34C3 - The Ultimate Apollo Guidance Computer Talk

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

the following talk is about a very relevant piece of technological legend see of our human race the first piece of computer that landed on a on our moon and actually it became a metric people started to compare other architectures other computers in volumes of multiples of processing speed of this computer it's rocket science but it's even harder it's computer rocket science so I'm very happy to have this gentleman or Hesse on stage who is actually a rocket scientist and for the for the computer part we have Mukesh style who is the founder of the xbox Dino's project and has gathered with this project and many others lots and lots of experience around architectures of computers so please give a warm round of applause for the ultimate Apollo guidance talk welcome is this on anyone here yes welcome to the ultimate Apollo guidance computer talk aka a comprehensive introduction into computer architecture and operating systems and spaceflight my name is Michele style and I'm Kristen Haseman this talk is number six in a series by various people the idea is to explain as much as possible about a classic computer system in 60 minutes the Apollo guidance computer AGC is a digital computer that was designed from scratch specifically for use on board the Apollo spacecraft to support the Apollo moon landings between 1969 and 1972 developed at MIT between 1961 and 1966 a total of 42 agencies were built at a cost of about $200,000 each the base clock is about one megahertz all data is 15 bits and there are two kilowatts of RAM and thirty six kilowatt ROM who avoids a ROM it's about the size of a large suitcase weighs 32 kilograms and consumes about 55 watts its user face is a numeric display and keyboard some historical context in the mid 1960s you can just take an off-the-shelf computer and put it into a spacecraft the first mini computers were the size of a small fridge too heavy to power-hungry in too slow for real-time scientific calculations even though the industry had come a long way since the previous decade already 10 years later though microcomputers with highly integrated circuits started outclassing the HSC Hardware in many regards there many reasons that make the HEC especially interesting the architecture is very 60s and feels very alien to us today the hardware is very innovative for its time it has some very interesting and unusual peripherals its operating system was revolutionary for its time and the mission says software has all the bits to with the right hardware attached to fly you to the moon in the Apollo program the Apollo guidance computer was used in two unmanned test missions where goes remote control from the ground in three man's test missions and in the seventh manned landing missions astronauts hated the idea of giving up any control to a computer they wanted to be in charge and while as a fallback most of the mission could also be flown manually the mission planners got their way to understand the purpose and the responsibilities of the Apollo guidance computer we need to first look at the Apollo mission the core strategy of the Apollo program was instead of landing the complete spacecraft on the moon for an extremely large rocket would have been required to only Nanta much smaller lambda while the larger part with a few for the way back stays in orbit so the Apollo spacecraft can be separated into the lunar module the command module and the service module the Saturn 5 rocket launches it and three astronauts from Cape Kennedy into Earth orbit by accelerating at the right time the translunar injection with the spacecraft into a so-called free return orbit but just coasting it would travel around the moon and back to earth right at the beginning of this three-day journey the command and service module extracts the lunar module and docks with it by braking on the far side of the moon the spacecraft enters a lunar orbit after two of the astronauts have climbed into the lunar module and after undocking the lunar module breaks this is called powered descent and lands after taking up again you know murderer on the loose with the command and service module and the two astronauts from the lunar module climb into the command module and the lunar module is jettisoned the remaining command and service module accelerates at the far side of the Moon for trajectory towards Earth for entry only the command module remains by the way these excellent visualizations are from Jared I wants how the Apollo spacecraft works videos which we can highly recommend the command service module and the lunar module each contained one a GC it was the same hardware but attached to partially different i/o devices and with the software adapted for the specific spacecraft the astronauts interact with them through the display and keyboard units which amounted alongside needs hundreds of switches the computers responsibilities during the mission are to track the position and speed the so called state vector of post spacecraft stabilize the spacecraft's attitude calculate a control engine burns and monitor or control the saturn v during launch in order to understand how the Apollo guidance computer does all this we'll look at its architecture the hardware implementation some of its interesting peripherals the system software as well as the system software as well as the mission software the architecture of the AGC can be described as a fun normal accumulator machine with 15 bit one's complement big-endian arithmetic so we'll talk about the instruction set the arithmetic model and instruction coding as well as the memory model io operations and counters and finally the interrupt model machine code instruction sets vary widely the instruction set of a modern ARM processor which is mainly optimized for on-time performance consists of about 400 instructions sub lag is a language mostly of academic interest that shows that a single instruction can be enough to solve the same problems as all other turing-complete languages while are more complex constructions that can achieve higher content density and contribute to higher performance it is also it also generally means that the CPU will be drastically more complex a computer from the early 1960s consisted of only a few thousand transistors as opposed to today's billions which is why this is the sweet spot for the HEC 36 instructions provided just about the performance that was required for the mission these are the 36 instructions some load and store instructions arithmetic and logic control flow instructions IO instructions and instructions for dealing with interrupts the memory model is the cornerstone of the instruction set memory consists of 4096 cells numbered in hexadecimal 0 0 0 through ffff each cell contains a 15 bit word number between 0 and 7 F F F almost all changes in data - in memory go through the 15 bit accumulator they're also called the a register a program can copy words between the accumulator and a memory cell but also add subtract multiply and divide values as they are moved around the data in memory can have many meanings depending on how it is interpreted these values may represent integers while those three words are meant to be decoded as machine code instructions code and data in a single address space make the a GCS occult phenomena machine the CPAs program counter PC always holds the address of the instruction to be executed next the load instruction copies the contents of a given memory cell into the accumulator the PC goes on to the next instruction the add instruction adds contents of a given memory cell to the accumulator and the store instruction copies the value in the accumulator into memory at a given location the generalized version of these instructions we just saw use K as a placeholder for a memory address as an argument these are cards that are quick reference of instructions this is the generic syntax of the instruction a short description the exact operations in pseudocode this one takes a memory address k and adds it to a the accumulator with the encoding of the instruction in memory and the number of clock cycles the original syntax is the name the