Developing Correct Safety Critical, Hybrid, Embedded Systems

Abstract : Several aspects of the development process of correct safety critical discrete and hybrid embedded systems are discussed. The general process and its support by the CASE tool AUTOFOCUS is outlined. This is illustrated along the lines of a simplified version of NASA's Mars Polar Lander. It is argued that specific aspects of hybrid systems do require the modification of classical theories on software development, and these modifications are discussed. The paper concludes by focusing on one part of the development process, namely testing a novel approach to the automated generation of test cases for discrete as well as hybrid systems is presented. The Mars lander's crash serves as an example for the derivation of meaningful test cases.