Margaret Hamilton Takes Software Engineering To the Moon and Beyond

If you were to create a short list of women who influenced software engineering, one of the first picks would be Margaret Hamilton. The Apollo 11 source code lists her title as “PROGRAMMING LEADER”. Today that title would probably be something along the line of “Lead software engineer”

Margaret Hamilton was born in rural Indiana in 1936. Her father was a philosopher and poet, who, along with grandfather, encouraged her love of math and sciences. She studied mathematics with a minor in philosophy, earning her BA from Earlham College in 1956. While at Earlham, her plan to continue on to grad school was delayed as she supported her husband working on his own degree from Harvard. Margaret took a job at MIT, working under Professor Edward Norton Lorenz on a computer program to predict the weather. Margaret cut her teeth on the desk-sized LGP-30 computer in Norton’s office.

Hamilton soon moved on to the SAGE program, writing software which would monitor radar data for incoming Russian bombers. Her work on SAGE put Margaret in the perfect position to jump to the new Apollo navigation software team.

The Apollo guidance computer software team was designed at MIT, with manufacturing done at Raytheon. To say this was a huge software project for the time would be an understatement. By 1968, over 350 engineers were working on software. 1400 man-years of software engineering were logged before Apollo 11 touched down on the lunar surface, and the project was lead by Margaret Hamilton.

Forget it

Margaret was still considered a beginner programmer when she started work on the Apollo program. As you might expect, she was given a very low priority task: write software that would run in the event of an abort. This was software that would be used for one of the early tests, so no one expected the abort code to be run. Margaret even named the program “forget it”. Margaret was an instant expert, called into NASA to explain how her software worked, and answer questions.

Eventually, Margaret became the lead programmer for the guidance computer. She was not a hands-off manager though — she was very much in the trenches, working to get men to the moon and back again. By this time she was also a working parent. During the many late night and weekend work sessions, she would bring her daughter Lauren in. Margaret would run tests, and “play astronaut” and Lauren would play along with her.

P01 program note

During one test session, Lauren entered something at the controls. The guidance computer immediately crashed, bringing the whole system down. Margaret investigated and found that Lauren had inadvertently loaded up the P01 pre-launch program while the command module was in flight. If an astronaut did this during a mission, it would be disastrous, as the P01 program would erase all the computers navigation data. The ship would be flying blind.

Margaret with her daughter Lauren

Margaret suggested adding software to prevent this from happening, but NASA denied her request. More software means more possible bugs. A real astronaut would never, ever load the pre-launch program while the mission was underway.
To appease Margaret, NASA added a user note to the software: “Do not select P01 during flight”

During Apollo 8, Astronaut Jim Lovell proved NASA wrong by accidentally loading up P01 on the 5th day of the mission. The system crashed, and the navigation data was lost. Margaret and her team were called in to save the day. They spent eight hours studying the software and verifying a method of recovery. It had to work, and it had work the first time. Following Margaret’s instructions, NASA uploaded new navigation coefficients and the mission was able to continue.

Even though software was driving the Apollo program, it still wasn’t considered a science – at least not by the hardware or mechanical engineers. Programmers were held to a lower regard. To combat this, Margaret coined the term “software engineering”. Many of her co-workers considered it a joke at first. Of course, time has shown that she was absolutely right.

1201 program alarm

Margaret and the entire software team knew that they were doing something that had never been done before — creating man-rated software that had to be perfect the first time it was used. Any major bug would mean death for the astronauts trusting their lives to the software. Margaret was especially worried about computer problems going unnoticed by the astronauts until it was too late. She met with NASA officials and together they came up with a way to inform the astronauts that the computers were having problems.

These warnings didn’t take long to show up. During the landing sequence of Apollo 11, 1201 and 1202 program alarms lit up the cockpit several times. These were Margaret’s warnings. They indicated that the computer had run out of resources and was restarting, shedding low priority tasks to concentrate on the tasks important for the landing phase of the mission. These alarms should never have sounded — the fact that they showed up meant something was very wrong. However, the team at mission control knew how robust Margaret’s load shedding system was, so the astronauts were told to ignore and clear the alarm.

Investigations later showed that the 1201 and 1202 alarms were caused by a checklist error. The checklists instructed the astronauts to turn on their rendezvous radar during the landing phase of the mission. The rendezvous radar wasn’t needed for landing, yet it since it was on, it was still interrupting the guidance computer many times each second. These interruptions would cause the computer to run out of resources, and display one of Margaret’s alarms. If the software hadn’t been written and tested so well, the load of from the extra radar data could have caused the LEM to abort the mission, or worse, crash into the moon — stranding or killing the astronauts onboard.

