1 00:00:00,000 --> 00:00:14,610 *34C3 preroll music* 2 00:00:14,610 --> 00:00:21,220 Herald: The following talk is about a very relevant piece of technological legacy of 3 00:00:21,220 --> 00:00:27,990 our human race. The first piece of computer that landed on our moon and 4 00:00:27,990 --> 00:00:33,619 actually it became a metric. People started to compare other architectures, 5 00:00:33,619 --> 00:00:40,610 other computers in volumes of multiples of processing speed of this computer. It's 6 00:00:40,610 --> 00:00:46,100 rocket science, but it's even harder: it's computer rocket science. So I'm very happy 7 00:00:46,100 --> 00:00:50,920 to have Christian Hessmann, or Hessie, on stage who is actually a rocket scientist. 8 00:00:50,920 --> 00:00:52,799 And for the ... *laughter* 9 00:00:52,799 --> 00:00:58,249 ... for the computer part we have Michael Steil who is the founder of the Xbox Linux 10 00:00:58,249 --> 00:01:02,670 project and has gathered with this project and many others lots and lots of 11 00:01:02,670 --> 00:01:06,520 experience around architectures of computers. So please give a warm round of 12 00:01:06,520 --> 00:01:09,550 applause for the Ultimate Apollo Guidance talk! 13 00:01:09,550 --> 00:01:18,060 *applause* 14 00:01:18,060 --> 00:01:22,659 Michael Steil: Welcome! Is this on? Can you all hear me? Yes. 15 00:01:22,659 --> 00:01:27,140 Welcome to the Ultimate Apollo Guidance Computer Talk, a.k.a. a comprehensive 16 00:01:27,140 --> 00:01:32,359 introduction into computer architecture. And operating systems. And spaceflight. 17 00:01:32,359 --> 00:01:34,159 *laughter* 18 00:01:34,159 --> 00:01:37,590 My name is Michael Steil ... Christian: ... and I'm Christian Hessmann. 19 00:01:37,590 --> 00:01:42,100 Michael: This talk is number six in a series by various people. The idea is to explain as 20 00:01:42,100 --> 00:01:46,490 much as possible about a classic computer system in 60 minutes. The Apollo Guidance 21 00:01:46,490 --> 00:01:50,860 Computer AGC is a digital computer that was designed from scratch specifically for 22 00:01:50,860 --> 00:01:54,580 use on board of the Apollo spacecraft to support the Apollo moon landings between 23 00:01:54,580 --> 00:02:01,919 1969 and 1972. Developed at MIT between 1961 and 1966 a total of 42 AGCs were 24 00:02:01,919 --> 00:02:06,650 built at a cost of about $200,000 each. The base clock is about one megahertz, 25 00:02:06,650 --> 00:02:11,289 all data is 15 bits, and there are two kilowords of RAM and 36 kiloword ROM, 26 00:02:11,289 --> 00:02:16,480 words of ROM. It's about the size of a large suitcase, weighs 32 kilograms and 27 00:02:16,480 --> 00:02:22,130 consumes about 55 watts. Its user interface is a numeric display and keyboard. 28 00:02:22,130 --> 00:02:27,080 Some historical context: In the mid 1960s you couldn't just take 29 00:02:27,080 --> 00:02:29,580 an off-the-shelf computer and put it into a spacecraft. 30 00:02:29,580 --> 00:02:31,771 The first mini computers were the size of a small fridge - 31 00:02:31,771 --> 00:02:36,320 too heavy, to power-hungry and too slow for real-time scientific calculations, 32 00:02:36,320 --> 00:02:40,040 even though the industry had come a long way since the previous decade. 33 00:02:40,040 --> 00:02:43,110 Already 10 years later though, microcomputers with highly 34 00:02:43,110 --> 00:02:46,820 integrated circuits started outclassing the AGC Hardware in many regards. 35 00:02:46,820 --> 00:02:49,960 There are many reasons that make the AGC especially interesting: 36 00:02:51,420 --> 00:02:55,630 The architecture is very 60s and feels very alien to us today, 37 00:02:55,630 --> 00:02:58,060 the hardware is very innovative for its time. 38 00:02:58,060 --> 00:03:01,560 It has some very interesting and unusual peripherals. 39 00:03:01,560 --> 00:03:04,770 Its operating system was revolutionary for its time and 40 00:03:04,770 --> 00:03:07,880 the mission software has all the bits to - with the right hardware attached - 41 00:03:07,880 --> 00:03:09,390 fly you to the moon. 42 00:03:10,710 --> 00:03:13,360 C: In the Apollo program, the Apollo guidance computer was used 43 00:03:13,360 --> 00:03:16,700 in two unmanned test missions, where it was remote control from the ground, 44 00:03:16,700 --> 00:03:21,060 and three manned test missions, and in the seven manned landing missions. 45 00:03:21,060 --> 00:03:24,500 Astronauts hated the idea of giving up any control to a computer, 46 00:03:24,500 --> 00:03:27,120 they wanted to be in charge. And while as a fallback, 47 00:03:27,120 --> 00:03:29,170 most of the mission could also be flown manually, 48 00:03:29,170 --> 00:03:30,910 the mission planners got their way. 49 00:03:30,910 --> 00:03:33,420 To understand the purpose and the responsibilities of the 50 00:03:33,420 --> 00:03:36,070 Apollo Guidance Computer, we need to first look at the Apollo mission. 51 00:03:36,070 --> 00:03:38,980 The core strategy of the Apollo program was, instead of landing 52 00:03:38,980 --> 00:03:42,390 the complete spacecraft on the moon, for which an extremely large rocket 53 00:03:42,390 --> 00:03:45,240 would have been required, to only land a much smaller lander 54 00:03:45,240 --> 00:03:48,750 while the larger part with the fuel for the way back stays in orbit. 55 00:03:48,750 --> 00:03:51,870 So the Apollo spacecraft can be separated into the lunar module, 56 00:03:51,870 --> 00:03:56,330 the command module and the service module. The Saturn 5 rocket launches it and 57 00:03:56,330 --> 00:03:59,140 three astronauts from Cape Kennedy into Earth orbit. 58 00:03:59,140 --> 00:04:02,970 By accelerating at the right time the translunar injection moves the spacecraft 59 00:04:02,970 --> 00:04:06,750 into a so-called free return orbit, but just coasting it would travel 60 00:04:06,750 --> 00:04:09,050 around the moon and back to earth. 61 00:04:09,050 --> 00:04:11,950 Right at the beginning of this three-day journey the command and service module 62 00:04:11,950 --> 00:04:17,190 extracts the lunar module and docks with it. By braking on the far side of the moon the 63 00:04:17,190 --> 00:04:22,350 spacecraft enters a lunar orbit. After two of the astronauts have climbed into the 64 00:04:22,350 --> 00:04:26,590 lunar module, and after undocking, the lunar module breaks - this is called 65 00:04:26,590 --> 00:04:32,850 powered descent - and lands. 66 00:04:32,850 --> 00:04:36,240 *Applause* 67 00:04:36,240 --> 00:04:40,020 After taking off again, the lunar module rendezvous with the command and service 68 00:04:40,020 --> 00:04:43,220 module and the two astronauts from the lunar module climb into the command module 69 00:04:43,220 --> 00:04:47,240 and the lunar module is jettisoned. The remaining command and service module 70 00:04:47,240 --> 00:04:50,520 accelerates at the far side of the Moon for trajectory towards Earth. 71 00:04:50,520 --> 00:04:55,010 For entry, only the command module remains. By the way, these excellent visualizations 72 00:04:55,010 --> 00:04:58,140 are from Jared Owen's "How the Apollo spacecraft works" videos, 73 00:04:58,140 --> 00:05:00,971 which we can highly recommend. 74 00:05:00,971 --> 00:05:03,530 The command and service module and the lunar module each contained 75 00:05:03,530 --> 00:05:07,190 one a AGC. It was the same hardware, but attached to partially different 76 00:05:07,190 --> 00:05:11,040 I/O devices, and with the software adapted for the specific spacecraft. 77 00:05:11,040 --> 00:05:15,250 The astronauts interact with them through the display and keyboard units, which are 78 00:05:15,250 --> 00:05:18,870 mounted alongside these hundreds of switches. 79 00:05:18,870 --> 00:05:22,590 The computer's responsibilities during the mission are to track 80 00:05:22,590 --> 00:05:26,200 the position and speed, the so called state vector of both spacecraft, 81 00:05:26,200 --> 00:05:30,450 stabilize the spacecraft's attitude, calculate the control engine burns and 82 00:05:30,450 --> 00:05:34,730 monitor or control the Saturn V during launch. 83 00:05:36,810 --> 00:05:40,280 M: In order to understand how the Apollo guidance computer does all this, 84 00:05:40,280 --> 00:05:43,900 we'll look at its architecture, the hardware implementation, some of its 85 00:05:43,900 --> 00:05:47,520 interesting peripherals, the system software as well as ... 86 00:05:47,520 --> 00:05:50,340 the system software as well as the mission software. 87 00:05:50,340 --> 00:05:55,290 The architecture of the AGC can be described as a Von Neumann 88 00:05:55,290 --> 00:05:59,370 accumulator machine with 15 bit one's complement big-endian arithmetic. 89 00:05:59,370 --> 00:06:03,200 So we'll talk about the instruction set, the arithmetic model and instruction encoding 90 00:06:03,200 --> 00:06:06,690 as well as the memory model, I/O operations and counters, and finally the 91 00:06:06,690 --> 00:06:11,741 interrupt model. Machine code instruction sets vary widely. The instruction set of a 92 00:06:11,741 --> 00:06:14,300 modern ARM processor, which is mainly optimized for runtime performance 93 00:06:14,300 --> 00:06:18,730 consists of about 400 instructions. Subleq is a language mostly of academic interest, 94 00:06:18,730 --> 00:06:22,010 that shows that a single instruction can be enough to solve the same problems as 95 00:06:22,010 --> 00:06:25,990 all other turing-complete languages. While a more complex constructions, that can 96 00:06:25,990 --> 00:06:30,740 achieve higher code density and contribute to higher performance, it also generally 97 00:06:30,740 --> 00:06:34,600 means that the CPU will be drastically more complex. A computer from the early 98 00:06:34,600 --> 00:06:38,250 1960s consisted of only a few thousand transistors as opposed to today's 99 00:06:38,250 --> 00:06:42,970 billions, which is why this is the sweet spot for the AGC. 36 instructions provided 100 00:06:42,970 --> 00:06:46,790 just about the performance that was required for the mission. These are the 36 101 00:06:46,790 --> 00:06:50,770 instructions: some load and store instructions, arithmetic and logic, 102 00:06:50,770 --> 00:06:56,120 control flow instructions, I/O instructions and instructions for dealing with interrupts. 103 00:06:56,120 --> 00:06:59,931 The memory model is the cornerstone of the instruction set. Memory consists of 104 00:06:59,931 --> 00:07:04,991 4096 cells, numbered in hexadecimal 000 through FFF. Each cell contains a 105 00:07:04,991 --> 00:07:10,710 15 bit word, numbered between 0 and 7FFF. Almost all changes in data - 106 00:07:10,710 --> 00:07:15,960 in memory go through a 15 bit accumulator, also called the A register. A program can 107 00:07:15,960 --> 00:07:19,080 copy words between the accumulator and a memory cell, but also add, subtract, 108 00:07:19,080 --> 00:07:23,340 multiply and divide values, as they are moved around. The data in memory can have 109 00:07:23,340 --> 00:07:26,690 many meanings, depending on how it is interpreted. These values may represent 110 00:07:26,690 --> 00:07:29,740 integers, while those three words are meant to be decoded as machine code 111 00:07:29,740 --> 00:07:33,090 instructions. Code and data in a single address space make the AGC a so-called Von 112 00:07:33,090 --> 00:07:38,140 Neumann machine. The CPU's program counter PC always holds the address of the 113 00:07:38,140 --> 00:07:42,310 instruction to be executed next. The 'load' instruction copies the contents of 114 00:07:42,310 --> 00:07:46,200 a given memory cell into the accumulator. The PC goes on to the next instruction. 