What happens when you put a few million lines of open source software into orbit? At this point, maybe nobody knows. We’ll all get to find out soon, however. Wind River Systems has just announced a deal with Honeywell Aerospace that will place the company’s Carrier-Grade Linux (CGL) on board the “New Millenium Program Space Technology 8” (ST8) spacecraft, scheduled for launch in November 2009. Wind River’s CGL (See, we’re talking like space-pros already – making acronyms for everything) will be seated in what certainly could be described as the first-class section of the ship – the “Dependable Multiprocessor” (DM) payload. So, in space talk – “CGL will be on the DM in ST8.”
See, we are practically astronauts already.
Image courtesy of NASA
By the way, did you see that image above? Think anybody on the project might have been a Star Trek fan?
The DM experiment, “Dependable Multiprocessor,” is basically about putting a supercomputer into space. The thing is, it’s nearly impossible to get a supercomputer to work here on the ground, let alone in orbit. To make matters worse, the biggest enemy of supercomputing is excessive power consumption. Supercomputers are often designed in cooperation with public utilities so that they can meet their supply and cooling needs. In space, two of the things that are in short supply are power and cooling air. Is this starting to sound fun?
Everything about engineering systems for space isn’t the cakewalk that wimpy solar power, no cooling air, and $1000/ounce to get in orbit all imply. There are difficulties too. There are lots of fun particles (like neutrons) flying around that can splat into your memory elements and registers randomly and flip a bit. You write some data, you wait awhile, and then you read different data back. No big deal, right? Developing a supercomputer to meet this challenge, as you might guess, is a formidable task. Would you pick an open source operating system that’s maintained by thousands of random volunteers from around the globe on an ad-hoc basis to run on the thing? Honeywell did.
Before you go getting all judgmental, remember that Linux (and derivatives thereof) has been the OS of choice in the supercomputing community for a while, now. You wouldn’t, however, want to launch just any old version of Linux into space. This is where Wind River comes in. Wind River has found the perfect slot between open source chaos and proprietary control with their Linux support. There is a fine line to walk between supporting a standard distribution of Linux and creating and distributing your own version. Wind River has found a place to walk inside of that line. They distribute a pristine-source kernel and provide a transparent system to apply patches and additions. You can build exactly what Wind River built, exactly what the online distribution has, or anything in between. This gives a “best of both worlds” effect that lets you have the confidence of a supported OS with the control and broad-based, open development of an open-source system.
One of the ideas behind ST8 is to put a spacecraft together with as much commercial off-the-shelf (COTS) content as possible. Since most COTS hardware and software was never designed with space travel in mind, this is a difficult mission. Honeywell will be starting with Wind River CGL, but what goes into space will undoubtedly have some specialized additions and enhancements. COTS hardware will need to be made tolerant of single-event-upsets (SEUs), where particles collide with memory cells and registers and change their contents, and software will likely take a role in the detection and correction of SEU events. It is also likely that middleware and OS elements will be modified with power efficiency in mind as power is at a premium in space.
Wind River is no stranger to space. Their VxWorks product line (and other ancillary products) have been deployed in numerous missions like the Mars Rovers and Deep Impact. This is the first time they’ve introduced Linux to space flight, however. “This is the first time I know of that we’ve put Linux into a situation where it’s actually deployed in space,” says Rob Hoffman, Wind River general manager of aerospace and defense. “It’s been widely used in the past in test jigs, simulators… everything but the actual deployed system.”
Hoffman feels that the selection of Wind River’s Carrier Grade Linux for space flight is an endorsement of the company’s open-source distribution and support strategy. “We offer three compelling differentiators in our Linux distribution,” Hoffman continues. “Our pristine source distribution with our cross-build system allows complete customer control. Our testing methodology provides a thoroughly tested platform complete with patches and additional components, and our workbench tool suite, based on Eclipse, provides a robust software development environment.”
Space operation has several unique challenges for the operating system. In space, it is impossible (or very, very expensive) to send up a technician to work on the system in person. It is important that you be able to manage the system remotely, including debugging problems that might arise, uploading and installing patches and upgrades, and recovering from transition problems when they occur. “You want to be able to upload changes to a vehicle in space – even partial changes, and allow the original image to keep operating while you do so,” Hoffman explains. “Once the new version is loaded, you need to be able to verify that the load is good, hot-swap to the new version, and easily switch back to the original version if a problem arises.” This process is made even more complex by the low bandwidth and sporadic data connections available on spacecraft – sometimes at data rates popular in 1980s modems.
So – does it worry you that open-source products like Linux are finding their way into high-reliability and high-security applications like space flight? This is a topic of much debate. One school of thought is that open-source software presents a security vulnerability because literally anyone can work on it. (OK, anyone with the skills to figure out how to jump through the hoops of the open-source software community – which probably amounts to less than 1% of the population, but still…) Ironically, the proponents of open-source use exactly the same argument. Opening the code for universal inspection, they contend, reduces the risk of malicious code. In proprietary systems, where control and visibility of the source code is in the hands of a select few, the opportunity for corruption and subversion could be much higher.
The hardware platform for the DM system is likely to be the Xtreme Engineering XPedite6031, based on the Freescale PowerPC 7447A processor. The module is designed for hostile environments with extended temperature, vibration, and shock tolerance. It also is available in a conduction-cooled variant – important for the place with no fans — or air. There are also plans for an FPGA-based accelerator module that can deliver extremely high compute performance for specialized data processing tasks with very low power consumption.
Getting a COTS system to function effectively in space is an extremely difficult problem. Solving it, however, promises to put unprecedented amounts of computing power into orbit at a far lower cost than conventional made-for-space systems. The goal is to allow spacecraft to have enough compute power on board to make more of their own intelligent decisions without relying on ground-based direction. For COTS vendors, the challenge is to bring their products up to the standards required for space flight and to carry that learning over into their more broadly-distributed commercial products. Done right, the program is a win for both sides.