John Knight skillfully writes about how to make software systems more dependable. His goal in writing this book is clearly stated in the preface. The book successfully bridges the disciplines of systems engineering and software engineering. Too many systems engineering books ignore the software components vital to 21st century systems. These software-based systems must go beyond feature engineering to make such systems dependable. Knight defines what this means and outlines the theory of dependability that every professional software engineer, computer science instructor, and serious system engineer needs to read and understand. The book is an important addition to one’s bookshelf. It is not perfect, but it is insightful, close to faultless, and a wonderful reference. Read it from front to back and cite it in your proposals and professional and scholarly papers.
The book is primarily qualitative, with a few excursions into quantitative analysis. I particularly liked Knight’s use of code snippets to illustrate key points. Problems and code snippets are provided at the end of each of the 12 chapters. I was disappointed not to find a pointer to problem solutions. I also disliked the amount of space devoted to the often-discredited N-version programming. Knight ignores Parnas’ great insight that, with software components, N-versions are not independent even when written by isolated teams. Later in the book, in chapter 6, he seems to restrict N-version to hardware components, but then returns to N-version design in chapter 11.
In the preface, the author explains the organization of the book, which is very helpful. Chapter 1 argues why dependability is important, with examples and the scope of the theory. Chapter 2 describes systems, requirements, and failures. Chapter 3 defines errors and faults, and offers a wonderful explanation of hazards. I question the bathtub curve in Figure 3.3 that is a model for analog systems. Digital systems and software have fault curves that start out like the generic bathtub curve and then approach a steady state failure rate. His explanation of Byzantine faults is excellent.
Chapter 4, on dependability analysis, contains the best description of fault tree analysis that I have seen. Chapter 5 explains fault avoidance, removal, tolerance, and forecasting. Chapter 6 describes degradation faults and shifts attention in N-version design to hardware components, which is appropriate. Chapter 7 has a software focus with the introduction of models. Many software dependability misconceptions are identified. Chapter 8 provides a quick tour of software engineering with a dependability slant. It deals with the Z formal specification language and the implications of incorrect specifications.
Chapter 9 deals with specific and important implementation issues with the use of pre and post conditions. An analysis of the problems common to C programs is in Section 9.2.1. Chapter 10 is unique in dealing with many aspects of eliminating software faults before system delivery. The importance of inspections and testing is highlighted. Chapter 11 focuses on process, data, and code fault tolerance. Chapter 12 provides insights from the field on how to access software dependability from many viewpoints.
I wish the book had a more detailed discussion of how to compute software reliability and the importance of the reliability equation. The book has a solid bibliography--make sure you visit reference 132. This book can and should be taught as part of an undergraduate or graduate software engineering program. I wish it had been available when I was setting up a graduate software engineering program at the Stevens Institute of Technology, in Hoboken, NJ, in 2002.