original designers gave to the instruction for this talk I have chosen a more modern syntax here on the right which makes it much more easier much easier to describe the CPU both to people with and without a background in machine programming let's have a look at the instruction set in detail here's an example of the load instruction load a comma indirect to zero zero on the left you see the set of registers of the agency most operations work with the accumulator so we will be ignoring the other registers for now while executing this instruction the CPU looks at memory at location two zero zero reads its contents and copies it into the accumulator this is the store instruction store a load indirect to zero zero comma a like with all instructions the first argument is the destination memory the second one the source the accumulator it looks addressed to zero zero in memory and copies the contents of the accumulator to that cell there's also an exchange instruction which can atomically swap the contents of the accumulator and a memory cell the add instruction will look up the contents of a given memory address and add it to the contents of the accumulator and store the result back into the accumulator and there's a subtract instruction it takes the contents of memory this is subtracted from the content of contents of the accumulator and stores the result back into the accumulator the result of every subtraction can be negative so we need to talk about how negative numbers are expressed on the AGC let's look at just 4 bit numbers 4-bit untying unsigned integers can express values from 0 to 15 with silent value encoding the uppermost bit corresponds to the sign and the remaining 3 bits represent the absolute value consequently there are separate values for plus 0 and minus 0 but this encoding is hard to work with since the 0 transitions need to be special cast once complement encoding has the order of the negative numbers reversed the 0 transitions are simpler now but there's still two representations of 0 modern twist complement encoding only has a single encoding for 0 it's fully backwards compatible with unsigned addition and subtraction in the 1960s computers designed for scientific calculations are usually once complement and so is the AGC on time for big numbers can express values from 0 to 15 in once compliment the values 0 through 7 match the unsigned values zeroes through 7 and the negative size side is organized like this unlike 2's complement the two sides are perfectly symmetrical so negating a numbers as easy as complimenting it complimenting it that is flipping all the bits so the two representations of 0 plus 0 with all 0 bits and minus 0 with all 1 bits addition in the positive space is equivalent to the unsigned version same in the negative space when mapping signed negative numbers through their unsigned counterparts it gets interesting when we have a 0 transition signed a 6 minus 4 is 6 plus minus 4 which is unsigned 6 plus 11 which in modulus 16 is 1 we have a carry in once compliment a carry needs to be added to the end result so we get to which is correct the trick to jump over the duplicate 0 and a 0 transition by adding the carries called the end around K an overflow means that the signed result does not fit into the number space signed 7 plus 1 would result in signed minus 7 which is incorrect the same happens when overshooting negative numbers after applying the end-around carry the result of sign 7 here is incorrect the CPU detects this and Flags the result the accumulator has an extra bit to record the information about an overflow we call it V so if we have code that reads the value of 7 f F F from memory and adds 1 the result is 0 and an overflow is detected so the accumulator is flagged the store instruction in addition to writing 8 on memory does extra work if there's an overflow condition it clears the overflow condition writes plus 1 or minus 1 into a depending on whether it's a positive or a negative overflow and skips the next instruction this way the program can detect the overflow and use the plus 1 or minus 1 to apply the signed carry to a higher-order word by storing a to memory we now have a double word result in one's complement negating a number is as easy as flipping every bit in a word so there's a dedicate instruction for loading and negating a value LDC which stands for load complement reads away from memory through negates it by inverting all the bits and writes it into the accumulator incrementing that is adding 1 to a word is such a common operation that there's a dedicated instruction that increments a word in memory in place there is no corresponding decrement instruction instead of that two similar instructions augment and diminish the increment instruction adds one to the original value the augment instruction adds one to all positive values and subtracts 1 from all negative values effectively increment increments the absolute value retaining the sign the dimension struction decrements positive values in increments negative values optimized for scientific calculations the CPU has dedicated multiplication circuitry the model instruction reads a word from memory and multiplies it with the accumulator when you multiply two signs 15 bit words you need up to 29 bits that is two words for the result the complete result will be written into two registers the upper half into a and - to be be is a separate 15 bit register which is mostly used together with the accumulator with instructions that deal with 30 bit data double word values are expressed with the uppermost bits in a Morphin memory at lower addresses and the lower bits in B or at higher addresses making the EGC a big endian machine assuming the normalized form with matching signs the effective value is the concatenation of the two times 14 bits of the values division also works with double words it takes the combination of the a and B registers as the dividend and a word from memory as the divisor there are also two results the result and the remainder the result is written into a and the remainder in to be some other instructions also allow using a and B as a double word register load a become indirect to 0 0 looks up addressed to zeros or in memory and reads the words at this in the next cell into a and B the load complement variant does the same but inverts all bits during the load there is no instruction to store a and B in a single step but there is a double word exchange instruction and finally there's an add instruction that works in double words and to load and store just the B register there's an exchange extra instruction for that for working with tables there's the indexed addressing mode an instruction that takes an address as an argument can use it this example load a comma indirect 7 0 0 + indirect 8 - 0 first looks up address 0 8 0 adds it to the base of 7 0 0 which results in 7 0 2 reads from that address and writes the result into a what does this mean there's a table in memory at 7 0 0 in the example it contains multiples of 3 and an index to that table is stored in memory at 0 8 0 with an example is 2 so we've read the entry at index 2 of the table which is 6 without a base address we get the syntax in this example load a comma double indirect 8 0 the base is effectively zero in this case the CPU will look up the value at 0 8 0 in memory add it to the base of 0 so the value is still the same and read from that address in this case memory at zero eight zero effectively stores what see premieres now as a pointer and three I series the pointers different destination the instruction performed it in directory by default instructions are executed sequentially the program counter kisi increments as instructions are executed always pointing to the next instruction control flow instructions like jump and conditional jump change that when the CPU hits a jump instruction it will load its argument into the program counter which means that execution will continue at that address jz jumped up zero only jumps if a is your otherwise continues with the next instruction similarly JL easy only jumps if a is negative or zero CCS count compared and skip is a fun one it's a four-way fork for execution depending on whether the value