Slashdot Mirror
The Software Behind the Mars Phoenix Lander
chromatic writes "Imagine managing a million lines of code to send over seven hundred pounds of equipment millions of miles through space to land safely on Mars and perform dozens of experiments. You have C, 128 MB of RAM, and very few opportunities to retry if you get it wrong. O'Reilly News interviewed Peter Gluck, project software engineer for NASA's Mars Phoenix Lander, about the process of writing software and managing these constraints — and why you're unlikely to see the source code to the project any time soon."
No one could need more than 640 K of Memory
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
How many lines of code can 128 MB of RAM hold and what is the average 'line' for C?
128 MB? I thought 640K was more than anyone would ever need...
Does it run on linux?
What is best in life? To crush your enemies, to see them driven before you and to hear the lamentations of their women.
basically, its because the code is part of a space vehicle regulated by international arms and trafficking laws. That means Joe Blow doesnt get it.
Sorry dude, you're Joe Blow. Unless you're reading this from a JPL/NASA'ish sort of place. Then you're just smirking.
===================
FTA:
Sort of on a different topic, I have a quote here. One of our editors talked to Frank Hecker from the Mozilla Foundation the other day.
Okay.
In that talk, he suggested that all software developed by the Federal Government should be released to the public domain or a very, very liberal open-source license. That's not even a copyleft license. Does the American public have any access to the source code currently on the Phoenix? Are there plans to make some of the source code available?
Well, no. There are no plans to make that available. And one of the issues that we have is that our spacecraft are designated as subject to international trafficking and arms regulations. So even --
Crypto regulations in exporting and such?
Yeah. Yeah. I mean even though these are not military spacecraft, the technology used in them is space technology. And so the State Department does not allow us to release anything that we've done in terms of technical details to foreign scrutiny. Now, in fact as I said, we have a team of Canadians. The Canadians delivered our meteorology instruments, and we had to be very careful about our relationship with them and how much we could disclose to them.
Really?
Yeah. Yeah.
I can see that in applying control software, but how about the payload software?
Even the payload software -- in this particular case, remember that the payload software operates within the confines of the RAD 6000 that contains the spacecraft software. And although the newer versions of real-time operating systems allow you to compartmentalize better, the older ones are just global name space. So there really wasn't any way to allow them to provide software for the MET instruments. So we had to define an interface and build the software at JPL, and then do our integration testing. And we worked closely with the Canadians in terms of the integration testing and making sure that the software was going to do what they needed it to do.
Right.
But we could not actually release the source code to them.
There's nothing Intelligent about Intelligent Design.
a related story? http://developers.slashdot.org/article.pl?sid=08/06/06/2333206
I'm curious how many old kinds of code we're still communicating with. FTA, Cassini is ADA-based. I know the Voyager craft are in FORTH (my first programming love).
But you didnt read the article, you were more just hoping for a slashdot linux rally cry or something, werent you.
But if someone crys in a dark basement creepily lit by a monitor, does anyone here it?
Damn, i guess I did.
There's nothing Intelligent about Intelligent Design.
Maybe because it's freaking NASA?
This is basically the reason why space technology is so primitive. The science has been stifled for years by government regulations.
How we know is more important than what we know.
Managing a million lines of code that controls a device that will forever change how humanity views itself and the universe. No, the universe doesn't revolve around the earth. There is life out there, and there is no god.
You underestimate the religious people. God put any and all life in the Universe. The Universe was create by God and therefore any alien life is also God's children.
I will start one of the first giga churches that will preach to many planets and I will become the richest person in the Universe.
call me the Mule
Just open the existing code base for the previous lander and cut&paste.
It's a tricky balance though. Nuclear missile launch codes are also -- technically -- public property, yet I am not sure it'd be a good idea to release that in the public domain.
I think the way things are handled right now is the best we are going to get: basic science is open, applied scientific results are secret.
Obama likes poor people so much, he wants to make more of them.
Neither the basic science, nor the applied science (aka engineering) is open.
The only reason any of us know the rocket equation is because it was invented before these laws were.
