Design for Trustworthy Software: Tools, Techniques, and Methodology of Developing Robust Software

Risk of failure in software products can be estimated by Failure Modes and Effects Analysis (FMEA) and potential failures eliminated by Software Failure Tree Analysis (SFTA). FMEA was developed by the Germans for the V1 rocket bomb program and later was applied more generally by the defense industry worldwide and more recently by the automotive industry. We find that a simplified version of FMEA is applicable to risk assessment in software development when applied as far upstream as possible during the design phase. SFTA allows the designer to anticipate potential software defects or bugs from the later stages of design documentation or pseudocode but before investment in coding and testing has begun. Grady's method is applied to tracing potential failures identified by SFTA back to their most likely source so that they can be eliminated by redesign. It is far less expensive to catch what may become bugs at this stage of development, essentially the first design review, than to catch them downstream in product testing, or worse, by the customer or end user. This chapter discusses the five most common categories of software failure modes and their elimination in design by FMEA and SFTA.

Chapter Outline

  • FMEA: Failure Modes and Effects Analysis

  • Upstream Application of FMEA

  • Software Failure Tree Analysis

  • Software Failure Modes and Their Sources

  • Risk Assignment and Evaluation at Each Stage of DFTS

  • Key Points

  • Additional Resources

  • Internet Exercises

  • Review Questions

  • Discussion Questions and Projects

  • Endnotes

Категории