SlideShare a Scribd company logo

Couverture erts2012

AdaCore
AdaCore

Jerome Guitton's presentation on the formal results derived from the COUVERTURE project, whose goal was to develop tools to support structural coverage analysis of unin- strumented safety-critical software. After briefly intro- ducing the project context and explaining the need for formal foundations, we focus on the relationships be- tween machine branch coverage and the DO-178B Modified Condition/Decision Coverage (MCDC) criterion. The full paper can be found at http://www.erts2012.org/Site/0P2RUC89/7A-3.pdf

Technology
1 of 62
Download to read offline
Formalization and Comparison of mcdc and Object Branch Coverage Criteria Cyrille Comar, Jerome Guitton, Olivier Hainque, Thomas Quinot 1 / 17
Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc 2 / 17
Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc Structural (source) coverage 2 / 17
Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc Structural (source) coverage More than statement coverage... 2 / 17
Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc Structural (source) coverage More than statement coverage... ...but not all execution paths (too costly) 2 / 17
Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc Structural (source) coverage More than statement coverage... ...but not all execution paths (too costly) e.g. for a decision C1 and C2 and . . . and CN : 2 / 17
Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc Structural (source) coverage More than statement coverage... ...but not all execution paths (too costly) e.g. for a decision C1 and C2 and . . . and CN : 2N execution paths 2 / 17
Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc Structural (source) coverage More than statement coverage... ...but not all execution paths (too costly) e.g. for a decision C1 and C2 and . . . and CN : 2N execution paths N + 1 tests in mcdc 2 / 17
Some issues with mcdc source coverage criteria means language-dependent 3 / 17
Some issues with mcdc source coverage criteria means language-dependent no tool for Ada 2005 when Couverture started... 3 / 17
Some issues with mcdc source coverage criteria means language-dependent no tool for Ada 2005 when Couverture started... instrumenting source code? intrusive... 3 / 17
Some issues with mcdc source coverage criteria means language-dependent no tool for Ada 2005 when Couverture started... instrumenting source code? intrusive... unbounded execution traces 3 / 17
Some issues with mcdc source coverage criteria means language-dependent no tool for Ada 2005 when Couverture started... instrumenting source code? intrusive... unbounded execution traces Use object coverage instead? 3 / 17
Object coverage to assess mcdc Assumption that object branch coverage (obc) is stronger than mcdc 4 / 17
Object coverage to assess mcdc Assumption that object branch coverage (obc) is stronger than mcdc widespread industrial practise 4 / 17
Object coverage to assess mcdc Assumption that object branch coverage (obc) is stronger than mcdc widespread industrial practise language-independent 4 / 17
Object coverage to assess mcdc Assumption that object branch coverage (obc) is stronger than mcdc widespread industrial practise language-independent bounded traces 4 / 17
Using obc to achieve mcdc ? short-circuit operators... (A mod B = 0) and then (C = 0)
Using obc to achieve mcdc ? short-circuit operators... (A mod B = 0) and then (C = 0) A mod B = 0 F T F C =0 F T F T 5 / 17
Using obc to achieve mcdc ? short-circuit operators... A mod B = 0 B = −1 F (A mod B = 0) and then (C = 0) A 0 F A mod B = 0 B<0 T T F T F T F C =0 F T R=0 F T F T F C =0 F T F T 5 / 17
What do certification standards say about that? DO-248C FAQ #42: Object coverage can be used as long as analysis can be provided which demonstrates that the coverage analysis conducted at the Object Code will achieve a comparable level of coverage assurance as that conducted at the Source Code level. 6 / 17
The sad truth... The assumption is wrong: obc is not stronger than mcdc! 7 / 17
The sad truth... The assumption is wrong: obc is not stronger than mcdc! A counterexample in DOT/FAA/AR-07/20, Jun 2007: Object Oriented Technology Verification Phase 3 Report - Structural Coverage at the Source Code and Object Code Levels 7 / 17
The sad truth... The assumption is wrong: obc is not stronger than mcdc! A counterexample in DOT/FAA/AR-07/20, Jun 2007: Object Oriented Technology Verification Phase 3 Report - Structural Coverage at the Source Code and Object Code Levels (A and then B) or else C can be covered for obc without achieving mcdc 7 / 17
Having a closer look... Alloy model: check conjectures, generate counterexamples... 8 / 17
Pathological case Alloy helped finding a impressive counterexample: 9 / 17
Pathological case Alloy helped finding a impressive counterexample: Decision with an arbitrary high number of conditions N... 9 / 17
Pathological case Alloy helped finding a impressive counterexample: Decision with an arbitrary high number of conditions N... ...that needs N+1 tests to be mcdc-covered... 9 / 17
Pathological case Alloy helped finding a impressive counterexample: Decision with an arbitrary high number of conditions N... ...that needs N+1 tests to be mcdc-covered... ...and only 3 tests to be obc-covered! 9 / 17
Pathological case Alloy helped finding a impressive counterexample: Decision with an arbitrary high number of conditions N... ...that needs N+1 tests to be mcdc-covered... ...and only 3 tests to be obc-covered! Here obc is much weaker than mcdc! 9 / 17
Now what? Sure, in some cases, obc does not imply mcdc... 10 / 17
Now what? Sure, in some cases, obc does not imply mcdc... ...and in some pathological cases, the two criteria diverges quite badly... 10 / 17