in memory is positive negative plus minus plus the zero minus zero it will jump to one of the next four instructions if you know the value is positive or zero you can ignore the other two cases and just fill the first two slots and if it supposed to be only negative you have to skip the first two slots they should never be reached but it's good practice for them to fill them with error handlers since ccs also puts the absolute dimension value of the memory location into a so it decrements a special case of ccs a can be used for loops that count down a the call instruction isn't for calling subroutines aka functions it's like a jump instruction but it saves its origin so the call you can return to it later for the call instruction the program counter is incremented first and then copied into the link register LR finally the argument of the call instruction is copied into the program counter so that execution continues there the link register now contains the return address at the end of the subroutine the RET instruction effectively copies the contents of the liquor register into the program counter so execution resumes just after the call instruction if the subroutine wants to call its own subroutine the program has to save the link register for ins to restore it afterwards there's an exchange instruction specifically for this for additional levels a stack can be constructed manually using the indexing syntax so far we've seen the following registers the a register is used for memory accesses and all arithmetic it is combined with a B register for double with arithmetic the program counter to keeps track of what to execute and the link register remembers the return address when calling a subroutine we haven't seen the zero register yet it always contains zero so when we read from it we get zero and when we write to it the value gets to start it there are three more registers that will talk about later the eight registers are numbered that is there are assigned memory addresses this means that the first eight words in memory are actually occupied by the registers they can be accessed using the addresses and all instructions that take a memory address this allows for much greater flexibility in the instruction set we can load a with the contents of the B register by reading the contents of memory at location one into a the console of zero can be loaded into a by just reading from memory at seven which is the zero register a can be incremented by incrementing memory at a Edward zero and B can be used as a pointer by reading from double indirect one let's look at memory more closely memory is 4096 words and goes from zero zero zero two ffff the registers are located at the very bottom of memory including them there are a thousand 24 words of RAM random access memory and 3 kilo words of ROM read-only memory the agency was originally architected to only have this little RAM and ROM but there's actually more let's look at the RAM area the uppermost quarter is banked the area is a window through which one of eight different banks can be accessed each 250 words in size the erasable Bank register EB points to one of these banks if eb0 Bank zero is visible in the bacteria if EB is five Bank five is visible address isn't the fixed area always represent the same Ram cells but these are not additional cells about the same as banks zero one and two this means that there's a total of 8 times 256 words of RAM to kilowatts the ROM has organized similarly the lower killer word is bent the fixed bank register FB selects one of the 32 banks support for more than 32 kilo words of ROM was added at the last minute the super Bank bit can switch the uppermost eight banks to the second set so that a total of 40 pillow words are supported by the architecture the fixed ROM area will always show the same contents as two of the ROM banks the designers chose banks two and three to simplify address encoding in practice fixed ROM contains core operating system code and fixed RAM core operating system data that have to be available at all times the remaining functionality is distributed across the different ramen banks switching the RAM Bank can be done by writing through the EB register this is not a separate instruction but can be expressed by writing a memory location three if a is five writing a into EB will make a Ram Bank five visible at three zero zero the same storage structure could be used to write to the FB register at memory location forges which the ROM Bank but that wouldn't work for a common case if code in one bank wants a call code in another Bank by first switching the ROM Bank load FB and then doing the function call in writing the bank number into FB will switch out the bank the code is currently running on so it won't be able to execute the call instruction instead of will continue running some completely unrelated code that happens to get the same address on the other bank to call code on a different Bank FB and PC registers need to be changed atomically call F is only synonym for the existing double word exchange instruction code first has to load the bank and the program counter into a and B with then call F can atomically move into FB and PC the same exchange instruction can be used for a far return it moves the original values back into FB and PC the two Bank registers only hold five and three bits respectively the other bits are zero and there's a third Bank register BB both banks which merge the information from both other Bank registers the call far both banks synonym is a double word exchange instruction that updates the program counter and both banks subroutines usually have their private variables on particular Ram banks call for both banks passes control to a function on the different ROM Bank and also directly switches Ram banks so that the colleague can immediately access its variables return for both banks returns to the caller restoring its RAM Bank configuration the unusual ordering of the bank registers was chosen to allow for a double word exchange of FB and PC as well as for a double word exchange of PC and BB now we've seen all eight registers if there's eight more special locations in memory above the register the shadow area which we'll talk about later and above those there are four so-called editing registers which make up for the missing shift and rotate instructions when writing a 15 bit value into the RoR I didn't register it will be moved to the right I wondered and the lowest bit will be a cycle to the top the result can then be read back rol rotates left sh r shifts to the right duplicating the top bit and SHR seven shifts to the right by seven bits filling the top with zero this is needed for the interpreter system software component that will learn about later we have seen that the CPU is connected to RAM and ROM the memory bus but computers also talk to peripheral devices that is the i/o bus we've already seen the address space for memory there is a second address space to talk to devices there are 512 IOH annals numbered 0 0 0 through ffff each channel is 15 bits and the in and out instructions can read words from and rightwards to i/o channels for many devices a channel contains 15 individual control bits the control bit can for example toggle lamp on a display the out or instruction sets individual bits and out and clears individual bits so I'll instructions can work on the whole word or do boolean operations on them and or and XOR to make boolean operations also usable between registers channels 1 & 2 are actually aliases of the b & lr registers which allows for these instructions for end there's also dedicated instruction that works on a and memory after the registers the shadow area and the editing registers there's another special area that counters like i/o channels they connect to external devices but they don't send bits or hold-hold words back and forth instead they are controlled by hardware pulses or cause Hardware pulses on every pulse time one gets incremented for example while other counters take the number stored into them by code and countdown generating pulses when IO devices need to signal the CPU that can interrupt normal execution next to the program counter which points to the