1
00:00:00,000 --> 00:00:14,610
34C3 preroll music
2
00:00:14,610 --> 00:00:21,220
Herald: The following talk is about a very
relevant piece of technological legacy of
3
00:00:21,220 --> 00:00:27,990
our human race. The first piece of
computer that landed on our moon and
4
00:00:27,990 --> 00:00:33,619
actually it became a metric. People
started to compare other architectures,
5
00:00:33,619 --> 00:00:40,610
other computers in volumes of multiples of
processing speed of this computer. It's
6
00:00:40,610 --> 00:00:46,100
rocket science, but it's even harder: it's
computer rocket science. So I'm very happy
7
00:00:46,100 --> 00:00:50,920
to have Christian Hessmann, or Hessie, on
stage who is actually a rocket scientist.
8
00:00:50,920 --> 00:00:52,799
And for the ...
laughter
9
00:00:52,799 --> 00:00:58,249
... for the computer part we have Michael
Steil who is the founder of the Xbox Linux
10
00:00:58,249 --> 00:01:02,670
project and has gathered with this project
and many others lots and lots of
11
00:01:02,670 --> 00:01:06,520
experience around architectures of
computers. So please give a warm round of
12
00:01:06,520 --> 00:01:09,550
applause for the Ultimate
Apollo Guidance talk!
13
00:01:09,550 --> 00:01:18,060
applause
14
00:01:18,060 --> 00:01:22,659
Michael Steil: Welcome! Is this on?
Can you all hear me? Yes.
15
00:01:22,659 --> 00:01:27,140
Welcome to the Ultimate Apollo Guidance
Computer Talk, a.k.a. a comprehensive
16
00:01:27,140 --> 00:01:32,359
introduction into computer architecture.
And operating systems. And spaceflight.
17
00:01:32,359 --> 00:01:34,159
laughter
18
00:01:34,159 --> 00:01:37,590
My name is Michael Steil ...
Christian: ... and I'm Christian Hessmann.
19
00:01:37,590 --> 00:01:42,100
Michael: This talk is number six in a series
by various people. The idea is to explain as
20
00:01:42,100 --> 00:01:46,490
much as possible about a classic computer
system in 60 minutes. The Apollo Guidance
21
00:01:46,490 --> 00:01:50,860
Computer AGC is a digital computer that
was designed from scratch specifically for
22
00:01:50,860 --> 00:01:54,580
use on board of the Apollo spacecraft to
support the Apollo moon landings between
23
00:01:54,580 --> 00:02:01,919
1969 and 1972. Developed at MIT between
1961 and 1966 a total of 42 AGCs were
24
00:02:01,919 --> 00:02:06,650
built at a cost of about $200,000 each.
The base clock is about one megahertz,
25
00:02:06,650 --> 00:02:11,289
all data is 15 bits, and there are two
kilowords of RAM and 36 kiloword ROM,
26
00:02:11,289 --> 00:02:16,480
words of ROM. It's about the size of
a large suitcase, weighs 32 kilograms and
27
00:02:16,480 --> 00:02:22,130
consumes about 55 watts. Its user
interface is a numeric display and keyboard.
28
00:02:22,130 --> 00:02:27,080
Some historical context: In the
mid 1960s you couldn't just take
29
00:02:27,080 --> 00:02:29,580
an off-the-shelf computer and
put it into a spacecraft.
30
00:02:29,580 --> 00:02:31,771
The first mini computers were
the size of a small fridge -
31
00:02:31,771 --> 00:02:36,320
too heavy, to power-hungry and too slow
for real-time scientific calculations,
32
00:02:36,320 --> 00:02:40,040
even though the industry had come a long
way since the previous decade.
33
00:02:40,040 --> 00:02:43,110
Already 10 years later
though, microcomputers with highly
34
00:02:43,110 --> 00:02:46,820
integrated circuits started outclassing
the AGC Hardware in many regards.
35
00:02:46,820 --> 00:02:49,960
There are many reasons that make the AGC
especially interesting:
36
00:02:51,420 --> 00:02:55,630
The architecture is very 60s and feels
very alien to us today,
37
00:02:55,630 --> 00:02:58,060
the hardware is very innovative for its time.
38
00:02:58,060 --> 00:03:01,560
It has some very interesting
and unusual peripherals.
39
00:03:01,560 --> 00:03:04,770
Its operating system was revolutionary
for its time and
40
00:03:04,770 --> 00:03:07,880
the mission software has all the bits to
- with the right hardware attached -
41
00:03:07,880 --> 00:03:09,390
fly you to the moon.
42
00:03:10,710 --> 00:03:13,360
C: In the Apollo program, the Apollo
guidance computer was used
43
00:03:13,360 --> 00:03:16,700
in two unmanned test missions, where
it was remote control from the ground,
44
00:03:16,700 --> 00:03:21,060
and three manned test missions, and in
the seven manned landing missions.
45
00:03:21,060 --> 00:03:24,500
Astronauts hated the idea of giving up any
control to a computer,
46
00:03:24,500 --> 00:03:27,120
they wanted to be in charge.
And while as a fallback,
47
00:03:27,120 --> 00:03:29,170
most of the mission could also
be flown manually,
48
00:03:29,170 --> 00:03:30,910
the mission planners got their way.
49
00:03:30,910 --> 00:03:33,420
To understand the purpose
and the responsibilities of the
50
00:03:33,420 --> 00:03:36,070
Apollo Guidance Computer, we need to
first look at the Apollo mission.
51
00:03:36,070 --> 00:03:38,980
The core strategy of the Apollo program
was, instead of landing
52
00:03:38,980 --> 00:03:42,390
the complete spacecraft on the moon,
for which an extremely large rocket
53
00:03:42,390 --> 00:03:45,240
would have been required, to only
land a much smaller lander
54
00:03:45,240 --> 00:03:48,750
while the larger part with the fuel
for the way back stays in orbit.
55
00:03:48,750 --> 00:03:51,870
So the Apollo spacecraft can be
separated into the lunar module,
56
00:03:51,870 --> 00:03:56,330
the command module and the service module.
The Saturn 5 rocket launches it and
57
00:03:56,330 --> 00:03:59,140
three astronauts from Cape Kennedy
into Earth orbit.
58
00:03:59,140 --> 00:04:02,970
By accelerating at the right time the
translunar injection moves the spacecraft
59
00:04:02,970 --> 00:04:06,750
into a so-called free return orbit,
but just coasting it would travel
60
00:04:06,750 --> 00:04:09,050
around the moon and back to earth.
61
00:04:09,050 --> 00:04:11,950
Right at the beginning of this three-day journey
the command and service module
62
00:04:11,950 --> 00:04:17,190
extracts the lunar module and docks with it.
By braking on the far side of the moon the
63
00:04:17,190 --> 00:04:22,350
spacecraft enters a lunar orbit. After two
of the astronauts have climbed into the
64
00:04:22,350 --> 00:04:26,590
lunar module, and after undocking, the
lunar module breaks - this is called
65
00:04:26,590 --> 00:04:32,850
powered descent - and lands.
66
00:04:32,850 --> 00:04:36,240
Applause
67
00:04:36,240 --> 00:04:40,020
After taking off again, the lunar module
rendezvous with the command and service
68
00:04:40,020 --> 00:04:43,220
module and the two astronauts from the
lunar module climb into the command module
69
00:04:43,220 --> 00:04:47,240
and the lunar module is jettisoned. The
remaining command and service module
70
00:04:47,240 --> 00:04:50,520
accelerates at the far side of the
Moon for trajectory towards Earth.
71
00:04:50,520 --> 00:04:55,010
For entry, only the command module remains.
By the way, these excellent visualizations
72
00:04:55,010 --> 00:04:58,140
are from Jared Owen's "How the Apollo
spacecraft works" videos,
73
00:04:58,140 --> 00:05:00,971
which we can highly recommend.
74
00:05:00,971 --> 00:05:03,530
The command and service
module and the lunar module each contained
75
00:05:03,530 --> 00:05:07,190
one a AGC. It was the same hardware,
but attached to partially different
76
00:05:07,190 --> 00:05:11,040
I/O devices, and with the software
adapted for the specific spacecraft.
77
00:05:11,040 --> 00:05:15,250
The astronauts interact with them through
the display and keyboard units, which are
78
00:05:15,250 --> 00:05:18,870
mounted alongside these
hundreds of switches.
79
00:05:18,870 --> 00:05:22,590
The computer's responsibilities
during the mission are to track
80
00:05:22,590 --> 00:05:26,200
the position and speed, the so called
state vector of both spacecraft,
81
00:05:26,200 --> 00:05:30,450
stabilize the spacecraft's attitude,
calculate the control engine burns and
82
00:05:30,450 --> 00:05:34,730
monitor or control the
Saturn V during launch.
83
00:05:36,810 --> 00:05:40,280
M: In order to understand how the Apollo
guidance computer does all this,
84
00:05:40,280 --> 00:05:43,900
we'll look at its architecture, the
hardware implementation, some of its
85
00:05:43,900 --> 00:05:47,520
interesting peripherals, the system
software as well as ...
86
00:05:47,520 --> 00:05:50,340
the system software as well as
the mission software.
87
00:05:50,340 --> 00:05:55,290
The architecture of the
AGC can be described as a Von Neumann
88
00:05:55,290 --> 00:05:59,370
accumulator machine with 15 bit one's
complement big-endian arithmetic.
89
00:05:59,370 --> 00:06:03,200
So we'll talk about the instruction set, the
arithmetic model and instruction encoding
90
00:06:03,200 --> 00:06:06,690
as well as the memory model, I/O
operations and counters, and finally the
91
00:06:06,690 --> 00:06:11,741
interrupt model. Machine code instruction
sets vary widely. The instruction set of a
92
00:06:11,741 --> 00:06:14,300
modern ARM processor, which is mainly
optimized for runtime performance
93
00:06:14,300 --> 00:06:18,730
consists of about 400 instructions. Subleq
is a language mostly of academic interest,
94
00:06:18,730 --> 00:06:22,010
that shows that a single instruction can
be enough to solve the same problems as
95
00:06:22,010 --> 00:06:25,990
all other turing-complete languages. While
a more complex constructions, that can
96
00:06:25,990 --> 00:06:30,740
achieve higher code density and contribute
to higher performance, it also generally
97
00:06:30,740 --> 00:06:34,600
means that the CPU will be drastically
more complex. A computer from the early
98
00:06:34,600 --> 00:06:38,250
1960s consisted of only a few thousand
transistors as opposed to today's
99
00:06:38,250 --> 00:06:42,970
billions, which is why this is the sweet
spot for the AGC. 36 instructions provided
100
00:06:42,970 --> 00:06:46,790
just about the performance that was
required for the mission. These are the 36
101
00:06:46,790 --> 00:06:50,770
instructions: some load and store
instructions, arithmetic and logic,
102
00:06:50,770 --> 00:06:56,120
control flow instructions, I/O instructions
and instructions for dealing with interrupts.
103
00:06:56,120 --> 00:06:59,931
The memory model is the cornerstone
of the instruction set. Memory consists of
104
00:06:59,931 --> 00:07:04,991
4096 cells, numbered in hexadecimal
000 through FFF. Each cell contains a
105
00:07:04,991 --> 00:07:10,710
15 bit word, numbered between 0 and
7FFF. Almost all changes in data -
106
00:07:10,710 --> 00:07:15,960
in memory go through a 15 bit accumulator,
also called the A register. A program can
107
00:07:15,960 --> 00:07:19,080
copy words between the accumulator and a
memory cell, but also add, subtract,
108
00:07:19,080 --> 00:07:23,340
multiply and divide values, as they are
moved around. The data in memory can have
109
00:07:23,340 --> 00:07:26,690
many meanings, depending on how it is
interpreted. These values may represent
110
00:07:26,690 --> 00:07:29,740
integers, while those three words are
meant to be decoded as machine code
111
00:07:29,740 --> 00:07:33,090
instructions. Code and data in a single
address space make the AGC a so-called Von
112
00:07:33,090 --> 00:07:38,140
Neumann machine. The CPU's program counter
PC always holds the address of the
113
00:07:38,140 --> 00:07:42,310
instruction to be executed next. The
'load' instruction copies the contents of
114
00:07:42,310 --> 00:07:46,200
a given memory cell into the accumulator.
The PC goes on to the next instruction.
