SlideShare ist ein Scribd-Unternehmen logo

Couverture erts2012

AdaCore
AdaCore

Jerome Guitton's presentation on the formal results derived from the COUVERTURE project, whose goal was to develop tools to support structural coverage analysis of unin- strumented safety-critical software. After briefly intro- ducing the project context and explaining the need for formal foundations, we focus on the relationships be- tween machine branch coverage and the DO-178B Modified Condition/Decision Coverage (MCDC) criterion. The full paper can be found at http://www.erts2012.org/Site/0P2RUC89/7A-3.pdf

Technologie
1 von 62
Downloaden Sie, um offline zu lesen
Formalization and Comparison of mcdc and Object Branch Coverage Criteria Cyrille Comar, Jerome Guitton, Olivier Hainque, Thomas Quinot 1 / 17
Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc 2 / 17
Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc Structural (source) coverage 2 / 17
Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc Structural (source) coverage More than statement coverage... 2 / 17
Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc Structural (source) coverage More than statement coverage... ...but not all execution paths (too costly) 2 / 17
Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc Structural (source) coverage More than statement coverage... ...but not all execution paths (too costly) e.g. for a decision C1 and C2 and . . . and CN : 2 / 17
Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc Structural (source) coverage More than statement coverage... ...but not all execution paths (too costly) e.g. for a decision C1 and C2 and . . . and CN : 2N execution paths 2 / 17
Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc Structural (source) coverage More than statement coverage... ...but not all execution paths (too costly) e.g. for a decision C1 and C2 and . . . and CN : 2N execution paths N + 1 tests in mcdc 2 / 17
Some issues with mcdc source coverage criteria means language-dependent 3 / 17
Some issues with mcdc source coverage criteria means language-dependent no tool for Ada 2005 when Couverture started... 3 / 17
Some issues with mcdc source coverage criteria means language-dependent no tool for Ada 2005 when Couverture started... instrumenting source code? intrusive... 3 / 17
Some issues with mcdc source coverage criteria means language-dependent no tool for Ada 2005 when Couverture started... instrumenting source code? intrusive... unbounded execution traces 3 / 17
Some issues with mcdc source coverage criteria means language-dependent no tool for Ada 2005 when Couverture started... instrumenting source code? intrusive... unbounded execution traces Use object coverage instead? 3 / 17
Object coverage to assess mcdc Assumption that object branch coverage (obc) is stronger than mcdc 4 / 17
Object coverage to assess mcdc Assumption that object branch coverage (obc) is stronger than mcdc widespread industrial practise 4 / 17
Object coverage to assess mcdc Assumption that object branch coverage (obc) is stronger than mcdc widespread industrial practise language-independent 4 / 17
Object coverage to assess mcdc Assumption that object branch coverage (obc) is stronger than mcdc widespread industrial practise language-independent bounded traces 4 / 17
Using obc to achieve mcdc ? short-circuit operators... (A mod B = 0) and then (C = 0)
Using obc to achieve mcdc ? short-circuit operators... (A mod B = 0) and then (C = 0) A mod B = 0 F T F C =0 F T F T 5 / 17
Using obc to achieve mcdc ? short-circuit operators... A mod B = 0 B = −1 F (A mod B = 0) and then (C = 0) A 0 F A mod B = 0 B<0 T T F T F T F C =0 F T R=0 F T F T F C =0 F T F T 5 / 17
What do certification standards say about that? DO-248C FAQ #42: Object coverage can be used as long as analysis can be provided which demonstrates that the coverage analysis conducted at the Object Code will achieve a comparable level of coverage assurance as that conducted at the Source Code level. 6 / 17
The sad truth... The assumption is wrong: obc is not stronger than mcdc! 7 / 17
The sad truth... The assumption is wrong: obc is not stronger than mcdc! A counterexample in DOT/FAA/AR-07/20, Jun 2007: Object Oriented Technology Verification Phase 3 Report - Structural Coverage at the Source Code and Object Code Levels 7 / 17
The sad truth... The assumption is wrong: obc is not stronger than mcdc! A counterexample in DOT/FAA/AR-07/20, Jun 2007: Object Oriented Technology Verification Phase 3 Report - Structural Coverage at the Source Code and Object Code Levels (A and then B) or else C can be covered for obc without achieving mcdc 7 / 17
Having a closer look... Alloy model: check conjectures, generate counterexamples... 8 / 17
Pathological case Alloy helped finding a impressive counterexample: 9 / 17
Pathological case Alloy helped finding a impressive counterexample: Decision with an arbitrary high number of conditions N... 9 / 17
Pathological case Alloy helped finding a impressive counterexample: Decision with an arbitrary high number of conditions N... ...that needs N+1 tests to be mcdc-covered... 9 / 17
Pathological case Alloy helped finding a impressive counterexample: Decision with an arbitrary high number of conditions N... ...that needs N+1 tests to be mcdc-covered... ...and only 3 tests to be obc-covered! 9 / 17
Pathological case Alloy helped finding a impressive counterexample: Decision with an arbitrary high number of conditions N... ...that needs N+1 tests to be mcdc-covered... ...and only 3 tests to be obc-covered! Here obc is much weaker than mcdc! 9 / 17
Now what? Sure, in some cases, obc does not imply mcdc... 10 / 17
Now what? Sure, in some cases, obc does not imply mcdc... ...and in some pathological cases, the two criteria diverges quite badly... 10 / 17
