An Iterative Approach for Development of
Safety-Critical Software and Safety Arguments
Xiaocheng Ge, Richard F. Paige and John A. McDermid
Department of Computer Science, University of York, UK.
{xchge, paige, jam}@cs.york.ac.uk in each step of the development process. To develop safetycritical systems, organisations are often required to adopt such processes, but their adoption can make it difficult to manage requirements volatility, introduce new and emerging technologies, and can lead to substantial costs in producing and maintaining documentation. Needless to say, Agile methods are very attractive to software engineers and project managers working in the safety domain, while posing difficulties and challenges to safety engineers working in this domain.
Are Agile methods applicable to developing safety-critical software systems? In [6], Boehm performs a comparative study of Agile methods vs. plan-driven methods in developing software and asserts that it is important to know which method is applicable to what type of project. It was suggested that critical systems require stable requirements, often have a number of inflexible requirements, and that Agile methods might not be best suited for such applications [7]. Research into the suitability and applicability of Agile methods for safety-critical software development is still at an early stage; there is yet to be a successful application of an Agile method to a safety-critical project reported in the literature.
This paper argues that the lightweight and iterative approach taken in Agile methods can improve the development of safety-critical systems. What it does not do is argue that Agile methods are directly applicable to developing safety-critical systems that require certification. The argument comes in three parts. The first part briefly reviews the development processes typically used for safety-critical systems, and contrasts them with Agile processes. As a