| ▲ | anonymousiam 2 hours ago | |||||||||||||
proper SEU mitigation goes far beyond ECC. Satellites fly higher than the A320, and they (at least the ones I know about) use Triple Modular Redundancy: https://en.wikipedia.org/wiki/Triple_modular_redundancy https://en.wikipedia.org/wiki/Single-event_upset For manned spaceflight, NASA ups N from 3 to 5. Other mitigations include completely disabling all CPU caches (with a big performance hit), and continuously refreshing the ECC RAM in background. There are also a bunch of hardware mitigations to prevent "latch up" of the digital circuits. | ||||||||||||||
| ▲ | rkagerer an hour ago | parent [-] | |||||||||||||
In redundant systems like these, how do you avoid the voting circuit becoming a single point of failure? Eg. I could understand if each subsystem had its own actuators and they were designed so any 3 could aerodynamically override the other 2, but I don't think that's how it works in practice. | ||||||||||||||
| ||||||||||||||