Abstract
The use of software in safety-critical medical applications permits sophisticated functionality that would otherwise not be achievable. However, it is very difficult to ensure that software in these systems is dependable. In particular all software development techniques have limitations, and none can provide any guarantee of overall software dependability. Given this shortcoming, the approach that we have taken is to develop techniques that emphasize the verification of properties that are important to overall software dependability. In this paper we describe two techniques that support the implementation and verification of dependable software for an experimental neurosurgical device and safety-critical applications in general. The first technique involves the assurance of critical safety properties by a relatively simple software component known as a safety kernel. Situated between the application software and the application devices, the safety kernel enforces rules that govern the safe operation of the devices. The simplicity of the safety kernel facilitates its implementation and verification. In most cases, it is not possible to rely on testing to provide the necessary verification of the software in a safety-critical application. However, testing can play an appropriate and vital role in the demonstration of safety properties. The second technique takes this approach, utilizing automated testing and selected test cases to demonstrate useful system properties.