115
00:07:46,200 --> 00:07:50,220
The 'add' instruction adds contents of a
given memory cell to the accumulator, and
116
00:07:50,220 --> 00:07:53,159
the 'store' instruction copies the value
in the accumulator into memory at a given
117
00:07:53,159 --> 00:07:57,830
location. The generalized version of these
instructions we just saw, use K as a
118
00:07:57,830 --> 00:08:02,729
placeholder for a memory address as an
argument. These are cards that are quick
119
00:08:02,729 --> 00:08:08,120
reference of instructions. This is the
generic syntax of the instruction, a short
120
00:08:08,120 --> 00:08:11,460
description, the exact operations in
pseudocode - this one takes a memory
121
00:08:11,460 --> 00:08:15,190
address k and adds it to a, the
accumulator - the encoding of the
122
00:08:15,190 --> 00:08:19,639
instruction in memory, and the number of
clock cycles. The original syntax is the
123
00:08:19,639 --> 00:08:22,949
name the original designers gave to the
instruction. For this talk I have chosen a
124
00:08:22,949 --> 00:08:27,400
more modern syntax, here on the right,
which makes it much more easier, much
125
00:08:27,400 --> 00:08:30,990
easier to describe the CPU both to people
with and without a background in machine
126
00:08:30,990 --> 00:08:34,719
programming. Let's have a look at the
instruction set in detail. Here's an
127
00:08:34,719 --> 00:08:39,039
example of the load instruction. Load a
comma indirect two zero zero. On the left
128
00:08:39,039 --> 00:08:42,818
you see the set of registers of the AGC.
Most operations work with the accumulator,
129
00:08:42,818 --> 00:08:47,069
so we will be ignoring the other registers
for now. While executing this instruction,
130
00:08:47,069 --> 00:08:50,779
the CPU looks at memory at location two
zero zero, reads its contents and copies
131
00:08:50,779 --> 00:08:55,670
it into the accumulator. This is the store
instruction "store", a load indirect two
132
00:08:55,670 --> 00:08:59,009
zero zero comma A. Like with all
instructions the first argument is the
133
00:08:59,009 --> 00:09:03,041
destination - memory - the second one the
source - the accumulator. It looks up
134
00:09:03,041 --> 00:09:06,490
address two zero zero in memory and copies
the contents of the accumulator to that
135
00:09:06,490 --> 00:09:10,110
cell. There's also an exchange
instruction which can atomically swap the
136
00:09:10,110 --> 00:09:14,870
contents of the accumulator and a memory
cell. The 'add' instruction will look up
137
00:09:14,870 --> 00:09:18,329
the contents of a given memory address and
add it to the contents of the accumulator
138
00:09:18,329 --> 00:09:23,049
and store the result back into the
accumulator. And there's a 'subtract'
139
00:09:23,049 --> 00:09:26,589
instruction. It takes the contents of
memory dest and subtracts it from the
140
00:09:26,589 --> 00:09:30,720
content of the accumulator and stores the
result back into the accumulator.
141
00:09:30,720 --> 00:09:34,139
The result of every subtraction can be
negative, so we need to talk about how
142
00:09:34,139 --> 00:09:39,290
negative numbers are expressed on the AGC.
Let's look at just 4 bit numbers.
143
00:09:39,290 --> 00:09:44,860
4-bit unsigned integers can express values
from 0 to 15 with sign and value encoding
144
00:09:44,860 --> 00:09:48,410
the uppermost bit corresponds to the sign,
and the remaining 3 bits represent the
145
00:09:48,410 --> 00:09:52,869
absolute value. Consequently, there are
separate values for plus 0 and minus 0.
146
00:09:52,869 --> 00:09:55,589
This encoding is hard to work with, since
the 0 transitions need to be special
147
00:09:55,589 --> 00:09:59,430
cased. One's Complement encoding has the
order of the negative numbers reversed.
148
00:09:59,430 --> 00:10:03,709
The 0 transitions are simpler now, but
there's still two representations of 0.
149
00:10:03,709 --> 00:10:07,389
Modern Two's Complement encoding only has
a single encoding for 0, and it's fully
150
00:10:07,389 --> 00:10:12,180
backwards compatible with unsigned
addition and subtraction. In the 1960s,
151
00:10:12,180 --> 00:10:15,670
computers designed for scientific
calculations are usually One's Complement
152
00:10:15,670 --> 00:10:21,039
and so is the AGC. Unsigned four bit
numbers can express values from 0 to 15.
153
00:10:21,039 --> 00:10:25,779
In One's Complement the values 0 through 7
match the unsigned values 0 through 7, and
154
00:10:25,779 --> 00:10:30,320
the negative size side is organized like
this: Unlike Two's Complement, the two
155
00:10:30,320 --> 00:10:33,589
sides are perfectly symmetrical, so
negating a number is as easy as
156
00:10:33,589 --> 00:10:40,200
complementing it, that is, flipping all
the bits. So the two representations of 0
157
00:10:40,200 --> 00:10:45,830
are plus 0, with all 0 bits, and minus 0,
with all 1 bits. Addition in the positive
158
00:10:45,830 --> 00:10:50,179
space is equivalent to the unsigned
version, same in the negative space when
159
00:10:50,179 --> 00:10:54,449
mapping signed negative numbers to their
unsigned counterparts. It gets interesting
160
00:10:54,449 --> 00:11:01,509
when we have a 0 transition. Signed 6 - 4
is 6 + (-4) which is unsigned 6 + 11,
161
00:11:01,509 --> 00:11:07,970
which in modulus 16 is 1. We have a carry.
In One's Complement, a carry needs to be
162
00:11:07,970 --> 00:11:11,319
added to the end result, so we get two,
which is correct. The trick to jump over
163
00:11:11,319 --> 00:11:14,169
the duplicate 0 on a zero-transition
by adding the carries is called
164
00:11:14,169 --> 00:11:16,329
the 'end-around-carry'.
165
00:11:16,329 --> 00:11:20,050
An overflow means that the signed result
does not fit into the number space.
166
00:11:20,050 --> 00:11:24,630
Signed 7 + 1 would result in signed -7,
which is incorrect. The same happens
167
00:11:24,630 --> 00:11:28,421
when overshooting negative numbers. After
applying the end-around carry, the result
168
00:11:28,421 --> 00:11:33,190
of signed 7 here is incorrect. The CPU
detects this and flags the result, the
169
00:11:33,190 --> 00:11:37,429
accumulator has an extra bit to record the
information about an overflow, we call it V.
170
00:11:37,429 --> 00:11:44,939
So if we have code that reads the value
of 7FFF from memory and adds 1, the result
171
00:11:44,939 --> 00:11:49,139
is 0 and an overflow is detected, so the
accumulator is flagged. The store
172
00:11:49,139 --> 00:11:52,580
instruction in addition to writing A to
memory, does extra work if there's an
173
00:11:52,580 --> 00:11:57,880
overflow condition: it clears the overflow
condition, writes plus 1 or minus 1 into A,
174
00:11:57,880 --> 00:12:01,970
depending on whether it's a positive or
a negative overflow, and skips the next
175
00:12:01,970 --> 00:12:05,790
instruction. This way the program can
detect the overflow and use the plus 1 or
176
00:12:05,790 --> 00:12:10,670
minus 1 to apply the signed carry to a
higher-order word. By storing A to memory,
177
00:12:10,670 --> 00:12:15,459
we now have a double-word result. In one's
complement negating a number is as easy
178
00:12:15,459 --> 00:12:19,069
as flipping every bit in a word so there's
a dedicatet instruction for loading and
179
00:12:19,069 --> 00:12:22,160
negating a value. ldc, which stands for
'load complement', reads a word from
180
00:12:22,160 --> 00:12:27,610
memory, negates it by inverting all the
bits and writes it into the accumulator.
181
00:12:27,610 --> 00:12:31,730
Incrementing, that is adding 1 to a word,
is such a common operation that there's a
182
00:12:31,730 --> 00:12:35,509
dedicated instruction that increments a
word in memory in place. There is no
183
00:12:35,509 --> 00:12:38,879
corresponding decrement instruction.
Instead, there are two similar instructions:
184
00:12:38,879 --> 00:12:43,140
augment and diminish. The increment
instruction adds one to the original value,
185
00:12:43,140 --> 00:12:46,410
the augment instruction adds one
to all positive values and
186
00:12:46,410 --> 00:12:51,019
subtracts 1 from all negative values.
Effectively increments the absolute value
187
00:12:51,019 --> 00:12:54,819
retaining the sign. The diminish
instruction decrements positive values and
188
00:12:54,819 --> 00:13:00,360
increments negative values. Optimized for
scientific calculations, the CPU has
189
00:13:00,360 --> 00:13:04,420
dedicated multiplication circuitry. The
model instruction reads a word from memory
190
00:13:04,420 --> 00:13:09,019
and multiplies it with the accumulator.
When you multiply two signed 15 bit words,
191
00:13:09,019 --> 00:13:13,139
you need up to 29 bits, that is two words,
for the result. The complete result will
192
00:13:13,139 --> 00:13:17,149
be written into two registers, the upper
half into A and the lower half into B.
193
00:13:17,149 --> 00:13:21,420
B is a separate 15 bit register which is
mostly used together with the accumulator
194
00:13:21,420 --> 00:13:26,540
with instructions that deal with 30 bit
data. Double word values are expressed
195
00:13:26,540 --> 00:13:29,709
with the uppermost bits in A, or, if in
memory, at lower addresses, and the lower
196
00:13:29,709 --> 00:13:34,299
bits in B, or at higher addresses, making
the AGC a big endian machine. Assuming the
197
00:13:34,299 --> 00:13:38,290
normalized form, with matching signs, the
effective value is the concatenation of
198
00:13:38,290 --> 00:13:42,290
the two times 14 bits of the values.
199
00:13:42,290 --> 00:13:45,990
Division also works with double words.
It takes the combination of
200
00:13:45,990 --> 00:13:49,540
the A and B registers as the dividend
and a word from memory as the divisor.
201
00:13:49,540 --> 00:13:52,659
There are also two results:
the result and the remainder.
202
00:13:52,659 --> 00:13:55,230
The result is written into A and
the remainder in to B.
203
00:13:55,230 --> 00:13:59,590
Some other instructions also allow
using A and B as a double word register.
204
00:13:59,590 --> 00:14:02,959
Load a b comma indirect two zero zero
looks up addresse two zero zero in
205
00:14:02,959 --> 00:14:06,439
memory and reads the words at this
and the next cell into A and B.
206
00:14:06,439 --> 00:14:09,899
The load complement variant does the same
but inverts all bits during the load.
207
00:14:09,899 --> 00:14:12,749
There is no instruction to store A and B
in a single step,
208
00:14:12,749 --> 00:14:16,149
but there is a double word
exchange instruction. And finally there's
209
00:14:16,149 --> 00:14:21,079
an add instruction that works in double
words. And to load and store just the B
210
00:14:21,079 --> 00:14:26,459
register there's an exchange instruction
for that. For working with tables there's
211
00:14:26,459 --> 00:14:29,730
the indexed addressing mode. Any
instruction that takes an address as an
212
00:14:29,730 --> 00:14:35,610
argument can use it. This example 'load A
comma indirect 7 0 0 plus indirect 8 0'
213
00:14:35,610 --> 00:14:42,519
first looks up address 0 8 0, adds it to
the base of 7 0 0, which results in 7 0 2,
214
00:14:42,519 --> 00:14:47,069
reads from that address and writes the
result into A. What does this mean?
215
00:14:47,069 --> 00:14:51,399
There's a table in memory at 7 0 0. In the
example, it contains multiples of 3, and
216
00:14:51,399 --> 00:14:56,309
an index to that table is stored in memory
at 0 8 0, which in the example is 2.
217
00:14:56,309 --> 00:15:00,529
So we read the entry at index 2 of
the table, which is 6.
218
00:15:00,529 --> 00:15:03,799
Without a base address, we get
the syntax in this example:
219
00:15:03,799 --> 00:15:08,319
load A comma double indirect 8 0.
The base is effectively zero in this case.
220
00:15:08,319 --> 00:15:13,490
The CPU will look up the value at 0 8 0
in memory, add it to the base of 0,
221
00:15:13,490 --> 00:15:16,989
so the value is still the same.
And read from that address.
222
00:15:16,989 --> 00:15:21,480
In this case, memory at 0 8 0 effectively
stores what C programmers know
223
00:15:21,480 --> 00:15:25,200
as a pointer, and 3A0 is the pointer's
different destination.
224
00:15:25,200 --> 00:15:28,780
The instruction performed it indirectly.
225
00:15:29,600 --> 00:15:32,600
By default, instructions are
executed sequentially.
