By Topic

Toward dependable safety-critical software

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Bastani, F. ; Dept. of Comput. Sci., Houston Univ., TX, USA ; Cukic, Bojan ; Hilford, V. ; Jamoussi, A.

The failure of safety critical systems can result in catastrophic loss of life and property. Hence, it is necessary to assure the reliability of these systems to a high degree of confidence before they are put into operational use. However, at these extreme levels of ultra high reliability requirements, errors in the specification and in estimates of the operational profile become significant factors. An approach that has been suggested is to use secondary and tertiary software that meet ultra high reliability requirements but at a reduced functionality as compared with the primary software. Two major problems are: how to select appropriate functionality for the non primary versions; and how to determine when to invoke these backup versions. We present a unified approach for handling these two problems. It starts with a rigorous method for assessing ultra high reliability requirements and then develops mechanisms for incorporating one of more backup versions. The reliability assessment procedure uses formal methods to amplify the effect of each test case and results in the construction of a reliability MAP (Measured Assurance Prediction system) for the software. This provides a confidence estimate for the correctness of the software for a given operational situation and serves as a trigger for switching to a backup version. The main requirement is that the MAP for the backup version must be known to a higher degree of confidence than that for the original version. The approach is illustrated using a simple process control example

Published in:

Object-Oriented Real-Time Dependable Systems,1996. Proceedings of WORDS '96., Second Workshop on

Date of Conference:

1-2 Feb 1996