115 00:07:46,200 --> 00:07:50,220 The 'add' instruction adds contents of a given memory cell to the accumulator, and 116 00:07:50,220 --> 00:07:53,159 the 'store' instruction copies the value in the accumulator into memory at a given 117 00:07:53,159 --> 00:07:57,830 location. The generalized version of these instructions we just saw, use K as a 118 00:07:57,830 --> 00:08:02,729 placeholder for a memory address as an argument. These are cards that are quick 119 00:08:02,729 --> 00:08:08,120 reference of instructions. This is the generic syntax of the instruction, a short 120 00:08:08,120 --> 00:08:11,460 description, the exact operations in pseudocode - this one takes a memory 121 00:08:11,460 --> 00:08:15,190 address k and adds it to a, the accumulator - the encoding of the 122 00:08:15,190 --> 00:08:19,639 instruction in memory, and the number of clock cycles. The original syntax is the 123 00:08:19,639 --> 00:08:22,949 name the original designers gave to the instruction. For this talk I have chosen a 124 00:08:22,949 --> 00:08:27,400 more modern syntax, here on the right, which makes it much more easier, much 125 00:08:27,400 --> 00:08:30,990 easier to describe the CPU both to people with and without a background in machine 126 00:08:30,990 --> 00:08:34,719 programming. Let's have a look at the instruction set in detail. Here's an 127 00:08:34,719 --> 00:08:39,039 example of the load instruction. Load a comma indirect two zero zero. On the left 128 00:08:39,039 --> 00:08:42,818 you see the set of registers of the AGC. Most operations work with the accumulator, 129 00:08:42,818 --> 00:08:47,069 so we will be ignoring the other registers for now. While executing this instruction, 130 00:08:47,069 --> 00:08:50,779 the CPU looks at memory at location two zero zero, reads its contents and copies 131 00:08:50,779 --> 00:08:55,670 it into the accumulator. This is the store instruction "store", a load indirect two 132 00:08:55,670 --> 00:08:59,009 zero zero comma A. Like with all instructions the first argument is the 133 00:08:59,009 --> 00:09:03,041 destination - memory - the second one the source - the accumulator. It looks up 134 00:09:03,041 --> 00:09:06,490 address two zero zero in memory and copies the contents of the accumulator to that 135 00:09:06,490 --> 00:09:10,110 cell. There's also an exchange instruction which can atomically swap the 136 00:09:10,110 --> 00:09:14,870 contents of the accumulator and a memory cell. The 'add' instruction will look up 137 00:09:14,870 --> 00:09:18,329 the contents of a given memory address and add it to the contents of the accumulator 138 00:09:18,329 --> 00:09:23,049 and store the result back into the accumulator. And there's a 'subtract' 139 00:09:23,049 --> 00:09:26,589 instruction. It takes the contents of memory dest and subtracts it from the 140 00:09:26,589 --> 00:09:30,720 content of the accumulator and stores the result back into the accumulator. 141 00:09:30,720 --> 00:09:34,139 The result of every subtraction can be negative, so we need to talk about how 142 00:09:34,139 --> 00:09:39,290 negative numbers are expressed on the AGC. Let's look at just 4 bit numbers. 143 00:09:39,290 --> 00:09:44,860 4-bit unsigned integers can express values from 0 to 15 with sign and value encoding 144 00:09:44,860 --> 00:09:48,410 the uppermost bit corresponds to the sign, and the remaining 3 bits represent the 145 00:09:48,410 --> 00:09:52,869 absolute value. Consequently, there are separate values for plus 0 and minus 0. 146 00:09:52,869 --> 00:09:55,589 This encoding is hard to work with, since the 0 transitions need to be special 147 00:09:55,589 --> 00:09:59,430 cased. One's Complement encoding has the order of the negative numbers reversed. 148 00:09:59,430 --> 00:10:03,709 The 0 transitions are simpler now, but there's still two representations of 0. 149 00:10:03,709 --> 00:10:07,389 Modern Two's Complement encoding only has a single encoding for 0, and it's fully 150 00:10:07,389 --> 00:10:12,180 backwards compatible with unsigned addition and subtraction. In the 1960s, 151 00:10:12,180 --> 00:10:15,670 computers designed for scientific calculations are usually One's Complement 152 00:10:15,670 --> 00:10:21,039 and so is the AGC. Unsigned four bit numbers can express values from 0 to 15. 153 00:10:21,039 --> 00:10:25,779 In One's Complement the values 0 through 7 match the unsigned values 0 through 7, and 154 00:10:25,779 --> 00:10:30,320 the negative size side is organized like this: Unlike Two's Complement, the two 155 00:10:30,320 --> 00:10:33,589 sides are perfectly symmetrical, so negating a number is as easy as 156 00:10:33,589 --> 00:10:40,200 complementing it, that is, flipping all the bits. So the two representations of 0 157 00:10:40,200 --> 00:10:45,830 are plus 0, with all 0 bits, and minus 0, with all 1 bits. Addition in the positive 158 00:10:45,830 --> 00:10:50,179 space is equivalent to the unsigned version, same in the negative space when 159 00:10:50,179 --> 00:10:54,449 mapping signed negative numbers to their unsigned counterparts. It gets interesting 160 00:10:54,449 --> 00:11:01,509 when we have a 0 transition. Signed 6 - 4 is 6 + (-4) which is unsigned 6 + 11, 161 00:11:01,509 --> 00:11:07,970 which in modulus 16 is 1. We have a carry. In One's Complement, a carry needs to be 162 00:11:07,970 --> 00:11:11,319 added to the end result, so we get two, which is correct. The trick to jump over 163 00:11:11,319 --> 00:11:14,169 the duplicate 0 on a zero-transition by adding the carries is called 164 00:11:14,169 --> 00:11:16,329 the 'end-around-carry'. 165 00:11:16,329 --> 00:11:20,050 An overflow means that the signed result does not fit into the number space. 166 00:11:20,050 --> 00:11:24,630 Signed 7 + 1 would result in signed -7, which is incorrect. The same happens 167 00:11:24,630 --> 00:11:28,421 when overshooting negative numbers. After applying the end-around carry, the result 168 00:11:28,421 --> 00:11:33,190 of signed 7 here is incorrect. The CPU detects this and flags the result, the 169 00:11:33,190 --> 00:11:37,429 accumulator has an extra bit to record the information about an overflow, we call it V. 170 00:11:37,429 --> 00:11:44,939 So if we have code that reads the value of 7FFF from memory and adds 1, the result 171 00:11:44,939 --> 00:11:49,139 is 0 and an overflow is detected, so the accumulator is flagged. The store 172 00:11:49,139 --> 00:11:52,580 instruction in addition to writing A to memory, does extra work if there's an 173 00:11:52,580 --> 00:11:57,880 overflow condition: it clears the overflow condition, writes plus 1 or minus 1 into A, 174 00:11:57,880 --> 00:12:01,970 depending on whether it's a positive or a negative overflow, and skips the next 175 00:12:01,970 --> 00:12:05,790 instruction. This way the program can detect the overflow and use the plus 1 or 176 00:12:05,790 --> 00:12:10,670 minus 1 to apply the signed carry to a higher-order word. By storing A to memory, 177 00:12:10,670 --> 00:12:15,459 we now have a double-word result. In one's complement negating a number is as easy 178 00:12:15,459 --> 00:12:19,069 as flipping every bit in a word so there's a dedicatet instruction for loading and 179 00:12:19,069 --> 00:12:22,160 negating a value. ldc, which stands for 'load complement', reads a word from 180 00:12:22,160 --> 00:12:27,610 memory, negates it by inverting all the bits and writes it into the accumulator. 181 00:12:27,610 --> 00:12:31,730 Incrementing, that is adding 1 to a word, is such a common operation that there's a 182 00:12:31,730 --> 00:12:35,509 dedicated instruction that increments a word in memory in place. There is no 183 00:12:35,509 --> 00:12:38,879 corresponding decrement instruction. Instead, there are two similar instructions: 184 00:12:38,879 --> 00:12:43,140 augment and diminish. The increment instruction adds one to the original value, 185 00:12:43,140 --> 00:12:46,410 the augment instruction adds one to all positive values and 186 00:12:46,410 --> 00:12:51,019 subtracts 1 from all negative values. Effectively increments the absolute value 187 00:12:51,019 --> 00:12:54,819 retaining the sign. The diminish instruction decrements positive values and 188 00:12:54,819 --> 00:13:00,360 increments negative values. Optimized for scientific calculations, the CPU has 189 00:13:00,360 --> 00:13:04,420 dedicated multiplication circuitry. The model instruction reads a word from memory 190 00:13:04,420 --> 00:13:09,019 and multiplies it with the accumulator. When you multiply two signed 15 bit words, 191 00:13:09,019 --> 00:13:13,139 you need up to 29 bits, that is two words, for the result. The complete result will 192 00:13:13,139 --> 00:13:17,149 be written into two registers, the upper half into A and the lower half into B. 193 00:13:17,149 --> 00:13:21,420 B is a separate 15 bit register which is mostly used together with the accumulator 194 00:13:21,420 --> 00:13:26,540 with instructions that deal with 30 bit data. Double word values are expressed 195 00:13:26,540 --> 00:13:29,709 with the uppermost bits in A, or, if in memory, at lower addresses, and the lower 196 00:13:29,709 --> 00:13:34,299 bits in B, or at higher addresses, making the AGC a big endian machine. Assuming the 197 00:13:34,299 --> 00:13:38,290 normalized form, with matching signs, the effective value is the concatenation of 198 00:13:38,290 --> 00:13:42,290 the two times 14 bits of the values. 199 00:13:42,290 --> 00:13:45,990 Division also works with double words. It takes the combination of 200 00:13:45,990 --> 00:13:49,540 the A and B registers as the dividend and a word from memory as the divisor. 201 00:13:49,540 --> 00:13:52,659 There are also two results: the result and the remainder. 202 00:13:52,659 --> 00:13:55,230 The result is written into A and the remainder in to B. 203 00:13:55,230 --> 00:13:59,590 Some other instructions also allow using A and B as a double word register. 204 00:13:59,590 --> 00:14:02,959 Load a b comma indirect two zero zero looks up addresse two zero zero in 205 00:14:02,959 --> 00:14:06,439 memory and reads the words at this and the next cell into A and B. 206 00:14:06,439 --> 00:14:09,899 The load complement variant does the same but inverts all bits during the load. 207 00:14:09,899 --> 00:14:12,749 There is no instruction to store A and B in a single step, 208 00:14:12,749 --> 00:14:16,149 but there is a double word exchange instruction. And finally there's 209 00:14:16,149 --> 00:14:21,079 an add instruction that works in double words. And to load and store just the B 210 00:14:21,079 --> 00:14:26,459 register there's an exchange instruction for that. For working with tables there's 211 00:14:26,459 --> 00:14:29,730 the indexed addressing mode. Any instruction that takes an address as an 212 00:14:29,730 --> 00:14:35,610 argument can use it. This example 'load A comma indirect 7 0 0 plus indirect 8 0' 213 00:14:35,610 --> 00:14:42,519 first looks up address 0 8 0, adds it to the base of 7 0 0, which results in 7 0 2, 214 00:14:42,519 --> 00:14:47,069 reads from that address and writes the result into A. What does this mean? 215 00:14:47,069 --> 00:14:51,399 There's a table in memory at 7 0 0. In the example, it contains multiples of 3, and 216 00:14:51,399 --> 00:14:56,309 an index to that table is stored in memory at 0 8 0, which in the example is 2. 217 00:14:56,309 --> 00:15:00,529 So we read the entry at index 2 of the table, which is 6. 218 00:15:00,529 --> 00:15:03,799 Without a base address, we get the syntax in this example: 219 00:15:03,799 --> 00:15:08,319 load A comma double indirect 8 0. The base is effectively zero in this case. 220 00:15:08,319 --> 00:15:13,490 The CPU will look up the value at 0 8 0 in memory, add it to the base of 0, 221 00:15:13,490 --> 00:15:16,989 so the value is still the same. And read from that address. 222 00:15:16,989 --> 00:15:21,480 In this case, memory at 0 8 0 effectively stores what C programmers know 223 00:15:21,480 --> 00:15:25,200 as a pointer, and 3A0 is the pointer's different destination. 224 00:15:25,200 --> 00:15:28,780 The instruction performed it indirectly. 225 00:15:29,600 --> 00:15:32,600 By default, instructions are executed sequentially. 226 00:15:32,600 --> 00:15:36,249 The program counter PC increments as instructions are executed, always pointing 227 00:15:36,249 --> 00:15:39,949 to the next instruction. Control flow instructions like jump and conditional 228 00:15:39,949 --> 00:15:44,609 jump change that. When the CPU hits a jump instruction, it will load its argument 229 00:15:44,609 --> 00:15:49,079 into the program counter, which means that execution will continue at that address. 