Safety-critical software testing in airborne systems : the modified condition/decision coverage criterion
Author(s)Dupuy, Arnaud (Arnaud Guillaume), 1973-
Nancy G. Leveson.
MetadataShow full item record
In order to be certified by the FAA, airborne software must comply with the D0-178B standard. For the unit testing of safety-critical software, this standard requires the testing process to meet a strong source code structure coverage criterion, referred to as Modified Condition/Decision Coverage criterion. This part of the standard is controversial in the aviation community, in particular because the coverage criterion is apparently not related to the safety of the software. In this thesis, we follow the letter of the D0-1788 standard to perform the unit testing of the Attitude Control Sy stem of the HETE-2 satellite. This allowed us to gain some insights on the D0- 1788 testing procedure, and to prove that in the case of the considered software, this method was well adapted.
Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Aeronautics and Astronautics, 1999.Includes bibliographical references (p. 112-113).
DepartmentMassachusetts Institute of Technology. Department of Aeronautics and Astronautics
Massachusetts Institute of Technology
Aeronautics and Astronautics