This paper describes the application of the Test Automation Framework (TAF) on the Mars Polar Lander (MPL) software. The premature shutdown of the descent engine on the MPL spacecraft is believed to be the most likely cause for the mission failure. It is believed that the engine shutdown occurred when the three landing legs were extended into their deployed position. This event created an unanticipated transient touchdown indication from the legs, causing the software to inadvertently shutdown the descent engines prior to reaching the surface of Mars. This spurious indication should have been ignored by the Touchdown Monitor (TDM) software, but due to a design flaw, was actually "latched," thus causing the premature engine shutdown. The TAF approach was used to model the TDM software requirements. The associated TAF tools generated tests that identified a potential TDM fault.
The paper discusses how organizations use specific model-based tools and evolved their existing engineering processes to develop and test large-scale critical applications. It discusses challenges and best practices observed from the use of model-based testing tools, and reflects on tool requirements that are essential for organizational adoption, including support for requirement-to-test traceability from requirement management tools, through requirement and design modeling, modelbased test generation, to automated test execution and analysis using model-based testing tools that have qualification evidence to support use on safety-critical applications.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.