Now what? Sure, in some cases, obc does not imply mcdc... ...and in some pathological cases, the two criteria diverges quite badly... ...but past experience has shown that it works in many cases 10 / 17
Now what? Sure, in some cases, obc does not imply mcdc... ...and in some pathological cases, the two criteria diverges quite badly... ...but past experience has shown that it works in many cases ...so are there conditions that would allow this implication? 10 / 17
Now what? Sure, in some cases, obc does not imply mcdc... ...and in some pathological cases, the two criteria diverges quite badly... ...but past experience has shown that it works in many cases ...so are there conditions that would allow this implication? could be enforced by a coding standard 10 / 17
Now what? Sure, in some cases, obc does not imply mcdc... ...and in some pathological cases, the two criteria diverges quite badly... ...but past experience has shown that it works in many cases ...so are there conditions that would allow this implication? could be enforced by a coding standard could be an optimization for coverage tools 10 / 17
Cases where obc implies mcdc Theorem If there is only one execution path to each condition, then obc implies mcdc. 11 / 17
Cases where obc implies mcdc Theorem If there is only one execution path to each condition, then obc implies mcdc. C1 and then C2 11 / 17
Cases where obc implies mcdc Theorem If there is only one execution path to each condition, then obc implies mcdc. C1 and then C2 C1 F T F C2 F T F T
Cases where obc implies mcdc Theorem If there is only one execution path to each condition, then obc implies mcdc. C1 and then C2 C1 F T F C2 F T F T 11 / 17
Cases where obc does not imply mcdc Theorem On the contrary, if there exists a condition that can be reached by more than one execution path, obc does not always imply mcdc. 12 / 17
Cases where obc does not imply mcdc Theorem On the contrary, if there exists a condition that can be reached by more than one execution path, obc does not always imply mcdc. (A and then B) or else C 12 / 17
Cases where obc does not imply mcdc Theorem On the contrary, if there exists a condition that can be reached by more than one execution path, obc does not always imply mcdc. (A and then B) or else C A B T C T F
Cases where obc does not imply mcdc Theorem On the contrary, if there exists a condition that can be reached by more than one execution path, obc does not always imply mcdc. (A and then B) or else C A B T C T F 12 / 17
human-readable characteristic Dec1 or else (Dec2 and then . . . ) 13 / 17
human-readable characteristic Dec1 or else (Dec2 and then . . . ) OR ELSE c1 AND THEN De [. c2 .. De ] 13 / 17
human-readable characteristic Dec1 or else (Dec2 and then . . . ) OR ELSE c1 AND THEN De no and then [. c2 .. De ] 13 / 17
human-readable characteristic Dec1 or else (Dec2 and then . . . ) OR ELSE c1 AND THEN De [. c2 .. De ] no or else 13 / 17
Experimental results In the industrial applications that we looked at, 99 % of the decisions are such that obc implies mcdc 14 / 17
Experimental results In the industrial applications that we looked at, 99 % of the decisions are such that obc implies mcdc configuration App. 1 App. 2 GNATcoverage #decisions 869 37324 1026 #non-tree BDD 7 (0.8 %) 141 (0.4 %) 4 (0.4 %) 14 / 17
Experimental results In the industrial applications that we looked at, 99 % of the decisions are such that obc implies mcdc configuration App. 1 App. 2 GNATcoverage #decisions 869 37324 1026 #non-tree BDD 7 (0.8 %) 141 (0.4 %) 4 (0.4 %) 14 / 17
Experimental results Evaluating the impact of this optimization on the qualification testsuite of GNATcoverage; 15 / 17
Experimental results Evaluating the impact of this optimization on the qualification testsuite of GNATcoverage; compute the coverage of GNATcoverage in 3 different configurations: obc: as a baseline; mcdc 1: historical traces on branches of all decision; mcdc 2: historical traces only when there are conditions reachable by several paths... 15 / 17
Experimental results Evaluating the impact of this optimization on the qualification testsuite of GNATcoverage; compute the coverage of GNATcoverage in 3 different configurations: obc: as a baseline; mcdc 1: historical traces on branches of all decision; mcdc 2: historical traces only when there are conditions reachable by several paths... ...and compare the size of the generated traces. 15 / 17
Experimental results configuration obc mcdc 1 mcdc 2 #branches to trace 0 1788 22 size of traces 1.33G 5.06G 1.37G 16 / 17
Experimental results configuration obc mcdc 1 mcdc 2 #branches to trace 0 1788 22 size of traces 1.33G 5.06G 1.37G The optimization removes 99 % of historical traces 16 / 17
Experimental results configuration obc mcdc 1 mcdc 2 #branches to trace 0 1788 22 size of traces 1.33G 5.06G 1.37G The optimization removes 99 % of historical traces The overead compared to obc is marginal 16 / 17
More information... Resources: Couverture public repository on the Open-Do forge (https://forge.open-do.org/projects/couverture/) 17 / 17
More information... Resources: Couverture public repository on the Open-Do forge (https://forge.open-do.org/projects/couverture/) Alloy models 17 / 17
More information... Resources: Couverture public repository on the Open-Do forge (https://forge.open-do.org/projects/couverture/) Alloy models Proofs of theorems comparing obc and mcdc 17 / 17
More information... Resources: Couverture public repository on the Open-Do forge (https://forge.open-do.org/projects/couverture/) Alloy models Proofs of theorems comparing obc and mcdc other results about mcdc 17 / 17
More information... Resources: Couverture public repository on the Open-Do forge (https://forge.open-do.org/projects/couverture/) Alloy models Proofs of theorems comparing obc and mcdc other results about mcdc Couverture project gave birth to an industrial tool: GNATcoverage 17 / 17