226
00:15:32,600 --> 00:15:36,249
The program counter PC increments as
instructions are executed, always pointing
227
00:15:36,249 --> 00:15:39,949
to the next instruction. Control flow
instructions like jump and conditional
228
00:15:39,949 --> 00:15:44,609
jump change that. When the CPU hits a jump
instruction, it will load its argument
229
00:15:44,609 --> 00:15:49,079
into the program counter, which means that
execution will continue at that address.
230
00:15:49,079 --> 00:15:53,389
jz, jump if zero, only jumps if A is zero.
Otherwise it continues with the next
231
00:15:53,389 --> 00:15:57,629
instruction. Similarly, jlez only jumps if
A is negative or zero.
232
00:15:57,629 --> 00:16:03,449
CCS count compare and skip, is a fun one.
It's a four-way fork for execution.
233
00:16:03,449 --> 00:16:06,820
Depending on whether the value in
memory is positive, negative,
234
00:16:06,820 --> 00:16:11,050
plus minus - plus zero, minus zero, it will
jump to one of the next four instructions.
235
00:16:11,050 --> 00:16:14,209
If you know the value is
positive or zero, you can ignore
236
00:16:14,209 --> 00:16:16,480
the other two cases and just
fill the first two slots.
237
00:16:16,480 --> 00:16:20,430
And if it's supposed to be only negative,
you have to skip the first two slots.
238
00:16:20,430 --> 00:16:23,879
They should never be reached, but
it's good practice for them to fill them
239
00:16:23,879 --> 00:16:29,029
with error handlers. Since CCS also puts
the absolute diminished value of the
240
00:16:29,029 --> 00:16:34,489
memory location into A, so it decrements
A, a special case of CCS A can be used for
241
00:16:34,489 --> 00:16:38,680
loops that count down A. The call
instruction. Isn't it for calling
242
00:16:38,680 --> 00:16:42,609
subroutines aka functions. It's like a
jump instruction but it saves its origin,
243
00:16:42,609 --> 00:16:45,809
so the callee can return to it later. For
the call instruction, the program counter
244
00:16:45,809 --> 00:16:49,869
is incremented first, and then copied into
the link register LR. Finally, the
245
00:16:49,869 --> 00:16:52,930
argument of the call instruction is copied
into the program counter, so that
246
00:16:52,930 --> 00:16:57,440
execution continues there. The link
register now contains the return address.
247
00:16:57,440 --> 00:17:00,939
At the end of the subroutine, the RET
instruction effectively copies the
248
00:17:00,939 --> 00:17:05,010
contents of the linked register into the
program counter, so execution resumes just
249
00:17:05,010 --> 00:17:08,690
after the call instruction.
If the subroutine wants to call
250
00:17:08,690 --> 00:17:11,500
its own subroutine, the program has to
save the link register before,
251
00:17:11,500 --> 00:17:15,071
and restore it afterwards. There's an
exchange instruction specifically for this.
252
00:17:15,071 --> 00:17:18,580
For additional levels, a stack can be
constructed, manually,
253
00:17:18,580 --> 00:17:20,400
using the indexing syntax.
254
00:17:20,400 --> 00:17:24,010
So far we've seen the following
registers: the A register is used for
255
00:17:24,010 --> 00:17:27,839
memory accesses and all arithmetic. It is
combined with the B register for double
256
00:17:27,839 --> 00:17:31,731
width arithmetic, the program counter to
keep track of what to execute and the link
257
00:17:31,731 --> 00:17:34,830
register remembers the return address when
calling a subroutine. We haven't seen the
258
00:17:34,830 --> 00:17:38,519
zero register yet. It always contains
zero, so when we read from it, we get zero
259
00:17:38,519 --> 00:17:42,280
and when we write to it the value gets
discarded. There are three more registers
260
00:17:42,280 --> 00:17:46,330
that we will talk about later. The eight
registers are numbered, that is they are
261
00:17:46,330 --> 00:17:50,610
assigned memory addresses. This means that
the first eight words in memory are
262
00:17:50,610 --> 00:17:53,940
actually occupied by the registers. They
can be accessed using the addresses and
263
00:17:53,940 --> 00:17:57,900
all instructions that take a memory
address. This allows for much greater
264
00:17:57,900 --> 00:18:01,559
flexibility in the instruction set: we can
load A with the contents of the B register
265
00:18:01,559 --> 00:18:05,440
by reading the contents of memory at
location 1 into A. The content of zero can
266
00:18:05,440 --> 00:18:09,690
be loaded into A by just reading from
memory at 7, which is the zero register.
267
00:18:09,690 --> 00:18:14,190
A can be incremented by incrementing
memory at zero and B can be used as
268
00:18:14,190 --> 00:18:20,499
a pointer by reading from double indirect
one. Let's look at memory more closely.
269
00:18:20,499 --> 00:18:26,719
Memory is 4096 words and goes from
000 to FFF. The registers are located at
270
00:18:26,719 --> 00:18:31,140
the very bottom of memory. Including them,
there are 1024 words of RAM,
271
00:18:31,140 --> 00:18:35,100
random access memory, and
three kilowords of ROM, read-only memory.
272
00:18:35,100 --> 00:18:38,820
The AGC was originally architected to
only have this little RAM and ROM,
273
00:18:38,820 --> 00:18:42,220
but there's actually more.
Let's look at the RAM area.
274
00:18:42,220 --> 00:18:45,960
The uppermost quarter is banked. The area
is a window through which one of eight
275
00:18:45,960 --> 00:18:50,540
different banks can be accessed, each 250
words in size. The erasable Bank register
276
00:18:50,540 --> 00:18:56,040
EB points to one of these banks. If EB is
0, Bank 0 is visible in the banked area.
277
00:18:56,040 --> 00:19:01,309
If EB is five, bank five is visible.
Addresses in the fixed area always
278
00:19:01,309 --> 00:19:05,100
represent the same RAM cells, but these
are not additional cells, but the same as
279
00:19:05,100 --> 00:19:09,030
banks zero, one and two. This means that
there's a total of 8 times 256 words of
280
00:19:09,030 --> 00:19:15,690
RAM, two kilowords. ROM is organized
similarly. The lower kiloword is banked.
281
00:19:15,690 --> 00:19:22,280
The fixed bank register FB selects one of
the 32 banks. Support for more than 32
282
00:19:22,280 --> 00:19:26,090
kilowords of ROM was added at the last
minute. The 'superbank' bit can switch the
283
00:19:26,090 --> 00:19:28,330
uppermost eight banks to the second set..
laughter
284
00:19:28,330 --> 00:19:32,880
so that a total of 40 kilowords are
supported by the architecture.
285
00:19:32,880 --> 00:19:36,799
The fixed ROM area will always show the
same contents as two of the ROM banks, the
286
00:19:36,799 --> 00:19:42,169
designers chose banks two and three to
simplify address encoding. In practice,
287
00:19:42,169 --> 00:19:46,850
fixed ROM contains core operating system
code, and fixed RAM core operating system
288
00:19:46,850 --> 00:19:49,870
data, that have to be available at all
times. The remaining functionality is
289
00:19:49,870 --> 00:19:55,059
distributed across the different ROM and
RAM banks. Switching the RAM Bank can be
290
00:19:55,059 --> 00:19:58,960
done by writing through the EB register.
This is not a separate instruction but can
291
00:19:58,960 --> 00:20:04,279
be expressed by writing A to memory
location three. If A is five, writing A
292
00:20:04,279 --> 00:20:09,580
into EB will make RAM Bank five visible at
3 0 0. The same store instruction could be
293
00:20:09,580 --> 00:20:13,659
used to write to the FB register at memory
location 4, to switch the ROM Bank. But
294
00:20:13,659 --> 00:20:17,670
that wouldn't work for a common case.
If code in one bank wants to call code in
295
00:20:17,670 --> 00:20:21,559
another Bank, by first switching the
ROM Bank, load FB, and then doing
296
00:20:21,559 --> 00:20:26,059
the function call, writing the bank number
into FB will switch out the bank the code
297
00:20:26,059 --> 00:20:29,230
is currently running on, so it won't
be able to execute the call instruction.
298
00:20:29,230 --> 00:20:32,010
Instead it will continue running some
completely unrelated code that happens
299
00:20:32,010 --> 00:20:34,110
to get the same address on
the other bank.
300
00:20:34,110 --> 00:20:37,220
To call code on a different Bank,
FB and PC registers need
301
00:20:37,220 --> 00:20:41,889
to be changed atomically. call f is only a
synonym for the existing double word
302
00:20:41,889 --> 00:20:47,490
exchange instruction. Code first has to
load the bank and the program counter into
303
00:20:47,490 --> 00:20:55,750
A and B. Which then call f can atomically
move into FB and PC. The same exchange
304
00:20:55,750 --> 00:20:59,340
instruction can be used for a far return:
it moves the original values back into FB
305
00:20:59,340 --> 00:21:06,360
and PC. The two Bank registers only hold
five and three bits respectively. The
306
00:21:06,360 --> 00:21:10,659
other bits are zero and there's a third
bank register, BB, both banks, which
307
00:21:10,659 --> 00:21:15,000
merges the information from both other
bank registers. The call far both banks
308
00:21:15,000 --> 00:21:18,140
synonym is a double word exchange
instruction that updates the program
309
00:21:18,140 --> 00:21:22,769
counter and both banks. Subroutines
usually have their private variables on
310
00:21:22,769 --> 00:21:26,500
particular RAM banks. Call for both banks
passes control to a function on the
311
00:21:26,500 --> 00:21:29,870
different ROM Bank and also directly
switches RAM banks, so that the callee can
312
00:21:29,870 --> 00:21:33,890
immediately access its variables. Return
for both banks returns to the caller,
313
00:21:33,890 --> 00:21:39,160
restoring its RAM Bank configuration. The
unusual ordering of the bank registers was
314
00:21:39,160 --> 00:21:43,299
chosen to allow for a double word exchange
of FB and PC, as well as for a double word
315
00:21:43,299 --> 00:21:49,149
exchange of PC and BB. Now we've seen all
eight registers. There's eight more
316
00:21:49,149 --> 00:21:52,210
special locations in memory above the
registers, the shadow area, which we'll
317
00:21:52,210 --> 00:21:56,179
talk about later. And above those, there
are four so-called editing registers,
318
00:21:56,179 --> 00:22:00,029
which make up for the missing shift and
rotate instructions. When writing a 15 bit
319
00:22:00,029 --> 00:22:05,660
value into the ROR editing register, it
will be moved to the right by one bit, and
320
00:22:05,660 --> 00:22:09,670
the lowest bit will be cycled to the top.
The result can then be read back.
321
00:22:09,670 --> 00:22:17,330
ROL rotates left, SHR shifts to the right
duplicating the top bit, and SHR7 shifts
322
00:22:17,330 --> 00:22:20,890
to the right by 7 bits, filling the top
with zeros. This is needed for the
323
00:22:20,890 --> 00:22:25,760
interpreter system software component that
we'll learn about later. We have seen that
324
00:22:25,760 --> 00:22:29,669
the CPU is connected to RAM and ROM over
the memory bus, but computers also talk to
325
00:22:29,669 --> 00:22:34,580
peripheral devices that is the I/O bus.
We've already seen the address space for
326
00:22:34,580 --> 00:22:39,529
memory; there is a second address space
to talk to devices. There are 512 I/O
327
00:22:39,529 --> 00:22:44,550
channels numbered 000 through FFF. Each
channel is 15 bits, and the in and out
328
00:22:44,550 --> 00:22:48,980
instructions can read words from -, and
write words to I/O channels. For many
329
00:22:48,980 --> 00:22:53,690
devices, a channel contains 15 individual
control bits. A control bit can for
330
00:22:53,690 --> 00:22:58,639
example toggle a lamp on a display. The
'out OR' instruction sets individual bits,
331
00:22:58,639 --> 00:23:03,580
and 'out AND' clears individual bits. So
I/O instructions can work on the whole
332
00:23:03,580 --> 00:23:10,400
word or do boolean operations on them:
AND, OR and XOR. To make boolean
333
00:23:10,400 --> 00:23:15,320
operations also usable between registers,
channels 1 and 2 are actually aliases of
334
00:23:15,320 --> 00:23:21,860
the B and LR registers, which allows for
these instructions. For AND there's also a
335
00:23:21,860 --> 00:23:27,299
dedicated instruction that works on A and
memory. After the registers, the shadow
336
00:23:27,299 --> 00:23:31,909
area, and the editing registers, there's
another special area: the counters. Like
337
00:23:31,909 --> 00:23:36,090
I/O channels, they connect to external
devices but they don't send bits or hold
338
00:23:36,090 --> 00:23:39,961
words back and forth, instead they are
controlled by hardware pulses, or cause
339
00:23:39,961 --> 00:23:44,630
hardware pulses. On every pulse, TIME1
gets incremented for example, while other
340
00:23:44,630 --> 00:23:51,220
counters take the number stored into them
by code and count down, generating pulses.
