Safe, fast and lightweight
In 1904, Orville Wright made the world’s first controlled and sustained flight in a powered aircraft. He flew a total of 23 meters. For the time, it was a breathtaking event. Less than a year later, his brother, Wilbur, flew over a kilometer. One hundred and fifteen years later, I flew 10,722 kilometers from Paris to Singapore. As far as firsts in aviation goes, it was far from breathtaking. It was totally normal, and just one of dozens of flights to arrive in Singapore that day, as they have been doing for years.
When humans fly...
The first airplanes were controlled by humans, using sheer strength. If the pilot pulled on the stick, it would pull on wires that ran the length of the airplane, and activate control surfaces. The bigger the plane, the more force was needed. It didn’t take long until humans could no longer control airplanes by themselves, they needed motors and hydraulics to help them. But wait, if a human can activate hydraulics, a computer can too, right? They are faster, and more reliable than humans. And so we found ourselves with airplanes that had flight computers.
Back to the modern day? My correspondance flight was an Airbus A320. The first A320 flew in 1987, but by the looks of this one, it is brand new. It’s a silent flight back to my home city. I’m looking out of the window watching the clouds as we skim over them. On the wings, control surfaces are constantly moving to keep this beautiful bird stable, saving me from as much turbulence as possible. As I watch the landscape, I remember my early days of computing. 1987, my Commodore Amiga 500. An incredible machine, with its 512 kilobytes of RAM, and capable of playing games in an amazing 320x256. An amazing piece of hardware that I was in love with, all of this powered by a Motorola 68000 processor. I’m reminded of this because that is exactly what is controlling the flaps on this wing, a good old 68000.
The system controlling the structures on the wing is known as the ELAC, short for Elevator Aileron Computer. It is a critical piece of equipment. If your computer crashes, then it leaves you in a bad mood. If a flight computer crashes, well, everything might crash. Literally. Don’t worry though, these systems are completely redundant; an A320 has two ELACs, as well as five other systems that can take over if anything ever happens. What Airbus has done here is to make a reliable flying computer, one that is made up of dozens of smaller computers.
So why am I putting my life in the hands of the processor that let me play games when I was young? Well, one reason is that the original design for the A320 dated back to this era, so they used processors that were available, which is logical. However, this design has been kept up to date, so why didn’t this processor change? Why don’t we use something faster, like a Core i7 like we have in our modern computers? There are a few reasons. It isn’t about price; a new A320 costs over 100 million dollars, a few dollars more won’t change anything.
The first reason is just enough. The 68000 has just enough technology to get the job done. Your computer might run at three gigahertz, but don’t be fooled by slower processors; with some clever development, you can squeeze a lot of calculation out of a low-powered device.
The second reason is reliability. The 68000 is a proven design, used by Commodore on my Amiga 500, but also NASA for flight computers. Engineers knew this system inside out. The 68k as it is known is extremely reliable, and easy to program.
One big one, or lots of small ones?
Maybe an A320 could run on a single processor, one massive system that controls everything, like a mainframe of the sky. However, by separating this into lots of tiny systems, it makes the entire system safe, fast and lightweight. Safe, because there might be hundreds of lines of code, instead of tens of millions, making bugs easier to catch, and makes testing easier to perform. Fast, because no matter what is happening elsewhere on the plane, this one system is making sure that I’m safe and comfortable. Lightweight, not in terms of physical weight, but in terms of code. Not only is the code on the ELAC brought down to the strict minimum, but other systems don’t need to handle the ELAC, they just need to send data, and that data will be handled.
By splitting tasks into several subsystems, everything becomes safer. What happens in the worst case, if the ELAC fails? A second system is available to take over immediately, safety isn’t compromised, and the crew is probably notified by a red light somewhere, but the flight continues. What happens if a single system processor fails? Let’s not think about that. All I know is that this flying computer brought me safely home, and comfortably, despite the strong winds. Now, if only they could use the same level of reliability to get my baggage back, because that was a completely different experience.
At Luos, we split code into smaller pieces that can be run on several microcontrollers, as if everything was on a single CPU. From a development standpoint, you don’t need to spend time developing inter-microcontroller communications, and you don’t even need to know where your program is physically located, it becomes available on a network.