Latest from Embedded

ID 217230663 © Christian Offenberg - Dreamstime.com | electronica.de
promo_messe_munich__id_217230663__christian_offenb
Dreamstime_simongreig_17639917 and ATEK Access Technologies
dreamstime_simongreig_promo_17639917

SSI: Continued Assurance from Requirements to Code (.PDF Download)

Nov. 13, 2018
SSI: Continued Assurance from Requirements to Code (.PDF Download)

The development of systems, whether high-assurance or mission-critical, faces a perennial problem: We can envision and therefore want to build systems that are much more capable and complex than we can assure with traditional approaches. The result is predictable: System errors resulting in system failures that result in losses—sometimes including loss of life.

Many system errors can be traced to erroneous behavior of critical system software. Software, even more than systems, is prone to escape from the envelope of manageable complexity. Software has no physical extent, no physical weight, and no physical power demand per se. The pressures that constrain the features we want to add to systems don’t constrain software. If we can imagine a feature, we can add the feature to software. The result is again predictable: Software that’s far too complex to assure; that fails; and that causes system failure.

Going Formal?

Software assurance has traditionally been gathered through extensive testing. Unfortunately, testing isn’t exhaustive and thus can only reveal the presence—not absence—of errors. But we can do better than just testing. At the system level, we apply analysis as well as testing. For example, when designing an aircraft, aerospace engineers conduct extensive aerodynamic analysis using computational fluid dynamics before going into the wind tunnel. The wind-tunnel tests validate the analytical model, upon which the fundamental assurance is based.

For software, we can apply formal methods. These are techniques based on mathematical representations of software behavior that allow for a truly exhaustive examination of software state to prove the absence of errors. Software testing then validates this comprehensive analysis.

Comments

To join the conversation, and become an exclusive member of Electronic Design, create an account today!