How we know is more important than what we know.
Space technology is not "flawed." It is rigorously tested to survive A)Lift off B)Months and years of dormancy C)Descent D)Operation on another planet millions of miles away, with minutes-long latency. Beyond that, it has to be tested time and again to make sure there are NO errors. If you computer at home freezes, you hit reset. Trying pushing the reset button on a Mars rover--let me know how that works out for you. Space technology is not primitive. It may seem simplistic, but that's to guarantee functionality. Read the definition of "mission-critical" and think about what you typed there. It's a little different that "recreational software development."
..is slap a nerd from here to Mars. That doesnt mean one hard slap either. That means we are both on a ship and i am slapping him the whole way.
In soviet canada, mars probe software discloses you?
Effectively, the US gov't is saying that information/human knowledge (or at least, some information) is a weapon. That would make Stallman's position that everyone deserves access to all human knowledge somewhat analgous to the Fourth Amendment, no?
Weird!
Funny but I would say that Phoenix is anything but primitive.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
I seem to be getting a lot of recent hits on http://scholar.google.com/scholar?q=rocket+equation
Obama likes poor people so much, he wants to make more of them.
Nuclear missile launch codes are also -- technically -- public property, yet I am not sure it'd be a good idea to release that in the public domain.
Why not? I would think they'd be pretty useless without the rest of the stuff in the football and clearance through whatever other security protocols there are.
upon the advice of my lawyer, i have no sig at this time
Hehe, by today's standards. Compared to the entire future history of space technology, we're still in the primitive phase.
How we know is more important than what we know.
Those ones using pounds and miles have a tendency to plow into the surface at terminal velocity.
If you do it right, they'd be pretty useless anyway. Ensure that no two missiles use the same code, order the codes randomly in the document, and don't release the secondary document that provides the lookup table for associating a particular missile with code number 79 on page 5428. :-)
Check out my sci-fi/humor trilogy at PatriotsBooks.
I was told that the reason space craft run on very old perating systems is not because of the ideas you're thinking, but because old operating systems have basically no unknown quirks. They are having anything unknown pop out.
the actions the have to undertake are just fine on old tech, because OLD = PROVEN in alot of cases.
There's nothing Intelligent about Intelligent Design.
What's that have anything to do with it?
NASA has an OSI approved license:
It could probably be easier to find NASA software, and I doubt this particular software would ever be released, but there's lots of NASA software that's been released:
There's issues because much of NASA stuff is done as part of grants, and so it's officially owned by the academic / research institution that won the grant ... as such, there might be other NASA funded code that's out there, that you don't know is NASA code... at least one program (AISRP) has started a place to collect software by grantees.
I've been to NASA workshops where there's plenty of code that's being written where people would LOVE to have their software find a broader audience. At the last one, we had an hour debate on if we were allowed to release code as GPL, as that'd place restrictions on the use of the code (that derivative copies have to be open), which should not be done as the software was developed w/ federal money and as such citizens should be free to do whatever they want with it. I think someone was assigned to talk to NASA's legal department and find out what we had to do to release our code.
Build it, and they will come^Hplain.
Your assumption that we will progress even further is not an unreasonable one. But what if...
What a horrible interview.
WHen interviewing someone, you don't tell them what they know, you ask them.
An example:
"That's not a really beefy embedded board actually. It's what, thirty-three megahertz?
Yeah. That's â" yeah.
About 128 megabytes of RAM?
That's right.
I imagine that produces some interesting challenges, getting all of that software to run together on that board while also having it land on the planet successfully.
"
Painful.
The Kruger Dunning explains most post on
So how much of that 128MB does the VBRUN60.DLL take?
The same amount it takes on Earth.
Is the reason they hide it is to conceal the fact that it was originally open source code and they just copped it to use for this since they were not up to the task. Might sound conspiratorial but I have seen my work stolen to be incorporated into computers for the military and they even left my back doors in there. That is not some fantasy of mine. I have one of the battlefield computers with my code in it and it is because they went to mil. surplus and not destroyed like they were supposed to be. A military contractor can save money by stealing code from anybody and never worry about being sued for stealing it.
if they wrote it in perl, it would only be 1 line.
