Software Safety
Author: Asif Syed
Summary:
Software for safety-critical systems, such as avionic, medical, defense, and manufacturing systems, must be highly reliable since failures can have catastrophic consequences. While existing methods, such as formal techniques, testing, and fault-tolerant software, can significantly enhance software reliability, they have some limitations in achieving ultrahigh reliability requirements. Formal methods are not able to cope with specification faults, testing is not able to provide high assurance, and fault-tolerant software based on diverse designs is susceptible to common-mode failures. We present a new approach that starts with a decomposition of the system requirements into a conjunction of subtasks (goals and constraints). The system state space is then projected onto a restricted space that is specialized for a subtask. The control problem corresponding to each subtask is solved and validated in its restricted “view” of the system state space. To allow the programs for the individual subtasks to be easily composed together, the model for each subtask is relational rather than functional, i.e., it represents a set of control trajectories for each input rather than just one trajectory. The overall system is obtained by composing the models for the subtasks using well-defined set intersection and union operations. The relational approach has several significant advantages. With appropriate priority assignments, it provides strong guarantees that the safety-critical components are immune to defects in other components of the system. Also, the system reliability can be rigorously derived from the component reliabilities. This significantly reduces the validation effort since the number of states and transitions in the decomposition is a fraction of those in the overall system. The system can be composed from its components either statically or dynamically; the latter facilitates on-the-fly maintenance as well as incorporation of advanced adaptive and evolving control programs. The paper contains a detailed example to illustrate the relational approach.

Analysis:
A. Software is influencing and controlling more and more of our daily lives.
The technology race (or rage) combined with the small inexpensive microprocessor has made it such that our society is giving computer control to everything possible. Everything from toasters to medical equipment, from commercial aircraft lavatories to spacecraft, and from kids toys to nuclear weapon systems. And, as more control is being given to computers, it follows that the software driving these computers is more prevalent and controlling also. B. Software is posing increasing safety risk.
The increased level of risk in software is due to many interrelated and complex factors, such as:
1. Increased usage of computers / software.
2. Increased dependency on computers / software..
3. Increased application to safety critical uses.
4. Significant difficulty developing software.
5. Significant difficulty preventing software bugs and errors. C. Software has many unique characteristics that make it difficult to work with.
The very unique nature of software makes it difficult to completely understand, and even more difficult to visualize all the possible ways software can perform or fail to perform.
Some of the unique characteristics of software include:
1. Software is an abstract concept in that it is a set of instructions on a piece of paper or in computer memory. It can be torn apart and analyzed in piece parts like hardware, yet unlike hardware it is not a physical entity with physical characteristics which must comply with the laws of nature (i.e., physics and chemistry).
2. Since software is not a physical entity it does not wear out or degrade over time. This means that software does not have any failure modes per se. Once developed it always works the same