Abstract
We show how software reliability predictions can increase confidence in the reliability of safety critical software such as the NASA Space Shuttle Primary Avionics Software System (Shuttle flight software). This objective was achieved with our novel approach of integrating software safety criteria, risk analysis, reliability prediction, and a stopping rule for testing. This approach is applicable to other safety critical software. We encourage practitioners to apply this approach. Only the safety of the software in a safely critical system is covered. The hardware and human operator parts of such systems are not covered. Our concern is with reducing the risk of failures in the software, which could cause loss of life or mission, to an acceptable level. Thus, our use of the word safety refers to software safety and not to system safety. By improving the reliability of the software, where the reliability measurements and predictions are directly related to mission and crew safety, we contribute to system safety.
Remaining failures, total failures, test time required to attain a given fraction of remaining failures, and time to next failure are useful reliability measurements and predictions for: 1) providing confidence that the software has achieved safety goals; 2) rationalizing how long to test a piece of software; and 3) analyzing the risk of not achieving remaining failure and time to next failure goals. Having predictions of the extent that the software is not fault free (remainingfailures) and whether it is likely to survive a mission (time to next failure) provide criteria for assessing the risk of deploying the software. Furthermore, fractfon of remaining failures can be used as both an operational quality goal in predicting test time requirements and, conversely, as an indicator of operational qualify as a function of test time expended.
Software reliability models provide one of several tools that software reliability managers of the Shuttle flight software are using to provide confidence that the software meets required safety goals. Other tools are inspections, software reviews, testing, change control boards, and perhaps most important — experience and judgement.
Preview
Unable to display preview. Download preview PDF.
References
Recommended Practice for Software Reliability, R-013-1992, American National Standards Institute/American Institute of Aeronautics and Astronautics, 370 L'Enfant Promenade, SW, Washington, DC 20024,1993.
C. Billings, et al, “Journey to a Mature Software Process”, IBM Systems Journal Vol. 33, No. 1, 1994, pp. 46–61.
Siddhartha R. Dalal and Allen A. McIntosh, “When to Stop Testing for Large Software Systems with Changing Code”, IEEE Transactions on Software Engineering, Vol. 20, No. 4, April 1994, pp. 318–323.
Siddhartha R. Dalal and Allen A. McIntosh, “Some Graphical Aids for Deciding When to Stop Testing”, IEEE Journal on Selected Areas in Communications, Vol. 8, No.2, February 1990, pp. 169–175.
William H. Farr and Oliver D. Smith, Statistical Modeling and Estimation of Reliability Functions for Software (SMERFS) Users Guide, NAVSWC TR-84-373, Revision 3, Naval Surface Weapons Center, Revised September 1993.
Willa Ehrlich, et al, “Determining the Cost of a Stop-Test Decision”, IEEE Software, March 1993, pp. 33–42.
IEEE Standard Glossary of Software Engineering Terminology, IEEE Std 610.12.1990.
Ted Keller, Norman F. Schneidewind, and Patti A. Thornton “Predictions for Increasing Confidence in the Reliability of the Space Shuttle Flight Software”, Proceedings of the AIAA Computing in Aerospace 10, San Antonio, TX, March 28, 1995, pp. 1–8.
Nancy G. Leveson, “Software Safety: What, Why, and How”, ACM Computing Surveys, Vol. 18, No. 2, June 1986, pp. 125–163.
John D. Musa and A. Frank Ackerman, “Quantifying Software Validation: When to Stop Testing?”, IEEE Software, Vol. 6, No. 3, May 1989, pp. 19–27.
John D. Musa, et al, Software Reliability: Measurement, Prediction, Application, McGraw-Hill, New York, 1987.
Norman F. Schneidewind, “Software Reliability Model with Optimal Selection of Failure Data”, IEEE Transactions on Software Engineering, Vol. 19, No. 11, November 1993, pp. 1095–1104.
Norman F. Schneidewind and T. W. Keller, “Application of Reliability Models to the Space Shuttle”, IEEE Software, Vol. 9, No, 4, July 1992 pp. 28–33.
Norman F. Schneidewind, “Analysis of Error Processes in Computer Software”, Proceedings of the International Conference on Reliable Software, IEEE Computer Society, 21–23 April 1975, pp. 337–346.
Nozer D. Singpurwalla, “Determining an Optimal Time Interval for Testing and Debugging Software”, IEEE Transactions on Software Engineering, Vol. 17, No. 4, April 1991, pp. 313–319.
Jeffrey M. Voas and Keith W. Miller, “Software Testability: The New Verification”, IEEE Software, Vol. 12, No. 3, May 1995, pp. 17–28.
Elaine J. Weyuker, “Using the Consequences of Failures for Testing and Reliability Assessment”, Proceedings of the Third ACM SIGSOFT Symposium on the Foundations of Software Engineering, Washington, D.C., October 10–13, 1995, pp. 81–91.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1996 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Schneidewind, N.F. (1996). Reliability modeling for safety critical software. In: Strohmeier, A. (eds) Reliable Software Technologies — Ada-Europe '96. Ada-Europe 1996. Lecture Notes in Computer Science, vol 1088. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0013476
Download citation
DOI: https://doi.org/10.1007/BFb0013476
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-61317-6
Online ISBN: 978-3-540-68457-2
eBook Packages: Springer Book Archive