Content: SECTION I: BACKGROUND Introduction Dependable, embedded software The safety culture Our path Choosing the techniques to describe The development approach Today's challenges References The Terminology of Safety General Safety Terminology Software-Specific Terminology References Safety Standards and Certification The standards bodies Accreditation and certification Why do we need these standards? Goal- and prescription-based standards Functional safety standards IEC 62304 and ISO 14971 Process and the standards Summary References Representative Companies Alpha Device Corp Beta Component Inc Using a Certified Component SECTION II: THE PROJECT The Foundational Analyses The Analyses The inter-relationships The hazard and risk analysis The safety case The failure analysis Analyses by the representative companies Summary References Certified and Uncertified Components SOUP by any other name Certified or uncertified SOUP Using non-certified components Using a certified component Aligning release cycles The example companies SECTION III: ARCHITECTURAL PATTERNS Architectural Balancing The availability/reliability balance The usefulness/safety balance The security/performance/safety balance The performance/reliability balance The implementation balance Summary References Error Detection and Handling Why detect errors? Error detection and the standards Anomaly detection Rejuvenation Recovery blocks A note on the diverse monitor Summary References Expecting the Unexpected The design safe state Recovery The crash-only model Anticipation of the unexpected by the example companies Summary References Replication and Diversification History of replication and diversification Replication in the standards Component or system replication? Replication Diversification Virtual synchrony Locked-step processors Diverse monitor Summary References SECTION IV: DESIGN VALIDATION Markov Models Markov models Markov models and the standards The Markovian assumptions An example calculation Markovian advantages and disadvantages References The Fault Tree FTA and FMECA Fault tree analysis in the standards Types of fault tree Example 1: The Boolean fault tree Example 2: The extended Boolean fault tree Example 3: The Bayesian fault tree Combining FTAs FTA Tools The use of FTA References Software Failure Rates The underlying heresy Assessing failure rates Modelling the failures References Semi-Formal Design Verification Verification of a reconstructed design Discrete event simulation Timed Petri nets Simulation and our sample companies References Formal Design Verification What are formal methods? History of formal methods Formal methods and the standards Do formal methods work? Types of formal methods Automatic code generation The Spin modelling system The Rodin modelling tool Our companies' use of Rodin and Spin Formal methods References SECTION V: CODING Coding Guidelines Programming language selection Programming languages and the standards Language features Use of language subsets So what is the best programming language? References Code Coverage Metrics Code coverage testing Types of code coverage Coverage and the standards The effectiveness of coverage testing Achieving coverage Combinatorial Testing Summary References Static Analysis What static analysis is asked to do Static code analysis and the standards Static code analysis Symbolic execution Summary References SECTION VI: VERIFICATION Integration Testing Fault injection testing Back-to-back comparison test between model and code Requirements-based testing References The Tool Chain Validation of the tool chain Tool classification BCI's tools classification Using third-party tools Verifying the compiler ADC's and BCI's compiler verification References Conclusion Appendix A: Goal Structuring Notation Background Example GSN or BBN? References Appendix B: Bayesian Belief Networks Frequentists and Bayesians Prior probabilities Bayes' theorem A Bayesian example What do the arrows mean in a BBN? BBNs in safety case arguments BBNs in fault trees BBN or GSN for a safety case? References Appendix C: Notations General symbols Pi and Ip The structure function Components in parallel and series Temporal logic Vector bases References Index