Recommended

50
5050
50srimoorthi
 
Cg in Two Pages
Cg in Two PagesCg in Two Pages
Cg in Two PagesMark Kilgard
 
How To Code in C#
How To Code in C#How To Code in C#
How To Code in C#David Ringsell
 
Rsltollvm
RsltollvmRsltollvm
RsltollvmSyoyo Fujita
 
A Follow-up Cg Runtime Tutorial for Readers of The Cg Tutorial
A Follow-up Cg Runtime Tutorial for Readers of The Cg TutorialA Follow-up Cg Runtime Tutorial for Readers of The Cg Tutorial
A Follow-up Cg Runtime Tutorial for Readers of The Cg TutorialMark Kilgard
 
Silicon Valley Code Camp - Do you C what I C
Silicon Valley Code Camp - Do you C what I CSilicon Valley Code Camp - Do you C what I C
Silicon Valley Code Camp - Do you C what I CEmbarcadero Technologies
 
Eclipse Summit Europe 08 - Aspect Weaving for OSGi
Eclipse Summit Europe 08 - Aspect Weaving for OSGiEclipse Summit Europe 08 - Aspect Weaving for OSGi
Eclipse Summit Europe 08 - Aspect Weaving for OSGiHeiko Seeberger
 
Safe and Reliable Embedded Linux Programming: How to Get There
Safe and Reliable Embedded Linux Programming: How to Get ThereSafe and Reliable Embedded Linux Programming: How to Get There
Safe and Reliable Embedded Linux Programming: How to Get ThereAdaCore
 

Recommended

50
5050
50srimoorthi
 
Cg in Two Pages
Cg in Two PagesCg in Two Pages
Cg in Two PagesMark Kilgard
 
How To Code in C#
How To Code in C#How To Code in C#
How To Code in C#David Ringsell
 
Rsltollvm
RsltollvmRsltollvm
RsltollvmSyoyo Fujita
 
A Follow-up Cg Runtime Tutorial for Readers of The Cg Tutorial
A Follow-up Cg Runtime Tutorial for Readers of The Cg TutorialA Follow-up Cg Runtime Tutorial for Readers of The Cg Tutorial
A Follow-up Cg Runtime Tutorial for Readers of The Cg TutorialMark Kilgard
 
Silicon Valley Code Camp - Do you C what I C
Silicon Valley Code Camp - Do you C what I CSilicon Valley Code Camp - Do you C what I C
Silicon Valley Code Camp - Do you C what I CEmbarcadero Technologies
 
Eclipse Summit Europe 08 - Aspect Weaving for OSGi
Eclipse Summit Europe 08 - Aspect Weaving for OSGiEclipse Summit Europe 08 - Aspect Weaving for OSGi
Eclipse Summit Europe 08 - Aspect Weaving for OSGiHeiko Seeberger
 
Safe and Reliable Embedded Linux Programming: How to Get There
Safe and Reliable Embedded Linux Programming: How to Get ThereSafe and Reliable Embedded Linux Programming: How to Get There
Safe and Reliable Embedded Linux Programming: How to Get ThereAdaCore
 
DO-178C OOT supplement: A user's perspective
DO-178C OOT supplement: A user's perspectiveDO-178C OOT supplement: A user's perspective
DO-178C OOT supplement: A user's perspectiveAdaCore
 
