First off what qualifies as “High Integrity Software?” The base “reference” document that I use is the “NIST Special Publication 500-204: High Integrity Software Standards and Guidelines”
Originally written to support the nuclear power industry it provides a valuable insight into what it means to be “safety critical”
In short, the software must function dependably (in a measurable and definable fashion) for critical functions. Critical functions being defined as having failure modes that could cause serious injury, loss of life or property.
Model-Based Design and safety-critical software
When considering software design using MBD methodologies for safety-critical software everything starts with the requirements and the validation that those requirements are correctly implemented (this is true for all software). I consider 4 primary factors
- Enhanced understanding of requirements
- Enhanced traceability
- Handoff error reduction
- Automated code generation
Enhanced understanding of requirements
Model-Based Design improves the understanding of requirements in 3 ways. First, in general, models are easier to interpret than code. Second, models allow you to easily simulate and visualize their behavior simplifying the understanding of the requirements. Finally, the ability to link requirements to sections of a model and have those requirements show up in test results improves the chance that the requirements will be correctly implemented.
Traceability refers to the act of following the implementation, modification, and validation of requirements. Model-Based Design improves this process since a single model can be used as the design artifact at multiple stages in the development. Meaning that once the link between the requirement and the model is made it is maintained.
Handoff error reduction
The handoff of software artifacts between people and roles (e.g. software developer to software integrator to software test engineer) is a well know point for the introduction of errors. With Model-Based Design, the same model is used at each stage preventing hand-off errors.
Automated code generation
The use of automatically generated code prevents syntactical errors to which people are prone. Many standards now allow you to claim credit for the use of auto code in the prevention of these errors.
Developing safety critical systems for any industry requires following common best practices and established guidelines. Following a Model-Based Design approach helps with the automation and validation of many of these steps while avoiding critical handoff errors.