341
00:23:51,220 --> 00:23:55,190
When I/O devices need to signal the CPU,
thay can interrupt normal execution.
342
00:23:55,190 --> 00:23:58,509
Next to the program counter, which points
to the next instruction, there's the
343
00:23:58,509 --> 00:24:02,520
instruction register which holds the
current opcode. When an interrupt happens,
344
00:24:02,520 --> 00:24:08,570
the CPU copies PC into a special memory
location PC' and IR into IR' and then
345
00:24:08,570 --> 00:24:12,340
jumps to a magic location depending on the
type of interrupt, in this example 814.
346
00:24:12,340 --> 00:24:16,059
When the interrupt handlers finished
servicing the device the iret instruction
347
00:24:16,059 --> 00:24:20,530
will copy PC' and IR' back into PC and IR,
so execution will continue at the original
348
00:24:20,530 --> 00:24:26,690
location. Memory locations eight through
hex F are shadows of the eight registers.
349
00:24:26,690 --> 00:24:30,360
PC and IR are automatically saved by
interrupts and the remaining registers
350
00:24:30,360 --> 00:24:35,330
need to be saved by software if necessary.
The overflow condition flag cannot be
351
00:24:35,330 --> 00:24:40,120
saved or restored, so while there's an
overflow condition until the next store
352
00:24:40,120 --> 00:24:44,019
instruction, which resolves the offload,
interrupts will be disabled.
353
00:24:44,019 --> 00:24:49,960
The 11 interrupt handlers have to reside
in fixed ROM starting at 8 0 0.
354
00:24:49,960 --> 00:24:54,609
There are 4 words for each entry.
Typical interrupt entry code saves A and B,
355
00:24:54,609 --> 00:25:00,319
loads A and B with a bank and PC of the
actual handler and jumps there.
356
00:25:00,319 --> 00:25:04,160
Interrupt 0 is special: it's the
entry point on reset.
357
00:25:04,160 --> 00:25:07,799
Next we will enter the interrupt return
instruction, there's an instruction
358
00:25:07,799 --> 00:25:11,019
to cause an interrupt in software,
and instructions to enable and
359
00:25:11,019 --> 00:25:15,960
disable interrupts globally. There is one
more special memory location at hex 37,
360
00:25:15,960 --> 00:25:20,830
the watchdog. This location needs to be
read from or - read from or written to -
361
00:25:20,830 --> 00:25:23,940
at least every 0.64 seconds
otherwise the hardware will decide the
362
00:25:23,940 --> 00:25:29,539
system software is unresponsive and cause
a reset. Now we've seen an instruction set
363
00:25:29,539 --> 00:25:33,039
and in the examples we've seen the codes
that represent instructions in memory.
364
00:25:33,039 --> 00:25:37,070
Let's look at how the encoding works. The
load instruction, the upper three bits are
365
00:25:37,070 --> 00:25:41,790
the opcode representing the load a and the
remaining 12 bits encode the address.
366
00:25:41,790 --> 00:25:44,610
This allows for a total of eight
instructions but there are more
367
00:25:44,610 --> 00:25:48,570
than eight instructions. RAM addresses
always start with zero zero and
368
00:25:48,570 --> 00:25:53,560
ROM adresses start with anything but
zero zero. So the store instruction,
369
00:25:53,560 --> 00:25:57,100
which only makes sense on RAM, only
needs to encode 10 address bits instead
370
00:25:57,100 --> 00:26:02,620
of 12, making room for another
three RAM-only instructions.
371
00:26:02,620 --> 00:26:05,539
The same is true for the increment
instruction, which makes room for
372
00:26:05,539 --> 00:26:10,310
three more, as well as CCS which shares
an opcode with jump, which only works
373
00:26:10,310 --> 00:26:15,779
on ROM addresses. Since jumps to the
bank register don't make much sense
374
00:26:15,779 --> 00:26:21,310
these codes are used to encode STI, CLI
and extend. Extend is a prefix.
375
00:26:21,310 --> 00:26:23,570
It changes the meaning of the opcode
of the next instruction ...
376
00:26:23,570 --> 00:26:28,389
laughter ... allowing for a
second set of two-word instructions.
377
00:26:28,389 --> 00:26:33,990
There's one more special call instruction
'call 2' which is 'call LR',
378
00:26:33,990 --> 00:26:37,510
which is the return instruction. But
the CPU doesn't special case this one.
379
00:26:37,510 --> 00:26:42,009
Return is a side-effect of calling memory
at location 2. It executes the instruction
380
00:26:42,009 --> 00:26:45,960
encoded in the LR register, the 12 bit
address with the leading zeros decodes
381
00:26:45,960 --> 00:26:52,200
into another call instruction which
transfers control to the return address.
382
00:26:52,200 --> 00:26:56,929
Indexed addressing is achieved by using
the index prefix. An indexed instruction
383
00:26:56,929 --> 00:27:00,480
consists of two instruction words, index
and the base instruction. The addressing
384
00:27:00,480 --> 00:27:03,690
code in the base instruction is the base
address and the index instruction encodes
385
00:27:03,690 --> 00:27:08,809
the address of the index. Index is an
actual instruction. The CPU reads from the
386
00:27:08,809 --> 00:27:14,549
given address, 0 8 0 in the example, then
adds its value, 3, to the instruction code
387
00:27:14,549 --> 00:27:19,830
of the following instruction 3 7 0 0 which
is stored in the internal IR register.
388
00:27:19,830 --> 00:27:23,980
Then it uses the resulting instruction
code 3 7 0 3 for the next instruction,
389
00:27:23,980 --> 00:27:29,880
which is a load from 703, the effective
address. If an interrupt occurs after in
390
00:27:29,880 --> 00:27:33,200
the index instruction, that is no problem
because IR contains the effective
391
00:27:33,200 --> 00:27:36,339
instruction code which will be saved into
IR Prime and restored at the end of the
392
00:27:36,339 --> 00:27:40,490
interrupt handler. Finally there's one
index encoding with a special meaning.
393
00:27:40,490 --> 00:27:42,950
When the address looks like it's
referencing the shadow instruction
394
00:27:42,950 --> 00:27:47,060
register it's an interrupt return
instruction. Looking at the instruction
395
00:27:47,060 --> 00:27:50,230
set architecture as a whole, there are
many quirky and unusual features when
396
00:27:50,230 --> 00:27:53,470
compared to modern architectures. It uses
One's Complement instead of Two's
397
00:27:53,470 --> 00:27:57,809
Complement; it has no status register; the
overflow flag can't even be saved so
398
00:27:57,809 --> 00:28:01,900
interrupts are disabled until the overflow
is resolved; the store instruction may
399
00:28:01,900 --> 00:28:06,610
skip a word under certain circumstances;
the ccs destruction can skip several words
400
00:28:06,610 --> 00:28:11,049
and can be outright dangerous if the
instructions following it use prefixes;
401
00:28:11,049 --> 00:28:14,379
there are no shift or rotate instructions
but magic memory locations that shift and
402
00:28:14,379 --> 00:28:18,889
rotate when writing into them; most
boolean instructions only work on I/O
403
00:28:18,889 --> 00:28:23,039
channels; indexing is done by hacking the
following instruction code, and the
404
00:28:23,039 --> 00:28:28,400
architecture has no concept of a stack,
indexing has to be used if one is needed.
405
00:28:28,400 --> 00:28:32,929
This was the architecture of the Apollo
guidance computer, now let's look at how
406
00:28:32,929 --> 00:28:36,460
this architecture is implemented in
hardware. The hardware implementation runs
407
00:28:36,460 --> 00:28:40,320
at one megahertz, is micro coded and uses
integrated circuits, core memory, and core
408
00:28:40,320 --> 00:28:43,310
rope memory. We'll look at the block
diagram and how instructions are
409
00:28:43,310 --> 00:28:46,999
implemented in micro code, and then about
how the schematics map to integrated
410
00:28:46,999 --> 00:28:52,890
circuits on modules on trays. This
simplified block diagram shows the AGC at
411
00:28:52,890 --> 00:28:57,190
the hardware level. Each box contains on
the order of 500 logic gates. The dotted
412
00:28:57,190 --> 00:29:01,340
lines are wires that to move a single bit
of information, the solid lines are 15
413
00:29:01,340 --> 00:29:07,049
wires that move a data word. These units
deal with timing and control, and these
414
00:29:07,049 --> 00:29:11,370
are the central units. The central
register unit stores A, B, link registers,
415
00:29:11,370 --> 00:29:16,409
and program counter, and the arithmetic
unit can add and subtract numbers. The
416
00:29:16,409 --> 00:29:22,090
memory components deal with RAM and ROM.
The main clock of about one megahertz
417
00:29:22,090 --> 00:29:25,450
feeds into the sequence generator which
keeps cycling through twelve stages, which
418
00:29:25,450 --> 00:29:31,340
is one memory cycle, MCT. Instructions
usually take as many memory cycles as they
419
00:29:31,340 --> 00:29:35,899
need memory accesses, so load, add, and
store take two cycles, and jump takes one.
420
00:29:35,899 --> 00:29:39,519
The sequence generator contains a
collection of 12 step micro programs for
421
00:29:39,519 --> 00:29:44,690
each MCT, for each instruction, like this
one for the load instruction. In each
422
00:29:44,690 --> 00:29:51,740
step, the entries send control pulses to
the other units, which are connected
423
00:29:51,740 --> 00:29:57,059
through the write bus. The control signal
WA for example instructs the register unit
424
00:29:57,059 --> 00:30:01,399
to put the contents of A onto the write
bus, and RA makes it read the value on the
425
00:30:01,399 --> 00:30:06,630
bus into A. Memory is also connected to
the write bus. WS will copy the bus
426
00:30:06,630 --> 00:30:10,349
contents into the memory address register,
and RG and WG will read and write the G
427
00:30:10,349 --> 00:30:15,720
register, which buffers the cells value
after read and before a write. So in stage
428
00:30:15,720 --> 00:30:24,629
7 for example RG puts the memory buffer
onto the bus, and WB writes the bus
429
00:30:24,629 --> 00:30:30,000
contents into the temporary G register.
And in T10, B gets put on the bus and it
430
00:30:30,000 --> 00:30:33,899
gets read into the A register. At the
beginning of every memory cycle the
431
00:30:33,899 --> 00:30:37,860
hardware sends the memory address S,
usually what's encoded instruction, to
432
00:30:37,860 --> 00:30:42,330
memory and copies the contents of that
address into G. in the second half of the
433
00:30:42,330 --> 00:30:47,999
MCT it stores G back into the same cell.
So if we show memory timing next to the
434
00:30:47,999 --> 00:30:50,440
microcode, as well as the pseudocode
version of the load instruction which is
435
00:30:50,440 --> 00:30:55,470
easier to read, we can see it loads the
value from memory into G copies it into B
436
00:30:55,470 --> 00:30:59,049
and then copies it into A. More
interesting is the exchange instruction.
437
00:30:59,049 --> 00:31:05,519
It saves A to B, reads memory into G,
copies the result into A, copies the old
438
00:31:05,519 --> 00:31:11,210
value into G, and stores that G into
memory. Division for example takes several
439
00:31:11,210 --> 00:31:15,460
MCT and it's micro program is way more
complex. But there are more micro programs
440
00:31:15,460 --> 00:31:18,799
than the ones for the machine
instructions. Since there is only a single
441
00:31:18,799 --> 00:31:21,580
adding unit in the whole computer,
incrementing and decrementing the counters
442
00:31:21,580 --> 00:31:26,070
is done by converting the pulses into
special instructions that get injected
443
00:31:26,070 --> 00:31:30,539
into the instruction stream. There are 14
of these so-called unprogrammed sequences
444
00:31:30,539 --> 00:31:34,749
with their own micro programs. Some counter
shift, some are for interacting with
445
00:31:34,749 --> 00:31:40,869
debugging hardware, and these two control
the interrupt and reset sequences.
446
00:31:40,869 --> 00:31:46,079
The complete schematics are publicly
available and fit on just 49 sheets.
447
00:31:46,079 --> 00:31:51,119
The whole implementation only uses a single
type of gate, a three input NAND gate.
448
00:31:51,119 --> 00:31:54,870
Two of these are contained in one
integrated circuit, and about a hundred of
449
00:31:54,870 --> 00:31:57,700
these ICs form a logic module.