Open-DO Update
Open-DO UpdateOpen-DO Update
Open-DO UpdateAdaCore
 
GNATcoverage/GNATemulator launch
GNATcoverage/GNATemulator launchGNATcoverage/GNATemulator launch
GNATcoverage/GNATemulator launchAdaCore
 
OrientDB Distributed Architecture v2.0
OrientDB Distributed Architecture v2.0OrientDB Distributed Architecture v2.0
OrientDB Distributed Architecture v2.0Orient Technologies
 
10.1.1.45.6568
10.1.1.45.656810.1.1.45.6568
10.1.1.45.6568Shrinivas Saptalakar
 
Lec11 rate distortion optimization
Lec11 rate distortion optimizationLec11 rate distortion optimization
Lec11 rate distortion optimizationUnited States Air Force Academy
 
OrientDB and Hazelcast
OrientDB and HazelcastOrientDB and Hazelcast
OrientDB and HazelcastLuca Garulli
 
OrientDB & Hazelcast: In-Memory Distributed Graph Database
OrientDB & Hazelcast: In-Memory Distributed Graph Database OrientDB & Hazelcast: In-Memory Distributed Graph Database
OrientDB & Hazelcast: In-Memory Distributed Graph DatabaseHazelcast
 
Bridging the Pervasive Computing Gap: An Aggregate Perspective
Bridging the Pervasive Computing Gap: An Aggregate PerspectiveBridging the Pervasive Computing Gap: An Aggregate Perspective
Bridging the Pervasive Computing Gap: An Aggregate PerspectiveRoberto Casadei
 
Optimization in CFD and Case Studies
Optimization in CFD and Case StudiesOptimization in CFD and Case Studies
Optimization in CFD and Case StudiesAbhishek Jain
 
Beginning direct3d gameprogramming03_programmingconventions_20160414_jintaeks
Beginning direct3d gameprogramming03_programmingconventions_20160414_jintaeksBeginning direct3d gameprogramming03_programmingconventions_20160414_jintaeks
Beginning direct3d gameprogramming03_programmingconventions_20160414_jintaeksJinTaek Seo
 
CMOS Topic 6 -_designing_combinational_logic_circuits
CMOS Topic 6 -_designing_combinational_logic_circuitsCMOS Topic 6 -_designing_combinational_logic_circuits
CMOS Topic 6 -_designing_combinational_logic_circuitsIkhwan_Fakrudin
 
Eclipse Code Recommenders @ cross-event Deutsche Telekom Developer Garden Tec...
Eclipse Code Recommenders @ cross-event Deutsche Telekom Developer Garden Tec...Eclipse Code Recommenders @ cross-event Deutsche Telekom Developer Garden Tec...
Eclipse Code Recommenders @ cross-event Deutsche Telekom Developer Garden Tec...Marcel Bruch
 
Fundamentals of Computational Fluid Dynamics
Fundamentals of Computational Fluid DynamicsFundamentals of Computational Fluid Dynamics
Fundamentals of Computational Fluid DynamicsPankaj Koli
 
Invited Paper for ASM 2004
Invited Paper for ASM 2004Invited Paper for ASM 2004
Invited Paper for ASM 2004stephen_mcparlin
 
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...AMD Developer Central
 
Reed Solomon Frame Structures Revealed
Reed Solomon Frame Structures RevealedReed Solomon Frame Structures Revealed
Reed Solomon Frame Structures RevealedDavid Alan Tyner
 
ETAPS03 SC.ppt
ETAPS03 SC.pptETAPS03 SC.ppt
ETAPS03 SC.pptPtidej Team
 
ANTENNA (new)LLL.pptx
ANTENNA (new)LLL.pptxANTENNA (new)LLL.pptx
ANTENNA (new)LLL.pptxMuhammed Abdulmahdi
 
Eclipse Code Recommenders @ MAJUG 2011
Eclipse Code Recommenders @ MAJUG 2011Eclipse Code Recommenders @ MAJUG 2011
Eclipse Code Recommenders @ MAJUG 2011Marcel Bruch
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?AdaCore
 

More Related Content

Similar to Couverture erts2012

DO-178C OOT supplement: A user's perspective
DO-178C OOT supplement: A user's perspectiveDO-178C OOT supplement: A user's perspective
DO-178C OOT supplement: A user's perspectiveAdaCore
 
Open-DO Update
Open-DO UpdateOpen-DO Update
Open-DO UpdateAdaCore
 
GNATcoverage/GNATemulator launch
GNATcoverage/GNATemulator launchGNATcoverage/GNATemulator launch
GNATcoverage/GNATemulator launchAdaCore
 
