Welcome to the Biomed Boston & ESC Boston 2019 Presentation Store. Here you can view and download conference and/or show floor theater presentations before, during, and after the event. If you’re looking for a presentation from a specific session that you’re unable to find here, note that it’s likely because the presenter has not provided permission for external use or has not yet shared their presentation with us. Please check back after the event for a more complete catalogue of available presentations.
Jay Thomas (Director, Field Engineering , LDRA)
Date: Thursday, May 16
Time: 3:15pm - 4:00pm
Track: ESC Boston, Track B: Embedded Software Design & Verification
Vault Recording: TBD
In everyday language, the words "complex" and "complicated" are synonymous. A complex cake recipe is complicated. But in development circles, software complexity is more specifically concerned with the extent to which a system is difficult to comprehend, modify and test, and not the complication inherent in the function it is designed to fulfil. Two systems equivalent in functionality can therefore differ greatly in their software complexity. And the more complex the code, the more difficult it is to understand, test and maintain, and the more likely it is that problems will arise.
The learned committees responsible for functional safety and security standards are unanimous in their distaste for complexity. For example, IEC 61508 and its derivatives include clauses related to Low Complexity Software, and require that evidence of low complexity is presented as part of the certification process. From a security perspective, one of SEI CERT's "top 10" secure coding practices is to "keep it simple" and hence avoid complexity.
This presentation will discuss why the avoidance of complexity features so highly in the standards, how it is enumerated, and how it can be minimized. It will contend that metrics such as McCabe's cyclomatic complexity need to be considered in the context of the application itself; more as a comparator than an absolute measure. And it will argue that mission-critical application or not, complexity is a "bad thing" and something to be avoided.
Attendees will learn to differentiate between necessary complexity, and complexity introduced as a result of poor coding style. They will understand why that differentiation matters, and how metrics can be applied to quantify it.