Software Safety: A Formal Approach

There are many computer applications in which safety and not reliability is the overriding concern. Reduced, altered, or no functionality of such systems is acceptable as long as no harm is done. This report is concerned with the role of software in such systems and the definition of what it will mean for software to be viewed as safe. A precise definition of what software safety means is essential before any attempt can be made to achieve it. Without this definition, it is not possible to determine whether a specific software entity is safe. Informal, intuitive notions of software safety must be rejected if for no other reason than to protect the legal interests of the software engineer. Software must be viewed as merely one of many components that make up a system. In the overall system context, software is no different from any of the other components of which the system is composed. Viewing software as a system component, a definition of software safety based on the establishment of precise specifications for the software's response to its own failure and to the failure of other components is presented. The definitions presented here define software to be safe if it complies with these specifications. A consequence of the definition is that the software engineer is freed from responsibilities other than the correct implementation of certain parts of the software specifications. This facilitates placement of responsibility in the event that an accident does occur. A case study is presented, demonstrating the feasibility of these definitions through the creation of formal software safety specifications for a software~controHed, safety-critical surgical device. iv
Note: Abstract extracted from PDF file via OCR

Knight, JC, and DM Kienzle. "Software Safety: A Formal Approach." University of Virginia Dept. of Computer Science Tech Report (1992).