OrientDB Distributed Architecture v2.0
OrientDB Distributed Architecture v2.0OrientDB Distributed Architecture v2.0
OrientDB Distributed Architecture v2.0Orient Technologies
 
OrientDB and Hazelcast
OrientDB and HazelcastOrientDB and Hazelcast
OrientDB and HazelcastLuca Garulli
 
OrientDB & Hazelcast: In-Memory Distributed Graph Database
OrientDB & Hazelcast: In-Memory Distributed Graph Database OrientDB & Hazelcast: In-Memory Distributed Graph Database
OrientDB & Hazelcast: In-Memory Distributed Graph DatabaseHazelcast
 
Bridging the Pervasive Computing Gap: An Aggregate Perspective
Bridging the Pervasive Computing Gap: An Aggregate PerspectiveBridging the Pervasive Computing Gap: An Aggregate Perspective
Bridging the Pervasive Computing Gap: An Aggregate PerspectiveRoberto Casadei
 
Optimization in CFD and Case Studies
Optimization in CFD and Case StudiesOptimization in CFD and Case Studies
Optimization in CFD and Case StudiesAbhishek Jain
 
Beginning direct3d gameprogramming03_programmingconventions_20160414_jintaeks
Beginning direct3d gameprogramming03_programmingconventions_20160414_jintaeksBeginning direct3d gameprogramming03_programmingconventions_20160414_jintaeks
Beginning direct3d gameprogramming03_programmingconventions_20160414_jintaeksJinTaek Seo
 
CMOS Topic 6 -_designing_combinational_logic_circuits
CMOS Topic 6 -_designing_combinational_logic_circuitsCMOS Topic 6 -_designing_combinational_logic_circuits
CMOS Topic 6 -_designing_combinational_logic_circuitsIkhwan_Fakrudin
 
Eclipse Code Recommenders @ cross-event Deutsche Telekom Developer Garden Tec...
Eclipse Code Recommenders @ cross-event Deutsche Telekom Developer Garden Tec...Eclipse Code Recommenders @ cross-event Deutsche Telekom Developer Garden Tec...
Eclipse Code Recommenders @ cross-event Deutsche Telekom Developer Garden Tec...Marcel Bruch
 
Fundamentals of Computational Fluid Dynamics
Fundamentals of Computational Fluid DynamicsFundamentals of Computational Fluid Dynamics
Fundamentals of Computational Fluid DynamicsPankaj Koli
 
Invited Paper for ASM 2004
Invited Paper for ASM 2004Invited Paper for ASM 2004
Invited Paper for ASM 2004stephen_mcparlin
 
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...AMD Developer Central
 
Reed Solomon Frame Structures Revealed
Reed Solomon Frame Structures RevealedReed Solomon Frame Structures Revealed
Reed Solomon Frame Structures RevealedDavid Alan Tyner
 
Eclipse Code Recommenders @ MAJUG 2011
Eclipse Code Recommenders @ MAJUG 2011Eclipse Code Recommenders @ MAJUG 2011
Eclipse Code Recommenders @ MAJUG 2011Marcel Bruch
 

Similar to Couverture erts2012 (20)

DO-178C OOT supplement: A user's perspective
DO-178C OOT supplement: A user's perspectiveDO-178C OOT supplement: A user's perspective
DO-178C OOT supplement: A user's perspective
 
Open-DO Update
Open-DO UpdateOpen-DO Update
Open-DO Update
 
GNATcoverage/GNATemulator launch
GNATcoverage/GNATemulator launchGNATcoverage/GNATemulator launch
GNATcoverage/GNATemulator launch
 
OrientDB Distributed Architecture v2.0
OrientDB Distributed Architecture v2.0OrientDB Distributed Architecture v2.0
OrientDB Distributed Architecture v2.0
 
10.1.1.45.6568
10.1.1.45.656810.1.1.45.6568
10.1.1.45.6568
 
Lec11 rate distortion optimization
Lec11 rate distortion optimizationLec11 rate distortion optimization
Lec11 rate distortion optimization
 
OrientDB and Hazelcast
OrientDB and HazelcastOrientDB and Hazelcast
OrientDB and Hazelcast
 
OrientDB & Hazelcast: In-Memory Distributed Graph Database
OrientDB & Hazelcast: In-Memory Distributed Graph Database OrientDB & Hazelcast: In-Memory Distributed Graph Database
OrientDB & Hazelcast: In-Memory Distributed Graph Database
 
Bridging the Pervasive Computing Gap: An Aggregate Perspective
Bridging the Pervasive Computing Gap: An Aggregate PerspectiveBridging the Pervasive Computing Gap: An Aggregate Perspective
Bridging the Pervasive Computing Gap: An Aggregate Perspective
 
Optimization in CFD and Case Studies
Optimization in CFD and Case StudiesOptimization in CFD and Case Studies
Optimization in CFD and Case Studies
 
