Using the Compliance Notation in Industry
Nancy Leveson has observed that few safety failures are due to coding errors ; for this reason, it is claimed that verification, although desirable, is not the most cost effective use of a limited budget. Evidence does show that safety failures tend to arise instead from requirements or design decisions ; however, low-level implementation decisions can also have a large impact on higher level decisions. For example, the removal of a defensive conditional clause from the source code of the inertial reference system of Ariane 5 would have been safe, except for the requirement to execute the ground-based function during flight . When assessing the safety impact of requirement and design decisions there are always worries about the accuracy of the documentation and whether some decisions have not been recorded, or left implicit.
KeywordsSafety Property Constant Integer WCET Analysis Omission Failure Acceptance Technique
Unable to display preview. Download preview PDF.