Now what? Sure, in some cases, obc does not imply mcdc... ...and in some pathological cases, the two criteria diverges quite badly... ...but past experience has shown that it works in many cases 10 / 17
Now what? Sure, in some cases, obc does not imply mcdc... ...and in some pathological cases, the two criteria diverges quite badly... ...but past experience has shown that it works in many cases ...so are there conditions that would allow this implication? 10 / 17
Now what? Sure, in some cases, obc does not imply mcdc... ...and in some pathological cases, the two criteria diverges quite badly... ...but past experience has shown that it works in many cases ...so are there conditions that would allow this implication? could be enforced by a coding standard 10 / 17
Now what? Sure, in some cases, obc does not imply mcdc... ...and in some pathological cases, the two criteria diverges quite badly... ...but past experience has shown that it works in many cases ...so are there conditions that would allow this implication? could be enforced by a coding standard could be an optimization for coverage tools 10 / 17
Cases where obc implies mcdc Theorem If there is only one execution path to each condition, then obc implies mcdc. 11 / 17
Cases where obc implies mcdc Theorem If there is only one execution path to each condition, then obc implies mcdc. C1 and then C2 11 / 17
Cases where obc implies mcdc Theorem If there is only one execution path to each condition, then obc implies mcdc. C1 and then C2 C1 F T F C2 F T F T
Cases where obc implies mcdc Theorem If there is only one execution path to each condition, then obc implies mcdc. C1 and then C2 C1 F T F C2 F T F T 11 / 17
Cases where obc does not imply mcdc Theorem On the contrary, if there exists a condition that can be reached by more than one execution path, obc does not always imply mcdc. 12 / 17
Cases where obc does not imply mcdc Theorem On the contrary, if there exists a condition that can be reached by more than one execution path, obc does not always imply mcdc. (A and then B) or else C 12 / 17
Cases where obc does not imply mcdc Theorem On the contrary, if there exists a condition that can be reached by more than one execution path, obc does not always imply mcdc. (A and then B) or else C A B T C T F
Cases where obc does not imply mcdc Theorem On the contrary, if there exists a condition that can be reached by more than one execution path, obc does not always imply mcdc. (A and then B) or else C A B T C T F 12 / 17
human-readable characteristic Dec1 or else (Dec2 and then . . . ) 13 / 17
human-readable characteristic Dec1 or else (Dec2 and then . . . ) OR ELSE c1 AND THEN De [. c2 .. De ] 13 / 17
human-readable characteristic Dec1 or else (Dec2 and then . . . ) OR ELSE c1 AND THEN De no and then [. c2 .. De ] 13 / 17
human-readable characteristic Dec1 or else (Dec2 and then . . . ) OR ELSE c1 AND THEN De [. c2 .. De ] no or else 13 / 17
Experimental results In the industrial applications that we looked at, 99 % of the decisions are such that obc implies mcdc 14 / 17
Experimental results In the industrial applications that we looked at, 99 % of the decisions are such that obc implies mcdc configuration App. 1 App. 2 GNATcoverage #decisions 869 37324 1026 #non-tree BDD 7 (0.8 %) 141 (0.4 %) 4 (0.4 %) 14 / 17
Experimental results In the industrial applications that we looked at, 99 % of the decisions are such that obc implies mcdc configuration App. 1 App. 2 GNATcoverage #decisions 869 37324 1026 #non-tree BDD 7 (0.8 %) 141 (0.4 %) 4 (0.4 %) 14 / 17
Experimental results Evaluating the impact of this optimization on the qualification testsuite of GNATcoverage; 15 / 17
Experimental results Evaluating the impact of this optimization on the qualification testsuite of GNATcoverage; compute the coverage of GNATcoverage in 3 different configurations: obc: as a baseline; mcdc 1: historical traces on branches of all decision; mcdc 2: historical traces only when there are conditions reachable by several paths... 15 / 17
Experimental results Evaluating the impact of this optimization on the qualification testsuite of GNATcoverage; compute the coverage of GNATcoverage in 3 different configurations: obc: as a baseline; mcdc 1: historical traces on branches of all decision; mcdc 2: historical traces only when there are conditions reachable by several paths... ...and compare the size of the generated traces. 15 / 17
Experimental results configuration obc mcdc 1 mcdc 2 #branches to trace 0 1788 22 size of traces 1.33G 5.06G 1.37G 16 / 17
Experimental results configuration obc mcdc 1 mcdc 2 #branches to trace 0 1788 22 size of traces 1.33G 5.06G 1.37G The optimization removes 99 % of historical traces 16 / 17
Experimental results configuration obc mcdc 1 mcdc 2 #branches to trace 0 1788 22 size of traces 1.33G 5.06G 1.37G The optimization removes 99 % of historical traces The overead compared to obc is marginal 16 / 17
More information... Resources: Couverture public repository on the Open-Do forge (https://forge.open-do.org/projects/couverture/) 17 / 17
More information... Resources: Couverture public repository on the Open-Do forge (https://forge.open-do.org/projects/couverture/) Alloy models 17 / 17
More information... Resources: Couverture public repository on the Open-Do forge (https://forge.open-do.org/projects/couverture/) Alloy models Proofs of theorems comparing obc and mcdc 17 / 17
More information... Resources: Couverture public repository on the Open-Do forge (https://forge.open-do.org/projects/couverture/) Alloy models Proofs of theorems comparing obc and mcdc other results about mcdc 17 / 17
More information... Resources: Couverture public repository on the Open-Do forge (https://forge.open-do.org/projects/couverture/) Alloy models Proofs of theorems comparing obc and mcdc other results about mcdc Couverture project gave birth to an industrial tool: GNATcoverage 17 / 17

