By Topic

A top-down approach to high-consequence fault analysis for software systems

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Fronczak, E. ; Sandia Nat. Labs., Albuquerque, NM, USA

Summary form only given, as follows. Even if software code is fault-free, hardware failures can alter values in memory, possibly where the code itself is stored, causing a computer system to reach an unacceptable state. Microprocessor systems are used to perform many safety and security functions where a design goal is to eliminate single-point failures such as these. One design approach is to use multiple processors, compare the outputs, and assume a failure has occurred if the outputs don't agree. In systems where the design is constrained to a single processor, however, analytical methods are needed to identify potential single-point failures at the bit level so that an effective fault-tolerant strategy can be employed. This paper describes a top-down methodology, based upon fault tree analysis, that has been used to identify potential high-consequence faults in microprocessor-based systems. The key to making the fault tree analysis tractable is to effectively incorporate appropriate design features such as software path control and checksums so that complicated branches of the fault tree can be terminated early. The analysis uses simplified software flow diagrams depicting relevant code elements. Pertinent sections of machine language are then examined to identify suspect hardware. A comparison of this methodology with approaches based upon failure modes and effects analysis (FMEA) is made. The methodology is demonstrated through a simple example. Use of fault trees to show that software code is free of safety or security faults is also demonstrated

Published in:

Software Reliability Engineering, 1997. Proceedings., The Eighth International Symposium on

Date of Conference:

2-5 Nov1997