Programming Embedded Systems

Similar documents
Programming Embedded Systems

Introduction. Easy to get started, based on description of the inputs

Lecture 15 Software Testing

Testing: Test design and testing process

CS 4387/5387 SOFTWARE V&V LECTURE 4 BLACK-BOX TESTING

Introduction To Software Testing. Brian Nielsen. Center of Embedded Software Systems Aalborg University, Denmark CSS

EECS 4313 Software Engineering Testing. Topic 01: Limits and objectives of software testing Zhen Ming (Jack) Jiang

Computer Science and Software Engineering University of Wisconsin - Platteville 9-Software Testing, Verification and Validation

Introduction to Software Testing Chapter 4 Input Space Partition Testing

1 Visible deviation from the specification or expected behavior for end-user is called: a) an error b) a fault c) a failure d) a defect e) a mistake

Topics in Software Testing

Software Engineering Testing and Debugging Testing

COMP 3705 Advanced Software Engineering: Software Testing

Chapter 11, Testing. Using UML, Patterns, and Java. Object-Oriented Software Engineering

Software Engineering

In this Lecture you will Learn: Testing in Software Development Process. What is Software Testing. Static Testing vs.

Manuel Oriol, CHCRC-C, Software Testing ABB

linaye/gl.html

Overview. State-of-the-Art. Relative cost of error correction. CS 619 Introduction to OO Design and Development. Testing.

Verification and Validation. Assuring that a software system meets a user s needs. Verification vs Validation. The V & V Process

Verification and Validation. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 1

CSE 403: Software Engineering, Fall courses.cs.washington.edu/courses/cse403/16au/ Unit Testing. Emina Torlak

MTAT : Software Testing

Ingegneria del Software Corso di Laurea in Informatica per il Management

Bridge Course On Software Testing

(See related materials in textbook.) CSE 435: Software Engineering (slides adapted from Ghezzi et al & Stirewalt

Software Testing. 1. Testing is the process of demonstrating that errors are not present.

MTAT : Software Testing

Testing! Prof. Leon Osterweil! CS 520/620! Spring 2013!

MTAT : Software Testing

Part 5. Verification and Validation

Programming Embedded Systems

Introduction to Software Testing Chapter 3, Sec# 3.3 Logic Coverage for Source Code

MTAT : Software Testing

Quality Assurance in Software Development

Software Testing. Software Testing. in the textbook. Chapter 8. Verification and Validation. Verification and Validation: Goals

MONIKA HEINER.

Introduction to Software Testing Chapter 5.1 Syntax-based Testing

Chapter 8 Software Testing. Chapter 8 Software testing

Black Box Testing. EEC 521: Software Engineering. Specification-Based Testing. No Source Code. Software Testing

Formal Approach in Software Testing

Part I: Preliminaries 24

Software Engineering 2 A practical course in software engineering. Ekkart Kindler

Specification-based test design

Aerospace Software Engineering

INTRODUCTION TO SOFTWARE ENGINEERING

10. Software Testing Fundamental Concepts

Examination Questions Time allowed: 1 hour 15 minutes

People tell me that testing is

Testing. ECE/CS 5780/6780: Embedded System Design. Why is testing so hard? Why do testing?

Software Quality Assurance & Testing

Input Space Partitioning

No Source Code. EEC 521: Software Engineering. Specification-Based Testing. Advantages

Softwaretechnik. Lecture 08: Testing and Debugging Overview. Peter Thiemann SS University of Freiburg, Germany

Chapter 10. Testing and Quality Assurance

More on Verification and Model Checking

Softwaretechnik. Lecture 08: Testing and Debugging Overview. Peter Thiemann SS University of Freiburg, Germany

Software Engineering: Theory and Practice. Verification by Testing. Test Case Design. Tom Verhoeff

An Introduction to Lustre

Terminology. There are many different types of errors and different ways how we can deal with them.

