Enhancing software safety by fault trees: Experiences from an application to flight critical SW

Abstract

The fault tree analysis is a well established method in system safety and reliability assessment. We transferred the principles of this technique to an assembler code analysis, regarding any incorrect output of the software as the undesircd top-level event. Starting from the instructions providing the outputs and tracing back to all instructions contributing to these outputs a hierarchical system of references is generated that may graphically be represented as a fault tree. To cope with the large number of relations in the code, a tool suite has been developed, which automatically creates these references and checks for unfulfilled preconditions of instructions. The tool was applied to the operational software of an inertial measurement unit, which provides safety critical signals for artificial stabilization of an aircraft. The method and its implementation as a software tool is presented and the benefits, surprising results, and limitations we have experienced are discussed. © Springer-Verlag Berlin Heidelberg 2003.