Empfohlen

50
5050
50srimoorthi
 
Cg in Two Pages
Cg in Two PagesCg in Two Pages
Cg in Two PagesMark Kilgard
 
How To Code in C#
How To Code in C#How To Code in C#
How To Code in C#David Ringsell
 
Rsltollvm
RsltollvmRsltollvm
RsltollvmSyoyo Fujita
 
A Follow-up Cg Runtime Tutorial for Readers of The Cg Tutorial
A Follow-up Cg Runtime Tutorial for Readers of The Cg TutorialA Follow-up Cg Runtime Tutorial for Readers of The Cg Tutorial
A Follow-up Cg Runtime Tutorial for Readers of The Cg TutorialMark Kilgard
 
Silicon Valley Code Camp - Do you C what I C
Silicon Valley Code Camp - Do you C what I CSilicon Valley Code Camp - Do you C what I C
Silicon Valley Code Camp - Do you C what I CEmbarcadero Technologies
 
Eclipse Summit Europe 08 - Aspect Weaving for OSGi
Eclipse Summit Europe 08 - Aspect Weaving for OSGiEclipse Summit Europe 08 - Aspect Weaving for OSGi
Eclipse Summit Europe 08 - Aspect Weaving for OSGiHeiko Seeberger
 
Safe and Reliable Embedded Linux Programming: How to Get There
Safe and Reliable Embedded Linux Programming: How to Get ThereSafe and Reliable Embedded Linux Programming: How to Get There
Safe and Reliable Embedded Linux Programming: How to Get ThereAdaCore
 

Empfohlen

50
5050
50srimoorthi
 
Cg in Two Pages
Cg in Two PagesCg in Two Pages
Cg in Two PagesMark Kilgard
 
How To Code in C#
How To Code in C#How To Code in C#
How To Code in C#David Ringsell
 
Rsltollvm
RsltollvmRsltollvm
RsltollvmSyoyo Fujita
 
A Follow-up Cg Runtime Tutorial for Readers of The Cg Tutorial
A Follow-up Cg Runtime Tutorial for Readers of The Cg TutorialA Follow-up Cg Runtime Tutorial for Readers of The Cg Tutorial
A Follow-up Cg Runtime Tutorial for Readers of The Cg TutorialMark Kilgard
 
Silicon Valley Code Camp - Do you C what I C
Silicon Valley Code Camp - Do you C what I CSilicon Valley Code Camp - Do you C what I C
Silicon Valley Code Camp - Do you C what I CEmbarcadero Technologies
 
Eclipse Summit Europe 08 - Aspect Weaving for OSGi
Eclipse Summit Europe 08 - Aspect Weaving for OSGiEclipse Summit Europe 08 - Aspect Weaving for OSGi
Eclipse Summit Europe 08 - Aspect Weaving for OSGiHeiko Seeberger
 
Safe and Reliable Embedded Linux Programming: How to Get There
Safe and Reliable Embedded Linux Programming: How to Get ThereSafe and Reliable Embedded Linux Programming: How to Get There
Safe and Reliable Embedded Linux Programming: How to Get ThereAdaCore
 