The Kruger Dunning explains most post on
Libertarians should take up diving as a sport. And PLEASE leave your regulation of your air supply behind.
Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
good one man
While in a lot of places ITAR can actually hurt us, this is actually helping us. A log of this software would be useful to countries to help them develop precision guidance systems for their missles. As it is, Iran uses GPS to help with their system, and a another dead reckoning system. Apparently, Iran is looking to add in Beidou as it becomes available (overall, clinton pretty good, but his china policy was a disaster). Even China would use this code.
I prefer the "u" in honour as it seems to be missing these days.
4-bit, bit-slice CPU
4k RAM
~14k tops data rate for the top transfers, and about 200k total on-board storage. And a couple Libraries-of-Congress of data to take, every 20 minutes (don't ask about the other downlinks Can't tell you.) We did it about 1980. In space. I wrote the Fortran/assembly64 code. They were so pissed off when I required an additional couple one-shot chips to shuffle the data to the xmitter, that they made me do the orbit re-calcs to make up for the additional ounce of spacecraft weight. Showed them--sat in one afternoon. And gave the lecture.
NASA releases lots of items. For example, they were the ones that did the original network card drivers for Linux.
And to be honest, even the NSA releases a fair amount of OSS. Keep in mind that they have 2 missions.
I prefer the "u" in honour as it seems to be missing these days.
Too bad O'Reilly didn't sweet talk them into open sourcing it; It could have been O'Reilly's first animal book with a xenophobe on the front. Unfortunately here's the governments stupid answer on open-sourcing it:
"Well, no. There are no plans to make that available. And one of the issues that we have is that our spacecraft are designated as subject to international trafficking and arms regulations. So even â" ((Crypto regulations in exporting and such?)) Yeah. Yeah. I mean even though these are not military spacecraft, the technology used in them is space technology. And so the State Department does not allow us to release anything that we've done in terms of technical details to foreign scrutiny. Now, in fact as I said, we have a team of Canadians. The Canadians delivered our meteorology instruments, and we had to be very careful about our relationship with them and how much we could disclose to them."
I mean, Sheesh. So don't release the crypto-keys, dumbass. As for the rest of it, if anyone else wants to build their own mars space probe, all the more power too them. Government works aren't covered under copyright anyway. This is some petty-minded mulberry patch guarding by NASA. Try and see the bigger picture, guys. That's your job after all.
#include void main() { printf("Hello Mars\n"); }
I throw away hardware better than that! (For the greenies, please read "recycle" instead of "throw away".)
it's trivial to implement. Just create a device that temporarily cuts the power periodically unless instructed to do otherwise by the computer. Voilà you got an automatic reset switch.
Even if you did get it, what the hell would you do with it? It isn't like you could borrow a snippet here for the video codec you are writing or post a snippet on the forums there to help someone with the chat program they are writing. Even just reading it straight out is going to be like studying hieroglyphics because you don't have all the hardware specs for the devices being controlled, etc. etc... Unless you're writing some pretty sophisticated device drivers, the mix of hard and soft real time in code like this is waaaay outside of what the vast majority of coders will ever work on.
It's cool and all to have source code to study and learn from, but the code to something like Phoenix strikes me as little more than digital Viagra.
...using something as error prone as C. And neither did JPL, originally. You might find this an entertaining read.
http://www.flownet.com/gat/jpl-lisp.html
I suppose it's inevitable that the summary of a Slashdot article is inaccurate, but in this case it's highly misleading. The code in the Phoenix Lander has nothing whatsoever to do with getting it to Mars. The Spaceprobe Navigation Package (Are they still using MOPS and TRAM, I wonder? After all, they were good enough for Voyager I and II.) run on mainframes at JPL, in Pasadena, and course corrections are sent from their to the space craft. This is because the same programs doing the navigation for Phoenix can be used at the same time for other missions, instead of wasting valuable memory (and the energy needed to run them) on putting a separate copy of the program on every, single probe.