next instruction there's the instruction register which holds the current opcode when an interrupt happens the secure copies PC is a special memory location PC Prime and I are into IR prime and then jumps to a magic location depending on the type of interrupt in this example 8 1 4 when the interrupt handlers finished servicing the device the I read instruction will copy PC prime an IR crying back into PC and I are so execution will continue at the original location memory locations eight blue hex F are shadows of the eight registers PC and I are are automatically saved by interrupts and the remaining registers need to be saved by software if necessary the overflow condition flag cannot be saved or restored so while there's an overflow condition until the next store instruction which resolves the offload interrupts will be disabled the 11 interrupt handlers have to reside in fixed ROM starting at 8200 there are four words for each entry typical interrupt entry code saves a and B loads a and B with a bang of and PC of the actual handler and jumps there interrupts zero is special it's the entry point on reset next we will enter the interrupted turn instruction there's an instruction to cause an interrupt in software and instructions to enable and disable interrupts globally there is one more special memory location at x-37 the watchdog this location needs to be read from or read from or written - at least every point six four seconds otherwise the hardware will decide the system software is unresponsive and cause a reset now we've seen an instruction set and in the examples we've seen the codes that represent instructions in memory let's look at how the encoding works the load instruction the upper three bits are the opcode representing the load a and the remaining 12 bits encode the address this allows for a total of eight instructions but there are more than eight instructions DRAM addressed as always start with zero zero and drama dresses start with anything but zero zero so the store instruction which only makes sense on RAM only needs to encode 10 address bits instead of 12 making room for another three Ram only instructions the same is true for the increment instruction which makes room for three more as well as CCS which there's an opcode with jump which only works on Rama dresses since jumps to the bank register don't make much sense these codes are used to encode STI CLI and extend extend is a prefix it changes the meaning of the opcode of the next instruction allowing for a second set of two-word instructions there's one more special call instruction call to which is called LR which is the return instruction but the CPU doesn't special case this one return is a side-effect of calling memory at location 2 it executes the instruction encoded in the LR register the 12 bit address with the leading zeros decodes into another call instruction which transfers control to the return address indexed addressing is achieved by using the index prefix an indexed instruction consists of two instruction words index and the base instruction the addressing code in the base instruction is the base address and the index instruction encodes the address of the index index is an actual instruction the CPU reads from the given address 0 0 in the example then adds its value 3 to the instruction code of the following instruction 3 7 0 0 which is stored in the internal IR register then it uses the resulting instruction code 3 7 over 3 for the next instruction which is a load from 7:03 the effective address if an interrupt occurs after in the index instruction that is no problem because IR contains the effective instruction code which will be saved into IR Prime and restored at the end of the interrupt handler finally there's one index encoding with a special meaning when the address looks like it's referencing the shadow instruction register is an interrupt return instruction looking at the instructions that architecture as a whole there are many quirky and unusual features when compared to modern architectures it uses one's complement instead of two's complement it has no status register the overflow flag can't even be saved so interrupts are disabled until the overflow is resolved the store instruction may skip a word on the circuit circuit in circumstances the ccs destruction can skip several words and can be outright dangerous if the instructions following in it use prefixes there are no shift or rotate instructions but magic memory locations that shift and rotate when writing into them most boolean instructions only work on high old channels indexing is done by hacking the following instruction code and the architecture has no concept of a stack indexing has to be used if one is needed this was the architecture of the Apollo guidance computer now let's look at how this architecture is implemented in hardware the hardware implementation runs at one megahertz is micro coded and uses integrated circuits core memory and pour-over memory we'll look at the block diagram and how instructions are implemented in micro code and then about how the schematics map to integrated circuits on modules entrees this simplified body block diagram shows the AGC at the hardware level each box contains on the order of 500 logic gates the dotted lines are wise that to move a single bit of information in the solid lines are 15 wires that move a data word these units deal with timing and control and these are the central units the central register units stores a B link register and program counter and the arithmetic unit can add subtract numbers the memory components deal with RAM and ROM the main clock of about one megahertz feeds into the sequence generator which keeps cycling through twelve stages which is one memory cycle MCT instructions usually take as many memory cycles as they need memory accesses so load add and store take two cycles and jump takes one the sequence generator contains a collection of 12 step micro programs for each MCT for each instruction like this one for the load instruction in each step the entries send control pulses to the other units which are connected through the right bus the control signal waa for example instructs the register unit to put the contents of a onto the right bus and RA makes it read the value on the bus into a memory is also connected to the right bus WS will copy the bus contents into the memory address register and RG + WG will read and write the g register which buffers the cells value after reading before right so in stage 7 for example RG puts the memory buffer onto the bus and WB writes the bus contents into the temporary g register net10 b gets put on the bus and it gets read into the a register at the beginning of every memory cycle the hardware sends the memory address s usually what's encoded instruction to memory and copies the contents of that address into g in the second half of the MCT it stores G back into the same cell so if we shall memory timing next to the microcode as well as the pseudocode version of the load instruction which is easy to read we can see it lost the value of M memory into G copies it into B and then copies it into a more interesting is the exchange instruction it saves a to b reads memory into g copies the result into a cop is the old value into g and stores that g into memory division for example takes several MCT and it's micro program is way more complex but there are more micro programs than the ones for the machine instructions since there is only a single adding unit in the whole computer incrementing and decrementing the counters is done by converting the pulses into special instructions that get injected injected into the instruction stream there are 14 of these so-called unprogrammed sequences with our own micro programs some counter shift some are interacting with debugging hardware and these to control interrupts and the interrupt and reset sequences the complete schematics are publicly available and fit on just 49 sheets the whole implementation only uses a single type of gate a three input NAND gate two of these are contained in one integrated circuit in about a hundred of these ICS formal logic module 24:00 logic modules and some interface and power supply modules