Testing Languages, Generators and Runtimes in a Safety-Critical System

Last year we ran a project with Voluntis in which we built DSLs for use in the healthcare domain. The benefits of the approach are readily obvious: the domain experts can much more easily review, test, explore, or even write the application logic. The overall development process will be streamlined, and ultimately, Voluntis will be able to create more products in a shorter time, which is good for business. Unfortunately, the potential problem is also readily obvious: what good are nicely correct models, if the final application — the code that actually runs on the target device — cannot be guaranteed to be correct relative to the logic expressed in the model. Of course, preventing errors in code generators is important in any DSL-based project. But here, with patients at risk, it becomes especially critical.

So, as part of the project, we spent significant effort assuring the correctness of everything downstream from the model. We wrote a detailed paper about this, which has been published in SOSYM. You can read it there, or at voelter.de.

I am also in the process of preparing a short talk for a software conference, and the video below is a dry run of that talk to find out how long it will take me to present the talk (21 minutes, it turns out). So, until we can publish the paper, you might want to check out this talk to get an idea of how we went about assuring the correctness of languages, generators, and runtimes for a safety-critical system.

Here is the video of  the talk.