Reliability modeling for safety-critical software

Software reliability predictions can increase trust in the reliability of safety critical software such as the NASA Space Shuttle Primary Avionics Software System (Shuttle flight software). This objective was achieved using a novel approach to integrate software-safety criteria, risk analysis, reliability prediction, and stopping rules for testing. This approach applies to other safety-critical software. We cover only the safety of the software in a safety-critical system. The hardware and human-operator components of such systems are not explicitly modeled nor are the hardware and operator-induced software failures. The concern is with reducing the risk of all failures attributed to software. Thus, safety refers to software-safety and not to system-safety. By improving the software reliability, where the reliability measurements & predictions are directly related to mission & crew safety, we contribute to system safety. Remaining failures (RF), maximum failures, total test time (TTT) required to attain a given fraction of RF and time to next failure (TTNF) are shown to be useful reliability measures & predictions for: providing assurance that the software has achieved safety goals; rationalizing how long to test a piece of software; analyzing the risk of not achieving RF & TTNF goals. Having predictions of the extent that the software is not fault free (RF) and whether it is likely to survive a mission (TTNF) provide criteria for assessing the risk of deploying the software. Furthermore, 'fraction of RF' can be used as both an operational-quality goal in predicting TTT requirements and, conversely, as an indicator of operational-quality as a function of TTT expended. Software reliability models provide one of several tools that software managers of the Shuttle flight software are using to assure that the software meets required safety goals. Other tools are inspections, software reviews, testing, change control boards, and perhaps most important - experience & judgement.