Software safety: a user´s practical perspective

Software safety assurance philosophy and practices at the NASA Ames Research center are discussed. It is shown that, to be safe, software must, for all practical purposes, be error-free. Case histories cover software developments on two digital flight control systems and two ground facility systems. For each case history, the overall system and software organization and function are described and the software-safety issues and their resolution are presented. The effectiveness of safety assurance methods is discussed. Methods include conventional life-cycle practices, verification and validation testing, software safety analysis, and formal design methods for realizing safe software. Three conclusions are drawn: a practical technology for assuring that software is safe does not yet exist, it is unlikely that a set of general-purpose analytical techniques can be developed for proving that software is safe, and successful software safety-assurance practices will have to take into account the detailed design processes employed in the software development and show that the software will execute correctly under all possible conditions