论文信息 - A 'Crystal Ball' for Software Liability

A 'Crystal Ball' for Software Liability

Software developers are living in a liability grace period, but it won't last. To adequately insure themselves against potential liability, developers need tools to identify worst-case scenarios and help them quantify the risks associated with a piece of software. For assessing such risks associated with software, the authors recommend fault injection, which provides worst-case predictions about how badly a piece of code might behave and how frequently it might behave that way. By contrast, software testing states how good software is. But even correct code can have "bad days", when external influences keep it from working as desired. Fault injection is arguably the next best thing to having a crystal ball, and it certainly beats facing the future with no predictions at all. It should be a regular part of risk assessment. The greatest benefit from fault injection occurs when a piece of software does not tolerate injected anomalies. False optimism gives way to the only honest claim-that the software presents risks.

[1] Richard J. Lipton,et al. Hints on Test Data Selection: Help for the Practicing Programmer , 1978, Computer.

[2] Jean Arlat,et al. Fault Injection for Dependability Validation: A Methodology and Some Applications , 1990, IEEE Trans. Software Eng..

[3] A. Jefferson Offutt,et al. Constraint-Based Automatic Test Data Generation , 1991, IEEE Trans. Software Eng..

[4] Jeffrey M. Voas,et al. PIE: A Dynamic Failure-Based Technique , 1992, IEEE Trans. Software Eng..

[5] John H. Rowland,et al. An Empirical Study of Testing and Integration Strategies Using Artificial Software Systems , 1993, IEEE Trans. Software Eng..

[6] Jeffrey M. Voas,et al. Predicting software's minimum-time-to-hazard and mean-time-to-hazard for rare input events , 1995, Proceedings of Sixth International Symposium on Software Reliability Engineering. ISSRE'95.

[7] Dhiraj K. Pradhan,et al. Fault Injection: A Method for Validating Computer-System Dependability , 1995, Computer.

[8] Pascale Thévenod-Fosse,et al. Software error analysis: a real case study involving real faults and mutations , 1996, ISSTA '96.

[9] L. Beltracchi,et al. Error propagation analysis studies in a nuclear research code , 1998, 1998 IEEE Aerospace Conference Proceedings (Cat. No.98TH8339).