Abstract
Who could fault an approach that offers greater credibility at reduced cost?
- Aiken, A. and Xie, Y. Context- and path-sensitive memory leak detection. Proceedings of the 5th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (Sept. 2005). Google ScholarDigital Library
- Arney, P. Correctness by construction: Better can also be cheaper. CrossTalk: The Journal of Defense Software Engineering (Mar. 2002); www.praxis-his.com/pdfs/c_by_c_better_cheaper.pdf.Google Scholar
- Ball, T. and Rajamani, S. The SLAM project: Debugging system software via static analysis. In Proceedings of the 29th ACM Symposium on Principles of Programming Languages (Portland, Oregon, Jan. 16--18), 2002. Google ScholarDigital Library
- Bloch, J. Extra, extra---read all about it: Nearly all binary searches and mergesorts are broken; googleresearch.blogspot.com/2006/06/extra-extra-read-all-about-it-nearly.html.Google Scholar
- Cone, E. The ugly history of tool development at the FAA. Baseline Magazine 4, 9 (Apr. 8, 2002).Google Scholar
- Cook, R. and O'Connor, M. Thinking about accidents and systems. In Medication Safety: A Guide to Health Care Facilities, H.R. Manasse and K.K. Thompson, Eds. American Society of Health-System Pharmacists, Washington, DC, 2005; www.ctlab.org/documents/ASHP_chapter.pdf.Google Scholar
- Cousot, P. Proving the absence of run-time errors in safety-critical avionics code. In Proceedings of the Seventh ACM & IEEE International Conference on Embedded Software. (Salzburg, Austria, Sept. 30--Oct. 3), ACM Press, New York, 2007. Google ScholarDigital Library
- Dijkstra, E.W. The tide, not the waves. In Beyond Calculation: The Next Fifty Years of Computing, Denning, P. and Metcalfe, R., Eds. Copernicus (Springer-Verlag), 1997. Google ScholarDigital Library
- FDA. Ensuring the safety of marketed medical devices: CDRH's medical device post-market safety program, 2006.Google Scholar
- Feynman, R.P. Appendix F: Personal observations on the reliability of the shuttle. In Report of the Presidential Commission on the Space Shuttle Challenger Accident, 1986; science.ksc.nasa.gov/shuttle/missions/51-l/docs/rogers-commission/Appendix-F.txt.Google Scholar
- Gallaher, M. and Kropp, B. Economic Impacts of Inadequate Infrastructure for Software Testing, National Institute of Standards and Technology, 2002.Google Scholar
- GAO. Medical Devices: Early Warning of Problems Is Hampered by Severe Under-reporting, Publication PEMD-87--1, U.S. Government Printing Office, 1986.Google Scholar
- Geppert, L. Lost radio contact leaves pilots on their own. IEEE Spectrum 41, 11 (Nov. 2004); www.spectrum.ieee.org/nov04/4015. Google ScholarDigital Library
- German, A. and Mooney, G. Air vehicle software static code analysis---Lessons learnt. In Proceedings of the Ninth Safety-Critical Systems Symposium, F. Redmill and T. Anderson, Eds. Springer-Verlag, Bristol, U.K., 2001.Google ScholarCross Ref
- Griswold, W. Coping with crosscutting software changes using information transparency. In Reflection 2001: The Third International Conference on Metalevel Architectures and Separation of Crosscutting Concerns (Kyoto, Sept. 25--28, 2001). Google ScholarDigital Library
- Hall, A. Using formal methods to develop an ATC information system. IEEE Software 13, 2 (Mar. 1996). Google ScholarDigital Library
- Hammond, J., Rawlings, R., and Hall, A. Will it work? In Proceedings of the 5th International Symposium on Requirements Engineering (Toronto, Aug. 27--31, 2001). Google ScholarDigital Library
- Hatton, L. and Safer C. Developing Software in High-Integrity and Safety-Critical Systems, McGraw-Hill. 1995. Google ScholarDigital Library
- Holzmann, G. The power of ten: Rules for developing safety critical code. IEEE Computer 39, 6, (June 2006). Google ScholarDigital Library
- IAEA. Investigation of an Accidental Exposure of Radiotherapy Patients in Panama: Report of a Team of Experts, (Vienna, Austria, May 26--June 1, 2001); www-pub.iaea.org/MTCD/publications/PDF/Publll4_scr.pdf.Google Scholar
- Jackson, D. Dependable software by design. Scientific American (June 2006); www.sciam.com/article.cfm?id=dependable-software-by-de&collD=l.Google Scholar
- Jackson, D., Thomas, M., and Millett, L., Eds. Software For Dependable Systems: Sufficient Evidence? National Research Council. National Academies Press, 2007; books.nap.edu/openbook.php?isbn=0309103940. Google ScholarDigital Library
- Jackson, M. Problem Frames: Analysing and Structuring Software Development Problems. Addison-Wesley, 2001. Google ScholarDigital Library
- Gross, G. E-voting vendor: Programming errors caused dropped votes. Network World (Aug. 22, 2008); www.networkworld.com/news/2008/082208-e-voting-vendor-programming-errors-caused.html.Google Scholar
- Krebs, B. Cyber incident blamed for nuclear power plant shutdown. Washington Post (June 5, 2008); www.washingtonpost.com/wp-dyn/content/article/2008/06/05/AR2008060501958_pf.html.Google Scholar
- Ladkin, P., Transcriber. Transcription of Report on the Accident of Airbus A320-211 Aircraft in Warsaw on Sept, 14,1993, Main Commission Aircraft Accident Investigation Warsaw; www.rvs.uni-bielefeld.de/publications/Incidents/DOCS/ComAndRep/Warsaw/warsaw-report.html.Google Scholar
- Liskov, B. A history of CLU. ACM SIGPLAN Notices 28, 3 (Mar. 1993). Google ScholarDigital Library
- Littlewood, B. and Wright, D. Some conservative stopping rules for the operational testing of safety-critical software. IEEE Transactions on Software Engineering 23, 11 (Nov. 1997). Google ScholarDigital Library
- MacKenzie, D. Mechanizing Proof: Computing, Risk, and Trust, MIT Press, 2001. Google ScholarDigital Library
- Maisel, W., Sweeney, M., Stevenson, W., Ellison, K., and Epstein, L. Recalls and safety alerts involving pacemakers and implantable cardioverter-defibrillator generators. Journal of the American Medical Association 286, 7 (Aug. 15, 2001).Google ScholarCross Ref
- Ministry of Defence. Defence Standard 00-42: Reliability And Maintainability Assurance Guides, Part 2: Software, 1997.Google Scholar
- Parnas, D. and Madey, J. Functional documentation for computer systems. Science of Computer Programming 25, 1 (1995). Google ScholarDigital Library
- Perrow, C. Normal Accidents, Princeton University Press, 1999.Google Scholar
- Perrow, C. The Next Catastrophe: Reducing our Vulnerabilities to Natural, Industrial, and Terrorist Disasters, Princeton University Press, 2004.Google Scholar
- Pfleeger, S. and Hatton, L. Investigating the influence of formal methods. Computer 30, 2 (Feb. 1997). Google ScholarDigital Library
- Rockoff, J. Flaws in medical coding can kill: Spread of computers creates new dangers, FDA officials warn. Baltimore Sun (June 30, 2008); http://pqasb.pqarchiver.com/baltsun/access/1502776681.html?dids=1502776681:1502776681&FMT=ABS&FMTS=A BS:FT&type=current&date=Jun+30%2C+2008&aut hor=Jonathan+D.+Rockoff&pub=The+Sun&desc=FL AWS+IN+MEDICAL+CODING+CAN+KILL.Google Scholar
- Salvadori, M. Why Buildings Stand Up: The Strength of Architecture, Norton, 1980. See also Levy, M. and Salvadori, M. Why Buildings Fall Down: How Structures Fail, Norton, 1992.Google Scholar
- Slabodkin, G. Navy: Calibration flaw crashed Yorktown LAN. Government Computing News (Nov. 9, 1998); www.gcn.com/print/17_30/33914-l.html.Google Scholar
- Zetter, K. E-voting undermined by sloppiness. Wired (December 17, 2003); www.wired.com/politics/security/news/2003/12/61637.Google Scholar
Index Terms
- A direct path to dependable software
Recommendations
Software protection mechanisms for dependable systems
DATE '08: Proceedings of the conference on Design, automation and test in EuropeWe expect that in future commodity hardware will be used in safety critical applications. But the used commodity microprocessors will become less reliable because of decreasing feature size and reduced power supply. Thus software-implemented approaches ...
The customizable fault/error model for dependable distributed systems
Dependable computingDependability is a qualitative term referring to a system's ability to meet its service requirements in the presence of faults. The types and number of faults covered by a system play a primary role in determining the level of dependability which that ...
Transition path delay faults: a new path delay fault model for small and large delay defects
We propose a new path delay fault model called the transition path delay fault model. This model addresses the following issue. The path delay fault model captures small extra delays, such that each one by itself will not cause the circuit to fail, but ...
Comments