DO-178C OOT supplement: A user's perspective
DO-178C OOT supplement: A user's perspectiveDO-178C OOT supplement: A user's perspective
DO-178C OOT supplement: A user's perspectiveAdaCore
 
Open-DO Update
Open-DO UpdateOpen-DO Update
Open-DO UpdateAdaCore
 
GNATcoverage/GNATemulator launch
GNATcoverage/GNATemulator launchGNATcoverage/GNATemulator launch
GNATcoverage/GNATemulator launchAdaCore
 
OrientDB Distributed Architecture v2.0
OrientDB Distributed Architecture v2.0OrientDB Distributed Architecture v2.0
OrientDB Distributed Architecture v2.0Orient Technologies
 
10.1.1.45.6568
10.1.1.45.656810.1.1.45.6568
10.1.1.45.6568Shrinivas Saptalakar
 
Lec11 rate distortion optimization
Lec11 rate distortion optimizationLec11 rate distortion optimization
Lec11 rate distortion optimizationUnited States Air Force Academy
 
OrientDB and Hazelcast
OrientDB and HazelcastOrientDB and Hazelcast
OrientDB and HazelcastLuca Garulli
 
OrientDB & Hazelcast: In-Memory Distributed Graph Database
OrientDB & Hazelcast: In-Memory Distributed Graph Database OrientDB & Hazelcast: In-Memory Distributed Graph Database
OrientDB & Hazelcast: In-Memory Distributed Graph DatabaseHazelcast
 
Bridging the Pervasive Computing Gap: An Aggregate Perspective
Bridging the Pervasive Computing Gap: An Aggregate PerspectiveBridging the Pervasive Computing Gap: An Aggregate Perspective
Bridging the Pervasive Computing Gap: An Aggregate PerspectiveRoberto Casadei
 
Optimization in CFD and Case Studies
Optimization in CFD and Case StudiesOptimization in CFD and Case Studies
Optimization in CFD and Case StudiesAbhishek Jain
 
Beginning direct3d gameprogramming03_programmingconventions_20160414_jintaeks
Beginning direct3d gameprogramming03_programmingconventions_20160414_jintaeksBeginning direct3d gameprogramming03_programmingconventions_20160414_jintaeks
Beginning direct3d gameprogramming03_programmingconventions_20160414_jintaeksJinTaek Seo
 
CMOS Topic 6 -_designing_combinational_logic_circuits
CMOS Topic 6 -_designing_combinational_logic_circuitsCMOS Topic 6 -_designing_combinational_logic_circuits
CMOS Topic 6 -_designing_combinational_logic_circuitsIkhwan_Fakrudin
 
Eclipse Code Recommenders @ cross-event Deutsche Telekom Developer Garden Tec...
Eclipse Code Recommenders @ cross-event Deutsche Telekom Developer Garden Tec...Eclipse Code Recommenders @ cross-event Deutsche Telekom Developer Garden Tec...
Eclipse Code Recommenders @ cross-event Deutsche Telekom Developer Garden Tec...Marcel Bruch
 
Fundamentals of Computational Fluid Dynamics
Fundamentals of Computational Fluid DynamicsFundamentals of Computational Fluid Dynamics
Fundamentals of Computational Fluid DynamicsPankaj Koli
 
Invited Paper for ASM 2004
Invited Paper for ASM 2004Invited Paper for ASM 2004
Invited Paper for ASM 2004stephen_mcparlin
 
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...AMD Developer Central
 
Reed Solomon Frame Structures Revealed
Reed Solomon Frame Structures RevealedReed Solomon Frame Structures Revealed
Reed Solomon Frame Structures RevealedDavid Alan Tyner
 
ETAPS03 SC.ppt
ETAPS03 SC.pptETAPS03 SC.ppt
ETAPS03 SC.pptPtidej Team
 
ANTENNA (new)LLL.pptx
ANTENNA (new)LLL.pptxANTENNA (new)LLL.pptx
ANTENNA (new)LLL.pptxMuhammed Abdulmahdi
 
Eclipse Code Recommenders @ MAJUG 2011
Eclipse Code Recommenders @ MAJUG 2011Eclipse Code Recommenders @ MAJUG 2011
Eclipse Code Recommenders @ MAJUG 2011Marcel Bruch
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?AdaCore
 

Weitere ähnliche Inhalte

Ähnlich wie Couverture erts2012

DO-178C OOT supplement: A user's perspective
DO-178C OOT supplement: A user's perspectiveDO-178C OOT supplement: A user's perspective
DO-178C OOT supplement: A user's perspectiveAdaCore
 
Open-DO Update
Open-DO UpdateOpen-DO Update
Open-DO UpdateAdaCore
 
GNATcoverage/GNATemulator launch
GNATcoverage/GNATemulator launchGNATcoverage/GNATemulator launch
GNATcoverage/GNATemulator launchAdaCore
 
