[AR] Re: The NASA paper on manual control of the Saturn.
- From: "Monroe L. King Jr." <monroe@xxxxxxxxxxxxxxxxxx>
- To: arocket@xxxxxxxxxxxxx
- Date: Wed, 13 Nov 2013 19:40:22 -0700
Thanks for that.
Monroe
> -------- Original Message --------
> Subject: [AR] Re: The NASA paper on manual control of the Saturn.
> From: Norman Yarvin <yarvin@xxxxxxxxxxxx>
> Date: Wed, November 13, 2013 7:28 pm
> To: arocket@xxxxxxxxxxxxx
>
>
> On Fri, Oct 11, 2013 at 12:47:07PM +1300, Michael Fincham wrote:
> >On Thu, 10 Oct 2013 16:26:52 -0700 (GMT-07:00), David Weinshenker wrote:
> >> Yes, please put it up for download
> >> somewhere
> >
> >I've put it up online here:
> >
> ><http://finch.am/u/nasa-saturn-manual-control-pdf>
> >
> >It'll probably hang around for a while at that URL if anyone wants to
> >grab a copy.
>
>
> I just got around to having a look at it. A few things stand out.
> For one, this wasn't manual control as in "something that would work
> if all the computers fail". The pilot wasn't given eight levers, one
> for each control signal (pitch and yaw for the four gimbaled F-1
> engines), and told "have at it... you can control this thing, sure you
> can, I mean you have ten fingers, and there are only eight signals, so
> you have two fingers to spare". Instead his control input was sent to
> the control computer for the launch vehicle, which translated it into
> engine movements. If any computer was cut out of the equation, it was
> the control computer for the spacecraft, which was also involved in
> normal flight... but it seems like that computer was mostly just
> relaying data from the gyros in the spacecraft (although that part
> isn't described well in the paper, and others may wish to correct me
> as to the true way the two computers interacted). In any case,
> technically, using the joystick didn't cut either computer out of the
> loop; instead the pilot's signals were added to the computer's -- but
> it seems like the joystick had enough control authority to thoroughly
> override the computer's choice. That is, as long as the computer was
> working and obeying the joystick; "computer failure" does not appear
> on the list of failure scenarios they considered.
>
> Besides the joystick, the pilot was also given six switches to turn
> off parts of the automatic control loop. Those were in case various
> sensors failed. But they considered those sensor failures to be low
> probability, and the ability to override them not a big contributor to
> the overall benefit of the system. Skimming through the procedures
> for sensing those faults and flicking those switches (Appendix B),
> they read like things that, these days, could and should be done in
> software.
>
> They found that it was important to give the pilot a "load relief
> system", meaning lift sensors: he had a display showing the output of
> accelerometers mounted near the center of mass of the vehicle, so that
> what they sensed (at least in two dimensions) was aerodynamic lift.
> The idea was to fly so as to minimize that lift -- which,
> interestingly, was to be done even before any failure had occurred, so
> as to give "a greater margin of safety in the event of a system
> failure". I don't know whether the astronauts actually ended up doing
> that.
>
> From simulating one particular failure (engine gimbal actuator hard
> over, the failure mode they figured was the most probable) in "95%
> wind", they gave the automatic system an "effectivity" of 0.488, the
> piloted system with lift sensors an "effectivity" of 0.322, and the
> piloted system with no lift sensors an "effectivity" of 0.045. In
> each case that number is the probability of the launcher being broken
> up by wind and other forces, so a lower "effectivity" is better
> (making it a poor choice of word -- but at least they weren't being
> modern and politically correct, and using "piloted" as a euphemism for
> "manned": here "piloted" actually means piloted).
>
> But in some of the other failure scenarios the pilot didn't help: for
> the "loss of thrust in one engine" scenario (another thing they
> thought there was a big chance of, and rightly so), the differences in
> success rates were marginal, and vehicle loss was highly probable.
>
> These days, introducing extra lift sensors and only giving access to
> them to the human would be cheating: the normal thing to do would be
> to let the computer code use them too, for cross-checking and/or for
> flying in a degraded mode. But back in the days when every byte was
> precious and computers were programmed in assembler (if not in machine
> code), it was a normal sort of thing to do. (For the simulations they
> did for the paper, they didn't even use a digital computer; instead
> they used "a 400-amplifier analog computer complex with extensive
> function generation capability".)
>
> But given that this wasn't computers versus wires-and-cables-and-
> hydraulics but rather computers in automatic mode versus computers in
> joystick mode, it's also permissible to wonder whether the joystick
> mode was what it should have been. Were the control parameters
> altered appropriately for the engine-out scenario, for instance? The
> computer knew that the engine was out, and could have altered them --
> but did it alter them, and if so did it do it well? Likely not, since
> if it did it well, why would a human be needed in the first place? Or
> maybe no possible control action would work in those cases -- they
> were pushing the system rather hard, considering cases near max-Q and
> with high winds and high wind shear, but they don't address the
> question of whether the system was controllable in those failure
> cases, or whether no possible set of commands would work. (It's the
> kind of question you could throw a lot of computer power at, these
> days, but they didn't have a lot of computer power.)
>
>
> --
> Norman Yarvin http://yarchive.net/blog
Other related posts:
