High intgrity software includes that in aircraft flight control, nuclear reactor safety systems, and portions of the ground based air traffic control. One of the best known specifications for such software establishes a maximum tolerable failure rates for the most severe modes of 10-10/flight-hr. [ FAA88]. Demonstration of the attainment of such low failure rates is not possible by the established methods of software reliability estimation, e..g, [MUSA87]. Indeed, a larg
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.