As they hurtled to earth, the seven astronauts aboard the space shuttle Columbia ceded control of their spacecraft to a sophisticated flight control system made up of four onboard computers and a backup. The machines were supposed to analyze information from the orbiter's sensors and satellite systems and make the hundreds of decisions each millisecond needed to keep the shuttle safe and on course.
While early attention in the investigation into the loss of the shuttle has focused on possible problems with the heat-resistant tiles, NASA investigators say a major part of their inquiry is determining whether something might have gone wrong with the shuttle's "brains," the computerized flight controls.
The onboard computers recorded a surge in temperature on the left side of the shuttle and detected increased drag on the left wing. They directed the craft to compensate for the changes by firing two of four right-side jets designed to keep the shuttle on a straight course -- the biggest shift of direction ever ordered on reentry.
Ron Dittemore, the NASA shuttle program manager at the Johnson Space Center here, said that all indications so far are that the main computers were functioning they way they were designed to but that it was hard to tell what happened after communications with the shuttle were cut off at 8:59 a.m. Investigators are running simulations on the software that attempt to replicate the situation in the shuttle at the time of its crash, to determine whether the computers might have under- or overcompensated.
"The flight control system was commanding surfaces to get the vehicle back to where it believed it should be, more to the roll to the right," Dittemore said.
Still, he acknowledged that what seemed to happen to the Columbia was not an ordinary event: "What's a little bit unusual about this one is that, even though it was within the capability of the flight control system to respond to this increased drag, the degree of which the elevons were trying to correct is outside our family of experience."
Software programs that control aircraft and other critical systems are among the most robust pieces of code ever developed, commonplace not just on spacecraft but also on most commercial airliners and other aircraft. NASA's "program controlled" flights have completed more than 110 missions without a major glitch.
Four of the five computers on the Columbia ran identical software and compared results with each other before giving the go-ahead to take a specific action. The fifth computer ran a different version of the software and was used only if the others failed.
"It's highly tested and very meticulously developed," said William R. Pruett, who managed the software project for NASA until 1998.
Based on NASA's history and the evidence presented so far, John Arquilla, a software expert and professor at the Navy Postgraduate School in Monterey, Calif., said it seemed unlikely that a software failure was the primary cause of the shuttle's fate but that it may have been a secondary event. Under one scenario being talked about at NASA, if something went wrong with the hardware to cause the temperature increase and subsequent drag, the computers may have been unable to adjust quickly enough, causing the plane to burn up on reentry.
"There has been so much success in repeating the whole process of launching and landing that I believe most of the bugs have been very nicely worked out," Arquilla said. But he said the systems should be reexamined for bugs.
As computer systems become more sophisticated, so does the process of debugging them. Indeed, software problems have been blamed for contributing to the explosion of the European Space Agency's new Ariane 5 rocket shortly after liftoff in December and for the B-2 bomber's inability to fly on its maiden flight.
NASA had a close call in 1981 when a Columbia shuttle flight was delayed because some fuel spilled, causing some of the heat-resistant tiles to fall off before takeoff. The crew used the extra time to train on a flight simulator that used the same software as the actual orbiter. The team ordered a "transatlantic abort" that caused the shuttle to be directed to a landing in Europe if it couldn't make orbit, but all four of the computers locked up. A subsequent review found 17 other bugs, which the agency said it corrected.
"In a system as complex as this, there are a lot of things that are difficult to test for," Jack Clemons, one of the managers on the software project, said at the time. More recently, last April, the International Space Station's mobile transporter, a railroad locomotive of sorts, stalled because of a software glitch.
Much of what is known about what happened aboard the Columbia came from a continuous stream of what NASA officials call "health and welfare" information that the craft's computers send back to the ground -- data that include such things as cabin temperature, altitude and the astronauts' heartbeats.
Investigators will try to extract from the agency's computers an additional 32 seconds of data that might provide more insight into what went wrong. That information arrived incomplete or corrupted at mission control and therefore wasn't listed in records as official readings from the shuttle.
"Dropouts" of data are not uncommon, given the great distances they must travel. Data from the shuttle first go to one of five satellites situated above the equator, then to a NASA facility in White Sands, N.M., before reaching Houston, a total of 23,000 miles or more, said Roger Flaherty, deputy program manager of NASA's Tracking and Data Relay Satellite System. Given the chaotic nature of the atmosphere around the shuttle at reentry, the side effects of the heat might have interfered with Columbia's last communications to Earth. NASA officials will try to piece together the bits of data to guess what those messages were.
"Specifically, [in] the region of flight where Columbia was -- reentry -- the plasma that develops can interfere with communications," Flaherty said in an interview.
The core of the shuttle software was built by IBM contractors and is maintained and upgraded by Houston-based United Space Alliance. The shuttle program also relies on some off-the-shelf products. A National Academy of Sciences report last year warned that the use of such products created a "potentially unsafe" environment because they were more likely to have glitches than customized software. The report cited no problems but recommended that NASA stop using off-the-shelf products.
The Columbia's orbiter underwent 100 upgrades in 1999-2000 at a Lockheed Martin facility in California, including the installation of a glass cockpit, new computer readout screens and docking system wire work to enable the shuttle to fly to the International Space Station if necessary. It has since flown one other mission, in March 2001, without problems.
Researchers Julie Tate and Richard S. Drezen contributed to this report.