Good, inexpensive web hosting
No million line API's to conform to. No overlooked, hidden RFC on page 3000 of the latest standard revision from Sony. No implementing everything twice. Peter Gluck, software manager, must be a huge asset with the C language obstacle. Software management triumphs again.
Actually the source code would probably not be very instructive, even if was released, due to strict rules set down in the JPL code requirements (no use of dynamic memory for example) that would make the programs largely unsuitable for re-use in other projects or, at the very least, a poor example of how to write efficient code (no malloc, pointers, or other associated language features).
Dude, the lunar lander program crashed repeatedly on Neil Armstrong and Buzz Aldrin right when they were trying to land on the moon. It was so bad, that mission control basically told them to ignore it and Neil went ahead and landed the thing really by the seat of his own pants. You really can't have a bug much more worse than that!
When you think about it, space software is probably the most unreliable software there is. I mean, it is a classic cathedral design, has only a handful of users, and so, yeah, they can do a lot of testing, but, they miss stuff. Look at how often they have to upload patches to the ship while it is in flight.
This is my sig.
Am I the only one who, out of the whole article, read
"the hardware has to be stroked every 64 seconds"???
So thats the secret! If a windoze box locks up, dont hit it!, stroke it....very softly
You're the project software engineer. I noticed that was singular. Is there just one product software engineer? Like sort of the managing engineer for the project?
Yeah. Project Software Systems Engineer is the title. And our software was developed -- the flight system software was developed in three different locations. Lockheed Martin developed the spacecraft software, and then we had payload software developed by both the University of Arizona and the Jet Propulsion Laboratory.
So Peter what is it that you do here?
I hand specifications to engineers that write the flight software.
So you take the papers to them?
Well no my secretary does that...
Got Code?
If being primitive means stable, predictable, and rock solid dependable - by all means bring it on!
Seriously, sometimes you simply don't need more processing power as it doesn't buy you anything. The missile fire control system I worked on in the Navy only had a clock speed of 1MHZ, but it still spend a fair amount of time waiting for the hardware to catch up. (Physical events in the real world take time.) Being able to add a decimal place or two of accuracy when solving the trajectory equations wouldn't have bought you anything either, because the hardware couldn't take advantage of it.
Tightly integrated systems like my fire control system or the Phoenix lander can't be judged by the standards of the FOTM commercial/consumer market.
Here's an interesting web-page on the processors used in various space probes over the years.
http://www.cpushack.net/space-craft-cpu.html
It seems Viking was the first to use micro-processors. Before that they used TTL, which is sort of a roll-your-own CPU based on bunches of simpler logic chips (NAND gates, multiplexers, etc.).
Table-ized A.I.
Five numbers. It's got half the code.
One.
- Put X in the centre square.|- I know.
- Six up.|- There's no way you can win.
I know that. It doesn't. It hasn't learned.
- Is there any way to make it play itself?|- Yes. Number of players zero.
Seven!
Come on. Learn, goddamn it.
Eight.
It must be caught in a loop. It's taking|power from the rest of the system.
Nine numbers.
Ten! It's got the code. It's going to launch.
Colonel Conley, call SAC.|Get me a launch status report.
Major Davis, get me the president.
How you doin', Colonel?
Land lines out of the mountain are dead.|I'm trying satellites.
- What's it doing?|- It's learning.
Greetings, Professor Falken.
Hello, Joshua.
Strange game.
The only winning move is not to play.
How about a nice game of chess?
Colonel Conley, take us to DEFCON 5.
Yes, sir.
basically, its because the code is part of a space vehicle regulated by international arms and trafficking laws. That means Joe Blow doesnt get it.
Sorry dude, you're Joe Blow. Unless you're reading this from a JPL/NASA'ish sort of place. Then you're just smirking.
Maybe he's a rocket scientist. What do you know about Mr. Blow's job?
Here's something interesting about nuclear launch codes:
America's gaggle of "Minuteman" long-range nuclear missiles went on line for the first time during the Cuban missile crisis in 1960 1962. But the world was supposedly protected from mutual assured destruction by the "Permissive Action Links" (PALs) which required an 8-digit combination in order to launch. Robert McNamara, then the U.S. Secretary of Defense, personally oversaw the installation of these special locks to prevent any unauthorized nuclear missile launches. He considered the safeguards to be essential for strict central control and for preventing nuclear disaster.
But what Secretary McNamara didn't know is that from the very beginning, the Strategic Air Command (SAC) in Omaha had decided that these locks might interfere with any wartime launch orders; so in order to circumvent this safeguard, they pre-set the launch code on all Minuteman silos to the same eight digits: 00000000.
For seventeen years, during the height of the nuclear crises of the Cold War, the code remained all zeros, and was even printed in each silo's launch checklist for all to see. The codes remained this way up until 1977, when the service was pressed into activating the McNamara locks with real launch codes in place. Before that time, the the lack of safeguards would have made it relatively easy for a small group of rogue silo officers or visitors to implement an unauthorized nuclear missile launch.
http://www.damninteresting.com/?p=167
"Well Ranger Brad, I'm a scientist. I don't believe in anything." - Dr. Roger Fleming
Hehe, by today's standards. Compared to the entire future history of space technology, we're still in the primitive phase.
That whole "OMG an IBM POWER running at 33 MHz == primitive" thing is just silly. Yeah, your telephone is faster than that, so what? It doesn't make it better than the Apollo program's on-board computer, no matter how "primitive" it is. It does everything it has to do and that's what matters. What would be the interest of having a 2 GHz CPU on a space probe rather than a 33 MHz CPU? Not that much, considering that the CPU speed is hardly a bottleneck. A faster CPU won't give more pixels to your images, it won't make you communicate faster with Earth, and it won't make you any less likely to fail.
Insisting that it's primitive is silly and ignorant of what such computers do. They don't run Gentoo and compile programs while running Firefox and playing Call of Duty 4. That would be like saying that an old iPod is primitive because its ARM7 core only runs at 80 MHz. Which is plenty for what it does, so quit it with that non-sense and false "we are primitive compared to our future selves" humility. That's just bullcrap only a scifi geek would even consider thinking.
You just got troll'd!
That seems a dubious claim at best. The rocket equation is relatively easily derived from conservation of energy. A reasonably competent physics student should be able to figure it out themselves as a homework assignment. Some nutcase might argue that ITAR is intended to cover such "technology," but restricting science that basic just stifles education without any benefit.
That said, my impression is that ITAR is a slightly too restrictive. I personally haven't had to deal with it much, but I've encountered a few issues. Like the company I interned with that couldn't export a general-purpose strain gage it offered because it received some development funding from DARPA to adapt it to measuring flex in F-15 wings. At the same time, they were installing them on munincipally-owned bridges for structural monitoring. No security at all.
> and why you're unlikely to see the source code to the project any time soon
I can take a guess that might not even be admitted -- they have a very simple, bullet proof secret back door code that allows them to remotely reflash the whole damned thing as a last resort.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
After Darth Cheney launches his preemptive nuclear (for the pres: nucyuler) strike on Iran, they might as well show the public the missile launch code. The rest of the Earth will be a smoking pile of rubble five minutes later.
Well, the shuttle software has zero bugs - or seemingly as close to it as to be indistinguishable from zero.
numbers:
So we could expect the Mars code to have about 3 bugs if it's managed as well. Being that it's a short project, doesn't carry humans, and doesn't have as long a history, I'd guess it's more likely to run into the dozens.
They can field patch these too.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
You're like the 4th idiot who has replied to me and moaned about me saying the computing platform was primitive.
I was trying to say that. I was trying to say that all of science related to space and rockets and launch, etc, is primitive because it has been so suppressed.
I make this clear just a little further on in the thread, but Slashdot's thread system encourages people to not read the entire thread, so we get misunderstandings like this.
How we know is more important than what we know.
You're like the 4th idiot
Sure, *we* are the idiots. Right.. ;-)
You just got troll'd!
Or haven't you noticed how often you windows desktop "flickers". ie. It got hit by a watchdog restart.