Introduction to Software Testing Chapter 2, Sec#: 2.5 Graph Coverage for Specifications

Verification Overview Testing Theory and Principles Testing in Practice. Verification. Miaoqing Huang University of Arkansas 1 / 80

Introduction to Software Testing Chapter 3.1, 3.2 Logic Coverage Paul Ammann & Jeff Offutt

Introduction to Software Testing Chapter 3.1, 3.2 Logic Coverage Paul Ammann & Jeff Offutt

Logic Coverage. Moonzoo Kim School of Computing KAIST. The original slides are taken from Chap. 8 of Intro. to SW Testing 2 nd ed by Ammann and Offutt

Introduction to Software Testing Chapter 3, Sec# 1 & 2 Logic Coverage

Software Testing. Massimo Felici IF

Test design techniques

Software Testing. Software Testing. Theory, Practise and Reality IBM Corporation

Testing Theory. Agenda - What will you learn today? A Software Life-cycle Model Which part will we talk about today? Theory Lecture Plan

Chap 2. Introduction to Software Testing

Equivalence Class Partitioning. Equivalence Partitioning. Definition and Example. Example set of classes

Testing and Debugging

Lecture 20: SW Testing Presented by: Mohammad El-Ramly, PhD

Software Testing. Software Testing

Combinatorial Clause Coverage CoC

Software Testing for Developer Development Testing. Duvan Luong, Ph.D. Operational Excellence Networks

Testing, Debugging, Program Verification

Hardware versus software

Software technology 7. Testing (2) BSc Course Dr. Katalin Balla

Testing. CMSC 433 Programming Language Technologies and Paradigms Spring A Real Testing Example. Example (Black Box)?

MTAT : Software Testing

Sample Exam ISTQB Advanced Test Analyst Answer Rationale. Prepared By

Software Testing: Introduction

Software Testing Lecture 1. Justin Pearson

Lecture 26: Testing. Software Engineering ITCS 3155 Fall Dr. Jamie Payton

6.170 Lecture 6 Procedure specifications MIT EECS

Testing! The material for this lecture is drawn, in part, from! The Practice of Programming (Kernighan & Pike) Chapter 6!

Software Engineering Theory. Lena Buffoni (slides by Kristian Sandahl/Mariam Kamkar) Department of Computer and Information Science

Why testing and analysis. Software Testing. A framework for software testing. Outline. Software Qualities. Dependability Properties

Verification and Validation

Program Analysis. Program Analysis

(From Glenford Myers: The Art of Software Testing)

Modern Methods in Software Engineering. Testing.

Test Automation. 20 December 2017

Program Verification! Goals of this Lecture! Words from the Wise! Testing!

Advanced Software Testing Understanding Code Coverage

F. Tip and M. Weintraub FUNCTIONAL TESTING

Program Testing and Analysis: Manual Testing Prof. Dr. Michael Pradel Software Lab, TU Darmstadt

Sample Exam Syllabus

Transcription:

Programming Embedded Systems Overview of testing techniques Monday March 3, 2014 Philipp Rümmer Uppsala University Philipp.Ruemmer@it.uu.se 1/70

Lecture outline Background, testing in general Unit testing Coverage criteria System testing Some slides borrowed from the course Testing, Debugging, Verification at Chalmers 2/70

Overview Ideas and techniques of testing have become essential knowledge for all software developers. Expect to use the concepts presented here many times in your career. Testing is not the only, but the primary method that industry uses to evaluate software under development. 3/70

Overview (2) Testing field is HUGE Many different approaches, many different opinions Creating an exhaustive overview is a futile endeavour This lecture will cover some of the most important/common notions, in particular w.r.t. embedded systems 4/70

Correctness Software is called correct if it complies with its specification Spec. might be implicit or explicit, formal or informal, declarative or imperative, etc. Often: spec. is a set of requirements and/or use cases Software that violates spec. contains bugs/defects 5/70

Validation vs. Verification The V&V of software engineering Validation: assessment whether program has intended behaviour. Is the right system built? (this can mean: check whether chosen requirements are correct or consistent) Verification: assessment whether program complies to specification/requirements Is the system built right? 6/70

Validation vs. Verification (2) Testing is the most common approach to V&V Testing is form of dynamic V&V Works through concrete execution of software Alternatives: Stativ V&V: model checking, etc. Code inspection/reviews 7/70

Faults, errors, failures Fault: abnormal condition or defect in a component (software or hardware) Error: deviation from correct system state caused by a fault human mistake when using the system Failure: observably incorrect behaviour of system, caused by a fault Many different definitions exist! 8/70

