Context and Software Safety Assessment

As the use of digital computers for instrumentation and control of safety-critical systems has increased, there has been a growing debate over the issue of whether probabilistic risk assessment techniques can be applied to digital systems. This debate has centered around the issue of whether software failures can be modeled probabilistically. This paper describes a contextbased approach to software safety assessment which explicitly recognizes the fact that software is deterministic, and the source of the perceived uncertainty in its behavior results from both the input to the software as well as the application and environment in which the software is operating. The approach is similar to one recently proposed for human reliability analysis which is based on the concept of an “error-forcing context.” Failures occur as the result of encountering some context for which the software was not properly designed, as opposed to the software simply failing “randomly.” The paper describes and illustrates a methodology which utilizes event trees, fault trees, and the Dynamic Flowgraph Methodology (DFM) to identify error-forcing contexts for software, and evaluate their probabilities based on the probabilities of the DFM fault tree prime implicants.