[SystemSafety] The mindset for safety-critical systems design
Olwen Morgan
olwen.morgan at btinternet.com
Wed Sep 19 13:40:10 CEST 2018
I've always developed software incrementally anyway (although I abhor
the hype surrounding Agile development).
When I'm programming for an embedded target, I write a small bit of code
then test it on-host and keep on doing that until all the code I need is
there in its final form (apart from stubbed I/O functions). Then I test
the whole on-host. Only after that do I put the code onto the target. My
C code for an embedded system never gets anywhere near the target until
after it has had substantial testing on the development host, in the
command-line environment using gcc or clang, and Geany, even if a
cross-compiler development environment is available.
To make this work, you have to ensure that your code is highly portable,
which is no bad thing in itself. Portable code tends to be more
tractable to formal verification.
Proceeding this way you:
1. gradually add functions until all and only what you need is there
(Principle 1),
2. test early and often, thereby giving yourself lots of opportunity
to find and remove errors - which tends to make you write, rewrite and
*simplify* bits of code as you go along (Principle 2).
So ... I find that incremental development of this kind sits quite well
with the two principles.
It would be disingenuous not to admit that there are some downsides to
this. One is that by spending a lot of time poring over the code to
simplify it, you can at times become bug-blind to howlers. A second
issue is that I almost invariably take at least twice as long as other
programmers to produce a given number of lines of code. On the other
hand, my bug rate does tend to be substantially lower than that of
faster coders.
regards,
Olwen
On 19/09/18 09:38, Tim Schürmann wrote:
> Hi :)
>
>
> On 18.09.2018 17:11, Olwen Morgan wrote:
>> The two cardinal principles of critical systems design are:
>>
>> 1. Whatever is not there cannot go wrong (so do not include any
>> functions that you do not need).
>>
>> 2. Whatever is there is less likely to go wrong the simpler it is.
>>
>> [...]
> In the context of the above stated principles, what would be your take
> on the 'Incremental development of software'
> favored by Brooks in his book 'The Mythical Man-Month'? (Original Idea:
> Harlan Mills 1971, afaik).
>
> Kind regards
> Tim
>
>
More information about the systemsafety
mailing list