logoalt Hacker News

anonymousiamtoday at 5:52 AM2 repliesview on HN

proper SEU mitigation goes far beyond ECC. Satellites fly higher than the A320, and they (at least the ones I know about) use Triple Modular Redundancy: https://en.wikipedia.org/wiki/Triple_modular_redundancy

https://en.wikipedia.org/wiki/Single-event_upset

For manned spaceflight, NASA ups N from 3 to 5.

Other mitigations include completely disabling all CPU caches (with a big performance hit), and continuously refreshing the ECC RAM in background.

There are also a bunch of hardware mitigations to prevent "latch up" of the digital circuits.


Replies

aborsytoday at 8:58 AM

TMR and co are basically repetition codes, simplest performant least efficient ECC.

rkagerertoday at 7:09 AM

In redundant systems like these, how do you avoid the voting circuit becoming a single point of failure?

Eg. I could understand if each subsystem had its own actuators and they were designed so any 3 could aerodynamically override the other 2, but I don't think that's how it works in practice.

show 3 replies