Fault/failure example for (;;) { if (GPIO_ReadInputDataBit(GPIOC, Software fault: SwitchPin)) { ++count; wrong RHS } else if (count!= 1) { GPIO_WriteBit(GPIOC, ON1Pin, Bit_RESET); GPIO_WriteBit(GPIOC, ON2Pin, Bit_RESET); count = 1; 0 Error: variable has } wrong value if (count == 10) // 0.2 seconds GPIO_WriteBit(GPIOC, ON1Pin, Bit_SET); else if (count == 100) { // 0.2 + 1.8 seconds GPIO_WriteBit(GPIOC, ON1Pin, Bit_RESET); GPIO_WriteBit(GPIOC, ON2Pin, Bit_SET); } Failure: wrong value on pin, rockets are launched } vtaskdelayuntil(&lastwakeuptime, PollPeriod / porttick_rate_ms); 9/70

Testing consists of... designing test inputs running tests analysing results Done by test engineer Each of the steps can be automated 10/70

Categories of testing 11/70

Overview Acceptance testing System testing Integration testing Unit testing Orthogonal dimension: regression testing 12/70

Unit testing Assess software units with respect to low-level unit design E.g., pre-/post-conditions formulated for individual functions As early as possible during development 13/70

Integration testing Assess software with respect to high-level/architectural design Focus on interaction between different modules Normally done after unit/module testing 14/70

System testing Assess software with respect to system-level specification Could be overall requirements, or more detailed specification Testing by observing externally visible behaviour (no internals) Black-box approach Usually rather late during development (but also applied to early versions of complete system) 15/70

Acceptance testing Assess software with respect to user requirements Can be done either by system provider or by customer (prior to transferring ownership) Late in development process 16/70

Testing w.r.t. V model 17/70

Regression testing Testing after changes in the software. Purpose: gain confidence that the change(s) did not cause (new) failures. Standard part of the maintenance phase of software development. Ideally: every implemented feature is covered (preserved) by regression tests Often: regression tests are written as reaction to found bugs 18/70

Unit testing 19/70

Structure of a unit test case Step 1: Initialisation E.g., prepare inputs Step 2: Call functions of implementation under test (IUT) Step 3: Decision (oracle) whether the test succeeds or fails Steps can be performed manually or automatically Preferable for many reasons: Tests can be re-run easily; Correct behaviour is described formally 20/70

Unit testing example Suppose we want to test this function: void sort(int *array) { } An executable test case: int testsort(void) { int a[] = { 3, 1, 5 }; sort(a); Initialisation IUT invocation return (a[0] <= a[1] && a[1] <= a[2]); } Oracle, return true if test succeeded 21/70

Test oracles Oracles are often independent of particular test case Can sometimes be derived mechanically from unit specification Oracle is essential for being able to run tests automatically Common special case: Oracle just compares unit outputs with desired outputs 22/70

Ambiguous; to clarify, write either A or B or A or B, or both Common English patterns (e.g., used in Elevator lab!) English Logic C (on ints) Lustre (not in this course?) A and B A but B A if B A when B A whenever B if A, then B A implies B A forces B only if A, B B only if A A precisely when B A if and only if B A or B either A or B A or B A & B A && B A and B B => A!B A B => A A => B!A B A => B B => A!B A B => A A <=> B A == B, (A && B) (!A &&!B) A (+) B (exclusive or) A v B (logical or) A!= B, A ^ B, (A &&!B) (!A && B) A B A = B A xor B A or B 23/70

Sets and suites Test set: set of test cases for a particular unit Test suite: union of test sets for a number of units 24/70

Automated, repeatable testing By using a tool you can automatically run a large collection of tests The testing code can be integrated into the actual code (side-effect: documentation) After debugging, the tests are rerun to check if failure is gone Whenever code is extended, all old test cases can be rerun to check that nothing is broken (regression testing) 25/70

Automated, repeatable testing (2) Supported by unit testing frameworks (also called test harness): e.g., xunit SUnit: SmallTalk JUnit: Java CppUnit: C++ One of the most common commercial frameworks: C++Test, Parasoft can be integrated with MDK-ARM 26/70

