Rigorous-Assurance Points in Software Development
Director, Causalis Limited
Almost fifty years ago, a dependability crisis in software was noted by an international meeting of computer scientists in Garmisch-Patenkirchen. Stored-program computers were just a couple of decades old. We are now approaching the seventieth anniversary of stored-program computers, and they are ubiquitous. In the half-century since the Garmisch meeting, the technology of software dependability has advanced immeasurably. But much of it remains unused in everyday software development. Like most engineered artifacts, software is built to some purpose. That purpose belongs to the “documentation” of the artifact, as do assurances that the built object is fit for the purpose. The dependability of the software depends essentially upon its purpose, and thereby its documentation. A number of us are concerned that standards for critical software development, for example IEC 61508-3, lag years, even decades, behind the state of the art. In 2010, with the help of some eminent colleagues, I formulated a collection of 26 points at which objective properties of the software and documentation could be rigorously assured using industrially-mature techniques, and often were not. None of them appeared in IEC 61508-3. After seven years of discussion, including further research on industrial maturity commissioned from Bernd Sieker, the German National Committee for functional safety of computer-based systems formulated a proposal to be presented to the IEC for a standards document based on those assurance points. I introduce those techniques in this talk.