The National Academies Press

Currently Skimming:

Case Study: NASA Space Shuttle Flight Control Software
Pages 9-12

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 9... ... Throughout the program, the prevailing management philosophy has been that quality must be built into software by using software reliability engineering methodologies. These methodologies are necessarily dependent on the ability to manage, control, measure, and analyze the software using descriptive data collected specifically for tracking and statistical analysis. Read the entire page →
From page 10... ... However, the requirements of the flight missions evolved to include increased operational capability and maintenance flexibility. Among the shuttle program enhancements that changed the flight control system requirements were changes in payload manifest capabilities and main engine control design, crew enhancements, addition of an experimental autopilot for orbiting, system improvements, abort enhancements, provisions for extended landing sites, and hardware platform changes. Read the entire page →
From page 11... ... In addition, the CM system includes data detailing scenarios for possible failures and the probability of their occurrence, user response procedures, the severity of the failures, the explicit software version and specific lines of code involved, the reasons for no previous detection, how long the fault had existed, and the repair or resolution. Although these data seem abundant, it is important to acknowledge their time dependence, because the software system they describe is subject to constant ``churn.7' Over the years, the CM system for the space shuttle program has evolved into a common, minimum set of data that must be retained regarding every fault that is recognized anywhere in the life cycle, including faults found by inspections before software is actually built. Read the entire page →
From page 12... ... Safely Certification The dependability of safety-critical software cannot be based merely on testing the software, counting and repairing the faults, and conducting "live tests" on shuttle missions. Testing of software for many, many years, much longer than its life cycle, would be required in order to demonstrate software failure probability levels of 10-7 or 10-9 per operational hour. Read the entire page →

From page 9...

... Throughout the program, the prevailing management philosophy has been that quality must be built into software by using software reliability engineering methodologies. These methodologies are necessarily dependent on the ability to manage, control, measure, and analyze the software using descriptive data collected specifically for tracking and statistical analysis.

Read the entire page →

From page 10...

... However, the requirements of the flight missions evolved to include increased operational capability and maintenance flexibility. Among the shuttle program enhancements that changed the flight control system requirements were changes in payload manifest capabilities and main engine control design, crew enhancements, addition of an experimental autopilot for orbiting, system improvements, abort enhancements, provisions for extended landing sites, and hardware platform changes.

Read the entire page →

From page 11...

... In addition, the CM system includes data detailing scenarios for possible failures and the probability of their occurrence, user response procedures, the severity of the failures, the explicit software version and specific lines of code involved, the reasons for no previous detection, how long the fault had existed, and the repair or resolution. Although these data seem abundant, it is important to acknowledge their time dependence, because the software system they describe is subject to constant ``churn.7' Over the years, the CM system for the space shuttle program has evolved into a common, minimum set of data that must be retained regarding every fault that is recognized anywhere in the life cycle, including faults found by inspections before software is actually built.

Read the entire page →

From page 12...

... Safely Certification The dependability of safety-critical software cannot be based merely on testing the software, counting and repairing the faults, and conducting "live tests" on shuttle missions. Testing of software for many, many years, much longer than its life cycle, would be required in order to demonstrate software failure probability levels of 10-7 or 10-9 per operational hour.

Read the entire page →

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.

Case Study: NASA Space Shuttle Flight Control Software Pages 9-12

Case Study: NASA Space Shuttle Flight Control Software
Pages 9-12