1998 From: CSIRO Australia
Aircraft Safety Gets A BoostNew ways to make software for aircraft mission computers safer have been announced by Australia's Defence Science and Technology Organisation (DSTO) and CSIRO. Defence and aircraft safety specialists say the new system provides a scientifically rigorous alternative to trial and error testing methods normally used. "The failure rates of software on most of our desktop computers may be as high as one per thousand hours. If an office computer crashes, it may not cause too much of a problem except frustration," Mr Neale Fulton of CSIRO Mathematical and Information Sciences (CMIS) says. "But for aircraft safety-critical software, such as the flight controls, the probabilities of failure need to be tiny - of the order of 1 in 10 million per mission. Higher than this and lives may well be at risk," Mr Fulton says. The new techniques have attracted the interest of the RAAF, who are presently looking at upgrading the mission control computers of F/A-18s. An F/A-18, depending on configuration, may have 25 computers on board. Since Australia's F/A-18s were bought in 1981, technology has advanced rapidly and the RAAF wanted to consider upgrades of the systems and software. The trick was how to do this so that changing software of one of the computers doesn't affect the others and therefore potentially risk pilot safety or loss of an aircraft. The software that runs on F/A-18s controls such things as flight control functions, navigation and communications. Timing of different operations is, for some functions, less than a thousandth of a second and things need to happen in the right order. It is actually impossible to test software long enough to see if it meets such a tight specification. "It may take 1000 years of testing for a problem to show up. Up until now, the answer has been to use simulations and extrapolate them but there have been questions about the reliability of this approach for computer-based software," Mr Fulton says. The new methods developed by Dr Brendan Mahony of DSTO's Information Technology Division and Dr Jin Song Dong of CMIS can test mathematically if a particular software design is correct. This can help designers who are upgrading aircraft systems be more confident that they aren't introducing a change in the software that makes it less reliable. Therefore the level of design assurance for airworthiness certification can be raised. The methods developed by Dr Mahony and Dr Dong belong to what is known as "software formal methods," which rely on mathematical equations and logic, rather than trial and error, to prove whether a design is good or not. "Formal methods are a big step forward for assuring safety-critical software," says Mr Fulton. "They could make a huge difference in assuring the safety of software used to control other systems such as process control systems, medical equipment, and so on." The new methods have been well-received in international scientific forums. Research groups in Japan and at NASA in the US have expressed interest in the methods. Traditionally, formal methods have been too expensive to apply on all but the major projects. The next challenge is to incorporate these methods into software design tools that can be used by a wider range of software professionals targeting shorter schedule and smaller software projects. The research was part of a CSIRO/DSTO Research Fellowship that finished last week. The strategic direction of the research was set and co-ordinated by Mr Fulton.
|