Beginning direct3d gameprogramming03_programmingconventions_20160414_jintaeks
Beginning direct3d gameprogramming03_programmingconventions_20160414_jintaeksBeginning direct3d gameprogramming03_programmingconventions_20160414_jintaeks
Beginning direct3d gameprogramming03_programmingconventions_20160414_jintaeks
 
CMOS Topic 6 -_designing_combinational_logic_circuits
CMOS Topic 6 -_designing_combinational_logic_circuitsCMOS Topic 6 -_designing_combinational_logic_circuits
CMOS Topic 6 -_designing_combinational_logic_circuits
 
Eclipse Code Recommenders @ cross-event Deutsche Telekom Developer Garden Tec...
Eclipse Code Recommenders @ cross-event Deutsche Telekom Developer Garden Tec...Eclipse Code Recommenders @ cross-event Deutsche Telekom Developer Garden Tec...
Eclipse Code Recommenders @ cross-event Deutsche Telekom Developer Garden Tec...
 
Fundamentals of Computational Fluid Dynamics
Fundamentals of Computational Fluid DynamicsFundamentals of Computational Fluid Dynamics
Fundamentals of Computational Fluid Dynamics
 
Invited Paper for ASM 2004
Invited Paper for ASM 2004Invited Paper for ASM 2004
Invited Paper for ASM 2004
 
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...
Keynote (Mike Muller) - Is There Anything New in Heterogeneous Computing - by...
 
Reed Solomon Frame Structures Revealed
Reed Solomon Frame Structures RevealedReed Solomon Frame Structures Revealed
Reed Solomon Frame Structures Revealed
 
ETAPS03 SC.ppt
ETAPS03 SC.pptETAPS03 SC.ppt
ETAPS03 SC.ppt
 
ANTENNA (new)LLL.pptx
ANTENNA (new)LLL.pptxANTENNA (new)LLL.pptx
ANTENNA (new)LLL.pptx
 
Eclipse Code Recommenders @ MAJUG 2011
Eclipse Code Recommenders @ MAJUG 2011Eclipse Code Recommenders @ MAJUG 2011
Eclipse Code Recommenders @ MAJUG 2011
 

More from AdaCore

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?AdaCore
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesAdaCore
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic libraryAdaCore
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsAdaCore
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verificationAdaCore
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofAdaCore
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationAdaCore
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareAdaCore
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentAdaCore
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...AdaCore
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!AdaCore
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaCore
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...AdaCore
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologyAdaCore
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextAdaCore
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareAdaCore
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareAdaCore
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentAdaCore
 

More from AdaCore (20)

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languages
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic library
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing Solutions
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verification
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program Proof
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configuration
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded Software
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware Development
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR Architecture
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar Technology
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 context
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle software
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling Software
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise Environment
 

Recently uploaded

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 

Recently uploaded (20)