OrientDB Distributed Architecture v2.0
OrientDB Distributed Architecture v2.0OrientDB Distributed Architecture v2.0
OrientDB Distributed Architecture v2.0Orient Technologies
 
OrientDB and Hazelcast
OrientDB and HazelcastOrientDB and Hazelcast
OrientDB and HazelcastLuca Garulli
 
OrientDB & Hazelcast: In-Memory Distributed Graph Database
OrientDB & Hazelcast: In-Memory Distributed Graph Database OrientDB & Hazelcast: In-Memory Distributed Graph Database
OrientDB & Hazelcast: In-Memory Distributed Graph DatabaseHazelcast
 
Bridging the Pervasive Computing Gap: An Aggregate Perspective
Bridging the Pervasive Computing Gap: An Aggregate PerspectiveBridging the Pervasive Computing Gap: An Aggregate Perspective
Bridging the Pervasive Computing Gap: An Aggregate PerspectiveRoberto Casadei
 
Optimization in CFD and Case Studies
Optimization in CFD and Case StudiesOptimization in CFD and Case Studies
Optimization in CFD and Case StudiesAbhishek Jain
 
Beginning direct3d gameprogramming03_programmingconventions_20160414_jintaeks
Beginning direct3d gameprogramming03_programmingconventions_20160414_jintaeksBeginning direct3d gameprogramming03_programmingconventions_20160414_jintaeks
Beginning direct3d gameprogramming03_programmingconventions_20160414_jintaeksJinTaek Seo
 
CMOS Topic 6 -_designing_combinational_logic_circuits
CMOS Topic 6 -_designing_combinational_logic_circuitsCMOS Topic 6 -_designing_combinational_logic_circuits
CMOS Topic 6 -_designing_combinational_logic_circuitsIkhwan_Fakrudin
 
Eclipse Code Recommenders @ cross-event Deutsche Telekom Developer Garden Tec...
Eclipse Code Recommenders @ cross-event Deutsche Telekom Developer Garden Tec...Eclipse Code Recommenders @ cross-event Deutsche Telekom Developer Garden Tec...
Eclipse Code Recommenders @ cross-event Deutsche Telekom Developer Garden Tec...Marcel Bruch
 
Fundamentals of Computational Fluid Dynamics
Fundamentals of Computational Fluid DynamicsFundamentals of Computational Fluid Dynamics
Fundamentals of Computational Fluid DynamicsPankaj Koli
 
Invited Paper for ASM 2004
Invited Paper for ASM 2004Invited Paper for ASM 2004
Invited Paper for ASM 2004stephen_mcparlin
 
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...AMD Developer Central
 
Reed Solomon Frame Structures Revealed
Reed Solomon Frame Structures RevealedReed Solomon Frame Structures Revealed
Reed Solomon Frame Structures RevealedDavid Alan Tyner
 
Eclipse Code Recommenders @ MAJUG 2011
Eclipse Code Recommenders @ MAJUG 2011Eclipse Code Recommenders @ MAJUG 2011
Eclipse Code Recommenders @ MAJUG 2011Marcel Bruch
 

Ähnlich wie Couverture erts2012 (20)

DO-178C OOT supplement: A user's perspective
DO-178C OOT supplement: A user's perspectiveDO-178C OOT supplement: A user's perspective
DO-178C OOT supplement: A user's perspective
 
Open-DO Update
Open-DO UpdateOpen-DO Update
Open-DO Update
 
GNATcoverage/GNATemulator launch
GNATcoverage/GNATemulator launchGNATcoverage/GNATemulator launch
GNATcoverage/GNATemulator launch
 
OrientDB Distributed Architecture v2.0
OrientDB Distributed Architecture v2.0OrientDB Distributed Architecture v2.0
OrientDB Distributed Architecture v2.0
 
10.1.1.45.6568
10.1.1.45.656810.1.1.45.6568
10.1.1.45.6568
 
Lec11 rate distortion optimization
Lec11 rate distortion optimizationLec11 rate distortion optimization
Lec11 rate distortion optimization
 
OrientDB and Hazelcast
OrientDB and HazelcastOrientDB and Hazelcast
OrientDB and Hazelcast
 
OrientDB & Hazelcast: In-Memory Distributed Graph Database
OrientDB & Hazelcast: In-Memory Distributed Graph Database OrientDB & Hazelcast: In-Memory Distributed Graph Database
OrientDB & Hazelcast: In-Memory Distributed Graph Database
 
Bridging the Pervasive Computing Gap: An Aggregate Perspective
Bridging the Pervasive Computing Gap: An Aggregate PerspectiveBridging the Pervasive Computing Gap: An Aggregate Perspective
Bridging the Pervasive Computing Gap: An Aggregate Perspective
 
