Abstract. We reflect on the formal development models applicable to embedded control systems in light of our experience with safety-critical applications from the aerospace domain. This leads us to propose two complementary enhancements to Parnas' four-variable model, one elaborating the structure outside the control computer, and the other elaborating the structure inside the control computer. We then identify several challenges which illustrate why formal development in this domain is difficult, and report our own progress in meeting these challenges. Finally, we outline the residual issues, which form the agenda for our future work.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.