Fault-Tolerant Software for Spacecraft Applications.

Fault-tolerant computers have been developed for applications that require a very high degree of hardware reliability, and it is frequently asked whether similar techniques can be brought to bear on software for critical applications, e.g., ascent guidance software on launch vehicles, launch-control software for ground computers, and control and command software. The principal techniques employed in hardware fault tolerance are seen to be applicable also through software fault tolerance error detection, protective redundancy, and rollback provisions. Of course, they need to be implemented in a specific manner particularly the redundancy must be provided by a different code than that used for the primary modules. The recovery block proposed by Randell, with the addition of a watchdog timer, has been implemented in a number of skeleton routines and has been found quite suitable in connection with the established structure for spaceborne software. A reliability model is proposed that shows a very considerable reduction in failure probability even when the fault-tolerance provisions themselves are far from perfect. It is therefore believed that the time is quite ripe to undertake serious studies of fault-tolerant software for space applications. Author