Optimization in CFD and Case Studies
Optimization in CFD and Case StudiesOptimization in CFD and Case Studies
Optimization in CFD and Case Studies
 
Beginning direct3d gameprogramming03_programmingconventions_20160414_jintaeks
Beginning direct3d gameprogramming03_programmingconventions_20160414_jintaeksBeginning direct3d gameprogramming03_programmingconventions_20160414_jintaeks
Beginning direct3d gameprogramming03_programmingconventions_20160414_jintaeks
 
CMOS Topic 6 -_designing_combinational_logic_circuits
CMOS Topic 6 -_designing_combinational_logic_circuitsCMOS Topic 6 -_designing_combinational_logic_circuits
CMOS Topic 6 -_designing_combinational_logic_circuits
 
Eclipse Code Recommenders @ cross-event Deutsche Telekom Developer Garden Tec...
Eclipse Code Recommenders @ cross-event Deutsche Telekom Developer Garden Tec...Eclipse Code Recommenders @ cross-event Deutsche Telekom Developer Garden Tec...
Eclipse Code Recommenders @ cross-event Deutsche Telekom Developer Garden Tec...
 
Fundamentals of Computational Fluid Dynamics
Fundamentals of Computational Fluid DynamicsFundamentals of Computational Fluid Dynamics
Fundamentals of Computational Fluid Dynamics
 
Invited Paper for ASM 2004
Invited Paper for ASM 2004Invited Paper for ASM 2004
Invited Paper for ASM 2004
 
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...
 
Reed Solomon Frame Structures Revealed
Reed Solomon Frame Structures RevealedReed Solomon Frame Structures Revealed
Reed Solomon Frame Structures Revealed
 
ETAPS03 SC.ppt
ETAPS03 SC.pptETAPS03 SC.ppt
ETAPS03 SC.ppt
 
ANTENNA (new)LLL.pptx
ANTENNA (new)LLL.pptxANTENNA (new)LLL.pptx
ANTENNA (new)LLL.pptx
 
Eclipse Code Recommenders @ MAJUG 2011
Eclipse Code Recommenders @ MAJUG 2011Eclipse Code Recommenders @ MAJUG 2011
Eclipse Code Recommenders @ MAJUG 2011
 

Mehr von AdaCore

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?AdaCore
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesAdaCore
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic libraryAdaCore
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsAdaCore
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verificationAdaCore
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofAdaCore
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationAdaCore
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareAdaCore
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentAdaCore
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...AdaCore
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!AdaCore
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaCore
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...AdaCore
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologyAdaCore
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextAdaCore
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareAdaCore
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareAdaCore
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentAdaCore
 

Mehr von AdaCore (20)

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languages
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic library
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing Solutions
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verification
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program Proof
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configuration
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded Software
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware Development
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR Architecture
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar Technology
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 context
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle software
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling Software
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise Environment
 

Kürzlich hochgeladen

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Kürzlich hochgeladen (20)