Philosophical interlude 27/70

Test engineers vs. developers In practice, often different people Various opinions on this... Discuss: who should write test cases? 28/70

Opinion 1 (Glenford J. Myers,...) Programmer should avoid testing his/her own program (misunderstanding of specs carry over to testing) A company developing programs should not test its own code Conflict of interest 29/70

Opinion 2 (Kent Beck, Erich Gamma,...) Test-driven development: Developers create tests before implementation Test cases are form of specification Re-run tests on all incremental changes 30/70

Why do we test? 31/70

Boris Beizer's levels of test process maturity Level 0 Level 1 Level 2 Level 3 Testing guru (don't miss his poems on software quality) Level 4 32/70

Level 0: testing = debugging Naïve starting point: debug software by writing test cases and manually observing the outcome No notion of correctness Does not help much to develop software that is reliable or safe 33/70

Level 1: show that software works Problem: correctness is (almost) impossible to achieve Danger: testers are subconsciously steered towards tests likely to not fail the program What do we know if no failures? good software? or bad tests? No strict goal, no real stopping rule, no formal testing technique 34/70

Level 2: show that software doesn't work Goal of testing is to find bugs Puts testers and developers into an adversarial relationship What if there are no failures? Practice in most software companies 35/70

Level 3: reduce risk Correct software is not achievable Evaluate potential risks incurred by software, minimise by writing software appropriately testing guided by risk analysis Testers + developers cooperate 36/70

Level 4: testing as mental discipline Learn from test outcomes to improve development process Quality management instead of just testing V&V guide overall development Compare with spell checker: purpose is not (only) to find mistakes, but to improve writing capabilities 37/70

End of philosophical interlude 38/70

Construction of test suites Black-box (specification-based) Derive test suites from external descriptions of the software, including specifications, requirements, design, and input space knowledge White-box (implementation-based) Derive test suites from the source code internals of the software, specifically including branches, individual conditions, and statements Many approaches in between (e.g., model-based) 39/70

Test suite construction is related to coverage criteria Tests are written with a particular goal in mind Exercise program code thoroughly (white-box); or Cover input space thoroughly (black-box) 40/70

Assessing quality of test suites: coverage criteria (used in various kinds of testing) 41/70

Common kinds of coverage criteria Control-flow graph coverage Logic coverage Structural coverage Input space partitioning Mutation coverage In embedded software, it is often required to demonstrate coverage E.g., DO-178B (avionics standard), level A requires some level of MC/DC coverage 42/70

Input Domain Modelling Input domain is set of all possible inputs to a program/function User input, function parameters Data read from files Usually domain is large or infinite, even for small programs Goal of testing is to choose finitely many inputs representing the complete input domain 43/70

Example: triangle classification Which test inputs would you choose for this program? typedef enum { Scalene, Isosceles, Equilateral, Invalid } TriType; TriType determinetype(int length1, int length2, int length3) { } (Wikipedia) 44/70

Input space partitioning Partition input domain into regions Values of each region are equivalent w.r.t. some characteristic Coverage criteria: has each region been covered by test cases? 45/70

Interface-based IDM Characteristics derived from signature, datatypes E.g., for integer inputs: interesting blocks are zero, positive, negative, maximum number, etc. 46/70

Functionality-based IDM Characteristics derived from intended program functionality E.g., different expected program outputs 47/70

Control-flow graphs (CFGs) int f(int a, int b){ int z = 0; while (a!= 0) { if (a % 2!= 0) { z = z + b; } a = a / 2; b = b * 2; } return z; } Graphical representation of code: Nodes are control-flow locations + statements Edges denote transitions + guards 48/70

Common notions in CFGs Execution Path: a path through a CFG that starts at the entry point and is either infinite or ends at one of the exit points Path condition: a path condition PC for an execution path p within a piece of code c is a condition that causes c to execute p if PC holds in the prestate of c Feasible execution path: path for which a satisfiable path condition exists Examples! 49/70

Statement coverage (SC) (a kind of CFG coverage) A test suite TS achieves SC if for every node n in the CFG there is at least one test in TS causing an execution path via n Often quantified: e.g., 80% SC Can SC always be achieved? 50/70

