generally use rad hard silicon on insulator or silicon on sapphire processors like the hardened PowerPC
Does SpaceX implement continuous testing?
- Yes, the goal is to have a code check-in flight validated in a single day.
What is the typical background of a SpaceX Developer?
- Game designers have the culture fit they’re looking for.
- Game designers typically need to optimize their games for real time or near real time performance,
- They must utilize the resources given as best as possible, and must develop and deploy quickly.
How does the Test team determine how to improve the quality of the system?
- They developed all the tools that gather data from static fires, engines tests, etc.
- These tools give the engineers easy access to the data they need to make informed engineering decisions on the health of the vehicle and for redesigns.
How does SpaceX achieve high reliability for the system?
- SpaceX uses an Actor-Judge system to provide triple redundancy to its rockets and spacecraft.
- The Falcon 9 has 3 dual core x86 processors running an instance of linux on each core.
- The flight software is written in C/C++ and runs in the x86 environment.
- For each calculation/decision, the “flight string” compares the results from both cores.
- If there is a inconsistency, the string is bad and doesn’t send any commands.
- If both cores return the same response, the string sends the command to the various microcontrollers on the rocket that control things like the engines and grid fins.
- SpaceX engineers perform what they call “Cutting the strings” where they randomly shut off a flight computer mid simulation, to see how it responds.
- The microcontrollers, running on PowerPC processors, received three commands from the three flight strings.
- They act as a judge to choose the correct course of actions.
- If all three strings are in agreement the microcontroller executes the command, but if 1 of the 3 is bad, it will go with the strings that have previously been correct.
- The Falcon 9 can successfully complete its mission with a single flight string.
- The triple redundancy gives the system radiation tolerance without the need for expensive rad hardened components.
- SpaceX tests all flight software on what can be called a table rocket.
- They lay out all the computers and flight controllers on the Falcon 9 on a table and connect them like they would be on the actual rocket.
- They then run a complete simulated flight on the components, monitoring performance and potential failures.