Hazard elimination a SUBSTITUTION e Use safe or safer materials Simple hardware devices may be safer than using a computer. No technological imperative that says we MUST use computers to control dangerous devices Introducing new technology introduces unknowns and even unk-unks Design a SIMPLIFICATION Criteria for a simple software design 1. Testable: Number of states limited determinism vs nondeterminism single tasking vs. multitasking polling over interrupts 2. Easily understood and readable 3. Interactions between components are limited and straightforward 4. Code includes only minimum features and capability required by system Should not contain unnecessary or undocumented features or unused executable code 5. Worst case timing is determinable by looking at codec ��������������������� ���������� Hazard Elimination SUBSTITUTION Use safe or safer materials. Simple hardware devices may be safer than using a computer. No technological imperative that says we MUST use computers to control dangerous devices. Introducing new technology introduces unknowns and even unk−unks. c ��������������������� ���������� SIMPLIFICATION Criteria for a simple software design: 1. Testable: Number of states limited determinism vs. nondeterminism single tasking vs. multitasking polling over interrupts 2. Easily understood and readable 3. Interactions between components are limited and straightforward. 4. Code includes only minimum features and capability required by system. Should not contain unnecessary or undocumented features or unused executable code. 5. Worst case timing is determinable by looking at code