Page 362 -
P. 362
13.2 Dependable processes 345
Dependable operational processes
This chapter discusses dependable development processes but an equally important contributor to system
dependability is a system’s operational processes. In designing these operational processes, you have to take
into account human factors and always bear in mind that people are liable to make mistakes when using a
system. A dependable process should be designed to avoid human errors and, when mistakes are made, the
software should detect the mistakes and allow them to be corrected.
http://www.SoftwareEngineering-9.com/Web/DependabilityEng/HumanFactors/
People tackle tasks in different ways depending on their personality, experience, and
education, so this kind of redundancy provides a diverse perspective on the system.
As I discuss in Section 13.3.4, achieving software diversity is not straightforward.
Diversity and redundancy make systems more complex and usually harder to under-
stand. Not only is there more code to write and check, additional functionality must also
be added to the system to detect component failure and to switch control to alternative
components. This additional complexity means that it is more likely that programmers
will make errors and less likely that people checking the system will find these errors.
As a consequence, some people think that it is best to avoid software redundancy
and diversity. Their view is that the best approach is to design the software to be as sim-
ple as possible, with extremely rigorous software verification and validation proce-
dures (Parnas et al., 1990). More can be spent on verification and validation because of
the savings that result from not having to develop redundant software components.
Both approaches are used in commercial, safety-critical systems. For example,
the Airbus 340 flight control hardware and software is both diverse and redundant
(Storey, 1996). The flight control software on the Boeing 777 is based on a redun-
dant hardware but each computer runs the same software, which has been exten-
sively validated. The Boeing 777 flight control system designers have focused on
simplicity rather than redundancy. Both of these aircraft are very reliable, so both the
diverse and the simple approach to dependability can clearly be successful.
13.2 Dependable processes
Dependable software processes are software processes that are designed to produce
dependable software. A company using a dependable process can be sure that the
process has been properly enacted and documented and that appropriate development
techniques have been used for critical systems development. The rationale for invest-
ing in dependable processes is that a good software process is likely to lead to deliv-
ered software that contains fewer errors and is therefore less likely to fail in execution.
Figure 13.2 shows some of the attributes of dependable software processes.
The evidence that a dependable process has been used is often important in con-
vincing a regulator that the most effective software engineering practice has been
applied in developing the software. System developers will normally present a
model of the process to a regulator, along with evidence that the process has been