Branch coverage (BC) A test suite TS achieves BC if for every edge e in the CFG there is at least one test in TS causing an execution path via e. BC subsumes SC: if a test suite achieves BC, it also achieves SC (assumption: every node has an incoming edge) 51/70

Path coverage (PC) A test suite TS achieves PC if for every execution path ep of the CFG there is at least one test in TS causing ep PC subsumes BC PC cannot be achieved in practice number of paths is too large (for multiplication example, ) paths might be infeasible 52/70

Decision coverage (DC) (a kind of logic coverage) Decisions D(p) in a program p: set of maximum boolean expressions in p E.g., conditions of if, while, etc. But also other boolean expressions: A = (B && (x >= 0)); Precise definition is subject of many arguments: only consider decisions that program branches on? (B&&(x>=0) is a decision, B and (x>=0) are not) 53/70

Decision coverage (DC) (2) NB: multiple occurrences of the same expression are counted as different decisions! E.g. if (x >= 0) { } // if (x >= 0) { } Two decisions 54/70

Decision coverage (DC) For a given decision d, DC is satisfied by a test suite TS if it contains at least one test where d evaluates to false, and one where d evaluates to true (might be the same test) A test suite TS achieves DC for a program p if it achieves DC for every decision d in D(p) 55/70

DC example Consider decision ((a < b) D) && (m >= n * o) Inputs to achieve DC? TS achieves DC if it triggers executions a = 5, b = 10, D = true, m = 1, n = 1, o = 1 and a = 10, b = 5, D = false, m = 1, n = 1, o = 1 56/70

Condition coverage (CC) Conditions C(p) in a program p: set of atomic boolean expressions in p e.g., in the decision ((a < b) D) && (m >= n * o) the conditions are (a < b), D, and (m >= n * o) 57/70

Condition coverage (CC) (2) For a given condition c, CC is satisfied by a test suite TS if it contains at least one test where c evaluates to false, and one where c evaluates to true (might be the same test) A test suite TS achieves CC for a program p if it achieves CC for every condition c in C(p) 58/70

CC example Consider all the conditions in ((a < b) D) && (m >= n * o) Inputs to achieve CC? TS achieves CC if it triggers executions a = 5, b = 10, D = true, m = 1, n = 1, o = 1 and a = 10, b = 5, D = false, m = 1, n = 2, o = 2 59/70

Modified condition decision coverage (MC/DC) For a given condition c in decision d, MC/DC is satisfied by a test suite TS if it contains one test where c evaluates to false, one test where c evaluates to true, d evaluates differently in both, and the other conditions in d evaluate identically in both. For a given program p, MC/DC is satisfied by TS if it satisfies MC/DC for all c in C (p) 60/70

MC/DC example Consider the condition (a < b) in ((a < b) D) && (m >= n * o) TS achieves MC/DC if it triggers executions a = 5, b = 10, D = false, m = 1, n = 1, o = 1 and a = 10, b = 5, D = false, m = 8, n = 2, o = 3 61/70

Bottom line Value of any kind of structural/logic coverage is arguable But demonstration is often required 62/70

Further reading Introduction to Software Testing, Paul Ammann and Jeff Offutt; http://www.cs.gmu.edu/~offutt/softwaretest/ 63/70

System testing 64/70

Overview No longer consider software units, but system as a whole Again, many different variants: Stress testing Usability testing Performance testing 65/70

Testing embedded systems Embedded systems are reactive: need stream of test inputs Realistic environment needed: Either actual environment (latest stage of testing) Or a simulation of the environment (cheaper, faster) Important setups for embedded systems: hardware-in-the-loop, software-in-the-loop 66/70

Hardware-in-the-loop (HIL) Test inputs Sensor inputs Embedded system: software + actual micro-controller hardware Oracle to assess outputs Environment/plant simulation 67/70

Software-in-the-loop (SIL) Test inputs Sensor inputs Embedded system: software running in simulator Oracle to assess outputs Environment/plant simulation Compare with elevator lab! 68/70

HIL + SIL Not only test inputs, but also environment simulation has to be chosen by test engineer What if simulation is not realistic? Possible variations of environment can/should be included in simulation Often developed in high-level languages like Matlab/Simulink See Model-based... course 69/70

The End Questions? 70/70

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback