The construction of software for critical systems is addressed in three sections covering requirements analysis, design principles, and quality assurance. The first section considers requirements analysis, which the author calls “discovery.” It deals with regulatory responsibility and documents, basic principles of control systems, the relevance of software, safety requirements, and safety analysis. The section on design deals with general principles of software design, static structure using Ada packages, algorithm design in Ada, and controlling devices in Ada. The third section discusses quality assurance, which the author calls “confirmation.” It deals with general principles of gaining assurance about dependable software, formal methods, informal review methods, and testing.

The book is intended for practicing software engineers interested in critical systems. Consequently, it is written in the style of a tutorial, with references to the research and regulatory literature. It goes a long way to fulfill its basic purpose. One limitation is that the author often refers casually to documents (particularly regulatory documents) that the reader may not have encountered before and may not have easy access to. One may assume that the serious reader will track down these documents, however.

The book’s length makes it quite digestible. It would be hard to imagine getting the material into a shorter text, and a longer work would not encourage reading. The best feature of the text is the author’s wealth of experience and knowledge, as indicated by the book’s scope and the responsible way in which this important material is presented. For example, the author has a clear understanding of correctness, formality, and rigor, concepts that sometimes suffer from poor explanation. As noted above, however, the presentation does suffer from some unfortunate references to names of systems and documents that are either discussed later in the book or not explained other than by a citation in the bibliography. For example, SPADE and SPARK are first mentioned on page 71 but are not explained until page 158. Also, the STARTS publication is introduced in a casual way that seems to imply that the reader has prior knowledge about it.

Overall, this book is an excellent introduction to the area for a knowledgeable software engineer who is able and willing to do some more work in investigating details that could not be included. The reader should have considerable experience in software design and be familiar with Ada. To my knowledge, no comparable book is available, so I recommend this volume for those with the proper motivation and background.

The production is quite good, with accurate editing, a pleasant writing style, a good index, and a good bibliography. No exercises are provided, since this book is not intended as a textbook.