Lecture Building reliable component-based systems - Chapter 14: Testing reusable software components in safety-critical real-time systems

Chapter 14 - Testing reusable software components in safety-critical real-time systems. In this chapter, the following content will be discussed: Introduction; reuse and exhaustive testing; reuse and statistical evidence; component reuse, statistical evidence and failure behavior.

Trang 1

Building Reliable Componentbased Systems

Chapter 14 Testing Reusable Software Components in SafetyCritical RealTime Systems

Chapter 14 Testing Reusable Software Components

in Safety-Critical Real-Time Systems

Trang 2

Overview

Introduction

Reuse and Exhaustive Testing

Reuse and Statistical Evidence

Component Reuse, Statistical Evidence and Failure

Behavior

Trang 3

Introduction

How dynamic verification of real-time software relates to

component reuse in safety-critical real-time systems

Re-testing cannot be eliminated in general

Ariane 5 Therac 25

Contract

Pre-conditions Post-conditions Invariants

Trang 4

Reuse and Exhaustive Testing

Provide evidence based on the component’s:

Contracts, Experience accumulated, That a component can be reused immediately, That only parts can be reused or that it cannot be reused

Trang 5

First Use

Dual band

1 0

10G P

345…640

Necessary tests

0…1027

G…P

Trang 6

-45…723

-27…-1 A…P

Trang 7

Overlapping Input Domain

Dual

1 3 9 B N

-95…700

-3…913

B…N

Trang 8

Pre- and Post-conditions

Telephone A

0 1027 G P

345 640

Pre-condition ( (0 input1 1027) && (”G” input2 ”P”) ) // pre-condition

statement 1;

statement n;

Post-condition(345 output 640 ) // post-condition

A component with Pre- and Post-conditions

Trang 9

Updated Pre- and Post-conditions

Telephone B

-17 778 A F

Post-condition (45 < output < 640 ) // post-condition

A new environment would violate the pre- and post-conditions unless they are updated

Trang 10

Reliability and Confidence for a Input Domain

R(c)

C(c)

I(c)

A graph representing the reliability and the confidence

for a input domain

Trang 11

Lower Reliability Requirements

Trang 12

Reaching Desired Reliability

Trang 13

Previously Experienced Reliability

R(c)

C(c)

I(c)

Previously experienced reliability cannot be utilized if

input domains are outside historical use of the component

Trang 14

Component Reuse, Statistical Evidence and Failure Behavior

Trang 15

Byzantine and Arbitrary Failures

This failure mode is characterized by a non-assumption:

Meaning that there is absolutely no restriction with respect to which effects the component user may perceive

The failure mode has therefore been called malicious or fail-uncontrolled

This failure mode includes two-faced behavior: a component can output “X is true” to one component user, and “X is false” to another component user.

Trang 16

Sequential Failure Behavior

Trang 17

Sequential Failure Behavior

Trang 18

The confidence in the measured reliability is decreased

when new failure behaviors can develop

Trang 19

Timing Failure Behavior

This failure mode yields a correct result (value),

although the procurement of the result is time-wise

incorrect

For example, deadline violations, start of task too early, incorrect period time, too much jitter, too many

interrupts

Trang 20

Deadline Requirements

If we reuse a component with only a deadline

requirement in a new environment in which the

execution time is shorter, the component can be reused

without re-testing

Trang 21

Trang 22

Response Time

R(c)

C(c)

Response time

The response time for the reused component

is within the tolerance

Định dạng
Số trang	22
Dung lượng	676,99 KB