The title of this page has been changed. If you are using a bookmark to get here, please updated it.
You should be redirected to https://swehb.nasa.gov/display/SWEHBVD/9.02+Software+Safety+and+Design+Principles. If you do not get there in 2 seconds, click the link to go there.
See edit history of this section
Post feedback on this section
1. Software Design Principles and Software Safety
NASA software safety requirements are documented in NPR 7150.2 083, and elaborated in the Software Assurance and Software Safety Standard, NASA-STD-8739.8A 278 .
Design features are a small but important part of an overall software safety implementation. The driving requirement in this area is NPR 7150.2C, requirement SWE-134 - Safety-Critical Software Design Requirements. The design principles that support specific provisions of SWE-134 are shown in the table below. A verified application of the NASA software design principles can help form the basis for demonstrating compliance with SWE-134.
SWE-134 Sub-requirement | Applicable Design Principle |
---|---|
a. The software is initialized, at first start and restarts, to a known safe state. | |
b. The software safely transitions between all predefined known states. | |
c. Termination performed by the software functions is performed to a known safe state. | |
d. Operator overrides of software functions require at least two independent actions by an operator. | |
e. The software rejects commands received out of sequence when the execution of those commands out of sequence can cause a hazard. | |
f. The software detects inadvertent memory modification and recovers to a known safe state. | 9.09 Incorrect Memory Use or Access |
g. The software performs integrity checks on inputs and outputs to/from the software system. | |
h. The software performs prerequisite checks prior to the execution of safety-critical software commands. | |
i. No single software event or action is allowed to initiate an identified hazard. | |
j. The software responds to an off-nominal condition within the time needed to prevent a hazardous event. | |
k. The software provides error handling. | |
l. The software can place the system into a safe state. |
1.1 Additional Guidance
Links to Additional Guidance materials for this subject have been compiled in the Relevant Links table. Click here to see the Additional Guidance in the Resources tab.
2. Resources
2.1 References
- (SWEREF-083) NPR 7150.2D, Effective Date: March 08, 2022, Expiration Date: March 08, 2027 https://nodis3.gsfc.nasa.gov/displayDir.cfm?t=NPR&c=7150&s=2D Contains link to full text copy in PDF format. Search for "SWEREF-083" for links to old NPR7150.2 copies.
- (SWEREF-278) NASA-STD-8739.8B , NASA TECHNICAL STANDARD, Approved 2022-09-08 Superseding "NASA-STD-8739.8A,
2.2 Additional Guidance
Additional guidance related to this requirement may be found in the following materials in this Handbook:
Related Links |
---|
2.3 Center Process Asset Libraries
SPAN - Software Processes Across NASA
SPAN contains links to Center managed Process Asset Libraries. Consult these Process Asset Libraries (PALs) for Center-specific guidance including processes, forms, checklists, training, and templates related to Software Development. See SPAN in the Software Engineering Community of NEN. Available to NASA only. https://nen.nasa.gov/web/software/wiki 197
See the following link(s) in SPAN for process assets from contributing Centers (NASA Only).
SPAN Links |
---|