Discovering Unanticipated Software Output Modes

Abstract

Software risk management is particularly important when the target environment of the software is a safety-critical system. Adequate development standards and methods for building software functionally that is “close to correct” exist. But unfortunately, we often fail to imagine particular classes of system hazards that the software's behavior could induce, because quite simply, we cannot foresee everything that could go wrong from the outset of a new project. And therefore we will fail to build in the needed software protection mechanisms against these hazards. This paper presents a software risk management technology that partially addresses this problem. Our technology is based on software fault injection's unique ability to warn about software-induced hazards that were inadvertently overlooked during the creation of the software requirements and system-level hazard analysis. Software-induced hazards occur as a result of software behaviors that are unknown.