top | item 26181763

(no title)

jhurliman | 5 years ago

I had the opportunity to go down to JPL and speak with team members about this design decision. The space hardened processors are not fast enough to do real time sensor fusion and flight control, so they were forced to move to the faster snapdragon. This processor will have not flips on Mars, possibly up to every few minutes. Their solution is to hold two copies of memory and double check operations as much as possible, and if any difference is detected they simply reboot. Ingenuity will start to fall out of the sky, but it can go through a full reboot and come back online in a few hundred milliseconds to continue flying.

In the far future where robots are exploring distant planets, our best tech troubleshooting tool is to turn it off and turn it on again.

discuss

nynx|5 years ago

I'm a little surprised they didn't go for three separate computers and compare them for every operation, or something like that, but I'm sure they have their reasons.

teraflop|5 years ago

I've never seen an off-the-shelf processor that has hardware support for doing that kind of cross-checking on every instruction. And doing it in software would probably add so much overhead that the error-checking would be much more likely to fail than the application code.

If you're willing to relax your real-time constraints a bit, and risk a brief period of incorrect behavior before the error is caught, the problem becomes vastly easier and cheaper to solve.

alfla|5 years ago

Do you have a source for those fast reboots? It's running Linux after all

nynx|5 years ago

A few hundred milliseconds seems easily doable with a custom linux distro.

chasd00|5 years ago

is Ingenuity running Linux? All of the flight controller software i've seen for autonomous drones don't use an operating system.