Search-based Software Testing Driven by Automatically Generated and Manually Defined Fitness Functions

Search-based software testing (SBST) typically relies on fitness functions to guide the search exploration toward software failures. There are two main techniques to define fitness functions: (a) automated fitness function computation from the specification of the system requirements and (b) manual fitness function design. Both techniques have advantages. The former uses information from the system requirements to guide the search toward portions of the input domain that are more likely to contain failures. The latter uses the engineers' domain knowledge. We propose ATheNA, a novel SBST framework that combines fitness functions that are automatically generated from requirements specifications and manually defined by engineers. We design and implement ATheNA-S, an instance of ATheNA that targets Simulink models. We evaluate ATheNA-S by considering a large set of models and requirements from different domains. We compare our solution with an SBST baseline tool that supports automatically generated fitness functions, and another one that supports manually defined fitness functions. Our results show that ATheNA-S generates more failure-revealing test cases than the baseline tools and that the difference between the performance of ATheNA-S and the baseline tools is not statistically significant. We also assess whether ATheNA-S could generate failure-revealing test cases when applied to a large case study from the automotive domain. Our results show that ATheNA-S successfully revealed a requirement violation in our case study

ADGS-2100 Adaptive Display and Guidance System Window Manager Analysis

Recent advances in modeling languages have made it feasible to formally specify and analyze the behavior of large system components. Synchronous data flow languages, such as Lustre, SCR, and RSML-e are particularly well suited to this task, and commercial versions of these tools such as SCADE and Simulink are growing in popularity among designers of safety critical systems, largely due to their ability to automatically generate code from the models. At the same time, advances in formal analysis tools have made it practical to formally verify important properties of these models to ensure that design defects are identified and corrected early in the lifecycle. This report describes how these tools have been applied to the ADGS-2100 Adaptive Display and Guidance Window Manager being developed by Rockwell Collins Inc. This work demonstrates how formal methods can be easily and cost-efficiently used to remove defects early in the design cycle

Code Generation for Safety-Critical Systems

International audienceThe number of safety-critical systems in vehicles is rapidly increasing. A few years ago, the failure of a computersystem in a vehicle would in the worst case mean the loss of a function, but in the systems of the future, the wrongreaction to a fault may be a safety hazard for the vehicle’s occupants and other road users

Pilot Evaluation of Model Based Design Tooling for Guidance, Navigation, and Control Flight Software Development

No abstract availabl

Systematic Model-based Design Assurance and Property-based Fault Injection for Safety Critical Digital Systems

With advances in sensing, wireless communications, computing, control, and automation technologies, we are witnessing the rapid uptake of Cyber-Physical Systems across many applications including connected vehicles, healthcare, energy, manufacturing, smart homes etc. Many of these applications are safety-critical in nature and they depend on the correct and safe execution of software and hardware that are intrinsically subject to faults. These faults can be design faults (Software Faults, Specification faults, etc.) or physically occurring faults (hardware failures, Single-event-upsets, etc.). Both types of faults must be addressed during the design and development of these critical systems. Several safety-critical industries have widely adopted Model-Based Engineering paradigms to manage the design assurance processes of these complex CPSs. This thesis studies the application of IEC 61508 compliant model-based design assurance methodology on a representative safety-critical digital architecture targeted for the Nuclear power generation facilities. The study presents detailed experiences and results to demonstrate the benefits of Model testing in finding design flaws and its relevance to subsequent verification steps in the workflow. Additionally, to study the impact of physical faults on the digital architecture we develop a novel property-based fault injection method that overcomes few deficiencies of traditional fault injection methods. The model-based fault injection approach presented here guarantees high efficiency and near-exhaustive input/state/fault space coverage, by utilizing formal model checking principles to identify fault activation conditions and prove the fault tolerance features. The fault injection framework facilitates automated integration of fault saboteurs throughout the model to enable exhaustive fault location coverage in the model

A Model-Based Reference Workflow for the Development of Safety-Critical Software

International audienceModel-based software development is increasingly being used to develop software for electronic control units (ECUs). The automatic conversion of models into program code for ECUs plays a major role in this because it ensures efficientimplementation, providing considerable savings potential and short development cycles. This paper introduces a model-based reference workflow for the development of safety-critical software conforming to relevant safety-standards such as IEC 61508 and ISO 26262. The reference workflow provides guidance for meeting the safety requirements to develop software up to and including SIL 3 and/or ASIL D. Furthermore the paper shows how such a reference workflow can help address the issue of software tool qualification

Application development process for GNAT, a SOC networked system

The market for smart devices was identified years ago, and yet commercial progress into this field has not made significant progress. The reason such devices are so painfully slow to market is that the gap between the technologically possible and the market capitalizable is too vast. In order for inventions to succeed commercially, they must bridge the gap to tomorrow\u27s technology with marketability today. This thesis demonstrates a design methodology that enables such commercial success for one variety of smart device, the Ambient Intelligence Node (AIN). Commercial Off-The Shelf (COTS) design tools allowing a Model-Driven Architecture (MDA) approach are combined via custom middleware to form an end-to-end design flow for rapid prototyping and commercialization. A walkthrough of this design methodology demonstrates its effectiveness in the creation of Global Network Academic Test (GNAT), a sample AIN. It is shown how designers are given the flexibility to incorporate IP Blocks available in the Global Economy to reduce Time-To-Market and cost. Finally, new kinds of products and solutions built on the higher levels of design abstraction permitted by MDA design methods are explored

Laiteohjaimien Structured Text -kielisten ohjelmien luonti käyttäen simulointityökaluja

Model-based design is a relatively new technique of developing software for embedded systems. It aims to reduce the cost of the software development process by generating the code from a simulation model. The code is generated automatically using a tool that is developed for this purpose. This way the errors in the system can be found and eliminated early in the development process compared to traditional software development project for embedded systems. As mentioned, the tools are at the time of this study still relatively new, and especially when considering code that has to comply with functional safety standards, the code has to fulfill certain requirements and it has to be clear enough so that it can be traced back to each function of the model. This study aims to determine how well these methods can be used with software development for embedded systems in mind. More precisely, this thesis focuses on MathWorks’ Simulink as the modelling software, and CODESYS as the coding language of the programmable logic controller and ultimately the compatibility of these with each other. The workflow of a model-based design software generation process is determined and presented as the result of this study. That process includes building, testing and verifying the model, preparing it for code generation, configuring and using the code generation tool and finally verifying the generated code. An example model of a battery cell balancing system for the code generation process is built, and thus that area is also studied. In the end of this study, some different possible uses of this technique are briefly discussed as well as further possible areas of study regarding this topic.Mallipohjainen ohjelmistosuunnittelu on melko uusi tekniikka sulautettujen järjestelmien ohjelmistosuunnittelussa. Sillä tähdätään pienempiin kehityskustannuksiin luomalla järjestelmien koodi suoraan simulointiin tehdystä systeemin mallista. Koodi luodaan hyödyntäen automatisoituja työkaluja, jotka ovat kehitetty tähän tarkoitukseen. Näin toimien mahdolliset kehitysvaiheessa tulevat virheet voidaan huomata ja poistaa paljolti jo hyvin aikaisessa vaiheessa kehitystyötä verrattuna perinteiseen sulautettujen järjestelmien ohjelmistokehitykseen. Kuten mainittu, tähän tarvittavat työkalut ovat tämän työn kirjoittamisen aikaan vielä melko uusia, ja erityisesti turvallisuuskriittistä koodia ajatellen koodin on täytettävä tietyt vaatimukset ja sen on oltava riittävän selkeää, jotta tietyt osat koodista voidaan jäljittää vastaaviin osiin mallista. Tämän työn tarkoituksena on selvittää, onko nämä menetelmät käyttökelpoisia sulautettujen järjestelmien ohjelmistokehitystä varten. Erityisesti tämä työ keskittyy MathWorks:n simulointiohjelmistoon Simulink, sekä ohjelmoitavan logiikan yhteydessä käytettyyn ohjelmointikieleen CODESYS sekä näiden yhteensopivuutta tätä prosessia ajatellen. Mallipohjaisen ohjelmistosuunnitteluprosessin suositeltu työnkulku mainittuja työkaluja hyödyntäen määritellään ja esitetään työn tuloksena. Tähän prosessiin kuuluu mallin rakentaminen, sen testaaminen ja toiminnallisuuden todentaminen, sen valmistelu koodin luontia varten, koodin luontiohjelmiston määritys ja käyttö sekä lopulta luodun koodin testaaminen ja toiminnallisuuden todentaminen. Esimerkkinä rakennetaan malli, joka tasapainottaa akkukennojen jännitteitä, jonka vuoksi myös tätä aihetta tutkitaan hieman. Työn lopussa käsitellään lyhyesti mahdollisia erilaisia tätä tekniikkaa hyödyntäviä sovelluksia sekä pohditaan millä tavoin tätä aihetta voisi tutkia edelleen

Experiences with the GENE-AUTO Code Generator in the Aerospace Industry

International audienceThis paper gives an overview of the most recent experimentations that Astrium and Airbus conducted with the GENE AUTO code generator during 2009. GENE-AUTO is an open source automatic and qualifiable C code generator taking as input Simulink ® /Stateflow ® and Scilab/Scicos models. It was developed in the context of an ITEA European project that ended in December 2008 (www.geneauto.org). The GENE-AUTO toolset is currently maintained by its developers and evaluated for industrial usage by several end-users. This paper presents the case studies that we used for evaluation purposes, explains the organisation between the users and technology providers with respect to the toolset maintenance and summarizes the experimentation results