61 research outputs found
CTGEN - a Unit Test Generator for C
We present a new unit test generator for C code, CTGEN. It generates test
data for C1 structural coverage and functional coverage based on
pre-/post-condition specifications or internal assertions. The generator
supports automated stub generation, and data to be returned by the stub to the
unit under test (UUT) may be specified by means of constraints. The typical
application field for CTGEN is embedded systems testing; therefore the tool can
cope with the typical aliasing problems present in low-level C, including
pointer arithmetics, structures and unions. CTGEN creates complete test
procedures which are ready to be compiled and run against the UUT. In this
paper we describe the main features of CTGEN, their technical realisation, and
we elaborate on its performance in comparison to a list of competing test
generation tools. Since 2011, CTGEN is used in industrial scale test campaigns
for embedded systems code in the automotive domain.Comment: In Proceedings SSV 2012, arXiv:1211.587
Security in Open Model Software with Hardware Virtualisation – The Railway Control System Perspective
Using the openETCS initiative as a starting point, we describe how open software can be applied in combination with platform-specific, potentially closed source extensions, in the development, verification, validation and certification of safety-critical railway control systems. We analyse the safety and security threats presented by this approach and discuss conventional operating system partitioning mechanisms, as well as virtualisation methods with respect to their potential to overcome these problems. Furthermore, we advocate a shift from open source to open models, in order to increase the development efficiency of combined open and proprietary solutions
Applied Bounded Model Checking for Interlocking System Designs
In this article the verification and validation of interlocking systems is investigated. Reviewing both geographical and route-related interlocking, the verification objectives can be structured from a perspective of computer science into (1) verification of static semantics, and (2) verification of behavioural (operational) semantics. The former checks that the plant model – that is, the software components reflecting the physical components of the interlocking system – has been set up in an adequate way. The latter investigates trains moving through the network, with the objective to uncover potential safety violations. From a formal methods perspective, these verification objectives can be approached by theorem proving, global, or bounded model checking. This article explains the techniques for application of bounded model checking techniques, and discusses their advantages in comparison to the alternative approaches
Probabilistic Risk Assessment of an Obstacle Detection System for GoA 4 Freight Trains
In this paper, a quantitative risk assessment approach is discussed for the
design of an obstacle detection function for low-speed freight trains with
grade of automation (GoA)~4. In this 5-step approach, starting with single
detection channels and ending with a three-out-of-three (3oo3) model
constructed of three independent dual-channel modules and a voter, a
probabilistic assessment is exemplified, using a combination of statistical
methods and parametric stochastic model checking. It is illustrated that, under
certain not unreasonable assumptions, the resulting hazard rate becomes
acceptable for specific application settings. The statistical approach for
assessing the residual risk of misclassifications in convolutional neural
networks and conventional image processing software suggests that high
confidence can be placed into the safety-critical obstacle detection function,
even though its implementation involves realistic machine learning
uncertainties
Complete Agent-driven Model-based System Testing for Autonomous Systems
In this position paper, a novel approach to testing complex autonomous
transportation systems (ATS) in the automotive, avionic, and railway domains is
described. It is intended to mitigate some of the most critical problems
regarding verification and validation (V&V) effort for ATS. V&V is known to
become infeasible for complex ATS, when using conventional methods only. The
approach advocated here uses complete testing methods on the module level,
because these establish formal proofs for the logical correctness of the
software. Having established logical correctness, system-level tests are
performed in simulated cloud environments and on the target system. To give
evidence that 'sufficiently many' system tests have been performed with the
target system, a formally justified coverage criterion is introduced. To
optimise the execution of very large system test suites, we advocate an online
testing approach where multiple tests are executed in parallel, and test steps
are identified on-the-fly. The coordination and optimisation of these
executions is achieved by an agent-based approach. Each aspect of the testing
approach advocated here is shown to either be consistent with existing
standards for development and V&V of safety-critical transportation systems, or
it is justified why it should become acceptable in future revisions of the
applicable standards.Comment: In Proceedings FMAS 2021, arXiv:2110.1152
- …