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 

Couverture erts2012

  • 1. Formalization and Comparison of mcdc and Object Branch Coverage Criteria Cyrille Comar, Jerome Guitton, Olivier Hainque, Thomas Quinot 1 / 17
  • 2. Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc 2 / 17
  • 3. Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc Structural (source) coverage 2 / 17
  • 4. Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc Structural (source) coverage More than statement coverage... 2 / 17
  • 5. Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc Structural (source) coverage More than statement coverage... ...but not all execution paths (too costly) 2 / 17
  • 6. Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc Structural (source) coverage More than statement coverage... ...but not all execution paths (too costly) e.g. for a decision C1 and C2 and . . . and CN : 2 / 17
  • 7. Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc Structural (source) coverage More than statement coverage... ...but not all execution paths (too costly) e.g. for a decision C1 and C2 and . . . and CN : 2N execution paths 2 / 17
  • 8. Coverage for Level A Considering the highest level of certification for aircraft (A in DO-178B): Test coverage goal: mcdc Structural (source) coverage More than statement coverage... ...but not all execution paths (too costly) e.g. for a decision C1 and C2 and . . . and CN : 2N execution paths N + 1 tests in mcdc 2 / 17
  • 9. Some issues with mcdc source coverage criteria means language-dependent 3 / 17
  • 10. Some issues with mcdc source coverage criteria means language-dependent no tool for Ada 2005 when Couverture started... 3 / 17
  • 11. Some issues with mcdc source coverage criteria means language-dependent no tool for Ada 2005 when Couverture started... instrumenting source code? intrusive... 3 / 17
  • 12. Some issues with mcdc source coverage criteria means language-dependent no tool for Ada 2005 when Couverture started... instrumenting source code? intrusive... unbounded execution traces 3 / 17
  • 13. Some issues with mcdc source coverage criteria means language-dependent no tool for Ada 2005 when Couverture started... instrumenting source code? intrusive... unbounded execution traces Use object coverage instead? 3 / 17
  • 14. Object coverage to assess mcdc Assumption that object branch coverage (obc) is stronger than mcdc 4 / 17
  • 15. Object coverage to assess mcdc Assumption that object branch coverage (obc) is stronger than mcdc widespread industrial practise 4 / 17
  • 16. Object coverage to assess mcdc Assumption that object branch coverage (obc) is stronger than mcdc widespread industrial practise language-independent 4 / 17
  • 17. Object coverage to assess mcdc Assumption that object branch coverage (obc) is stronger than mcdc widespread industrial practise language-independent bounded traces 4 / 17
  • 18. Using obc to achieve mcdc ? short-circuit operators... (A mod B = 0) and then (C = 0)
  • 19. Using obc to achieve mcdc ? short-circuit operators... (A mod B = 0) and then (C = 0) A mod B = 0 F T F C =0 F T F T 5 / 17
  • 20. Using obc to achieve mcdc ? short-circuit operators... A mod B = 0 B = −1 F (A mod B = 0) and then (C = 0) A 0 F A mod B = 0 B<0 T T F T F T F C =0 F T R=0 F T F T F C =0 F T F T 5 / 17
  • 21. What do certification standards say about that? DO-248C FAQ #42: Object coverage can be used as long as analysis can be provided which demonstrates that the coverage analysis conducted at the Object Code will achieve a comparable level of coverage assurance as that conducted at the Source Code level. 6 / 17
  • 22. The sad truth... The assumption is wrong: obc is not stronger than mcdc! 7 / 17
  • 23. The sad truth... The assumption is wrong: obc is not stronger than mcdc! A counterexample in DOT/FAA/AR-07/20, Jun 2007: Object Oriented Technology Verification Phase 3 Report - Structural Coverage at the Source Code and Object Code Levels 7 / 17
  • 24. The sad truth... The assumption is wrong: obc is not stronger than mcdc! A counterexample in DOT/FAA/AR-07/20, Jun 2007: Object Oriented Technology Verification Phase 3 Report - Structural Coverage at the Source Code and Object Code Levels (A and then B) or else C can be covered for obc without achieving mcdc 7 / 17
  • 25. Having a closer look... Alloy model: check conjectures, generate counterexamples... 8 / 17
  • 26. Pathological case Alloy helped finding a impressive counterexample: 9 / 17
  • 27. Pathological case Alloy helped finding a impressive counterexample: Decision with an arbitrary high number of conditions N... 9 / 17
  • 28. Pathological case Alloy helped finding a impressive counterexample: Decision with an arbitrary high number of conditions N... ...that needs N+1 tests to be mcdc-covered... 9 / 17
  • 29. Pathological case Alloy helped finding a impressive counterexample: Decision with an arbitrary high number of conditions N... ...that needs N+1 tests to be mcdc-covered... ...and only 3 tests to be obc-covered! 9 / 17
  • 30. Pathological case Alloy helped finding a impressive counterexample: Decision with an arbitrary high number of conditions N... ...that needs N+1 tests to be mcdc-covered... ...and only 3 tests to be obc-covered! Here obc is much weaker than mcdc! 9 / 17
  • 31. Now what? Sure, in some cases, obc does not imply mcdc... 10 / 17
  • 32. Now what? Sure, in some cases, obc does not imply mcdc... ...and in some pathological cases, the two criteria diverges quite badly... 10 / 17
  • 33. Now what? Sure, in some cases, obc does not imply mcdc... ...and in some pathological cases, the two criteria diverges quite badly... ...but past experience has shown that it works in many cases 10 / 17