After Apollo

Margaret continued working at MIT on NASA programs well after the Apollo missions. She worked on Skylab as well as the first revisions of the software for the space shuttle. Eventually, though, she left to start her own company.

Accepting the Presidential Medal of Freedom from President Obama in 2016.

While working on Apollo, Margaret found many bugs and squashed them. She carefully documented and categorized each of these. That work allowed her to recognize that many bugs occur at the boundaries between software modules. From there, Margaret was able to derive six mathematical axioms for software design. At Higher Order Software, Margaret created Universal Systems Language to put these axioms into practice.

Today Margaret is CEO (and founder) of Hamilton Technologies, Inc, where she is still creating tools and systems to make software safer and more bug-free.

Margaret Hamilton holds a LEGO minifig of herself

For many years Margaret was well known within the inner circle of NASA and MIT engineers and scientists. However, she wasn’t known to the general public. An image of her standing next to a stack of printouts taller than her — the entire source of the Apollo guidance computer changed all that. Margaret is now deservedly known as one of the first women in software engineering and has been honored with a Presidential medal of freedom, as well as being included in the Women of NASA LEGO set depicting her famous image.

38 thoughts on “Margaret Hamilton Takes Software Engineering To the Moon and Beyond

    1. That is a very cool LEGO set and well worth the price tag if you are a fan of NASA and outer space stuff (and it looks really good next to the Saturn V Rocket set :)

  1. According to Wikipedia, she was born in 1936, not 1931. I went there to find out how tall she was, to see how impressive the source code stack was, but that knowledge seems to be lost. Apparently, the Wicked Witch of the West was played by a woman also named Margaret Hamilton, and she was 5 feet tall, so at least I know that.

  2. Definately one of those “On the Shoulders of Giants,” about whom we hear. Thanks for writing about her. So many unsung heros… Odd thing that you know you’ve “made it,” when Lego casts you. With a Medal of Freedom, she should be cast in lead, to be historically in tune. And not put in childrens’ Legos…

  3. We get lazy nowadays being able to just hook up a small 6 pin connection to a microcontroller and upload 32 kb of code compiled from C in less than a minute.

    The Block II AGC had 64 kb of ROM… but it was core-rope memory. It was literally knitted together in a factory by an army of workers.

    Nowadays software engineers have the luxury of iterating their code in near-real time on real hardware. It seems miraculous that so much was achieved with an infinitely more primitive environment by those pioneers that came before us.

        1. In the year 2525, if man is still alive
          If woman can survive, they may fight
          In the year 3535
          Ain’t gonna need to tell the truth, tell no lie
          Everything you think, do and say
          Is in the pill you took today
          In the year 4545
          You ain’t gonna need your teeth, won’t need your eyes
          You won’t find a thing to chew
          Nobody’s gonna look at you

          -In the Year 2525
          Zager and Evans

    1. And the whole computer was made only with Nand gates, I recommend this video for a full explanation of the Apollo computer:

      (34C3 – The Ultimate Apollo Guidance Computer Talk).

      Start on 44:10 if you want to see only details on Mission Software, the bug with the alarms on Apollo 11 is mentioned on 57:35.

  4. PS… Use a 9″ tile and your vernier calipers to extrapolate her height. My fingers crudely put her 5’3″ to 5’6″. I recall a pair of Italian brothers tracked a NASA ride, Mercury I think… with a homemade radio and auto steering box driven antenna. They sent a recording to the president. That got them a visit to meet. Asked how they knew the frequency, they said a picture showed the vehicle and they measured the antenna and extrapolated. Read this in Readers Digest about 1960 when I was 9, reading ARRL.

  5. “Even though software was driving the Apollo program, it still wasn’t considered a science – at least not by the hardware or mechanical engineers. Programmers were held to a lower regard. To combat this, Margaret coined the term “software engineering”. Many of her co-workers considered it a joke at first. Of course, time has shown that she was absolutely right.”

    Still an issue today, the use of “engineer” when it comes to programming.

      1. By “Interpersonal Engineer” I think of people who are needed to interface nerdy people (i.e. engineers, programmers, scientists) with non-nerdy people (management, press, politicians, sheeple…)
        They are necessary people, if for no other reason than “to keep the peace”.
        But even with them, communication can break down (alas!).

