Many decades of research and experience have made it clear that there is neither a magic tool, nor any easy path to substantial improvements in software quality. The “software crisis”, first identified in the 1960s is still with us and we only have to pick up a newspaper to read stories about another major IT failure, either in critical IT systems (government, banking, health, etc) or in engineering products containing software (medical devices, safety control systems, automobiles and others).
Software and its quality are now major issues for everyone. We all suffer from the effects of poor quality software — and software is costing us a fortune. In 1998 Siemens estimated that 50% of the cost of all their products was related to software, and that this figure would grow to 70% in the next 25 years; Volvo claims that 80% of the cost of one of their modern cars is software related. It costs manufacturers of safety critical systems millions of dollars to demonstrate the reliability of their software to regulators.
Software that is both fit for purpose and adequately reliable can be achieved only by means of a disciplined approach, i.e., only by the application of properly defined engineering methods. This includes careful attention to:
- precise definition of the system and software requirements
- precise design of the required system and software elements
- decomposition of the software into components
- precise and detailed documentation
- disciplined or automated coding
- mathematically based analysis of conformance
- systematic inpection of all requirements, designs, code and analysis documents
- disciplined testing.
This discipline would not surprise professional engineers in other domains of engineering, but claims are often made that software engineering is not yet mature enough to support such systematic approaches. However, even though software engineering is relatively new, we do know enough about many aspects of software development in a variety of domains to put in place cost-effective, systematic approaches as well as software tools to support these approaches.
The Software Quality Research Laboratory, associated with the Department of Computing and Software at McMaster University, was founded to address the needs of those industrial and government sectors that rely on the production of software that is critical for their missions and/or for the safety and effectiveness of their products. We see SQRL as performing the following functions:
- acting as a conduit for pertinent software engineering knowledge between researchers and organisations involved in producing high quality software
- being a focal point for the investigation of fundamental software problems that are not yet well understood by the community
- promoting a professional engineering approach to the development of software applications.
Members of SQRL have extensive experience in software engineering research, and in collaborating with industry. We understand the difference between academic research and the nature of commercial and industrial software development. We have successfully bridged this gap in the past. We can also rely on an extensive international network of collaborators and contacts to provide added value to our activities
The initiatives SQRL is currently undertaking include:
- Industrialisation of software engineering knowledge in terms of proper engineering methods for software development in specific domains, together with CAD tools required to support the construction and analysis of the artefacts of software development. We have specific expertise in safety critical software and embedded systems, health information systems and medical devices, formal analysis of software artefacts, and development of systematic methods for software production.
- Development of professional courses to enable engineers to keep up to date with modern technologies. This includes professional Masters degree programmes in topics like Safety Critical Systems. We are pursuing a novel set of professional Masters degrees in Software Engineering for classical engineering disciplines, such as Software Engineering for Civil Engineers and Software Engineering for Mechanical Engineers. We also mount short courses, workshops and conferences to support this technology transfer activity.
- Development of a professional, third party, certification capability. As software is recognized more and more as an integral part of many artefacts, the safety of these artefacts needs to be established and the concept of certification needs to be extended to cover this novel situation. There is a real gap here, both technically and commercially, as well as in terms of regulation. We have embarked on a research programme in this area and intend to apply our knowledge in the context of individual organisation’s internal mechanisms for managing the quality of software and in the context of regulatory mechanisms to provide assurance to the public about the safety of devices that contain embedded software.
- Development of an experimental facility, akin to the idea of clinical trials in medicine, to enable organisations to determine the efficacy of proposed methods and tools for software development. At the moment, there is an almost complete absence of such a capability in the software engineering community, because of objections about cost and damage to the profitability of organisations undertaking such experiments. We believe we have a formula to overcome these difficulties and to be able to conduct proper “clinical” trials.
In addition to projects that fit within the mandate described above, we are embarking on a more unusual project, in collaboration with Boston Scientific. Boston Scientific has released into the public domain the system specification for a previous generation pacemaker. This serves as the basis for a Challenge to the software formal methods community.