Gary Kevin, Enquobahrie Andinet, Ibanez Luis, Cheng Patrick, Yaniv Ziv, Cleary Kevin, Kokoori Shylaja, Muffih Benjamin, Heidenreich John
Department of Engineering, Arizona State University, Mesa, Arizona, 85212, USA.
Softw Pract Exp. 2011 Aug 1;41(9):945-962. doi: 10.1002/spe.1075.
The introduction of software technology in a life-dependent environment requires the development team to execute a process that ensures a high level of software reliability and correctness. Despite their popularity, agile methods are generally assumed to be inappropriate as a process family in these environments due to their lack of emphasis on documentation, traceability, and other formal techniques. Agile methods, notably Scrum, favor empirical process control, or small constant adjustments in a tight feedback loop. This paper challenges the assumption that agile methods are inappropriate for safety-critical software development. Agile methods are flexible enough to encourage the rightamount of ceremony; therefore if safety-critical systems require greater emphasis on activities like formal specification and requirements management, then an agile process will include these as necessary activities. Furthermore, agile methods focus more on continuous process management and code-level quality than classic software engineering process models. We present our experiences on the image-guided surgical toolkit (IGSTK) project as a backdrop. IGSTK is an open source software project employing agile practices since 2004. We started with the assumption that a lighter process is better, focused on evolving code, and only adding process elements as the need arose. IGSTK has been adopted by teaching hospitals and research labs, and used for clinical trials. Agile methods have matured since the academic community suggested they are not suitable for safety-critical systems almost a decade ago, we present our experiences as a case study for renewing the discussion.
在依赖生命的环境中引入软件技术,要求开发团队执行一个确保软件具有高度可靠性和正确性的流程。尽管敏捷方法很受欢迎,但由于其缺乏对文档编制、可追溯性及其他形式化技术的重视,在这些环境中,敏捷方法通常被认为不适用于作为一个流程体系。敏捷方法,尤其是Scrum,倾向于经验性过程控制,即在紧密的反馈循环中进行小幅度的持续调整。本文对敏捷方法不适用于安全关键型软件开发这一假设提出了质疑。敏捷方法足够灵活,可以鼓励进行适当的规范流程;因此,如果安全关键型系统需要更加强调诸如形式化规范和需求管理等活动,那么敏捷流程将把这些活动作为必要活动纳入其中。此外,与经典软件工程过程模型相比,敏捷方法更注重持续过程管理和代码级质量。我们以图像引导手术工具包(IGSTK)项目的经验作为背景来展开论述。IGSTK是一个自2004年以来一直采用敏捷实践的开源软件项目。我们一开始的假设是流程越轻越好,专注于代码的演进,只在有需要时才添加流程元素。IGSTK已被教学医院和研究实验室采用,并用于临床试验。自从学术界在近十年前提出敏捷方法不适用于安全关键型系统以来,敏捷方法已经成熟,我们将介绍我们的经验,作为重新展开讨论的一个案例研究。
