Latest from Embedded

ID_316508515_alena_butusava, and Macronix
promo__id_316508515__alena_butusava__dreamstime
ID 348425309 © Yuriy Nedopekin | Dreamstime.com
datacenter_dreamstime_l_348425309
William Wong, 2025 © Endeavor Business Media
Do you recognize these charts
ID 22585047 © Agsandrew | Dreamstime.com
id_22585047__agsandrew__dreamstime_new
ID 361819724 © Anastasiia Torianyk | Dreamstime.com
chip_dreamstime_l_361819724
ID 107552055 © Scanrail | Dreamstime.com
car_headlight_dreamstime_l_107552055
Dreamstime_Audrius_Merfeldas_111096969
dreamstime_audrius_merfeldas_111096969

SSI: Continued Assurance from Requirements to Code (.PDF Download)

Nov. 13, 2018
SSI: Continued Assurance from Requirements to Code (.PDF Download)

The development of systems, whether high-assurance or mission-critical, faces a perennial problem: We can envision and therefore want to build systems that are much more capable and complex than we can assure with traditional approaches. The result is predictable: System errors resulting in system failures that result in losses—sometimes including loss of life.

Many system errors can be traced to erroneous behavior of critical system software. Software, even more than systems, is prone to escape from the envelope of manageable complexity. Software has no physical extent, no physical weight, and no physical power demand per se. The pressures that constrain the features we want to add to systems don’t constrain software. If we can imagine a feature, we can add the feature to software. The result is again predictable: Software that’s far too complex to assure; that fails; and that causes system failure.

Going Formal?

Software assurance has traditionally been gathered through extensive testing. Unfortunately, testing isn’t exhaustive and thus can only reveal the presence—not absence—of errors. But we can do better than just testing. At the system level, we apply analysis as well as testing. For example, when designing an aircraft, aerospace engineers conduct extensive aerodynamic analysis using computational fluid dynamics before going into the wind tunnel. The wind-tunnel tests validate the analytical model, upon which the fundamental assurance is based.

For software, we can apply formal methods. These are techniques based on mathematical representations of software behavior that allow for a truly exhaustive examination of software state to prove the absence of errors. Software testing then validates this comprehensive analysis.

Comments

To join the conversation, and become an exclusive member of Electronic Design, create an account today!