Mission Critical Software - Can we afford Defects?

Safety critical software has very low failure rates. It operates the controllers in medical, aerospace, nuclear, railways and the automotive domain. Achieving this low rate failure of only once in 100,000 years is not an easy task. Industry measures indicate that the average loss rate in commercial aircrafts is about 1.4 per million departures. There are about 5 deaths and 300 injuries per annum in the UK attributable to software in vehicles. All these add up to about 0.25 x 10^-6 failures per hour of operation. How does one ensure 1x10^-9 failures in one hour of operation?

A look at some of the mistakes found in the software testing of fighter and commercial aircrafts indicate that the same mistakes are repeated time and again in different programs. What can we learn from them? How did the tester find these errors? What sort of testing was used?

Standards are used in the industry to develop these software “that should not fail”. What are the parallels between CMM, DO178B (Aerospace), IEC 62304 (Medical) and ISO 26262. Do they talk about the same things?

Model based test is the mantra these days. Many tools are available today in the markets which try to provide a single source solution to all testing problems. How good are these tools? What is the relation between the Model coverage and code coverage? What is requirement coverage in Model based testing?

This tutorial takes the participants into the world of safety critical testing. Starting with an introduction into the various applications of safety critical software, it takes, one through the

    • Accidents that have happened in the recent past
    • The standards that are used in software development and the parallels between the various standards
    • Taking an example of the aerospace industry it brings out the errors found during the Indian Light combat aircraft, Indian SARAS, Boeing, Gulfstream and Airbus test activities.
    • A set of excel files are provided as a take away which can help the participants to explore safety critical testing on their desktops. How do I find errors in the filters, logical blocks and mathematical algorithms?
    • How can one test this software? We explore random and orthogonal array test methods.
    • It provides tips along the way which will help the participants watch out for similar situation and make them well prepared to test high reliability software.

Speaker's Profile

Yoganand Jeppu

Yogananda Jeppu,
Senior Systems Specialist,
Moog India Technology Center


Yogananda Jeppu has 25 years of experience in testing of safety critical software in the aerospace domain. His recent publication is “Flight Control Software: Mistakes Made and Lessons Learned” to appear in the IEEE Software special issue on safety critical software. He is a post graduate in missile control and guidance and is pursuing his PhD in Software reliability applied to Model based testing at IIT Bombay.

He has qualified the Simulink blocks for DO178B certification and developed an Autoreview tool to review test cases. This tool is being qualified per DO178B for use on the Boeing projects.