450
00:31:59,580 --> 00:32:03,730
24 logic modules and some interface and
power supply modules are connected
451
00:32:03,730 --> 00:32:06,999
together in tray A, which also contains
the I/O and debug connectors.
452
00:32:06,999 --> 00:32:11,370
Tray B contains various driver and amplifier
modules, as well as RAM and ROM.
453
00:32:11,370 --> 00:32:16,061
RAM is implemented as magnetic core memory,
which stores bits in magnetized toroids.
454
00:32:16,061 --> 00:32:19,800
Reading a bit clears it, so the memory
sequencer makes sure to always write the
455
00:32:19,800 --> 00:32:24,080
value again after reading it.
Without mass storage, like tape, the AGC
456
00:32:24,080 --> 00:32:29,960
has an unusually high amount of ROM.
Core Rope Memory encodes bits by wires that
457
00:32:29,960 --> 00:32:35,190
either go through- or past a ferrite core.
The 500,000 bits per computer were woven
458
00:32:35,190 --> 00:32:40,429
completely by hand. Trays A and B are put
together like this and hermetically
459
00:32:40,429 --> 00:32:45,019
sealed, making for a rather compact
computer. This is its orientation when
460
00:32:45,019 --> 00:32:50,440
installed on the spacecraft, with the six
ROM modules accessible so they could in
461
00:32:50,440 --> 00:32:54,529
theory be replaced during the mission. And
that was the hardware part.
462
00:32:54,529 --> 00:33:00,699
applause
C: Next let's look at the devices.
463
00:33:00,699 --> 00:33:04,610
applause
464
00:33:04,610 --> 00:33:08,090
Let's look at the devices connected
to the computer.
465
00:33:08,090 --> 00:33:10,921
We will look at the core devices
that allow the Apollo guidance computer to
466
00:33:10,921 --> 00:33:14,260
maintain the state vector, some quite
special devices you don't see on many
467
00:33:14,260 --> 00:33:17,759
other computers, and the peripherals used
for communication with astronauts and
468
00:33:17,759 --> 00:33:21,799
Mission Control. The gyroscope is the core
peripheral that the Apollo guidance
469
00:33:21,799 --> 00:33:24,800
computer was originally built around. The
Apollo Guidance Computer rotates it into a
470
00:33:24,800 --> 00:33:28,600
certain base position with the CDU command
counters, and then the gyro detects
471
00:33:28,600 --> 00:33:31,930
rotation around the three axes of the
spacecraft that can be read from the CDU
472
00:33:31,930 --> 00:33:35,470
counters. Using the gyroscope, the
spacecraft always knows it's attitude,
473
00:33:35,470 --> 00:33:39,799
that is its orientation in space. The
accelerometer adjust acceleration forces
474
00:33:39,799 --> 00:33:45,509
on the three axis. The three values can be
read from the PIPA counters. The optics on
475
00:33:45,509 --> 00:33:49,419
the command module are used to measure the
relative position to the celestial bodies.
476
00:33:49,419 --> 00:33:53,220
The computer uses the OPT command counters
to move the optics to point towards the
477
00:33:53,220 --> 00:33:56,669
general direction of a star, and will read
in the astronauts fine-tuning through the
478
00:33:56,669 --> 00:34:00,640
OPT counters. The landing radar sits at
the bottom of the lunar module and
479
00:34:00,640 --> 00:34:03,649
measures the distance to the ground. The
RADARUPT interrupt will be triggered
480
00:34:03,649 --> 00:34:07,009
whenever a new measurement is available,
and the RNRAD counter contains the new
481
00:34:07,009 --> 00:34:11,562
value. Lunar module's rendezvous radar
measures the distance of the command and
482
00:34:11,562 --> 00:34:15,550
service module during rendezvous. After
setting the two angles and the CDUT and
483
00:34:15,550 --> 00:34:18,980
CDUS counters to point it towards the two
other spacecraft, it will automatically
484
00:34:18,980 --> 00:34:22,250
track it and cause RADARUPT interrupts
when new data is available, which can be
485
00:34:22,250 --> 00:34:26,780
read from the RNRAD counters. The command
module, the service module, and the lunar
486
00:34:26,780 --> 00:34:30,960
module all contain reaction control
system, RCS, jets that emit small bursts
487
00:34:30,960 --> 00:34:34,870
for holding or charging the attitude. On
lunar module, there's one bit for each of
488
00:34:34,870 --> 00:34:38,469
the sixteen jets. Setting a bit to one
will make the jet fire.The system software
489
00:34:38,469 --> 00:34:44,189
uses a dedicated timer, TIME6, and it's
interrupt T6RUPT for timing the pulses.
490
00:34:44,189 --> 00:34:47,560
The user interface is provided by the so
called DSKY which stands for display and
491
00:34:47,560 --> 00:34:51,861
keyboard. It has 19 keys, 15 lamps, and
several numeric output lines.
492
00:34:51,861 --> 00:34:55,050
Keys generate the KEYRUPT interrupts and
the key number can be read
493
00:34:55,050 --> 00:34:59,630
from the KEYIN I/O channel. The numeric
display is driven by the OUT O channel.
494
00:34:59,630 --> 00:35:02,500
There is bidirectional digital radio
communication and S-band between
495
00:35:02,500 --> 00:35:06,970
Mission Control and each spacecraft at a
selectable speed of 1.9 or 51 kbit/s
496
00:35:06,970 --> 00:35:10,210
Data words from Mission Control show up
in the INLINK counter and
497
00:35:10,210 --> 00:35:15,071
trigger interrupt UPRUPT. Data words to be
sent are stored in the I/O channel DNTM1
498
00:35:15,071 --> 00:35:17,690
and the DOWNRUPT interrupt will signal
the program when it can load
499
00:35:17,690 --> 00:35:23,550
the register with the next word. These
were some of the interesting peripherals.
500
00:35:25,070 --> 00:35:29,520
M: The AGC system, the AGC system software
501
00:35:29,520 --> 00:35:32,490
makes it a priority based cooperative -
but also pre-emptive - real-time
502
00:35:32,490 --> 00:35:37,410
interactive fault tolerant computer with
virtual machine support. The topics we'll
503
00:35:37,410 --> 00:35:40,740
talk about are multitasking, the
interpreter, device drivers, and the
504
00:35:40,740 --> 00:35:45,540
waitlist, as well as the user interface,
and mechanisms for fault recovery. The AGC
505
00:35:45,540 --> 00:35:49,020
has many things to do. It does
mathematical calculations that can take
506
00:35:49,020 --> 00:35:52,900
several seconds, and it does I/O with its
devices; it services interrupts when a
507
00:35:52,900 --> 00:35:56,890
device wants the computers attention, for
example a key press. It does regular
508
00:35:56,890 --> 00:36:01,110
servicing of devices, like updating the
display, and it supports real-time
509
00:36:01,110 --> 00:36:05,820
control, like flashing a lamp or firing
boosters at exactly the right time.
510
00:36:05,820 --> 00:36:09,520
There's only a single CPU, so it must
switch between the different tasks.
511
00:36:09,520 --> 00:36:13,680
Batch processing multitasking computers
work on long-running jobs one after the
512
00:36:13,680 --> 00:36:17,720
other, but if some jobs have higher
priorities it makes more sense to run a job
513
00:36:17,720 --> 00:36:21,140
for only - say 20 milliseconds - then
check the job queues and keep running
514
00:36:21,140 --> 00:36:24,830
the highest priority job in the queue
until it terminates and is removed
515
00:36:24,830 --> 00:36:29,300
from the queue, then keep picking the
highest priority job.
516
00:36:29,300 --> 00:36:32,560
Jobs have to manually check at least
every 20 milliseconds whether
517
00:36:32,560 --> 00:36:36,110
there's a higher priority job in the queue
by doing doing a so-called 'yield',
518
00:36:36,110 --> 00:36:41,370
which makes the AGC a priority scheduled
cooperative multitasking computer.
519
00:36:41,370 --> 00:36:44,790
A job is described by 12 word data
structure in memory, that contains
520
00:36:44,790 --> 00:36:48,690
the PC and both bank's register that point
to where the job will start or continue
521
00:36:48,690 --> 00:36:55,170
running, as well as a word with a disabled
flag in the sign bit and a 5 bit priority.
522
00:36:55,170 --> 00:36:59,120
The core set consists of seven
job entries. Minus zero in the priority
523
00:36:59,120 --> 00:37:03,100
word means that the entry is empty. Job
zero is always the currently running one.
524
00:37:03,100 --> 00:37:07,040
When a new job gets created with a higher
priority, the yield operation will
525
00:37:07,040 --> 00:37:12,070
exchange the 12 words so that new job is
job zero. Negating the priority will put a
526
00:37:12,070 --> 00:37:16,510
job to sleep, so yield won't switch to it
again. Negating it again will wake it up.
527
00:37:16,510 --> 00:37:20,530
The first eight words in the job entry can
be used for local storage for the job.
528
00:37:20,530 --> 00:37:23,250
Since it's always job zero that is
running, these words are always
529
00:37:23,250 --> 00:37:27,840
conveniently located at the same addresses
in memory. The executive has a set of
530
00:37:27,840 --> 00:37:32,790
subroutines that control the job data
structures. You can create a new job
531
00:37:32,790 --> 00:37:37,190
pointed to by a pair of PC and BB
registers of a given priority, change the
532
00:37:37,190 --> 00:37:41,430
priority of the current job, put the
current job to sleep, wake up a given job,
533
00:37:41,430 --> 00:37:45,931
and terminate the current job.
Yield is not an executive function, but a
534
00:37:45,931 --> 00:37:50,190
two instruction sequence that checks the
new job variable in which the executive
535
00:37:50,190 --> 00:37:54,070
always holds the idea of the highest
priority job. If job zero is the highest
536
00:37:54,070 --> 00:37:57,450
priority job there's nothing to do. If
there is a higher priority job, it calls
537
00:37:57,450 --> 00:38:02,120
the change job subroutine which switches
to that job. NEWJOB isn't just a variable
538
00:38:02,120 --> 00:38:05,990
in memory, but also the watchdog word. If
it isn't accessed regularly, that is
539
00:38:05,990 --> 00:38:10,280
cooperative multitasking is stuck, the
hardware will automatically reset itself.
540
00:38:10,280 --> 00:38:14,500
A lot of the code in the AGC does
scientific calculations, calculating for
541
00:38:14,500 --> 00:38:18,610
example just the sum of two products of a
scalar and a vector would require hundreds
542
00:38:18,610 --> 00:38:22,971
of instructions in AGC machine code. There
is library code that provides all kinds of
543
00:38:22,971 --> 00:38:27,370
operations on single, double, or triple
precision fixed point values, vectors, and
544
00:38:27,370 --> 00:38:32,570
matrices. It also provides a softer multi-
purpose accumulator, MPAC, which can hold
545
00:38:32,570 --> 00:38:36,240
a double, triple, or a vector, depending
on the mode flag. In C-like pseudo code we
546
00:38:36,240 --> 00:38:40,610
would load the vector into the MPAC,
multiply it with a scalar, save it, do the
547
00:38:40,610 --> 00:38:45,650
other multiplication, and add the result
to the saved value. Formulas like this one
548
00:38:45,650 --> 00:38:50,930
need to store intermediate results, so a
thirty-eight word stack is provided. If a
549
00:38:50,930 --> 00:38:54,160
job uses math code, the MPAC, the MODE
field, and the stack pointer will be
550
00:38:54,160 --> 00:38:58,040
stored in the remaining fields of the Core
Set Entry. The stack will be part of a
551
00:38:58,040 --> 00:39:02,700
data tructure called VAC, which will be
pointed to by the Core Set Entry. A job
552
00:39:02,700 --> 00:39:06,450
can be created with, or without a VAC,
depending on which subroutine it is
553
00:39:06,450 --> 00:39:11,530
created with. The machine code version of
the example code would still be very
554
00:39:11,530 --> 00:39:15,100
verbose, with many function calls passing
pointers. The designers of the AGC
555
00:39:15,100 --> 00:39:18,080
software decided to create a new and
compact language that will be interpreted
556
00:39:18,080 --> 00:39:22,450
at runtime, a virtual machine. The
interpretive language is turing-complete
557
00:39:22,450 --> 00:39:26,710
and in addition to the MPAC it has two
index registers, two step registers, and
558
00:39:26,710 --> 00:39:31,030
its own link register. The encoding
manages to fit two seven bit op codes in
559
00:39:31,030 --> 00:39:35,290
one word, which allows for 128 op codes
and explains why there is a 'shift right
560
00:39:35,290 --> 00:39:39,720
by seven' function in the CPU. The two
operands are stored in the following two
561
00:39:39,720 --> 00:39:44,540
words, allowing 14 bit addresses. 14 bit
addresses means interpretive code doesn't
562
00:39:44,540 --> 00:39:48,970
have to work this complicated memory layer
anymore. It allows addressing about half
563
00:39:48,970 --> 00:39:53,080
of the ROM at the same time. At the lowest
kiloword of each half, RAM is visible, so
564
00:39:53,080 --> 00:39:57,900
interpretive code can pick between one of
these two memory layouts. This is the
565
00:39:57,900 --> 00:40:01,580
complete instruction set, regular machine
code, interpretive code can be mixed and
566
00:40:01,580 --> 00:40:04,570
matched inside the job. The exit
instruction will continue executing
567
00:40:04,570 --> 00:40:08,870
regular machine code at the next address,
and CALL INTPRET will similarly switch to
568
00:40:08,870 --> 00:40:13,190
interpreter mode. In addition to long-
running math tasks, the system software
569
00:40:13,190 --> 00:40:17,001
also supports device drivers. When a
device needs the computers attention, for
570
00:40:17,001 --> 00:40:21,160
example in case of a DSKY key press, it
causes an interrupt. The current job will
571
00:40:21,160 --> 00:40:24,290
be interrupted, and the interrupt handler
will read the device data and return as
572
00:40:24,290 --> 00:40:29,401
quickly as possible. If there's more to
do, it can schedule a job for later. Some
573
00:40:29,401 --> 00:40:34,390
devices need to be serviced regularly. A
120 microsecond timer causes interrupts
574
00:40:34,390 --> 00:40:38,450
that read data and write data... that read
data from and write data to certain
575
00:40:38,450 --> 00:40:42,520
devices. The numeric display of the DSKY
for example only allows updating a few
576
00:40:42,520 --> 00:40:48,350
digits at a time, so its driver is
triggered by the 120 microsecond timer.
