On requirements for software fault tolerance for flight controls

The need for the application of software fault tolerance techniques in digital flight control systems is argued to follow from the requirements derivable from the safety constraints of such systems, requirements which can be stated in terms of minimum acceptable system reliability levels and, moreover, stated quantitatively. It is argued further that, while fault tolerance appears to be a viable mechanism in general, individual fault tolerance schemes need to be analyzed to ensure that they are adequate to the task and being properly utilized, that such analysis is essentially an exercise in software 'reliability' estimation involving software characteristics not currently included in software 'reliability' modeling (most especially, the degree of correlation of malfunctions among redundant, dissimilar software modules), and that, consequently, further research and studies in the characterization of software behavior and malfunctions is required.