    1. Technically, I was originally trained to become an engineer… though decided three years into college I didn’t want to spend more time taking classes to learn about “energy balances.” I wanted to get back to work with a B.S. degree, so just earned the Chemistry A.C.S. certified Biochemistry concentration degree and learned about “mass balances” and a little bit of “energy balances.” Well, Tech is a little more aggressive with energy awareness so some say I still graduated with a little “e” for engineering degree. Back to the point… that the difference between a scientist and engineer… scientist primarily learns mass balances… engineer primarily learns mass and energy balances. Like balancing an equation you know using the physics of the school of study variables.

  6. Nit to pick–calling the use of the Rendezvous Radar on approach to landing a “checklist error” is a judgment call. Doing so should have been a perfectly valid get-ahead item in case of an abort (you want the RR on for that to get back to the CM), but unanticipated problems stemming from an insufficiently-specified electrical interface caused the RR to try to overwhelm the computer.

    A better accounting of that is at
    https://arstechnica.com/science/2015/07/no-a-checklist-error-did-not-almost-derail-the-first-moon-landing/

    Disclaimer: I currently develop software on contract for NASA, so I end up with strong opinions on this sort of thing.

    1. From the “About” link on the HaD banner…

      [Joe Kim]: Art Director

      Joe is an artist/designer from all over California. Since graduating from Art Center College of Design in Pasadena he’s created images for Disney, McDonalds, Sony, and many more. He is now pushing pixels full time for Supplyframe and the Hackaday team.

      P.s. I also remember the other MH as “Cora” from Maxwell House Coffee commercials.
      The strange thing is she didn’t like coffee and would drink tea from her “coffee mug” in the commercials.

  7. Well, Hamilton and I share one experience: The Royal McBee LGP-30. Arguably the first personal computer. It was a desk-sized vacuum-tube computer with a 1-bit (really) accumulator. Data shifted in & out in serial fashion. You could see it marching through on a little 1″ o-scope.

    Memory was 4k words of magnetic drum — no RAM at all. I/O was via a typewriter-like console.

    The LGP was programmed in a floating-point interpreter called Dictator. Call it a virtual machine. As I recall, the opcodes were 20 for add, 30 for subtract, etc. You had to assign your own addresses; not even an assembler to assign them for you.

    Amazingly enough, it worked pretty well, and I was also using it to compute Apollo trajectories.

    I was to find out later than many of the early machines, like the IBM 701 and 702, had interpreters available, and that’s what was used before FORTRAN came along.

  8. Uhhh…so, some corrections are in in order, I believe?

    “…These were Margaret’s warnings. They indicated that the computer had run out of resources and was restarting, shedding low priority tasks to concentrate on the tasks important for the landing phase of the mission. These alarms should never have sounded — the fact that they showed up meant something was very wrong. However, the team at mission control knew how robust Margaret’s load shedding system was, so the astronauts were told to ignore and clear the alarm.”

    Nope, those were Hal Laning’s warnings and load shedding system, if anything. You know, the guy that the Space Shuttle’s programming language was (presumably for a good reason) named after? He designed the executive system that made this possible (ignored the lower priority tasks and sent out the alarm code into the user interface).

    “Investigations later showed that the 1201 and 1202 alarms were caused by a checklist error. The checklists instructed the astronauts to turn on their rendezvous radar during the landing phase of the mission. The rendezvous radar wasn’t needed for landing, yet it since it was on, it was still interrupting the guidance computer many times each second.”

    Nope, no “checklist error”. This was supposed to be SOP for the landing since in the event of an abort, the already-high workload of the crew would be lessened by removing one more item to take care of if something were to go wrong. The real cause was a design mismatch between the radar and the computer interface. The numerous interrupts were *not* supposed to happen even when the radar was on. A seemingly insignificant difference between the testing environment and the flight environment masked that design error during ground testing.

    In general, this whole thing reads like some kind of fanboyish high school essay. I dare not to look further behind other sensational statements but given the timeline and publicly available information on the subject, maybe the author should have done more reading.

  9. Great post, I love to hear about the early women in technology. It’s a little sad that software these days still has the same code and UX problems that she had to deal with (along with bad management).

    Feel free to mod out: I noticed a grammatical error in “The rendezvous radar wasn’t needed for landing, yet it since it was on,…”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.