NASA rushes to change its software to avoid another shuttle shutdown


CAPE CANAVERAL, Fla. -- NASA has decided on a risky change in computer software for next week's space shuttle launch to avoid a repeat of last month's risky main-engine shutdown.

The unprecedented revision of the engine software used in the final seconds of the countdown would allow the shuttle Discovery to lift off even if the same engine problem were to occur again.

The change had been part of a broader updating of shuttle software due out next spring.

But after Discovery's launch-pad abort Aug. 12 -- only the fourth in shuttle history but the second in less than five months -- NASA separated the revision from the larger package.

It ran the new software through a compressed series of tests before installing it in Discovery in time for Friday's fourth liftoff attempt.

Brewster Shaw, director of NASA's shuttle program, approved the change Thursday even though some in the agency wanted to wait until a shuttle flight scheduled for October so the new software could be tested further.

The consensus among shuttle officials was that rushing the new software into use was less risky than another launch-pad abort, which leaves the astronauts stuck atop a fully fueled orbiter with the risk of a leak or fire.

"There is a risk trade-off," said Michael O'Neal, head of the shuttle-software office at Kennedy Space Center. "For the most part, the community agreed that this was the right thing to do."

He said some within NASA -- particularly some flight controllers at Johnson Space Center in Houston -- would have preferred to wait one more flight. But "nobody came out with vehement opposition," said Mr. O'Neal, who supports Mr. Shaw's decision.

He said engineers like to test new shuttle software for many months -- especially software that controls critical systems such as the main engines -- so they can eliminate all the difficult-to-foresee flaws that tend to appear when new computer commands interact with a larger, pre-existing program.

In Discovery's case, the new software was run through three engine test firings and 1,185 computer simulations over a three-week period, said June Malone, a spokeswoman for Marshall Space Flight Center, where the engines were developed.

Engineers had to work overtime and delay work on the larger software update to get everything done, she said.

The three engine controllers, which house the brains of the shuttle's finicky, liquid-fueled power plants, continually check and recheck all functions once the engines start -- and automatically shut them down if a problem is detected.

Discovery's launch-pad abort was caused by the failure of a fuel-flow sensor, or transducer, that falsely indicated to one controller that no fuel was getting to that engine.

Each engine has four flow sensors, but the old software aborted the launch if only one sensor failed.

Copyright © 2021, The Baltimore Sun, a Baltimore Sun Media Group publication | Place an Ad