are connected together in tray a which also contains the i/o and debug connectors tray B contains various driver amplifier modules as well as RAM and ROM Ram is implemented as a magnetic core memory which stores bits and magnetized turrets reading a bit clears it so the memory sequencer makes sure to always write the value again after reading it without masters like tape the AGC has an unusually high amount of ROM whole rote memory encodes bits by wires that either go through or past a ferrite core the 500,000 bits per computer were woven completely by hand trace a and B are put together like this and hermetically sealed making for a rather compact computer this is its orientation when installed on the spacecraft with the six ROM modules accessible so they could in theory be replaced during the mission and that was the hardware part next let's look at the devices let's look at the devices connected to the computer we will look at the quality Isis that the Dahlia programs commuter to maintain the state vector some quite special devices you don't see on many other computers and the peripherals used for communication with astronauts and Mission Control the gyroscope is the core peripheral that the Apollo guidance computer was originally built around the program's computer rotates it into a certain base position with the CDU command counters and then the gyro detects rotation around the three axes of the spacecraft that can be read from the CDU counters using the gyroscope the spacecraft always knows it's attitude that is its orientation in space accelerometer adjust acceleration forces on the three axis but forget the three values can be rented from the piper counters the optics on the command module I used to measure the relative position to the celestial bodies the computer uses the opt command counters to move the optics to point towards the general direction of a star and will read in the astronauts fine-tuning through the orbit counters the landing radar sits at the bottom of the lunar module and measures the distance to the ground the radar wrapped interrupt will be triggered whenever a new measurement is available and the iron read counter contains the new value lunar modules rendezvous radar measures the distance of the command and service module during rendezvous after setting the two angles and the CDT and cgus counters to point it towards state or other spacecraft it will automatically track it and cause radar rapt interrupts when new data is available which can be read from the iron red counters the command module the service module and the lunar module all contained reaction control system RCS Jets that emit small bursts for holding or charging the attitude on lunar module there's one bit for each of the sixteen Jets setting a bit to one will make the jet fire the system software uses a dedicated timer time six and it's interrupt t6 wrapped for timing the pulses the user interface is provided by the so called disk key which stands for display and keyboard it has 19 keys 15 lamps and several numeric output lines keys generate the key wrapped interrupts and the key number can be read from the key in i/o channel the numeric display is driven by the outer channel there is p directional digital radio communication and a span between Mission Control and each spacecraft and a selectable speed of 1.9 or 51 kilobits per second data words from Mission Control show up in the inland counter and trigger inter and abrupt data words to be sent are stored in the i/o channel dnt one and they don't interrupt with thinking of the program when it can load the register with a next word these were some of the interesting peripherals the AGC system the HCC system software makes it a priority based cooperative but also pre-emptive real-time interactive fault tolerant computer with a virtual machine support the topics we'll talk about are multitasking the interpreter device drivers and the wait list as well as the user interface and net mechanisms for fault recovery the AGC has many things to do it does mathematical calculations that can take several seconds and it does IO with its devices its services interrupt when a device wants the computers attention for example key press it does regular servicing sing-off devices like updating the display and it supports real-time control like flashing a lamp or firing boosters at exactly the right time there's only single CPU so it must switch between the different tasks batch processing multitasking computers work on long-running jobs one after the other but if some jobs have higher priorities it makes more sense to run a job for only say 20 milliseconds then check the job queues and keep running the highest priority job in the queue until it terminates and is removed from the queue then keep picking the highest priority job jobs have to manually check at least every 20 milliseconds whether there's a higher priority job in the queue by doing doing a so-called yield which makes the AGC a priority scheduled cooperative multitasking computer a job is described by 12 word data structure in memory that contains the PC and both banks register that point to where the job will start or continue running as well as a word with a disabled flag in the sign bit and a 5 bit priority the core set consists of seven job entries - they're in the priority word means that the entry is empty job zero is always the currently running one when a new job cuts created with a higher priority the yield operation will exchange the 12 words so that new job is job zero negating the priority will put us job to sleep so yield won't switched it again negating it again will wake it up the first eight words in the job entry can be used for local storage for the job since it's always job zero that is running these words are always conveniently located at the same addresses in memory the executive has a set of subroutines that control the job data structures you can create a new job pointed to by a pair of PC and BB registers of a given priority change the priority of the current job put the current job to sleep wake up a given job and terminate the current current job yield is not an executive function but a two instruction sequence that checks the new job variable in which the executive always holds the idea of the highest priority job if job zero is the highest priority job there's nothing to do if there is a higher priority job it calls the change job subroutine which switches to that job new job isn't just a variable in memory but also the watchdog word if it is an access regularly that is cooperative multitasking stuck the hardware will automatically reset itself a lot of the code in the AGC does scientific calculations calculating for example just the sum of two products of a scale and a vector would require hundreds of instructions in a GC machine code there is a library code that provides all kinds of operations on single double or triple precision fixed point values vectors and matrices it also provides a software multi-purpose accumulator and PAC which can hold the double triple or a vector e depending on the mode flag in c like pseudo code we would load the vector into the impact multiplied with a scalar save it do the other multiplication and add the result to the saved value formulas like this one needs to store intermediate results so a thirty-eight word stack is provided if a job uses math code the impact the mode field and the stack pointer will be stored in the remaining fields of the course at entry the stack will be part of a data store a structure called vac which will be pointed to by the course at entry a job can be created with or without a vac depending on which subroutine it is created with the machine code version of the example code would still be very verbose with many function calls passing pointers the designers of the AGC software decided to create a new and compact language that will be interpreted at runtime a virtual machine the interpretive language is turing-complete and in addition to the impact has two index registers two step registers and its own link register the encoding manages to fit two seven bit op codes in one word which allows for 128 op codes and explains why there is a shift right by