Content updates needed on this page:

Update tabs as necessary

This page contains the cross-references between elements of SWE-134 and the Software Design Principles.

1. Software Design Principles and Software Safety

NASA software safety requirements are documented in NPR 7150.2 , and elaborated in the Software Assurance and Software Safety Standard, NASA-STD-8739.8A .

Design features are a small but important part of an overall software safety implementation. The driving requirement in this area is NPR 7150.2C, requirement SWE-134 - Safety-Critical Software Design Requirements. The design principles that support specific provisions of SWE-134 are shown in the table below. A verified application of the NASA software design principles can help form the basis for demonstrating compliance with SWE-134.

SWE-134 Sub-requirement	Applicable Design Principle
a. The software is initialized, at first start and restarts, to a known safe state.	9.10 Initialization - Safe Mode
b. The software safely transitions between all predefined known states.	9.15 Safe Transitions
c. Termination performed by the software functions is performed to a known safe state.	9.10 Initialization - Safe Mode 9.07 Fault Detection and Response
d. Operator overrides of software functions require at least two independent actions by an operator.	9.05 Data Interface Integrity
e. The software rejects commands received out of sequence when the execution of those commands out of sequence can cause a hazard.	9.05 Data Interface Integrity
f. The software detects inadvertent memory modification and recovers to a known safe state.	9.09 Incorrect Memory Use or Access 9.07 Fault Detection and Response
g. The software performs integrity checks on inputs and outputs to/from the software system.	9.05 Data Interface Integrity 9.11 Invalid Data Handling
h. The software performs prerequisite checks prior to the execution of safety-critical software commands.	9.05 Data Interface Integrity 9.11 Invalid Data Handling
i. No single software event or action is allowed to initiate an identified hazard.	9.05 Data Interface Integrity
j. The software responds to an off-nominal condition within the time needed to prevent a hazardous event.	9.07 Fault Detection and Response
k. The software provides error handling.	9.07 Fault Detection and Response
l. The software can place the system into a safe state.	9.07 Fault Detection and Response

1.1 Additional Guidance

Links to Additional Guidance materials for this subject have been compiled in the Relevant Links table. Click here to see the in the Resources tab.

2. Resources

2.1 References

Enter necessary modifications to be made in the table below:

SWEREFs to be added	SWEREFS to be deleted

SWEREFs called out in text: 083, 278

SWEREFs NOT called out in text but listed as germane: NONE

Refstable Topic

2.2 Additional Guidance

Additional guidance related to this requirement may be found in the following materials in this Handbook:

Related Links

2.3 Center Process Asset Libraries

See the following link(s) in SPAN for process assets from contributing Centers (NASA Only).

SPAN Links

2.4 Related Activities

This Topic is related to the following Life Cycle Activities:

Related Links