The paper briefly reviews some of the fundamental difficulties presented by the design and the validation of software for safety critical applications. It suggests that software formal documentation techniques may be one way to ameliorate the problems we describe. The principles behind a method of documenting both requirements and software design are presented. The method is based on concepts proposed by D.L. Parnas, H. D. Mills, and J. Madey [10, 11, 12] and has been followed by the Atomic Energy Control Board of Canada (AECB) in its safety assessment of the software for the shutdown system of the Darlington nuclear power generating station [13]. The method is illustrated by applying it to a small portion of the safety feature actuation system of a PWR reactor.