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Couverture erts2012

  • 1. Formalization and Comparison of mcdc and Object Branch Coverage Criteria Cyrille Comar, Jerome Guitton, Olivier Hainque, Thomas Quinot 1 / 17
  • 2. Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc 2 / 17
  • 3. Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc Structural (source) coverage 2 / 17
  • 4. Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc Structural (source) coverage More than statement coverage... 2 / 17
  • 5. Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc Structural (source) coverage More than statement coverage... ...but not all execution paths (too costly) 2 / 17
  • 6. Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc Structural (source) coverage More than statement coverage... ...but not all execution paths (too costly) e.g. for a decision C1 and C2 and . . . and CN : 2 / 17
  • 7. Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc Structural (source) coverage More than statement coverage... ...but not all execution paths (too costly) e.g. for a decision C1 and C2 and . . . and CN : 2N execution paths 2 / 17
  • 8. Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc Structural (source) coverage More than statement coverage... ...but not all execution paths (too costly) e.g. for a decision C1 and C2 and . . . and CN : 2N execution paths N + 1 tests in mcdc 2 / 17
  • 9. Some issues with mcdc source coverage criteria means language-dependent 3 / 17
  • 10. Some issues with mcdc source coverage criteria means language-dependent no tool for Ada 2005 when Couverture started... 3 / 17
  • 11. Some issues with mcdc source coverage criteria means language-dependent no tool for Ada 2005 when Couverture started... instrumenting source code? intrusive... 3 / 17
  • 12. Some issues with mcdc source coverage criteria means language-dependent no tool for Ada 2005 when Couverture started... instrumenting source code? intrusive... unbounded execution traces 3 / 17
  • 13. Some issues with mcdc source coverage criteria means language-dependent no tool for Ada 2005 when Couverture started... instrumenting source code? intrusive... unbounded execution traces Use object coverage instead? 3 / 17
  • 14. Object coverage to assess mcdc Assumption that object branch coverage (obc) is stronger than mcdc 4 / 17
  • 15. Object coverage to assess mcdc Assumption that object branch coverage (obc) is stronger than mcdc widespread industrial practise 4 / 17
  • 16. Object coverage to assess mcdc Assumption that object branch coverage (obc) is stronger than mcdc widespread industrial practise language-independent 4 / 17
  • 17. Object coverage to assess mcdc Assumption that object branch coverage (obc) is stronger than mcdc widespread industrial practise language-independent bounded traces 4 / 17
  • 18. Using obc to achieve mcdc ? short-circuit operators... (A mod B = 0) and then (C = 0)
  • 19. Using obc to achieve mcdc ? short-circuit operators... (A mod B = 0) and then (C = 0) A mod B = 0 F T F C =0 F T F T 5 / 17
  • 20. Using obc to achieve mcdc ? short-circuit operators... A mod B = 0 B = −1 F (A mod B = 0) and then (C = 0) A 0 F A mod B = 0 B<0 T T F T F T F C =0 F T R=0 F T F T F C =0 F T F T 5 / 17
  • 21. What do certification standards say about that? DO-248C FAQ #42: Object coverage can be used as long as analysis can be provided which demonstrates that the coverage analysis conducted at the Object Code will achieve a comparable level of coverage assurance as that conducted at the Source Code level. 6 / 17
  • 22. The sad truth... The assumption is wrong: obc is not stronger than mcdc! 7 / 17
  • 23. The sad truth... The assumption is wrong: obc is not stronger than mcdc! A counterexample in DOT/FAA/AR-07/20, Jun 2007: Object Oriented Technology Verification Phase 3 Report - Structural Coverage at the Source Code and Object Code Levels 7 / 17
  • 24. The sad truth... The assumption is wrong: obc is not stronger than mcdc! A counterexample in DOT/FAA/AR-07/20, Jun 2007: Object Oriented Technology Verification Phase 3 Report - Structural Coverage at the Source Code and Object Code Levels (A and then B) or else C can be covered for obc without achieving mcdc 7 / 17
  • 25. Having a closer look... Alloy model: check conjectures, generate counterexamples... 8 / 17
  • 26. Pathological case Alloy helped finding a impressive counterexample: 9 / 17
  • 27. Pathological case Alloy helped finding a impressive counterexample: Decision with an arbitrary high number of conditions N... 9 / 17
  • 28. Pathological case Alloy helped finding a impressive counterexample: Decision with an arbitrary high number of conditions N... ...that needs N+1 tests to be mcdc-covered... 9 / 17
  • 29. Pathological case Alloy helped finding a impressive counterexample: Decision with an arbitrary high number of conditions N... ...that needs N+1 tests to be mcdc-covered... ...and only 3 tests to be obc-covered! 9 / 17
  • 30. Pathological case Alloy helped finding a impressive counterexample: Decision with an arbitrary high number of conditions N... ...that needs N+1 tests to be mcdc-covered... ...and only 3 tests to be obc-covered! Here obc is much weaker than mcdc! 9 / 17
  • 31. Now what? Sure, in some cases, obc does not imply mcdc... 10 / 17
  • 32. Now what? Sure, in some cases, obc does not imply mcdc... ...and in some pathological cases, the two criteria diverges quite badly... 10 / 17
  • 33. Now what? Sure, in some cases, obc does not imply mcdc... ...and in some pathological cases, the two criteria diverges quite badly... ...but past experience has shown that it works in many cases 10 / 17