seven function in the CPU the two operands are stored in the following two words are 14 bit addresses 14 bit addresses means interpretive goats doesn't have to work this complicated memory layer anymore it allows addressing about half of the ROM at the same time at the lowest Killa word of each half Ram is visible so interpretive code can pick between one of these two memory layouts this is the complete instruction set regular machine code interpretive code can be mixed and matched inside the job the exit instruction will continue executing regular machine code at the next address and call in threat will similarly switch to interpreter mode in addition to long-running math tasks the system software also supports device drivers when a device needs the computers attention for example in case of a disk e key press it causes an interrupt the current job will be interrupted and the interrupt handler will read the device data and return as quickly as possible if there's more to do it can schedule a job for later some devices need to be serviced regularly 120 microsecond timer causes interrupts that read data and write date right every data from and write data to certain devices the numeric display of the disk e for example only allows updating a few digits at a time so its driver is triggered by the 120 microsecond timer the timer interrupt cycles through eight phases which distributes the device drivers across time to minimize the duration of one interrupt handler some devices need to be driven at exact times if for example job decides that it needs to flash a lamp twice it would turn it on immediately and schedule three weightless tasks in a few in the future at specific times the first one will turn the lamp off the second one will turn it on again and the third one will turn it off again the sorted time deltas of the weightless tasks are stored in the data structure LST one with the first entry always currently counting down in a timer register and LST to contains a pair of PC and BB for each task there are subroutines to create a new task and end the current task the timer that controls the wait list has a granularity of 10 milliseconds other timers can fire at the same rate but are offset and the work triggered by them is designed to be short enough to never overlap with the next potential timer triggered work this is complicated by device interrupts which can come in at any time the duration of an interrupt handler causes latency and the maximum delay will reduce the allowed time for the timer handlers the core system software makes no guarantees about the timing it's all up to components - it's up to all the components to our cooperate so the real time goal can be met the pinball program is the shell of the AGC he press interrupt scheduler job that collects the digits for the command and updates an in-memory representation of what should be on the display the 120 millisecond timer triggers the display update code when the command is complete pinball schedules a new job Mission Control has a remote shell in form of a disk key connected through the s-band radio system software that supports human life has to be able to communicate malfunctions and be able to recover from them the alarm subroutine takes the following word from the instruction stream displays it and illuminates the prog light this should be interpreted as a warning or an error message the htc software's full of validity and plausibility checks that help to find bugs during development and helps better understanding potential issues during the mission some kinds of failures triggered by various hardware watchdogs or by code make it impossible for normal operations to continue in addition to showing the error code they also cause a hardware reset but the system software also offers recovery services a job can have recovery code for its different phases during execution it sets the respective phase and if an abort happens in any job or task the currently set up recovery routine gets executed which could for example clean up and try the work again or skip to a different phase or cancel the job altogether the phase change call sets the current phase for a job in the recovery table for example phase 5 for job for each phase is associated with a descriptor of a task or a job with or without a vac so during normal execution with several jobs and tasks scheduled if an abort happens the core set and wait lists are cleared the contents of the recovery table are activated scheduling tasks and jobs for all jobs that setup recovery code sometimes a failure though like a corrupted memory are not recoverable they cause a fresh start meaning a full initialization of the system without running any recovery code and that was the AGC system software as we now have a good overview on architecture hardware peripherals and system software of the polygons can be done it's time would be free own it's practical used on a mission to the moon we will look at the user enter feints the launch sequence and once in orbit the attitude in orbit determination further we will understand how the digital autopilot works and how powered flight is being performed as soon as we've reached the moon we look at the lunar landing and the lunar rendezvous after liftoff and finally re-entry into Earth's atmosphere last but not least contingency so as we like to call them fun issues let's start with the user interface it is like any command-line interface but since there are only numbers and no letters key words have to be encoded on a normal system you might say display memory enter this place the word memory is the noun on the Apollo guidance computer you say verb or 1 which means display noun a to memory enter support Ino asks an argument on a normal system it might display a prompt you enter the number of presenter on the polygons computer flashing weapon now and indicate that is waiting for input so you type 2 5 enter an octal address and the program's Twitter displays the result the memory contents at the address octo 2 5 the program's computer uses the same concept of verb and noun when it proactively asks for input verb 6 9/11 asked for the CSI ignition time CSI meaning Co elliptic sequence initiation will come to the Delta later special cases when the program's commuter asks a yes-or-no question Road 99 has the astronaut confirm engine ignition with a proceed key the astronauts have a complete reference of all verbs and nouns on paper as well as cue cards were the most important information let's now go through each of the phases of the mission starting with a liftoff so we are now Erway the Apollo guidance computer is a passive monitoring mode with the cutting of the umbilical cables which you see right about now it has started the mission clock in cases trigger fails 1 this key is always prepared with verb 75 and just waiting for enter to manually start the mission timer we can display the mission elapsed time at any time with verb 16 noun 65 during the flight with the Saturn 5 the apollo grants commuters only performing passive monitoring of the flight control of the Saturn fibers with its own launch vehicle digital computer and the instrument unit ring the disk key automatically sixteen 962 which is velocity in feet per second altitude change weight in feet per second and altitude above pet and nautical miles note that the units and the position of the decimal point are implicit and yes the whole system was working in metric internally but for the benefit of the American astronauts the display procedures converted everything into imperial units okay in case of problems with the Saturn computer the Apollo grants Buddha can take over full control of the launch vehicle in extreme cases astronauts could even steer the whole stack into orbit themselves with the hand controller in case you ever wanted to fly to manual control of 110 meter tall rocket with more than 30 million Newton of thrust this is your chance in less than 12 minutes we've gone through the first and second stage and I using a small burn from the third stage to get us into a 185 kilometer orbit which circles the earth every 88 minutes but how do we know where we are on the right orbit well the Apollo guidance computer as well as