This paper proposes a principle for the tolerance of software design faults in a Flight Control System. The system is considered on two levels: (i) the entire system in which N-copy programming is applied, and (ii) the individual Guidance and Navigation Computer (GNC), which is a self-checking component. The performances of data diversity (N-copy programming) and the traditional design without diversity (multiple computation) were compared in an experiment using fault injection with a method based on mutation testing. The best performances for N-copy programming and multiple computation were 95.5% and 66.6% correct results, respectively. However, the reliability improvement introduced by the N-copy programming is application-specific. The N-copy programming alone is not likely to fulfil the safety requirements and therefore each GNC of the Flight control System is regarded as a self-checking component. A pessimistic and an optimistic analytical estimation of the enhancement introduced to each GNC by the self-checking component showed that the MTTF (Mean Time To Failure) increased by two times and nine times, respectively.
- Data diversity
- Markov modelling
- Simulation based fault injection
- Software design faults
ASJC Scopus subject areas