  • 34. Now what? Sure, in some cases, obc does not imply mcdc... ...and in some pathological cases, the two criteria diverges quite badly... ...but past experience has shown that it works in many cases ...so are there conditions that would allow this implication? 10 / 17
  • 35. Now what? Sure, in some cases, obc does not imply mcdc... ...and in some pathological cases, the two criteria diverges quite badly... ...but past experience has shown that it works in many cases ...so are there conditions that would allow this implication? could be enforced by a coding standard 10 / 17
  • 36. Now what? Sure, in some cases, obc does not imply mcdc... ...and in some pathological cases, the two criteria diverges quite badly... ...but past experience has shown that it works in many cases ...so are there conditions that would allow this implication? could be enforced by a coding standard could be an optimization for coverage tools 10 / 17
  • 37. Cases where obc implies mcdc Theorem If there is only one execution path to each condition, then obc implies mcdc. 11 / 17
  • 38. Cases where obc implies mcdc Theorem If there is only one execution path to each condition, then obc implies mcdc. C1 and then C2 11 / 17
  • 39. Cases where obc implies mcdc Theorem If there is only one execution path to each condition, then obc implies mcdc. C1 and then C2 C1 F T F C2 F T F T
  • 40. Cases where obc implies mcdc Theorem If there is only one execution path to each condition, then obc implies mcdc. C1 and then C2 C1 F T F C2 F T F T 11 / 17
  • 41. Cases where obc does not imply mcdc Theorem On the contrary, if there exists a condition that can be reached by more than one execution path, obc does not always imply mcdc. 12 / 17
  • 42. Cases where obc does not imply mcdc Theorem On the contrary, if there exists a condition that can be reached by more than one execution path, obc does not always imply mcdc. (A and then B) or else C 12 / 17
  • 43. Cases where obc does not imply mcdc Theorem On the contrary, if there exists a condition that can be reached by more than one execution path, obc does not always imply mcdc. (A and then B) or else C A B T C T F
  • 44. Cases where obc does not imply mcdc Theorem On the contrary, if there exists a condition that can be reached by more than one execution path, obc does not always imply mcdc. (A and then B) or else C A B T C T F 12 / 17
  • 45. human-readable characteristic Dec1 or else (Dec2 and then . . . ) 13 / 17
  • 46. human-readable characteristic Dec1 or else (Dec2 and then . . . ) OR ELSE c1 AND THEN De [. c2 .. De ] 13 / 17
  • 47. human-readable characteristic Dec1 or else (Dec2 and then . . . ) OR ELSE c1 AND THEN De no and then [. c2 .. De ] 13 / 17
  • 48. human-readable characteristic Dec1 or else (Dec2 and then . . . ) OR ELSE c1 AND THEN De [. c2 .. De ] no or else 13 / 17
  • 49. Experimental results In the industrial applications that we looked at, 99 % of the decisions are such that obc implies mcdc 14 / 17
  • 50. Experimental results In the industrial applications that we looked at, 99 % of the decisions are such that obc implies mcdc configuration App. 1 App. 2 GNATcoverage #decisions 869 37324 1026 #non-tree BDD 7 (0.8 %) 141 (0.4 %) 4 (0.4 %) 14 / 17
  • 51. Experimental results In the industrial applications that we looked at, 99 % of the decisions are such that obc implies mcdc configuration App. 1 App. 2 GNATcoverage #decisions 869 37324 1026 #non-tree BDD 7 (0.8 %) 141 (0.4 %) 4 (0.4 %) 14 / 17
  • 52. Experimental results Evaluating the impact of this optimization on the qualification testsuite of GNATcoverage; 15 / 17
  • 53. Experimental results Evaluating the impact of this optimization on the qualification testsuite of GNATcoverage; compute the coverage of GNATcoverage in 3 different configurations: obc: as a baseline; mcdc 1: historical traces on branches of all decision; mcdc 2: historical traces only when there are conditions reachable by several paths... 15 / 17
  • 54. Experimental results Evaluating the impact of this optimization on the qualification testsuite of GNATcoverage; compute the coverage of GNATcoverage in 3 different configurations: obc: as a baseline; mcdc 1: historical traces on branches of all decision; mcdc 2: historical traces only when there are conditions reachable by several paths... ...and compare the size of the generated traces. 15 / 17
  • 55. Experimental results configuration obc mcdc 1 mcdc 2 #branches to trace 0 1788 22 size of traces 1.33G 5.06G 1.37G 16 / 17
  • 56. Experimental results configuration obc mcdc 1 mcdc 2 #branches to trace 0 1788 22 size of traces 1.33G 5.06G 1.37G The optimization removes 99 % of historical traces 16 / 17
  • 57. Experimental results configuration obc mcdc 1 mcdc 2 #branches to trace 0 1788 22 size of traces 1.33G 5.06G 1.37G The optimization removes 99 % of historical traces The overead compared to obc is marginal 16 / 17
  • 58. More information... Resources: Couverture public repository on the Open-Do forge (https://forge.open-do.org/projects/couverture/) 17 / 17
  • 59. More information... Resources: Couverture public repository on the Open-Do forge (https://forge.open-do.org/projects/couverture/) Alloy models 17 / 17
  • 60. More information... Resources: Couverture public repository on the Open-Do forge (https://forge.open-do.org/projects/couverture/) Alloy models Proofs of theorems comparing obc and mcdc 17 / 17
  • 61. More information... Resources: Couverture public repository on the Open-Do forge (https://forge.open-do.org/projects/couverture/) Alloy models Proofs of theorems comparing obc and mcdc other results about mcdc 17 / 17
  • 62. More information... Resources: Couverture public repository on the Open-Do forge (https://forge.open-do.org/projects/couverture/) Alloy models Proofs of theorems comparing obc and mcdc other results about mcdc Couverture project gave birth to an industrial tool: GNATcoverage 17 / 17