Mission Control and monitoring position and velocity because to get where we want to be we first need to know where we are to be able to navigate in space we need to maintain our three-dimensional position and there are three dimensional velocity the so-called state vector let's start with the determination of the position for this we need a telescope and a space sextant the space section is very similar to an 18th century in nautical sextant position is determined by measuring the angle between the horizon and a celestial body as horizon we can either take that of Earth or Moon and celestial bodies well we are no but we are surrounded by them so let's just pick one luckily the Apollo guidance computer already knows the position of 45 of them the whole optics hardware and live in the command and service module can be moved to point in the general direction of Earth a moon with the launch of program 52 we command the Apollo guidance computer to rotate the spacecraft to point one axis of the sextant the so-called landmark line-of-sight ll OS to the nearest body which is earth or moon the astronaut then used the optics systems to exactly align the horizon to the ll OS with a telescope the astronaut looks for one of the known stars points the star line to it and let the Apollo guidance computer read that union and shaft angle repeating this one or more times in a different plane gives a three-dimensional position of the vehicle in space in the lunar module on the other hand the optics Hardware was trimmed down for weight reduction any alignment requires rotation of the lunar module this is mostly used to determine the landing site and support the rendezvous maneuver next the software to perform positioning and translunar space as we're moving our position changes all the time but after 2 location fixes as long as we're coasting we're able to establish our speed and can determine future positions by that reckoning as position and velocity are now in future positions can be extrapolated unfortunately the knee extrapolation doesn't work in space as we have gravitational forces which bend our path thankfully there are two mathematical models implemented in the Apollo guidance computer chronic integration based on the capillary and orbit model on the left which assumes one perfectly round gravitational body influencing our flight path and anchors integrating method for perturbation considering multiple bodies with gravitational imbalances I think this helps to understand why we need a computer on board and conscious fly to the moon with the hand controller as we see the Apollo spacecraft was perfectly capable to fly on its own but in the end NASA decided that the primary source for state vector updates or the Mission Control in Houston measured with three ground stations remote programming is done with the Apollo guidance to be done idle and running program 27 Mission Control can use its link wire s-band to update the state vector but there's one thing Mission Control doesn't know better than us and that's attitude attitude is the orientation of the spacecraft in its three axis starting from a known attitude we have to ensure that we can measure any rotation on any axis that's what gyros are for they are one of the major component of the IMU the inertial measurement unit three gyroscopes WAMP axis measure any rotation and provide their data to the Apollo guidance computer to keep track of the attitude of the spacecraft before we leave Earth orbit let's quickly discuss discuss the digital autopilot it is the single biggest program in the Apollo guidance computer with about 10% of all the source code both in the command and service module as well as the lunar module the implementations for each vehicle are significantly different though due to different flight modes thruster sets and symmetry of vehicle as there's no friction in space the tiniest event would constantly make the spacecraft rotate the digital autopilot of the air Apollo guidance computer uses the Jets to maintain the attitude within certain thresholds so-called dead bands the autopilot is also used in case the astronauts ever need to use the hand controllers for thrusters basically post the command service module and the lunar module have fly-by-wire control as any faster could break at any time the autopilot is capable of calculating the ideal burn mode even with a reduced number of rosters it has some simple algorithms for center of gravity and weight distribution as well which are taken into account in calculating maneuvers it can do more than that though give it a new attitude and it will calculate the most efficient transfer vector to reach the new attitude certain flight modes might be required to have a stable rotation be it for temperature control monitoring of the landing site or other reasons the autopilot supports stable constant rolling which can be directly activated the autopilot does not only control attitude it also supports the crew in performing powered flight maneuvers calculates a potential solution which obviously can be overwritten by ground as usual but still after confirmation the autopilot automatically fires the engines and keeps a timer for the correct length of time it doesn't not many measure the results of the burn though for powered flight obviously dead reckoning isn't correct anymore so the Apollo guidance computer contains a subroutine called average G which takes the input from the IMU meaning gyro and accelerometer to compute the change to the state vector now that we know how to orient ourselves and how to control the spaceship it's time we fly to the moon usually the trans Luna injecting happened in the middle of the second orbit around the earth so around 2 hours 45 minutes into the flight this is still performed by the third stage of the Saturn 5 so the Apollo guidance computer once again should only have a passive role here by monitoring the transparent injection with a dedicated program P 15 after separation from the s 4b we on our way since the next testing phase is the lunar landing let's get right to that one once in lunar orbit separation between the command and service module and lunar module happens four hours and 45 minutes before landing on the lunar module directly afterwards rendezvous equipment like radar strobe and VHF are tested as well as the IMU which is realigned additionally there's lots of preparation work on the lunar module one of the main tasks is to prepare the abort guidance system AGS which is another more simpler computer that is able to get the lunar module with the astronauts back into orbit and safely docked with the CSM in case of an emergency let's get back to power descent the lunar module agency has a special program for that one p6 TC braking face the landing rate has switched on and updates the state vector the Apollo guidance computer controls the burn to reach the correct corridor towards the surface with a minimal amount of fuel this is fully automatic the astronauts just sit along for the ride lunar module is oriented with this descent engine towards the moon visibility for the astronauts is close to zero the second program P 64 starts automatically at around 8,000 feet lunar module is pitched so that the astronauts can actually see the ground and the lunar module commander is getting a better landing of the landing site I can search for a suitable spot the third program p68 keeps the lunar module in a stable attitude above the surface and the commander manually adjust the height of height and one feet per second increments to slowly descend to the surface ideally at that point the horizontal movement of the lunar module should be zero after touchdown the crew manually activates program 68 which confirms to the Apollo guidance computer then yes we have indeed landed ensures that the engine is switched off terminates the average g routine and sets the autopilot in a very forgiving setting to avoid any corrections when it measures the rotation of the moon the autopilot is not completely switched off though as the s knob might need it in case of an emergency ascent well we on the moon we do the usual stuff small step for man jump around plant the flag and we then skip directly to the interesting bits with this liftoff and rendezvous the rendezvous technique was developed in the Gemini project here you can see the Agena rendezvous target in Earth orbit it follows the principle of an active vehicle in this case the lunar module which follows the command service module and approaches it from below or a slightly faster orbit there were actually two different ways for rendezvous a more conservative method called Co elliptic rendezvous which required one and a half orbits for the lunar module to each the command and service module but gave ample opportunity for monitoring progress mid-course Corrections and orbit scenarios and a more risky direct rendezvous method which directly aimed the lunar module towards the command and service module taking less than one orbit until docking this one was used starting from the Apollo 14 mission as Mission Control had more experience and aim for the shorter less fuel in intensive method preparation had to start two hours before liftoff we have to align the IMU and we visually monitor the orbit of the CSM and calculate the roundel with data the Apollo guidance computer has programmed 22 CSM tracking for this purpose the left off - one hour we start program 12 power descent and feed it with the necessary data liftoff time and velocity targets the Apollo grants Twitter performs the counter and ask for confirmation we proceed and we have liftoff the trip into orbit takes only seven and a half minutes but depending on which method for reaching the target or it was used it takes us either one and a half of three and a half hours to come up behind the command service module during that time program 20 is running all the time measuring the state vector of the other vehicle the command service module with via various peripherals like Rondo radar VHF antenna and the optic system for visual alignment it calculates the necessary corridor and respective maneuvers required to get the lunar module into an interception course multiple other programs run in parallel to perform the necessary mid-course burn maneuvers on the commander of service module the pilot is actively tracking the lunar module the whole way up to orbit the command and service modules computers calculating the state vector of the lunar module to take over the role of the active vehicle in case anything goes wrong the approach of the lunar module stops at 50 meter distance at which point it rotates to point its docking target on top towards the command and service module at that point in time the command service module takes over the active role and activates program 79 final rendezvous which slows down the command service module to close the distance until docking seconds before contact the autopilot on both spacecraft is switched off to avoid both trying to correct the attitude of the combined spacecraft so far so good time to go home with the transfer of injection we feed the Apollo guidance computer with Earth orbit parameters and let it calculate the burn which is inactivated and controlled any kind of potential mid-course Corrections are performed the exact same way once in orbit around Earth re-entry parameters are calculated on ground and transferred to the Apollo guidance computer via a spent uplink the first entry program p-61 entry preparation starts at entry - 25 minutes barriers landing parameters are requested like latitude and longitude of the splash zone as well as the velocity and angles to enter the atmosphere entering confirming these values completes program 61 and starts programme 62 which basically asks the astronaut to perform a checklist for manual command module service module separation which is not controlled by the Apollo guidance computer after that has been performed it switches automatically to program 63 entry in a steelies image the early ization at that point the autopilot is taking care of thruster control to break the command module out of its orbit into Earth's atmosphere the main program is for re-entry is program 64 entry which starts automatically program 64 monitors the trajectory and splashdown location that determines the best entry solution a potential velocity reduction by invoking two specific programs either p65 entry up control which basically makes the current module surf on the atmosphere to reduce speed and extend the range or program 66 entry ballistic throwing us to the atmosphere like a cannonball the right mixture of the two is decided by program 64 the last program program 67 final phase performs the final maneuvers to the splash the following steps like parachute deployment and so on and not done by the Apollo guidance computer but by the ELS see the earth landing sequence controller the drop of the Apollo guidance computer has done before deploying the parachutes so this was a beautiful nominal mission what can go wrong well let's start with Apollo 11 which had a 1202 program Milan during power descent normally programs during power descent used about 85% of the processing power of the computer but due to an incorrect power supply design the Rhonda burr of the round oval radar generated an additional twelve thousand eight hundred involuntary instructions per seconds ironically amounting to the exact additional 15 percent load due to the cooperative multitasking a queue of jobs build up which resulted in executive over flew and the 1202 alarm the operating system automatically performed a program abort our jobs were canceled and restarted all of this took just a few seconds and landing could commence next Apollo 13 they had an explosion of the oxygen tank in the service module at 55 hours 54 minutes 53 seconds and will yep correct 320,000 kilometers from Earth unfortunately they could make use of the free return trajectory to get the astronauts back to earth but they had to move to the lunar module to survive as the command and service module was completely shut down including its Apollo guidance computer the IMU settings needed to be transferred to the lunar module system first adapted to the different orientations of the spacecraft the manual burns in the mid-course corrections were actually done with the abort guidance system on the lunar module due to power constraints with the Apollo guidance computer successful reruns reboot of the command and service module computer was luckily done hours before re-entry and last but not least Apollo 14 which had a floating solder ball in the abort button which might lead to an unwanted activation of abort therefore putting the lunar module back into orbit this was solved within hours by reprogramming the Apollo guidance computer disprove the execution of a different program which was not listening to the abort button during the party sent real abort activation they would have to be manually activated via the disk key so this was an overview and how the mission software was used on a flight to the moon and back now you probably want to run your own code on a real Apollo guidance computer so you need to know where to find 142 computers were built total seven lunar module computers crashed onto the moon three lunar module HTC's burned up in the Earth's atmosphere 11 command module computers returned they're all presumably parts of museum exhibits and 21 machines were not flown little is known about those one is on display at the Computer History Museum in Mountain View California but it is missing some components luckily several emulation solutions are publicly available as well as a tool chain and the complete mission source originally the size of a medium-sized suitcase is available on github it takes a village to create a presentation we would like to thank everyone who helped and supported us this includes the indirect contributors who wrote the books the original documentation the websites and the software thank you very much for your attention thank you good luck wow that was a densely packed talk thanks Miguel and thanks dis Yan for this amazing information overload please give a warm hand of applause because we can't have a Q&A unfortunately

Info

Channel: media.ccc.de

Views: 189,901

Rating: 4.9168224 out of 5

Keywords:

Id: xx7Lfh5SKUQ

Channel Id: undefined

Length: 61min 41sec (3701 seconds)

Published: Thu Dec 28 2017