Skip to Main Content
In safety-critical systems, the potential impact of each separate failure is normally studied in detail and remedied by adding backups. Failure combinations, though, are rarely studied exhaustively; there are just too many of them, and most have a low probability of occurrence. Defect detection in software development is usually understood to be a best effort at rigorous testing just before deployment. But defects can be introduced in all phases of software design, not just in the final coding phase. Defect detection therefore shouldn't be limited to the end of the process, but practiced from the very beginning. In a rigorous model-based engineering process, each phase is based on the construction of verifiable models that capture the main decisions.