Functional Requirements-Based Automated Testing for Avionics

We propose and demonstrate a method for the reduction of testing effort in safety-critical software development using DO-178 guidance. We achieve this through the application of Bounded Model Checking (BMC) to formal low-level requirements, in order to generate tests automatically that are good enough to replace existing labor-intensive test writing procedures while maintaining independence from implementation artefacts. Given that existing manual processes are often empirical and subjective, we begin by formally defining a metric, which extends recognized best practice from code coverage analysis strategies to generate tests that adequately cover the requirements. We then formulate the automated test generation procedure and apply its prototype in case studies with industrial partners. In review, the method developed here is demonstrated to significantly reduce the human effort for the qualification of software products under DO-178 guidance

CTGEN - a Unit Test Generator for C

We present a new unit test generator for C code, CTGEN. It generates test data for C1 structural coverage and functional coverage based on pre-/post-condition specifications or internal assertions. The generator supports automated stub generation, and data to be returned by the stub to the unit under test (UUT) may be specified by means of constraints. The typical application field for CTGEN is embedded systems testing; therefore the tool can cope with the typical aliasing problems present in low-level C, including pointer arithmetics, structures and unions. CTGEN creates complete test procedures which are ready to be compiled and run against the UUT. In this paper we describe the main features of CTGEN, their technical realisation, and we elaborate on its performance in comparison to a list of competing test generation tools. Since 2011, CTGEN is used in industrial scale test campaigns for embedded systems code in the automotive domain.Comment: In Proceedings SSV 2012, arXiv:1211.587

Formal Verification and Validation of ERTMS Industrial Railway Train Spacing System

Abstract. Formal verification and validation is a fundamental step for the certifi-cation of railways critical systems. Many railways safety standards (e.g. the CEN-ELEC EN-50126, EN-50128 and EN-50129 standards implement the mandatory safety requirements of IEC-61508-7 standard for Functional and Safety) currently mandate the use of formal methods in the design to certify correctness. In this paper we describe an industrial application of formal methods for the ver-ification and validation of “Logica di Sicurezza ” (LDS), the safety logic of a railways ERTMS Level 2 system developed by Ansaldo-STS. LDS is a generic control software that needs to be instantiated on a railways network configuration. We developed a methodology for the verification and validation of a critical sub-set of LDS deployed on typical realistic railways network configurations. To show feasibility, effectiveness and scalability, we have experimented with several state of the art symbolic software model checking techniques and tools on different network configurations. From the experiments, we have successfully identified an effective strategy for the verification and validation of our case study. More-over, the results of experiments show that formal verification and validation is feasible and effective, and also scales reasonably well with the size of the config-uration. Given the results, Ansaldo-STS is currently integrating the methodology in its internal Development and Verification & Validation Flow.

Simulation combined model-based testing method for train control systems

A Train Control System (TCS) is utilised to guard the operational safety of the trains in railway systems. Therefore, functional testing is applied to verify consistency between the TCS and specification requirements. Traditional functional testing in TCSs is mainly based on manually designed test cases, which is becoming unsuitable for testing increasingly complex TCSs. Therefore, Model-Based Testing (MBT) methods have been introduced into TCS functional testing, to improve the efficiency and coverage of TCS testing, with application difficulties. To overcome the difficulties of applying MBT methods to test TCSs, the author introduces simulation combined MBT which combines an MBT method with simulation. Modelling method and implementation method for the proposed approach were explained in detail. Two case studies were undertaken to explore the effectiveness of the testing platform developed. The testing results obtained prove that the testing platform can be utilised to implement the functional testing of TCSs. To prove that the MBT platform is effective in detecting errors in the SUT, validation and verification was undertaken, which include validation of specification requirements and verification of the MBT platform. The testing performance is proven to be better than existing MBT methods in terms of coverage and efficiency