577
00:40:48,350 --> 00:40:51,930
The timer interrupt cycles through eight
phases, which distributes the device
578
00:40:51,930 --> 00:40:56,941
drivers across time to minimize the
duration of one interrupt handler. Some
579
00:40:56,941 --> 00:41:00,810
devices need to be driven at exact times.
If for example a job decides that it needs
580
00:41:00,810 --> 00:41:05,330
to flash a lamp twice, it would turn it on
immediately and schedule three weightless
581
00:41:05,330 --> 00:41:10,630
tasks in the future at specific times. The
first one will turn the lamp off, the
582
00:41:10,630 --> 00:41:15,940
second one will turn it on again and the
third one will turn it off again. The
583
00:41:15,940 --> 00:41:21,010
sorted time deltas of the weightless tasks
are stored in the data structure LST1,
584
00:41:21,010 --> 00:41:24,590
with the first entry always currently
counting down in a timer register, and
585
00:41:24,590 --> 00:41:29,630
LST2 contains a pair of PC and BB for each
task. There are subroutines to create a
586
00:41:29,630 --> 00:41:34,690
new task and end the current task. The
timer that controls the wait list has a
587
00:41:34,690 --> 00:41:39,251
granularity of 10 milliseconds. Other
timers can fire at the same rate, but are
588
00:41:39,251 --> 00:41:42,950
offset, and the work triggered by them is
designed to be short enough to never
589
00:41:42,950 --> 00:41:47,000
overlap with the next potential timer
triggered work. This is complicated by
590
00:41:47,000 --> 00:41:50,820
device interrupts, which can come in at
any time. The duration of an interrupt
591
00:41:50,820 --> 00:41:55,560
handler causes latency and the maximum
duration will reduce the allowed time for
592
00:41:55,560 --> 00:41:59,090
the timer handlers. The core system
software makes no guarantees about the
593
00:41:59,090 --> 00:42:04,120
timing, it's all up to components to...
it's up to all the components to cooperate
594
00:42:04,120 --> 00:42:10,270
so the real time goal can be met. The
PINBALL program is the shell of the AGC.
595
00:42:10,270 --> 00:42:14,160
Key press interrupts schedule a job, that
collects the digits for the command and
596
00:42:14,160 --> 00:42:18,380
updates an in-memory representation of
what should be on the display. The 120
597
00:42:18,380 --> 00:42:23,150
millisecond timer triggers the display
update code. When the command is complete
598
00:42:23,150 --> 00:42:27,940
PINBALL schedules a new job. Mission
Control has a remote shell in form of a
599
00:42:27,940 --> 00:42:34,070
DSKY connected through the s-band radio.
System software that supports human life
600
00:42:34,070 --> 00:42:37,830
has to be able to communicate malfunctions
and be able to recover from them.
601
00:42:37,830 --> 00:42:40,940
The alarm subroutine takes the following
word from the instruction stream,
602
00:42:40,940 --> 00:42:44,530
displays it, and illuminates the prog
light. This should be interpreted as
603
00:42:44,530 --> 00:42:48,590
a warning or an error message.
The AGC software is full of validity and
604
00:42:48,590 --> 00:42:51,550
plausibility checks that help to find
bugs during development and help
605
00:42:51,550 --> 00:42:54,250
better understanding potential issues
during the mission.
606
00:42:54,250 --> 00:42:58,080
Some kinds of failures triggered by
various hardware watchdogs or by code
607
00:42:58,080 --> 00:43:01,830
make it impossible for normal operations
to continue. In addition to showing
608
00:43:01,830 --> 00:43:05,950
the error code, they also cause a hardware
reset but the system software also offers
609
00:43:05,950 --> 00:43:10,500
recovery services. A job can have recovery
code for its different phases.
610
00:43:10,500 --> 00:43:15,080
During execution it sets the respective
phase and if an abort happens in any
611
00:43:15,080 --> 00:43:20,540
job or task, the currently set up recovery
routine gets executed which could
612
00:43:20,540 --> 00:43:25,070
for example clean up and try the work
again, or skip to a different phase, or
613
00:43:25,070 --> 00:43:30,070
cancel the job altogether. The phase
change call sets the current phase for a
614
00:43:30,070 --> 00:43:34,310
job in the recovery table, for example
phase 5 for job 4. Each phase is
615
00:43:34,310 --> 00:43:39,900
associated with a descriptor of a task or
a job with or without a VAC. So during
616
00:43:39,900 --> 00:43:44,150
normal execution with several jobs and
tasks scheduled, if an abort happens, the
617
00:43:44,150 --> 00:43:47,900
core set and wait list are cleared, the
contents of the recovery table are
618
00:43:47,900 --> 00:43:52,210
activated, scheduling tasks and jobs for
all jobs that set up recovery code.
619
00:43:52,210 --> 00:43:56,670
Sometimes a failure though, like corrupted
memory, are not recoverable. They cause a
620
00:43:56,670 --> 00:44:00,330
fresh start, meaning a full initialization
of the system without running any recovery
621
00:44:00,330 --> 00:44:05,030
code.
And that was the AGC system software.
622
00:44:07,630 --> 00:44:11,350
C: As we now have a good overview on
architecture, hardware, peripherals, and
623
00:44:11,350 --> 00:44:14,550
system software of the Apollo Guidance
Computer, it's time briefly view on it's
624
00:44:14,550 --> 00:44:18,930
practical use on a mission to the moon. We
will look at the user interface, the
625
00:44:18,930 --> 00:44:22,580
launch sequence, and, once in orbit, the
attitude in orbit determination. Further
626
00:44:22,580 --> 00:44:26,130
we will understand how the digital
autopilot works, and how powered flight is
627
00:44:26,130 --> 00:44:30,280
being performed. As soon as we've reached
the moon, we look at the lunar landing and
628
00:44:30,280 --> 00:44:34,380
the lunar rendezvous after liftoff and
finally re-entry into Earth's atmosphere.
629
00:44:34,380 --> 00:44:38,000
Last but not least contingencies, or as we
like to call them, "fun issues".
630
00:44:38,000 --> 00:44:41,761
Let's start with the user interface.
It is like any command-line interface but
631
00:44:41,761 --> 00:44:44,921
since there are only numbers and no letters,
key words have to be encoded.
632
00:44:44,921 --> 00:44:48,540
On a normal system you might say
'display memory', 'enter'.
633
00:44:48,540 --> 00:44:52,190
Display is the verb, memory is the noun.
On the Apollo guidance computer you say
634
00:44:52,190 --> 00:44:57,150
verb '0 1', which means 'display', noun
'0 2' - 'memory' - 'enter'.
635
00:44:57,150 --> 00:45:01,320
Subroutine asks for an argument. On a
normal system it might display a prompt,
636
00:45:01,320 --> 00:45:03,830
you enter the number, press 'enter'.
On the Apollo Guidance Computer, flashing
637
00:45:03,830 --> 00:45:09,350
'verb' and 'noun' indicate that is waiting
for input. So you type '2 5', 'enter';
638
00:45:09,350 --> 00:45:12,602
an octal address, and the Apollo Guidance
Computer displays the result.
639
00:45:12,602 --> 00:45:16,690
The memory contents at the address octal
'2 5'. The Apollo Guidance Computer uses
640
00:45:16,690 --> 00:45:19,840
the same concept of verb and noun when
it proactively asks for input.
641
00:45:19,840 --> 00:45:24,100
Verb '6', noun '11' asks for the CSI
ignition time. CSI meaning
642
00:45:24,100 --> 00:45:27,980
Coelliptic Sequence Initiation, we will
come to that later. Special case is when
643
00:45:27,980 --> 00:45:31,230
the Apollo Guidance Computer asks a
yes-or-no question. Verb 99 has the
644
00:45:31,230 --> 00:45:35,010
astronaut confirm engine ignition
with a proceed key.
645
00:45:35,010 --> 00:45:37,950
The astronauts have a complete reference of
all verbs and nouns on paper,
646
00:45:37,950 --> 00:45:41,160
as well as cue cards were the most
important information.
647
00:45:41,160 --> 00:45:45,510
Let's now go through each of the phases
of the mission, starting with a liftoff.
648
00:45:45,510 --> 00:45:49,530
So, we are on our way.
The Apollo Guidance Computer is
649
00:45:49,530 --> 00:45:53,500
in passive monitoring mode. With the
cutting of the umbilical cables, which you
650
00:45:53,500 --> 00:45:58,150
see right about ... now, it has started
the mission clock. In case this trigger
651
00:45:58,150 --> 00:46:01,690
fails, one DSKY is always prepared with
verb 75 and just waiting for 'enter' to
652
00:46:01,690 --> 00:46:04,940
manually start the mission timer. We can
display the mission elapsed time at any
653
00:46:04,940 --> 00:46:10,570
time with verb 16, noun 65. During the
flight with the SaturnV, the Apollo
654
00:46:10,570 --> 00:46:13,521
Guidance Computer is only performing
passive monitoring of the flight. Control
655
00:46:13,521 --> 00:46:16,660
of the SaturnV is with its own launch
vehicle digital computer, and the
656
00:46:16,660 --> 00:46:20,520
instrument unit ring. The DSKY
automatically shows verb 16, noun 62,
657
00:46:20,520 --> 00:46:24,110
which is velocity in feet per second.
Altitude change rate in feet per second,
658
00:46:24,110 --> 00:46:27,960
and altitude above pad and nautical miles.
Note that the units and the position of
659
00:46:27,960 --> 00:46:31,590
the decimal point are implicit, and yes
the whole system was working in metric
660
00:46:31,590 --> 00:46:35,300
internally but for the benefit of the
American astronauts the display procedures
661
00:46:35,300 --> 00:46:41,740
converted everything to imperial units.
laughter and applause
662
00:46:41,740 --> 00:46:45,731
In case of problems with the Saturn
computer, the Apollo Guidance Computer can
663
00:46:45,731 --> 00:46:49,050
take over full control of the launch
vehicle, in extreme cases astronauts could
664
00:46:49,050 --> 00:46:52,601
even steer the whole stack into orbit
themselves with the hand controller. In
665
00:46:52,601 --> 00:46:56,300
case you ever wanted to fly... to manualyl
control a 110 meter tall rocket with more
666
00:46:56,300 --> 00:46:59,020
than 30 million Newton of thrust, this is
your chance.
667
00:46:59,020 --> 00:47:01,540
laughter
In less than 12 minutes we've gone through
668
00:47:01,540 --> 00:47:04,820
the first and second stage and are using a
small burn from the third stage to get us
669
00:47:04,820 --> 00:47:09,190
into a 185 kilometer orbit which circles
the earth every 88 minutes.
670
00:47:11,050 --> 00:47:13,800
But how do we know where ...
we are in the right orbit?
671
00:47:13,800 --> 00:47:16,810
Well the Apollo guidance computer, as well
as Mission Control, are monitoring
672
00:47:16,810 --> 00:47:20,200
position and velocity, because to get
where we want to be, we first need to know
673
00:47:20,200 --> 00:47:24,210
where we are. To be able to navigate in
space, we need to maintain our
674
00:47:24,210 --> 00:47:26,990
three-dimensional position, and our
three-dimensional velocity,
675
00:47:26,990 --> 00:47:30,360
the so-called state vector. Let's start
with the determination of the position.
676
00:47:30,360 --> 00:47:34,670
For this we need a telescope and a space
sextant. The space sextant is very similar
677
00:47:34,670 --> 00:47:37,430
to an 18th century nautical sextant.
Position is determined by measuring
678
00:47:37,430 --> 00:47:41,320
the angle between the horizon and a
celestial body. As an horizon we can
679
00:47:41,320 --> 00:47:45,310
either take that of Earth or Moon and
celestial bodies - well we are in orbit,
680
00:47:45,310 --> 00:47:48,720
we are surrounded by them. So let's just
pick one. Luckily the Apollo guidance
681
00:47:48,720 --> 00:47:52,720
computer already knows the position of 45
of them. The whole optics hardware and the
682
00:47:52,720 --> 00:47:55,830
command and service module can be moved to
point in the general direction of Earth
683
00:47:55,830 --> 00:47:59,260
and moon. With the launch of program 52,
we command the Apollo guidance computer to
684
00:47:59,260 --> 00:48:02,840
rotate the spacecraft to point one axis of
the sextant, the so-called landmark line-
685
00:48:02,840 --> 00:48:07,310
of-sight, LLOS, to the nearest body, which
is earth or moon. The astronaut then used
686
00:48:07,310 --> 00:48:11,590
the optics systems to exactly align the
horizon to the LLOS. With the telescope
687
00:48:11,590 --> 00:48:14,490
the astronaut looks for one of the known
stars, points the star line to it and lets
688
00:48:14,490 --> 00:48:17,800
the Apollo guidance computer read the
tuning and shaft angle. Repeating this one
689
00:48:17,800 --> 00:48:20,960
or more times in a different plane gives a
three-dimensional position of the vehicle
690
00:48:20,960 --> 00:48:25,130
in space. In the lunar module on the other
hand, the optics hardware was trimmed down
691
00:48:25,130 --> 00:48:28,380
for weight reduction. Any alignment
requires rotation of the lunar module.
692
00:48:28,380 --> 00:48:31,610
This is mostly used to determine the
landing site and support the rendezvous
693
00:48:31,610 --> 00:48:36,130
maneuvre. It even lacks the software to
perform positioning in translunar space.
694
00:48:36,130 --> 00:48:40,100
As we are moving, our position changes all
the time. But after 2 location fixes, as
695
00:48:40,100 --> 00:48:43,170
long as we're coasting, we are able to
establish our speed and can determine
696
00:48:43,170 --> 00:48:47,010
future positions by dead reckoning. As
position and velocity are known, future
697
00:48:47,010 --> 00:48:50,720
positions can be extrapolated.
Unfortunately the near extrapolation
698
00:48:50,720 --> 00:48:54,450
doesn't work in space as we have
gravitational forces which bend our path.
699
00:48:54,450 --> 00:48:57,090
Thankfully there are two mathematical
models implemented in the Apollo Guidance
700
00:48:57,090 --> 00:49:00,400
Computer: Conic integration based on the
Keplerian orbit model on the left, which
701
00:49:00,400 --> 00:49:04,640
assumes one perfectly round gravitational
body influencing our flight path, and
702
00:49:04,640 --> 00:49:08,060
Encke's integrating method for
perturbation considering multiple bodies
703
00:49:08,060 --> 00:49:12,080
with gravitational imbalances. I think
this helps to understand why we need a
704
00:49:12,080 --> 00:49:15,610
computer on board and can't just fly to
the moon with a hand controller. As we
705
00:49:15,610 --> 00:49:19,020
see, the Apollo spacecraft was perfectly
capable to fly on its own, but in the end
706
00:49:19,020 --> 00:49:22,150
NASA decided that the primary source for
state vector updates shall be Mission
707
00:49:22,150 --> 00:49:25,580
Control in Houston, measured with three
ground stations. Remote programming is
708
00:49:25,580 --> 00:49:28,621
done with the Apollo guidance Computer in
idle, and running program 27. Mission
709
00:49:28,621 --> 00:49:32,590
Control can use its link via s-band to
update the state vector. But there's one
710
00:49:32,590 --> 00:49:36,450
thing Mission Control doesn't know better
than us, and that's attitude. Attitude is
711
00:49:36,450 --> 00:49:39,880
the orientation of the spacecraft in its
three axis. Starting from a known
712
00:49:39,880 --> 00:49:44,041
attitude, we have to ensure that we can
measure any rotation on any axis.
713
00:49:44,041 --> 00:49:48,020
That's what gyros are for. They are one of
the major component of the IMU,
714
00:49:48,020 --> 00:49:51,740
the inertial measurement unit. Three
gyroscopes, one per axis measure any
715
00:49:51,740 --> 00:49:54,810
rotation and provide their data to the
Apollo Guidance Computer to keep track of
716
00:49:54,810 --> 00:49:59,350
the attitude of the spacecraft. Before we
leave Earth orbit, let's quickly discuss
717
00:49:59,350 --> 00:50:02,490
the digital autopilot. It is the single
biggest program in the Apollo Guidance
718
00:50:02,490 --> 00:50:05,690
Computer, with about 10% of all the source
code both in the command and service
719
00:50:05,690 --> 00:50:09,080
module as well as the lunar module. The
implementations for each vehicle are
720
00:50:09,080 --> 00:50:12,140
significantly different though, due to
different flight modes, thruster sets,
721
00:50:12,140 --> 00:50:16,950
and symmetry of vehicle. As there's no
friction in space, the tiniest event would
722
00:50:16,950 --> 00:50:20,580
constantly make the spacecraft rotate. The
digital autopilot of the Apollo Guidance
723
00:50:20,580 --> 00:50:24,150
Computer uses the jets to maintain the
attitude within certain thresholds,
724
00:50:24,150 --> 00:50:28,420
so-called dead bands. The autopilot is
also used in case the astronauts ever need
725
00:50:28,420 --> 00:50:31,970
to use the hand controllers for thrusters.
Basically both the command service module
726
00:50:31,970 --> 00:50:35,400
and the lunar module have fly-by-wire
control. As any thruster could break at
727
00:50:35,400 --> 00:50:39,250
any time, the autopilot is capable of
calculating the ideal burn mode even with
728
00:50:39,250 --> 00:50:42,750
a reduced number of thrusters. It has some
simple algorithms for center of gravity and
729
00:50:42,750 --> 00:50:45,920
weight distribution as well, which are
taken into account when calculating
730
00:50:45,920 --> 00:50:50,360
thruster maneuvers. It can do more than
that, though. Give it a new attitude and
731
00:50:50,360 --> 00:50:54,320
it will calculate the most efficient
transfer vector to reach the new attitude.
732
00:50:54,320 --> 00:50:58,120
In certain flight modes it might be
required to have a stable rotation, be it
733
00:50:58,120 --> 00:51:01,240
for temperature control, monitoring of the
landing site, or other reasons. The
734
00:51:01,240 --> 00:51:05,510
autopilot supports stable constant
rolling, which can be directly activated.
735
00:51:05,510 --> 00:51:08,380
The autopilot does not only control
attitude, it also supports the crew in
736
00:51:08,380 --> 00:51:12,030
performing powered flight maneuvers. It
calculates a potential solution, which
737
00:51:12,030 --> 00:51:15,600
obviously can be overwritten by ground as
usual, but still, after confirmation the
738
00:51:15,600 --> 00:51:18,880
autopilot automatically fires the engines
and keeps a timer for the correct length
739
00:51:18,880 --> 00:51:23,590
of time. It does not measure the results
of the burn though. For powered flight
740
00:51:23,590 --> 00:51:27,220
obviously dead reckoning isn't correct
anymore, so the Apollo Guidance Computer
741
00:51:27,220 --> 00:51:30,960
contains a subroutine called average G,
which takes the input from the IMU,
742
00:51:30,960 --> 00:51:35,500
meaning gyro and accelerometer, to compute
the change to the state vector. Now that
743
00:51:35,500 --> 00:51:38,770
we know how to orient ourselves, and how
to control the spaceship, it's time we fly
744
00:51:38,770 --> 00:51:42,300
to the moon. Usually the translunar
injection happens in the middle of the
745
00:51:42,300 --> 00:51:46,120
second orbit around the earth, so around 2
hours 45 minutes into the flight. This is
746
00:51:46,120 --> 00:51:49,680
still performed by the third stage of the
SaturnV so the Apollo Guidance Computer
747
00:51:49,680 --> 00:51:52,280
once again should only have a passive role
here by monitoring the translunar
748
00:51:52,280 --> 00:51:56,220
injection with the dedicated program P 15.
After separation from the S-IV-B
749
00:51:56,220 --> 00:51:59,350
we are on our way. Since the next
interesting phase is the lunar
750
00:51:59,350 --> 00:52:04,210
landing, let's skip to that one. Once in
lunar orbit, separation between the
751
00:52:04,210 --> 00:52:07,380
command and service module and lunar
module happens four hours and 45 minutes
752
00:52:07,380 --> 00:52:11,450
before landing. On the lunar module,
directly afterwards, rendezvous equipment
753
00:52:11,450 --> 00:52:15,150
like radar, strobe and VHF are tested, as
well as the IMU, which is realigned.
754
00:52:15,150 --> 00:52:18,560
Additionally there's lots of preparation
work on the lunar module. One of the main
755
00:52:18,560 --> 00:52:22,580
tasks is to prepare the abort guidance
system, AGS, which is another, more
756
00:52:22,580 --> 00:52:25,450
simpler computer, that is able to get the
lunar module with the astronauts back into
757
00:52:25,450 --> 00:52:29,600
orbit and safely docked with the CSM in
case of an emergency. Let's get back to
758
00:52:29,600 --> 00:52:33,220
powered descent. The lunar module AGC has
a special program for that one, P 63,
759
00:52:33,220 --> 00:52:37,600
braking phase. The landing radar has
switched on and updates the state vector.
760
00:52:37,600 --> 00:52:40,460
The Apollo Guidance Computer controls the
burn to reach the correct corridor towards
761
00:52:40,460 --> 00:52:44,510
the surface with a minimal amount of fuel.
This is fully automatic, the astronauts
762
00:52:44,510 --> 00:52:47,910
just sit along for the ride. The lunar
module is oriented with its descent engine
763
00:52:47,910 --> 00:52:52,040
towards the moon, visibility for the
astronauts is close to zero. The second
764
00:52:52,040 --> 00:52:55,920
program, P 64, starts automatically at
around 8,000 feet. Lunar module is pitched
765
00:52:55,920 --> 00:52:58,900
so that the astronauts can actually see
the ground and the lunar module commander
766
00:52:58,900 --> 00:53:01,650
is getting a better understanding of the
landing site and can search for a suitable
767
00:53:01,650 --> 00:53:06,570
spot. The third program, P 68, keeps the
lunar module in a stable attitude above
768
00:53:06,570 --> 00:53:10,740
the surface and the commander manually
adjusts the height in one feet per second
769
00:53:10,740 --> 00:53:13,870
increments, to slowly descend to the
surface. Ideally at that point, the
770
00:53:13,870 --> 00:53:17,310
horizontal movement of the lunar module
should be zero. After touchdown the crew
771
00:53:17,310 --> 00:53:21,480
manually activates program 68, which
confirms to the Apollo guidance computer
772
00:53:21,480 --> 00:53:24,790
that yes, we have indeed landed, and
ensures that the engine is switched off,
773
00:53:24,790 --> 00:53:28,350
terminates the average G routine, and sets
the autopilot in a very forgiving setting,
774
00:53:28,350 --> 00:53:32,460
to avoid any corrections when it measures
the rotation of the moon. The autopilot is
775
00:53:32,460 --> 00:53:35,700
not completely switched off though, as the
astronaut might need it in case of an
776
00:53:35,700 --> 00:53:39,340
emergency ascent. Well we are on the moon,
we do the usual stuff, small step for man,
777
00:53:39,340 --> 00:53:42,940
jump around plant the flag, and we then
skip directly to the interesting bits
778
00:53:42,940 --> 00:53:46,950
which is liftoff and rendezvous. The
rendezvous technique was developed in the
779
00:53:46,950 --> 00:53:50,950
Gemini project. Here you can see the Agena
rendezvous target in Earth orbit. It
780
00:53:50,950 --> 00:53:54,030
follows the principle of an active
vehicle, in this case the lunar module,
781
00:53:54,030 --> 00:53:56,870
which follows the command and service
module and approaches it from below at
782
00:53:56,870 --> 00:54:00,980
slightly faster orbit. There were actually
two different ways for rendezvous. A more
783
00:54:00,980 --> 00:54:04,320
conservative method called Coelliptic
rendezvous which required one and a half
784
00:54:04,320 --> 00:54:07,470
orbits for the lunar module to reach the
command and service module, but gave ample
785
00:54:07,470 --> 00:54:11,610
opportunity for monitoring progress, mid-
course corrections, and orbit scenarios.
