This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1Building Reliable Component-based Systems
Chapter 14 - Testing Reusable Software Components in Safety-Critical Real-Time Systems
Chapter 14Chapter 14
Testing Reusable Software Components Testing Reusable Software Components in Safety-Critical Real-Time Systemsin Safety-Critical Real-Time Systems
Page 2Building Reliable Component-based Systems
Chapter 14 - Testing Reusable Software Components in Safety-Critical Real-Time Systems
OverviewOverview
Introduction Reuse and Exhaustive Testing Reuse and Statistical Evidence Component Reuse, Statistical Evidence and Failure
Behavior
Page 3Building Reliable Component-based Systems
Chapter 14 - Testing Reusable Software Components in Safety-Critical Real-Time Systems
IntroductionIntroduction
How dynamic verification of real-time software relates to component reuse in safety-critical real-time systems.
Re-testing cannot be eliminated in general. Ariane 5 Therac 25
Chapter 14 - Testing Reusable Software Components in Safety-Critical Real-Time Systems
Reuse and Exhaustive TestingReuse and Exhaustive Testing
Provide evidence based on the component’s: Contracts, Experience accumulated, That a component can be reused immediately, That only parts can be reused or that it cannot be
reused.
Page 5Building Reliable Component-based Systems
Chapter 14 - Testing Reusable Software Components in Safety-Critical Real-Time Systems
First UseFirst Use
Dual band
1. 0...10
G...P
345…640
Necessary tests
0…1027
G…P
Page 6Building Reliable Component-based Systems
Chapter 14 - Testing Reusable Software Components in Safety-Critical Real-Time Systems
New Environment New Environment
Dual band
1. -17...
A...P
45…723
Necessary tests
-27…-1
A…P
Page 7Building Reliable Component-based Systems
Chapter 14 - Testing Reusable Software Components in Safety-Critical Real-Time Systems
Overlapping Input DomainOverlapping Input Domain
Dual band
1. -3...9
B...N
95…700
Necessary tests
-3…913
B…N
Page 8Building Reliable Component-based Systems
Chapter 14 - Testing Reusable Software Components in Safety-Critical Real-Time Systems
Termination failures: A loop statement failing to complete because the
termination condition is never satisfied. Input failures:
Receiving an (undetected) erroneous value from a sensor.
Page 18Building Reliable Component-based Systems
Chapter 14 - Testing Reusable Software Components in Safety-Critical Real-Time Systems
Failure BehaviorsFailure Behaviors
R(c)
C(c)
Failure behaviorAddressing failure
The confidence in the measured reliability is decreased when new failure behaviors can develop
Page 19Building Reliable Component-based Systems
Chapter 14 - Testing Reusable Software Components in Safety-Critical Real-Time Systems
Timing Failure BehaviorTiming Failure Behavior
This failure mode yields a correct result (value), although the procurement of the result is time-wise incorrect.
For example, deadline violations, start of task too early, incorrect period time, too much jitter, too many interrupts.
Page 20Building Reliable Component-based Systems
Chapter 14 - Testing Reusable Software Components in Safety-Critical Real-Time Systems
Deadline RequirementsDeadline Requirements
If we reuse a component with only a deadline requirement in a new environment in which the execution time is shorter, the component can be reused without re-testing.
Page 21Building Reliable Component-based Systems
Chapter 14 - Testing Reusable Software Components in Safety-Critical Real-Time Systems
Deadline RequirementsDeadline Requirements
R(c)
C(c)
Worst case execution timeNew old
The deadline requirement is still fulfilledsince the new execution time is shorter
Page 22Building Reliable Component-based Systems
Chapter 14 - Testing Reusable Software Components in Safety-Critical Real-Time Systems
Response TimeResponse Time
R(c)
C(c)
Response timeTol min Tol Max
The response time for the reused componentThe response time for the reused component is within the toleranceis within the tolerance