Software FMEA techniques

Assessing the safety characteristics of software driven safety critical systems is problematic. Methods to allow assessment of the behavior of processing systems have appeared in the literature, but provide incomplete system safety evaluation. Assessing the safety characteristics of small embedded processing platforms performing control functions has been particularly difficult. The use of fault tolerant, diverse, processing platforms has been one approach taken to compensate for the lack of assurance of safe operation of single embedded processing platforms. This approach raises cost and, in at least some cases where a safe state can be demonstrated, is unnecessary. Over the past decade, the author has performed software FMEA on embedded automotive platforms for brakes, throttle, and steering with promising results. Use of software FMEA at a system and a detailed level has allowed visibility of software and hardware architectural approaches which assure safety of operation while minimizing the cost of safety critical embedded processor designs. Software FMEA has been referred to in the technical literature for more than fifteen years. Additionally, software FMEA has been recommended for evaluating critical systems in some standards, notably draft IEC 61508. Software FMEA is also provided for in the current drafts of SAE ARP 5580. However, techniques for applying software FMEA to systems during their design have been largely missing from the literature. Software FMEA has been applied to the assessment of safety critical real-time control systems embedded in military and automotive products over the last decade. The paper is a follow on to and provides significant expansion to the software FMEA techniques originally described in the 1993 RAMS paper "Validating The Safety Of Real-Time Control Systems Using FMEA".