Go to ...[Main Page] [Speeches] [Documents] [What's new] [Feedback]

Risk and Reliability Analysis for Safety Critical Software

by Dr. Norman F. Schneidewind


Email: schneidewind@nps.navy.mil

Abstract: It is feasible to predict the software reliability and increase management's confidence in the reliability of safety critical software such as the NASA Space Shuttle Primary Avionics Software System (Shuttle flight software). These objective were achieved with our novel approach of integrating software safety criteria, risk analysis, reliability prediction, and a stopping rule for testing. This approach is applicable to other safety critical software. We encourage practitioners to apply this approach.

Only the safety of the software in a safety critical system is covered. Our concern is with reducing the risk of failures in the software, which could cause loss of life or mission, to an acceptable level. Thus, our use of the word safety refers to software safety and not to system safety. By improving the reliability of the software, where the reliability measurements and predictions are directly related to mission and crew safety, we contribute to system safety.

Remaining failures, total failures, test time required to attain a given fraction of remaining failures, and time to next failure are useful reliability measurements and predictions for: 1. providing confidence that the software has achieved safety goals; 2. rationalizing how long to test a piece of software; and 3. analyzing the risk of not achieving remaining failure and time to next failure goals. Having predictions of the extent that the software is not fault free (remaining failures) and whether it is likely to survive a mission (time to next failure) provide criteria for assessing the risk of deploying the software. Furthermore, fraction of remaining failures can be used as both an operational quality goal in predicting test time requirements and, conversely, as an indicator of operational quality as a function of test time expended.

Software reliability models provide one of several tools that software reliability managers of the Shuttle flight software are using to provide confidence that the software meets required safety goals. Other tools are inspections, software reviews, testing, change control boards, and perhaps most important -- experience and judgement.

Biography: Dr. Norman F. Schneidewind is professor of information sciences and director of the Software Metrics Research Center at the Naval Postgraduate School. He is the developer of the Schneidewind software reliability model which is used to assist in the prediction of software reliability of the NASA Space Shuttle. This model is one of the models recommended by the American Institute of Aeronautics and Astronautics and the American National Standards Institute "Recommended Practice for Software Reliability". Dr. Schneidewind is a Fellow of the IEEE, elected for "contributions to software measurement models in reliability and metrics, and for leadership in advancing the field of software maintenance".