230 00:15:49,079 --> 00:15:53,389 jz, jump if zero, only jumps if A is zero. Otherwise it continues with the next 231 00:15:53,389 --> 00:15:57,629 instruction. Similarly, jlez only jumps if A is negative or zero. 232 00:15:57,629 --> 00:16:03,449 CCS count compare and skip, is a fun one. It's a four-way fork for execution. 233 00:16:03,449 --> 00:16:06,820 Depending on whether the value in memory is positive, negative, 234 00:16:06,820 --> 00:16:11,050 plus minus - plus zero, minus zero, it will jump to one of the next four instructions. 235 00:16:11,050 --> 00:16:14,209 If you know the value is positive or zero, you can ignore 236 00:16:14,209 --> 00:16:16,480 the other two cases and just fill the first two slots. 237 00:16:16,480 --> 00:16:20,430 And if it's supposed to be only negative, you have to skip the first two slots. 238 00:16:20,430 --> 00:16:23,879 They should never be reached, but it's good practice for them to fill them 239 00:16:23,879 --> 00:16:29,029 with error handlers. Since CCS also puts the absolute diminished value of the 240 00:16:29,029 --> 00:16:34,489 memory location into A, so it decrements A, a special case of CCS A can be used for 241 00:16:34,489 --> 00:16:38,680 loops that count down A. The call instruction. Isn't it for calling 242 00:16:38,680 --> 00:16:42,609 subroutines aka functions. It's like a jump instruction but it saves its origin, 243 00:16:42,609 --> 00:16:45,809 so the callee can return to it later. For the call instruction, the program counter 244 00:16:45,809 --> 00:16:49,869 is incremented first, and then copied into the link register LR. Finally, the 245 00:16:49,869 --> 00:16:52,930 argument of the call instruction is copied into the program counter, so that 246 00:16:52,930 --> 00:16:57,440 execution continues there. The link register now contains the return address. 247 00:16:57,440 --> 00:17:00,939 At the end of the subroutine, the RET instruction effectively copies the 248 00:17:00,939 --> 00:17:05,010 contents of the linked register into the program counter, so execution resumes just 249 00:17:05,010 --> 00:17:08,690 after the call instruction. If the subroutine wants to call 250 00:17:08,690 --> 00:17:11,500 its own subroutine, the program has to save the link register before, 251 00:17:11,500 --> 00:17:15,071 and restore it afterwards. There's an exchange instruction specifically for this. 252 00:17:15,071 --> 00:17:18,580 For additional levels, a stack can be constructed, manually, 253 00:17:18,580 --> 00:17:20,400 using the indexing syntax. 254 00:17:20,400 --> 00:17:24,010 So far we've seen the following registers: the A register is used for 255 00:17:24,010 --> 00:17:27,839 memory accesses and all arithmetic. It is combined with the B register for double 256 00:17:27,839 --> 00:17:31,731 width arithmetic, the program counter to keep track of what to execute and the link 257 00:17:31,731 --> 00:17:34,830 register remembers the return address when calling a subroutine. We haven't seen the 258 00:17:34,830 --> 00:17:38,519 zero register yet. It always contains zero, so when we read from it, we get zero 259 00:17:38,519 --> 00:17:42,280 and when we write to it the value gets discarded. There are three more registers 260 00:17:42,280 --> 00:17:46,330 that we will talk about later. The eight registers are numbered, that is they are 261 00:17:46,330 --> 00:17:50,610 assigned memory addresses. This means that the first eight words in memory are 262 00:17:50,610 --> 00:17:53,940 actually occupied by the registers. They can be accessed using the addresses and 263 00:17:53,940 --> 00:17:57,900 all instructions that take a memory address. This allows for much greater 264 00:17:57,900 --> 00:18:01,559 flexibility in the instruction set: we can load A with the contents of the B register 265 00:18:01,559 --> 00:18:05,440 by reading the contents of memory at location 1 into A. The content of zero can 266 00:18:05,440 --> 00:18:09,690 be loaded into A by just reading from memory at 7, which is the zero register. 267 00:18:09,690 --> 00:18:14,190 A can be incremented by incrementing memory at zero and B can be used as 268 00:18:14,190 --> 00:18:20,499 a pointer by reading from double indirect one. Let's look at memory more closely. 269 00:18:20,499 --> 00:18:26,719 Memory is 4096 words and goes from 000 to FFF. The registers are located at 270 00:18:26,719 --> 00:18:31,140 the very bottom of memory. Including them, there are 1024 words of RAM, 271 00:18:31,140 --> 00:18:35,100 random access memory, and three kilowords of ROM, read-only memory. 272 00:18:35,100 --> 00:18:38,820 The AGC was originally architected to only have this little RAM and ROM, 273 00:18:38,820 --> 00:18:42,220 but there's actually more. Let's look at the RAM area. 274 00:18:42,220 --> 00:18:45,960 The uppermost quarter is banked. The area is a window through which one of eight 275 00:18:45,960 --> 00:18:50,540 different banks can be accessed, each 250 words in size. The erasable Bank register 276 00:18:50,540 --> 00:18:56,040 EB points to one of these banks. If EB is 0, Bank 0 is visible in the banked area. 277 00:18:56,040 --> 00:19:01,309 If EB is five, bank five is visible. Addresses in the fixed area always 278 00:19:01,309 --> 00:19:05,100 represent the same RAM cells, but these are not additional cells, but the same as 279 00:19:05,100 --> 00:19:09,030 banks zero, one and two. This means that there's a total of 8 times 256 words of 280 00:19:09,030 --> 00:19:15,690 RAM, two kilowords. ROM is organized similarly. The lower kiloword is banked. 281 00:19:15,690 --> 00:19:22,280 The fixed bank register FB selects one of the 32 banks. Support for more than 32 282 00:19:22,280 --> 00:19:26,090 kilowords of ROM was added at the last minute. The 'superbank' bit can switch the 283 00:19:26,090 --> 00:19:28,330 uppermost eight banks to the second set.. *laughter* 284 00:19:28,330 --> 00:19:32,880 so that a total of 40 kilowords are supported by the architecture. 285 00:19:32,880 --> 00:19:36,799 The fixed ROM area will always show the same contents as two of the ROM banks, the 286 00:19:36,799 --> 00:19:42,169 designers chose banks two and three to simplify address encoding. In practice, 287 00:19:42,169 --> 00:19:46,850 fixed ROM contains core operating system code, and fixed RAM core operating system 288 00:19:46,850 --> 00:19:49,870 data, that have to be available at all times. The remaining functionality is 289 00:19:49,870 --> 00:19:55,059 distributed across the different ROM and RAM banks. Switching the RAM Bank can be 290 00:19:55,059 --> 00:19:58,960 done by writing through the EB register. This is not a separate instruction but can 291 00:19:58,960 --> 00:20:04,279 be expressed by writing A to memory location three. If A is five, writing A 292 00:20:04,279 --> 00:20:09,580 into EB will make RAM Bank five visible at 3 0 0. The same store instruction could be 293 00:20:09,580 --> 00:20:13,659 used to write to the FB register at memory location 4, to switch the ROM Bank. But 294 00:20:13,659 --> 00:20:17,670 that wouldn't work for a common case. If code in one bank wants to call code in 295 00:20:17,670 --> 00:20:21,559 another Bank, by first switching the ROM Bank, load FB, and then doing 296 00:20:21,559 --> 00:20:26,059 the function call, writing the bank number into FB will switch out the bank the code 297 00:20:26,059 --> 00:20:29,230 is currently running on, so it won't be able to execute the call instruction. 298 00:20:29,230 --> 00:20:32,010 Instead it will continue running some completely unrelated code that happens 299 00:20:32,010 --> 00:20:34,110 to get the same address on the other bank. 300 00:20:34,110 --> 00:20:37,220 To call code on a different Bank, FB and PC registers need 301 00:20:37,220 --> 00:20:41,889 to be changed atomically. call f is only a synonym for the existing double word 302 00:20:41,889 --> 00:20:47,490 exchange instruction. Code first has to load the bank and the program counter into 303 00:20:47,490 --> 00:20:55,750 A and B. Which then call f can atomically move into FB and PC. The same exchange 304 00:20:55,750 --> 00:20:59,340 instruction can be used for a far return: it moves the original values back into FB 305 00:20:59,340 --> 00:21:06,360 and PC. The two Bank registers only hold five and three bits respectively. The 306 00:21:06,360 --> 00:21:10,659 other bits are zero and there's a third bank register, BB, both banks, which 307 00:21:10,659 --> 00:21:15,000 merges the information from both other bank registers. The call far both banks 308 00:21:15,000 --> 00:21:18,140 synonym is a double word exchange instruction that updates the program 309 00:21:18,140 --> 00:21:22,769 counter and both banks. Subroutines usually have their private variables on 310 00:21:22,769 --> 00:21:26,500 particular RAM banks. Call for both banks passes control to a function on the 311 00:21:26,500 --> 00:21:29,870 different ROM Bank and also directly switches RAM banks, so that the callee can 312 00:21:29,870 --> 00:21:33,890 immediately access its variables. Return for both banks returns to the caller, 313 00:21:33,890 --> 00:21:39,160 restoring its RAM Bank configuration. The unusual ordering of the bank registers was 314 00:21:39,160 --> 00:21:43,299 chosen to allow for a double word exchange of FB and PC, as well as for a double word 315 00:21:43,299 --> 00:21:49,149 exchange of PC and BB. Now we've seen all eight registers. There's eight more 316 00:21:49,149 --> 00:21:52,210 special locations in memory above the registers, the shadow area, which we'll 317 00:21:52,210 --> 00:21:56,179 talk about later. And above those, there are four so-called editing registers, 318 00:21:56,179 --> 00:22:00,029 which make up for the missing shift and rotate instructions. When writing a 15 bit 319 00:22:00,029 --> 00:22:05,660 value into the ROR editing register, it will be moved to the right by one bit, and 320 00:22:05,660 --> 00:22:09,670 the lowest bit will be cycled to the top. The result can then be read back. 321 00:22:09,670 --> 00:22:17,330 ROL rotates left, SHR shifts to the right duplicating the top bit, and SHR7 shifts 322 00:22:17,330 --> 00:22:20,890 to the right by 7 bits, filling the top with zeros. This is needed for the 323 00:22:20,890 --> 00:22:25,760 interpreter system software component that we'll learn about later. We have seen that 324 00:22:25,760 --> 00:22:29,669 the CPU is connected to RAM and ROM over the memory bus, but computers also talk to 325 00:22:29,669 --> 00:22:34,580 peripheral devices that is the I/O bus. We've already seen the address space for 326 00:22:34,580 --> 00:22:39,529 memory; there is a second address space to talk to devices. There are 512 I/O 327 00:22:39,529 --> 00:22:44,550 channels numbered 000 through FFF. Each channel is 15 bits, and the in and out 328 00:22:44,550 --> 00:22:48,980 instructions can read words from -, and write words to I/O channels. For many 329 00:22:48,980 --> 00:22:53,690 devices, a channel contains 15 individual control bits. A control bit can for 330 00:22:53,690 --> 00:22:58,639 example toggle a lamp on a display. The 'out OR' instruction sets individual bits, 331 00:22:58,639 --> 00:23:03,580 and 'out AND' clears individual bits. So I/O instructions can work on the whole 332 00:23:03,580 --> 00:23:10,400 word or do boolean operations on them: AND, OR and XOR. To make boolean 333 00:23:10,400 --> 00:23:15,320 operations also usable between registers, channels 1 and 2 are actually aliases of 334 00:23:15,320 --> 00:23:21,860 the B and LR registers, which allows for these instructions. For AND there's also a 335 00:23:21,860 --> 00:23:27,299 dedicated instruction that works on A and memory. After the registers, the shadow 336 00:23:27,299 --> 00:23:31,909 area, and the editing registers, there's another special area: the counters. Like 337 00:23:31,909 --> 00:23:36,090 I/O channels, they connect to external devices but they don't send bits or hold 338 00:23:36,090 --> 00:23:39,961 words back and forth, instead they are controlled by hardware pulses, or cause 339 00:23:39,961 --> 00:23:44,630 hardware pulses. On every pulse, TIME1 gets incremented for example, while other 340 00:23:44,630 --> 00:23:51,220 counters take the number stored into them by code and count down, generating pulses. 341 00:23:51,220 --> 00:23:55,190 When I/O devices need to signal the CPU, thay can interrupt normal execution. 342 00:23:55,190 --> 00:23:58,509 Next to the program counter, which points to the next instruction, there's the 343 00:23:58,509 --> 00:24:02,520 instruction register which holds the current opcode. When an interrupt happens, 344 00:24:02,520 --> 00:24:08,570 the CPU copies PC into a special memory location PC' and IR into IR' and then 345 00:24:08,570 --> 00:24:12,340 jumps to a magic location depending on the type of interrupt, in this example 814. 346 00:24:12,340 --> 00:24:16,059 When the interrupt handlers finished servicing the device the iret instruction 347 00:24:16,059 --> 00:24:20,530 will copy PC' and IR' back into PC and IR, so execution will continue at the original 348 00:24:20,530 --> 00:24:26,690 location. Memory locations eight through hex F are shadows of the eight registers. 349 00:24:26,690 --> 00:24:30,360 PC and IR are automatically saved by interrupts and the remaining registers 350 00:24:30,360 --> 00:24:35,330 need to be saved by software if necessary. The overflow condition flag cannot be 351 00:24:35,330 --> 00:24:40,120 saved or restored, so while there's an overflow condition until the next store 352 00:24:40,120 --> 00:24:44,019 instruction, which resolves the offload, interrupts will be disabled. 353 00:24:44,019 --> 00:24:49,960 The 11 interrupt handlers have to reside in fixed ROM starting at 8 0 0. 354 00:24:49,960 --> 00:24:54,609 There are 4 words for each entry. Typical interrupt entry code saves A and B, 355 00:24:54,609 --> 00:25:00,319 loads A and B with a bank and PC of the actual handler and jumps there. 356 00:25:00,319 --> 00:25:04,160 Interrupt 0 is special: it's the entry point on reset. 357 00:25:04,160 --> 00:25:07,799 Next we will enter the interrupt return instruction, there's an instruction 358 00:25:07,799 --> 00:25:11,019 to cause an interrupt in software, and instructions to enable and 359 00:25:11,019 --> 00:25:15,960 disable interrupts globally. There is one more special memory location at hex 37, 360 00:25:15,960 --> 00:25:20,830 the watchdog. This location needs to be read from or - read from or written to - 361 00:25:20,830 --> 00:25:23,940 at least every 0.64 seconds otherwise the hardware will decide the 362 00:25:23,940 --> 00:25:29,539 system software is unresponsive and cause a reset. Now we've seen an instruction set 363 00:25:29,539 --> 00:25:33,039 and in the examples we've seen the codes that represent instructions in memory. 364 00:25:33,039 --> 00:25:37,070 Let's look at how the encoding works. The load instruction, the upper three bits are 365 00:25:37,070 --> 00:25:41,790 the opcode representing the load a and the remaining 12 bits encode the address. 366 00:25:41,790 --> 00:25:44,610 This allows for a total of eight instructions but there are more 367 00:25:44,610 --> 00:25:48,570 than eight instructions. RAM addresses always start with zero zero and 368 00:25:48,570 --> 00:25:53,560 ROM adresses start with anything but zero zero. So the store instruction, 369 00:25:53,560 --> 00:25:57,100 which only makes sense on RAM, only needs to encode 10 address bits instead 370 00:25:57,100 --> 00:26:02,620 of 12, making room for another three RAM-only instructions. 371 00:26:02,620 --> 00:26:05,539 The same is true for the increment instruction, which makes room for 372 00:26:05,539 --> 00:26:10,310 three more, as well as CCS which shares an opcode with jump, which only works 373 00:26:10,310 --> 00:26:15,779 on ROM addresses. Since jumps to the bank register don't make much sense 374 00:26:15,779 --> 00:26:21,310 these codes are used to encode STI, CLI and extend. Extend is a prefix. 375 00:26:21,310 --> 00:26:23,570 It changes the meaning of the opcode of the next instruction ... 376 00:26:23,570 --> 00:26:28,389 *laughter* ... allowing for a second set of two-word instructions. 377 00:26:28,389 --> 00:26:33,990 There's one more special call instruction 'call 2' which is 'call LR', 378 00:26:33,990 --> 00:26:37,510 which is the return instruction. But the CPU doesn't special case this one. 379 00:26:37,510 --> 00:26:42,009 Return is a side-effect of calling memory at location 2. It executes the instruction 380 00:26:42,009 --> 00:26:45,960 encoded in the LR register, the 12 bit address with the leading zeros decodes 381 00:26:45,960 --> 00:26:52,200 into another call instruction which transfers control to the return address. 382 00:26:52,200 --> 00:26:56,929 Indexed addressing is achieved by using the index prefix. An indexed instruction 383 00:26:56,929 --> 00:27:00,480 consists of two instruction words, index and the base instruction. The addressing 384 00:27:00,480 --> 00:27:03,690 code in the base instruction is the base address and the index instruction encodes 385 00:27:03,690 --> 00:27:08,809 the address of the index. Index is an actual instruction. The CPU reads from the 386 00:27:08,809 --> 00:27:14,549 given address, 0 8 0 in the example, then adds its value, 3, to the instruction code 387 00:27:14,549 --> 00:27:19,830 of the following instruction 3 7 0 0 which is stored in the internal IR register. 388 00:27:19,830 --> 00:27:23,980 Then it uses the resulting instruction code 3 7 0 3 for the next instruction, 389 00:27:23,980 --> 00:27:29,880 which is a load from 703, the effective address. If an interrupt occurs after in 390 00:27:29,880 --> 00:27:33,200 the index instruction, that is no problem because IR contains the effective 391 00:27:33,200 --> 00:27:36,339 instruction code which will be saved into IR Prime and restored at the end of the 392 00:27:36,339 --> 00:27:40,490 interrupt handler. Finally there's one index encoding with a special meaning. 393 00:27:40,490 --> 00:27:42,950 When the address looks like it's referencing the shadow instruction 394 00:27:42,950 --> 00:27:47,060 register it's an interrupt return instruction. Looking at the instruction 395 00:27:47,060 --> 00:27:50,230 set architecture as a whole, there are many quirky and unusual features when 396 00:27:50,230 --> 00:27:53,470 compared to modern architectures. It uses One's Complement instead of Two's 397 00:27:53,470 --> 00:27:57,809 Complement; it has no status register; the overflow flag can't even be saved so 398 00:27:57,809 --> 00:28:01,900 interrupts are disabled until the overflow is resolved; the store instruction may 399 00:28:01,900 --> 00:28:06,610 skip a word under certain circumstances; the ccs destruction can skip several words 400 00:28:06,610 --> 00:28:11,049 and can be outright dangerous if the instructions following it use prefixes; 401 00:28:11,049 --> 00:28:14,379 there are no shift or rotate instructions but magic memory locations that shift and 402 00:28:14,379 --> 00:28:18,889 rotate when writing into them; most boolean instructions only work on I/O 403 00:28:18,889 --> 00:28:23,039 channels; indexing is done by hacking the following instruction code, and the 404 00:28:23,039 --> 00:28:28,400 architecture has no concept of a stack, indexing has to be used if one is needed. 405 00:28:28,400 --> 00:28:32,929 This was the architecture of the Apollo guidance computer, now let's look at how 406 00:28:32,929 --> 00:28:36,460 this architecture is implemented in hardware. The hardware implementation runs 407 00:28:36,460 --> 00:28:40,320 at one megahertz, is micro coded and uses integrated circuits, core memory, and core 408 00:28:40,320 --> 00:28:43,310 rope memory. We'll look at the block diagram and how instructions are 409 00:28:43,310 --> 00:28:46,999 implemented in micro code, and then about how the schematics map to integrated 410 00:28:46,999 --> 00:28:52,890 circuits on modules on trays. This simplified block diagram shows the AGC at 411 00:28:52,890 --> 00:28:57,190 the hardware level. Each box contains on the order of 500 logic gates. The dotted 412 00:28:57,190 --> 00:29:01,340 lines are wires that to move a single bit of information, the solid lines are 15 413 00:29:01,340 --> 00:29:07,049 wires that move a data word. These units deal with timing and control, and these 414 00:29:07,049 --> 00:29:11,370 are the central units. The central register unit stores A, B, link registers, 415 00:29:11,370 --> 00:29:16,409 and program counter, and the arithmetic unit can add and subtract numbers. The 416 00:29:16,409 --> 00:29:22,090 memory components deal with RAM and ROM. The main clock of about one megahertz 417 00:29:22,090 --> 00:29:25,450 feeds into the sequence generator which keeps cycling through twelve stages, which 418 00:29:25,450 --> 00:29:31,340 is one memory cycle, MCT. Instructions usually take as many memory cycles as they 419 00:29:31,340 --> 00:29:35,899 need memory accesses, so load, add, and store take two cycles, and jump takes one. 420 00:29:35,899 --> 00:29:39,519 The sequence generator contains a collection of 12 step micro programs for 421 00:29:39,519 --> 00:29:44,690 each MCT, for each instruction, like this one for the load instruction. In each 422 00:29:44,690 --> 00:29:51,740 step, the entries send control pulses to the other units, which are connected 423 00:29:51,740 --> 00:29:57,059 through the write bus. The control signal WA for example instructs the register unit 424 00:29:57,059 --> 00:30:01,399 to put the contents of A onto the write bus, and RA makes it read the value on the 425 00:30:01,399 --> 00:30:06,630 bus into A. Memory is also connected to the write bus. WS will copy the bus 426 00:30:06,630 --> 00:30:10,349 contents into the memory address register, and RG and WG will read and write the G 427 00:30:10,349 --> 00:30:15,720 register, which buffers the cells value after read and before a write. So in stage 428 00:30:15,720 --> 00:30:24,629 7 for example RG puts the memory buffer onto the bus, and WB writes the bus 429 00:30:24,629 --> 00:30:30,000 contents into the temporary G register. And in T10, B gets put on the bus and it 430 00:30:30,000 --> 00:30:33,899 gets read into the A register. At the beginning of every memory cycle the 431 00:30:33,899 --> 00:30:37,860 hardware sends the memory address S, usually what's encoded instruction, to 432 00:30:37,860 --> 00:30:42,330 memory and copies the contents of that address into G. in the second half of the 433 00:30:42,330 --> 00:30:47,999 MCT it stores G back into the same cell. So if we show memory timing next to the 434 00:30:47,999 --> 00:30:50,440 microcode, as well as the pseudocode version of the load instruction which is 435 00:30:50,440 --> 00:30:55,470 easier to read, we can see it loads the value from memory into G copies it into B 436 00:30:55,470 --> 00:30:59,049 and then copies it into A. More interesting is the exchange instruction. 437 00:30:59,049 --> 00:31:05,519 It saves A to B, reads memory into G, copies the result into A, copies the old 438 00:31:05,519 --> 00:31:11,210 value into G, and stores that G into memory. Division for example takes several 439 00:31:11,210 --> 00:31:15,460 MCT and it's micro program is way more complex. But there are more micro programs 440 00:31:15,460 --> 00:31:18,799 than the ones for the machine instructions. Since there is only a single 441 00:31:18,799 --> 00:31:21,580 adding unit in the whole computer, incrementing and decrementing the counters 442 00:31:21,580 --> 00:31:26,070 is done by converting the pulses into special instructions that get injected 443 00:31:26,070 --> 00:31:30,539 into the instruction stream. There are 14 of these so-called unprogrammed sequences 444 00:31:30,539 --> 00:31:34,749 with their own micro programs. Some counter shift, some are for interacting with 445 00:31:34,749 --> 00:31:40,869 debugging hardware, and these two control the interrupt and reset sequences. 446 00:31:40,869 --> 00:31:46,079 The complete schematics are publicly available and fit on just 49 sheets. 447 00:31:46,079 --> 00:31:51,119 The whole implementation only uses a single type of gate, a three input NAND gate. 448 00:31:51,119 --> 00:31:54,870 Two of these are contained in one integrated circuit, and about a hundred of 449 00:31:54,870 --> 00:31:57,700 these ICs form a logic module. 450 00:31:59,580 --> 00:32:03,730 24 logic modules and some interface and power supply modules are connected 451 00:32:03,730 --> 00:32:06,999 together in tray A, which also contains the I/O and debug connectors. 452 00:32:06,999 --> 00:32:11,370 Tray B contains various driver and amplifier modules, as well as RAM and ROM. 453 00:32:11,370 --> 00:32:16,061 RAM is implemented as magnetic core memory, which stores bits in magnetized toroids. 454 00:32:16,061 --> 00:32:19,800 Reading a bit clears it, so the memory sequencer makes sure to always write the 455 00:32:19,800 --> 00:32:24,080 value again after reading it. Without mass storage, like tape, the AGC 456 00:32:24,080 --> 00:32:29,960 has an unusually high amount of ROM. Core Rope Memory encodes bits by wires that 457 00:32:29,960 --> 00:32:35,190 either go through- or past a ferrite core. The 500,000 bits per computer were woven 458 00:32:35,190 --> 00:32:40,429 completely by hand. Trays A and B are put together like this and hermetically 459 00:32:40,429 --> 00:32:45,019 sealed, making for a rather compact computer. This is its orientation when 460 00:32:45,019 --> 00:32:50,440 installed on the spacecraft, with the six ROM modules accessible so they could in 461 00:32:50,440 --> 00:32:54,529 theory be replaced during the mission. And that was the hardware part. 462 00:32:54,529 --> 00:33:00,699 *applause* C: Next let's look at the devices. 463 00:33:00,699 --> 00:33:04,610 *applause* 464 00:33:04,610 --> 00:33:08,090 Let's look at the devices connected to the computer. 465 00:33:08,090 --> 00:33:10,921 We will look at the core devices that allow the Apollo guidance computer to 466 00:33:10,921 --> 00:33:14,260 maintain the state vector, some quite special devices you don't see on many 467 00:33:14,260 --> 00:33:17,759 other computers, and the peripherals used for communication with astronauts and 468 00:33:17,759 --> 00:33:21,799 Mission Control. The gyroscope is the core peripheral that the Apollo guidance 469 00:33:21,799 --> 00:33:24,800 computer was originally built around. The Apollo Guidance Computer rotates it into a 470 00:33:24,800 --> 00:33:28,600 certain base position with the CDU command counters, and then the gyro detects 471 00:33:28,600 --> 00:33:31,930 rotation around the three axes of the spacecraft that can be read from the CDU 472 00:33:31,930 --> 00:33:35,470 counters. Using the gyroscope, the spacecraft always knows it's attitude, 473 00:33:35,470 --> 00:33:39,799 that is its orientation in space. The accelerometer adjust acceleration forces 474 00:33:39,799 --> 00:33:45,509 on the three axis. The three values can be read from the PIPA counters. The optics on 475 00:33:45,509 --> 00:33:49,419 the command module are used to measure the relative position to the celestial bodies. 476 00:33:49,419 --> 00:33:53,220 The computer uses the OPT command counters to move the optics to point towards the 477 00:33:53,220 --> 00:33:56,669 general direction of a star, and will read in the astronauts fine-tuning through the 478 00:33:56,669 --> 00:34:00,640 OPT counters. The landing radar sits at the bottom of the lunar module and 479 00:34:00,640 --> 00:34:03,649 measures the distance to the ground. The RADARUPT interrupt will be triggered 480 00:34:03,649 --> 00:34:07,009 whenever a new measurement is available, and the RNRAD counter contains the new 481 00:34:07,009 --> 00:34:11,562 value. Lunar module's rendezvous radar measures the distance of the command and 482 00:34:11,562 --> 00:34:15,550 service module during rendezvous. After setting the two angles and the CDUT and 483 00:34:15,550 --> 00:34:18,980 CDUS counters to point it towards the two other spacecraft, it will automatically 484 00:34:18,980 --> 00:34:22,250 track it and cause RADARUPT interrupts when new data is available, which can be 485 00:34:22,250 --> 00:34:26,780 read from the RNRAD counters. The command module, the service module, and the lunar 486 00:34:26,780 --> 00:34:30,960 module all contain reaction control system, RCS, jets that emit small bursts 487 00:34:30,960 --> 00:34:34,870 for holding or charging the attitude. On lunar module, there's one bit for each of 488 00:34:34,870 --> 00:34:38,469 the sixteen jets. Setting a bit to one will make the jet fire.The system software 489 00:34:38,469 --> 00:34:44,189 uses a dedicated timer, TIME6, and it's interrupt T6RUPT for timing the pulses. 490 00:34:44,189 --> 00:34:47,560 The user interface is provided by the so called DSKY which stands for display and 491 00:34:47,560 --> 00:34:51,861 keyboard. It has 19 keys, 15 lamps, and several numeric output lines. 492 00:34:51,861 --> 00:34:55,050 Keys generate the KEYRUPT interrupts and the key number can be read 493 00:34:55,050 --> 00:34:59,630 from the KEYIN I/O channel. The numeric display is driven by the OUT O channel. 494 00:34:59,630 --> 00:35:02,500 There is bidirectional digital radio communication and S-band between 495 00:35:02,500 --> 00:35:06,970 Mission Control and each spacecraft at a selectable speed of 1.9 or 51 kbit/s 496 00:35:06,970 --> 00:35:10,210 Data words from Mission Control show up in the INLINK counter and 497 00:35:10,210 --> 00:35:15,071 trigger interrupt UPRUPT. Data words to be sent are stored in the I/O channel DNTM1 498 00:35:15,071 --> 00:35:17,690 and the DOWNRUPT interrupt will signal the program when it can load 499 00:35:17,690 --> 00:35:23,550 the register with the next word. These were some of the interesting peripherals. 500 00:35:25,070 --> 00:35:29,520 M: The AGC system, the AGC system software 501 00:35:29,520 --> 00:35:32,490 makes it a priority based cooperative - but also pre-emptive - real-time 502 00:35:32,490 --> 00:35:37,410 interactive fault tolerant computer with virtual machine support. The topics we'll 503 00:35:37,410 --> 00:35:40,740 talk about are multitasking, the interpreter, device drivers, and the 504 00:35:40,740 --> 00:35:45,540 waitlist, as well as the user interface, and mechanisms for fault recovery. The AGC 505 00:35:45,540 --> 00:35:49,020 has many things to do. It does mathematical calculations that can take 506 00:35:49,020 --> 00:35:52,900 several seconds, and it does I/O with its devices; it services interrupts when a 507 00:35:52,900 --> 00:35:56,890 device wants the computers attention, for example a key press. It does regular 508 00:35:56,890 --> 00:36:01,110 servicing of devices, like updating the display, and it supports real-time 509 00:36:01,110 --> 00:36:05,820 control, like flashing a lamp or firing boosters at exactly the right time. 510 00:36:05,820 --> 00:36:09,520 There's only a single CPU, so it must switch between the different tasks. 511 00:36:09,520 --> 00:36:13,680 Batch processing multitasking computers work on long-running jobs one after the 512 00:36:13,680 --> 00:36:17,720 other, but if some jobs have higher priorities it makes more sense to run a job 513 00:36:17,720 --> 00:36:21,140 for only - say 20 milliseconds - then check the job queues and keep running 514 00:36:21,140 --> 00:36:24,830 the highest priority job in the queue until it terminates and is removed 515 00:36:24,830 --> 00:36:29,300 from the queue, then keep picking the highest priority job. 516 00:36:29,300 --> 00:36:32,560 Jobs have to manually check at least every 20 milliseconds whether 517 00:36:32,560 --> 00:36:36,110 there's a higher priority job in the queue by doing doing a so-called 'yield', 518 00:36:36,110 --> 00:36:41,370 which makes the AGC a priority scheduled cooperative multitasking computer. 519 00:36:41,370 --> 00:36:44,790 A job is described by 12 word data structure in memory, that contains 520 00:36:44,790 --> 00:36:48,690 the PC and both bank's register that point to where the job will start or continue 521 00:36:48,690 --> 00:36:55,170 running, as well as a word with a disabled flag in the sign bit and a 5 bit priority. 522 00:36:55,170 --> 00:36:59,120 The core set consists of seven job entries. Minus zero in the priority 523 00:36:59,120 --> 00:37:03,100 word means that the entry is empty. Job zero is always the currently running one. 524 00:37:03,100 --> 00:37:07,040 When a new job gets created with a higher priority, the yield operation will 525 00:37:07,040 --> 00:37:12,070 exchange the 12 words so that new job is job zero. Negating the priority will put a 526 00:37:12,070 --> 00:37:16,510 job to sleep, so yield won't switch to it again. Negating it again will wake it up. 527 00:37:16,510 --> 00:37:20,530 The first eight words in the job entry can be used for local storage for the job. 528 00:37:20,530 --> 00:37:23,250 Since it's always job zero that is running, these words are always 529 00:37:23,250 --> 00:37:27,840 conveniently located at the same addresses in memory. The executive has a set of 530 00:37:27,840 --> 00:37:32,790 subroutines that control the job data structures. You can create a new job 531 00:37:32,790 --> 00:37:37,190 pointed to by a pair of PC and BB registers of a given priority, change the 532 00:37:37,190 --> 00:37:41,430 priority of the current job, put the current job to sleep, wake up a given job, 533 00:37:41,430 --> 00:37:45,931 and terminate the current job. Yield is not an executive function, but a 534 00:37:45,931 --> 00:37:50,190 two instruction sequence that checks the new job variable in which the executive 535 00:37:50,190 --> 00:37:54,070 always holds the idea of the highest priority job. If job zero is the highest 536 00:37:54,070 --> 00:37:57,450 priority job there's nothing to do. If there is a higher priority job, it calls 537 00:37:57,450 --> 00:38:02,120 the change job subroutine which switches to that job. NEWJOB isn't just a variable 538 00:38:02,120 --> 00:38:05,990 in memory, but also the watchdog word. If it isn't accessed regularly, that is 539 00:38:05,990 --> 00:38:10,280 cooperative multitasking is stuck, the hardware will automatically reset itself. 540 00:38:10,280 --> 00:38:14,500 A lot of the code in the AGC does scientific calculations, calculating for 541 00:38:14,500 --> 00:38:18,610 example just the sum of two products of a scalar and a vector would require hundreds 542 00:38:18,610 --> 00:38:22,971 of instructions in AGC machine code. There is library code that provides all kinds of 543 00:38:22,971 --> 00:38:27,370 operations on single, double, or triple precision fixed point values, vectors, and 544 00:38:27,370 --> 00:38:32,570 matrices. It also provides a softer multi- purpose accumulator, MPAC, which can hold 545 00:38:32,570 --> 00:38:36,240 a double, triple, or a vector, depending on the mode flag. In C-like pseudo code we 546 00:38:36,240 --> 00:38:40,610 would load the vector into the MPAC, multiply it with a scalar, save it, do the 547 00:38:40,610 --> 00:38:45,650 other multiplication, and add the result to the saved value. Formulas like this one 548 00:38:45,650 --> 00:38:50,930 need to store intermediate results, so a thirty-eight word stack is provided. If a 549 00:38:50,930 --> 00:38:54,160 job uses math code, the MPAC, the MODE field, and the stack pointer will be 550 00:38:54,160 --> 00:38:58,040 stored in the remaining fields of the Core Set Entry. The stack will be part of a 551 00:38:58,040 --> 00:39:02,700 data tructure called VAC, which will be pointed to by the Core Set Entry. A job 552 00:39:02,700 --> 00:39:06,450 can be created with, or without a VAC, depending on which subroutine it is 553 00:39:06,450 --> 00:39:11,530 created with. The machine code version of the example code would still be very 554 00:39:11,530 --> 00:39:15,100 verbose, with many function calls passing pointers. The designers of the AGC 555 00:39:15,100 --> 00:39:18,080 software decided to create a new and compact language that will be interpreted 556 00:39:18,080 --> 00:39:22,450 at runtime, a virtual machine. The interpretive language is turing-complete 557 00:39:22,450 --> 00:39:26,710 and in addition to the MPAC it has two index registers, two step registers, and 558 00:39:26,710 --> 00:39:31,030 its own link register. The encoding manages to fit two seven bit op codes in 559 00:39:31,030 --> 00:39:35,290 one word, which allows for 128 op codes and explains why there is a 'shift right 560 00:39:35,290 --> 00:39:39,720 by seven' function in the CPU. The two operands are stored in the following two 561 00:39:39,720 --> 00:39:44,540 words, allowing 14 bit addresses. 14 bit addresses means interpretive code doesn't 562 00:39:44,540 --> 00:39:48,970 have to work this complicated memory layer anymore. It allows addressing about half 563 00:39:48,970 --> 00:39:53,080 of the ROM at the same time. At the lowest kiloword of each half, RAM is visible, so 564 00:39:53,080 --> 00:39:57,900 interpretive code can pick between one of these two memory layouts. This is the 565 00:39:57,900 --> 00:40:01,580 complete instruction set, regular machine code, interpretive code can be mixed and 566 00:40:01,580 --> 00:40:04,570 matched inside the job. The exit instruction will continue executing 567 00:40:04,570 --> 00:40:08,870 regular machine code at the next address, and CALL INTPRET will similarly switch to 568 00:40:08,870 --> 00:40:13,190 interpreter mode. In addition to long- running math tasks, the system software 569 00:40:13,190 --> 00:40:17,001 also supports device drivers. When a device needs the computers attention, for 570 00:40:17,001 --> 00:40:21,160 example in case of a DSKY key press, it causes an interrupt. The current job will 571 00:40:21,160 --> 00:40:24,290 be interrupted, and the interrupt handler will read the device data and return as 572 00:40:24,290 --> 00:40:29,401 quickly as possible. If there's more to do, it can schedule a job for later. Some 573 00:40:29,401 --> 00:40:34,390 devices need to be serviced regularly. A 120 microsecond timer causes interrupts 574 00:40:34,390 --> 00:40:38,450 that read data and write data... that read data from and write data to certain 575 00:40:38,450 --> 00:40:42,520 devices. The numeric display of the DSKY for example only allows updating a few 576 00:40:42,520 --> 00:40:48,350 digits at a time, so its driver is triggered by the 120 microsecond timer. 577 00:40:48,350 --> 00:40:51,930 The timer interrupt cycles through eight phases, which distributes the device 578 00:40:51,930 --> 00:40:56,941 drivers across time to minimize the duration of one interrupt handler. Some 579 00:40:56,941 --> 00:41:00,810 devices need to be driven at exact times. If for example a job decides that it needs 580 00:41:00,810 --> 00:41:05,330 to flash a lamp twice, it would turn it on immediately and schedule three weightless 581 00:41:05,330 --> 00:41:10,630 tasks in the future at specific times. The first one will turn the lamp off, the 582 00:41:10,630 --> 00:41:15,940 second one will turn it on again and the third one will turn it off again. The 583 00:41:15,940 --> 00:41:21,010 sorted time deltas of the weightless tasks are stored in the data structure LST1, 584 00:41:21,010 --> 00:41:24,590 with the first entry always currently counting down in a timer register, and 585 00:41:24,590 --> 00:41:29,630 LST2 contains a pair of PC and BB for each task. There are subroutines to create a 586 00:41:29,630 --> 00:41:34,690 new task and end the current task. The timer that controls the wait list has a 587 00:41:34,690 --> 00:41:39,251 granularity of 10 milliseconds. Other timers can fire at the same rate, but are 588 00:41:39,251 --> 00:41:42,950 offset, and the work triggered by them is designed to be short enough to never 589 00:41:42,950 --> 00:41:47,000 overlap with the next potential timer triggered work. This is complicated by 590 00:41:47,000 --> 00:41:50,820 device interrupts, which can come in at any time. The duration of an interrupt 591 00:41:50,820 --> 00:41:55,560 handler causes latency and the maximum duration will reduce the allowed time for 592 00:41:55,560 --> 00:41:59,090 the timer handlers. The core system software makes no guarantees about the 593 00:41:59,090 --> 00:42:04,120 timing, it's all up to components to... it's up to all the components to cooperate 594 00:42:04,120 --> 00:42:10,270 so the real time goal can be met. The PINBALL program is the shell of the AGC. 595 00:42:10,270 --> 00:42:14,160 Key press interrupts schedule a job, that collects the digits for the command and 596 00:42:14,160 --> 00:42:18,380 updates an in-memory representation of what should be on the display. The 120 597 00:42:18,380 --> 00:42:23,150 millisecond timer triggers the display update code. When the command is complete 598 00:42:23,150 --> 00:42:27,940 PINBALL schedules a new job. Mission Control has a remote shell in form of a 599 00:42:27,940 --> 00:42:34,070 DSKY connected through the s-band radio. System software that supports human life 600 00:42:34,070 --> 00:42:37,830 has to be able to communicate malfunctions and be able to recover from them. 601 00:42:37,830 --> 00:42:40,940 The alarm subroutine takes the following word from the instruction stream, 602 00:42:40,940 --> 00:42:44,530 displays it, and illuminates the prog light. This should be interpreted as 603 00:42:44,530 --> 00:42:48,590 a warning or an error message. The AGC software is full of validity and 604 00:42:48,590 --> 00:42:51,550 plausibility checks that help to find bugs during development and help 605 00:42:51,550 --> 00:42:54,250 better understanding potential issues during the mission. 606 00:42:54,250 --> 00:42:58,080 Some kinds of failures triggered by various hardware watchdogs or by code 607 00:42:58,080 --> 00:43:01,830 make it impossible for normal operations to continue. In addition to showing 608 00:43:01,830 --> 00:43:05,950 the error code, they also cause a hardware reset but the system software also offers 609 00:43:05,950 --> 00:43:10,500 recovery services. A job can have recovery code for its different phases. 610 00:43:10,500 --> 00:43:15,080 During execution it sets the respective phase and if an abort happens in any 611 00:43:15,080 --> 00:43:20,540 job or task, the currently set up recovery routine gets executed which could 612 00:43:20,540 --> 00:43:25,070 for example clean up and try the work again, or skip to a different phase, or 613 00:43:25,070 --> 00:43:30,070 cancel the job altogether. The phase change call sets the current phase for a 614 00:43:30,070 --> 00:43:34,310 job in the recovery table, for example phase 5 for job 4. Each phase is 615 00:43:34,310 --> 00:43:39,900 associated with a descriptor of a task or a job with or without a VAC. So during 616 00:43:39,900 --> 00:43:44,150 normal execution with several jobs and tasks scheduled, if an abort happens, the 617 00:43:44,150 --> 00:43:47,900 core set and wait list are cleared, the contents of the recovery table are 618 00:43:47,900 --> 00:43:52,210 activated, scheduling tasks and jobs for all jobs that set up recovery code. 619 00:43:52,210 --> 00:43:56,670 Sometimes a failure though, like corrupted memory, are not recoverable. They cause a 620 00:43:56,670 --> 00:44:00,330 fresh start, meaning a full initialization of the system without running any recovery 621 00:44:00,330 --> 00:44:05,030 code. And that was the AGC system software. 622 00:44:07,630 --> 00:44:11,350 C: As we now have a good overview on architecture, hardware, peripherals, and 623 00:44:11,350 --> 00:44:14,550 system software of the Apollo Guidance Computer, it's time briefly view on it's 624 00:44:14,550 --> 00:44:18,930 practical use on a mission to the moon. We will look at the user interface, the 625 00:44:18,930 --> 00:44:22,580 launch sequence, and, once in orbit, the attitude in orbit determination. Further 626 00:44:22,580 --> 00:44:26,130 we will understand how the digital autopilot works, and how powered flight is 627 00:44:26,130 --> 00:44:30,280 being performed. As soon as we've reached the moon, we look at the lunar landing and 628 00:44:30,280 --> 00:44:34,380 the lunar rendezvous after liftoff and finally re-entry into Earth's atmosphere. 629 00:44:34,380 --> 00:44:38,000 Last but not least contingencies, or as we like to call them, "fun issues". 630 00:44:38,000 --> 00:44:41,761 Let's start with the user interface. It is like any command-line interface but 631 00:44:41,761 --> 00:44:44,921 since there are only numbers and no letters, key words have to be encoded. 632 00:44:44,921 --> 00:44:48,540 On a normal system you might say 'display memory', 'enter'. 633 00:44:48,540 --> 00:44:52,190 Display is the verb, memory is the noun. On the Apollo guidance computer you say 634 00:44:52,190 --> 00:44:57,150 verb '0 1', which means 'display', noun '0 2' - 'memory' - 'enter'. 635 00:44:57,150 --> 00:45:01,320 Subroutine asks for an argument. On a normal system it might display a prompt, 636 00:45:01,320 --> 00:45:03,830 you enter the number, press 'enter'. On the Apollo Guidance Computer, flashing 637 00:45:03,830 --> 00:45:09,350 'verb' and 'noun' indicate that is waiting for input. So you type '2 5', 'enter'; 638 00:45:09,350 --> 00:45:12,602 an octal address, and the Apollo Guidance Computer displays the result. 639 00:45:12,602 --> 00:45:16,690 The memory contents at the address octal '2 5'. The Apollo Guidance Computer uses 640 00:45:16,690 --> 00:45:19,840 the same concept of verb and noun when it proactively asks for input. 641 00:45:19,840 --> 00:45:24,100 Verb '6', noun '11' asks for the CSI ignition time. CSI meaning 642 00:45:24,100 --> 00:45:27,980 Coelliptic Sequence Initiation, we will come to that later. Special case is when 643 00:45:27,980 --> 00:45:31,230 the Apollo Guidance Computer asks a yes-or-no question. Verb 99 has the 644 00:45:31,230 --> 00:45:35,010 astronaut confirm engine ignition with a proceed key. 645 00:45:35,010 --> 00:45:37,950 The astronauts have a complete reference of all verbs and nouns on paper, 646 00:45:37,950 --> 00:45:41,160 as well as cue cards were the most important information. 647 00:45:41,160 --> 00:45:45,510 Let's now go through each of the phases of the mission, starting with a liftoff. 648 00:45:45,510 --> 00:45:49,530 So, we are on our way. The Apollo Guidance Computer is 649 00:45:49,530 --> 00:45:53,500 in passive monitoring mode. With the cutting of the umbilical cables, which you 650 00:45:53,500 --> 00:45:58,150 see right about ... now, it has started the mission clock. In case this trigger 651 00:45:58,150 --> 00:46:01,690 fails, one DSKY is always prepared with verb 75 and just waiting for 'enter' to 652 00:46:01,690 --> 00:46:04,940 manually start the mission timer. We can display the mission elapsed time at any 653 00:46:04,940 --> 00:46:10,570 time with verb 16, noun 65. During the flight with the SaturnV, the Apollo 654 00:46:10,570 --> 00:46:13,521 Guidance Computer is only performing passive monitoring of the flight. Control 655 00:46:13,521 --> 00:46:16,660 of the SaturnV is with its own launch vehicle digital computer, and the 656 00:46:16,660 --> 00:46:20,520 instrument unit ring. The DSKY automatically shows verb 16, noun 62, 657 00:46:20,520 --> 00:46:24,110 which is velocity in feet per second. Altitude change rate in feet per second, 658 00:46:24,110 --> 00:46:27,960 and altitude above pad and nautical miles. Note that the units and the position of 659 00:46:27,960 --> 00:46:31,590 the decimal point are implicit, and yes the whole system was working in metric 660 00:46:31,590 --> 00:46:35,300 internally but for the benefit of the American astronauts the display procedures 661 00:46:35,300 --> 00:46:41,740 converted everything to imperial units. *laughter and applause* 662 00:46:41,740 --> 00:46:45,731 In case of problems with the Saturn computer, the Apollo Guidance Computer can 663 00:46:45,731 --> 00:46:49,050 take over full control of the launch vehicle, in extreme cases astronauts could 664 00:46:49,050 --> 00:46:52,601 even steer the whole stack into orbit themselves with the hand controller. In 665 00:46:52,601 --> 00:46:56,300 case you ever wanted to fly... to manualyl control a 110 meter tall rocket with more 666 00:46:56,300 --> 00:46:59,020 than 30 million Newton of thrust, this is your chance. 667 00:46:59,020 --> 00:47:01,540 *laughter* In less than 12 minutes we've gone through 668 00:47:01,540 --> 00:47:04,820 the first and second stage and are using a small burn from the third stage to get us 669 00:47:04,820 --> 00:47:09,190 into a 185 kilometer orbit which circles the earth every 88 minutes. 670 00:47:11,050 --> 00:47:13,800 But how do we know where ... we are in the right orbit? 671 00:47:13,800 --> 00:47:16,810 Well the Apollo guidance computer, as well as Mission Control, are monitoring 672 00:47:16,810 --> 00:47:20,200 position and velocity, because to get where we want to be, we first need to know 673 00:47:20,200 --> 00:47:24,210 where we are. To be able to navigate in space, we need to maintain our 674 00:47:24,210 --> 00:47:26,990 three-dimensional position, and our three-dimensional velocity, 675 00:47:26,990 --> 00:47:30,360 the so-called state vector. Let's start with the determination of the position. 676 00:47:30,360 --> 00:47:34,670 For this we need a telescope and a space sextant. The space sextant is very similar 677 00:47:34,670 --> 00:47:37,430 to an 18th century nautical sextant. Position is determined by measuring 678 00:47:37,430 --> 00:47:41,320 the angle between the horizon and a celestial body. As an horizon we can 679 00:47:41,320 --> 00:47:45,310 either take that of Earth or Moon and celestial bodies - well we are in orbit, 680 00:47:45,310 --> 00:47:48,720 we are surrounded by them. So let's just pick one. Luckily the Apollo guidance 681 00:47:48,720 --> 00:47:52,720 computer already knows the position of 45 of them. The whole optics hardware and the 682 00:47:52,720 --> 00:47:55,830 command and service module can be moved to point in the general direction of Earth 683 00:47:55,830 --> 00:47:59,260 and moon. With the launch of program 52, we command the Apollo guidance computer to 684 00:47:59,260 --> 00:48:02,840 rotate the spacecraft to point one axis of the sextant, the so-called landmark line- 685 00:48:02,840 --> 00:48:07,310 of-sight, LLOS, to the nearest body, which is earth or moon. The astronaut then used 686 00:48:07,310 --> 00:48:11,590 the optics systems to exactly align the horizon to the LLOS. With the telescope 687 00:48:11,590 --> 00:48:14,490 the astronaut looks for one of the known stars, points the star line to it and lets 688 00:48:14,490 --> 00:48:17,800 the Apollo guidance computer read the tuning and shaft angle. Repeating this one 689 00:48:17,800 --> 00:48:20,960 or more times in a different plane gives a three-dimensional position of the vehicle 690 00:48:20,960 --> 00:48:25,130 in space. In the lunar module on the other hand, the optics hardware was trimmed down 691 00:48:25,130 --> 00:48:28,380 for weight reduction. Any alignment requires rotation of the lunar module. 692 00:48:28,380 --> 00:48:31,610 This is mostly used to determine the landing site and support the rendezvous 693 00:48:31,610 --> 00:48:36,130 maneuvre. It even lacks the software to perform positioning in translunar space. 694 00:48:36,130 --> 00:48:40,100 As we are moving, our position changes all the time. But after 2 location fixes, as 695 00:48:40,100 --> 00:48:43,170 long as we're coasting, we are able to establish our speed and can determine 696 00:48:43,170 --> 00:48:47,010 future positions by dead reckoning. As position and velocity are known, future 697 00:48:47,010 --> 00:48:50,720 positions can be extrapolated. Unfortunately the near extrapolation 698 00:48:50,720 --> 00:48:54,450 doesn't work in space as we have gravitational forces which bend our path. 699 00:48:54,450 --> 00:48:57,090 Thankfully there are two mathematical models implemented in the Apollo Guidance 700 00:48:57,090 --> 00:49:00,400 Computer: Conic integration based on the Keplerian orbit model on the left, which 701 00:49:00,400 --> 00:49:04,640 assumes one perfectly round gravitational body influencing our flight path, and 702 00:49:04,640 --> 00:49:08,060 Encke's integrating method for perturbation considering multiple bodies 703 00:49:08,060 --> 00:49:12,080 with gravitational imbalances. I think this helps to understand why we need a 704 00:49:12,080 --> 00:49:15,610 computer on board and can't just fly to the moon with a hand controller. As we 705 00:49:15,610 --> 00:49:19,020 see, the Apollo spacecraft was perfectly capable to fly on its own, but in the end 706 00:49:19,020 --> 00:49:22,150 NASA decided that the primary source for state vector updates shall be Mission 707 00:49:22,150 --> 00:49:25,580 Control in Houston, measured with three ground stations. Remote programming is 708 00:49:25,580 --> 00:49:28,621 done with the Apollo guidance Computer in idle, and running program 27. Mission 709 00:49:28,621 --> 00:49:32,590 Control can use its link via s-band to update the state vector. But there's one 710 00:49:32,590 --> 00:49:36,450 thing Mission Control doesn't know better than us, and that's attitude. Attitude is 711 00:49:36,450 --> 00:49:39,880 the orientation of the spacecraft in its three axis. Starting from a known 712 00:49:39,880 --> 00:49:44,041 attitude, we have to ensure that we can measure any rotation on any axis. 713 00:49:44,041 --> 00:49:48,020 That's what gyros are for. They are one of the major component of the IMU, 714 00:49:48,020 --> 00:49:51,740 the inertial measurement unit. Three gyroscopes, one per axis measure any 715 00:49:51,740 --> 00:49:54,810 rotation and provide their data to the Apollo Guidance Computer to keep track of 716 00:49:54,810 --> 00:49:59,350 the attitude of the spacecraft. Before we leave Earth orbit, let's quickly discuss 717 00:49:59,350 --> 00:50:02,490 the digital autopilot. It is the single biggest program in the Apollo Guidance 718 00:50:02,490 --> 00:50:05,690 Computer, with about 10% of all the source code both in the command and service 719 00:50:05,690 --> 00:50:09,080 module as well as the lunar module. The implementations for each vehicle are 720 00:50:09,080 --> 00:50:12,140 significantly different though, due to different flight modes, thruster sets, 721 00:50:12,140 --> 00:50:16,950 and symmetry of vehicle. As there's no friction in space, the tiniest event would 722 00:50:16,950 --> 00:50:20,580 constantly make the spacecraft rotate. The digital autopilot of the Apollo Guidance 723 00:50:20,580 --> 00:50:24,150 Computer uses the jets to maintain the attitude within certain thresholds, 724 00:50:24,150 --> 00:50:28,420 so-called dead bands. The autopilot is also used in case the astronauts ever need 725 00:50:28,420 --> 00:50:31,970 to use the hand controllers for thrusters. Basically both the command service module 726 00:50:31,970 --> 00:50:35,400 and the lunar module have fly-by-wire control. As any thruster could break at 727 00:50:35,400 --> 00:50:39,250 any time, the autopilot is capable of calculating the ideal burn mode even with 728 00:50:39,250 --> 00:50:42,750 a reduced number of thrusters. It has some simple algorithms for center of gravity and 729 00:50:42,750 --> 00:50:45,920 weight distribution as well, which are taken into account when calculating 730 00:50:45,920 --> 00:50:50,360 thruster maneuvers. It can do more than that, though. Give it a new attitude and 731 00:50:50,360 --> 00:50:54,320 it will calculate the most efficient transfer vector to reach the new attitude. 732 00:50:54,320 --> 00:50:58,120 In certain flight modes it might be required to have a stable rotation, be it 733 00:50:58,120 --> 00:51:01,240 for temperature control, monitoring of the landing site, or other reasons. The 734 00:51:01,240 --> 00:51:05,510 autopilot supports stable constant rolling, which can be directly activated. 735 00:51:05,510 --> 00:51:08,380 The autopilot does not only control attitude, it also supports the crew in 736 00:51:08,380 --> 00:51:12,030 performing powered flight maneuvers. It calculates a potential solution, which 737 00:51:12,030 --> 00:51:15,600 obviously can be overwritten by ground as usual, but still, after confirmation the 738 00:51:15,600 --> 00:51:18,880 autopilot automatically fires the engines and keeps a timer for the correct length 739 00:51:18,880 --> 00:51:23,590 of time. It does not measure the results of the burn though. For powered flight 740 00:51:23,590 --> 00:51:27,220 obviously dead reckoning isn't correct anymore, so the Apollo Guidance Computer 741 00:51:27,220 --> 00:51:30,960 contains a subroutine called average G, which takes the input from the IMU, 742 00:51:30,960 --> 00:51:35,500 meaning gyro and accelerometer, to compute the change to the state vector. Now that 743 00:51:35,500 --> 00:51:38,770 we know how to orient ourselves, and how to control the spaceship, it's time we fly 744 00:51:38,770 --> 00:51:42,300 to the moon. Usually the translunar injection happens in the middle of the 745 00:51:42,300 --> 00:51:46,120 second orbit around the earth, so around 2 hours 45 minutes into the flight. This is 746 00:51:46,120 --> 00:51:49,680 still performed by the third stage of the SaturnV so the Apollo Guidance Computer 747 00:51:49,680 --> 00:51:52,280 once again should only have a passive role here by monitoring the translunar 748 00:51:52,280 --> 00:51:56,220 injection with the dedicated program P 15. After separation from the S-IV-B 749 00:51:56,220 --> 00:51:59,350 we are on our way. Since the next interesting phase is the lunar 750 00:51:59,350 --> 00:52:04,210 landing, let's skip to that one. Once in lunar orbit, separation between the 751 00:52:04,210 --> 00:52:07,380 command and service module and lunar module happens four hours and 45 minutes 752 00:52:07,380 --> 00:52:11,450 before landing. On the lunar module, directly afterwards, rendezvous equipment 753 00:52:11,450 --> 00:52:15,150 like radar, strobe and VHF are tested, as well as the IMU, which is realigned. 754 00:52:15,150 --> 00:52:18,560 Additionally there's lots of preparation work on the lunar module. One of the main 755 00:52:18,560 --> 00:52:22,580 tasks is to prepare the abort guidance system, AGS, which is another, more 756 00:52:22,580 --> 00:52:25,450 simpler computer, that is able to get the lunar module with the astronauts back into 757 00:52:25,450 --> 00:52:29,600 orbit and safely docked with the CSM in case of an emergency. Let's get back to 758 00:52:29,600 --> 00:52:33,220 powered descent. The lunar module AGC has a special program for that one, P 63, 759 00:52:33,220 --> 00:52:37,600 braking phase. The landing radar has switched on and updates the state vector. 760 00:52:37,600 --> 00:52:40,460 The Apollo Guidance Computer controls the burn to reach the correct corridor towards 761 00:52:40,460 --> 00:52:44,510 the surface with a minimal amount of fuel. This is fully automatic, the astronauts 762 00:52:44,510 --> 00:52:47,910 just sit along for the ride. The lunar module is oriented with its descent engine 763 00:52:47,910 --> 00:52:52,040 towards the moon, visibility for the astronauts is close to zero. The second 764 00:52:52,040 --> 00:52:55,920 program, P 64, starts automatically at around 8,000 feet. Lunar module is pitched 765 00:52:55,920 --> 00:52:58,900 so that the astronauts can actually see the ground and the lunar module commander 766 00:52:58,900 --> 00:53:01,650 is getting a better understanding of the landing site and can search for a suitable 767 00:53:01,650 --> 00:53:06,570 spot. The third program, P 68, keeps the lunar module in a stable attitude above 768 00:53:06,570 --> 00:53:10,740 the surface and the commander manually adjusts the height in one feet per second 769 00:53:10,740 --> 00:53:13,870 increments, to slowly descend to the surface. Ideally at that point, the 770 00:53:13,870 --> 00:53:17,310 horizontal movement of the lunar module should be zero. After touchdown the crew 771 00:53:17,310 --> 00:53:21,480 manually activates program 68, which confirms to the Apollo guidance computer 772 00:53:21,480 --> 00:53:24,790 that yes, we have indeed landed, and ensures that the engine is switched off, 773 00:53:24,790 --> 00:53:28,350 terminates the average G routine, and sets the autopilot in a very forgiving setting, 774 00:53:28,350 --> 00:53:32,460 to avoid any corrections when it measures the rotation of the moon. The autopilot is 775 00:53:32,460 --> 00:53:35,700 not completely switched off though, as the astronaut might need it in case of an 776 00:53:35,700 --> 00:53:39,340 emergency ascent. Well we are on the moon, we do the usual stuff, small step for man, 777 00:53:39,340 --> 00:53:42,940 jump around plant the flag, and we then skip directly to the interesting bits 778 00:53:42,940 --> 00:53:46,950 which is liftoff and rendezvous. The rendezvous technique was developed in the 779 00:53:46,950 --> 00:53:50,950 Gemini project. Here you can see the Agena rendezvous target in Earth orbit. It 780 00:53:50,950 --> 00:53:54,030 follows the principle of an active vehicle, in this case the lunar module, 781 00:53:54,030 --> 00:53:56,870 which follows the command and service module and approaches it from below at 782 00:53:56,870 --> 00:54:00,980 slightly faster orbit. There were actually two different ways for rendezvous. A more 783 00:54:00,980 --> 00:54:04,320 conservative method called Coelliptic rendezvous which required one and a half 784 00:54:04,320 --> 00:54:07,470 orbits for the lunar module to reach the command and service module, but gave ample 785 00:54:07,470 --> 00:54:11,610 opportunity for monitoring progress, mid- course corrections, and orbit scenarios. 786 00:54:11,610 --> 00:54:14,660 And a more risky direct rendezvous method which directly aimed the lunar module 787 00:54:14,660 --> 00:54:18,780 towards the command and service module, taking less than one orbit until docking. 788 00:54:18,780 --> 00:54:22,430 This one was used starting from the Apollo 14 mission, as Mission Control had more 789 00:54:22,430 --> 00:54:28,140 experience and aimed for the shorter, less fuel intensive method. Preparation had to 790 00:54:28,140 --> 00:54:32,290 start two hours before liftoff. We have to align the IMU and we visually monitor the 791 00:54:32,290 --> 00:54:35,720 orbit of the CSM and calculate the rendezvous data. The Apollo Guidance 792 00:54:35,720 --> 00:54:40,350 Computer has program 22, CSM tracking, for this purpose. At liftoff minus one hour, 793 00:54:40,350 --> 00:54:44,130 we start program 12, powered ascent, and feed it with the necessary data, liftoff 794 00:54:44,130 --> 00:54:48,640 time and velocity target. The Apollo Guidance Computer performs the countdown, 795 00:54:48,640 --> 00:54:52,140 and ask for confirmation, we proceed and we have liftoff. 796 00:54:52,140 --> 00:54:55,200 The trip into orbit takes only seven and a half minutes but depending on which method 797 00:54:55,200 --> 00:54:58,300 for reaching the target orbit was used, it takes us either one and a half, or three 798 00:54:58,300 --> 00:55:01,710 and a half hours to come up behind the command and service module. During that 799 00:55:01,710 --> 00:55:04,810 time, program 20 is running all the time, measuring the state vector of the other 800 00:55:04,810 --> 00:55:08,270 vehicle, the command and service module, via various peripherals like rendezvous 801 00:55:08,270 --> 00:55:12,370 radar, VHF antenna, and the optic system for visual alignment. It calculates the 802 00:55:12,370 --> 00:55:15,530 necessary corridor and respective maneuvers required to get the lunar module 803 00:55:15,530 --> 00:55:18,800 into an interception course. Multiple other programs run in parallel to perform 804 00:55:18,800 --> 00:55:22,920 the necessary mid-course burn maneuvers. On the commander of service module, the 805 00:55:22,920 --> 00:55:25,730 pilot is actively tracking the lunar module the whole way up to orbit. The 806 00:55:25,730 --> 00:55:28,580 command and service module's computer is calculating the state vector of the lunar 807 00:55:28,580 --> 00:55:31,850 module, to take over the role of the active vehicle, in case anything goes 808 00:55:31,850 --> 00:55:35,290 wrong. The approach of the lunar module stops at 50 meter distance, at which point 809 00:55:35,290 --> 00:55:39,050 it rotates to point its docking target on top towards the command and service 810 00:55:39,050 --> 00:55:42,700 module. At that point in time the command service module takes over the active role 811 00:55:42,700 --> 00:55:46,590 and activates program 79, final rendezvous, which slows down the command 812 00:55:46,590 --> 00:55:50,240 and service module to close the distance until docking. Seconds before contact, the 813 00:55:50,240 --> 00:55:54,620 autopilot on both spacecraft is switched off to avoid both trying to correct the 814 00:55:54,620 --> 00:55:58,740 attitude of the combined spacecraft. So far so good, time to go home with the 815 00:55:58,740 --> 00:56:02,310 trans-earth injection. We feed the Apollo guidance computer with Earth orbit 816 00:56:02,310 --> 00:56:05,910 parameters and let it calculate the burn which is then activated and controlled. 817 00:56:05,910 --> 00:56:09,080 Any kind of potential mid-course corrections are performed the exact same 818 00:56:09,080 --> 00:56:14,210 way. Once in orbit around Earth, re-entry parameters are calculated on ground and 819 00:56:14,210 --> 00:56:17,260 transferred to the Apollo guidance computer via a S-band uplink. The first 820 00:56:17,260 --> 00:56:21,720 entry program, P 61, entry preparation, starts at entry minus 25 minutes. Various 821 00:56:21,720 --> 00:56:25,280 landing parameters are requested, like latitude and longitude of the splash zone, 822 00:56:25,280 --> 00:56:28,631 as well as the velocity and angles to enter the atmosphere. Entering and 823 00:56:28,631 --> 00:56:31,940 confirming these values completes program 61, and starts program 62, which basically 824 00:56:31,940 --> 00:56:35,850 asks the astronaut to perform a checklist for manual command module - service module 825 00:56:35,850 --> 00:56:39,420 - separation, which is not controlled by the Apollo guidance computer. After that 826 00:56:39,420 --> 00:56:42,750 has been performed it switches automatically to program 63, entry 827 00:56:42,750 --> 00:56:47,630 initialization. At that point, the autopilot is taking care of thruster 828 00:56:47,630 --> 00:56:51,250 control to break the command module out of its orbit into Earth's atmosphere. The 829 00:56:51,250 --> 00:56:57,030 main program for re-entry is program 64, entry, which starts automatically. Program 830 00:56:57,030 --> 00:57:00,490 64 monitors the trajectory, and splashdown location, and determines the best entry 831 00:57:00,490 --> 00:57:04,570 solution and potential velocity reduction by invoking two specific programs, either 832 00:57:04,570 --> 00:57:08,630 P 65, entry up control, which basically makes the current module surf on the 833 00:57:08,630 --> 00:57:13,250 atmosphere to reduce speed and extend the range, or program 66, entry ballistic, 834 00:57:13,250 --> 00:57:16,411 throwing us through the atmosphere like a cannonball. The right mixture of the two 835 00:57:16,411 --> 00:57:22,020 is decided by program 64. The last program, program 67, final phase, performs 836 00:57:22,020 --> 00:57:25,190 the final maneuvers to the splash down. The following steps, like parachute 837 00:57:25,190 --> 00:57:28,790 deployment and so on, are not done by the Apollo guidance computer but by the ELSC, 838 00:57:28,790 --> 00:57:32,200 the Earth Landing Sequence Controller. The drop of the Apollo guidance computer is 839 00:57:32,200 --> 00:57:36,721 done before deploying the parachutes. So this was a beautiful nominal mission, what 840 00:57:36,721 --> 00:57:42,320 can go wrong? Well let's start with Apollo 11, which had a 12 02 program alarm during 841 00:57:42,320 --> 00:57:46,380 powered descent. Normally programs during powered descent use about 85% of the 842 00:57:46,380 --> 00:57:49,950 processing power of the computer, but due to an incorrect power supply design, the 843 00:57:49,950 --> 00:57:53,100 rendezvous... of the rendezvous radar generated an additional twelve thousand 844 00:57:53,100 --> 00:57:57,080 eight hundred involuntary instructions per seconds, ironically amounting to the exact 845 00:57:57,080 --> 00:58:01,210 additional 15 percent load. Due to the co-operative multitasking, a 846 00:58:01,210 --> 00:58:07,700 queue of jobs build up, which resulted in executive overflow and the 12 02 alarm. 847 00:58:07,700 --> 00:58:11,180 The operating system automatically performed a program abort, all jobs were 848 00:58:11,180 --> 00:58:14,860 cancelled and restarted. All of this took just a few seconds, and landing could 849 00:58:14,860 --> 00:58:20,090 commence. Next, Apollo 13. They had an explosion of the oxygen tank in the 850 00:58:20,090 --> 00:58:25,120 service module at 55 hours 54 minutes 53 seconds and it will ... yep, correct, 851 00:58:25,120 --> 00:58:29,230 320,000 kilometers from Earth. Fortunately they could make use of the free return 852 00:58:29,230 --> 00:58:32,402 trajectory to get the astronauts back to earth but they had to move to the lunar 853 00:58:32,402 --> 00:58:35,750 module to survive, as the command and service module was completely shut down, 854 00:58:35,750 --> 00:58:39,030 including its Apollo Guidance Computer. The IMU settings needed to be transferred 855 00:58:39,030 --> 00:58:42,200 to the lunar module system first, adapted to the different orientations of the 856 00:58:42,200 --> 00:58:45,790 spacecraft. The manual burns and the mid- course corrections were actually done with 857 00:58:45,790 --> 00:58:48,630 the abort guidance system on the lunar module, due to power constraints with the 858 00:58:48,630 --> 00:58:52,170 Apollo Guidance Computer. Successful reboot of the command and service module 859 00:58:52,170 --> 00:58:57,650 computer was luckily done hours before re- entry. And last but not least, Apollo 14, 860 00:58:57,650 --> 00:59:00,630 which had a floating solder ball in the abort button, which might lead to an 861 00:59:00,630 --> 00:59:03,450 unwanted activation of abort, therefore putting the lunar module back into orbit. 862 00:59:03,450 --> 00:59:06,810 This was solved within hours, by reprogramming the Apollo Guidance 863 00:59:06,810 --> 00:59:10,010 Computer, to spoof the execution of a different program, which was not listening 864 00:59:10,010 --> 00:59:13,290 to the abort button during the powered descend. Real abort activation though 865 00:59:13,290 --> 00:59:18,830 would have to be manually activated via the DSKY. So this was an overview and how 866 00:59:18,830 --> 00:59:23,270 the mission software was used on a flight to the moon and back. 867 00:59:23,270 --> 00:59:32,350 *applause* 868 00:59:32,350 --> 00:59:36,440 M: Now you probably want to run your own code on a real Apollo Guidance Computer, 869 00:59:36,440 --> 00:59:41,100 so you need to know where to find one. 42 computers were built total. 870 00:59:41,100 --> 00:59:46,410 Seven lunar module computers crashed onto the moon. Three lunar module AGC's burned 871 00:59:46,410 --> 00:59:50,470 up in the Earth's atmosphere, 11 command module computers returned. 872 00:59:50,470 --> 00:59:55,520 They're all presumably parts of museum exhibits. And 21 machines were not flown. 873 00:59:55,520 --> 00:59:59,180 Little is known about those. One is on display at the Computer History Museum 874 00:59:59,180 --> 01:00:02,240 in Mountain View, California, but it is missing some components. 875 01:00:02,240 --> 01:00:07,290 Luckily several emulation solutions are publicly available, as well as a tool chain. 876 01:00:07,290 --> 01:00:11,740 And the complete mission source, originally the size of a medium-sized suitcase, 877 01:00:11,740 --> 01:00:17,080 is available on github. *laughter* 878 01:00:17,080 --> 01:00:25,700 *applause* 879 01:00:25,700 --> 01:00:29,430 It takes a village to create a presentation. We would like to thank everyone who 880 01:00:29,430 --> 01:00:32,990 helped and supported us. This includes the indirect contributors, who wrote 881 01:00:32,990 --> 01:00:35,940 the books, the original documentation, the websites, and the software. 882 01:00:35,940 --> 01:00:39,560 Thank you very much for your attention. C: Thank you. 883 01:00:39,580 --> 01:00:53,020 *applause and cheering* 884 01:00:53,020 --> 01:00:58,080 Herald: Wow that was a densely packed talk. *laughter* 885 01:00:58,080 --> 01:01:06,260 Thanks Michael, and thanks Christian, for this amazing information overload. 886 01:01:06,260 --> 01:01:11,410 Please give a warm hand of applause, because we can't have a Q&A, unfortunately. 887 01:01:11,410 --> 01:01:20,108 *applause* 888 01:01:20,108 --> 01:01:35,448 *postroll music* 889 01:01:35,448 --> 01:01:41,301 *subtitles created by c3subtitles.de in the year 2018*