Risks of faults intrinsic to software languages: Trade-off between design performance and application safety

摘要

A lot of products embed software applications carrying out complex functions (e.g. cars, aircrafts, and medical equipments). More and more authority for control is placed on these applications whose failures may lead to accidental loss. Numerous methods have been developed to prevent these failures. These methods apply either to the programs developed or to the design activities. However, the programming or modelling languages used to operationalise the solutions as software applications are rarely questioned. These languages constitute the technology of realization of the program. On one hand, the language features are selected to increase the development performance and to decrease the software application costs. On the other hand, these features may be at the origin of specific types of faults which constitute the intrinsic risks of these languages. Therefore, the choice of a language or of a subset of a language, leads to a decisionmaking issue of how to deal making safety and performance trade-offs. The first part of the paper analyzes the evolution of the programming languages. We show that these changes were aimed at the convergence of design performance improvement with designed application safety. The introduction of the object-oriented technologies breaks this commonality. They cut the development expenditures but introduce new types of faults. The decision-makers such as the critical software application producers (e.g. the aircraft manufacturers) and the authorities (e.g. the avionics certification authorities) have to deal with this trade-off. These new technologies cannot be just rejected as they are more and more often used in certain domains (e.g. mobile phones, internet applications). The proposed constraint on using them seem to be too restrictive and are not justified. In particular, the safety levels of software programs developed applying these constraints are not assessed. The second part of the paper addresses these questions. It specifies the problem and it proposes a method to estimate the risk of faults in object-oriented programs. Thus, the decision-makers can elaborate rules for using object-oriented languages establishing a trade-off between the wished-for development performance and the required safety levels.