Session
Technical Session VII: Software & On-Board Processing
Abstract
Control Data Corporation, as part of a joint development program with the Boeing Electronics Company, built a nine node, three active module multiprocessor called SPA-l or Spaceborne Processor Array-I. (SPA was the processing system concept proposed as the heart of a multi-mission autonomous surveillance satellite in a paper presented at the 4th Annual AIAA/Utah State Small Satellite Conference in 1990). Since then, an operating system called the Operational Kernel, or OK, has been completed, tested, and functionally validated in a demonstration using the SPA-l. This demo featured fully autonomous on-board control of data movement, fault detection, fault isolation, hardware reconfiguration, application re-start, and load balancing/redistribution. The demo application consisted of ephemeris calculations being performed for two satellites, in each of three independent processors at different nodes on the SPA-I; this data (and SPA-l health status) was sent via a serial I/O (input/output) channel to a host machine for display. With the demo software running in the three active processing nodes, observers were invited to cause random nodal interconnect or processing hardware elements to fail by selection of switches on a fault injection panel. SPA-I, under the aegis of the OK, detected that a failure had occurred, isolated it, reconfigured around it, redistributed the processing load (to the two or one remaining active processors) and continued with the application processing, all without operator intervention of any sort. The OK is written in Ada. Support of the execution of Ada programs is provided for by the Ada Run Time System (RTS), provided by the Ada compilation system. The RTS provides very basic services such as tasking and memory management, and exception handling. The OK consists of Ada packages that are run on top of the RTS. This collection of packages include lower level services that involve message buffering, interrupt handling, and individual configuration commands. Operational high level services include: a block I/O facility that uses protocols to ensure the integrity of data transfers between modules at different nodes on the SPA network; a configuration facility that provides a high level set of operations to configure the network; and a health check facility to support application controlled detection and isolation of failed SPA elements. The SPA hardware, with processing elements operating essentially asynchronously at each node on the network, supports many concurrent activities. The OK handles this with Ada tasks. The number of tasks is application dependent. Approximately sixty tasks were employed in the SPA-l demo.
Spaceborne Application Multiprocessor Operating System
Control Data Corporation, as part of a joint development program with the Boeing Electronics Company, built a nine node, three active module multiprocessor called SPA-l or Spaceborne Processor Array-I. (SPA was the processing system concept proposed as the heart of a multi-mission autonomous surveillance satellite in a paper presented at the 4th Annual AIAA/Utah State Small Satellite Conference in 1990). Since then, an operating system called the Operational Kernel, or OK, has been completed, tested, and functionally validated in a demonstration using the SPA-l. This demo featured fully autonomous on-board control of data movement, fault detection, fault isolation, hardware reconfiguration, application re-start, and load balancing/redistribution. The demo application consisted of ephemeris calculations being performed for two satellites, in each of three independent processors at different nodes on the SPA-I; this data (and SPA-l health status) was sent via a serial I/O (input/output) channel to a host machine for display. With the demo software running in the three active processing nodes, observers were invited to cause random nodal interconnect or processing hardware elements to fail by selection of switches on a fault injection panel. SPA-I, under the aegis of the OK, detected that a failure had occurred, isolated it, reconfigured around it, redistributed the processing load (to the two or one remaining active processors) and continued with the application processing, all without operator intervention of any sort. The OK is written in Ada. Support of the execution of Ada programs is provided for by the Ada Run Time System (RTS), provided by the Ada compilation system. The RTS provides very basic services such as tasking and memory management, and exception handling. The OK consists of Ada packages that are run on top of the RTS. This collection of packages include lower level services that involve message buffering, interrupt handling, and individual configuration commands. Operational high level services include: a block I/O facility that uses protocols to ensure the integrity of data transfers between modules at different nodes on the SPA network; a configuration facility that provides a high level set of operations to configure the network; and a health check facility to support application controlled detection and isolation of failed SPA elements. The SPA hardware, with processing elements operating essentially asynchronously at each node on the network, supports many concurrent activities. The OK handles this with Ada tasks. The number of tasks is application dependent. Approximately sixty tasks were employed in the SPA-l demo.