786
00:54:11,610 --> 00:54:14,660
And a more risky direct rendezvous method
which directly aimed the lunar module
787
00:54:14,660 --> 00:54:18,780
towards the command and service module,
taking less than one orbit until docking.
788
00:54:18,780 --> 00:54:22,430
This one was used starting from the Apollo
14 mission, as Mission Control had more
789
00:54:22,430 --> 00:54:28,140
experience and aimed for the shorter, less
fuel intensive method. Preparation had to
790
00:54:28,140 --> 00:54:32,290
start two hours before liftoff. We have to
align the IMU and we visually monitor the
791
00:54:32,290 --> 00:54:35,720
orbit of the CSM and calculate the
rendezvous data. The Apollo Guidance
792
00:54:35,720 --> 00:54:40,350
Computer has program 22, CSM tracking, for
this purpose. At liftoff minus one hour,
793
00:54:40,350 --> 00:54:44,130
we start program 12, powered ascent, and
feed it with the necessary data, liftoff
794
00:54:44,130 --> 00:54:48,640
time and velocity target. The Apollo
Guidance Computer performs the countdown,
795
00:54:48,640 --> 00:54:52,140
and ask for confirmation, we proceed and
we have liftoff.
796
00:54:52,140 --> 00:54:55,200
The trip into orbit takes only seven and a
half minutes but depending on which method
797
00:54:55,200 --> 00:54:58,300
for reaching the target orbit was used, it
takes us either one and a half, or three
798
00:54:58,300 --> 00:55:01,710
and a half hours to come up behind the
command and service module. During that
799
00:55:01,710 --> 00:55:04,810
time, program 20 is running all the time,
measuring the state vector of the other
800
00:55:04,810 --> 00:55:08,270
vehicle, the command and service module,
via various peripherals like rendezvous
801
00:55:08,270 --> 00:55:12,370
radar, VHF antenna, and the optic system
for visual alignment. It calculates the
802
00:55:12,370 --> 00:55:15,530
necessary corridor and respective
maneuvers required to get the lunar module
803
00:55:15,530 --> 00:55:18,800
into an interception course. Multiple
other programs run in parallel to perform
804
00:55:18,800 --> 00:55:22,920
the necessary mid-course burn maneuvers.
On the commander of service module, the
805
00:55:22,920 --> 00:55:25,730
pilot is actively tracking the lunar
module the whole way up to orbit. The
806
00:55:25,730 --> 00:55:28,580
command and service module's computer is
calculating the state vector of the lunar
807
00:55:28,580 --> 00:55:31,850
module, to take over the role of the
active vehicle, in case anything goes
808
00:55:31,850 --> 00:55:35,290
wrong. The approach of the lunar module
stops at 50 meter distance, at which point
809
00:55:35,290 --> 00:55:39,050
it rotates to point its docking target on
top towards the command and service
810
00:55:39,050 --> 00:55:42,700
module. At that point in time the command
service module takes over the active role
811
00:55:42,700 --> 00:55:46,590
and activates program 79, final
rendezvous, which slows down the command
812
00:55:46,590 --> 00:55:50,240
and service module to close the distance
until docking. Seconds before contact, the
813
00:55:50,240 --> 00:55:54,620
autopilot on both spacecraft is switched
off to avoid both trying to correct the
814
00:55:54,620 --> 00:55:58,740
attitude of the combined spacecraft. So
far so good, time to go home with the
815
00:55:58,740 --> 00:56:02,310
trans-earth injection. We feed the Apollo
guidance computer with Earth orbit
816
00:56:02,310 --> 00:56:05,910
parameters and let it calculate the burn
which is then activated and controlled.
817
00:56:05,910 --> 00:56:09,080
Any kind of potential mid-course
corrections are performed the exact same
818
00:56:09,080 --> 00:56:14,210
way. Once in orbit around Earth, re-entry
parameters are calculated on ground and
819
00:56:14,210 --> 00:56:17,260
transferred to the Apollo guidance
computer via a S-band uplink. The first
820
00:56:17,260 --> 00:56:21,720
entry program, P 61, entry preparation,
starts at entry minus 25 minutes. Various
821
00:56:21,720 --> 00:56:25,280
landing parameters are requested, like
latitude and longitude of the splash zone,
822
00:56:25,280 --> 00:56:28,631
as well as the velocity and angles to
enter the atmosphere. Entering and
823
00:56:28,631 --> 00:56:31,940
confirming these values completes program
61, and starts program 62, which basically
824
00:56:31,940 --> 00:56:35,850
asks the astronaut to perform a checklist
for manual command module - service module
825
00:56:35,850 --> 00:56:39,420
- separation, which is not controlled by
the Apollo guidance computer. After that
826
00:56:39,420 --> 00:56:42,750
has been performed it switches
automatically to program 63, entry
827
00:56:42,750 --> 00:56:47,630
initialization. At that point, the
autopilot is taking care of thruster
828
00:56:47,630 --> 00:56:51,250
control to break the command module out of
its orbit into Earth's atmosphere. The
829
00:56:51,250 --> 00:56:57,030
main program for re-entry is program 64,
entry, which starts automatically. Program
830
00:56:57,030 --> 00:57:00,490
64 monitors the trajectory, and splashdown
location, and determines the best entry
831
00:57:00,490 --> 00:57:04,570
solution and potential velocity reduction
by invoking two specific programs, either
832
00:57:04,570 --> 00:57:08,630
P 65, entry up control, which basically
makes the current module surf on the
833
00:57:08,630 --> 00:57:13,250
atmosphere to reduce speed and extend the
range, or program 66, entry ballistic,
834
00:57:13,250 --> 00:57:16,411
throwing us through the atmosphere like a
cannonball. The right mixture of the two
835
00:57:16,411 --> 00:57:22,020
is decided by program 64. The last
program, program 67, final phase, performs
836
00:57:22,020 --> 00:57:25,190
the final maneuvers to the splash down.
The following steps, like parachute
837
00:57:25,190 --> 00:57:28,790
deployment and so on, are not done by the
Apollo guidance computer but by the ELSC,
838
00:57:28,790 --> 00:57:32,200
the Earth Landing Sequence Controller. The
drop of the Apollo guidance computer is
839
00:57:32,200 --> 00:57:36,721
done before deploying the parachutes. So
this was a beautiful nominal mission, what
840
00:57:36,721 --> 00:57:42,320
can go wrong? Well let's start with Apollo
11, which had a 12 02 program alarm during
841
00:57:42,320 --> 00:57:46,380
powered descent. Normally programs during
powered descent use about 85% of the
842
00:57:46,380 --> 00:57:49,950
processing power of the computer, but due
to an incorrect power supply design, the
843
00:57:49,950 --> 00:57:53,100
rendezvous... of the rendezvous radar
generated an additional twelve thousand
844
00:57:53,100 --> 00:57:57,080
eight hundred involuntary instructions per
seconds, ironically amounting to the exact
845
00:57:57,080 --> 00:58:01,210
additional 15 percent load.
Due to the co-operative multitasking, a
846
00:58:01,210 --> 00:58:07,700
queue of jobs build up, which resulted in
executive overflow and the 12 02 alarm.
847
00:58:07,700 --> 00:58:11,180
The operating system automatically
performed a program abort, all jobs were
848
00:58:11,180 --> 00:58:14,860
cancelled and restarted. All of this took
just a few seconds, and landing could
849
00:58:14,860 --> 00:58:20,090
commence. Next, Apollo 13. They had an
explosion of the oxygen tank in the
850
00:58:20,090 --> 00:58:25,120
service module at 55 hours 54 minutes 53
seconds and it will ... yep, correct,
851
00:58:25,120 --> 00:58:29,230
320,000 kilometers from Earth. Fortunately
they could make use of the free return
852
00:58:29,230 --> 00:58:32,402
trajectory to get the astronauts back to
earth but they had to move to the lunar
853
00:58:32,402 --> 00:58:35,750
module to survive, as the command and
service module was completely shut down,
854
00:58:35,750 --> 00:58:39,030
including its Apollo Guidance Computer.
The IMU settings needed to be transferred
855
00:58:39,030 --> 00:58:42,200
to the lunar module system first, adapted
to the different orientations of the
856
00:58:42,200 --> 00:58:45,790
spacecraft. The manual burns and the mid-
course corrections were actually done with
857
00:58:45,790 --> 00:58:48,630
the abort guidance system on the lunar
module, due to power constraints with the
858
00:58:48,630 --> 00:58:52,170
Apollo Guidance Computer. Successful
reboot of the command and service module
859
00:58:52,170 --> 00:58:57,650
computer was luckily done hours before re-
entry. And last but not least, Apollo 14,
860
00:58:57,650 --> 00:59:00,630
which had a floating solder ball in the
abort button, which might lead to an
861
00:59:00,630 --> 00:59:03,450
unwanted activation of abort, therefore
putting the lunar module back into orbit.
862
00:59:03,450 --> 00:59:06,810
This was solved within hours, by
reprogramming the Apollo Guidance
863
00:59:06,810 --> 00:59:10,010
Computer, to spoof the execution of a
different program, which was not listening
864
00:59:10,010 --> 00:59:13,290
to the abort button during the powered
descend. Real abort activation though
865
00:59:13,290 --> 00:59:18,830
would have to be manually activated via
the DSKY. So this was an overview and how
866
00:59:18,830 --> 00:59:23,270
the mission software was used on a flight
to the moon and back.
867
00:59:23,270 --> 00:59:32,350
applause
868
00:59:32,350 --> 00:59:36,440
M: Now you probably want to run your own
code on a real Apollo Guidance Computer,
869
00:59:36,440 --> 00:59:41,100
so you need to know where to find one.
42 computers were built total.
870
00:59:41,100 --> 00:59:46,410
Seven lunar module computers crashed onto
the moon. Three lunar module AGC's burned
871
00:59:46,410 --> 00:59:50,470
up in the Earth's atmosphere, 11 command
module computers returned.
872
00:59:50,470 --> 00:59:55,520
They're all presumably parts of museum
exhibits. And 21 machines were not flown.
873
00:59:55,520 --> 00:59:59,180
Little is known about those. One is on
display at the Computer History Museum
874
00:59:59,180 --> 01:00:02,240
in Mountain View, California, but it is
missing some components.
875
01:00:02,240 --> 01:00:07,290
Luckily several emulation solutions are
publicly available, as well as a tool chain.
876
01:00:07,290 --> 01:00:11,740
And the complete mission source, originally
the size of a medium-sized suitcase,
877
01:00:11,740 --> 01:00:17,080
is available on github.
laughter
878
01:00:17,080 --> 01:00:25,700
applause
879
01:00:25,700 --> 01:00:29,430
It takes a village to create a presentation.
We would like to thank everyone who
880
01:00:29,430 --> 01:00:32,990
helped and supported us. This includes
the indirect contributors, who wrote
881
01:00:32,990 --> 01:00:35,940
the books, the original documentation,
the websites, and the software.
882
01:00:35,940 --> 01:00:39,560
Thank you very much for your attention.
C: Thank you.
883
01:00:39,580 --> 01:00:53,020
applause and cheering
884
01:00:53,020 --> 01:00:58,080
Herald: Wow that was a densely packed talk.
laughter
885
01:00:58,080 --> 01:01:06,260
Thanks Michael, and thanks Christian, for
this amazing information overload.
886
01:01:06,260 --> 01:01:11,410
Please give a warm hand of applause,
because we can't have a Q&A, unfortunately.
887
01:01:11,410 --> 01:01:20,108
applause
888
01:01:20,108 --> 01:01:35,448
postroll music
889
01:01:35,448 --> 01:01:41,301
subtitles created by c3subtitles.de
in the year 2018