SW 시스템 장애와 입증책임의 완화-선위험영역설을 중심으로-

Large and complex avionics software has emerged as a new source of safety hazards in practice. It is impractical to exhaustively test large and complex avionics software. Nor is it practical to formally verify them because the complexity of verifying temporal logic specification is exponential. This position paper argues for a complexity control approach at the architecture level and integrates it with formal methods to verify the reduced complexity critical core and the reduced complexity interactions with the rest of the system. FAA database indicates that commercial avionics have achieved a very good accident rate when measured in accidents per flight hour. This rate has been fairly stable over the past 10 years. However there are two complimentary trends that might require significant changes. There is a huge increase in the number of airplane hours flown. Many of the previous electro-mechanical systems are being incorporated into software, and the existing functions are being asked to perform more functions. This exponential increase in the amount of software is taxing the existing ability to provide dependability assurances. Safety critical software is required to be certified by DO-178B. Historically, this certification process has been highly effective from the viewpoint that there is yet a fatal accident to be attributed to software failures. However, as the complexity of modern avionics software increases1, the effectiveness of DO-178B has been challenged. In manned flights, the actions taken by the software, e.g., the auto-pilot, are supervised by the pilot. As software takes on more responsibility, the supervision becomes more difficult, and pilots are less able to compensate for unexpected software behavior. For example, as reported by Wall Street Journal in May 30, 2006, “As a Malaysia Airlines jetliner cruised from Perth, Australia, to Kuala Lumpur, Malaysia, it suddenly took on a mind of its own and zoomed 3,000 feet upward. The captain disconnected the autopilot and pointed the Boeing 777’s nose down to avoid stalling, but was jerked into a steep dive. He throttled back sharply on both engines, trying to slow the plane. Instead, the jet raced into another climb. The crew eventually regained control and manually flew their 177 passengers safely back to Australia. Investigators quickly discovered the reason for the plane's roller-coaster ride 38,000 feet above the Indian Ocean. A defective software program had provided incorrect data about the aircraft's speed and acceleration, confusing flight computers. The computers had also failed, at first, to respond to the pilot's commands.” Such incidents, while still rare, are clearly safety hazards. The FAA’s emergency airworthiness directive (AD 2005-18-51) regarding this safety incident, notes, “These anomalies could result in high pilot workload, deviation from the intended flight path, and possible loss of control of the airplane.” As another example, during the development of the air Traffic Alert/Collision In this Paper, reduction to consumers’ the burden of proof and errors in the field of Product Liability is studied for the purpose of protecting from taking advantage of the fact that consumers are not familiar with relevant civil procedure and Insurance laws.