The Verification and Validation activity for a railway control system

Similar documents
Eurailspeed Parallel Session D.5. Luciano Pistone Director, Consorzio Saturno

In this Lecture you will Learn: Testing in Software Development Process. What is Software Testing. Static Testing vs.

Why testing and analysis. Software Testing. A framework for software testing. Outline. Software Qualities. Dependability Properties

Wayside Standard Platform

13th Florence Rail Forum: Cyber Security in Railways Systems. Immacolata Lamberti Andrea Pepato

Topic: Software Verification, Validation and Testing Software Engineering. Faculty of Computing Universiti Teknologi Malaysia

Lecture 15 Software Testing

Part 5. Verification and Validation

Modeling Requirements, Architectures, Behaviour...

Verification and Validation. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 1

1 Visible deviation from the specification or expected behavior for end-user is called: a) an error b) a fault c) a failure d) a defect e) a mistake

Chapter 11, Testing. Using UML, Patterns, and Java. Object-Oriented Software Engineering

iden Mo Talk Index Introductory information 2 1. General 2 2. Security guidelines 3

Learning outcomes. Systems Engineering. Debugging Process. Debugging Process. Review

The testing process. Component testing. System testing

Verification and Validation. Assuring that a software system meets a user s needs. Verification vs Validation. The V & V Process

CCU. Command Control Unit

Chapter 11, Testing, Part 2: Integration and System Testing

Automatic instantiation of abstract tests on specific configurations for large critical control systems

Software testing. Ian Sommerville 2006 Software Engineering, 8th edition. Chapter 23 Slide 1

F. Flammini, et al., Int. J. of Safety and Security Eng., Vol. 1, No. 1 (2011) Naples 80125, Italy.

ANZSCO Descriptions The following list contains example descriptions of ICT units and employment duties for each nominated occupation ANZSCO code. And

Software Testing. Software Testing. in the textbook. Chapter 8. Verification and Validation. Verification and Validation: Goals

Advanced Software Engineering: Software Testing

Verification and Validation

Wayside Train Separation ERTMS Wayside Radio Block Centre 2nd generation Overall Description

Ian Sommerville 2006 Software Engineering, 8th edition. Chapter 22 Slide 1

Verification and Validation. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 1

SE 2730 Final Review

Authorisation of placing in service in the context of new technologies

Computer Security Course. Midterm Review

Chap 2. Introduction to Software Testing

Assignment - 1. Why we need Test plan and what are the elements that it identifies?

Client-server application testing plan

Software Engineering (CSC 4350/6350) Rao Casturi

[IT6004-SOFTWARE TESTING] UNIT 2

Diploma in Software Testing 2.0 (HP)

Chapter 8 Software Testing. Chapter 8 Software testing

Objectives. Chapter 19. Verification vs. validation. Topics covered. Static and dynamic verification. The V&V process

CS 424 Software Quality Assurance & Testing LECTURE 3 BASIC CONCEPTS OF SOFTWARE TESTING - I

Assuring Standard Conformance of Partial Interfaces

Chapter 11, Testing, Part 2: Integration and System Testing

/CENELEC Phase 4/EIR/HL/Interface/Non-Functional Interface Requirements

Click ISO to edit Master title style Update on development of the standard

Software architecture in ASPICE and Even-André Karlsson

Software Testing. Massimo Felici IF

Software Testing. An Overview

Modelling Functionality of Train Control Systems using Petri Nets

Verification and Validation

340 Review Fall Midterm 1 Review

Advanced Validation Strategies for On-Board Satellite Software in the Galileo IOV Programme

Testing Objectives. Successful testing: discovers previously unknown errors

Chapter 6 Architectural Design. Lecture 1. Chapter 6 Architectural design

Software Development. Software Testing: Verification and Validation. Verification and Validation (V&V) Verification. Validation

Certified Automotive Software Tester Sample Exam Paper Syllabus Version 2.0

Three General Principles of QA. COMP 4004 Fall Notes Adapted from Dr. A. Williams

Improving Software Testability

Train control language teaching computers interlocking

Software Design Models, Tools & Processes. Lecture 6: Transition Phase Cecilia Mascolo

Formal Verification and Automatic Testing for Model-based Development in compliance with ISO 26262

V&V: Model-based testing

Examination Questions Time allowed: 1 hour 15 minutes

About us: Finmeccanica

Higher-order Testing. Stuart Anderson. Stuart Anderson Higher-order Testing c 2011

Software Engineering Fall 2015 (CSC 4350/6350) TR. 5:30 pm 7:15 pm. Rao Casturi 11/10/2015

Examining the Code. [Reading assignment: Chapter 6, pp ]

RAIL SIGNALLING SOLUTIONS

Industrial Embedded Systems - Design for Harsh Environment -

By V-cubed Solutions, Inc. Page1. All rights reserved by V-cubed Solutions, Inc.

A framework to evaluate 5G networks for smart and fail-safe communications

Certified Software Quality Engineer Preparation On Demand, Web-Based Course Offered by The Westfall Team

Chapter 11, Testing, Part 2: Integration and System Testing

Software Engineering Fall 2014

Overview. State-of-the-Art. Relative cost of error correction. CS 619 Introduction to OO Design and Development. Testing.

IECEE OPERATIONAL DOCUMENT

Govt. of Karnataka, Department of Technical Education Diploma in Information Science & Engineering. Sixth Semester

Applications & tools. Control of AS-i position switch with interlock per MSS 3RK3 SIRIUS MSS 3RK3. FAQ March Answers for industry.

17. Assertions. Outline. Built-in tests. Built-in tests 3/29/11. Jelle Slowack, Bart Smets, Glenn Van Loon, Tom Verheyen

Standard Glossary of Terms used in Software Testing. Version 3.2. Foundation Extension - Usability Terms

17. Assertions. Jelle Slowack, Bart Smets, Glenn Van Loon, Tom Verheyen

Fault-Injection testing and code coverage measurement using Virtual Prototypes on the context of the ISO standard

Diploma in Software Testing (DST)

Types of Software Testing: Different Testing Types with Details

Software Verification and Validation (VIMMD052) Introduction. Istvan Majzik Budapest University of Technology and Economics

Program Correctness and Efficiency. Chapter 2

ΗΜΥ 317 Τεχνολογία Υπολογισμού

Chapter 10. Testing and Quality Assurance

Dataworks Development, Inc. P.O. Box 174 Mountlake Terrace, WA (425) fax (425)

Test Design Techniques ISTQB (International Software Testing Qualifications Board)

The requirements engineering process

Formal modelling and verification in UPPAAL

Formal Modeling and Verification of Interlocking Systems Featuring Sequential Release

Issues in Testing Electronic Commerce Systems

Ingegneria del Software Corso di Laurea in Informatica per il Management

(From Glenford Myers: The Art of Software Testing)

It is primarily checking of the code and/or manually reviewing the code or document to find errors This type of testing can be used by the developer

Description of the certification procedure MS - ISO 9001, MS - ISO 14001, MS - ISO/TS and MS BS OHSAS 18001, MS - ISO 45001, MS - ISO 50001

Software Testing 2. OOD and Testability. White box vs Black box Testing. Software Testing 2 Semester 1, 2006

Component Design. Systems Engineering BSc Course. Budapest University of Technology and Economics Department of Measurement and Information Systems

FUNCTIONAL SAFETY CERTIFICATE

Transcription:

The Verification and Validation activity for a railway control system Davide Alagna, Alessandro Romei [alagna.davide@asf.ansaldo.it, romei.alessandro@asf.ansaldo.it] RAMS Department Geneva, 19 th September 2008

Summary 1. Ansaldo signalling systems Overview Safety Logic System Data 2. V&V activities Overview Code inspection Independent generation of System Data Typologies of tests 3. Conclusions Software Problem Report

1. Ansaldo signalling systems

1. Ansaldo signalling systems Overview Purpose of a signalling system Safe railway traffic requires a signalling system to assign and control the route support the driver s behaviour avoid collisions

1. Ansaldo signalling systems Overview Architecture of Ansaldo ACC interlocking ART1 server ART2 server Field devices Peripheral Posts ACC Central Interlocking Unit Signaller s desk

1. Ansaldo signalling systems Overview Architecture of Ansaldo Radio Block Centre Interlocking ART1 server ART2 server Train Communication Computer Adjacent RBCs RBC Central Interlocking Unit Operator s desk

1. Ansaldo signalling systems Overview Products and applications Generic Product: Hardware and Kernel Software (e.g. ACC, RBC) Generic Application: Signalling Safety Logic (e.g. Italy, UK, ERTMS) Specific Applications: Systems (e.g. NVC Milano-Bologna, ACC Roma Termini, RBC Torino-Novara)

1. Ansaldo signalling systems Overview CIU design guidelines Same product for different applications Strict separation between invariant and variant parts of the product Invariant: Hardware, Kernel Software Variant: Safety Logic, System Data Variant parts managed through databases, handled by a common software engine

1. Ansaldo signalling systems Overview CIU software architecture Safety Logic Hardware Kernel Software System Data

1. Ansaldo signalling systems Overview Safety Logic design Object-Oriented modelling of Safety Logic starting from safety requirements (principle schemes): Entities (classes) Attributes (classes specification) Linked Entities (relationships among classes) Entities state (classes members) Commands (classes methods)

1. Ansaldo signalling systems Overview Design example Requirement: a point machine shall not move if it is engaged by a train. Entities (classes): Point, Track_circuit Attributes (classes specification): - Linked entities (relationships among classes): Dead_track_circuit Entities state (classes members): Point.position, Track_circuit.state Commands (classes methods): Point.move()

1. Ansaldo signalling systems Overview Safety Logic implementation Safety Logic developed in a high-level proprietary language Conditional statements Assignments Exceptions No pointers No dynamic memory allocation Restricted use of error-prone statements Safety Logic compiled in a symbolic language ready to be interpreted by the Logic Handler Process Reflects the strict separation between invariant and variant parts of the product All objects and their relationships are statically instantiated, therefore they can be analyzed offline

1. Ansaldo signalling systems Overview From Safety Logic to System Data Requirements, design and implementation of Safety Logic are abstract (generic application) Systems are configured (specific applications) Databases to be instantiated for: entities attributes linked entities

1. Ansaldo signalling systems Overview Configuration example Entities: PT.01, PT.03, TC.110, TC.111, Attributes: PT.01 is Oleodynamic, PT.07 is Electromechanic Linked entities: PT.01 TC.161,

2. V&V activities

2. V&V activities Overview V&V activities Generic Product: Hardware testing Kernel Software testing Generic and Specific Application: Code inspection of Safety Logic code Coverage analysis Independent generation of System Data Automatic and manual testing in simulated environment Field testing on target system

2. V&V activities Code inspection Code inspection Automatic analysis provides: Context diagrams Used vs not used variables Used vs not used attributes and linked entities Manual analysis focuses on: UML modelling of safety logic code Check lists for good programming style Functional analysis, search for critical complex scenarios Tools under development for: Automatic UML modelling of safety logic code through its translation in C++ or Java, thus allowing off-the-shelf environments to be positively used

2. V&V activities Code inspection Coverage analysis Performed after the completion of automatic and manual test sets Focuses on either Code or Data Automatic analysis provides: Coverage statistics Reports and databases Manual analysis focuses on: Non covered branches, attributes and linked entities Feedback to test specifications

2. V&V activities Code inspection Tools for Coverage analysis Entities Commands Safety Logic code Statistics

2. V&V activities Independent generation of System Data Independent generation of System Data Aims at verifying the correctness and completeness of System Data Independent generation of: entities attributes linked entities according to the design model of Safety Logic Comparison with System Data produced by the Development Team Evaluation of differences

2. V&V activities Independent generation of System Data Independent generation of System Data Design model of Safety Logic Scheme Scheme CT SP Configuration Rules (Development) Ansaldo Proprietary Query Processor System Data = Configuration Rules (V&V) Query Processor Off-the-shelf (Microsoft Access) System Data

2. V&V activities Typologies of tests Typologies of tests Functional tests: all functional requirements are correctly implemented by Safety Logic code Scope: generic application Configuration tests: all System Data required by the Safety Logic are correctly configured, and no spurious data are present Scope: specific application Stress tests: critical functions of the system are stressed introducing a set of random inputs Scope: both generic and specific application (in particular RBC)

2. V&V activities Typologies of tests Functional tests A Test Case is specified for each Safety Logic requirement, according to a black-box approach Abstract Test Scripts are implemented Level of abstraction classes of equivalence Test Scripts are executed in a fully or partially simulated environment Both positive and negative results are analysed, leading to Code Coverage Analysis

2. V&V activities Typologies of tests Configuration tests A Test Case can be defined: for each attribute and for each linked entity, according to a white-box approach based on the Safety Logic design model for each relationship among data, according to a blackbox approach based on System Data requirements Abstract Test Scripts are implemented Level of abstraction entity Test Scripts are executed in a fully or partially simulated environment Both positive and negative results are analysed, leading to Data Coverage Analysis

2. V&V activities Typologies of tests Stress tests Identification of a set of critical functions with references both to safety and complexity issues System stressed with a set of random inputs System behaviour analysed searching for: compliance with pre-defined properties of state variables unforeseen evolutions of state variables based on Chronological Events Recording (RCE) Suitable for reactive systems such as RBC

2. V&V activities Typologies of tests Testing approach and development The white-box approach requires a detailed knowledge of the Safety Logic Applied to Italian ACC interlocking The black-box approach is independent from the system implementation Applied to projects developed incrementally, such as UK ACC interlocking and RBC Tools under development for: Specifying black-box test cases with UML class and sequence diagrams Automatic generations of test scripts from UML model

2. V&V activities Typologies of tests Simulated Testing Environment (ACC) ART1 ART2 Station Simulator Peripheral Posts Posts Simulator CIU Simulator CIU Signaller Tester

2. V&V activities Typologies of tests Simulated Testing Environment (RBC) Interlocking IXL Simulator ART1 ART2 Train Train Simulator Communication Protocol stack computer Adjacent RBCs RBC Simulator CIU CIU Simulator Operator Tester

2. V&V activities Typologies of tests Field testing on target system Functional tests which cannot be completed in a simulated environment, e.g. Integration with adjacent systems Interfacing with target field devices Diagnostic issues and fault tolerance Tests on the correct set-up of field devices (track circuits, point machines, signal heads) and peripheral posts Tests with real trains

3. Conclusions

3. Conclusions Software Problem Report Management of non-compliances Production of Software Problem Reports (SPR) Causes Safety issues Impacts Problem Resolution by the Development Team New V&V cycle Evaluation of the impact of changes Regression tests SPR closure (if possible) New SPR production (if any)

Thank you for your kind attention

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback