NASA's Artemis II Orion capsule runs one of the most fault-tolerant computer systems ever built for spaceflight. Unlike Apollo, Orion's computing architecture manages virtually all safety-critical functions. The system uses eight CPUs across four Flight Control Modules (FCMs) arranged in self-checking pairs, employing a fail-silent design rather than traditional majority voting. A priority-ordered source selection algorithm picks the first healthy FCM, and the system can lose three of four FCMs in 22 seconds and still operate safely. Determinism is enforced via time-triggered Ethernet, ARINC653-compliant scheduling, and time-space partitioning so all FCMs see identical inputs and produce identical outputs. Triple-modular-redundant memory self-corrects single-bit errors, and network interfaces use dual-lane comparison. A completely independent Backup Flight Software system runs on different hardware with a different OS as a dissimilar redundancy fallback. Verification includes Monte Carlo stress testing and large-scale fault injection on supercomputers.
Sort: