Presentation is loading. Please wait.

Presentation is loading. Please wait.

California Institute of Technology Formalized Pilot Study of Safety- Critical Software Anomalies Dr. Robyn Lutz and Carmen Mikulski Software Assurance.

Published byWilfrid Morgan Modified over 8 years ago

Similar presentations

Presentation on theme: "California Institute of Technology Formalized Pilot Study of Safety- Critical Software Anomalies Dr. Robyn Lutz and Carmen Mikulski Software Assurance."— Presentation transcript:

1 California Institute of Technology Formalized Pilot Study of Safety- Critical Software Anomalies Dr. Robyn Lutz and Carmen Mikulski Software Assurance Group Jet Propulsion Laboratory California Institute of Technology NASA Code Q Software Program Center Initiative UPN 323-08; Kenneth McGill, Research Lead OSMA Software Assurance Symposium Sept 5-7, 2001

2 California Institute of Technology SAS’012 Topics Overview Preliminary Results –Quantitative analysis –Evolution of requirements –Visualization tools Work-in-progress Benefits

3 California Institute of Technology SAS’013 Overview: Goal To reduce the number of safety-critical software anomalies that occur during flight by providing a quantitative analysis of previous anomalies as a foundation for process improvement.

4 California Institute of Technology SAS’014 Overview: Approach Analyzed anomaly data using Orthogonal Defect Classification (ODC) method –Developed at IBM; widely used by industry –Quantitative approach –Used here to detect patterns in anomaly data Evaluated ODC using Formalized Pilot Study –R. Glass [’97] detailed rigorous process to get valid results –35 steps divided into 5 phases –Used here to evaluate ODC for NASA use

5 California Institute of Technology SAS’015 Overview: Status Year 2 of planned 3-year study Plan Design Conduct Evaluate Use Adapted ODC categories to operational spacecraft software at JPL: –Activity: what was taking place when anomaly occurred? –Trigger: what was the catalyst? –Target: what was fixed? –Type: what kind of fix was done?

6 California Institute of Technology SAS’016 Preliminary Results: Quantitative Analysis Analyzed 189 Incident/Surprise/Anomaly reports (ISAs) of highest criticality –7 spacecraft: Cassini, Deep Space 1, Galileo, Mars Climate Orbiter, Mars Global Surveyor, Mars Polar Lander, Stardust Institutional defect database  Access database of data of interest  Excel spreadsheet with ODC categories  Pivot tables with multiple views of data 1-D and 2-D frequency counts of Activity, Trigger, Target, Type, Trigger within Activity, Type within Target, etc.

7 California Institute of Technology SAS’017 Preliminary Results: Quantitative Analysis User-selectable representation of analysis results: tables, pie charts, bar graphs User-selectable sets of spacecraft for comparisons Provides rapid quantification of data Assists in detecting unexpected patterns, confirming expected patterns

8 California Institute of Technology SAS’018 Preliminary Results: Quantitative Analysis

9 California Institute of Technology SAS’019 Preliminary Results: Quantitative Analysis

10 California Institute of Technology SAS’0110 Preliminary Results: Quantitative Analysis

11 California Institute of Technology SAS’0111 Preliminary Results: Evolution of Safety-Critical Requirements Post-Launch Anomalies sometimes result in changes to software requirements –Looked at 86 critical ISAs from 3 spacecraft (MGS, DS-1, Cassini) –17 of 86 had Target (what was fixed) = Flight Software –8 of 17 changed code only; 1 was incorrect patch; 1 used contingency command –Focused on remaining 7 with new software requirements as a result of critical anomaly

12 California Institute of Technology SAS’0112 Preliminary Results: Evolution of Safety-Critical Requirements Post-Launch Found that requirements changes are not due to earlier requirement errors Instead, requirements changes are due to: –Need to handle rare event or scenario (4; software adds fault tolerance) –Need to compensate for hardware failure or limitations (3; software adds robustness)

13 California Institute of Technology SAS’0113 Preliminary Results: Evolution of Safety-Critical Requirements Post-Launch Confirms value of requirements completeness for fault tolerance Confirms value of contingency planning to speed change Contradicts assumption that “what breaks is what gets fixed” Suggests need for better requirements engineering for maintenance Results presented –IFIP WG 2.9 Workshop on Requirements Engineering, Feb, 2001; –5 th IEEE International Symposium on Requirements Engineering, Aug, 2001

14 California Institute of Technology SAS’0114 Preliminary Results: Evolution of Safety-Critical Requirements Post-Launch Launch Requirements Evolution Requirements Engineering Maintenance

15 California Institute of Technology SAS’0115 Preliminary Results: Web-based Visualization Tool Results of Peter Neubauer (ASU), Caltech/JPL Summer Undergraduate Research Fellow, 2001 Developed alternate visualizations of data results to support users’ analyses Web-based tool assists distributed users Sophisticated tool architecture builds on existing freeware Demo at QA Section Manager’s meeting (FAQ: Would this work for our project?) Demo to D. Potter’s JPL group developing next- generation Failure Anomaly Management System

16 California Institute of Technology SAS’0116 Preliminary Results: Web-based Visualization Tool Objective: Investigate and characterize the common causes of safety-critical, in-flight software anomalies on spacecraft. The work uses a defect-analysis technology called Orthogonal Defect Classification, developed at IBM. A rigorous pilot study approach using the Glass criteria is currently underway. Calibration Cmd seq test Data Access/ Delivery H/W Config. H/W Failure Inspection/ Review Normal Activity Recovery S/W Config. Special Procedure Start/Restart/ Shutdown Unknown --- Operations --- None/? --- Flight Software --- Ground Software --- Hardware --- Ground Resources --- Build Package “Trigger” – what was happening to cause defect to be noticed “Target” - what was changed to respond to defect Large number of defects seen during sending commands to / receiving data from spacecraft. Of these, many were responded to by changing operational procedures or software on the ground. For other defects, changes to flight software more prevalent 7 space missions: 189 defects classified; chart shows one of the 6 possible 2-way views into this information Discover and present useful information

17 California Institute of Technology SAS’0117 Work-in-progress Several patterns noted but not yet quantified –Ex: Procedures often implicated Profile by mission phase –Ex: Cruise, orbit insertion, entry, landing Better way to disseminate “mini-LL’s”? –Ex: Corrective action sometimes notes need for similar action on a future mission Incorporate standardized ODC classifications in next-generation database to support automation and visualization

18 California Institute of Technology SAS’0118 Benefits Data mining of historical and current databases of incidents / surprises / anomalies Uses metrics information to identify and focus on problem areas Provides a quantitative foundation for process improvement Equips us with a methodology to continue to learn as projects and processes evolve

Download ppt "California Institute of Technology Formalized Pilot Study of Safety- Critical Software Anomalies Dr. Robyn Lutz and Carmen Mikulski Software Assurance."

Similar presentations

Making the System Operational

Making the System Operational
Www.ischool.drexel.edu INFO 631 Prof. Glenn Booker Week 1 – Defect Analysis and Removal 1INFO631 Week 1.

INFO 631 Prof. Glenn Booker Week 1 – Defect Analysis and Removal 1INFO631 Week 1.
Electronic Measure and Test Unit 53 Task 4 (P4).  A plan that clearly details the tests that will be performed  What to test  How to test (step by.

Electronic Measure and Test Unit 53 Task 4 (P4).  A plan that clearly details the tests that will be performed  What to test  How to test (step by.
Software Quality Assurance Plan

Software Quality Assurance Plan
Chapter 4 Quality Assurance in Context

Chapter 4 Quality Assurance in Context
Software Development Methodologies Damian Gordon.

Software Development Methodologies Damian Gordon.
WPI CS534 Showcase Jeff Martin. * Computer Software on Deep Space 1 * Used to execute plans/mission objectives * Model based * Constraint based * Fault.

WPI CS534 Showcase Jeff Martin. * Computer Software on Deep Space 1 * Used to execute plans/mission objectives * Model based * Constraint based * Fault.
Software Quality Assurance (SQA). Recap SQA goal, attributes and metrics SQA plan Formal Technical Review (FTR) Statistical SQA – Six Sigma – Identifying.

Software Quality Assurance (SQA). Recap SQA goal, attributes and metrics SQA plan Formal Technical Review (FTR) Statistical SQA – Six Sigma – Identifying.
SE 450 Software Processes & Product Metrics Reliability: An Introduction.

SE 450 Software Processes & Product Metrics Reliability: An Introduction.
SE curriculum in CC2001 made by IEEE and ACM: Overview and Ideas for Our Work Katerina Zdravkova Institute of Informatics

SE curriculum in CC2001 made by IEEE and ACM: Overview and Ideas for Our Work Katerina Zdravkova Institute of Informatics
COMP8130 and 4130Adrian Marshall 8130 and 4130 Test Execution and Reporting Adrian Marshall.

COMP8130 and 4130Adrian Marshall 8130 and 4130 Test Execution and Reporting Adrian Marshall.
Presentation : Analyzing Software Requirements Errors in Safety-Critical Embedded Systems.

Presentation : Analyzing Software Requirements Errors in Safety-Critical Embedded Systems.
University of Southern California Center for Systems and Software Engineering ©USC-CSSE1 Ray Madachy, Barry Boehm USC Center for Systems and Software Engineering.

University of Southern California Center for Systems and Software Engineering ©USC-CSSE1 Ray Madachy, Barry Boehm USC Center for Systems and Software Engineering.
Presentation R. R. Lutz. Analyzing Software Requirements Errors in Safety-Critical Embedded Systems. In Proceedings of the IEEE International Symposium.

Presentation R. R. Lutz. Analyzing Software Requirements Errors in Safety-Critical Embedded Systems. In Proceedings of the IEEE International Symposium.
RIT Software Engineering

RIT Software Engineering
SIM5102 Software Evaluation

SIM5102 Software Evaluation
SE 450 Software Processes & Product Metrics 1 Defect Removal.

SE 450 Software Processes & Product Metrics 1 Defect Removal.
Ch7: Software Production Process. 1 Questions  What is the life cycle of a software product?  Why do we need software process models?  What are the.

Ch7: Software Production Process. 1 Questions  What is the life cycle of a software product?  Why do we need software process models?  What are the.
© USC-CSE Feb 6. 20011 Keun Lee ( & Sunita Chulani COQUALMO and Orthogonal Defect.

© USC-CSE Feb Keun Lee ( & Sunita Chulani COQUALMO and Orthogonal Defect.
Section 15-1GLAST Ground System Design Review August 18&19, 2004 ISOC Organization ISOC Manager R Cameron Commanding, H&S Timeline Planning Command Generation.

Section 15-1GLAST Ground System Design Review August 18&19, 2004 ISOC Organization ISOC Manager R Cameron Commanding, H&S Timeline Planning Command Generation.

Similar presentations

Ads by Google