  • 34. Now what? Sure, in some cases, obc does not imply mcdc... ...and in some pathological cases, the two criteria diverges quite badly... ...but past experience has shown that it works in many cases ...so are there conditions that would allow this implication? 10 / 17
  • 35. Now what? Sure, in some cases, obc does not imply mcdc... ...and in some pathological cases, the two criteria diverges quite badly... ...but past experience has shown that it works in many cases ...so are there conditions that would allow this implication? could be enforced by a coding standard 10 / 17
  • 36. Now what? Sure, in some cases, obc does not imply mcdc... ...and in some pathological cases, the two criteria diverges quite badly... ...but past experience has shown that it works in many cases ...so are there conditions that would allow this implication? could be enforced by a coding standard could be an optimization for coverage tools 10 / 17
  • 37. Cases where obc implies mcdc Theorem If there is only one execution path to each condition, then obc implies mcdc. 11 / 17
  • 38. Cases where obc implies mcdc Theorem If there is only one execution path to each condition, then obc implies mcdc. C1 and then C2 11 / 17
  • 39. Cases where obc implies mcdc Theorem If there is only one execution path to each condition, then obc implies mcdc. C1 and then C2 C1 F T F C2 F T F T
  • 40. Cases where obc implies mcdc Theorem If there is only one execution path to each condition, then obc implies mcdc. C1 and then C2 C1 F T F C2 F T F T 11 / 17
  • 41. Cases where obc does not imply mcdc Theorem On the contrary, if there exists a condition that can be reached by more than one execution path, obc does not always imply mcdc. 12 / 17
  • 42. Cases where obc does not imply mcdc Theorem On the contrary, if there exists a condition that can be reached by more than one execution path, obc does not always imply mcdc. (A and then B) or else C 12 / 17
  • 43. Cases where obc does not imply mcdc Theorem On the contrary, if there exists a condition that can be reached by more than one execution path, obc does not always imply mcdc. (A and then B) or else C A B T C T F
  • 44. Cases where obc does not imply mcdc Theorem On the contrary, if there exists a condition that can be reached by more than one execution path, obc does not always imply mcdc. (A and then B) or else C A B T C T F 12 / 17
  • 45. human-readable characteristic Dec1 or else (Dec2 and then . . . ) 13 / 17
  • 46. human-readable characteristic Dec1 or else (Dec2 and then . . . ) OR ELSE c1 AND THEN De [. c2 .. De ] 13 / 17
  • 47. human-readable characteristic Dec1 or else (Dec2 and then . . . ) OR ELSE c1 AND THEN De no and then [. c2 .. De ] 13 / 17
  • 48. human-readable characteristic Dec1 or else (Dec2 and then . . . ) OR ELSE c1 AND THEN De [. c2 .. De ] no or else 13 / 17
  • 49. Experimental results In the industrial applications that we looked at, 99 % of the decisions are such that obc implies mcdc 14 / 17
  • 50. Experimental results In the industrial applications that we looked at, 99 % of the decisions are such that obc implies mcdc configuration App. 1 App. 2 GNATcoverage #decisions 869 37324 1026 #non-tree BDD 7 (0.8 %) 141 (0.4 %) 4 (0.4 %) 14 / 17
  • 51. Experimental results In the industrial applications that we looked at, 99 % of the decisions are such that obc implies mcdc configuration App. 1 App. 2 GNATcoverage #decisions 869 37324 1026 #non-tree BDD 7 (0.8 %) 141 (0.4 %) 4 (0.4 %) 14 / 17
  • 52. Experimental results Evaluating the impact of this optimization on the qualification testsuite of GNATcoverage; 15 / 17
  • 53. Experimental results Evaluating the impact of this optimization on the qualification testsuite of GNATcoverage; compute the coverage of GNATcoverage in 3 different configurations: obc: as a baseline; mcdc 1: historical traces on branches of all decision; mcdc 2: historical traces only when there are conditions reachable by several paths... 15 / 17
  • 54. Experimental results Evaluating the impact of this optimization on the qualification testsuite of GNATcoverage; compute the coverage of GNATcoverage in 3 different configurations: obc: as a baseline; mcdc 1: historical traces on branches of all decision; mcdc 2: historical traces only when there are conditions reachable by several paths... ...and compare the size of the generated traces. 15 / 17
  • 55. Experimental results configuration obc mcdc 1 mcdc 2 #branches to trace 0 1788 22 size of traces 1.33G 5.06G 1.37G 16 / 17
  • 56. Experimental results configuration obc mcdc 1 mcdc 2 #branches to trace 0 1788 22 size of traces 1.33G 5.06G 1.37G The optimization removes 99 % of historical traces 16 / 17
  • 57. Experimental results configuration obc mcdc 1 mcdc 2 #branches to trace 0 1788 22 size of traces 1.33G 5.06G 1.37G The optimization removes 99 % of historical traces The overead compared to obc is marginal 16 / 17
  • 58. More information... Resources: Couverture public repository on the Open-Do forge (https://forge.open-do.org/projects/couverture/) 17 / 17
  • 59. More information... Resources: Couverture public repository on the Open-Do forge (https://forge.open-do.org/projects/couverture/) Alloy models 17 / 17
  • 60. More information... Resources: Couverture public repository on the Open-Do forge (https://forge.open-do.org/projects/couverture/) Alloy models Proofs of theorems comparing obc and mcdc 17 / 17
  • 61. More information... Resources: Couverture public repository on the Open-Do forge (https://forge.open-do.org/projects/couverture/) Alloy models Proofs of theorems comparing obc and mcdc other results about mcdc 17 / 17
  • 62. More information... Resources: Couverture public repository on the Open-Do forge (https://forge.open-do.org/projects/couverture/) Alloy models Proofs of theorems comparing obc and mcdc other results about mcdc Couverture project gave birth to an industrial tool: GNATcoverage 17 / 17